Update generated policy and doc files2.20190201-r1

Signed-off-by: Jason Zaman <jason@perfinion.com>

4 files changed, 53924 insertions, 20071 deletions

diff --git a/doc/global_tunables.xml b/doc/global_tunables.xml
index c026deaf7..9049a3cd5 100644
--- a/doc/global_tunables.xml
+++ b/doc/global_tunables.xml
@@ -106,3 +106,11 @@ and may change other protocols.
 </p>
 </desc>
 </tunable>
+<tunable name="user_udp_server" dftval="false">
+<desc>
+<p>
+Allow users to run UDP servers (bind to ports and accept connection from
+the same domain and outside users)
+</p>
+</desc>
+</tunable>
diff --git a/doc/policy.xml b/doc/policy.xml
index de5f201bc..ad2a05a02 100644
--- a/doc/policy.xml
+++ b/doc/policy.xml
@@ -5,11 +5,12 @@
 <summary>
 	Policy modules for administrative functions, such as package management.
 </summary>
-<module name="bootloader" filename="policy/modules/admin/bootloader.if">
-<summary>Policy for the kernel modules, kernel image, and bootloader.</summary>
-<interface name="bootloader_domtrans" lineno="13">
+<module name="acct" filename="policy/modules/admin/acct.if">
+<summary>Berkeley process accounting.</summary>
+<interface name="acct_domtrans" lineno="14">
 <summary>
-Execute bootloader in the bootloader domain.
+Transition to the accounting
+management domain.
 </summary>
 <param name="domain">
 <summary>
@@ -17,26 +18,21 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="bootloader_run" lineno="39">
+<interface name="acct_exec" lineno="34">
 <summary>
-Execute bootloader interactively and do
-a domain transition to the bootloader domain.
+Execute accounting management tools
+in the caller domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
-</summary>
-</param>
-<param name="role">
-<summary>
-Role allowed access.
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="bootloader_read_config" lineno="58">
+<interface name="acct_exec_data" lineno="54">
 <summary>
-Read the bootloader configuration file.
+Execute accounting management data
+in the caller domain.
 </summary>
 <param name="domain">
 <summary>
@@ -44,48 +40,40 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="bootloader_rw_config" lineno="78">
+<interface name="acct_manage_data" lineno="74">
 <summary>
-Read and write the bootloader
-configuration file.
+Create, read, write, and delete
+process accounting data.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="bootloader_rw_tmp_files" lineno="97">
+<interface name="acct_admin" lineno="101">
 <summary>
-Read and write the bootloader
-temporary data in /tmp.
+All of the rules required to
+administrate an acct environment.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-</interface>
-<interface name="bootloader_create_runtime_file" lineno="117">
-<summary>
-Read and write the bootloader
-temporary data in /tmp.
-</summary>
-<param name="domain">
+<param name="role">
 <summary>
-Domain allowed access.
+Role allowed access.
 </summary>
 </param>
+<rolecap/>
 </interface>
 </module>
-<module name="consoletype" filename="policy/modules/admin/consoletype.if">
-<summary>
-Determine of the console connected to the controlling terminal.
-</summary>
-<interface name="consoletype_domtrans" lineno="15">
+<module name="aide" filename="policy/modules/admin/aide.if">
+<summary>Aide filesystem integrity checker.</summary>
+<interface name="aide_domtrans" lineno="13">
 <summary>
-Execute consoletype in the consoletype domain.
+Execute aide in the aide domain.
 </summary>
 <param name="domain">
 <summary>
@@ -93,10 +81,11 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="consoletype_run" lineno="44">
+<interface name="aide_run" lineno="39">
 <summary>
-Execute consoletype in the consoletype domain, and
-allow the specified role the consoletype domain.
+Execute aide programs in the AIDE
+domain and allow the specified role
+the AIDE domain.
 </summary>
 <param name="domain">
 <summary>
@@ -109,47 +98,38 @@ Role allowed access.
 </summary>
 </param>
 </interface>
-<interface name="consoletype_exec" lineno="64">
+<interface name="aide_admin" lineno="65">
 <summary>
-Execute consoletype in the caller domain.
+All of the rules required to
+administrate an aide environment.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
-</interface>
-</module>
-<module name="dmesg" filename="policy/modules/admin/dmesg.if">
-<summary>Policy for dmesg.</summary>
-<interface name="dmesg_domtrans" lineno="13">
-<summary>
-Execute dmesg in the dmesg domain.
-</summary>
-<param name="domain">
-<summary>
-Domain allowed to transition.
-</summary>
-</param>
-</interface>
-<interface name="dmesg_exec" lineno="33">
-<summary>
-Execute dmesg in the caller domain.
-</summary>
-<param name="domain">
+<param name="role">
 <summary>
-Domain allowed access.
+Role allowed access.
 </summary>
 </param>
 <rolecap/>
 </interface>
+<tunable name="aide_mmap_files" dftval="false">
+<desc>
+<p>
+Control if AIDE can mmap files.
+AIDE can be compiled with the option 'with-mmap' in which case it will
+attempt to mmap files while running.
+</p>
+</desc>
+</tunable>
 </module>
-<module name="netutils" filename="policy/modules/admin/netutils.if">
-<summary>Network analysis utilities</summary>
-<interface name="netutils_domtrans" lineno="13">
+<module name="alsa" filename="policy/modules/admin/alsa.if">
+<summary>Advanced Linux Sound Architecture utilities.</summary>
+<interface name="alsa_domtrans" lineno="13">
 <summary>
-Execute network utilities in the netutils domain.
+Execute a domain transition to run Alsa.
 </summary>
 <param name="domain">
 <summary>
@@ -157,10 +137,11 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="netutils_run" lineno="39">
+<interface name="alsa_run" lineno="39">
 <summary>
-Execute network utilities in the netutils domain, and
-allow the specified role the netutils domain.
+Execute a domain transition to run
+Alsa, and allow the specified role
+the Alsa domain.
 </summary>
 <param name="domain">
 <summary>
@@ -172,11 +153,10 @@ Domain allowed to transition.
 Role allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="netutils_exec" lineno="58">
+<interface name="alsa_rw_semaphores" lineno="58">
 <summary>
-Execute network utilities in the caller domain.
+Read and write Alsa semaphores.
 </summary>
 <param name="domain">
 <summary>
@@ -184,9 +164,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="netutils_signal" lineno="77">
+<interface name="alsa_rw_shared_mem" lineno="76">
 <summary>
-Send generic signals to network utilities.
+Read and write Alsa shared memory.
 </summary>
 <param name="domain">
 <summary>
@@ -194,19 +174,19 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="netutils_domtrans_ping" lineno="95">
+<interface name="alsa_read_config" lineno="94">
 <summary>
-Execute ping in the ping domain.
+Read Alsa configuration content.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="netutils_kill_ping" lineno="114">
+<interface name="alsa_manage_config" lineno="115">
 <summary>
-Send a kill (SIGKILL) signal to ping.
+Manage Alsa config files.
 </summary>
 <param name="domain">
 <summary>
@@ -214,9 +194,10 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="netutils_signal_ping" lineno="132">
+<interface name="alsa_manage_home_files" lineno="137">
 <summary>
-Send generic signals to ping.
+Create, read, write, and delete
+alsa home files.
 </summary>
 <param name="domain">
 <summary>
@@ -224,43 +205,51 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="netutils_run_ping" lineno="157">
+<interface name="alsa_read_home_files" lineno="156">
 <summary>
-Execute ping in the ping domain, and
-allow the specified role the ping domain.
+Read Alsa home files.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="alsa_relabel_home_files" lineno="175">
 <summary>
-Role allowed access.
+Relabel alsa home files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="netutils_run_ping_cond" lineno="183">
+<interface name="alsa_home_filetrans_alsa_home" lineno="206">
 <summary>
-Conditionally execute ping in the ping domain, and
-allow the specified role the ping domain.
+Create objects in user home
+directories with the generic alsa
+home type.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<param name="object_class">
 <summary>
-Role allowed access.
+Class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="netutils_exec_ping" lineno="206">
+<interface name="alsa_read_lib" lineno="224">
 <summary>
-Execute ping in the caller domain.
+Read Alsa lib files.
 </summary>
 <param name="domain">
 <summary>
@@ -268,37 +257,50 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="netutils_domtrans_traceroute" lineno="225">
+<interface name="alsa_write_lib" lineno="248">
 <summary>
-Execute traceroute in the traceroute domain.
+Write Alsa lib files.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="netutils_run_traceroute" lineno="251">
+<interface name="alsa_domain" lineno="282">
 <summary>
-Execute traceroute in the traceroute domain, and
-allow the specified role the traceroute domain.
+Mark the selected domain as an alsa-capable domain
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain that links with alsa
 </summary>
 </param>
-<param name="role">
+<param name="tmpfstype">
 <summary>
-Role allowed access.
+Tmpfs type used for shared memory of the given domain
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="netutils_run_traceroute_cond" lineno="277">
+</module>
+<module name="amanda" filename="policy/modules/admin/amanda.if">
+<summary>Advanced Maryland Automatic Network Disk Archiver.</summary>
+<interface name="amanda_domtrans_recover" lineno="14">
 <summary>
-Conditionally execute traceroute in the traceroute domain, and
-allow the specified role the traceroute domain.
+Execute a domain transition to run
+Amanda recover.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="amanda_run_recover" lineno="41">
+<summary>
+Execute a domain transition to run
+Amanda recover, and allow the specified
+role the Amanda recover domain.
 </summary>
 <param name="domain">
 <summary>
@@ -312,9 +314,9 @@ Role allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="netutils_exec_traceroute" lineno="300">
+<interface name="amanda_search_lib" lineno="60">
 <summary>
-Execute traceroute in the caller domain.
+Search Amanda library directories.
 </summary>
 <param name="domain">
 <summary>
@@ -322,68 +324,49 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<tunable name="user_ping" dftval="false">
-<desc>
-<p>
-Control users use of ping and traceroute
-</p>
-</desc>
-</tunable>
-</module>
-<module name="su" filename="policy/modules/admin/su.if">
-<summary>Run shells with substitute user and group</summary>
-<template name="su_restricted_domain_template" lineno="31">
+<interface name="amanda_dontaudit_read_dumpdates" lineno="79">
 <summary>
-Restricted su domain template.
+Do not audit attempts to read /etc/dumpdates.
 </summary>
-<desc>
-<p>
-This template creates a derived domain which is allowed
-to change the linux user id, to run shells as a different
-user.
-</p>
-</desc>
-<param name="userdomain_prefix">
+<param name="domain">
 <summary>
-The prefix of the user domain (e.g., user
-is the prefix for user_t).
+Domain to not audit.
 </summary>
 </param>
-<param name="user_domain">
+</interface>
+<interface name="amanda_rw_dumpdates_files" lineno="97">
 <summary>
-The type of the user domain.
+Read and write /etc/dumpdates.
 </summary>
-</param>
-<param name="user_role">
+<param name="domain">
 <summary>
-The role associated with the user domain.
+Domain allowed access.
 </summary>
 </param>
-</template>
-<template name="su_role_template" lineno="162">
+</interface>
+<interface name="amanda_manage_lib" lineno="116">
 <summary>
-The role template for the su module.
+Manage Amanda library directories.
 </summary>
-<param name="role_prefix">
+<param name="domain">
 <summary>
-The prefix of the user role (e.g., user
-is the prefix for user_r).
+Domain allowed access.
 </summary>
 </param>
-<param name="user_role">
+</interface>
+<interface name="amanda_append_log_files" lineno="135">
 <summary>
-The role associated with the user domain.
+Read and append amanda log files.
 </summary>
-</param>
-<param name="user_domain">
+<param name="domain">
 <summary>
-The type of the user domain.
+Domain allowed access.
 </summary>
 </param>
-</template>
-<interface name="su_exec" lineno="328">
+</interface>
+<interface name="amanda_search_var_lib" lineno="154">
 <summary>
-Execute su in the caller domain.
+Search Amanda var library directories.
 </summary>
 <param name="domain">
 <summary>
@@ -392,52 +375,61 @@ Domain allowed access.
 </param>
 </interface>
 </module>
-<module name="sudo" filename="policy/modules/admin/sudo.if">
-<summary>Execute a command with a substitute user</summary>
-<template name="sudo_role_template" lineno="31">
+<module name="amtu" filename="policy/modules/admin/amtu.if">
+<summary>Abstract Machine Test Utility.</summary>
+<interface name="amtu_domtrans" lineno="13">
 <summary>
-The role template for the sudo module.
+Execute a domain transition to run Amtu.
 </summary>
-<desc>
-<p>
-This template creates a derived domain which is allowed
-to change the linux user id, to run commands as a different
-user.
-</p>
-</desc>
-<param name="role_prefix">
+<param name="domain">
 <summary>
-The prefix of the user role (e.g., user
-is the prefix for user_r).
+Domain allowed to transition.
 </summary>
 </param>
-<param name="user_role">
+</interface>
+<interface name="amtu_run" lineno="39">
 <summary>
-The user role.
+Execute a domain transition to run
+Amtu, and allow the specified role
+the Amtu domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
 </summary>
 </param>
-<param name="user_domain">
+<param name="role">
 <summary>
-The user domain associated with the role.
+Role allowed access.
 </summary>
 </param>
-</template>
-<interface name="sudo_sigchld" lineno="174">
+</interface>
+<interface name="amtu_admin" lineno="65">
 <summary>
-Send a SIGCHLD signal to the sudo domain.
+All of the rules required to
+administrate an amtu environment.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
 </interface>
 </module>
-<module name="usermanage" filename="policy/modules/admin/usermanage.if">
-<summary>Policy for managing user accounts.</summary>
-<interface name="usermanage_domtrans_chfn" lineno="13">
+<module name="anaconda" filename="policy/modules/admin/anaconda.if">
+<summary>Anaconda installer.</summary>
+</module>
+<module name="apt" filename="policy/modules/admin/apt.if">
+<summary>Advanced package tool.</summary>
+<interface name="apt_domtrans" lineno="13">
 <summary>
-Execute chfn in the chfn domain.
+Execute apt programs in the apt domain.
 </summary>
 <param name="domain">
 <summary>
@@ -445,10 +437,19 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="usermanage_run_chfn" lineno="42">
+<interface name="apt_exec" lineno="32">
 <summary>
-Execute chfn in the chfn domain, and
-allow the specified role the chfn domain.
+Execute the apt in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apt_run" lineno="57">
+<summary>
+Execute apt programs in the apt domain.
 </summary>
 <param name="domain">
 <summary>
@@ -460,47 +461,42 @@ Domain allowed to transition.
 Role allowed access.
 </summary>
 </param>
+<rolecap/>
 </interface>
-<interface name="usermanage_domtrans_groupadd" lineno="61">
+<interface name="apt_use_fds" lineno="76">
 <summary>
-Execute groupadd in the groupadd domain.
+Use apt file descriptors.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="usermanage_run_groupadd" lineno="91">
+<interface name="apt_dontaudit_use_fds" lineno="95">
 <summary>
-Execute groupadd in the groupadd domain, and
-allow the specified role the groupadd domain.
+Do not audit attempts to use
+apt file descriptors.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
-</summary>
-</param>
-<param name="role">
-<summary>
-Role allowed access.
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="usermanage_domtrans_passwd" lineno="110">
+<interface name="apt_read_pipes" lineno="113">
 <summary>
-Execute passwd in the passwd domain.
+Read apt unnamed pipes.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="usermanage_kill_passwd" lineno="133">
+<interface name="apt_rw_pipes" lineno="131">
 <summary>
-Send sigkills to passwd.
+Read and write apt unnamed pipes.
 </summary>
 <param name="domain">
 <summary>
@@ -508,54 +504,62 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="usermanage_run_passwd" lineno="157">
+<interface name="apt_use_ptys" lineno="149">
 <summary>
-Execute passwd in the passwd domain, and
-allow the specified role the passwd domain.
+Read and write apt ptys.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="apt_read_cache" lineno="167">
 <summary>
-Role allowed access.
+Read apt package cache content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="usermanage_domtrans_admin_passwd" lineno="177">
+<interface name="apt_manage_cache" lineno="187">
 <summary>
-Execute password admin functions in
-the admin passwd domain.
+Create, read, write, and delete apt package cache content.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="usermanage_run_admin_passwd" lineno="204">
+<interface name="apt_read_db" lineno="207">
 <summary>
-Execute passwd admin functions in the admin
-passwd domain, and allow the specified role
-the admin passwd domain.
+Read apt package database content.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="apt_manage_db" lineno="229">
 <summary>
-Role allowed access.
+Create, read, write, and delete
+apt package database content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="usermanage_dontaudit_use_useradd_fds" lineno="223">
+<interface name="apt_dontaudit_manage_db" lineno="251">
 <summary>
-Do not audit attempts to use useradd fds.
+Do not audit attempts to create,
+read, write, and delete apt
+package database content.
 </summary>
 <param name="domain">
 <summary>
@@ -563,9 +567,12 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="usermanage_domtrans_useradd" lineno="241">
+</module>
+<module name="backup" filename="policy/modules/admin/backup.if">
+<summary>System backup scripts.</summary>
+<interface name="backup_domtrans" lineno="13">
 <summary>
-Execute useradd in the useradd domain.
+Execute backup in the backup domain.
 </summary>
 <param name="domain">
 <summary>
@@ -573,10 +580,11 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="usermanage_run_useradd" lineno="271">
+<interface name="backup_run" lineno="40">
 <summary>
-Execute useradd in the useradd domain, and
-allow the specified role the useradd domain.
+Execute backup in the backup
+domain, and allow the specified
+role the backup domain.
 </summary>
 <param name="domain">
 <summary>
@@ -590,9 +598,10 @@ Role allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="usermanage_read_crack_db" lineno="290">
+<interface name="backup_manage_store_files" lineno="60">
 <summary>
-Read the crack database.
+Create, read, and write backup
+store files.
 </summary>
 <param name="domain">
 <summary>
@@ -601,14 +610,12 @@ Domain allowed access.
 </param>
 </interface>
 </module>
-</layer>
-<layer name="apps">
-<summary>Policy modules for applications</summary>
-<module name="seunshare" filename="policy/modules/apps/seunshare.if">
-<summary>Filesystem namespacing/polyinstantiation application.</summary>
-<interface name="seunshare_domtrans" lineno="13">
+<module name="bacula" filename="policy/modules/admin/bacula.if">
+<summary>Cross platform network backup.</summary>
+<interface name="bacula_domtrans_admin" lineno="14">
 <summary>
-Execute a domain transition to run seunshare.
+Execute bacula admin bacula
+admin domain.
 </summary>
 <param name="domain">
 <summary>
@@ -616,10 +623,11 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="seunshare_run" lineno="37">
+<interface name="bacula_run_admin" lineno="41">
 <summary>
-Execute seunshare in the seunshare domain, and
-allow the specified role the seunshare domain.
+Execute user interfaces in the
+bacula admin domain, and allow the
+specified role the bacula admin domain.
 </summary>
 <param name="domain">
 <summary>
@@ -631,31 +639,31 @@ Domain allowed to transition.
 Role allowed access.
 </summary>
 </param>
+<rolecap/>
 </interface>
-<interface name="seunshare_role" lineno="69">
+<interface name="bacula_admin" lineno="67">
 <summary>
-Role access for seunshare
+All of the rules required to
+administrate an bacula environment.
 </summary>
-<param name="role">
+<param name="domain">
 <summary>
-Role allowed access.
+Domain allowed access.
 </summary>
 </param>
-<param name="domain">
+<param name="role">
 <summary>
-User domain for the role.
+Role allowed access.
 </summary>
 </param>
+<rolecap/>
 </interface>
 </module>
-</layer>
-<layer name="contrib">
-<summary>Contributed Reference Policy modules.</summary>
-<module name="abrt" filename="policy/modules/contrib/abrt.if">
-<summary>ABRT - automated bug-reporting tool</summary>
-<interface name="abrt_domtrans" lineno="13">
+<module name="bcfg2" filename="policy/modules/admin/bcfg2.if">
+<summary>configuration management suite.</summary>
+<interface name="bcfg2_domtrans" lineno="13">
 <summary>
-Execute abrt in the abrt domain.
+Execute bcfg2 in the bcfg2 domain.
 </summary>
 <param name="domain">
 <summary>
@@ -663,19 +671,19 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="abrt_exec" lineno="32">
+<interface name="bcfg2_initrc_domtrans" lineno="32">
 <summary>
-Execute abrt in the caller domain.
+Execute bcfg2 server in the bcfg2 domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="abrt_signull" lineno="51">
+<interface name="bcfg2_search_lib" lineno="50">
 <summary>
-Send a null signal to abrt.
+Search bcfg2 lib directories.
 </summary>
 <param name="domain">
 <summary>
@@ -683,9 +691,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="abrt_read_state" lineno="69">
+<interface name="bcfg2_read_lib_files" lineno="69">
 <summary>
-Allow the domain to read abrt state files in /proc.
+Read bcfg2 lib files.
 </summary>
 <param name="domain">
 <summary>
@@ -693,9 +701,10 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="abrt_stream_connect" lineno="87">
+<interface name="bcfg2_manage_lib_files" lineno="89">
 <summary>
-Connect to abrt over an unix stream socket.
+Create, read, write, and delete
+bcfg2 lib files.
 </summary>
 <param name="domain">
 <summary>
@@ -703,10 +712,10 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="abrt_dbus_chat" lineno="107">
+<interface name="bcfg2_manage_lib_dirs" lineno="109">
 <summary>
-Send and receive messages from
-abrt over dbus.
+Create, read, write, and delete
+bcfg2 lib directories.
 </summary>
 <param name="domain">
 <summary>
@@ -714,37 +723,40 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="abrt_domtrans_helper" lineno="127">
+<interface name="bcfg2_admin" lineno="135">
 <summary>
-Execute abrt-helper in the abrt-helper domain.
+All of the rules required to
+administrate an bcfg2 environment.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
 </interface>
-<interface name="abrt_run_helper" lineno="152">
+</module>
+<module name="blueman" filename="policy/modules/admin/blueman.if">
+<summary>Tool to manage Bluetooth devices.</summary>
+<interface name="blueman_domtrans" lineno="13">
 <summary>
-Execute abrt helper in the abrt_helper domain, and
-allow the specified role the abrt_helper domain.
+Execute blueman in the blueman domain.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed to transition.
 </summary>
 </param>
-<param name="role">
-<summary>
-Role allowed access.
-</summary>
-</param>
-<rolecap/>
 </interface>
-<interface name="abrt_cache_manage" lineno="172">
+<interface name="blueman_dbus_chat" lineno="33">
 <summary>
 Send and receive messages from
-abrt over dbus.
+blueman over dbus.
 </summary>
 <param name="domain">
 <summary>
@@ -752,9 +764,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="abrt_read_config" lineno="190">
+<interface name="blueman_search_lib" lineno="53">
 <summary>
-Read abrt configuration file.
+Search blueman lib directories.
 </summary>
 <param name="domain">
 <summary>
@@ -762,9 +774,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="abrt_read_log" lineno="209">
+<interface name="blueman_read_lib_files" lineno="72">
 <summary>
-Read abrt logs.
+Read blueman lib files.
 </summary>
 <param name="domain">
 <summary>
@@ -772,9 +784,10 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="abrt_read_pid_files" lineno="228">
+<interface name="blueman_manage_lib_files" lineno="92">
 <summary>
-Read abrt PID files.
+Create, read, write, and delete
+blueman lib files.
 </summary>
 <param name="domain">
 <summary>
@@ -782,39 +795,39 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="abrt_manage_pid_files" lineno="247">
+</module>
+<module name="bootloader" filename="policy/modules/admin/bootloader.if">
+<summary>Policy for the kernel modules, kernel image, and bootloader.</summary>
+<interface name="bootloader_domtrans" lineno="13">
 <summary>
-Create, read, write, and delete abrt PID files.
+Execute bootloader in the bootloader domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="abrt_admin" lineno="273">
+<interface name="bootloader_run" lineno="39">
 <summary>
-All of the rules required to administrate
-an abrt environment
+Execute bootloader interactively and do
+a domain transition to the bootloader domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 <param name="role">
 <summary>
-The role to be allowed to manage the abrt domain.
+Role allowed access.
 </summary>
 </param>
 <rolecap/>
 </interface>
-</module>
-<module name="accountsd" filename="policy/modules/contrib/accountsd.if">
-<summary>AccountsService and daemon for manipulating user account information via D-Bus</summary>
-<interface name="accountsd_domtrans" lineno="13">
+<interface name="bootloader_exec" lineno="58">
 <summary>
-Execute a domain transition to run accountsd.
+Execute bootloader in the caller domain.
 </summary>
 <param name="domain">
 <summary>
@@ -822,10 +835,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="accountsd_dontaudit_rw_fifo_file" lineno="32">
+<interface name="bootloader_read_config" lineno="77">
 <summary>
-Do not audit attempts to read and write Accounts Daemon
-fifo file.
+Read the bootloader configuration file.
 </summary>
 <param name="domain">
 <summary>
@@ -833,20 +845,22 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="accountsd_dbus_chat" lineno="51">
+<interface name="bootloader_rw_config" lineno="97">
 <summary>
-Send and receive messages from
-accountsd over dbus.
+Read and write the bootloader
+configuration file.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<rolecap/>
 </interface>
-<interface name="accountsd_search_lib" lineno="71">
+<interface name="bootloader_rw_tmp_files" lineno="116">
 <summary>
-Search accountsd lib directories.
+Read and write the bootloader
+temporary data in /tmp.
 </summary>
 <param name="domain">
 <summary>
@@ -854,9 +868,10 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="accountsd_read_lib_files" lineno="90">
+<interface name="bootloader_create_runtime_file" lineno="136">
 <summary>
-Read accountsd lib files.
+Create, read and write the bootloader
+runtime data.
 </summary>
 <param name="domain">
 <summary>
@@ -864,25 +879,27 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="accountsd_manage_lib_files" lineno="110">
+</module>
+<module name="brctl" filename="policy/modules/admin/brctl.if">
+<summary>Utilities for configuring the Linux ethernet bridge.</summary>
+<interface name="brctl_domtrans" lineno="13">
 <summary>
-Create, read, write, and delete
-accountsd lib files.
+Execute a domain transition to run brctl.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="accountsd_admin" lineno="136">
+<interface name="brctl_run" lineno="38">
 <summary>
-All of the rules required to administrate
-an accountsd environment
+Execute brctl in the brctl domain, and
+allow the specified role the brctl domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 <param name="role">
@@ -890,14 +907,13 @@ Domain allowed access.
 Role allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
 </module>
-<module name="acct" filename="policy/modules/contrib/acct.if">
-<summary>Berkeley process accounting</summary>
-<interface name="acct_domtrans" lineno="13">
+<module name="certwatch" filename="policy/modules/admin/certwatch.if">
+<summary>Digital Certificate Tracking.</summary>
+<interface name="certwatch_domtrans" lineno="13">
 <summary>
-Transition to the accounting management domain.
+Domain transition to certwatch.
 </summary>
 <param name="domain">
 <summary>
@@ -905,19 +921,41 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="acct_exec" lineno="32">
+<interface name="certwatch_run" lineno="41">
 <summary>
-Execute accounting management tools in the caller domain.
+Execute certwatch in the certwatch
+domain, and allow the specified role
+the certwatch domain.
+backchannel.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
 </summary>
 </param>
+<rolecap/>
 </interface>
-<interface name="acct_exec_data" lineno="53">
+</module>
+<module name="cfengine" filename="policy/modules/admin/cfengine.if">
+<summary>System administration tool for networks.</summary>
+<template name="cfengine_domain_template" lineno="13">
+<summary>
+The template to define a cfengine domain.
+</summary>
+<param name="domain_prefix">
+<summary>
+Domain prefix to be used.
+</summary>
+</param>
+</template>
+<interface name="cfengine_read_lib_files" lineno="46">
 <summary>
-Execute accounting management data in the caller domain.
+Read cfengine lib files.
 </summary>
 <param name="domain">
 <summary>
@@ -925,22 +963,40 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="acct_manage_data" lineno="72">
+<interface name="cfengine_dontaudit_write_log_files" lineno="66">
 <summary>
-Create, read, write, and delete process accounting data.
+Do not audit attempts to write
+cfengine log files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="cfengine_admin" lineno="91">
+<summary>
+All of the rules required to
+administrate an cfengine environment.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
 </interface>
 </module>
-<module name="ada" filename="policy/modules/contrib/ada.if">
-<summary>GNAT Ada95 compiler</summary>
-<interface name="ada_domtrans" lineno="13">
+<module name="chkrootkit" filename="policy/modules/admin/chkrootkit.if">
+<summary>chkrootkit - rootkit checker.</summary>
+<interface name="chkrootkit_domtrans" lineno="13">
 <summary>
-Execute the ada program in the ada domain.
+Execute a domain transition to run chkrootkit.
 </summary>
 <param name="domain">
 <summary>
@@ -948,10 +1004,11 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="ada_run" lineno="38">
+<interface name="chkrootkit_run" lineno="39">
 <summary>
-Execute ada in the ada domain, and
-allow the specified role the ada domain.
+Execute chkrootkit in the chkrootkit domain,
+and allow the specified role
+the chkrootkit domain.
 </summary>
 <param name="domain">
 <summary>
@@ -965,12 +1022,13 @@ Role allowed access.
 </param>
 </interface>
 </module>
-<module name="afs" filename="policy/modules/contrib/afs.if">
-<summary>Andrew Filesystem server</summary>
-<interface name="afs_domtrans" lineno="14">
+<module name="consoletype" filename="policy/modules/admin/consoletype.if">
 <summary>
-Execute a domain transition to run the
-afs client.
+Determine of the console connected to the controlling terminal.
+</summary>
+<interface name="consoletype_domtrans" lineno="15">
+<summary>
+Execute consoletype in the consoletype domain.
 </summary>
 <param name="domain">
 <summary>
@@ -978,29 +1036,39 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="afs_rw_udp_sockets" lineno="33">
+<interface name="consoletype_run" lineno="44">
 <summary>
-Read and write afs client UDP sockets.
+Execute consoletype in the consoletype domain, and
+allow the specified role the consoletype domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
 </summary>
 </param>
 </interface>
-<interface name="afs_rw_cache" lineno="51">
+<interface name="consoletype_exec" lineno="64">
 <summary>
-read/write afs cache files
+Execute consoletype in the caller domain.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<rolecap/>
 </interface>
-<interface name="afs_initrc_domtrans" lineno="70">
+</module>
+<module name="ddcprobe" filename="policy/modules/admin/ddcprobe.if">
+<summary>ddcprobe retrieves monitor and graphics card information.</summary>
+<interface name="ddcprobe_domtrans" lineno="13">
 <summary>
-Execute afs server in the afs domain.
+Execute ddcprobe in the ddcprobe domain.
 </summary>
 <param name="domain">
 <summary>
@@ -1008,39 +1076,30 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="afs_admin" lineno="95">
+<interface name="ddcprobe_run" lineno="40">
 <summary>
-All of the rules required to administrate
-an afs environment
+Execute ddcprobe in the ddcprobe
+domain, and allow the specified
+role the ddcprobe domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 <param name="role">
 <summary>
-The role to be allowed to manage the afs domain.
+Role allowed access.
 </summary>
 </param>
 <rolecap/>
 </interface>
 </module>
-<module name="aiccu" filename="policy/modules/contrib/aiccu.if">
-<summary>Automatic IPv6 Connectivity Client Utility.</summary>
-<interface name="aiccu_domtrans" lineno="13">
-<summary>
-Execute a domain transition to run aiccu.
-</summary>
-<param name="domain">
-<summary>
-Domain allowed to transition.
-</summary>
-</param>
-</interface>
-<interface name="aiccu_initrc_domtrans" lineno="32">
+<module name="dmesg" filename="policy/modules/admin/dmesg.if">
+<summary>Policy for dmesg.</summary>
+<interface name="dmesg_domtrans" lineno="13">
 <summary>
-Execute aiccu server in the aiccu domain.
+Execute dmesg in the dmesg domain.
 </summary>
 <param name="domain">
 <summary>
@@ -1048,20 +1107,21 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="aiccu_read_pid_files" lineno="50">
+<interface name="dmesg_exec" lineno="33">
 <summary>
-Read aiccu PID files.
+Execute dmesg in the caller domain.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<rolecap/>
 </interface>
-<interface name="aiccu_admin" lineno="76">
+<interface name="dmesg_run" lineno="61">
 <summary>
-All of the rules required to administrate
-an aiccu environment
+Execute dmesg in the dmesg_t domain, and allow the calling role
+the dmesg_t domain.
 </summary>
 <param name="domain">
 <summary>
@@ -1076,11 +1136,11 @@ Role allowed access.
 <rolecap/>
 </interface>
 </module>
-<module name="aide" filename="policy/modules/contrib/aide.if">
-<summary>Aide filesystem integrity checker</summary>
-<interface name="aide_domtrans" lineno="13">
+<module name="dmidecode" filename="policy/modules/admin/dmidecode.if">
+<summary>Decode DMI data for x86/ia64 bioses.</summary>
+<interface name="dmidecode_domtrans" lineno="13">
 <summary>
-Execute aide in the aide domain
+Execute dmidecode in the dmidecode domain.
 </summary>
 <param name="domain">
 <summary>
@@ -1088,9 +1148,11 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="aide_run" lineno="37">
+<interface name="dmidecode_run" lineno="40">
 <summary>
-Execute aide programs in the AIDE domain.
+Execute dmidecode in the dmidecode
+domain, and allow the specified
+role the dmidecode domain.
 </summary>
 <param name="domain">
 <summary>
@@ -1099,49 +1161,57 @@ Domain allowed to transition.
 </param>
 <param name="role">
 <summary>
-The role to allow the AIDE domain.
+Role allowed access.
 </summary>
 </param>
+<rolecap/>
 </interface>
-<interface name="aide_admin" lineno="58">
+</module>
+<module name="dphysswapfile" filename="policy/modules/admin/dphysswapfile.if">
+<summary>Set up, mount/unmount, and delete an swap file.</summary>
+<interface name="dphysswapfile_dontaudit_read_swap" lineno="13">
 <summary>
-All of the rules required to administrate
-an aide environment
+Dontaudit acces to the swap file.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
 </interface>
-</module>
-<module name="aisexec" filename="policy/modules/contrib/aisexec.if">
-<summary>Aisexec Cluster Engine</summary>
-<interface name="aisexec_domtrans" lineno="13">
+<interface name="dphysswapfile_admin" lineno="40">
 <summary>
-Execute a domain transition to run aisexec.
+All of the rules required to
+administrate an dphys-swapfile environment.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
 </summary>
 </param>
+<rolecap/>
 </interface>
-<interface name="aisexec_stream_connect" lineno="32">
+</module>
+<module name="dpkg" filename="policy/modules/admin/dpkg.if">
+<summary>Debian package manager.</summary>
+<interface name="dpkg_domtrans" lineno="13">
 <summary>
-Connect to aisexec over a unix domain
-stream socket.
+Execute dpkg programs in the dpkg domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="aisexec_read_log" lineno="51">
+<interface name="dpkg_nnp_domtrans" lineno="32">
 <summary>
-Allow the specified domain to read aisexec's log files.
+Transition to dpkg_t when NNP has been set
 </summary>
 <param name="domain">
 <summary>
@@ -1149,66 +1219,56 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="aisexecd_admin" lineno="78">
+<interface name="dpkg_run" lineno="57">
 <summary>
-All of the rules required to administrate
-an aisexec environment
+Execute dpkg programs in the dpkg domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 <param name="role">
 <summary>
-The role to be allowed to manage the aisexecd domain.
+Role allowed access.
 </summary>
 </param>
 <rolecap/>
 </interface>
-</module>
-<module name="alsa" filename="policy/modules/contrib/alsa.if">
-<summary>Ainit ALSA configuration tool.</summary>
-<interface name="alsa_domtrans" lineno="13">
+<interface name="dpkg_exec" lineno="76">
 <summary>
-Execute a domain transition to run Alsa.
+Execute the dkpg in the caller domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="alsa_run" lineno="39">
+<interface name="dpkg_domtrans_script" lineno="96">
 <summary>
-Execute a domain transition to run
-Alsa, and allow the specified role
-the Alsa domain.
+Execute dpkg_script programs in
+the dpkg_script domain.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed to transition.
 </summary>
 </param>
-<param name="role">
-<summary>
-Role allowed access.
-</summary>
-</param>
 </interface>
-<interface name="alsa_rw_semaphores" lineno="58">
+<interface name="dpkg_script_rw_pipes" lineno="117">
 <summary>
-Read and write Alsa semaphores.
+access dpkg_script fifos
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed access
 </summary>
 </param>
 </interface>
-<interface name="alsa_rw_shared_mem" lineno="76">
+<interface name="dpkg_use_fds" lineno="136">
 <summary>
-Read and write Alsa shared memory.
+Inherit and use file descriptors from dpkg.
 </summary>
 <param name="domain">
 <summary>
@@ -1216,9 +1276,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="alsa_read_rw_config" lineno="94">
+<interface name="dpkg_read_pipes" lineno="154">
 <summary>
-Read writable Alsa config files.
+Read from unnamed dpkg pipes.
 </summary>
 <param name="domain">
 <summary>
@@ -1226,9 +1286,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="alsa_manage_rw_config" lineno="119">
+<interface name="dpkg_rw_pipes" lineno="172">
 <summary>
-Manage writable Alsa config files.
+Read and write unnamed dpkg pipes.
 </summary>
 <param name="domain">
 <summary>
@@ -1236,9 +1296,10 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="alsa_manage_home_files" lineno="144">
+<interface name="dpkg_use_script_fds" lineno="191">
 <summary>
-Manage alsa home files.
+Inherit and use file descriptors
+from dpkg scripts.
 </summary>
 <param name="domain">
 <summary>
@@ -1246,9 +1307,10 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="alsa_read_home_files" lineno="163">
+<interface name="dpkg_script_rw_inherited_pipes" lineno="210">
 <summary>
-Read Alsa home files.
+Inherit and use file descriptors
+from dpkg scripts.
 </summary>
 <param name="domain">
 <summary>
@@ -1256,9 +1318,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="alsa_relabel_home_files" lineno="182">
+<interface name="dpkg_read_db" lineno="229">
 <summary>
-Relabel alsa home files.
+Read dpkg package database content.
 </summary>
 <param name="domain">
 <summary>
@@ -1266,9 +1328,10 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="alsa_read_lib" lineno="201">
+<interface name="dpkg_manage_db" lineno="251">
 <summary>
-Read Alsa lib files.
+Create, read, write, and delete
+dpkg package database content.
 </summary>
 <param name="domain">
 <summary>
@@ -1276,41 +1339,32 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-</module>
-<module name="amanda" filename="policy/modules/contrib/amanda.if">
-<summary>Advanced Maryland Automatic Network Disk Archiver.</summary>
-<interface name="amanda_domtrans_recover" lineno="14">
+<interface name="dpkg_dontaudit_manage_db" lineno="273">
 <summary>
-Execute a domain transition to run
-Amanda recover.
+Do not audit attempts to create,
+read, write, and delete dpkg
+package database content.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="amanda_run_recover" lineno="41">
+<interface name="dpkg_lock_db" lineno="294">
 <summary>
-Execute a domain transition to run
-Amanda recover, and allow the specified
-role the Amanda recover domain.
+Create, read, write, and delete
+dpkg lock files.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
-</summary>
-</param>
-<param name="role">
-<summary>
-Role allowed access.
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="amanda_search_lib" lineno="60">
+<interface name="dpkg_manage_script_tmp_files" lineno="314">
 <summary>
-Search Amanda library directories.
+manage dpkg_script_tmp_t files and dirs
 </summary>
 <param name="domain">
 <summary>
@@ -1318,19 +1372,19 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="amanda_dontaudit_read_dumpdates" lineno="79">
+<interface name="dpkg_map_script_tmp_files" lineno="334">
 <summary>
-Do not audit attempts to read /etc/dumpdates.
+map dpkg_script_tmp_t files
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="amanda_rw_dumpdates_files" lineno="97">
+<interface name="dpkg_read_script_tmp_symlinks" lineno="352">
 <summary>
-Read and write /etc/dumpdates.
+read dpkg_script_tmp_t links
 </summary>
 <param name="domain">
 <summary>
@@ -1338,45 +1392,58 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="amanda_manage_lib" lineno="116">
+</module>
+<module name="fakehwclock" filename="policy/modules/admin/fakehwclock.if">
+<summary>fake-hwclock - Control fake hardware clock.</summary>
+<interface name="fakehwclock_domtrans" lineno="13">
 <summary>
-Search Amanda library directories.
+Execute a domain transition to run fake-hwclock.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="amanda_append_log_files" lineno="135">
+<interface name="fakehwclock_run" lineno="41">
 <summary>
-Read and append amanda logs.
+Execute fake-hwclock in the fake-hwclock domain,
+and allow the specified role
+the fake-hwclock domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
 </summary>
 </param>
 </interface>
-<interface name="amanda_search_var_lib" lineno="154">
+<interface name="fakehwclock_admin" lineno="68">
 <summary>
-Search Amanda var library directories.
+All the rules required to
+administrate an fake-hwclock environment.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
-</interface>
-</module>
-<module name="amavis" filename="policy/modules/contrib/amavis.if">
+<param name="role">
 <summary>
-Daemon that interfaces mail transfer agents and content
-checkers, such as virus scanners.
+Role allowed access.
 </summary>
-<interface name="amavis_domtrans" lineno="16">
+</param>
+</interface>
+</module>
+<module name="firstboot" filename="policy/modules/admin/firstboot.if">
+<summary>Initial system configuration utility.</summary>
+<interface name="firstboot_domtrans" lineno="13">
 <summary>
-Execute a domain transition to run amavis.
+Execute firstboot in the firstboot domain.
 </summary>
 <param name="domain">
 <summary>
@@ -1384,19 +1451,26 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="amavis_initrc_domtrans" lineno="35">
+<interface name="firstboot_run" lineno="39">
 <summary>
-Execute amavis server in the amavis domain.
+Execute firstboot in the firstboot
+domain, and allow the specified role
+the firstboot domain.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed to transition.
 </summary>
 </param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
 </interface>
-<interface name="amavis_read_spool_files" lineno="53">
+<interface name="firstboot_use_fds" lineno="58">
 <summary>
-Read amavis spool files.
+Inherit and use firstboot file descriptors.
 </summary>
 <param name="domain">
 <summary>
@@ -1404,81 +1478,121 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="amavis_manage_spool_files" lineno="72">
+<interface name="firstboot_dontaudit_use_fds" lineno="77">
 <summary>
-Manage amavis spool files.
+Do not audit attempts to inherit
+firstboot file descriptors.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="amavis_spool_filetrans" lineno="103">
+<interface name="firstboot_write_pipes" lineno="95">
 <summary>
-Create objects in the amavis spool directories
-with a private type.
+Write firstboot unnamed pipes.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="private_type">
+</interface>
+<interface name="firstboot_rw_pipes" lineno="113">
 <summary>
-Private file type.
+Read and Write firstboot unnamed pipes.
 </summary>
-</param>
-<param name="object_class">
+<param name="domain">
 <summary>
-Class of the object being created.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="amavis_search_lib" lineno="122">
+<interface name="firstboot_dontaudit_rw_pipes" lineno="132">
 <summary>
-Search amavis lib directories.
+Do not audit attemps to read and
+write firstboot unnamed pipes.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="amavis_read_lib_files" lineno="141">
+<interface name="firstboot_dontaudit_rw_stream_sockets" lineno="152">
 <summary>
-Read amavis lib files.
+Do not audit attemps to read and
+write firstboot unix domain
+stream sockets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="amavis_manage_lib_files" lineno="162">
+<tunable name="firstboot_read_generic_user_content" dftval="true">
+<desc>
+<p>
+Grant the firstboot domains read access to generic user content
+</p>
+</desc>
+</tunable>
+<tunable name="firstboot_read_all_user_content" dftval="false">
+<desc>
+<p>
+Grant the firstboot domains read access to all user content
+</p>
+</desc>
+</tunable>
+<tunable name="firstboot_manage_generic_user_content" dftval="false">
+<desc>
+<p>
+Grant the firstboot domains manage rights on generic user content
+</p>
+</desc>
+</tunable>
+<tunable name="firstboot_manage_all_user_content" dftval="false">
+<desc>
+<p>
+Grant the firstboot domains manage rights on all user content
+</p>
+</desc>
+</tunable>
+</module>
+<module name="hwloc" filename="policy/modules/admin/hwloc.if">
+<summary>Dump topology and locality information from hardware tables.</summary>
+<interface name="hwloc_domtrans_dhwd" lineno="13">
 <summary>
-Create, read, write, and delete
-amavis lib files.
+Execute hwloc dhwd in the hwloc dhwd domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="amavis_setattr_pid_files" lineno="181">
+<interface name="hwloc_run_dhwd" lineno="38">
 <summary>
-Set the attributes of amavis pid files.
+Execute hwloc dhwd in the hwloc dhwd domain, and
+allow the specified role the hwloc dhwd domain,
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
 </summary>
 </param>
+<rolecap/>
 </interface>
-<interface name="amavis_create_pid_files" lineno="200">
+<interface name="hwloc_exec_dhwd" lineno="57">
 <summary>
-Create of amavis pid files.
+Execute hwloc dhwd in the caller domain.
 </summary>
 <param name="domain">
 <summary>
@@ -1486,29 +1600,34 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="amavis_admin" lineno="226">
+<interface name="hwloc_read_runtime_files" lineno="75">
 <summary>
-All of the rules required to administrate
-an amavis environment
+Read hwloc runtime files.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="hwloc_admin" lineno="96">
 <summary>
-Role allowed access.
+All of the rules required to
+administrate an hwloc environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
 <rolecap/>
 </interface>
 </module>
-<module name="amtu" filename="policy/modules/contrib/amtu.if">
-<summary>Abstract Machine Test Utility.</summary>
-<interface name="amtu_domtrans" lineno="13">
+<module name="kdump" filename="policy/modules/admin/kdump.if">
+<summary>Kernel crash dumping mechanism.</summary>
+<interface name="kdump_domtrans" lineno="13">
 <summary>
-Execute a domain transition to run Amtu.
+Execute kdump in the kdump domain.
 </summary>
 <param name="domain">
 <summary>
@@ -1516,88 +1635,105 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="amtu_run" lineno="39">
+<interface name="kdump_initrc_domtrans" lineno="33">
 <summary>
-Execute a domain transition to run
-Amtu, and allow the specified role
-the Amtu domain.
+Execute kdump init scripts in
+the init script domain.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed to transition.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="kdump_read_config" lineno="51">
 <summary>
-Role allowed access.
+Read kdump configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
 </interface>
-</module>
-<module name="anaconda" filename="policy/modules/contrib/anaconda.if">
-<summary>Anaconda installer.</summary>
-</module>
-<module name="apache" filename="policy/modules/contrib/apache.if">
-<summary>Apache web server</summary>
-<template name="apache_content_template" lineno="14">
+<interface name="kdump_manage_config" lineno="71">
 <summary>
-Create a set of derived types for apache
-web content.
+Create, read, write, and delete
+kdmup configuration files.
 </summary>
-<param name="prefix">
+<param name="domain">
 <summary>
-The prefix to be used for deriving type names.
+Domain allowed access.
 </summary>
 </param>
-</template>
-<interface name="apache_role" lineno="211">
+</interface>
+<interface name="kdump_admin" lineno="97">
 <summary>
-Role access for apache
+All of the rules required to
+administrate an kdump environment.
 </summary>
-<param name="role">
+<param name="domain">
 <summary>
-Role allowed access
+Domain allowed access.
 </summary>
 </param>
-<param name="domain">
+<param name="role">
 <summary>
-User domain for the role
+Role allowed access.
 </summary>
 </param>
+<rolecap/>
 </interface>
-<interface name="apache_read_user_scripts" lineno="271">
+</module>
+<module name="kdumpgui" filename="policy/modules/admin/kdumpgui.if">
+<summary>System-config-kdump GUI.</summary>
+</module>
+<module name="kismet" filename="policy/modules/admin/kismet.if">
+<summary>IEEE 802.11 wireless LAN sniffer.</summary>
+<template name="kismet_role" lineno="18">
 <summary>
-Read httpd user scripts executables.
+Role access for kismet.
 </summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
 <param name="domain">
 <summary>
-Domain allowed access.
+User domain for the role.
 </summary>
 </param>
-</interface>
-<interface name="apache_read_user_content" lineno="291">
+</template>
+<interface name="kismet_domtrans" lineno="51">
 <summary>
-Read user web content.
+Execute a domain transition to run kismet.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="apache_domtrans" lineno="311">
+<interface name="kismet_run" lineno="76">
 <summary>
-Transition to apache.
+Execute kismet in the kismet domain, and
+allow the specified role the kismet domain.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed to transition.
 </summary>
 </param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
 </interface>
-<interface name="apache_signal" lineno="330">
+<interface name="kismet_read_pid_files" lineno="95">
 <summary>
-Send a generic signal to apache.
+Read kismet pid files.
 </summary>
 <param name="domain">
 <summary>
@@ -1605,9 +1741,10 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="apache_signull" lineno="348">
+<interface name="kismet_manage_pid_files" lineno="115">
 <summary>
-Send a null signal to apache.
+Create, read, write, and delete
+kismet pid files.
 </summary>
 <param name="domain">
 <summary>
@@ -1615,9 +1752,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="apache_sigchld" lineno="366">
+<interface name="kismet_search_lib" lineno="134">
 <summary>
-Send a SIGCHLD signal to apache.
+Search kismet lib directories.
 </summary>
 <param name="domain">
 <summary>
@@ -1625,9 +1762,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="apache_use_fds" lineno="384">
+<interface name="kismet_read_lib_files" lineno="153">
 <summary>
-Inherit and use file descriptors from Apache.
+Read kismet lib files.
 </summary>
 <param name="domain">
 <summary>
@@ -1635,54 +1772,53 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="apache_dontaudit_rw_fifo_file" lineno="403">
+<interface name="kismet_manage_lib_files" lineno="174">
 <summary>
-Do not audit attempts to read and write Apache
-unnamed pipes.
+Create, read, write, and delete
+kismet lib files.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="apache_dontaudit_rw_stream_sockets" lineno="422">
+<interface name="kismet_manage_lib" lineno="194">
 <summary>
-Do not audit attempts to read and write Apache
-unix domain stream sockets.
+Create, read, write, and delete
+kismet lib content.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="apache_dontaudit_rw_tcp_sockets" lineno="441">
+<interface name="kismet_read_log" lineno="216">
 <summary>
-Do not audit attempts to read and write Apache
-TCP sockets.
+Read kismet log files.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
+<rolecap/>
 </interface>
-<interface name="apache_manage_all_content" lineno="460">
+<interface name="kismet_append_log" lineno="235">
 <summary>
-Create, read, write, and delete all web content.
+Append kismet log files.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="apache_setattr_cache_dirs" lineno="485">
+<interface name="kismet_manage_log" lineno="255">
 <summary>
-Allow domain to  set the attributes
-of the APACHE cache directory.
+Create, read, write, and delete
+kismet log content.
 </summary>
 <param name="domain">
 <summary>
@@ -1690,78 +1826,98 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="apache_list_cache" lineno="504">
+<interface name="kismet_admin" lineno="283">
 <summary>
-Allow the specified domain to list
-Apache cache.
+All of the rules required to
+administrate an kismet environment.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
 </interface>
-<interface name="apache_rw_cache_files" lineno="523">
+</module>
+<module name="kudzu" filename="policy/modules/admin/kudzu.if">
+<summary>Hardware detection and configuration tools.</summary>
+<interface name="kudzu_domtrans" lineno="13">
 <summary>
-Allow the specified domain to read
-and write Apache cache files.
+Execute kudzu in the kudzu domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="apache_delete_cache_files" lineno="542">
+<interface name="kudzu_run" lineno="39">
 <summary>
-Allow the specified domain to delete
-Apache cache.
+Execute kudzu in the kudzu domain, and
+allow the specified role the kudzu domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
 </summary>
 </param>
+<rolecap/>
 </interface>
-<interface name="apache_read_config" lineno="562">
+<interface name="kudzu_getattr_exec_files" lineno="58">
 <summary>
-Allow the specified domain to read
-apache configuration files.
+Get attributes of kudzu executable files.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="apache_manage_config" lineno="584">
+<interface name="kudzu_admin" lineno="83">
 <summary>
-Allow the specified domain to manage
-apache configuration files.
+All of the rules required to
+administrate an kudzu environment.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
 </interface>
-<interface name="apache_domtrans_helper" lineno="606">
+</module>
+<module name="logrotate" filename="policy/modules/admin/logrotate.if">
+<summary>Rotates, compresses, removes and mails system log files.</summary>
+<interface name="logrotate_domtrans" lineno="13">
 <summary>
-Execute the Apache helper program with
-a domain transition.
+Execute logrotate in the logrotate domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="apache_run_helper" lineno="633">
+<interface name="logrotate_run" lineno="40">
 <summary>
-Execute the Apache helper program with
-a domain transition, and allow the
-specified role the Apache helper domain.
+Execute logrotate in the logrotate
+domain, and allow the specified
+role the logrotate domain.
 </summary>
 <param name="domain">
 <summary>
@@ -1775,22 +1931,19 @@ Role allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="apache_read_log" lineno="654">
+<interface name="logrotate_exec" lineno="59">
 <summary>
-Allow the specified domain to read
-apache log files.
+Execute logrotate in the caller domain.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="apache_append_log" lineno="676">
+<interface name="logrotate_use_fds" lineno="78">
 <summary>
-Allow the specified domain to append
-to apache log files.
+Inherit and use logrotate file descriptors.
 </summary>
 <param name="domain">
 <summary>
@@ -1798,10 +1951,10 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="apache_dontaudit_append_log" lineno="697">
+<interface name="logrotate_dontaudit_use_fds" lineno="97">
 <summary>
-Do not audit attempts to append to the
-Apache logs.
+Do not audit attempts to inherit
+logrotate file descriptors.
 </summary>
 <param name="domain">
 <summary>
@@ -1809,10 +1962,9 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="apache_manage_log" lineno="716">
+<interface name="logrotate_read_tmp_files" lineno="115">
 <summary>
-Allow the specified domain to manage
-to apache log files.
+Read logrotate temporary files.
 </summary>
 <param name="domain">
 <summary>
@@ -1820,22 +1972,22 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="apache_dontaudit_search_modules" lineno="738">
+</module>
+<module name="logwatch" filename="policy/modules/admin/logwatch.if">
+<summary>System log analyzer and reporter.</summary>
+<interface name="logwatch_read_tmp_files" lineno="13">
 <summary>
-Do not audit attempts to search Apache
-module directories.
+Read logwatch temporary files.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="apache_list_modules" lineno="758">
+<interface name="logwatch_search_cache_dir" lineno="32">
 <summary>
-Allow the specified domain to list
-the contents of the apache modules
-directory.
+Search logwatch cache directories.
 </summary>
 <param name="domain">
 <summary>
@@ -1843,31 +1995,98 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="apache_exec_modules" lineno="777">
+<tunable name="logwatch_can_network_connect_mail" dftval="false">
+<desc>
+<p>
+Determine whether logwatch can connect
+to mail over the network.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="mcelog" filename="policy/modules/admin/mcelog.if">
+<summary>Linux hardware error daemon.</summary>
+<interface name="mcelog_domtrans" lineno="13">
 <summary>
-Allow the specified domain to execute
-apache modules.
+Execute a domain transition to run mcelog.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="mcelog_admin" lineno="39">
+<summary>
+All of the rules required to
+administrate an mcelog environment.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
 </interface>
-<interface name="apache_domtrans_rotatelogs" lineno="797">
+<tunable name="mcelog_client" dftval="false">
+<desc>
+<p>
+Determine whether mcelog supports
+client mode.
+</p>
+</desc>
+</tunable>
+<tunable name="mcelog_exec_scripts" dftval="true">
+<desc>
+<p>
+Determine whether mcelog can execute scripts.
+</p>
+</desc>
+</tunable>
+<tunable name="mcelog_foreground" dftval="false">
+<desc>
+<p>
+Determine whether mcelog can use all
+the user ttys.
+</p>
+</desc>
+</tunable>
+<tunable name="mcelog_server" dftval="false">
+<desc>
+<p>
+Determine whether mcelog supports
+server mode.
+</p>
+</desc>
+</tunable>
+<tunable name="mcelog_syslog" dftval="false">
+<desc>
+<p>
+Determine whether mcelog can use syslog.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="mrtg" filename="policy/modules/admin/mrtg.if">
+<summary>Network traffic graphing.</summary>
+<interface name="mrtg_read_config" lineno="13">
 <summary>
-Execute a domain transition to run httpd_rotatelogs.
+Read mrtg configuration
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="apache_list_sys_content" lineno="816">
+<interface name="mrtg_append_create_logs" lineno="31">
 <summary>
-Allow the specified domain to list
-apache system content files.
+Create and append mrtg log files.
 </summary>
 <param name="domain">
 <summary>
@@ -1875,22 +2094,29 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="apache_manage_sys_content" lineno="838">
+<interface name="mrtg_admin" lineno="58">
 <summary>
-Allow the specified domain to manage
-apache system content files.
+All of the rules required to
+administrate an mrtg environment.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
 <rolecap/>
 </interface>
-<interface name="apache_domtrans_sys_script" lineno="862">
+</module>
+<module name="ncftool" filename="policy/modules/admin/ncftool.if">
+<summary>Cross-platform network configuration library.</summary>
+<interface name="ncftool_domtrans" lineno="13">
 <summary>
-Execute all web scripts in the system
-script domain.
+Execute a domain transition to run ncftool.
 </summary>
 <param name="domain">
 <summary>
@@ -1898,21 +2124,29 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="apache_dontaudit_rw_sys_script_stream_sockets" lineno="884">
+<interface name="ncftool_run" lineno="39">
 <summary>
-Do not audit attempts to read and write Apache
-system script unix domain stream sockets.
+Execute ncftool in the ncftool
+domain, and allow the specified
+role the ncftool domain.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
 </summary>
 </param>
 </interface>
-<interface name="apache_domtrans_all_scripts" lineno="903">
+</module>
+<module name="netutils" filename="policy/modules/admin/netutils.if">
+<summary>Network analysis utilities</summary>
+<interface name="netutils_domtrans" lineno="13">
 <summary>
-Execute all user scripts in the user
-script domain.
+Execute network utilities in the netutils domain.
 </summary>
 <param name="domain">
 <summary>
@@ -1920,11 +2154,10 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="apache_run_all_scripts" lineno="928">
+<interface name="netutils_run" lineno="39">
 <summary>
-Execute all user scripts in the user
-script domain.  Add user script domains
-to the specified role.
+Execute network utilities in the netutils domain, and
+allow the specified role the netutils domain.
 </summary>
 <param name="domain">
 <summary>
@@ -1933,14 +2166,14 @@ Domain allowed to transition.
 </param>
 <param name="role">
 <summary>
-Role allowed access..
+Role allowed access.
 </summary>
 </param>
+<rolecap/>
 </interface>
-<interface name="apache_read_squirrelmail_data" lineno="948">
+<interface name="netutils_exec" lineno="58">
 <summary>
-Allow the specified domain to read
-apache squirrelmail data.
+Execute network utilities in the caller domain.
 </summary>
 <param name="domain">
 <summary>
@@ -1948,10 +2181,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="apache_append_squirrelmail_data" lineno="967">
+<interface name="netutils_signal" lineno="77">
 <summary>
-Allow the specified domain to append
-apache squirrelmail data.
+Send generic signals to network utilities.
 </summary>
 <param name="domain">
 <summary>
@@ -1959,19 +2191,19 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="apache_search_sys_content" lineno="985">
+<interface name="netutils_domtrans_ping" lineno="95">
 <summary>
-Search apache system content.
+Execute ping in the ping domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="apache_read_sys_content" lineno="1003">
+<interface name="netutils_kill_ping" lineno="114">
 <summary>
-Read apache system content.
+Send a kill (SIGKILL) signal to ping.
 </summary>
 <param name="domain">
 <summary>
@@ -1979,9 +2211,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="apache_search_sys_scripts" lineno="1023">
+<interface name="netutils_signal_ping" lineno="132">
 <summary>
-Search apache system CGI directories.
+Send generic signals to ping.
 </summary>
 <param name="domain">
 <summary>
@@ -1989,31 +2221,43 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="apache_manage_all_user_content" lineno="1042">
+<interface name="netutils_run_ping" lineno="157">
 <summary>
-Create, read, write, and delete all user web content.
+Execute ping in the ping domain, and
+allow the specified role the ping domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
 </summary>
 </param>
 <rolecap/>
 </interface>
-<interface name="apache_search_sys_script_state" lineno="1066">
+<interface name="netutils_run_ping_cond" lineno="183">
 <summary>
-Search system script state directory.
+Conditionally execute ping in the ping domain, and
+allow the specified role the ping domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
 </interface>
-<interface name="apache_read_tmp_files" lineno="1085">
+<interface name="netutils_exec_ping" lineno="206">
 <summary>
-Allow the specified domain to read
-apache tmp files.
+Execute ping in the caller domain.
 </summary>
 <param name="domain">
 <summary>
@@ -2021,55 +2265,41 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="apache_dontaudit_write_tmp_files" lineno="1105">
+<interface name="netutils_domtrans_traceroute" lineno="225">
 <summary>
-Dontaudit attempts to write
-apache tmp files.
+Execute traceroute in the traceroute domain.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="apache_cgi_domain" lineno="1138">
+<interface name="netutils_run_traceroute" lineno="251">
 <summary>
-Execute CGI in the specified domain.
+Execute traceroute in the traceroute domain, and
+allow the specified role the traceroute domain.
 </summary>
-<desc>
-<p>
-Execute CGI in the specified domain.
-</p>
-<p>
-This is an interface to support third party modules
-and its use is not allowed in upstream reference
-policy.
-</p>
-</desc>
 <param name="domain">
 <summary>
-Domain run the cgi script in.
+Domain allowed to transition.
 </summary>
 </param>
-<param name="entrypoint">
+<param name="role">
 <summary>
-Type of the executable to enter the cgi domain.
+Role allowed access.
 </summary>
 </param>
+<rolecap/>
 </interface>
-<interface name="apache_admin" lineno="1171">
-<summary>
-All of the rules required to administrate an apache environment
-</summary>
-<param name="prefix">
+<interface name="netutils_run_traceroute_cond" lineno="277">
 <summary>
-Prefix of the domain. Example, user would be
-the prefix for the uder_t domain.
+Conditionally execute traceroute in the traceroute domain, and
+allow the specified role the traceroute domain.
 </summary>
-</param>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 <param name="role">
@@ -2079,143 +2309,29 @@ Role allowed access.
 </param>
 <rolecap/>
 </interface>
-<tunable name="allow_httpd_anon_write" dftval="false">
-<desc>
-<p>
-Allow Apache to modify public files
-used for public file transfer services. Directories/Files must
-be labeled public_content_rw_t.
-</p>
-</desc>
-</tunable>
-<tunable name="allow_httpd_mod_auth_pam" dftval="false">
-<desc>
-<p>
-Allow Apache to use mod_auth_pam
-</p>
-</desc>
-</tunable>
-<tunable name="httpd_builtin_scripting" dftval="false">
-<desc>
-<p>
-Allow httpd to use built in scripting (usually php)
-</p>
-</desc>
-</tunable>
-<tunable name="httpd_can_network_connect" dftval="false">
-<desc>
-<p>
-Allow HTTPD scripts and modules to connect to the network using TCP.
-</p>
-</desc>
-</tunable>
-<tunable name="httpd_can_network_connect_db" dftval="false">
-<desc>
-<p>
-Allow HTTPD scripts and modules to connect to databases over the network.
-</p>
-</desc>
-</tunable>
-<tunable name="httpd_can_network_relay" dftval="false">
-<desc>
-<p>
-Allow httpd to act as a relay
-</p>
-</desc>
-</tunable>
-<tunable name="httpd_can_sendmail" dftval="false">
-<desc>
-<p>
-Allow http daemon to send mail
-</p>
-</desc>
-</tunable>
-<tunable name="httpd_dbus_avahi" dftval="false">
-<desc>
-<p>
-Allow Apache to communicate with avahi service via dbus
-</p>
-</desc>
-</tunable>
-<tunable name="httpd_enable_cgi" dftval="false">
-<desc>
-<p>
-Allow httpd cgi support
-</p>
-</desc>
-</tunable>
-<tunable name="httpd_enable_ftp_server" dftval="false">
-<desc>
-<p>
-Allow httpd to act as a FTP server by
-listening on the ftp port.
-</p>
-</desc>
-</tunable>
-<tunable name="httpd_enable_homedirs" dftval="false">
-<desc>
-<p>
-Allow httpd to read home directories
-</p>
-</desc>
-</tunable>
-<tunable name="httpd_setrlimit" dftval="false">
-<desc>
-<p>
-Allow httpd daemon to change its resource limits
-</p>
-</desc>
-</tunable>
-<tunable name="httpd_ssi_exec" dftval="false">
-<desc>
-<p>
-Allow HTTPD to run SSI executables in the same domain as system CGI scripts.
-</p>
-</desc>
-</tunable>
-<tunable name="httpd_tty_comm" dftval="false">
-<desc>
-<p>
-Unify HTTPD to communicate with the terminal.
-Needed for entering the passphrase for certificates at
-the terminal.
-</p>
-</desc>
-</tunable>
-<tunable name="httpd_unified" dftval="false">
-<desc>
-<p>
-Unify HTTPD handling of all content files.
-</p>
-</desc>
-</tunable>
-<tunable name="httpd_use_cifs" dftval="false">
-<desc>
-<p>
-Allow httpd to access cifs file systems
-</p>
-</desc>
-</tunable>
-<tunable name="httpd_use_gpg" dftval="false">
-<desc>
-<p>
-Allow httpd to run gpg
-</p>
-</desc>
-</tunable>
-<tunable name="httpd_use_nfs" dftval="false">
+<interface name="netutils_exec_traceroute" lineno="300">
+<summary>
+Execute traceroute in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<tunable name="user_ping" dftval="false">
 <desc>
 <p>
-Allow httpd to access nfs file systems
+Control users use of ping and traceroute
 </p>
 </desc>
 </tunable>
 </module>
-<module name="apcupsd" filename="policy/modules/contrib/apcupsd.if">
-<summary>APC UPS monitoring daemon</summary>
-<interface name="apcupsd_domtrans" lineno="13">
+<module name="passenger" filename="policy/modules/admin/passenger.if">
+<summary>Ruby on rails deployment for Apache and Nginx servers.</summary>
+<interface name="passenger_domtrans" lineno="13">
 <summary>
-Execute a domain transition to run apcupsd.
+Execute passenger in the passenger domain.
 </summary>
 <param name="domain">
 <summary>
@@ -2223,19 +2339,19 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="apcupsd_initrc_domtrans" lineno="32">
+<interface name="passenger_exec" lineno="32">
 <summary>
-Execute apcupsd server in the apcupsd domain.
+Execute passenger in the caller domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="apcupsd_read_pid_files" lineno="50">
+<interface name="passenger_read_lib_files" lineno="51">
 <summary>
-Read apcupsd PID files.
+Read passenger lib files.
 </summary>
 <param name="domain">
 <summary>
@@ -2243,31 +2359,58 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="apcupsd_read_log" lineno="70">
+</module>
+<module name="portage" filename="policy/modules/admin/portage.if">
+<summary>Package Management System.</summary>
+<interface name="portage_domtrans" lineno="13">
 <summary>
-Allow the specified domain to read apcupsd's log files.
+Execute emerge in the portage domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="portage_run" lineno="43">
+<summary>
+Execute emerge in the portage domain,
+and allow the specified role the
+portage domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
 </summary>
 </param>
 <rolecap/>
 </interface>
-<interface name="apcupsd_append_log" lineno="91">
+<interface name="portage_compile_domain" lineno="68">
 <summary>
-Allow the specified domain to append
-apcupsd log files.
+Template for portage sandbox.
 </summary>
+<desc>
+<p>
+Template for portage sandbox.  Portage
+does all compiling in the sandbox.
+</p>
+</desc>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain Allowed Access
 </summary>
 </param>
 </interface>
-<interface name="apcupsd_cgi_script_domtrans" lineno="111">
+<interface name="portage_domtrans_fetch" lineno="235">
 <summary>
-Execute a domain transition to run httpd_apcupsd_cgi_script.
+Execute tree management functions
+(fetching, layman, ...) in the
+portage fetch domain.
 </summary>
 <param name="domain">
 <summary>
@@ -2275,29 +2418,29 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="apcupsd_admin" lineno="141">
+<interface name="portage_run_fetch" lineno="264">
 <summary>
-All of the rules required to administrate
-an apcupsd environment
+Execute tree management functions
+(fetching, layman, ...) in the
+portage fetch domain, and allow
+the specified role the portage
+fetch domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 <param name="role">
 <summary>
-The role to be allowed to manage the apcupsd domain.
+Role allowed access.
 </summary>
 </param>
 <rolecap/>
 </interface>
-</module>
-<module name="apm" filename="policy/modules/contrib/apm.if">
-<summary>Advanced power management daemon</summary>
-<interface name="apm_domtrans_client" lineno="13">
+<interface name="portage_domtrans_gcc_config" lineno="283">
 <summary>
-Execute APM in the apm domain.
+Execute gcc-config in the gcc config domain.
 </summary>
 <param name="domain">
 <summary>
@@ -2305,263 +2448,302 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="apm_use_fds" lineno="32">
+<interface name="portage_run_gcc_config" lineno="310">
 <summary>
-Use file descriptors for apmd.
+Execute gcc-config in the gcc config
+domain, and allow the specified role
+the gcc_config domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
-</interface>
-<interface name="apm_write_pipes" lineno="50">
-<summary>
-Write to apmd unnamed pipes.
-</summary>
-<param name="domain">
+<param name="role">
 <summary>
-Domain allowed access.
+Role allowed access.
 </summary>
 </param>
+<rolecap/>
 </interface>
-<interface name="apm_rw_stream_sockets" lineno="68">
+<interface name="portage_dontaudit_use_fds" lineno="330">
 <summary>
-Read and write to an apm unix stream socket.
+Do not audit attempts to use
+portage file descriptors.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="apm_append_log" lineno="86">
+<interface name="portage_dontaudit_search_tmp" lineno="349">
 <summary>
-Append to apm's log file.
+Do not audit attempts to search the
+portage temporary directories.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="apm_stream_connect" lineno="105">
+<interface name="portage_dontaudit_rw_tmp_files" lineno="368">
 <summary>
-Connect to apmd over an unix stream socket.
+Do not audit attempts to read and write
+the portage temporary files.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
 </interface>
-</module>
-<module name="apt" filename="policy/modules/contrib/apt.if">
-<summary>APT advanced package tool.</summary>
-<interface name="apt_domtrans" lineno="13">
+<interface name="portage_eselect_module" lineno="393">
 <summary>
-Execute apt programs in the apt domain.
+Allow the domain to run within an eselect module script.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to allow within an eselect module
 </summary>
 </param>
 </interface>
-<interface name="apt_run" lineno="39">
+<interface name="portage_ro_role" lineno="416">
 <summary>
-Execute apt programs in the apt domain.
+Read all portage files
 </summary>
-<param name="domain">
+<param name="role">
 <summary>
-Domain allowed to transition.
+Role allowed access
 </summary>
 </param>
-<param name="role">
+<param name="domain">
 <summary>
-The role to allow the apt domain.
+Domain allowed access
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="apt_use_fds" lineno="59">
+<interface name="portage_read_db" lineno="436">
 <summary>
-Inherit and use file descriptors from apt.
+Read portage db files
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed access
 </summary>
 </param>
 </interface>
-<interface name="apt_dontaudit_use_fds" lineno="78">
+<interface name="portage_read_cache" lineno="456">
 <summary>
-Do not audit attempts to use file descriptors from apt.
+Read portage cache files
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access
 </summary>
 </param>
 </interface>
-<interface name="apt_read_pipes" lineno="96">
+<interface name="portage_read_config" lineno="477">
 <summary>
-Read from an unnamed apt pipe.
+Read portage configuration files
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed access
 </summary>
 </param>
 </interface>
-<interface name="apt_rw_pipes" lineno="115">
+<interface name="portage_read_ebuild" lineno="499">
 <summary>
-Read and write an unnamed apt pipe.
+Read portage ebuild files
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed access
 </summary>
 </param>
 </interface>
-<interface name="apt_use_ptys" lineno="134">
+<interface name="portage_read_log" lineno="521">
 <summary>
-Read from and write to apt ptys.
+Read portage log files
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed access
 </summary>
 </param>
 </interface>
-<interface name="apt_read_cache" lineno="152">
+<interface name="portage_read_srcrepo" lineno="540">
 <summary>
-Read the apt package cache.
+Read portage src repository files
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed access
 </summary>
 </param>
 </interface>
-<interface name="apt_read_db" lineno="173">
+<interface name="portage_dontaudit_write_cache" lineno="562">
 <summary>
-Read the apt package database.
+Do not audit writing portage cache files
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed access
 </summary>
 </param>
 </interface>
-<interface name="apt_manage_db" lineno="194">
+<tunable name="portage_use_nfs" dftval="false">
+<desc>
+<p>
+Determine whether portage can
+use nfs filesystems.
+</p>
+</desc>
+</tunable>
+<tunable name="portage_read_user_content" dftval="false">
+<desc>
+<p>
+Determine whether portage domains can read user content.
+This is for non-portage_t domains as portage_t can manage the entire file system.
+</p>
+</desc>
+</tunable>
+<tunable name="portage_mount_fs" dftval="false">
+<desc>
+<p>
+Determine whether portage can mount file systems (used to mount /boot for instance).
+</p>
+</desc>
+</tunable>
+<tunable name="portage_enable_test" dftval="false">
+<desc>
+<p>
+Extra rules which are sometimes needed when FEATURES=test is enabled
+</p>
+</desc>
+</tunable>
+</module>
+<module name="prelink" filename="policy/modules/admin/prelink.if">
+<summary>Prelink ELF shared library mappings.</summary>
+<interface name="prelink_domtrans" lineno="13">
 <summary>
-Create, read, write, and delete the apt package database.
+Execute prelink in the prelink domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="apt_dontaudit_manage_db" lineno="217">
+<interface name="prelink_exec" lineno="37">
 <summary>
-Do not audit attempts to create, read,
-write, and delete the apt package database.
+Execute prelink in the caller domain.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-</module>
-<module name="arpwatch" filename="policy/modules/contrib/arpwatch.if">
-<summary>Ethernet activity monitor.</summary>
-<interface name="arpwatch_initrc_domtrans" lineno="13">
+<interface name="prelink_run" lineno="64">
 <summary>
-Execute arpwatch server in the arpwatch domain.
+Execute prelink in the prelink
+domain, and allow the specified role
+the prelink domain.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed to transition.
 </summary>
 </param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
 </interface>
-<interface name="arpwatch_search_data" lineno="31">
+<interface name="prelink_object_file" lineno="83">
 <summary>
-Search arpwatch's data file directories.
+Make the specified file type prelinkable.
 </summary>
-<param name="domain">
+<param name="file_type">
 <summary>
-Domain allowed access.
+File type to be prelinked.
 </summary>
 </param>
 </interface>
-<interface name="arpwatch_manage_data_files" lineno="50">
+<interface name="prelink_read_cache" lineno="101">
 <summary>
-Create arpwatch data files.
+Read prelink cache files.
 </summary>
-<param name="domain">
+<param name="file_type">
 <summary>
 Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="arpwatch_rw_tmp_files" lineno="69">
+<interface name="prelink_delete_cache" lineno="120">
 <summary>
-Read and write arpwatch temporary files.
+Delete prelink cache files.
 </summary>
-<param name="domain">
+<param name="file_type">
 <summary>
 Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="arpwatch_manage_tmp_files" lineno="88">
+<interface name="prelink_manage_log" lineno="140">
 <summary>
-Read and write arpwatch temporary files.
+Create, read, write, and delete
+prelink log files.
 </summary>
-<param name="domain">
+<param name="file_type">
 <summary>
 Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="arpwatch_dontaudit_rw_packet_sockets" lineno="108">
+<interface name="prelink_manage_lib" lineno="160">
 <summary>
-Do not audit attempts to read and write
-arpwatch packet sockets.
+Create, read, write, and delete
+prelink var_lib files.
 </summary>
-<param name="domain">
+<param name="file_type">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="arpwatch_admin" lineno="133">
+<interface name="prelink_relabelfrom_lib" lineno="179">
 <summary>
-All of the rules required to administrate
-an arpwatch environment
+Relabel from prelink lib files.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="prelink_relabel_lib" lineno="198">
 <summary>
-The role to be allowed to manage the arpwatch domain.
+Relabel prelink lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
 </module>
-<module name="asterisk" filename="policy/modules/contrib/asterisk.if">
-<summary>Asterisk IP telephony server</summary>
-<interface name="asterisk_domtrans" lineno="13">
+<module name="puppet" filename="policy/modules/admin/puppet.if">
+<summary>Configuration management system.</summary>
+<interface name="puppet_domtrans_puppetca" lineno="14">
 <summary>
-Execute asterisk in the asterisk domain.
+Execute puppetca in the puppetca
+domain.
 </summary>
 <param name="domain">
 <summary>
@@ -2569,30 +2751,27 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="asterisk_stream_connect" lineno="33">
+<interface name="puppet_run_puppetca" lineno="41">
 <summary>
-Connect to asterisk over a unix domain
-stream socket.
+Execute puppetca in the puppetca
+domain and allow the specified
+role the puppetca domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
-</interface>
-<interface name="asterisk_setattr_logs" lineno="52">
-<summary>
-Allow changing the attributes of the asterisk log files and directories
-</summary>
-<param name="domain">
+<param name="role">
 <summary>
-Domain allowed access.
+Role allowed access.
 </summary>
 </param>
+<rolecap/>
 </interface>
-<interface name="asterisk_setattr_pid_files" lineno="73">
+<interface name="puppet_read_config" lineno="60">
 <summary>
-Allow changing the attributes of the asterisk PID files
+Read puppet configuration content.
 </summary>
 <param name="domain">
 <summary>
@@ -2600,52 +2779,40 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="asterisk_admin" lineno="100">
+<interface name="puppet_read_lib_files" lineno="81">
 <summary>
-All of the rules required to administrate
-an asterisk environment
+Read Puppet lib files.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
-<summary>
-The role to be allowed to manage the asterisk domain.
-</summary>
-</param>
-<rolecap/>
 </interface>
-</module>
-<module name="authbind" filename="policy/modules/contrib/authbind.if">
-<summary>Tool for non-root processes to bind to reserved ports</summary>
-<interface name="authbind_domtrans" lineno="13">
+<interface name="puppet_manage_lib_files" lineno="101">
 <summary>
-Use authbind to bind to a reserved port.
+Create, read, write, and delete
+puppet lib files.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-</module>
-<module name="automount" filename="policy/modules/contrib/automount.if">
-<summary>Filesystem automounter service.</summary>
-<interface name="automount_domtrans" lineno="13">
+<interface name="puppet_append_log_files" lineno="120">
 <summary>
-Execute automount in the automount domain.
+Append puppet log files.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="automount_signal" lineno="33">
+<interface name="puppet_create_log_files" lineno="139">
 <summary>
-Send automount a signal
+Create puppet log files.
 </summary>
 <param name="domain">
 <summary>
@@ -2653,9 +2820,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="automount_exec_config" lineno="51">
+<interface name="puppet_read_log_files" lineno="158">
 <summary>
-Execute automount in the caller domain.
+Read puppet log files.
 </summary>
 <param name="domain">
 <summary>
@@ -2663,70 +2830,75 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="automount_read_state" lineno="66">
+<interface name="puppet_rw_tmp" lineno="177">
 <summary>
-Allow the domain to read state files in /proc.
+Read and write to puppet tempoprary files.
 </summary>
 <param name="domain">
 <summary>
-Domain to allow access.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="automount_dontaudit_use_fds" lineno="84">
+<interface name="puppet_admin" lineno="203">
 <summary>
-Do not audit attempts to file descriptors for automount.
+All of the rules required to
+administrate an puppet environment.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
-</interface>
-<interface name="automount_dontaudit_write_pipes" lineno="102">
-<summary>
-Do not audit attempts to write automount daemon unnamed pipes.
-</summary>
-<param name="domain">
+<param name="role">
 <summary>
-Domain to not audit.
+Role allowed access.
 </summary>
 </param>
+<rolecap/>
 </interface>
-<interface name="automount_dontaudit_getattr_tmp_dirs" lineno="121">
+<tunable name="puppet_manage_all_files" dftval="false">
+<desc>
+<p>
+Determine whether puppet can
+manage all non-security files.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="quota" filename="policy/modules/admin/quota.if">
+<summary>File system quota management.</summary>
+<interface name="quota_domtrans" lineno="13">
 <summary>
-Do not audit attempts to get the attributes
-of automount temporary directories.
+Execute quota management tools in the quota domain.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="automount_admin" lineno="146">
+<interface name="quota_run" lineno="40">
 <summary>
-All of the rules required to administrate
-an automount environment
+Execute quota management tools in
+the quota domain, and allow the
+specified role the quota domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 <param name="role">
 <summary>
-The role to be allowed to manage the automount domain.
+Role allowed access.
 </summary>
 </param>
 <rolecap/>
 </interface>
-</module>
-<module name="avahi" filename="policy/modules/contrib/avahi.if">
-<summary>mDNS/DNS-SD daemon implementing Apple ZeroConf architecture</summary>
-<interface name="avahi_domtrans" lineno="13">
+<interface name="quota_domtrans_nld" lineno="59">
 <summary>
-Execute avahi server in the avahi domain.
+Execute quota nld in the quota nld domain.
 </summary>
 <param name="domain">
 <summary>
@@ -2734,9 +2906,10 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="avahi_signal" lineno="32">
+<interface name="quota_manage_db_files" lineno="79">
 <summary>
-Send avahi a signal
+Create, read, write, and delete
+quota db files.
 </summary>
 <param name="domain">
 <summary>
@@ -2744,61 +2917,59 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="avahi_kill" lineno="50">
+<interface name="quota_spec_filetrans_db" lineno="114">
 <summary>
-Send avahi a kill signal.
+Create specified objects in specified
+directories with a type transition to
+the quota db file type.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-</interface>
-<interface name="avahi_signull" lineno="68">
-<summary>
-Send avahi a signull
-</summary>
-<param name="domain">
+<param name="file_type">
 <summary>
-Domain allowed access.
+Directory to transition on.
 </summary>
 </param>
-</interface>
-<interface name="avahi_dbus_chat" lineno="87">
+<param name="object">
 <summary>
-Send and receive messages from
-avahi over dbus.
+The object class of the object being created.
 </summary>
-<param name="domain">
+</param>
+<param name="name" optional="true">
 <summary>
-Domain allowed access.
+The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="avahi_stream_connect" lineno="107">
+<interface name="quota_dontaudit_getattr_db" lineno="133">
 <summary>
-Connect to avahi using a unix domain stream socket.
+Do not audit attempts to get attributes
+of filesystem quota data files.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="avahi_dontaudit_search_pid" lineno="126">
+<interface name="quota_manage_flags" lineno="152">
 <summary>
-Do not audit attempts to search the avahi pid directory.
+Create, read, write, and delete
+quota flag files.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="avahi_admin" lineno="151">
+<interface name="quota_admin" lineno="178">
 <summary>
-All of the rules required to administrate
-an avahi environment
+All of the rules required to
+administrate an quota environment.
 </summary>
 <param name="domain">
 <summary>
@@ -2807,73 +2978,91 @@ Domain allowed access.
 </param>
 <param name="role">
 <summary>
-The role to be allowed to manage the avahi domain.
+Role allowed access.
 </summary>
 </param>
 <rolecap/>
 </interface>
 </module>
-<module name="awstats" filename="policy/modules/contrib/awstats.if">
-<summary>
-AWStats is a free powerful and featureful tool that generates advanced
-web, streaming, ftp or mail server statistics, graphically.
-</summary>
-<interface name="awstats_rw_pipes" lineno="16">
+<module name="readahead" filename="policy/modules/admin/readahead.if">
+<summary>Read files into page cache for improved performance.</summary>
+<interface name="readahead_domtrans" lineno="14">
 <summary>
-Read and write awstats unnamed pipes.
+Execute a domain transition
+to run readahead.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="awstats_cgi_exec" lineno="34">
+</module>
+<module name="rkhunter" filename="policy/modules/admin/rkhunter.if">
+<summary>rkhunter - rootkit checker.</summary>
+<interface name="rkhunter_domtrans" lineno="13">
 <summary>
-Execute awstats cgi scripts in the caller domain.
+Execute a domain transition to run rkhunter.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 </interface>
-</module>
-<module name="backup" filename="policy/modules/contrib/backup.if">
-<summary>System backup scripts</summary>
-<interface name="backup_domtrans" lineno="13">
+<interface name="rkhunter_run" lineno="39">
 <summary>
-Execute backup in the backup domain.
+Execute rkhunter in the rkhunter domain,
+and allow the specified role
+the rkhunter domain.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed to transition.
 </summary>
 </param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
 </interface>
-<interface name="backup_run" lineno="38">
+<tunable name="rkhunter_connect_http" dftval="false">
+<desc>
+<p>
+Determine whether rkhunter can connect
+to http ports. This is required by the
+--update option.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="rpm" filename="policy/modules/admin/rpm.if">
+<summary>Redhat package manager.</summary>
+<interface name="rpm_domtrans" lineno="13">
 <summary>
-Execute backup in the backup domain, and
-allow the specified role the backup domain.
+Execute rpm in the rpm domain.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed to transition.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="rpm_debuginfo_domtrans" lineno="33">
 <summary>
-Role allowed access.
+Execute debuginfo install
+in the rpm domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
 </summary>
 </param>
-<rolecap/>
 </interface>
-</module>
-<module name="bacula" filename="policy/modules/contrib/bacula.if">
-<summary>bacula backup program</summary>
-<interface name="bacula_domtrans_admin" lineno="13">
+<interface name="rpm_domtrans_script" lineno="52">
 <summary>
-Execute user interfaces in the bacula_admin domain.
+Execute rpm scripts in the rpm script domain.
 </summary>
 <param name="domain">
 <summary>
@@ -2881,10 +3070,11 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="bacula_run_admin" lineno="38">
+<interface name="rpm_run" lineno="82">
 <summary>
-Execute user interfaces in the bacula_admin domain, and
-allow the specified role to transition to the bacula_admin domain.
+Execute rpm in the rpm domain,
+and allow the specified roles the
+rpm domain.
 </summary>
 <param name="domain">
 <summary>
@@ -2898,22 +3088,19 @@ Role allowed access.
 </param>
 <rolecap/>
 </interface>
-</module>
-<module name="bcfg2" filename="policy/modules/contrib/bcfg2.if">
-<summary>bcfg2-server daemon which serves configurations to clients based on the data in its repository</summary>
-<interface name="bcfg2_domtrans" lineno="13">
+<interface name="rpm_exec" lineno="101">
 <summary>
-Execute bcfg2 in the bcfg2 domain..
+Execute the rpm in the caller domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="bcfg2_initrc_domtrans" lineno="32">
+<interface name="rpm_signull" lineno="120">
 <summary>
-Execute bcfg2 server in the bcfg2 domain.
+Send null signals to rpm.
 </summary>
 <param name="domain">
 <summary>
@@ -2921,9 +3108,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="bcfg2_search_lib" lineno="50">
+<interface name="rpm_use_fds" lineno="138">
 <summary>
-Search bcfg2 lib directories.
+Inherit and use file descriptors from rpm.
 </summary>
 <param name="domain">
 <summary>
@@ -2931,9 +3118,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="bcfg2_read_lib_files" lineno="69">
+<interface name="rpm_read_pipes" lineno="156">
 <summary>
-Read bcfg2 lib files.
+Read rpm unnamed pipes.
 </summary>
 <param name="domain">
 <summary>
@@ -2941,9 +3128,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="bcfg2_manage_lib_files" lineno="88">
+<interface name="rpm_rw_pipes" lineno="174">
 <summary>
-Manage bcfg2 lib files.
+Read and write rpm unnamed pipes.
 </summary>
 <param name="domain">
 <summary>
@@ -2951,9 +3138,10 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="bcfg2_manage_lib_dirs" lineno="107">
+<interface name="rpm_dbus_chat" lineno="193">
 <summary>
-Manage bcfg2 lib directories.
+Send and receive messages from
+rpm over dbus.
 </summary>
 <param name="domain">
 <summary>
@@ -2961,49 +3149,41 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="bcfg2_admin" lineno="133">
+<interface name="rpm_dontaudit_dbus_chat" lineno="214">
 <summary>
-All of the rules required to administrate
-an bcfg2 environment
+Do not audit attempts to send and
+receive messages from rpm over dbus.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
-</summary>
-</param>
-<param name="role">
-<summary>
-Role allowed access.
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
 </interface>
-</module>
-<module name="bind" filename="policy/modules/contrib/bind.if">
-<summary>Berkeley internet name domain DNS server.</summary>
-<interface name="bind_initrc_domtrans" lineno="13">
+<interface name="rpm_script_dbus_chat" lineno="235">
 <summary>
-Execute bind server in the bind domain.
+Send and receive messages from
+rpm script over dbus.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="bind_domtrans_ndc" lineno="31">
+<interface name="rpm_search_log" lineno="255">
 <summary>
-Execute ndc in the ndc domain.
+Search rpm log directories.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="bind_signal" lineno="49">
+<interface name="rpm_append_log" lineno="274">
 <summary>
-Send generic signals to BIND.
+Append rpm log files.
 </summary>
 <param name="domain">
 <summary>
@@ -3011,9 +3191,10 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="bind_signull" lineno="67">
+<interface name="rpm_manage_log" lineno="294">
 <summary>
-Send null sigals to BIND.
+Create, read, write, and delete
+rpm log files.
 </summary>
 <param name="domain">
 <summary>
@@ -3021,9 +3202,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="bind_kill" lineno="85">
+<interface name="rpm_use_script_fds" lineno="313">
 <summary>
-Send BIND the kill signal
+Inherit and use rpm script file descriptors.
 </summary>
 <param name="domain">
 <summary>
@@ -3031,36 +3212,31 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="bind_run_ndc" lineno="110">
+<interface name="rpm_manage_script_tmp_files" lineno="332">
 <summary>
-Execute ndc in the ndc domain, and
-allow the specified role the ndc domain.
+Create, read, write, and delete
+rpm script temporary files.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
-</summary>
-</param>
-<param name="role">
-<summary>
-Role allowed access.
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="bind_domtrans" lineno="129">
+<interface name="rpm_append_tmp_files" lineno="351">
 <summary>
-Execute bind in the named domain.
+Append rpm temporary files.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="bind_read_dnssec_keys" lineno="147">
+<interface name="rpm_manage_tmp_files" lineno="371">
 <summary>
-Read DNSSEC keys.
+Create, read, write, and delete
+rpm temporary files.
 </summary>
 <param name="domain">
 <summary>
@@ -3068,9 +3244,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="bind_read_config" lineno="165">
+<interface name="rpm_read_script_tmp_files" lineno="390">
 <summary>
-Read BIND named configuration files.
+Read rpm script temporary files.
 </summary>
 <param name="domain">
 <summary>
@@ -3078,9 +3254,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="bind_write_config" lineno="183">
+<interface name="rpm_read_cache" lineno="410">
 <summary>
-Write BIND named configuration files.
+Read rpm cache content.
 </summary>
 <param name="domain">
 <summary>
@@ -3088,10 +3264,10 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="bind_manage_config_dirs" lineno="203">
+<interface name="rpm_manage_cache" lineno="432">
 <summary>
 Create, read, write, and delete
-BIND configuration directories.
+rpm cache content.
 </summary>
 <param name="domain">
 <summary>
@@ -3099,9 +3275,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="bind_search_cache" lineno="221">
+<interface name="rpm_read_db" lineno="453">
 <summary>
-Search the BIND cache directory.
+Read rpm lib content.
 </summary>
 <param name="domain">
 <summary>
@@ -3109,10 +3285,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="bind_manage_cache" lineno="243">
+<interface name="rpm_delete_db" lineno="475">
 <summary>
-Create, read, write, and delete
-BIND cache files.
+Delete rpm lib files.
 </summary>
 <param name="domain">
 <summary>
@@ -3120,9 +3295,10 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="bind_setattr_pid_dirs" lineno="264">
+<interface name="rpm_manage_db" lineno="495">
 <summary>
-Set the attributes of the BIND pid directory.
+Create, read, write, and delete
+rpm lib files.
 </summary>
 <param name="domain">
 <summary>
@@ -3130,19 +3306,20 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="bind_setattr_zone_dirs" lineno="282">
+<interface name="rpm_dontaudit_manage_db" lineno="517">
 <summary>
-Set the attributes of the BIND zone directory.
+Do not audit attempts to create, read,
+write, and delete rpm lib content.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="bind_read_zone" lineno="300">
+<interface name="rpm_read_pid_files" lineno="538">
 <summary>
-Read BIND zone files.
+Read rpm pid files.
 </summary>
 <param name="domain">
 <summary>
@@ -3150,9 +3327,10 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="bind_manage_zone" lineno="319">
+<interface name="rpm_manage_pid_files" lineno="558">
 <summary>
-Manage BIND zone files.
+Create, read, write, and delete
+rpm pid files.
 </summary>
 <param name="domain">
 <summary>
@@ -3160,20 +3338,31 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="bind_udp_chat_named" lineno="338">
+<interface name="rpm_pid_filetrans_rpm_pid" lineno="588">
 <summary>
-Send and receive datagrams to and from named.  (Deprecated)
+Create specified objects in pid directories
+with the rpm pid file type.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<param name="object_class">
+<summary>
+Class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
 </interface>
-<interface name="bind_admin" lineno="359">
+<interface name="rpm_admin" lineno="613">
 <summary>
-All of the rules required to administrate
-an bind environment
+All of the rules required to
+administrate an rpm environment.
 </summary>
 <param name="domain">
 <summary>
@@ -3182,66 +3371,84 @@ Domain allowed access.
 </param>
 <param name="role">
 <summary>
-The role to be allowed to manage the bind domain.
+Role allowed access.
 </summary>
 </param>
 <rolecap/>
 </interface>
-<tunable name="named_write_master_zones" dftval="false">
-<desc>
-<p>
-Allow BIND to write the master zone files.
-Generally this is used for dynamic DNS or zone transfers.
-</p>
-</desc>
-</tunable>
 </module>
-<module name="bitlbee" filename="policy/modules/contrib/bitlbee.if">
-<summary>Bitlbee service</summary>
-<interface name="bitlbee_read_config" lineno="13">
+<module name="samhain" filename="policy/modules/admin/samhain.if">
+<summary>Check file integrity.</summary>
+<template name="samhain_service_template" lineno="13">
 <summary>
-Read bitlbee configuration files
+The template to define a samhain domain.
+</summary>
+<param name="domain_prefix">
+<summary>
+Domain prefix to be used.
+</summary>
+</param>
+</template>
+<interface name="samhain_domtrans" lineno="38">
+<summary>
+Execute samhain in the samhain domain
 </summary>
 <param name="domain">
 <summary>
-Domain allowed accesss.
+Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="bitlbee_admin" lineno="40">
+<interface name="samhain_run" lineno="82">
 <summary>
-All of the rules required to administrate
-an bitlbee environment
+Execute samhain in the samhain
+domain with the clearance security
+level and allow the specifiled role
+the samhain domain.
 </summary>
+<desc>
+<p>
+Execute samhain in the samhain
+domain with the clearance security
+level and allow the specifiled role
+the samhain domain.
+</p>
+<p>
+The range_transition rule used in
+this interface requires that the
+calling domain should have the
+clearance security level otherwise
+the MLS constraint for process
+transition would fail.
+</p>
+</desc>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 <param name="role">
 <summary>
-The role to be allowed to manage the bitlbee domain.
+Role allowed to access.
 </summary>
 </param>
 <rolecap/>
 </interface>
-</module>
-<module name="blueman" filename="policy/modules/contrib/blueman.if">
-<summary>Blueman is a tool to manage Bluetooth devices</summary>
-<interface name="blueman_domtrans" lineno="13">
+<interface name="samhain_manage_config_files" lineno="107">
 <summary>
-Execute blueman in the blueman domain..
+Create, read, write, and delete
+samhain configuration files.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="blueman_dbus_chat" lineno="33">
+<interface name="samhain_manage_db_files" lineno="127">
 <summary>
-Send and receive messages from
-blueman over dbus.
+Create, read, write, and delete
+samhain database files.
 </summary>
 <param name="domain">
 <summary>
@@ -3249,9 +3456,10 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="blueman_search_lib" lineno="53">
+<interface name="samhain_manage_init_script_files" lineno="147">
 <summary>
-Search blueman lib directories.
+Create, read, write, and delete
+samhain init script files.
 </summary>
 <param name="domain">
 <summary>
@@ -3259,9 +3467,10 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="blueman_read_lib_files" lineno="72">
+<interface name="samhain_manage_log_files" lineno="167">
 <summary>
-Read blueman lib files.
+Create, read, write, and delete
+samhain log and log.lock files.
 </summary>
 <param name="domain">
 <summary>
@@ -3269,10 +3478,10 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="blueman_manage_lib_files" lineno="92">
+<interface name="samhain_manage_pid_files" lineno="187">
 <summary>
 Create, read, write, and delete
-blueman lib files.
+samhain pid files.
 </summary>
 <param name="domain">
 <summary>
@@ -3280,69 +3489,87 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-</module>
-<module name="bluetooth" filename="policy/modules/contrib/bluetooth.if">
-<summary>Bluetooth tools and system services.</summary>
-<interface name="bluetooth_role" lineno="18">
+<interface name="samhain_admin" lineno="213">
 <summary>
-Role access for bluetooth
+All of the rules required to
+administrate the samhain environment.
 </summary>
-<param name="role">
+<param name="domain">
 <summary>
-Role allowed access
+Domain allowed access.
 </summary>
 </param>
-<param name="domain">
+<param name="role" unused="true">
 <summary>
-User domain for the role
+Role allowed access.
 </summary>
 </param>
+<rolecap/>
 </interface>
-<interface name="bluetooth_stream_connect" lineno="51">
+</module>
+<module name="sblim" filename="policy/modules/admin/sblim.if">
+<summary>Standards Based Linux Instrumentation for Manageability.</summary>
+<interface name="sblim_domtrans_gatherd" lineno="13">
 <summary>
-Connect to bluetooth over a unix domain
-stream socket.
+Execute gatherd in the gatherd domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="bluetooth_domtrans" lineno="71">
+<interface name="sblim_read_pid_files" lineno="32">
 <summary>
-Execute bluetooth in the bluetooth domain.
+Read gatherd pid files.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="bluetooth_read_config" lineno="89">
+<interface name="sblim_admin" lineno="58">
 <summary>
-Read bluetooth daemon configuration.
+All of the rules required to
+administrate an sblim environment.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
 </interface>
-<interface name="bluetooth_dbus_chat" lineno="108">
+</module>
+<module name="sectoolm" filename="policy/modules/admin/sectoolm.if">
+<summary>Sectool security audit tool.</summary>
+<interface name="sectoolm_role" lineno="18">
 <summary>
-Send and receive messages from
-bluetooth over dbus.
+Role access for sectoolm.
+</summary>
+<param name="role" unused="true">
+<summary>
+Role allowed access.
 </summary>
+</param>
 <param name="domain">
 <summary>
-Domain allowed access.
+User domain for the role.
 </summary>
 </param>
 </interface>
-<interface name="bluetooth_domtrans_helper" lineno="128">
+</module>
+<module name="shorewall" filename="policy/modules/admin/shorewall.if">
+<summary>Shoreline Firewall high-level tool for configuring netfilter.</summary>
+<interface name="shorewall_domtrans" lineno="13">
 <summary>
-Execute bluetooth_helper in the bluetooth_helper domain.  (Deprecated)
+Execute a domain transition to run shorewall.
 </summary>
 <param name="domain">
 <summary>
@@ -3350,75 +3577,60 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="bluetooth_run_helper" lineno="154">
+<interface name="shorewall_lib_domtrans" lineno="33">
 <summary>
-Execute bluetooth_helper in the bluetooth_helper domain, and
-allow the specified role the bluetooth_helper domain.  (Deprecated)
+Execute a domain transition to run shorewall
+using executables from /var/lib.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed to transition.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="shorewall_read_config" lineno="52">
 <summary>
-Role allowed access.
+Read shorewall configuration files.
 </summary>
-</param>
-<param name="terminal">
+<param name="domain">
 <summary>
-The type of the terminal allow the bluetooth_helper domain to use.
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="bluetooth_dontaudit_read_helper_state" lineno="168">
+<interface name="shorewall_read_pid_files" lineno="71">
 <summary>
-Read bluetooth helper state files.
+Read shorewall pid files.
 </summary>
-<param name="domain">
+<param name="domain" unused="true">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="bluetooth_admin" lineno="194">
+<interface name="shorewall_rw_pid_files" lineno="85">
 <summary>
-All of the rules required to administrate
-an bluetooth environment
+Read and write shorewall pid files.
 </summary>
-<param name="domain">
+<param name="domain" unused="true">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
-<summary>
-The role to be allowed to manage the bluetooth domain.
-</summary>
-</param>
-<rolecap/>
 </interface>
-</module>
-<module name="brctl" filename="policy/modules/contrib/brctl.if">
-<summary>Utilities for configuring the linux ethernet bridge</summary>
-<interface name="brctl_domtrans" lineno="13">
+<interface name="shorewall_read_lib_files" lineno="99">
 <summary>
-Execute a domain transition to run brctl.
+Read shorewall lib files.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-</module>
-<module name="bugzilla" filename="policy/modules/contrib/bugzilla.if">
-<summary>Bugzilla server</summary>
-<interface name="bugzilla_search_content" lineno="14">
+<interface name="shorewall_rw_lib_files" lineno="118">
 <summary>
-Allow the specified domain to search
-bugzilla directories.
+Read and write shorewall lib files.
 </summary>
 <param name="domain">
 <summary>
@@ -3426,21 +3638,20 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="bugzilla_dontaudit_rw_stream_sockets" lineno="33">
+<interface name="shorewall_read_tmp_files" lineno="137">
 <summary>
-Do not audit attempts to read and write
-bugzilla script unix domain stream sockets.
+Read shorewall temporary files.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="bugzilla_admin" lineno="58">
+<interface name="shorewall_admin" lineno="163">
 <summary>
-All of the rules required to administrate
-an bugzilla environment
+All of the rules required to
+administrate an shorewall environment.
 </summary>
 <param name="domain">
 <summary>
@@ -3449,70 +3660,69 @@ Domain allowed access.
 </param>
 <param name="role">
 <summary>
-The role to be allowed to manage the bugzilla domain.
+Role allowed access.
 </summary>
 </param>
 <rolecap/>
 </interface>
 </module>
-<module name="calamaris" filename="policy/modules/contrib/calamaris.if">
-<summary>Squid log analysis</summary>
-<interface name="calamaris_read_www_files" lineno="13">
+<module name="shutdown" filename="policy/modules/admin/shutdown.if">
+<summary>System shutdown command.</summary>
+<interface name="shutdown_role" lineno="18">
+<summary>
+Role access for shutdown.
+</summary>
+<param name="role">
 <summary>
-Allow domain to read calamaris www files.
+Role allowed access.
 </summary>
+</param>
 <param name="domain">
 <summary>
-Domain allowed access.
+User domain for the role.
 </summary>
 </param>
 </interface>
-</module>
-<module name="canna" filename="policy/modules/contrib/canna.if">
-<summary>Canna - kana-kanji conversion server</summary>
-<interface name="canna_stream_connect" lineno="13">
+<interface name="shutdown_domtrans" lineno="39">
 <summary>
-Connect to Canna using a unix domain stream socket.
+Execute a domain transition to run shutdown.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="canna_admin" lineno="39">
+<interface name="shutdown_run" lineno="65">
 <summary>
-All of the rules required to administrate
-an canna environment
+Execute shutdown in the shutdown
+domain, and allow the specified role
+the shutdown domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 <param name="role">
 <summary>
-The role to be allowed to manage the canna domain.
+Role allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-</module>
-<module name="ccs" filename="policy/modules/contrib/ccs.if">
-<summary>Cluster Configuration System</summary>
-<interface name="ccs_domtrans" lineno="13">
+<interface name="shutdown_signal" lineno="84">
 <summary>
-Execute a domain transition to run ccs.
+Send generic signals to shutdown.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="ccs_stream_connect" lineno="31">
+<interface name="shutdown_sigchld" lineno="102">
 <summary>
-Connect to ccs over an unix stream socket.
+Send SIGCHLD signals to shutdown.
 </summary>
 <param name="domain">
 <summary>
@@ -3520,9 +3730,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="ccs_read_config" lineno="50">
+<interface name="shutdown_getattr_exec_files" lineno="120">
 <summary>
-Read cluster configuration files.
+Get attributes of shutdown executable files.
 </summary>
 <param name="domain">
 <summary>
@@ -3530,59 +3740,57 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="ccs_manage_config" lineno="68">
+</module>
+<module name="smoltclient" filename="policy/modules/admin/smoltclient.if">
+<summary>The Fedora hardware profiler client.</summary>
+</module>
+<module name="sosreport" filename="policy/modules/admin/sosreport.if">
+<summary>Generate debugging information for system.</summary>
+<interface name="sosreport_domtrans" lineno="13">
 <summary>
-Manage cluster configuration files.
+Execute a domain transition to run sosreport.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 </interface>
-</module>
-<module name="cdrecord" filename="policy/modules/contrib/cdrecord.if">
-<summary>Policy for cdrecord</summary>
-<interface name="cdrecord_role" lineno="18">
+<interface name="sosreport_run" lineno="39">
 <summary>
-Role access for cdrecord
+Execute sosreport in the sosreport
+domain, and allow the specified
+role the sosreport domain.
 </summary>
-<param name="role">
+<param name="domain">
 <summary>
-Role allowed access
+Domain allowed access.
 </summary>
 </param>
-<param name="domain">
+<param name="role">
 <summary>
-User domain for the role
+Role allowed access.
 </summary>
 </param>
 </interface>
-<tunable name="cdrecord_read_content" dftval="false">
-<desc>
-<p>
-Allow cdrecord to read various content.
-nfs, samba, removable devices, user temp
-and untrusted content files
-</p>
-</desc>
-</tunable>
-</module>
-<module name="certmaster" filename="policy/modules/contrib/certmaster.if">
-<summary>Certmaster SSL certificate distribution service</summary>
-<interface name="certmaster_domtrans" lineno="13">
+<interface name="sosreport_role" lineno="63">
 <summary>
-Execute a domain transition to run certmaster.
+Role access for sosreport.
 </summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+User domain for the role.
 </summary>
 </param>
 </interface>
-<interface name="certmaster_exec" lineno="31">
+<interface name="sosreport_read_tmp_files" lineno="84">
 <summary>
-Execute certmaster in the caller domain.
+Read sosreport temporary files.
 </summary>
 <param name="domain">
 <summary>
@@ -3590,9 +3798,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="certmaster_read_log" lineno="50">
+<interface name="sosreport_append_tmp_files" lineno="103">
 <summary>
-read certmaster logs.
+Append sosreport temporary files.
 </summary>
 <param name="domain">
 <summary>
@@ -3600,9 +3808,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="certmaster_append_log" lineno="69">
+<interface name="sosreport_delete_tmp_files" lineno="122">
 <summary>
-Append to certmaster logs.
+Delete sosreport temporary files.
 </summary>
 <param name="domain">
 <summary>
@@ -3610,10 +3818,61 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="certmaster_manage_log" lineno="89">
+</module>
+<module name="su" filename="policy/modules/admin/su.if">
+<summary>Run shells with substitute user and group.</summary>
+<template name="su_restricted_domain_template" lineno="31">
 <summary>
-Create, read, write, and delete
-certmaster logs.
+Restricted su domain template.
+</summary>
+<desc>
+<p>
+This template creates a derived domain which is allowed
+to change the linux user id, to run shells as a different
+user.
+</p>
+</desc>
+<param name="userdomain_prefix">
+<summary>
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+</summary>
+</param>
+<param name="user_domain">
+<summary>
+The type of the user domain.
+</summary>
+</param>
+<param name="user_role">
+<summary>
+The role associated with the user domain.
+</summary>
+</param>
+</template>
+<template name="su_role_template" lineno="144">
+<summary>
+The role template for the su module.
+</summary>
+<param name="role_prefix">
+<summary>
+The prefix of the user role (e.g., user
+is the prefix for user_r).
+</summary>
+</param>
+<param name="user_role">
+<summary>
+The role associated with the user domain.
+</summary>
+</param>
+<param name="user_domain">
+<summary>
+The type of the user domain.
+</summary>
+</param>
+</template>
+<interface name="su_exec" lineno="280">
+<summary>
+Execute su in the caller domain.
 </summary>
 <param name="domain">
 <summary>
@@ -3621,60 +3880,96 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="certmaster_admin" lineno="116">
+</module>
+<module name="sudo" filename="policy/modules/admin/sudo.if">
+<summary>Execute a command with a substitute user</summary>
+<template name="sudo_role_template" lineno="31">
 <summary>
-All of the rules required to administrate
-an snort environment
+The role template for the sudo module.
 </summary>
-<param name="domain">
+<desc>
+<p>
+This template creates a derived domain which is allowed
+to change the linux user id, to run commands as a different
+user.
+</p>
+</desc>
+<param name="role_prefix">
 <summary>
-Domain allowed access.
+The prefix of the user role (e.g., user
+is the prefix for user_r).
 </summary>
 </param>
-<param name="role">
+<param name="user_role">
 <summary>
-The role to be allowed to manage the syslog domain.
+The user role.
+</summary>
+</param>
+<param name="user_domain">
+<summary>
+The user domain associated with the role.
+</summary>
+</param>
+</template>
+<interface name="sudo_sigchld" lineno="184">
+<summary>
+Send a SIGCHLD signal to the sudo domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
 </module>
-<module name="certmonger" filename="policy/modules/contrib/certmonger.if">
-<summary>Certificate status monitor and PKI enrollment client</summary>
-<interface name="certmonger_domtrans" lineno="13">
+<module name="sxid" filename="policy/modules/admin/sxid.if">
+<summary>SUID/SGID program monitoring.</summary>
+<interface name="sxid_read_log" lineno="14">
 <summary>
-Execute a domain transition to run certmonger.
+Read sxid log files.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<rolecap/>
 </interface>
-<interface name="certmonger_dbus_chat" lineno="32">
+</module>
+<module name="tboot" filename="policy/modules/admin/tboot.if">
+<summary>Utilities for the tboot TXT module.</summary>
+<interface name="tboot_domtrans_txtstat" lineno="13">
 <summary>
-Send and receive messages from
-certmonger over dbus.
+Execute txt-stat in the txtstat domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="certmonger_initrc_domtrans" lineno="52">
+<interface name="tboot_run_txtstat" lineno="38">
 <summary>
-Execute certmonger server in the certmonger domain.
+Execute txt-stat in the txtstat domain, and
+allow the specified role the txtstat domain.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed to transition.
 </summary>
 </param>
+<param name="role">
+<summary>
+The role to be allowed the txtstat domain.
+</summary>
+</param>
 </interface>
-<interface name="certmonger_read_pid_files" lineno="70">
+</module>
+<module name="tmpreaper" filename="policy/modules/admin/tmpreaper.if">
+<summary>Manage temporary directory sizes and file ages.</summary>
+<interface name="tmpreaper_exec" lineno="13">
 <summary>
-Read certmonger PID files.
+Execute tmpreaper in the caller domain.
 </summary>
 <param name="domain">
 <summary>
@@ -3682,45 +3977,56 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="certmonger_search_lib" lineno="89">
+</module>
+<module name="tripwire" filename="policy/modules/admin/tripwire.if">
+<summary>File integrity checker.</summary>
+<interface name="tripwire_domtrans_tripwire" lineno="13">
 <summary>
-Search certmonger lib directories.
+Execute tripwire in the tripwire domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="certmonger_read_lib_files" lineno="108">
+<interface name="tripwire_run_tripwire" lineno="40">
 <summary>
-Read certmonger lib files.
+Execute tripwire in the tripwire
+domain, and allow the specified
+role the tripwire domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
 </summary>
 </param>
+<rolecap/>
 </interface>
-<interface name="certmonger_manage_lib_files" lineno="128">
+<interface name="tripwire_domtrans_twadmin" lineno="59">
 <summary>
-Create, read, write, and delete
-certmonger lib files.
+Execute twadmin in the twadmin domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="certmonger_admin" lineno="154">
+<interface name="tripwire_run_twadmin" lineno="86">
 <summary>
-All of the rules required to administrate
-an certmonger environment
+Execute twadmin in the twadmin
+domain, and allow the specified
+role the twadmin domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 <param name="role">
@@ -3730,12 +4036,9 @@ Role allowed access.
 </param>
 <rolecap/>
 </interface>
-</module>
-<module name="certwatch" filename="policy/modules/contrib/certwatch.if">
-<summary>Digital Certificate Tracking</summary>
-<interface name="certwatch_domtrans" lineno="13">
+<interface name="tripwire_domtrans_twprint" lineno="105">
 <summary>
-Domain transition to certwatch.
+Execute twprint in the twprint domain.
 </summary>
 <param name="domain">
 <summary>
@@ -3743,12 +4046,11 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="certwatch_run" lineno="42">
+<interface name="tripwire_run_twprint" lineno="132">
 <summary>
-Execute certwatch in the certwatch domain, and
-allow the specified role the certwatch domain,
-and use the caller's terminal. Has a sigchld
-backchannel.
+Execute twprint in the twprint
+domain, and allow the specified
+role the twprint domain.
 </summary>
 <param name="domain">
 <summary>
@@ -3762,37 +4064,40 @@ Role allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="certwatach_run" lineno="75">
+<interface name="tripwire_domtrans_siggen" lineno="151">
 <summary>
-Execute certwatch in the certwatch domain, and
-allow the specified role the certwatch domain,
-and use the caller's terminal. Has a sigchld
-backchannel.  (Deprecated)
+Execute siggen in the siggen domain.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed to transition.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="tripwire_run_siggen" lineno="178">
 <summary>
-Role allowed access.
+Execute siggen in the siggen domain,
+and allow the specified role
+the siggen domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
 </summary>
 </param>
-<param name="terminal">
+<param name="role">
 <summary>
-The type of the terminal allow the certwatch domain to use.
+Role allowed access.
 </summary>
 </param>
 <rolecap/>
 </interface>
 </module>
-<module name="cgroup" filename="policy/modules/contrib/cgroup.if">
-<summary>libcg is a library that abstracts the control group file system in Linux.</summary>
-<interface name="cgroup_domtrans_cgclear" lineno="14">
+<module name="tzdata" filename="policy/modules/admin/tzdata.if">
+<summary>Time zone updater.</summary>
+<interface name="tzdata_domtrans" lineno="13">
 <summary>
-Execute a domain transition to run
-CG Clear.
+Execute a domain transition to run tzdata.
 </summary>
 <param name="domain">
 <summary>
@@ -3800,21 +4105,30 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="cgroup_domtrans_cgconfig" lineno="34">
+<interface name="tzdata_run" lineno="40">
 <summary>
-Execute a domain transition to run
-CG config parser.
+Execute tzdata in the tzdata domain,
+and allow the specified role
+the tzdata domain.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed to transition.
 </summary>
 </param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
 </interface>
-<interface name="cgroup_initrc_domtrans_cgconfig" lineno="54">
+</module>
+<module name="updfstab" filename="policy/modules/admin/updfstab.if">
+<summary>Red Hat utility to change fstab.</summary>
+<interface name="updfstab_domtrans" lineno="13">
 <summary>
-Execute a domain transition to run
-CG config parser.
+Execute updfstab in the updfstab domain.
 </summary>
 <param name="domain">
 <summary>
@@ -3822,10 +4136,12 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="cgroup_domtrans_cgred" lineno="73">
+</module>
+<module name="usbmodules" filename="policy/modules/admin/usbmodules.if">
+<summary>List kernel modules of USB devices.</summary>
+<interface name="usbmodules_domtrans" lineno="13">
 <summary>
-Execute a domain transition to run
-CG rules engine daemon.
+Execute usbmodules in the usbmodules domain.
 </summary>
 <param name="domain">
 <summary>
@@ -3833,24 +4149,41 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="cgroup_initrc_domtrans_cgred" lineno="94">
+<interface name="usbmodules_run" lineno="40">
 <summary>
-Execute a domain transition to run
-CG rules engine daemon.
-domain.
+Execute usbmodules in the usbmodules
+domain, and allow the specified
+role the usbmodules domain.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed to transition.
 </summary>
 </param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
 </interface>
-<interface name="cgroup_run_cgclear" lineno="121">
+</module>
+<module name="usermanage" filename="policy/modules/admin/usermanage.if">
+<summary>Policy for managing user accounts.</summary>
+<interface name="usermanage_domtrans_chfn" lineno="13">
 <summary>
-Execute a domain transition to
-run CG Clear and allow the
-specified role the CG Clear
-domain.
+Execute chfn in the chfn domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="usermanage_run_chfn" lineno="42">
+<summary>
+Execute chfn in the chfn domain, and
+allow the specified role the chfn domain.
 </summary>
 <param name="domain">
 <summary>
@@ -3862,27 +4195,25 @@ Domain allowed to transition.
 Role allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="cgroup_stream_connect_cgred" lineno="141">
+<interface name="usermanage_domtrans_groupadd" lineno="61">
 <summary>
-Connect to CG rules engine daemon
-over unix stream sockets.
+Execute groupadd in the groupadd domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="cgroup_admin" lineno="167">
+<interface name="usermanage_run_groupadd" lineno="91">
 <summary>
-All of the rules required to administrate
-an cgroup environment.
+Execute groupadd in the groupadd domain, and
+allow the specified role the groupadd domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 <param name="role">
@@ -3892,12 +4223,9 @@ Role allowed access.
 </param>
 <rolecap/>
 </interface>
-</module>
-<module name="chronyd" filename="policy/modules/contrib/chronyd.if">
-<summary>Chrony NTP background daemon</summary>
-<interface name="chronyd_domtrans" lineno="13">
+<interface name="usermanage_domtrans_passwd" lineno="110">
 <summary>
-Execute chronyd in the chronyd domain.
+Execute passwd in the passwd domain.
 </summary>
 <param name="domain">
 <summary>
@@ -3905,9 +4233,9 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="chronyd_exec" lineno="32">
+<interface name="usermanage_kill_passwd" lineno="133">
 <summary>
-Execute chronyd
+Send sigkills to passwd.
 </summary>
 <param name="domain">
 <summary>
@@ -3915,9 +4243,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="chronyd_read_log" lineno="50">
+<interface name="usermanage_check_exec_passwd" lineno="151">
 <summary>
-Read chronyd logs.
+Check if the passwd binary is executable.
 </summary>
 <param name="domain">
 <summary>
@@ -3925,32 +4253,26 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="chronyd_admin" lineno="76">
+<interface name="usermanage_run_passwd" lineno="175">
 <summary>
-All of the rules required to administrate
-an chronyd environment
+Execute passwd in the passwd domain, and
+allow the specified role the passwd domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 <param name="role">
 <summary>
-The role to be allowed to manage the chronyd domain.
+Role allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-</module>
-<module name="cipe" filename="policy/modules/contrib/cipe.if">
-<summary>Encrypted tunnel daemon</summary>
-</module>
-<module name="clamav" filename="policy/modules/contrib/clamav.if">
-<summary>ClamAV Virus Scanner</summary>
-<interface name="clamav_domtrans" lineno="13">
+<interface name="usermanage_domtrans_admin_passwd" lineno="195">
 <summary>
-Execute a domain transition to run clamd.
+Execute password admin functions in
+the admin passwd domain.
 </summary>
 <param name="domain">
 <summary>
@@ -3958,40 +4280,47 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="clamav_stream_connect" lineno="31">
+<interface name="usermanage_run_admin_passwd" lineno="222">
 <summary>
-Connect to run clamd.
+Execute passwd admin functions in the admin
+passwd domain, and allow the specified role
+the admin passwd domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
 </summary>
 </param>
+<rolecap/>
 </interface>
-<interface name="clamav_append_log" lineno="50">
+<interface name="usermanage_dontaudit_use_useradd_fds" lineno="241">
 <summary>
-Allow the specified domain to append
-to clamav log files.
+Do not audit attempts to use useradd fds.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="clamav_read_config" lineno="70">
+<interface name="usermanage_domtrans_useradd" lineno="259">
 <summary>
-Read clamav configuration files.
+Execute useradd in the useradd domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="clamav_search_lib" lineno="89">
+<interface name="usermanage_check_exec_useradd" lineno="282">
 <summary>
-Search clamav libraries directories.
+Check if the useradd binaries are executable.
 </summary>
 <param name="domain">
 <summary>
@@ -3999,19 +4328,26 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="clamav_domtrans_clamscan" lineno="108">
+<interface name="usermanage_run_useradd" lineno="307">
 <summary>
-Execute a domain transition to run clamscan.
+Execute useradd in the useradd domain, and
+allow the specified role the useradd domain.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed to transition.
 </summary>
 </param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
 </interface>
-<interface name="clamav_exec_clamscan" lineno="126">
+<interface name="usermanage_read_crack_db" lineno="326">
 <summary>
-Execute clamscan without a transition.
+Read the crack database.
 </summary>
 <param name="domain">
 <summary>
@@ -4019,36 +4355,51 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="clamav_admin" lineno="151">
+</module>
+<module name="vbetool" filename="policy/modules/admin/vbetool.if">
+<summary>run real-mode video BIOS code to alter hardware state.</summary>
+<interface name="vbetool_domtrans" lineno="13">
 <summary>
-All of the rules required to administrate
-an clamav environment
+Execute vbetool in the vbetool domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="vbetool_run" lineno="39">
+<summary>
+Execute vbetool in the vbetool
+domain, and allow the specified
+role the vbetool domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
 </summary>
 </param>
 <param name="role">
 <summary>
-The role to be allowed to manage the clamav domain.
+Role allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<tunable name="clamd_use_jit" dftval="false">
+<tunable name="vbetool_mmap_zero_ignore" dftval="false">
 <desc>
 <p>
-Allow clamd to use JIT compiler
+Determine whether attempts by
+vbetool to mmap low regions should
+be silently blocked.
 </p>
 </desc>
 </tunable>
 </module>
-<module name="clockspeed" filename="policy/modules/contrib/clockspeed.if">
-<summary>Clockspeed simple network time protocol client</summary>
-<interface name="clockspeed_domtrans_cli" lineno="13">
+<module name="vpn" filename="policy/modules/admin/vpn.if">
+<summary>Virtual Private Networking client.</summary>
+<interface name="vpn_domtrans" lineno="13">
 <summary>
-Execute clockspeed utilities in the clockspeed_cli domain.
+Execute vpn clients in the vpnc domain.
 </summary>
 <param name="domain">
 <summary>
@@ -4056,9 +4407,11 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="clockspeed_run_cli" lineno="37">
+<interface name="vpn_run" lineno="40">
 <summary>
-Allow the specified role the clockspeed_cli domain.
+Execute vpn clients in the vpnc
+domain, and allow the specified
+role the vpnc domain.
 </summary>
 <param name="domain">
 <summary>
@@ -4072,23 +4425,29 @@ Role allowed access.
 </param>
 <rolecap/>
 </interface>
-</module>
-<module name="clogd" filename="policy/modules/contrib/clogd.if">
-<summary>clogd - Clustered Mirror Log Server</summary>
-<interface name="clogd_domtrans" lineno="13">
+<interface name="vpn_kill" lineno="59">
 <summary>
-Execute a domain transition to run clogd.
+Send kill signals to vpnc.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="clogd_stream_connect" lineno="33">
+<interface name="vpn_signal" lineno="77">
 <summary>
-Connect to clogd over a unix domain
-stream socket.
+Send generic signals to vpnc.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="vpn_signull" lineno="95">
+<summary>
+Send null signals to vpnc.
 </summary>
 <param name="domain">
 <summary>
@@ -4096,9 +4455,10 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="clogd_rw_semaphores" lineno="52">
+<interface name="vpn_dbus_chat" lineno="114">
 <summary>
-Allow read and write access to clogd semaphores.
+Send and receive messages from
+vpnc over dbus.
 </summary>
 <param name="domain">
 <summary>
@@ -4106,9 +4466,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="clogd_rw_shm" lineno="70">
+<interface name="vpn_relabelfrom_tun_socket" lineno="134">
 <summary>
-Read and write to group shared memory.
+Relabelfrom from vpnc socket.
 </summary>
 <param name="domain">
 <summary>
@@ -4117,11 +4477,14 @@ Domain allowed access.
 </param>
 </interface>
 </module>
-<module name="cmirrord" filename="policy/modules/contrib/cmirrord.if">
-<summary>Cluster mirror log daemon</summary>
-<interface name="cmirrord_domtrans" lineno="13">
+</layer>
+<layer name="apps">
+<summary>Policy modules for applications</summary>
+<module name="ada" filename="policy/modules/apps/ada.if">
+<summary>GNAT Ada95 compiler.</summary>
+<interface name="ada_domtrans" lineno="13">
 <summary>
-Execute a domain transition to run cmirrord.
+Execute the ada program in the ada domain.
 </summary>
 <param name="domain">
 <summary>
@@ -4129,29 +4492,88 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="cmirrord_initrc_domtrans" lineno="31">
+<interface name="ada_run" lineno="38">
 <summary>
-Execute cmirrord server in the cmirrord domain.
+Execute ada in the ada domain, and
+allow the specified role the ada domain.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed to transition.
 </summary>
 </param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
 </interface>
-<interface name="cmirrord_read_pid_files" lineno="49">
+</module>
+<module name="awstats" filename="policy/modules/apps/awstats.if">
+<summary>Log file analyzer for advanced statistics.</summary>
+<interface name="awstats_domtrans" lineno="14">
 <summary>
-Read cmirrord PID files.
+Execute the awstats program in
+the awstats domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="cmirrord_rw_shm" lineno="68">
+<tunable name="awstats_purge_apache_log_files" dftval="false">
+<desc>
+<p>
+Determine whether awstats can
+purge httpd log files.
+</p>
+</desc>
+</tunable>
+<tunable name="allow_httpd_awstats_script_anon_write" dftval="false">
+<desc>
+<p>
+Determine whether the script domain can
+modify public files used for public file
+transfer services. Directories/Files must
+be labeled public_content_rw_t.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="calamaris" filename="policy/modules/apps/calamaris.if">
+<summary>Squid log analysis.</summary>
+<interface name="calamaris_domtrans" lineno="14">
 <summary>
-Read and write to cmirrord shared memory.
+Execute the calamaris in
+the calamaris domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="calamaris_run" lineno="40">
+<summary>
+Execute calamaris in the
+calamaris domain, and allow the
+specified role the calamaris domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+<interface name="calamaris_read_www_files" lineno="59">
+<summary>
+Read calamaris www files.
 </summary>
 <param name="domain">
 <summary>
@@ -4159,10 +4581,10 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="cmirrord_admin" lineno="98">
+<interface name="calamaris_admin" lineno="86">
 <summary>
-All of the rules required to administrate
-an cmirrord environment
+All of the rules required to
+administrate an calamaris environment.
 </summary>
 <param name="domain">
 <summary>
@@ -4177,120 +4599,186 @@ Role allowed access.
 <rolecap/>
 </interface>
 </module>
-<module name="cobbler" filename="policy/modules/contrib/cobbler.if">
-<summary>Cobbler installation server.</summary>
-<desc>
-<p>
-Cobbler is a Linux installation server that allows for
-rapid setup of network installation environments. It
-glues together and automates many associated Linux
-tasks so you do not have to hop between lots of various
-commands and applications when rolling out new systems,
-and, in some cases, changing existing ones.
-</p>
-</desc>
-<interface name="cobblerd_domtrans" lineno="23">
+<module name="cdrecord" filename="policy/modules/apps/cdrecord.if">
+<summary>Record audio or data Compact Discs from a master.</summary>
+<interface name="cdrecord_role" lineno="18">
 <summary>
-Execute a domain transition to run cobblerd.
+Role access for cdrecord.
 </summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+User domain for the role.
 </summary>
 </param>
 </interface>
-<interface name="cobblerd_initrc_domtrans" lineno="41">
+<interface name="cdrecord_exec" lineno="44">
 <summary>
-Execute cobblerd server in the cobblerd domain.
+Execute cdrecord in the caller domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="cobbler_read_config" lineno="59">
+<tunable name="cdrecord_read_content" dftval="false">
+<desc>
+<p>
+Determine whether cdrecord can read
+various content. nfs, samba, removable
+devices, user temp and untrusted
+content files
+</p>
+</desc>
+</tunable>
+</module>
+<module name="chromium" filename="policy/modules/apps/chromium.if">
+<summary>Chromium browser</summary>
+<interface name="chromium_role" lineno="18">
 <summary>
-Read Cobbler content in /etc
+Role access for chromium
 </summary>
+<param name="role">
+<summary>
+Role allowed access
+</summary>
+</param>
 <param name="domain">
 <summary>
-Domain allowed access.
+User domain for the role
 </summary>
 </param>
 </interface>
-<interface name="cobbler_dontaudit_rw_log" lineno="79">
+<interface name="chromium_rw_tmp_pipes" lineno="57">
 <summary>
-Do not audit attempts to read and write
-Cobbler log files (leaked fd).
+Read-write access to Chromiums' temporary fifo files
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access
 </summary>
 </param>
 </interface>
-<interface name="cobbler_search_lib" lineno="97">
+<interface name="chromium_tmp_filetrans" lineno="86">
 <summary>
-Search cobbler dirs in /var/lib
+Automatically use the specified type for resources created in chromium's
+temporary locations
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain that creates the resource(s)
 </summary>
 </param>
-</interface>
-<interface name="cobbler_read_lib_files" lineno="116">
+<param name="class">
 <summary>
-Read cobbler files in /var/lib
+Type of the resource created
 </summary>
-<param name="domain">
+</param>
+<param name="filename" optional="true">
 <summary>
-Domain allowed access.
+The name of the resource being created
 </summary>
 </param>
 </interface>
-<interface name="cobbler_manage_lib_files" lineno="135">
+<interface name="chromium_domtrans" lineno="105">
 <summary>
-Manage cobbler files in /var/lib
+Execute a domain transition to the chromium domain (chromium_t)
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed access
 </summary>
 </param>
 </interface>
-<interface name="cobblerd_admin" lineno="161">
+<interface name="chromium_run" lineno="130">
 <summary>
-All of the rules required to administrate
-an cobblerd environment
+Execute chromium in the chromium domain and allow the specified role to access the chromium domain
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed access
 </summary>
 </param>
 <param name="role">
 <summary>
-Role allowed access.
+Role allowed access
 </summary>
 </param>
-<rolecap/>
 </interface>
-<tunable name="cobbler_anon_write" dftval="false">
+<tunable name="chromium_read_system_info" dftval="false">
 <desc>
 <p>
-Allow Cobbler to modify public files
-used for public file transfer services.
+Allow chromium to read system information
+</p>
+<p>
+Although not needed for regular browsing, this will allow chromium to update
+its own memory consumption based on system state, support additional
+debugging, detect specific devices, etc.
+</p>
+</desc>
+</tunable>
+<tunable name="chromium_bind_tcp_unreserved_ports" dftval="false">
+<desc>
+<p>
+Allow chromium to bind to tcp ports
+</p>
+<p>
+Although not needed for regular browsing, some chrome extensions need to
+bind to tcp ports and accept connections.
+</p>
+</desc>
+</tunable>
+<tunable name="chromium_rw_usb_dev" dftval="false">
+<desc>
+<p>
+Allow chromium to read/write USB devices
+</p>
+<p>
+Although not needed for regular browsing, used for debugging over usb
+or using FIDO U2F tokens.
+</p>
+</desc>
+</tunable>
+<tunable name="chromium_read_generic_user_content" dftval="true">
+<desc>
+<p>
+Grant the chromium domains read access to generic user content
+</p>
+</desc>
+</tunable>
+<tunable name="chromium_read_all_user_content" dftval="false">
+<desc>
+<p>
+Grant the chromium domains read access to all user content
+</p>
+</desc>
+</tunable>
+<tunable name="chromium_manage_generic_user_content" dftval="false">
+<desc>
+<p>
+Grant the chromium domains manage rights on generic user content
+</p>
+</desc>
+</tunable>
+<tunable name="chromium_manage_all_user_content" dftval="false">
+<desc>
+<p>
+Grant the chromium domains manage rights on all user content
 </p>
 </desc>
 </tunable>
 </module>
-<module name="colord" filename="policy/modules/contrib/colord.if">
-<summary>GNOME color manager</summary>
-<interface name="colord_domtrans" lineno="13">
+<module name="cpufreqselector" filename="policy/modules/apps/cpufreqselector.if">
+<summary>Command-line CPU frequency settings.</summary>
+<interface name="cpufreqselector_dbus_chat" lineno="14">
 <summary>
-Execute a domain transition to run colord.
+Send and receive messages from
+cpufreq-selector over dbus.
 </summary>
 <param name="domain">
 <summary>
@@ -4298,47 +4786,53 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="colord_dbus_chat" lineno="32">
+</module>
+<module name="evolution" filename="policy/modules/apps/evolution.if">
+<summary>Evolution email client.</summary>
+<interface name="evolution_role" lineno="18">
 <summary>
-Send and receive messages from
-colord over dbus.
+Role access for evolution.
+</summary>
+<param name="role">
+<summary>
+Role allowed access.
 </summary>
+</param>
 <param name="domain">
 <summary>
-Domain allowed access.
+User domain for the role.
 </summary>
 </param>
 </interface>
-<interface name="colord_read_lib_files" lineno="52">
+<interface name="evolution_home_filetrans" lineno="99">
 <summary>
-Read colord lib files.
+Create objects in the evolution home
+directories with a private type.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-</interface>
-</module>
-<module name="comsat" filename="policy/modules/contrib/comsat.if">
-<summary>Comsat, a biff server.</summary>
-</module>
-<module name="consolekit" filename="policy/modules/contrib/consolekit.if">
-<summary>Framework for facilitating multiple user sessions on desktops.</summary>
-<interface name="consolekit_domtrans" lineno="13">
+<param name="private_type">
 <summary>
-Execute a domain transition to run consolekit.
+Private file type.
 </summary>
-<param name="domain">
+</param>
+<param name="object_class">
 <summary>
-Domain allowed to transition.
+Class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="consolekit_dbus_chat" lineno="32">
+<interface name="evolution_read_home_files" lineno="118">
 <summary>
-Send and receive messages from
-consolekit over dbus.
+Read evolution home files.
 </summary>
 <param name="domain">
 <summary>
@@ -4346,9 +4840,10 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="consolekit_read_log" lineno="52">
+<interface name="evolution_stream_connect" lineno="137">
 <summary>
-Read consolekit log files.
+Connect to evolution using a unix
+domain stream socket.
 </summary>
 <param name="domain">
 <summary>
@@ -4356,9 +4851,10 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="consolekit_manage_log" lineno="71">
+<interface name="evolution_read_orbit_tmp_files" lineno="158">
 <summary>
-Manage consolekit log files.
+Read evolution orbit temporary
+files.
 </summary>
 <param name="domain">
 <summary>
@@ -4366,9 +4862,10 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="consolekit_read_pid_files" lineno="90">
+<interface name="evolution_dbus_chat" lineno="179">
 <summary>
-Read consolekit PID files.
+Send and receive messages from
+evolution over dbus.
 </summary>
 <param name="domain">
 <summary>
@@ -4376,22 +4873,21 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-</module>
-<module name="corosync" filename="policy/modules/contrib/corosync.if">
-<summary>Corosync Cluster Engine</summary>
-<interface name="corosync_domtrans" lineno="13">
+<interface name="evolution_alarm_dbus_chat" lineno="200">
 <summary>
-Execute a domain transition to run corosync.
+Send and receive messages from
+evolution_alarm over dbus.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corosync_read_log" lineno="31">
+<interface name="evolution_domtrans" lineno="221">
 <summary>
-Allow the specified domain to read corosync's log files.
+Make a domain transition to the
+evolution target domain.
 </summary>
 <param name="domain">
 <summary>
@@ -4399,10 +4895,50 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corosync_stream_connect" lineno="52">
+<tunable name="evolution_manage_user_certs" dftval="false">
+<desc>
+<p>
+Allow evolution to create and write
+user certificates in addition to
+being able to read them
+</p>
+</desc>
+</tunable>
+<tunable name="evolution_read_generic_user_content" dftval="true">
+<desc>
+<p>
+Grant the evolution domains read access to generic user content
+</p>
+</desc>
+</tunable>
+<tunable name="evolution_read_all_user_content" dftval="false">
+<desc>
+<p>
+Grant the evolution domains read access to all user content
+</p>
+</desc>
+</tunable>
+<tunable name="evolution_manage_generic_user_content" dftval="false">
+<desc>
+<p>
+Grant the evolution domains manage rights on generic user content
+</p>
+</desc>
+</tunable>
+<tunable name="evolution_manage_all_user_content" dftval="false">
+<desc>
+<p>
+Grant the evolution domains manage rights on all user content
+</p>
+</desc>
+</tunable>
+</module>
+<module name="firewallgui" filename="policy/modules/apps/firewallgui.if">
+<summary>system-config-firewall dbus system service.</summary>
+<interface name="firewallgui_dbus_chat" lineno="14">
 <summary>
-Connect to corosync over a unix domain
-stream socket.
+Send and receive messages from
+firewallgui over dbus.
 </summary>
 <param name="domain">
 <summary>
@@ -4410,130 +4946,128 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corosyncd_admin" lineno="78">
+<interface name="firewallgui_dontaudit_rw_pipes" lineno="35">
 <summary>
-All of the rules required to administrate
-an corosync environment
+Do not audit attempts to read and
+write firewallgui unnamed pipes.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
-</summary>
-</param>
-<param name="role">
-<summary>
-The role to be allowed to manage the corosyncd domain.
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
 </interface>
 </module>
-<module name="courier" filename="policy/modules/contrib/courier.if">
-<summary>Courier IMAP and POP3 email servers</summary>
-<template name="courier_domain_template" lineno="13">
+<module name="games" filename="policy/modules/apps/games.if">
+<summary>Various games.</summary>
+<interface name="games_role" lineno="18">
 <summary>
-Template for creating courier server processes.
+Role access for games.
 </summary>
-<param name="prefix">
+<param name="role">
 <summary>
-Prefix name of the server process.
+Role allowed access.
 </summary>
 </param>
-</template>
-<interface name="courier_domtrans_authdaemon" lineno="99">
-<summary>
-Execute the courier authentication daemon with
-a domain transition.
-</summary>
-<param name="prefix">
+<param name="domain">
 <summary>
-Domain allowed to transition.
+User domain for the role.
 </summary>
 </param>
 </interface>
-<interface name="courier_domtrans_pop" lineno="118">
+<interface name="games_rw_data" lineno="52">
 <summary>
-Execute the courier POP3 and IMAP server with
-a domain transition.
+Read and write games data files.
 </summary>
-<param name="prefix">
+<param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="courier_read_config" lineno="136">
+<interface name="games_domtrans" lineno="71">
 <summary>
-Read courier config files
+Run a game in the game domain.
 </summary>
-<param name="prefix">
+<param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="courier_manage_spool_dirs" lineno="155">
+<interface name="games_dbus_chat" lineno="91">
 <summary>
-Create, read, write, and delete courier
-spool directories.
+Send and receive messages from
+games over dbus.
 </summary>
-<param name="prefix">
+<param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="courier_manage_spool_files" lineno="174">
+</module>
+<module name="gift" filename="policy/modules/apps/gift.if">
+<summary>Peer to peer file sharing tool.</summary>
+<interface name="gift_role" lineno="18">
 <summary>
-Create, read, write, and delete courier
-spool files.
+Role access for gift.
 </summary>
-<param name="prefix">
+<param name="role">
 <summary>
-Domain allowed access.
+Role allowed access.
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role.
 </summary>
 </param>
 </interface>
-<interface name="courier_read_spool" lineno="192">
+</module>
+<module name="gitosis" filename="policy/modules/apps/gitosis.if">
+<summary>Tools for managing and hosting git repositories.</summary>
+<interface name="gitosis_domtrans" lineno="13">
 <summary>
-Read courier spool files.
+Execute a domain transition to run gitosis.
 </summary>
-<param name="prefix">
+<param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="courier_rw_spool_pipes" lineno="210">
+<interface name="gitosis_run" lineno="39">
 <summary>
-Read and write to courier spool pipes.
+Execute gitosis-serve in the
+gitosis domain, and allow the
+specified role the gitosis domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
 </summary>
 </param>
 </interface>
-</module>
-<module name="cpucontrol" filename="policy/modules/contrib/cpucontrol.if">
-<summary>Services for loading CPU microcode and CPU frequency scaling.</summary>
-<interface name="cpucontrol_stub" lineno="13">
+<interface name="gitosis_read_lib_files" lineno="58">
 <summary>
-CPUcontrol stub interface.  No access allowed.
+Read gitosis lib files.
 </summary>
-<param name="domain" unused="true">
+<param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
 </interface>
-</module>
-<module name="cpufreqselector" filename="policy/modules/contrib/cpufreqselector.if">
-<summary>Command-line CPU frequency settings.</summary>
-<interface name="cpufreqselector_dbus_chat" lineno="14">
+<interface name="gitosis_manage_lib_files" lineno="80">
 <summary>
-Send and receive messages from
-cpufreq-selector over dbus.
+Create, read, write, and delete
+gitosis lib files.
 </summary>
 <param name="domain">
 <summary>
@@ -4541,94 +5075,83 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
+<tunable name="gitosis_can_sendmail" dftval="false">
+<desc>
+<p>
+Determine whether Gitosis can send mail.
+</p>
+</desc>
+</tunable>
 </module>
-<module name="cron" filename="policy/modules/contrib/cron.if">
-<summary>Periodic execution of scheduled commands.</summary>
-<template name="cron_common_crontab_template" lineno="14">
+<module name="gnome" filename="policy/modules/apps/gnome.if">
+<summary>GNU network object model environment.</summary>
+<template name="gnome_role_template" lineno="24">
 <summary>
-The common rules for a crontab domain.
+The role template for gnome.
 </summary>
-<param name="userdomain_prefix">
+<param name="role_prefix">
 <summary>
 The prefix of the user domain (e.g., user
 is the prefix for user_t).
 </summary>
 </param>
-</template>
-<interface name="cron_role" lineno="105">
-<summary>
-Role access for cron
-</summary>
-<param name="role">
+<param name="user_role">
 <summary>
-Role allowed access
+The role associated with the user domain.
 </summary>
 </param>
-<param name="domain">
+<param name="user_domain">
 <summary>
-User domain for the role
+The type of the user domain.
 </summary>
 </param>
-</interface>
-<interface name="cron_unconfined_role" lineno="154">
-<summary>
-Role access for unconfined cronjobs
-</summary>
-<param name="role">
+</template>
+<interface name="gnome_exec_gconf" lineno="121">
 <summary>
-Role allowed access
+Execute gconf in the caller domain.
 </summary>
-</param>
 <param name="domain">
 <summary>
-User domain for the role
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="cron_admin_role" lineno="203">
+<interface name="gnome_read_gconf_config" lineno="140">
 <summary>
-Role access for cron
-</summary>
-<param name="role">
-<summary>
-Role allowed access
+Read gconf configuration content.
 </summary>
-</param>
 <param name="domain">
 <summary>
-User domain for the role
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="cron_system_entry" lineno="257">
+<interface name="gnome_dontaudit_read_inherited_gconf_config_files" lineno="162">
 <summary>
-Make the specified program domain accessable
-from the system cron jobs.
+Do not audit attempts to read
+inherited gconf configuration files.
 </summary>
 <param name="domain">
 <summary>
-The type of the process to transition to.
-</summary>
-</param>
-<param name="entrypoint">
-<summary>
-The type of the file used as an entrypoint to this domain.
+Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="cron_domtrans" lineno="278">
+<interface name="gnome_manage_gconf_config" lineno="181">
 <summary>
-Execute cron in the cron system domain.
+Create, read, write, and delete
+gconf configuration content.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="cron_exec" lineno="296">
+<interface name="gnome_stream_connect_gconf" lineno="203">
 <summary>
-Execute crond_exec_t
+Connect to gconf using a unix
+domain stream socket.
 </summary>
 <param name="domain">
 <summary>
@@ -4636,9 +5159,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="cron_initrc_domtrans" lineno="314">
+<interface name="gnome_domtrans_gconfd" lineno="222">
 <summary>
-Execute crond server in the nscd domain.
+Run gconfd in gconfd domain.
 </summary>
 <param name="domain">
 <summary>
@@ -4646,10 +5169,9 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="cron_use_fds" lineno="333">
+<interface name="gnome_create_generic_home_dirs" lineno="241">
 <summary>
-Inherit and use a file descriptor
-from the cron daemon.
+Create generic gnome home directories.
 </summary>
 <param name="domain">
 <summary>
@@ -4657,9 +5179,10 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="cron_sigchld" lineno="351">
+<interface name="gnome_setattr_generic_home_dirs" lineno="260">
 <summary>
-Send a SIGCHLD signal to the cron daemon.
+Set attributes of generic gnome
+user home directories.
 </summary>
 <param name="domain">
 <summary>
@@ -4667,9 +5190,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="cron_read_pipes" lineno="369">
+<interface name="gnome_read_generic_home_content" lineno="279">
 <summary>
-Read a cron daemon unnamed pipe.
+Read generic gnome home content.
 </summary>
 <param name="domain">
 <summary>
@@ -4677,19 +5200,20 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="cron_dontaudit_write_pipes" lineno="387">
+<interface name="gnome_manage_generic_home_content" lineno="303">
 <summary>
-Do not audit attempts to write cron daemon unnamed pipes.
+Create, read, write, and delete
+generic gnome home content.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="cron_rw_pipes" lineno="405">
+<interface name="gnome_search_generic_home" lineno="326">
 <summary>
-Read and write a cron daemon unnamed pipe.
+Search generic gnome home directories.
 </summary>
 <param name="domain">
 <summary>
@@ -4697,29 +5221,35 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="cron_rw_tcp_sockets" lineno="423">
+<interface name="gnome_home_filetrans" lineno="361">
 <summary>
-Read, and write cron daemon TCP sockets.
+Create objects in gnome user home
+directories with a private type.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-</interface>
-<interface name="cron_dontaudit_rw_tcp_sockets" lineno="441">
+<param name="private_type">
 <summary>
-Dontaudit Read, and write cron daemon TCP sockets.
+Private file type.
 </summary>
-<param name="domain">
+</param>
+<param name="object_class">
 <summary>
-Domain to not audit.
+Class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="cron_search_spool" lineno="459">
+<interface name="gnome_create_generic_gconf_home_dirs" lineno="380">
 <summary>
-Search the directory containing user cron tables.
+Create generic gconf home directories.
 </summary>
 <param name="domain">
 <summary>
@@ -4727,9 +5257,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="cron_manage_pid_files" lineno="478">
+<interface name="gnome_read_generic_gconf_home_content" lineno="398">
 <summary>
-Manage pid files used by cron
+Read generic gconf home content.
 </summary>
 <param name="domain">
 <summary>
@@ -4737,20 +5267,20 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="cron_anacron_domtrans_system_job" lineno="496">
+<interface name="gnome_manage_generic_gconf_home_content" lineno="422">
 <summary>
-Execute anacron in the cron system domain.
+Create, read, write, and delete
+generic gconf home content.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="cron_use_system_job_fds" lineno="515">
+<interface name="gnome_search_generic_gconf_home" lineno="445">
 <summary>
-Inherit and use a file descriptor
-from system cron jobs.
+Search generic gconf home directories.
 </summary>
 <param name="domain">
 <summary>
@@ -4758,110 +5288,123 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="cron_write_system_job_pipes" lineno="533">
+<interface name="gnome_home_filetrans_gconf_home" lineno="476">
 <summary>
-Write a system cron job unnamed pipe.
+Create objects in user home
+directories with the generic gconf
+home type.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-</interface>
-<interface name="cron_rw_system_job_pipes" lineno="551">
+<param name="object_class">
 <summary>
-Read and write a system cron job unnamed pipe.
+Class of the object being created.
 </summary>
-<param name="domain">
+</param>
+<param name="name" optional="true">
 <summary>
-Domain allowed access.
+The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="cron_rw_system_job_stream_sockets" lineno="569">
+<interface name="gnome_home_filetrans_gnome_home" lineno="506">
 <summary>
-Allow read/write unix stream sockets from the system cron jobs.
+Create objects in user home
+directories with the generic gnome
+home type.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<param name="object_class">
+<summary>
+Class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
 </interface>
-<interface name="cron_read_system_job_tmp_files" lineno="587">
+<interface name="gnome_gconf_home_filetrans" lineno="540">
 <summary>
-Read temporary files from the system cron jobs.
+Create objects in gnome gconf home
+directories with a private type.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-</interface>
-<interface name="cron_dontaudit_append_system_job_tmp_files" lineno="607">
+<param name="private_type">
 <summary>
-Do not audit attempts to append temporary
-files from the system cron jobs.
+Private file type.
 </summary>
-<param name="domain">
+</param>
+<param name="object_class">
 <summary>
-Domain to not audit.
+Class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="cron_dontaudit_write_system_job_tmp_files" lineno="626">
+<interface name="gnome_user_home_dir_filetrans_gstreamer_orcexec" lineno="571">
 <summary>
-Do not audit attempts to write temporary
-files from the system cron jobs.
+Create objects in user home
+directories with the gstreamer
+orcexec type.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+Class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
 </summary>
 </param>
 </interface>
-<tunable name="cron_can_relabel" dftval="false">
-<desc>
-<p>
-Allow system cron jobs to relabel filesystem
-for restoring file contexts.
-</p>
-</desc>
-</tunable>
-<tunable name="fcron_crond" dftval="false">
-<desc>
-<p>
-Enable extra rules in the cron domain
-to support fcron.
-</p>
-</desc>
-</tunable>
-</module>
-<module name="cups" filename="policy/modules/contrib/cups.if">
-<summary>Common UNIX printing system</summary>
-<interface name="cups_backend" lineno="13">
+<interface name="gnome_user_runtime_filetrans_gstreamer_orcexec" lineno="601">
 <summary>
-Setup cups to transtion to the cups backend domain
+Create objects in the user
+runtime directories with the
+gstreamer orcexec type.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-</interface>
-<interface name="cups_domtrans" lineno="40">
+<param name="object_class">
 <summary>
-Execute cups in the cups domain.
+Class of the object being created.
 </summary>
-<param name="domain">
+</param>
+<param name="name" optional="true">
 <summary>
-Domain allowed to transition.
+The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="cups_stream_connect" lineno="58">
+<interface name="gnome_read_keyring_home_files" lineno="619">
 <summary>
-Connect to cupsd over an unix domain stream socket.
+Read generic gnome keyring home files.
 </summary>
 <param name="domain">
 <summary>
@@ -4869,30 +5412,45 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="cups_tcp_connect" lineno="77">
+<interface name="gnome_dbus_chat_gconfd" lineno="646">
 <summary>
-Connect to cups over TCP.  (Deprecated)
+Send and receive messages from
+gnome configuration daemon over
+dbus.
 </summary>
+<param name="role_prefix">
+<summary>
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+</summary>
+</param>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="cups_dbus_chat" lineno="92">
+<interface name="gnome_dbus_chat_gkeyringd" lineno="673">
 <summary>
 Send and receive messages from
-cups over dbus.
+gnome keyring daemon over dbus.
 </summary>
+<param name="role_prefix">
+<summary>
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+</summary>
+</param>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="cups_read_pid_files" lineno="112">
+<interface name="gnome_dbus_chat_all_gkeyringd" lineno="694">
 <summary>
-Read cups PID files.
+Send and receive messages from all
+gnome keyring daemon over dbus.
 </summary>
 <param name="domain">
 <summary>
@@ -4900,9 +5458,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="cups_domtrans_config" lineno="131">
+<interface name="gnome_spec_domtrans_all_gkeyringd" lineno="714">
 <summary>
-Execute cups_config in the cups_config domain.
+Run all gkeyringd in gkeyringd domain.
 </summary>
 <param name="domain">
 <summary>
@@ -4910,21 +5468,27 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="cups_signal_config" lineno="150">
+<interface name="gnome_stream_connect_gkeyringd" lineno="741">
 <summary>
-Send generic signals to the cups
-configuration daemon.
+Connect to gnome keyring daemon
+with a unix stream socket.
 </summary>
+<param name="role_prefix">
+<summary>
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+</summary>
+</param>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="cups_dbus_chat_config" lineno="169">
+<interface name="gnome_stream_connect_all_gkeyringd" lineno="762">
 <summary>
-Send and receive messages from
-cupsd_config over dbus.
+Connect to all gnome keyring daemon
+with a unix stream socket.
 </summary>
 <param name="domain">
 <summary>
@@ -4932,52 +5496,59 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="cups_read_config" lineno="190">
+<interface name="gnome_manage_gstreamer_orcexec" lineno="784">
 <summary>
-Read cups configuration files.
+Manage gstreamer ORC optimized
+code.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="cups_read_rw_config" lineno="211">
+<interface name="gnome_mmap_gstreamer_orcexec" lineno="803">
 <summary>
-Read cups-writable configuration files.
+Mmap gstreamer ORC optimized
+code.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="cups_read_log" lineno="231">
+</module>
+<module name="gpg" filename="policy/modules/apps/gpg.if">
+<summary>Policy for GNU Privacy Guard and related programs.</summary>
+<interface name="gpg_role" lineno="18">
 <summary>
-Read cups log files.
+Role access for gpg.
+</summary>
+<param name="role">
+<summary>
+Role allowed access.
 </summary>
+</param>
 <param name="domain">
 <summary>
-Domain allowed access.
+User domain for the role.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="cups_append_log" lineno="250">
+<interface name="gpg_domtrans" lineno="64">
 <summary>
-Append cups log files.
+Execute the gpg in the gpg domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="cups_write_log" lineno="269">
+<interface name="gpg_exec" lineno="83">
 <summary>
-Write cups log files.
+Execute the gpg in the caller domain.
 </summary>
 <param name="domain">
 <summary>
@@ -4985,9 +5556,34 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="cups_stream_connect_ptal" lineno="288">
+<interface name="gpg_spec_domtrans" lineno="117">
+<summary>
+Execute gpg in a specified domain.
+</summary>
+<desc>
+<p>
+Execute gpg in a specified domain.
+</p>
+<p>
+No interprocess communication (signals, pipes,
+etc.) is provided by this interface since
+the domains are not owned by this module.
+</p>
+</desc>
+<param name="source_domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="target_domain">
+<summary>
+Domain to transition to.
+</summary>
+</param>
+</interface>
+<interface name="gpg_exec_agent" lineno="136">
 <summary>
-Connect to ptal over an unix domain stream socket.
+Execute the gpg-agent in the caller domain.
 </summary>
 <param name="domain">
 <summary>
@@ -4995,29 +5591,30 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="cups_admin" lineno="314">
+<interface name="gpg_entry_type" lineno="156">
 <summary>
-All of the rules required to administrate
-an cups environment
+Make gpg executable files an
+entrypoint for the specified domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+The domain for which gpg_exec_t is an entrypoint.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="gpg_signal" lineno="174">
+<summary>
+Send generic signals to gpg.
+</summary>
+<param name="domain">
 <summary>
-The role to be allowed to manage the cups domain.
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-</module>
-<module name="cvs" filename="policy/modules/contrib/cvs.if">
-<summary>Concurrent versions system</summary>
-<interface name="cvs_read_data" lineno="13">
+<interface name="gpg_rw_agent_pipes" lineno="192">
 <summary>
-Read the CVS data and metadata.
+Read and write gpg agent pipes.
 </summary>
 <param name="domain">
 <summary>
@@ -5025,10 +5622,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="cvs_exec" lineno="34">
+<interface name="gpg_stream_connect_agent" lineno="210">
 <summary>
-Allow the specified domain to execute cvs
-in the caller domain.
+Connect to gpg agent socket
 </summary>
 <param name="domain">
 <summary>
@@ -5036,50 +5632,39 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="cvs_admin" lineno="59">
+<interface name="gpg_search_agent_tmp_dirs" lineno="232">
 <summary>
-All of the rules required to administrate
-an cvs environment
+Search gpg agent dirs.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="gpg_agent_tmp_filetrans" lineno="250">
+<summary>
+filetrans in gpg_agent_tmp_t dirs
+</summary>
+<param name="domain">
 <summary>
-The role to be allowed to manage the cvs domain.
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<tunable name="allow_cvs_read_shadow" dftval="false">
-<desc>
-<p>
-Allow cvs daemon to read shadow
-</p>
-</desc>
-</tunable>
-</module>
-<module name="cyphesis" filename="policy/modules/contrib/cyphesis.if">
-<summary>Cyphesis WorldForge game server</summary>
-<interface name="cyphesis_domtrans" lineno="13">
+<interface name="gpg_runtime_filetrans" lineno="269">
 <summary>
-Execute a domain transition to run cyphesis.
+filetrans in gpg_runtime_t dirs
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-</module>
-<module name="cyrus" filename="policy/modules/contrib/cyrus.if">
-<summary>Cyrus is an IMAP service intended to be run on sealed servers</summary>
-<interface name="cyrus_manage_data" lineno="14">
+<interface name="gpg_secret_filetrans" lineno="288">
 <summary>
-Allow caller to create, read, write,
-and delete cyrus data files.
+filetrans in gpg_secret_t dirs
 </summary>
 <param name="domain">
 <summary>
@@ -5087,9 +5672,10 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="cyrus_stream_connect" lineno="33">
+<interface name="gpg_pinentry_dbus_chat" lineno="309">
 <summary>
-Connect to Cyrus using a unix domain stream socket.
+Send messages to and from gpg
+pinentry over DBUS.
 </summary>
 <param name="domain">
 <summary>
@@ -5097,86 +5683,191 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="cyrus_admin" lineno="59">
+<interface name="gpg_list_user_secrets" lineno="329">
 <summary>
-All of the rules required to administrate
-an cyrus environment
+List gpg user secrets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+</interface>
+<tunable name="gpg_agent_env_file" dftval="false">
+<desc>
+<p>
+Determine whether GPG agent can manage
+generic user home content files. This is
+required by the --write-env-file option.
+</p>
+</desc>
+</tunable>
+<tunable name="gpg_agent_use_card" dftval="false">
+<desc>
+<p>
+Determine whether GPG agent can use OpenPGP
+cards or Yubikeys over USB
+</p>
+</desc>
+</tunable>
+<tunable name="gpg_read_generic_user_content" dftval="true">
+<desc>
+<p>
+Grant the gpg domains read access to generic user content
+</p>
+</desc>
+</tunable>
+<tunable name="gpg_read_all_user_content" dftval="false">
+<desc>
+<p>
+Grant the gpg domains read access to all user content
+</p>
+</desc>
+</tunable>
+<tunable name="gpg_manage_generic_user_content" dftval="false">
+<desc>
+<p>
+Grant the gpg domains manage rights on generic user content
+</p>
+</desc>
+</tunable>
+<tunable name="gpg_manage_all_user_content" dftval="false">
+<desc>
+<p>
+Grant the gpg domains manage rights on all user content
+</p>
+</desc>
+</tunable>
+</module>
+<module name="irc" filename="policy/modules/apps/irc.if">
+<summary>IRC client policy.</summary>
+<interface name="irc_role" lineno="18">
+<summary>
+Role access for IRC.
+</summary>
 <param name="role">
 <summary>
-The role to be allowed to manage the cyrus domain.
+Role allowed access.
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role.
 </summary>
 </param>
-<rolecap/>
 </interface>
-</module>
-<module name="daemontools" filename="policy/modules/contrib/daemontools.if">
-<summary>Collection of tools for managing UNIX services</summary>
+<tunable name="irc_use_any_tcp_ports" dftval="false">
 <desc>
 <p>
-Policy for DJB's daemontools
+Determine whether irc clients can
+listen on and connect to any
+unreserved TCP ports.
 </p>
 </desc>
-<interface name="daemontools_ipc_domain" lineno="18">
+</tunable>
+<tunable name="irc_read_generic_user_content" dftval="true">
+<desc>
+<p>
+Grant the irc domains read access to generic user content
+</p>
+</desc>
+</tunable>
+<tunable name="irc_read_all_user_content" dftval="false">
+<desc>
+<p>
+Grant the irc domains read access to all user content
+</p>
+</desc>
+</tunable>
+<tunable name="irc_manage_generic_user_content" dftval="false">
+<desc>
+<p>
+Grant the irc domains manage rights on generic user content
+</p>
+</desc>
+</tunable>
+<tunable name="irc_manage_all_user_content" dftval="false">
+<desc>
+<p>
+Grant the irc domains manage rights on all user content
+</p>
+</desc>
+</tunable>
+</module>
+<module name="java" filename="policy/modules/apps/java.if">
+<summary>Java virtual machine</summary>
+<interface name="java_role" lineno="18">
+<summary>
+Role access for java.
+</summary>
+<param name="role">
 <summary>
-An ipc channel between the supervised domain and svc_start_t
+Role allowed access.
 </summary>
+</param>
 <param name="domain">
 <summary>
-Domain allowed access.
+User domain for the role.
 </summary>
 </param>
 </interface>
-<interface name="daemontools_service_domain" lineno="44">
+<template name="java_role_template" lineno="90">
 <summary>
-Define a specified domain as a supervised service.
+The role template for the java module.
 </summary>
-<param name="domain">
+<desc>
+<p>
+This template creates a derived domains which are used
+for java applications.
+</p>
+</desc>
+<param name="role_prefix">
 <summary>
-Domain allowed access.
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
 </summary>
 </param>
-<param name="entrypoint">
+<param name="user_role">
 <summary>
-The type associated with the process program.
+The role associated with the user domain.
 </summary>
 </param>
-</interface>
-<interface name="daemontools_domtrans_start" lineno="66">
+<param name="user_domain">
+<summary>
+The type of the user domain.
+</summary>
+</param>
+</template>
+<template name="java_domtrans" lineno="148">
 <summary>
-Execute in the svc_start_t domain.
+Execute the java program in the java domain.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed to transition.
 </summary>
 </param>
-</interface>
-<interface name="daemonstools_run_start" lineno="91">
+</template>
+<interface name="java_run" lineno="178">
 <summary>
-Execute svc_start in the svc_start domain, and
-allow the specified role the svc_start domain.
+Execute java in the java domain, and
+allow the specified role the java domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 <param name="role">
 <summary>
-The role to be allowed the svc_start domain.
+Role allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="daemontools_domtrans_run" lineno="110">
+<interface name="java_domtrans_unconfined" lineno="198">
 <summary>
-Execute in the svc_run_t domain.
+Execute the java program in the
+unconfined java domain.
 </summary>
 <param name="domain">
 <summary>
@@ -5184,29 +5875,38 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="daemontools_sigchld_run" lineno="128">
+<interface name="java_run_unconfined" lineno="224">
 <summary>
-Send a SIGCHLD signal to svc_run domain.
+Execute the java program in the
+unconfined java domain and allow the
+specified role the java domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
 </summary>
 </param>
 </interface>
-<interface name="daemontools_domtrans_multilog" lineno="146">
+<interface name="java_exec" lineno="244">
 <summary>
-Execute in the svc_multilog_t domain.
+Execute the java program in
+the callers domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="daemontools_search_svc_dir" lineno="164">
+<interface name="java_manage_generic_home_content" lineno="264">
 <summary>
-Search svc_svc_t  directory.
+Create, read, write, and delete
+generic java home content.
 </summary>
 <param name="domain">
 <summary>
@@ -5214,153 +5914,226 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="daemontools_read_svc" lineno="183">
+<interface name="java_manage_java_tmp" lineno="285">
 <summary>
-Allow a domain to read svc_svc_t files.
+Create, read, write, and delete
+temporary java content.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="daemontools_manage_svc" lineno="203">
+<interface name="java_home_filetrans_java_home" lineno="316">
 <summary>
-Allow a domain to create svc_svc_t files.
+Create specified objects in user home
+directories with the generic java
+home type.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
-</interface>
-</module>
-<module name="dante" filename="policy/modules/contrib/dante.if">
-<summary>Dante msproxy and socks4/5 proxy server</summary>
-</module>
-<module name="dbadm" filename="policy/modules/contrib/dbadm.if">
-<summary>Database administrator role</summary>
-<interface name="dbadm_role_change" lineno="14">
+<param name="object_class">
 <summary>
-Change to the database administrator role.
+Class of the object being created.
 </summary>
-<param name="role">
+</param>
+<param name="name" optional="true">
 <summary>
-Role allowed access.
+The name of the object being created.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="dbadm_role_change_to" lineno="44">
+<template name="java_noatsecure_domtrans" lineno="341">
 <summary>
-Change from the database administrator role.
+Run java in javaplugin domain and
+do not clean the environment (atsecure)
 </summary>
 <desc>
 <p>
-Change from the database administrator role to
-the specified role.
+This is needed when java is called by an application with library
+settings (such as is the case when invoked as a browser plugin)
 </p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</template>
+<template name="java_domain_type" lineno="369">
+<summary>
+The template for using java in a domain.
+</summary>
+<desc>
 <p>
-This is an interface to support third party modules
-and its use is not allowed in upstream reference
-policy.
+This template creates a derived domains which are used
+for java applications.
 </p>
 </desc>
-<param name="role">
+<param name="domain">
 <summary>
-Role allowed access.
+The type of the domain to be given java privs.
 </summary>
 </param>
-<rolecap/>
-</interface>
-<tunable name="dbadm_manage_user_files" dftval="false">
+</template>
+<tunable name="allow_java_execstack" dftval="false">
 <desc>
 <p>
-Allow dbadm to manage files in users home directories
+Determine whether java can make
+its stack executable.
 </p>
 </desc>
 </tunable>
-<tunable name="dbadm_read_user_files" dftval="false">
+<tunable name="java_read_generic_user_content" dftval="true">
 <desc>
 <p>
-Allow dbadm to read files in users home directories
+Grant the java domains read access to generic user content
+</p>
+</desc>
+</tunable>
+<tunable name="java_read_all_user_content" dftval="false">
+<desc>
+<p>
+Grant the java domains read access to all user content
+</p>
+</desc>
+</tunable>
+<tunable name="java_manage_generic_user_content" dftval="false">
+<desc>
+<p>
+Grant the java domains manage rights on generic user content
+</p>
+</desc>
+</tunable>
+<tunable name="java_manage_all_user_content" dftval="false">
+<desc>
+<p>
+Grant the java domains manage rights on all user content
 </p>
 </desc>
 </tunable>
 </module>
-<module name="dbskk" filename="policy/modules/contrib/dbskk.if">
-<summary>Dictionary server for the SKK Japanese input method system.</summary>
-</module>
-<module name="dbus" filename="policy/modules/contrib/dbus.if">
-<summary>Desktop messaging bus</summary>
-<interface name="dbus_stub" lineno="13">
+<module name="libmtp" filename="policy/modules/apps/libmtp.if">
+<summary>libmtp: An Initiatior implementation of the Media Transfer Protocol (MTP).</summary>
+<interface name="libmtp_role" lineno="18">
 <summary>
-DBUS stub interface.  No access allowed.
+Role access for libmtp.
 </summary>
-<param name="domain" unused="true">
+<param name="role">
 <summary>
-Domain allowed access
+Role allowed access.
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role.
 </summary>
 </param>
 </interface>
-<template name="dbus_role_template" lineno="41">
+<tunable name="libmtp_enable_home_dirs" dftval="false">
+<desc>
+<p>
+Determine whether libmtp can read
+and manage the user home directories
+and files.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="lightsquid" filename="policy/modules/apps/lightsquid.if">
+<summary>Log analyzer for squid proxy.</summary>
+<interface name="lightsquid_domtrans" lineno="14">
 <summary>
-Role access for dbus
+Execute the lightsquid program in
+the lightsquid domain.
 </summary>
-<param name="role_prefix">
+<param name="domain">
 <summary>
-The prefix of the user role (e.g., user
-is the prefix for user_r).
+Domain allowed to transition.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="lightsquid_run" lineno="40">
 <summary>
-Role allowed access
+Execute lightsquid in the
+lightsquid domain, and allow the
+specified role the lightsquid domain.
 </summary>
-</param>
 <param name="domain">
 <summary>
-User domain for the role
+Domain allowed to transition.
 </summary>
 </param>
-</template>
-<interface name="dbus_system_bus_client" lineno="179">
+<param name="role">
 <summary>
-Template for creating connections to
-the system DBUS.
+Role allowed access.
+</summary>
+</param>
+</interface>
+<interface name="lightsquid_admin" lineno="66">
+<summary>
+All of the rules required to
+administrate an lightsquid environment.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
 </interface>
-<interface name="dbus_session_bus_client" lineno="210">
+<tunable name="allow_httpd_lightsquid_script_anon_write" dftval="false">
+<desc>
+<p>
+Determine whether the script domain can
+modify public files used for public file
+transfer services. Directories/Files must
+be labeled public_content_rw_t.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="livecd" filename="policy/modules/apps/livecd.if">
+<summary>Tool for building alternate livecd for different os and policy versions.</summary>
+<interface name="livecd_domtrans" lineno="13">
 <summary>
-Template for creating connections to
-a user DBUS.
+Execute a domain transition to run livecd.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="dbus_send_session_bus" lineno="235">
+<interface name="livecd_run" lineno="39">
 <summary>
-Send a message the session DBUS.
+Execute livecd in the livecd
+domain, and allow the specified
+role the livecd domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dbus_read_config" lineno="254">
+<interface name="livecd_read_tmp_files" lineno="58">
 <summary>
-Read dbus configuration.
+Read livecd temporary files.
 </summary>
 <param name="domain">
 <summary>
@@ -5368,9 +6141,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dbus_read_lib_files" lineno="273">
+<interface name="livecd_rw_tmp_files" lineno="77">
 <summary>
-Read system dbus lib files.
+Read and write livecd temporary files.
 </summary>
 <param name="domain">
 <summary>
@@ -5378,10 +6151,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dbus_manage_lib_files" lineno="293">
+<interface name="livecd_rw_semaphores" lineno="96">
 <summary>
-Create, read, write, and delete
-system dbus lib files.
+Read and write livecd semaphores.
 </summary>
 <param name="domain">
 <summary>
@@ -5389,38 +6161,41 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dbus_connect_session_bus" lineno="313">
+</module>
+<module name="loadkeys" filename="policy/modules/apps/loadkeys.if">
+<summary>Load keyboard mappings.</summary>
+<interface name="loadkeys_domtrans" lineno="14">
 <summary>
-Connect to the system DBUS
-for service (acquire_svc).
+Execute the loadkeys program in
+the loadkeys domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="dbus_session_domain" lineno="339">
+<interface name="loadkeys_run" lineno="41">
 <summary>
-Allow a application domain to be started
-by the session dbus.
+Execute the loadkeys program in
+the loadkeys domain, and allow the
+specified role the loadkeys domain.
 </summary>
 <param name="domain">
 <summary>
-Type to be used as a domain.
+Domain allowed to transition.
 </summary>
 </param>
-<param name="entry_point">
+<param name="role">
 <summary>
-Type of the program to be used as an
-entry point to this domain.
+Role allowed access.
 </summary>
 </param>
+<rolecap/>
 </interface>
-<interface name="dbus_connect_system_bus" lineno="361">
+<interface name="loadkeys_exec" lineno="60">
 <summary>
-Connect to the system DBUS
-for service (acquire_svc).
+Execute the loadkeys in the caller domain.
 </summary>
 <param name="domain">
 <summary>
@@ -5428,78 +6203,118 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dbus_send_system_bus" lineno="380">
+</module>
+<module name="lockdev" filename="policy/modules/apps/lockdev.if">
+<summary>Library for locking devices.</summary>
+<interface name="lockdev_role" lineno="18">
 <summary>
-Send a message on the system DBUS.
+Role access for lockdev.
 </summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
 <param name="domain">
 <summary>
-Domain allowed access.
+User domain for the role.
 </summary>
 </param>
 </interface>
-<interface name="dbus_system_bus_unconfined" lineno="399">
+</module>
+<module name="man2html" filename="policy/modules/apps/man2html.if">
+<summary>A Unix manpage-to-HTML converter.</summary>
+<tunable name="allow_httpd_man2html_script_anon_write" dftval="false">
+<desc>
+<p>
+Determine whether the script domain can
+modify public files used for public file
+transfer services. Directories/Files must
+be labeled public_content_rw_t.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="mandb" filename="policy/modules/apps/mandb.if">
+<summary>On-line manual database.</summary>
+<interface name="mandb_domtrans" lineno="14">
 <summary>
-Allow unconfined access to the system DBUS.
+Execute the mandb program in
+the mandb domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="dbus_system_domain" lineno="424">
+<interface name="mandb_run" lineno="40">
 <summary>
-Create a domain for processes
-which can be started by the system dbus
+Execute mandb in the mandb
+domain, and allow the specified
+role the mandb domain.
 </summary>
 <param name="domain">
 <summary>
-Type to be used as a domain.
+Domain allowed to transition.
 </summary>
 </param>
-<param name="entry_point">
+<param name="role">
 <summary>
-Type of the program to be used as an entry point to this domain.
+Role allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dbus_use_system_bus_fds" lineno="459">
+<interface name="mandb_admin" lineno="66">
 <summary>
-Use and inherit system DBUS file descriptors.
+All of the rules required to
+administrate an mandb environment.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
 </interface>
-<interface name="dbus_dontaudit_system_bus_rw_tcp_sockets" lineno="477">
+</module>
+<module name="mono" filename="policy/modules/apps/mono.if">
+<summary>Run .NET server and client applications on Linux.</summary>
+<template name="mono_role_template" lineno="30">
 <summary>
-Dontaudit Read, and write system dbus TCP sockets.
+The role template for the mono module.
 </summary>
-<param name="domain">
+<desc>
+<p>
+This template creates a derived domains which are used
+for mono applications.
+</p>
+</desc>
+<param name="role_prefix">
 <summary>
-Domain to not audit.
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
 </summary>
 </param>
-</interface>
-<interface name="dbus_unconfined" lineno="496">
+<param name="user_role">
 <summary>
-Allow unconfined access to the system DBUS.
+The role associated with the user domain.
 </summary>
-<param name="domain">
+</param>
+<param name="user_domain">
 <summary>
-Domain allowed access.
+The type of the user domain.
 </summary>
 </param>
-</interface>
-</module>
-<module name="dcc" filename="policy/modules/contrib/dcc.if">
-<summary>Distributed checksum clearinghouse spam filtering</summary>
-<interface name="dcc_domtrans_cdcc" lineno="13">
+</template>
+<interface name="mono_domtrans" lineno="80">
 <summary>
-Execute cdcc in the cdcc domain.
+Execute mono in the mono domain.
 </summary>
 <param name="domain">
 <summary>
@@ -5507,10 +6322,10 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="dcc_run_cdcc" lineno="39">
+<interface name="mono_run" lineno="105">
 <summary>
-Execute cdcc in the cdcc domain, and
-allow the specified role the cdcc domain.
+Execute mono in the mono domain, and
+allow the specified role the mono domain.
 </summary>
 <param name="domain">
 <summary>
@@ -5522,21 +6337,20 @@ Domain allowed to transition.
 Role allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="dcc_domtrans_client" lineno="58">
+<interface name="mono_exec" lineno="124">
 <summary>
-Execute dcc_client in the dcc_client domain.
+Execute mono in the caller domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dcc_signal_client" lineno="77">
+<interface name="mono_rw_shm" lineno="143">
 <summary>
-Send a signal to the dcc_client.
+Read and write mono shared memory.
 </summary>
 <param name="domain">
 <summary>
@@ -5544,112 +6358,137 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dcc_run_client" lineno="102">
+</module>
+<module name="mozilla" filename="policy/modules/apps/mozilla.if">
+<summary>Policy for Mozilla and related web browsers.</summary>
+<interface name="mozilla_role" lineno="18">
 <summary>
-Execute dcc_client in the dcc_client domain, and
-allow the specified role the dcc_client domain.
+Role access for mozilla.
 </summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+User domain for the role.
 </summary>
 </param>
+</interface>
+<interface name="mozilla_role_plugin" lineno="90">
+<summary>
+Role access for mozilla plugin.
+</summary>
 <param name="role">
 <summary>
 Role allowed access.
 </summary>
 </param>
-<rolecap/>
+<param name="domain">
+<summary>
+User domain for the role.
+</summary>
+</param>
 </interface>
-<interface name="dcc_domtrans_dbclean" lineno="121">
+<interface name="mozilla_read_user_home" lineno="151">
 <summary>
-Execute dbclean in the dcc_dbclean domain.
+Read mozilla home directory content.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dcc_run_dbclean" lineno="147">
+<interface name="mozilla_read_user_home_files" lineno="172">
 <summary>
-Execute dbclean in the dcc_dbclean domain, and
-allow the specified role the dcc_dbclean domain.
+Read mozilla home directory files
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="mozilla_write_user_home_files" lineno="193">
 <summary>
-Role allowed access.
+Write mozilla home directory files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="dcc_stream_connect_dccifd" lineno="166">
+<interface name="mozilla_dontaudit_rw_user_home_files" lineno="213">
 <summary>
-Connect to dccifd over a unix domain stream socket.
+Do not audit attempts to read and
+write mozilla home directory files.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
 </interface>
-</module>
-<module name="ddclient" filename="policy/modules/contrib/ddclient.if">
-<summary>Update dynamic IP address at DynDNS.org</summary>
-<interface name="ddclient_domtrans" lineno="13">
+<interface name="mozilla_dontaudit_manage_user_home_files" lineno="233">
 <summary>
-Execute ddclient in the ddclient domain.
+Do not audit attempt to Create,
+read, write, and delete mozilla
+home directory content.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="ddclient_run" lineno="38">
+<interface name="mozilla_exec_user_plugin_home_files" lineno="253">
 <summary>
-Execute ddclient daemon on behalf of a user or staff type.
+Execute mozilla plugin home directory files.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="mozilla_execmod_user_plugin_home_files" lineno="273">
 <summary>
-Role allowed access.
+Mozilla plugin home directory file
+text relocation.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="ddclient_admin" lineno="64">
+<interface name="mozilla_read_tmp_files" lineno="291">
 <summary>
-All of the rules required to administrate
-an ddclient environment
+Read temporary mozilla files.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="mozilla_domtrans" lineno="309">
 <summary>
-The role to be allowed to manage the ddclient domain.
+Run mozilla in the mozilla domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
 </summary>
 </param>
-<rolecap/>
 </interface>
-</module>
-<module name="ddcprobe" filename="policy/modules/contrib/ddcprobe.if">
-<summary>ddcprobe retrieves monitor and graphics card information</summary>
-<interface name="ddcprobe_domtrans" lineno="13">
+<interface name="mozilla_domtrans_plugin" lineno="329">
 <summary>
-Execute ddcprobe in the ddcprobe domain.
+Execute a domain transition to
+run mozilla plugin.
 </summary>
 <param name="domain">
 <summary>
@@ -5657,10 +6496,12 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="ddcprobe_run" lineno="38">
+<interface name="mozilla_run_plugin" lineno="356">
 <summary>
-Execute ddcprobe in the ddcprobe domain, and
-allow the specified role the ddcprobe domain.
+Execute mozilla plugin in the
+mozilla plugin domain, and allow
+the specified role the mozilla
+plugin domain.
 </summary>
 <param name="domain">
 <summary>
@@ -5669,25 +6510,14 @@ Domain allowed to transition.
 </param>
 <param name="role">
 <summary>
-Role to be authenticated for ddcprobe domain.
+Role allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-</module>
-<module name="denyhosts" filename="policy/modules/contrib/denyhosts.if">
-<summary>DenyHosts SSH dictionary attack mitigation</summary>
-<desc>
-<p>
-DenyHosts is a script intended to be run by Linux
-system administrators to help thwart SSH server attacks
-(also known as dictionary based attacks and brute force
-attacks).
-</p>
-</desc>
-<interface name="denyhosts_domtrans" lineno="21">
+<interface name="mozilla_domtrans_plugin_config" lineno="376">
 <summary>
-Execute a domain transition to run denyhosts.
+Execute a domain transition to
+run mozilla plugin config.
 </summary>
 <param name="domain">
 <summary>
@@ -5695,49 +6525,60 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="denyhosts_initrc_domtrans" lineno="39">
+<interface name="mozilla_run_plugin_config" lineno="403">
 <summary>
-Execute denyhost server in the denyhost domain.
+Execute mozilla plugin config in
+the mozilla plugin config domain,
+and allow the specified role the
+mozilla plugin config domain.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed to transition.
 </summary>
 </param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
 </interface>
-<interface name="denyhosts_admin" lineno="63">
+<interface name="mozilla_dbus_chat" lineno="423">
 <summary>
-All of the rules required to administrate
-an denyhosts environment.
+Send and receive messages from
+mozilla over dbus.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="mozilla_dbus_chat_plugin" lineno="444">
 <summary>
-Role allowed access.
+Send and receive messages from
+mozilla plugin over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
 </interface>
-</module>
-<module name="devicekit" filename="policy/modules/contrib/devicekit.if">
-<summary>Devicekit modular hardware abstraction layer</summary>
-<interface name="devicekit_domtrans" lineno="13">
+<interface name="mozilla_rw_tcp_sockets" lineno="464">
 <summary>
-Execute a domain transition to run devicekit.
+Read and write mozilla TCP sockets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="devicekit_dgram_send" lineno="32">
+<interface name="mozilla_manage_plugin_rw_files" lineno="483">
 <summary>
-Send to devicekit over a unix domain
-datagram socket.
+Create, read, write, and delete
+mozilla plugin rw files.
 </summary>
 <param name="domain">
 <summary>
@@ -5745,10 +6586,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="devicekit_dbus_chat" lineno="51">
+<interface name="mozilla_plugin_read_tmpfs_files" lineno="502">
 <summary>
-Send and receive messages from
-devicekit over dbus.
+Read mozilla_plugin tmpfs files.
 </summary>
 <param name="domain">
 <summary>
@@ -5756,10 +6596,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="devicekit_dbus_chat_disk" lineno="72">
+<interface name="mozilla_plugin_delete_tmpfs_files" lineno="521">
 <summary>
-Send and receive messages from
-devicekit disk over dbus.
+Delete mozilla_plugin tmpfs files.
 </summary>
 <param name="domain">
 <summary>
@@ -5767,20 +6606,20 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="devicekit_signal_power" lineno="92">
+<interface name="mozilla_rw_tmp_pipes" lineno="540">
 <summary>
-Send signal devicekit power
+Read/write to mozilla's tmp fifo files
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed access
 </summary>
 </param>
 </interface>
-<interface name="devicekit_dbus_chat_power" lineno="111">
+<interface name="mozilla_manage_generic_plugin_home_content" lineno="559">
 <summary>
-Send and receive messages from
-devicekit power over dbus.
+Create, read, write, and delete
+generic mozilla plugin home content.
 </summary>
 <param name="domain">
 <summary>
@@ -5788,44 +6627,122 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="devicekit_read_pid_files" lineno="131">
+<interface name="mozilla_home_filetrans_plugin_home" lineno="594">
 <summary>
-Read devicekit PID files.
+Create objects in user home
+directories with the generic mozilla
+plugin home type.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<param name="object_class">
+<summary>
+Class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
 </interface>
-<interface name="devicekit_admin" lineno="162">
+<interface name="mozilla_dontaudit_use_fds" lineno="614">
 <summary>
-All of the rules required to administrate
-an devicekit environment
+Do not audit use of mozilla file descriptors
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to dont audit access from
 </summary>
 </param>
+</interface>
+<interface name="mozilla_send_dgram_plugin" lineno="632">
+<summary>
+Send messages to mozilla plugin unix datagram sockets
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<tunable name="mozilla_execstack" dftval="false">
+<desc>
+<p>
+Determine whether mozilla can
+make its stack executable.
+</p>
+</desc>
+</tunable>
+<tunable name="mozilla_read_generic_user_content" dftval="true">
+<desc>
+<p>
+Grant the mozilla domains read access to generic user content
+</p>
+</desc>
+</tunable>
+<tunable name="mozilla_read_all_user_content" dftval="false">
+<desc>
+<p>
+Grant the mozilla domains read access to all user content
+</p>
+</desc>
+</tunable>
+<tunable name="mozilla_manage_generic_user_content" dftval="false">
+<desc>
+<p>
+Grant the mozilla domains manage rights on generic user content
+</p>
+</desc>
+</tunable>
+<tunable name="mozilla_manage_all_user_content" dftval="false">
+<desc>
+<p>
+Grant the mozilla domains manage rights on all user content
+</p>
+</desc>
+</tunable>
+<tunable name="mozilla_bind_all_unreserved_ports" dftval="false">
+<desc>
+<p>
+Determine whether mozilla firefox can bind TCP sockets to all
+unreserved ports (for instance used with various Proxy
+management extensions).
+</p>
+</desc>
+</tunable>
+<tunable name="mozilla_plugin_connect_all_unreserved" dftval="false">
+<desc>
+<p>
+Determine whether mozilla firefox plugins can connect to
+unreserved ports (for instance when dealing with Google Talk)
+</p>
+</desc>
+</tunable>
+</module>
+<module name="mplayer" filename="policy/modules/apps/mplayer.if">
+<summary>Mplayer media player and encoder.</summary>
+<interface name="mplayer_role" lineno="18">
+<summary>
+Role access for mplayer
+</summary>
 <param name="role">
 <summary>
-The role to be allowed to manage the devicekit domain.
+Role allowed access
 </summary>
 </param>
-<param name="terminal">
+<param name="domain">
 <summary>
-The type of the user terminal.
+User domain for the role
 </summary>
 </param>
-<rolecap/>
 </interface>
-</module>
-<module name="dhcp" filename="policy/modules/contrib/dhcp.if">
-<summary>Dynamic host configuration protocol (DHCP) server</summary>
-<interface name="dhcpd_domtrans" lineno="13">
+<interface name="mplayer_domtrans" lineno="65">
 <summary>
-Transition to dhcpd.
+Run mplayer in mplayer domain.
 </summary>
 <param name="domain">
 <summary>
@@ -5833,10 +6750,9 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="dhcpd_setattr_state_files" lineno="33">
+<interface name="mplayer_exec" lineno="85">
 <summary>
-Set the attributes of the DCHP
-server state files.
+Execute mplayer in the caller domain.
 </summary>
 <param name="domain">
 <summary>
@@ -5844,91 +6760,168 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dhcpd_initrc_domtrans" lineno="53">
+<interface name="mplayer_read_user_home_files" lineno="104">
 <summary>
-Execute dhcp server in the dhcp domain.
+Read mplayer user home content files.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dhcpd_admin" lineno="78">
+<interface name="mplayer_manage_generic_home_content" lineno="124">
 <summary>
-All of the rules required to administrate
-an dhcp environment
+Create, read, write, and delete
+generic mplayer home content.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="mplayer_home_filetrans_mplayer_home" lineno="157">
 <summary>
-The role to be allowed to manage the dhcp domain.
+Create specified objects in user home
+directories with the generic mplayer
+home type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+Class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<tunable name="dhcpd_use_ldap" dftval="false">
+<tunable name="allow_mplayer_execstack" dftval="false">
+<desc>
+<p>
+Determine whether mplayer can make
+its stack executable.
+</p>
+</desc>
+</tunable>
+<tunable name="mplayer_mencoder_read_generic_user_content" dftval="true">
+<desc>
+<p>
+Grant the mplayer_mencoder domains read access to generic user content
+</p>
+</desc>
+</tunable>
+<tunable name="mplayer_mencoder_read_all_user_content" dftval="false">
+<desc>
+<p>
+Grant the mplayer_mencoder domains read access to all user content
+</p>
+</desc>
+</tunable>
+<tunable name="mplayer_mencoder_manage_generic_user_content" dftval="false">
+<desc>
+<p>
+Grant the mplayer_mencoder domains manage rights on generic user content
+</p>
+</desc>
+</tunable>
+<tunable name="mplayer_mencoder_manage_all_user_content" dftval="false">
+<desc>
+<p>
+Grant the mplayer_mencoder domains manage rights on all user content
+</p>
+</desc>
+</tunable>
+<tunable name="mplayer_read_generic_user_content" dftval="true">
+<desc>
+<p>
+Grant the mplayer domains read access to generic user content
+</p>
+</desc>
+</tunable>
+<tunable name="mplayer_read_all_user_content" dftval="false">
+<desc>
+<p>
+Grant the mplayer domains read access to all user content
+</p>
+</desc>
+</tunable>
+<tunable name="mplayer_manage_generic_user_content" dftval="false">
+<desc>
+<p>
+Grant the mplayer domains manage rights on generic user content
+</p>
+</desc>
+</tunable>
+<tunable name="mplayer_manage_all_user_content" dftval="false">
 <desc>
 <p>
-Allow DHCP daemon to use LDAP backends
+Grant the mplayer domains manage rights on all user content
 </p>
 </desc>
 </tunable>
 </module>
-<module name="dictd" filename="policy/modules/contrib/dictd.if">
-<summary>Dictionary daemon</summary>
-<interface name="dictd_tcp_connect" lineno="14">
+<module name="openoffice" filename="policy/modules/apps/openoffice.if">
+<summary>Openoffice suite.</summary>
+<interface name="ooffice_role" lineno="18">
 <summary>
-Use dictionary services by connecting
-over TCP.  (Deprecated)
+Role access for openoffice.
 </summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
 <param name="domain">
 <summary>
-Domain allowed access.
+User domain for the role.
 </summary>
 </param>
 </interface>
-<interface name="dictd_admin" lineno="35">
+<interface name="ooffice_domtrans" lineno="48">
 <summary>
-All of the rules required to administrate
-an dictd environment
+Run openoffice in its own domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="ooffice_dontaudit_exec_tmp_files" lineno="67">
 <summary>
-The role to be allowed to manage the dictd domain.
+Do not audit attempts to execute
+files in temporary directories.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
 </interface>
-</module>
-<module name="distcc" filename="policy/modules/contrib/distcc.if">
-<summary>Distributed compiler daemon</summary>
-</module>
-<module name="djbdns" filename="policy/modules/contrib/djbdns.if">
-<summary>small and secure DNS daemon</summary>
-<template name="djbdns_daemontools_domain_template" lineno="14">
+<interface name="ooffice_rw_tmp_files" lineno="86">
 <summary>
-Create a set of derived types for djbdns
-components that are directly supervised by daemontools.
+Read and write temporary
+openoffice files.
 </summary>
-<param name="prefix">
+<param name="domain">
 <summary>
-The prefix to be used for deriving type names.
+Domain allowed access.
 </summary>
 </param>
-</template>
-<interface name="djbdns_search_tinydns_keys" lineno="66">
+</interface>
+<interface name="ooffice_dbus_chat" lineno="106">
 <summary>
-Allow search the djbdns-tinydns key ring.
+Send and receive dbus messages
+from and to the openoffice
+domain.
 </summary>
 <param name="domain">
 <summary>
@@ -5936,9 +6929,10 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="djbdns_link_tinydns_keys" lineno="84">
+<interface name="ooffice_stream_connect" lineno="127">
 <summary>
-Allow link to the djbdns-tinydns key ring.
+Connect to openoffice using a
+unix domain stream socket.
 </summary>
 <param name="domain">
 <summary>
@@ -5946,15 +6940,92 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
+<tunable name="openoffice_allow_update" dftval="true">
+<desc>
+<p>
+Determine whether openoffice can
+download software updates from the
+network (application and/or
+extensions).
+</p>
+</desc>
+</tunable>
+<tunable name="openoffice_allow_email" dftval="false">
+<desc>
+<p>
+Determine whether openoffice writer
+can send emails directly (print to
+email). This is different from the
+functionality of sending emails
+through external clients which is
+always enabled.
+</p>
+</desc>
+</tunable>
+<tunable name="openoffice_read_generic_user_content" dftval="true">
+<desc>
+<p>
+Grant the openoffice domains read access to generic user content
+</p>
+</desc>
+</tunable>
+<tunable name="openoffice_read_all_user_content" dftval="false">
+<desc>
+<p>
+Grant the openoffice domains read access to all user content
+</p>
+</desc>
+</tunable>
+<tunable name="openoffice_manage_generic_user_content" dftval="false">
+<desc>
+<p>
+Grant the openoffice domains manage rights on generic user content
+</p>
+</desc>
+</tunable>
+<tunable name="openoffice_manage_all_user_content" dftval="false">
+<desc>
+<p>
+Grant the openoffice domains manage rights on all user content
+</p>
+</desc>
+</tunable>
 </module>
-<module name="dkim" filename="policy/modules/contrib/dkim.if">
-<summary>DomainKeys Identified Mail milter.</summary>
+<module name="podsleuth" filename="policy/modules/apps/podsleuth.if">
+<summary>Podsleuth is a tool to get information about an Apple (TM) iPod (TM).</summary>
+<interface name="podsleuth_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run podsleuth.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="podsleuth_run" lineno="39">
+<summary>
+Execute podsleuth in the podsleuth
+domain, and allow the specified role
+the podsleuth domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
 </module>
-<module name="dmidecode" filename="policy/modules/contrib/dmidecode.if">
-<summary>Decode DMI data for x86/ia64 bioses.</summary>
-<interface name="dmidecode_domtrans" lineno="13">
+<module name="ptchown" filename="policy/modules/apps/ptchown.if">
+<summary>helper function for grantpt(3), changes ownship and permissions of pseudotty.</summary>
+<interface name="ptchown_domtrans" lineno="13">
 <summary>
-Execute dmidecode in the dmidecode domain.
+Execute a domain transition to run ptchown.
 </summary>
 <param name="domain">
 <summary>
@@ -5962,10 +7033,21 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="dmidecode_run" lineno="43">
+<interface name="ptchown_exec" lineno="32">
+<summary>
+Execute ptchown in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ptchown_run" lineno="58">
 <summary>
-Execute dmidecode in the dmidecode domain, and
-allow the specified role the dmidecode domain.
+Execute ptchown in the ptchown
+domain, and allow the specified
+role the ptchown domain.
 </summary>
 <param name="domain">
 <summary>
@@ -5977,14 +7059,28 @@ Domain allowed to transition.
 Role allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
 </module>
-<module name="dnsmasq" filename="policy/modules/contrib/dnsmasq.if">
-<summary>dnsmasq DNS forwarder and DHCP server</summary>
-<interface name="dnsmasq_domtrans" lineno="14">
+<module name="pulseaudio" filename="policy/modules/apps/pulseaudio.if">
+<summary>Pulseaudio network sound server.</summary>
+<interface name="pulseaudio_role" lineno="18">
 <summary>
-Execute dnsmasq server in the dnsmasq domain.
+Role access for pulseaudio.
+</summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role.
+</summary>
+</param>
+</interface>
+<interface name="pulseaudio_domtrans" lineno="56">
+<summary>
+Execute a domain transition to run pulseaudio.
 </summary>
 <param name="domain">
 <summary>
@@ -5992,19 +7088,26 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="dnsmasq_initrc_domtrans" lineno="34">
+<interface name="pulseaudio_run" lineno="85">
 <summary>
-Execute the dnsmasq init script in the init script domain.
+Execute pulseaudio in the pulseaudio
+domain, and allow the specified role
+the pulseaudio domain.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed to transition.
 </summary>
 </param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
 </interface>
-<interface name="dnsmasq_signal" lineno="53">
+<interface name="pulseaudio_exec" lineno="104">
 <summary>
-Send dnsmasq a signal
+Execute pulseaudio in the caller domain.
 </summary>
 <param name="domain">
 <summary>
@@ -6012,19 +7115,20 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dnsmasq_signull" lineno="72">
+<interface name="pulseaudio_dontaudit_exec" lineno="123">
 <summary>
-Send dnsmasq a signull
+Do not audit attempts to execute pulseaudio.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dnsmasq_kill" lineno="91">
+<interface name="pulseaudio_signull" lineno="142">
 <summary>
-Send dnsmasq a kill signal.
+Send null signals to pulseaudio.
+processes.
 </summary>
 <param name="domain">
 <summary>
@@ -6032,9 +7136,10 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dnsmasq_read_config" lineno="109">
+<interface name="pulseaudio_use_fds" lineno="161">
 <summary>
-Read dnsmasq config files.
+Use file descriptors for
+pulseaudio.
 </summary>
 <param name="domain">
 <summary>
@@ -6042,9 +7147,10 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dnsmasq_write_config" lineno="128">
+<interface name="pulseaudio_dontaudit_use_fds" lineno="180">
 <summary>
-Write to dnsmasq config files.
+Do not audit attempts to use the
+file descriptors for pulseaudio.
 </summary>
 <param name="domain">
 <summary>
@@ -6052,9 +7158,10 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dnsmasq_delete_pid_files" lineno="148">
+<interface name="pulseaudio_stream_connect" lineno="199">
 <summary>
-Delete dnsmasq pid files
+Connect to pulseaudio with a unix
+domain stream socket.
 </summary>
 <param name="domain">
 <summary>
@@ -6062,9 +7169,10 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dnsmasq_read_pid_files" lineno="167">
+<interface name="pulseaudio_dbus_chat" lineno="219">
 <summary>
-Read dnsmasq pid files
+Send and receive messages from
+pulseaudio over dbus.
 </summary>
 <param name="domain">
 <summary>
@@ -6072,90 +7180,157 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dnsmasq_admin" lineno="192">
+<interface name="pulseaudio_setattr_home_dir" lineno="239">
 <summary>
-All of the rules required to administrate
-an dnsmasq environment
+Set attributes of pulseaudio home directories.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="pulseaudio_read_home" lineno="257">
+<summary>
+Read pulseaudio home content.
+</summary>
+<param name="domain">
 <summary>
-The role to be allowed to manage the dnsmasq domain.
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-</module>
-<module name="dovecot" filename="policy/modules/contrib/dovecot.if">
-<summary>Dovecot POP and IMAP mail server</summary>
-<interface name="dovecot_stream_connect_auth" lineno="14">
+<interface name="pulseaudio_rw_home_files" lineno="278">
 <summary>
-Connect to dovecot auth unix domain stream socket.
+Read and write Pulse Audio files.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="dovecot_domtrans_deliver" lineno="32">
+<interface name="pulseaudio_manage_home" lineno="299">
 <summary>
-Execute dovecot_deliver in the dovecot_deliver domain.
+Create, read, write, and delete
+pulseaudio home content.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dovecot_manage_spool" lineno="50">
+<interface name="pulseaudio_home_filetrans_pulseaudio_home" lineno="332">
 <summary>
-Create, read, write, and delete the dovecot spool files.
+Create objects in user home
+directories with the pulseaudio
+home type.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<param name="object_class">
+<summary>
+Class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
 </interface>
-<interface name="dovecot_dontaudit_unlink_lib_files" lineno="69">
+<interface name="pulseaudio_tmpfs_content" lineno="351">
+<summary>
+Make the specified tmpfs file type
+pulseaudio tmpfs content.
+</summary>
+<param name="file_type">
 <summary>
-Do not audit attempts to delete dovecot lib files.
+File type to make pulseaudio tmpfs content.
+</summary>
+</param>
+</interface>
+<interface name="pulseaudio_read_tmpfs_files" lineno="369">
+<summary>
+Read pulseaudio tmpfs files.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dovecot_admin" lineno="94">
+<interface name="pulseaudio_rw_tmpfs_files" lineno="389">
 <summary>
-All of the rules required to administrate
-an dovecot environment
+Read and write pulseaudio tmpfs
+files.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="pulseaudio_client_domain" lineno="417">
+<summary>
+Mark the specified domain as a PulseAudio client domain
+and the related tmpfs file type as a (shared) PulseAudio tmpfs
+file type used for the shared memory access
+</summary>
+<param name="domain">
 <summary>
-The role to be allowed to manage the dovecot domain.
+Domain to become a PulseAudio client domain
+</summary>
+</param>
+<param name="tmpfstype">
+<summary>
+Tmpfs type used for shared memory of the given domain
 </summary>
 </param>
-<rolecap/>
 </interface>
+<tunable name="pulseaudio_execmem" dftval="false">
+<desc>
+<p>
+Allow pulseaudio to execute code in
+writable memory
+</p>
+</desc>
+</tunable>
 </module>
-<module name="dpkg" filename="policy/modules/contrib/dpkg.if">
-<summary>Policy for the Debian package manager.</summary>
-<interface name="dpkg_domtrans" lineno="15">
+<module name="qemu" filename="policy/modules/apps/qemu.if">
+<summary>QEMU machine emulator and virtualizer.</summary>
+<template name="qemu_domain_template" lineno="13">
 <summary>
-Execute dpkg programs in the dpkg domain.
+The template to define a qemu domain.
+</summary>
+<param name="domain_prefix">
+<summary>
+Domain prefix to be used.
+</summary>
+</param>
+</template>
+<template name="qemu_role" lineno="114">
+<summary>
+Role access for qemu.
+</summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role.
+</summary>
+</param>
+</template>
+<interface name="qemu_domtrans" lineno="135">
+<summary>
+Execute a domain transition to run qemu.
 </summary>
 <param name="domain">
 <summary>
@@ -6163,19 +7338,21 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="dpkg_domtrans_script" lineno="35">
+<interface name="qemu_exec" lineno="154">
 <summary>
-Execute dpkg_script programs in the dpkg_script domain.
+Execute a qemu in the caller domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dpkg_run" lineno="63">
+<interface name="qemu_run" lineno="181">
 <summary>
-Execute dpkg programs in the dpkg domain.
+Execute qemu in the qemu domain,
+and allow the specified role the
+qemu domain.
 </summary>
 <param name="domain">
 <summary>
@@ -6184,24 +7361,24 @@ Domain allowed to transition.
 </param>
 <param name="role">
 <summary>
-The role to allow the dpkg domain.
+Role allowed access.
 </summary>
 </param>
 <rolecap/>
 </interface>
-<interface name="dpkg_use_fds" lineno="82">
+<interface name="qemu_read_state" lineno="200">
 <summary>
-Inherit and use file descriptors from dpkg.
+Read qemu process state files.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to allow access.
 </summary>
 </param>
 </interface>
-<interface name="dpkg_read_pipes" lineno="100">
+<interface name="qemu_setsched" lineno="221">
 <summary>
-Read from an unnamed dpkg pipe.
+Set qemu scheduler.
 </summary>
 <param name="domain">
 <summary>
@@ -6209,9 +7386,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dpkg_rw_pipes" lineno="118">
+<interface name="qemu_signal" lineno="239">
 <summary>
-Read and write an unnamed dpkg pipe.
+Send generic signals to qemu.
 </summary>
 <param name="domain">
 <summary>
@@ -6219,9 +7396,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dpkg_use_script_fds" lineno="136">
+<interface name="qemu_kill" lineno="257">
 <summary>
-Inherit and use file descriptors from dpkg scripts.
+Send kill signals to qemu.
 </summary>
 <param name="domain">
 <summary>
@@ -6229,9 +7406,10 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dpkg_read_db" lineno="154">
+<interface name="qemu_stream_connect" lineno="276">
 <summary>
-Read the dpkg package database.
+Connect to qemu with a unix
+domain stream socket.
 </summary>
 <param name="domain">
 <summary>
@@ -6239,9 +7417,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dpkg_manage_db" lineno="175">
+<interface name="qemu_delete_pid_sock_file" lineno="295">
 <summary>
-Create, read, write, and delete the dpkg package database.
+Unlink qemu socket
 </summary>
 <param name="domain">
 <summary>
@@ -6249,20 +7427,21 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dpkg_dontaudit_manage_db" lineno="196">
+<interface name="qemu_domtrans_unconfined" lineno="314">
 <summary>
-Do not audit attempts to create, read,
-write, and delete the dpkg package database.
+Execute a domain transition to
+run qemu unconfined.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="dpkg_lock_db" lineno="216">
+<interface name="qemu_manage_tmp_dirs" lineno="334">
 <summary>
-Lock the dpkg package database.
+Create, read, write, and delete
+qemu temporary directories.
 </summary>
 <param name="domain">
 <summary>
@@ -6270,79 +7449,103 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-</module>
-<module name="entropyd" filename="policy/modules/contrib/entropyd.if">
-<summary>Generate entropy from audio input</summary>
-<tunable name="entropyd_use_audio" dftval="false">
+<interface name="qemu_manage_tmp_files" lineno="354">
+<summary>
+Create, read, write, and delete
+qemu temporary files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="qemu_spec_domtrans" lineno="388">
+<summary>
+Execute qemu in a specified domain.
+</summary>
 <desc>
 <p>
-Allow the use of the audio devices as the source for the entropy feeds
+Execute qemu in a specified domain.
+</p>
+<p>
+No interprocess communication (signals, pipes,
+etc.) is provided by this interface since
+the domains are not owned by this module.
 </p>
 </desc>
-</tunable>
-</module>
-<module name="evolution" filename="policy/modules/contrib/evolution.if">
-<summary>Evolution email client</summary>
-<interface name="evolution_role" lineno="18">
+<param name="source_domain">
 <summary>
-Role access for evolution
+Domain allowed to transition.
 </summary>
-<param name="role">
+</param>
+<param name="target_domain">
 <summary>
-Role allowed access
+Domain to transition to.
 </summary>
 </param>
+</interface>
+<interface name="qemu_entry_type" lineno="408">
+<summary>
+Make qemu executable files an
+entrypoint for the specified domain.
+</summary>
 <param name="domain">
 <summary>
-User domain for the role
+The domain for which qemu_exec_t is an entrypoint.
 </summary>
 </param>
 </interface>
-<interface name="evolution_home_filetrans" lineno="85">
+<interface name="qemu_rw_pid_sock_files" lineno="428">
 <summary>
-Create objects in users evolution home folders.
+Read/write to qemu socket files in /var/run
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="file_type">
+</interface>
+<tunable name="qemu_full_network" dftval="false">
+<desc>
+<p>
+Determine whether qemu has full
+access to the network.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="rssh" filename="policy/modules/apps/rssh.if">
+<summary>Restricted (scp/sftp) only shell.</summary>
+<interface name="rssh_role" lineno="18">
 <summary>
-Private file type.
+Role access for rssh.
 </summary>
-</param>
-<param name="class">
+<param name="role">
 <summary>
-The object class of the object being created.
+Role allowed access.
 </summary>
 </param>
-</interface>
-<interface name="evolution_stream_connect" lineno="104">
-<summary>
-Connect to evolution unix stream socket.
-</summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+User domain for the role.
 </summary>
 </param>
 </interface>
-<interface name="evolution_dbus_chat" lineno="124">
+<interface name="rssh_spec_domtrans" lineno="46">
 <summary>
-Send and receive messages from
-evolution over dbus.
+Execute rssh in the rssh domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="evolution_alarm_dbus_chat" lineno="145">
+<interface name="rssh_exec" lineno="66">
 <summary>
-Send and receive messages from
-evolution_alarm over dbus.
+Execute the rssh program
+in the caller domain.
 </summary>
 <param name="domain">
 <summary>
@@ -6350,12 +7553,10 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-</module>
-<module name="exim" filename="policy/modules/contrib/exim.if">
-<summary>Exim mail transfer agent</summary>
-<interface name="exim_domtrans" lineno="13">
+<interface name="rssh_domtrans_chroot_helper" lineno="86">
 <summary>
-Execute a domain transition to run exim.
+Execute a domain transition to
+run rssh chroot helper.
 </summary>
 <param name="domain">
 <summary>
@@ -6363,84 +7564,111 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="exim_dontaudit_read_tmp_files" lineno="32">
+<interface name="rssh_read_ro_content" lineno="105">
 <summary>
-Do not audit attempts to read,
-exim tmp files
+Read users rssh read-only content.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="exim_read_tmp_files" lineno="50">
+</module>
+<module name="sambagui" filename="policy/modules/apps/sambagui.if">
+<summary>system-config-samba dbus service.</summary>
+</module>
+<module name="screen" filename="policy/modules/apps/screen.if">
+<summary>GNU terminal multiplexer.</summary>
+<template name="screen_role_template" lineno="24">
 <summary>
-Allow domain to read, exim tmp files
+The role template for the screen module.
 </summary>
-<param name="domain">
+<param name="role_prefix">
 <summary>
-Domain allowed access.
+The prefix of the user role (e.g., user
+is the prefix for user_r).
 </summary>
 </param>
-</interface>
-<interface name="exim_read_pid_files" lineno="69">
+<param name="user_role">
 <summary>
-Read exim PID files.
+The role associated with the user domain.
 </summary>
-<param name="domain">
+</param>
+<param name="user_domain">
 <summary>
-Domain allowed access.
+The type of the user domain.
 </summary>
 </param>
-</interface>
-<interface name="exim_read_log" lineno="89">
+</template>
+</module>
+<module name="seunshare" filename="policy/modules/apps/seunshare.if">
+<summary>Filesystem namespacing/polyinstantiation application.</summary>
+<interface name="seunshare_domtrans" lineno="13">
 <summary>
-Allow the specified domain to read exim's log files.
+Execute a domain transition to run seunshare.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="exim_append_log" lineno="109">
+<interface name="seunshare_run" lineno="37">
 <summary>
-Allow the specified domain to append
-exim log files.
+Execute seunshare in the seunshare domain, and
+allow the specified role the seunshare domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
 </summary>
 </param>
 </interface>
-<interface name="exim_manage_log" lineno="129">
+<interface name="seunshare_role" lineno="69">
+<summary>
+Role access for seunshare
+</summary>
+<param name="role">
 <summary>
-Allow the specified domain to manage exim's log files.
+Role allowed access.
 </summary>
+</param>
 <param name="domain">
 <summary>
-Domain allowed access.
+User domain for the role.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="exim_manage_spool_dirs" lineno="149">
+</module>
+<module name="sigrok" filename="policy/modules/apps/sigrok.if">
+<summary>sigrok signal analysis software suite.</summary>
+<interface name="sigrok_run" lineno="18">
 <summary>
-Create, read, write, and delete
-exim spool dirs.
+Execute sigrok in its domain.
 </summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
 <param name="domain">
 <summary>
-Domain allowed access.
+User domain for the role.
 </summary>
 </param>
 </interface>
-<interface name="exim_read_spool_files" lineno="168">
+</module>
+<module name="slocate" filename="policy/modules/apps/slocate.if">
+<summary>Update database for mlocate.</summary>
+<interface name="locate_read_lib_files" lineno="13">
 <summary>
-Read exim spool files.
+Read locate lib files.
 </summary>
 <param name="domain">
 <summary>
@@ -6448,56 +7676,107 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="exim_manage_spool_files" lineno="189">
+</module>
+<module name="syncthing" filename="policy/modules/apps/syncthing.if">
+<summary>Application that lets you synchronize your files across multiple devices.</summary>
+<interface name="syncthing_role" lineno="18">
 <summary>
-Create, read, write, and delete
-exim spool files.
+Role access for Syncthing
 </summary>
+<param name="role">
+<summary>
+Role allowed access
+</summary>
+</param>
 <param name="domain">
 <summary>
-Domain allowed access.
+User domain for the role
 </summary>
 </param>
 </interface>
-<tunable name="exim_can_connect_db" dftval="false">
+<tunable name="syncthing_read_generic_user_content" dftval="true">
 <desc>
 <p>
-Allow exim to connect to databases (postgres, mysql)
+Grant the syncthing domains read access to generic user content
 </p>
 </desc>
 </tunable>
-<tunable name="exim_read_user_files" dftval="false">
+<tunable name="syncthing_read_all_user_content" dftval="false">
 <desc>
 <p>
-Allow exim to read unprivileged user files.
+Grant the syncthing domains read access to all user content
 </p>
 </desc>
 </tunable>
-<tunable name="exim_manage_user_files" dftval="false">
+<tunable name="syncthing_manage_generic_user_content" dftval="false">
+<desc>
+<p>
+Grant the syncthing domains manage rights on generic user content
+</p>
+</desc>
+</tunable>
+<tunable name="syncthing_manage_all_user_content" dftval="false">
 <desc>
 <p>
-Allow exim to create, read, write, and delete
-unprivileged user files.
+Grant the syncthing domains manage rights on all user content
 </p>
 </desc>
 </tunable>
 </module>
-<module name="fail2ban" filename="policy/modules/contrib/fail2ban.if">
-<summary>Update firewall filtering to ban IP addresses with too many password failures.</summary>
-<interface name="fail2ban_domtrans" lineno="13">
+<module name="telepathy" filename="policy/modules/apps/telepathy.if">
+<summary>Telepathy communications framework.</summary>
+<template name="telepathy_domain_template" lineno="13">
 <summary>
-Execute a domain transition to run fail2ban.
+The template to define a telepathy domain.
+</summary>
+<param name="domain_prefix">
+<summary>
+Domain prefix to be used.
+</summary>
+</param>
+</template>
+<template name="telepathy_role_template" lineno="59">
+<summary>
+The role template for the telepathy module.
+</summary>
+<desc>
+<p>
+This template creates a derived domains which are used
+for window manager applications.
+</p>
+</desc>
+<param name="role_prefix">
+<summary>
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+</summary>
+</param>
+<param name="user_role">
+<summary>
+The role associated with the user domain.
+</summary>
+</param>
+<param name="user_domain">
+<summary>
+The type of the user domain.
+</summary>
+</param>
+</template>
+<interface name="telepathy_gabble_stream_connect" lineno="137">
+<summary>
+Connect to gabble with a unix
+domain stream socket.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fail2ban_stream_connect" lineno="32">
+<interface name="telepathy_gabble_dbus_chat" lineno="157">
 <summary>
-Connect to fail2ban over a unix domain
-stream socket.
+Send dbus messages to and from
+gabble.
 </summary>
 <param name="domain">
 <summary>
@@ -6505,9 +7784,10 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fail2ban_rw_stream_sockets" lineno="51">
+<interface name="telepathy_mission_control_dbus_chat" lineno="178">
 <summary>
-Read and write to an fail2ban unix stream socket.
+Send dbus messages to and from
+mission control.
 </summary>
 <param name="domain">
 <summary>
@@ -6515,9 +7795,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fail2ban_read_lib_files" lineno="69">
+<interface name="telepathy_mission_control_read_state" lineno="198">
 <summary>
-Read fail2ban lib files.
+Read mission control process state files.
 </summary>
 <param name="domain">
 <summary>
@@ -6525,21 +7805,21 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fail2ban_read_log" lineno="89">
+<interface name="telepathy_msn_stream_connect" lineno="220">
 <summary>
-Allow the specified domain to read fail2ban's log files.
+Connect to msn with a unix
+domain stream socket.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="fail2ban_append_log" lineno="110">
+<interface name="telepathy_salut_stream_connect" lineno="240">
 <summary>
-Allow the specified domain to append
-fail2ban log files.
+Connect to salut with a unix
+domain stream socket.
 </summary>
 <param name="domain">
 <summary>
@@ -6547,64 +7827,128 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fail2ban_read_pid_files" lineno="130">
+<tunable name="telepathy_tcp_connect_generic_network_ports" dftval="false">
+<desc>
+<p>
+Determine whether telepathy connection
+managers can connect to generic tcp ports.
+</p>
+</desc>
+</tunable>
+<tunable name="telepathy_connect_all_ports" dftval="false">
+<desc>
+<p>
+Determine whether telepathy connection
+managers can connect to any port.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="thunderbird" filename="policy/modules/apps/thunderbird.if">
+<summary>Thunderbird email client.</summary>
+<interface name="thunderbird_role" lineno="18">
 <summary>
-Read fail2ban PID files.
+Role access for thunderbird.
+</summary>
+<param name="role">
+<summary>
+Role allowed access.
 </summary>
+</param>
 <param name="domain">
 <summary>
-Domain allowed access.
+User domain for the role.
 </summary>
 </param>
 </interface>
-<interface name="fail2ban_admin" lineno="156">
+<interface name="thunderbird_domtrans" lineno="52">
 <summary>
-All of the rules required to administrate
-an fail2ban environment
+Execute thunderbird in the thunderbird domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
+</interface>
+<tunable name="thunderbird_read_generic_user_content" dftval="true">
+<desc>
+<p>
+Grant the thunderbird domains read access to generic user content
+</p>
+</desc>
+</tunable>
+<tunable name="thunderbird_read_all_user_content" dftval="false">
+<desc>
+<p>
+Grant the thunderbird domains read access to all user content
+</p>
+</desc>
+</tunable>
+<tunable name="thunderbird_manage_generic_user_content" dftval="false">
+<desc>
+<p>
+Grant the thunderbird domains manage rights on generic user content
+</p>
+</desc>
+</tunable>
+<tunable name="thunderbird_manage_all_user_content" dftval="false">
+<desc>
+<p>
+Grant the thunderbird domains manage rights on all user content
+</p>
+</desc>
+</tunable>
+</module>
+<module name="tvtime" filename="policy/modules/apps/tvtime.if">
+<summary>High quality television application.</summary>
+<interface name="tvtime_role" lineno="18">
+<summary>
+Role access for tvtime
+</summary>
 <param name="role">
 <summary>
-The role to be allowed to manage the fail2ban domain.
+Role allowed access
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role
 </summary>
 </param>
-<rolecap/>
 </interface>
 </module>
-<module name="fetchmail" filename="policy/modules/contrib/fetchmail.if">
-<summary>Remote-mail retrieval and forwarding utility</summary>
-<interface name="fetchmail_admin" lineno="15">
+<module name="uml" filename="policy/modules/apps/uml.if">
+<summary>User mode linux tools and services.</summary>
+<interface name="uml_role" lineno="18">
 <summary>
-All of the rules required to administrate
-an fetchmail environment
+Role access for uml.
 </summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
 <param name="domain">
 <summary>
-Domain allowed access.
+User domain for the role.
 </summary>
 </param>
-<rolecap/>
 </interface>
-</module>
-<module name="finger" filename="policy/modules/contrib/finger.if">
-<summary>Finger user information service.</summary>
-<interface name="finger_domtrans" lineno="13">
+<interface name="uml_setattr_util_sockets" lineno="55">
 <summary>
-Execute fingerd in the fingerd domain.
+Set attributes of uml pid sock files.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="finger_tcp_connect" lineno="31">
+<interface name="uml_manage_util_files" lineno="74">
 <summary>
-Allow the specified domain to connect to fingerd with a tcp socket.  (Deprecated)
+Create, read, write, and delete
+uml pid files.
 </summary>
 <param name="domain">
 <summary>
@@ -6613,40 +7957,64 @@ Domain allowed access.
 </param>
 </interface>
 </module>
-<module name="firstboot" filename="policy/modules/contrib/firstboot.if">
+<module name="userhelper" filename="policy/modules/apps/userhelper.if">
+<summary>A wrapper that helps users run system programs.</summary>
+<template name="userhelper_role_template" lineno="24">
 <summary>
-Final system configuration run during the first boot
-after installation of Red Hat/Fedora systems.
+The role template for the userhelper module.
 </summary>
-<interface name="firstboot_domtrans" lineno="16">
+<param name="userrole_prefix">
 <summary>
-Execute firstboot in the firstboot domain.
+The prefix of the user role (e.g., user
+is the prefix for user_r).
+</summary>
+</param>
+<param name="user_role">
+<summary>
+The user role.
+</summary>
+</param>
+<param name="user_domain">
+<summary>
+The user domain associated with the role.
+</summary>
+</param>
+</template>
+<interface name="userhelper_search_config" lineno="110">
+<summary>
+Search userhelper configuration directories.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="firstboot_run" lineno="40">
+<interface name="userhelper_dontaudit_search_config" lineno="129">
 <summary>
-Execute firstboot in the firstboot domain, and
-allow the specified role the firstboot domain.
+Do not audit attempts to search
+userhelper configuration directories.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="userhelper_dbus_chat_all_consolehelper" lineno="148">
 <summary>
-Role allowed access.
+Send and receive messages from
+consolehelper over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="firstboot_use_fds" lineno="59">
+<interface name="userhelper_use_fd" lineno="168">
 <summary>
-Inherit and use a file descriptor from firstboot.
+Use userhelper all userhelper file descriptors.
 </summary>
 <param name="domain">
 <summary>
@@ -6654,20 +8022,19 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="firstboot_dontaudit_use_fds" lineno="78">
+<interface name="userhelper_sigchld" lineno="186">
 <summary>
-Do not audit attempts to inherit a
-file descriptor from firstboot.
+Send child terminated signals to all userhelper.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="firstboot_write_pipes" lineno="96">
+<interface name="userhelper_exec" lineno="204">
 <summary>
-Write to a firstboot unnamed pipe.
+Execute the userhelper program in the caller domain.
 </summary>
 <param name="domain">
 <summary>
@@ -6675,9 +8042,10 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="firstboot_rw_pipes" lineno="114">
+<interface name="userhelper_exec_consolehelper" lineno="224">
 <summary>
-Read and Write to a firstboot unnamed pipe.
+Execute the consolehelper program
+in the caller domain.
 </summary>
 <param name="domain">
 <summary>
@@ -6685,33 +8053,43 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="firstboot_dontaudit_rw_pipes" lineno="132">
+</module>
+<module name="usernetctl" filename="policy/modules/apps/usernetctl.if">
+<summary>User network interface configuration helper.</summary>
+<interface name="usernetctl_domtrans" lineno="13">
 <summary>
-Do not audit attemps to read and write to a firstboot unnamed pipe.
+Execute usernetctl in the usernetctl domain.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="firstboot_dontaudit_rw_stream_sockets" lineno="151">
+<interface name="usernetctl_run" lineno="40">
 <summary>
-Do not audit attemps to read and write to a firstboot
-unix domain stream socket.
+Execute usernetctl in the usernetctl
+domain, and allow the specified role
+the usernetctl domain.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
 </summary>
 </param>
+<rolecap/>
 </interface>
 </module>
-<module name="fprintd" filename="policy/modules/contrib/fprintd.if">
-<summary>DBus fingerprint reader service</summary>
-<interface name="fprintd_domtrans" lineno="13">
+<module name="vlock" filename="policy/modules/apps/vlock.if">
+<summary>Lock one or more sessions on the Linux console.</summary>
+<interface name="vlock_domtrans" lineno="13">
 <summary>
-Execute a domain transition to run fprintd.
+Execute vlock in the vlock domain.
 </summary>
 <param name="domain">
 <summary>
@@ -6719,33 +8097,45 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="fprintd_dbus_chat" lineno="32">
+<interface name="vlock_run" lineno="40">
 <summary>
-Send and receive messages from
-fprintd over dbus.
+Execute vlock in the vlock domain,
+and allow the specified role
+the vlock domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed to access.
 </summary>
 </param>
+<rolecap/>
 </interface>
 </module>
-<module name="ftp" filename="policy/modules/contrib/ftp.if">
-<summary>File transfer protocol service</summary>
-<interface name="ftp_dyntrans_anon_sftpd" lineno="13">
+<module name="vmware" filename="policy/modules/apps/vmware.if">
+<summary>VMWare Workstation virtual machines.</summary>
+<interface name="vmware_role" lineno="18">
 <summary>
-Allow domain dyntransition to sftpd_anon domain.
+Role access for vmware.
 </summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+User domain for the role.
 </summary>
 </param>
 </interface>
-<interface name="ftp_tcp_connect" lineno="31">
+<interface name="vmware_exec_host" lineno="50">
 <summary>
-Use ftp by connecting over TCP.  (Deprecated)
+Execute vmware host executables
 </summary>
 <param name="domain">
 <summary>
@@ -6753,9 +8143,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="ftp_read_config" lineno="45">
+<interface name="vmware_read_system_config" lineno="69">
 <summary>
-Read ftpd etc files
+Read vmware system configuration files.
 </summary>
 <param name="domain">
 <summary>
@@ -6763,9 +8153,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="ftp_check_exec" lineno="64">
+<interface name="vmware_append_system_config" lineno="88">
 <summary>
-Execute FTP daemon entry point programs.
+Append vmware system configuration files.
 </summary>
 <param name="domain">
 <summary>
@@ -6773,9 +8163,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="ftp_read_log" lineno="83">
+<interface name="vmware_append_log" lineno="107">
 <summary>
-Read FTP transfer logs
+Append vmware log files.
 </summary>
 <param name="domain">
 <summary>
@@ -6783,9 +8173,12 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="ftp_domtrans_ftpdctl" lineno="102">
+</module>
+<module name="webalizer" filename="policy/modules/apps/webalizer.if">
+<summary>Web server log analysis.</summary>
+<interface name="webalizer_domtrans" lineno="13">
 <summary>
-Execute the ftpdctl program in the ftpdctl domain.
+Execute webalizer in the webalizer domain.
 </summary>
 <param name="domain">
 <summary>
@@ -6793,9 +8186,11 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="ftp_run_ftpdctl" lineno="127">
+<interface name="webalizer_run" lineno="40">
 <summary>
-Execute the ftpdctl program in the ftpdctl domain.
+Execute webalizer in the webalizer
+domain, and allow the specified
+role the webalizer domain.
 </summary>
 <param name="domain">
 <summary>
@@ -6804,159 +8199,130 @@ Domain allowed to transition.
 </param>
 <param name="role">
 <summary>
-The role to allow the ftpdctl domain.
+Role allowed access.
 </summary>
 </param>
 <rolecap/>
 </interface>
-<interface name="ftp_dyntrans_sftpd" lineno="146">
+<interface name="manage_webalizer_var_lib" lineno="60">
 <summary>
-Allow domain dyntransition to sftpd domain.
+Manage webalizer usage files
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed to manage webalizer usage files
 </summary>
 </param>
+<rolecap/>
 </interface>
-<interface name="ftp_admin" lineno="171">
+<tunable name="allow_httpd_webalizer_script_anon_write" dftval="false">
+<desc>
+<p>
+Determine whether the script domain can
+modify public files used for public file
+transfer services. Directories/Files must
+be labeled public_content_rw_t.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="wine" filename="policy/modules/apps/wine.if">
+<summary>Run Windows programs in Linux.</summary>
+<interface name="wine_role" lineno="18">
 <summary>
-All of the rules required to administrate
-an ftp environment
+Role access for wine.
 </summary>
-<param name="domain">
+<param name="role">
 <summary>
-Domain allowed access.
+Role allowed access.
 </summary>
 </param>
-<param name="role">
+<param name="domain">
 <summary>
-The role to be allowed to manage the ftp domain.
+User domain for the role.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<tunable name="allow_ftpd_anon_write" dftval="false">
-<desc>
-<p>
-Allow ftp servers to upload files,  used for public file
-transfer services. Directories must be labeled
-public_content_rw_t.
-</p>
-</desc>
-</tunable>
-<tunable name="allow_ftpd_full_access" dftval="false">
-<desc>
-<p>
-Allow ftp servers to login to local users and
-read/write all files on the system, governed by DAC.
-</p>
-</desc>
-</tunable>
-<tunable name="allow_ftpd_use_cifs" dftval="false">
-<desc>
-<p>
-Allow ftp servers to use cifs
-used for public file transfer services.
-</p>
-</desc>
-</tunable>
-<tunable name="allow_ftpd_use_nfs" dftval="false">
-<desc>
-<p>
-Allow ftp servers to use nfs
-used for public file transfer services.
-</p>
-</desc>
-</tunable>
-<tunable name="ftp_home_dir" dftval="false">
-<desc>
-<p>
-Allow ftp to read and write files in the user home directories
-</p>
-</desc>
-</tunable>
-<tunable name="sftpd_anon_write" dftval="false">
-<desc>
-<p>
-Allow anon internal-sftp to upload files, used for
-public file transfer services. Directories must be labeled
-public_content_rw_t.
-</p>
-</desc>
-</tunable>
-<tunable name="sftpd_enable_homedirs" dftval="false">
-<desc>
-<p>
-Allow sftp-internal to read and write files
-in the user home directories
-</p>
-</desc>
-</tunable>
-<tunable name="sftpd_full_access" dftval="false">
+<template name="wine_role_template" lineno="73">
+<summary>
+The role template for the wine module.
+</summary>
 <desc>
 <p>
-Allow sftp-internal to login to local users and
-read/write all files on the system, governed by DAC.
+This template creates a derived domains which are used
+for wine applications.
 </p>
 </desc>
-</tunable>
-</module>
-<module name="games" filename="policy/modules/contrib/games.if">
-<summary>Games</summary>
-<interface name="games_role" lineno="18">
+<param name="role_prefix">
 <summary>
-Role access for games
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
 </summary>
-<param name="role">
+</param>
+<param name="user_role">
 <summary>
-Role allowed access
+The role associated with the user domain.
 </summary>
 </param>
-<param name="domain">
+<param name="user_domain">
 <summary>
-User domain for the role
+The type of the user domain.
 </summary>
 </param>
-</interface>
-<interface name="games_rw_data" lineno="45">
+</template>
+<interface name="wine_domtrans" lineno="114">
 <summary>
-Allow the specified domain to read/write
-games data.
+Execute the wine program in the wine domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 </interface>
-</module>
-<module name="gatekeeper" filename="policy/modules/contrib/gatekeeper.if">
-<summary>OpenH.323 Voice-Over-IP Gatekeeper</summary>
-</module>
-<module name="gift" filename="policy/modules/contrib/gift.if">
-<summary>giFT peer to peer file sharing tool</summary>
-<interface name="gift_role" lineno="18">
+<interface name="wine_run" lineno="140">
 <summary>
-Role access for gift
+Execute wine in the wine domain,
+and allow the specified role
+the wine domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
 </summary>
+</param>
 <param name="role">
 <summary>
-Role allowed access
+Role allowed access.
 </summary>
 </param>
+</interface>
+<interface name="wine_rw_shm" lineno="160">
+<summary>
+Read and write wine Shared
+memory segments.
+</summary>
 <param name="domain">
 <summary>
-User domain for the role
+Domain allowed access.
 </summary>
 </param>
 </interface>
+<tunable name="wine_mmap_zero_ignore" dftval="false">
+<desc>
+<p>
+Determine whether attempts by
+wine to mmap low regions should
+be silently blocked.
+</p>
+</desc>
+</tunable>
 </module>
-<module name="git" filename="policy/modules/contrib/git.if">
-<summary>GIT revision control system.</summary>
-<template name="git_role" lineno="18">
+<module name="wireshark" filename="policy/modules/apps/wireshark.if">
+<summary>Wireshark packet capture tool.</summary>
+<interface name="wireshark_role" lineno="18">
 <summary>
-Role access for Git session.
+Role access for wireshark.
 </summary>
 <param name="role">
 <summary>
@@ -6968,117 +8334,169 @@ Role allowed access.
 User domain for the role.
 </summary>
 </param>
-</template>
-<tunable name="git_cgi_enable_homedirs" dftval="false">
-<desc>
-<p>
-Determine whether Git CGI
-can search home directories.
-</p>
-</desc>
-</tunable>
-<tunable name="git_cgi_use_cifs" dftval="false">
-<desc>
-<p>
-Determine whether Git CGI
-can access cifs file systems.
-</p>
-</desc>
-</tunable>
-<tunable name="git_cgi_use_nfs" dftval="false">
-<desc>
-<p>
-Determine whether Git CGI
-can access nfs file systems.
-</p>
-</desc>
-</tunable>
-<tunable name="git_session_users" dftval="false">
+</interface>
+<interface name="wireshark_domtrans" lineno="50">
+<summary>
+Execute wireshark in wireshark domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<tunable name="wireshark_read_generic_user_content" dftval="true">
 <desc>
 <p>
-Determine whether calling user domains
-can execute Git daemon in the
-git_session_t domain.
+Grant the wireshark domains read access to generic user content
 </p>
 </desc>
 </tunable>
-<tunable name="git_session_send_syslog_msg" dftval="false">
+<tunable name="wireshark_read_all_user_content" dftval="false">
 <desc>
 <p>
-Determine whether Git session daemons
-can send syslog messages.
+Grant the wireshark domains read access to all user content
 </p>
 </desc>
 </tunable>
-<tunable name="git_system_enable_homedirs" dftval="false">
+<tunable name="wireshark_manage_generic_user_content" dftval="false">
 <desc>
 <p>
-Determine whether Git system daemon
-can search home directories.
+Grant the wireshark domains manage rights on generic user content
 </p>
 </desc>
 </tunable>
-<tunable name="git_system_use_cifs" dftval="false">
+<tunable name="wireshark_manage_all_user_content" dftval="false">
 <desc>
 <p>
-Determine whether Git system daemon
-can access cifs file systems.
+Grant the wireshark domains manage rights on all user content
 </p>
 </desc>
 </tunable>
-<tunable name="git_system_use_nfs" dftval="false">
+</module>
+<module name="wm" filename="policy/modules/apps/wm.if">
+<summary>X Window Managers.</summary>
+<template name="wm_role_template" lineno="30">
+<summary>
+The role template for the wm module.
+</summary>
 <desc>
 <p>
-Determine whether Git system daemon
-can access nfs file systems.
+This template creates a derived domains which are used
+for window manager applications.
 </p>
 </desc>
-</tunable>
-</module>
-<module name="gitosis" filename="policy/modules/contrib/gitosis.if">
-<summary>Tools for managing and hosting git repositories.</summary>
-<interface name="gitosis_domtrans" lineno="13">
+<param name="role_prefix">
 <summary>
-Execute a domain transition to run gitosis.
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+</summary>
+</param>
+<param name="user_role">
+<summary>
+The role associated with the user domain.
+</summary>
+</param>
+<param name="user_domain">
+<summary>
+The type of the user domain.
+</summary>
+</param>
+</template>
+<interface name="wm_exec" lineno="112">
+<summary>
+Execute wm in the caller domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="gitosis_run" lineno="37">
+<interface name="wm_dbus_chat" lineno="138">
 <summary>
-Execute gitosis-serve in the gitosis domain, and
-allow the specified role the gitosis domain.
+Send and receive messages from
+specified wm over dbus.
 </summary>
+<param name="role_prefix">
+<summary>
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+</summary>
+</param>
 <param name="domain">
 <summary>
-Domain allowed access
+Domain allowed access.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="wm_dontaudit_exec_tmp_files" lineno="159">
 <summary>
-Role allowed access.
+Do not audit attempts to execute
+files in temporary directories.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="gitosis_read_lib_files" lineno="57">
+<interface name="wm_dontaudit_exec_tmpfs_files" lineno="178">
 <summary>
-Allow the specified domain to read
-gitosis lib files.
+Do not audit attempts to execute
+files in temporary filesystems.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="gitosis_manage_lib_files" lineno="79">
+<interface name="wm_application_domain" lineno="221">
 <summary>
-Allow the specified domain to manage
-gitosis lib files.
+Create a domain for applications
+that are launched by the window
+manager.
+</summary>
+<desc>
+<p>
+Create a domain for applications that are launched by the
+window manager (implying a domain transition).  Typically
+these are graphical applications that are run interactively.
+</p>
+<p>
+The types will be made usable as a domain and file, making
+calls to domain_type() and files_type() redundant.
+</p>
+</desc>
+<param name="target_domain">
+<summary>
+Type to be used in the domain transition as the application
+domain.
 </summary>
+</param>
+<param name="entry_point">
+<summary>
+Type of the program to be used as an entry point to this domain.
+</summary>
+</param>
+<param name="source_domain">
+<summary>
+Type to be used as the source window manager domain.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="wm_write_pipes" lineno="246">
+<summary>
+Write wm unnamed pipes.
+</summary>
+<param name="role_prefix">
+<summary>
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+</summary>
+</param>
 <param name="domain">
 <summary>
 Domain allowed access.
@@ -7086,21 +8504,36 @@ Domain allowed access.
 </param>
 </interface>
 </module>
-<module name="glance" filename="policy/modules/contrib/glance.if">
-<summary>policy for glance</summary>
-<interface name="glance_domtrans_registry" lineno="13">
+<module name="xscreensaver" filename="policy/modules/apps/xscreensaver.if">
+<summary>Modular screen saver and locker for X11.</summary>
+<interface name="xscreensaver_role" lineno="18">
 <summary>
-Transition to glance registry.
+Role access for xscreensaver.
+</summary>
+<param name="role">
+<summary>
+Role allowed access.
 </summary>
+</param>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+User domain for the role.
 </summary>
 </param>
 </interface>
-<interface name="glance_domtrans_api" lineno="32">
+<tunable name="xscreensaver_read_generic_user_content" dftval="true">
+<desc>
+<p>
+Grant the xscreensaver domains read access to generic user content
+</p>
+</desc>
+</tunable>
+</module>
+<module name="yam" filename="policy/modules/apps/yam.if">
+<summary>Yum/Apt Mirroring.</summary>
+<interface name="yam_domtrans" lineno="13">
 <summary>
-Transition to glance api.
+Execute yam in the yam domain.
 </summary>
 <param name="domain">
 <summary>
@@ -7108,20 +8541,26 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="glance_read_log" lineno="52">
+<interface name="yam_run" lineno="39">
 <summary>
-Read glance's log files.
+Execute yam in the yam domain, and
+allow the specified role the yam domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
 </summary>
 </param>
 <rolecap/>
 </interface>
-<interface name="glance_append_log" lineno="71">
+<interface name="yam_read_content" lineno="58">
 <summary>
-Append to glance log files.
+Read yam content.
 </summary>
 <param name="domain">
 <summary>
@@ -7129,19 +8568,31 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="glance_manage_log" lineno="90">
+</module>
+</layer>
+<layer name="contrib">
+<summary>Gentoo-specific policy modules</summary>
+<module name="android" filename="policy/modules/contrib/android.if">
+<summary>Android development tools - adb, fastboot, android studio</summary>
+<interface name="android_role" lineno="18">
 <summary>
-Manage glance log files
+The role for using the android tools.
 </summary>
+<param name="role">
+<summary>
+The role associated with the user domain.
+</summary>
+</param>
 <param name="domain">
 <summary>
-Domain allowed access.
+The user domain.
 </summary>
 </param>
 </interface>
-<interface name="glance_search_lib" lineno="111">
+<interface name="android_tools_domtrans" lineno="74">
 <summary>
-Search glance lib directories.
+Execute the android tools commands in the
+android tools domain.
 </summary>
 <param name="domain">
 <summary>
@@ -7149,9 +8600,10 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="glance_read_lib_files" lineno="130">
+<interface name="android_dbus_chat" lineno="95">
 <summary>
-Read glance lib files.
+Send and receive messages from the android java
+domain over dbus.
 </summary>
 <param name="domain">
 <summary>
@@ -7159,85 +8611,125 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="glance_manage_lib_files" lineno="149">
+</module>
+<module name="at" filename="policy/modules/contrib/at.if">
+<summary>At daemon for running a task a single time</summary>
+<interface name="at_role" lineno="18">
+<summary>
+Role access for at
+</summary>
+<param name="role">
 <summary>
-Manage glance lib files.
+Role allowed access
 </summary>
+</param>
 <param name="domain">
 <summary>
-Domain allowed access.
+User domain for the role
 </summary>
 </param>
 </interface>
-<interface name="glance_manage_lib_dirs" lineno="168">
+<interface name="at_rw_inherited_job_log_files" lineno="70">
 <summary>
-Manage glance lib directories.
+Read from and write to the the inherited atd
+joblog file
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed access
 </summary>
 </param>
 </interface>
-<interface name="glance_read_pid_files" lineno="187">
+</module>
+<module name="bitcoin" filename="policy/modules/contrib/bitcoin.if">
+<summary>Bitcoin software-based online payment system</summary>
+<interface name="bitcoin_admin" lineno="18">
 <summary>
-Read glance PID files.
+Administer a bitcoin environment
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed access
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access
 </summary>
 </param>
 </interface>
-<interface name="glance_manage_pid_files" lineno="206">
+<tunable name="bitcoin_bind_all_unreserved_ports" dftval="false">
+<desc>
+<p>
+Determine whether the bitcoin daemon can bind
+to all unreserved ports or not.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="ceph" filename="policy/modules/contrib/ceph.if">
+<summary>Ceph distributed object storage</summary>
+<template name="ceph_domain_template" lineno="13">
 <summary>
-Manage glance PID files.
+Create the individual Ceph domains
 </summary>
-<param name="domain">
+<param name="cephdaemon">
 <summary>
-Domain allowed access.
+The daemon (osd, mds or mon) for which the rules are created
 </summary>
 </param>
-</interface>
-<interface name="glance_admin" lineno="232">
+</template>
+<interface name="ceph_admin" lineno="65">
 <summary>
-All of the rules required to administrate
-an glance environment
+Administrative access for Ceph
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed access
 </summary>
 </param>
 <param name="role">
 <summary>
-Role allowed access.
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="ceph_read_key" lineno="98">
+<summary>
+Read Ceph key files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
 </summary>
 </param>
-<rolecap/>
 </interface>
 </module>
-<module name="gnome" filename="policy/modules/contrib/gnome.if">
-<summary>GNU network object model environment (GNOME)</summary>
-<interface name="gnome_role" lineno="18">
+<module name="dirsrv" filename="policy/modules/contrib/dirsrv.if">
+<summary>policy for dirsrv</summary>
+<interface name="dirsrv_domtrans" lineno="15">
 <summary>
-Role access for gnome
+Execute a domain transition to run dirsrv.
 </summary>
-<param name="role">
+<param name="domain">
 <summary>
-Role allowed access
+Domain allowed to transition.
 </summary>
 </param>
+</interface>
+<interface name="dirsrv_signal" lineno="38">
+<summary>
+Allow caller to signal dirsrv.
+</summary>
 <param name="domain">
 <summary>
-User domain for the role
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="gnome_exec_gconf" lineno="49">
+<interface name="dirsrv_signull" lineno="57">
 <summary>
-Execute gconf programs in
-in the caller domain.
+Send a null signal to dirsrv.
 </summary>
 <param name="domain">
 <summary>
@@ -7245,19 +8737,19 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<template name="gnome_read_gconf_config" lineno="67">
+<interface name="dirsrv_manage_log" lineno="75">
 <summary>
-Read gconf config files.
+Allow a domain to manage dirsrv logs.
 </summary>
-<param name="user_domain">
+<param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-</template>
-<interface name="gnome_manage_gconf_config" lineno="87">
+</interface>
+<interface name="dirsrv_manage_var_lib" lineno="95">
 <summary>
-Create, read, write, and delete gconf config files.
+Allow a domain to manage dirsrv /var/lib files.
 </summary>
 <param name="domain">
 <summary>
@@ -7265,19 +8757,19 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="gnome_stream_connect_gconf" lineno="106">
+<interface name="dirsrv_manage_var_run" lineno="113">
 <summary>
-gconf connection template.
+Allow a domain to manage dirsrv /var/run files.
 </summary>
-<param name="user_domain">
+<param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="gnome_domtrans_gconfd" lineno="125">
+<interface name="dirsrv_pid_filetrans" lineno="132">
 <summary>
-Run gconfd in gconfd domain.
+Allow a domain to create dirsrv pid directories.
 </summary>
 <param name="domain">
 <summary>
@@ -7285,9 +8777,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="gnome_setattr_config_dirs" lineno="143">
+<interface name="dirsrv_read_var_run" lineno="150">
 <summary>
-Set attributes of Gnome config dirs.
+Allow a domain to read dirsrv /var/run files.
 </summary>
 <param name="domain">
 <summary>
@@ -7295,32 +8787,32 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<template name="gnome_read_config" lineno="162">
+<interface name="dirsrv_manage_config" lineno="168">
 <summary>
-Read gnome homedir content (.config)
+Manage dirsrv configuration files.
 </summary>
-<param name="user_domain">
+<param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-</template>
-<interface name="gnome_manage_config" lineno="182">
+</interface>
+<interface name="dirsrv_read_share" lineno="187">
 <summary>
-manage gnome homedir content (.config)
+Read dirsrv share files.
 </summary>
-<param name="user_domain">
+<param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
 </interface>
 </module>
-<module name="gnomeclock" filename="policy/modules/contrib/gnomeclock.if">
-<summary>Gnome clock handler for setting the time.</summary>
-<interface name="gnomeclock_domtrans" lineno="13">
+<module name="dracut" filename="policy/modules/contrib/dracut.if">
+<summary>Dracut initramfs creation tool</summary>
+<interface name="dracut_domtrans" lineno="13">
 <summary>
-Execute a domain transition to run gnomeclock.
+Execute the dracut program in the dracut domain.
 </summary>
 <param name="domain">
 <summary>
@@ -7328,10 +8820,10 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="gnomeclock_run" lineno="37">
+<interface name="dracut_run" lineno="38">
 <summary>
-Execute gnomeclock in the gnomeclock domain, and
-allow the specified role the gnomeclock domain.
+Execute dracut in the dracut domain, and
+allow the specified role the dracut domain.
 </summary>
 <param name="domain">
 <summary>
@@ -7344,10 +8836,9 @@ Role allowed access.
 </summary>
 </param>
 </interface>
-<interface name="gnomeclock_dbus_chat" lineno="57">
+<interface name="dracut_rw_tmp_files" lineno="57">
 <summary>
-Send and receive messages from
-gnomeclock over dbus.
+Read/write dracut temporary files
 </summary>
 <param name="domain">
 <summary>
@@ -7356,172 +8847,277 @@ Domain allowed access.
 </param>
 </interface>
 </module>
-<module name="gpg" filename="policy/modules/contrib/gpg.if">
-<summary>Policy for GNU Privacy Guard and related programs.</summary>
-<interface name="gpg_role" lineno="18">
+<module name="dropbox" filename="policy/modules/contrib/dropbox.if">
+<summary>Dropbox client - Store, Sync and Share Files Online</summary>
+<interface name="dropbox_role" lineno="18">
 <summary>
-Role access for gpg
+The role for using the dropbox client.
 </summary>
 <param name="role">
 <summary>
-Role allowed access
+The role associated with the user domain.
 </summary>
 </param>
 <param name="domain">
 <summary>
-User domain for the role
+The user domain.
 </summary>
 </param>
 </interface>
-<interface name="gpg_domtrans" lineno="80">
+<interface name="dropbox_dbus_chat" lineno="66">
 <summary>
-Transition to a user gpg domain.
+Send and receive messages from the dropbox daemon
+over dbus.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="gpg_exec" lineno="98">
+<interface name="dropbox_read_content" lineno="86">
 <summary>
-Execute the gpg application without transitioning
+Allow other domains to read dropbox's content files
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to execute gpg
+The domain that is allowed read access to the dropbox_content_t files
 </summary>
 </param>
 </interface>
-<interface name="gpg_signal" lineno="116">
+<interface name="dropbox_manage_content" lineno="105">
 <summary>
-Send generic signals to user gpg processes.
+Allow other domains to manage dropbox's content files
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+The domain that is allowed to manage the dropbox_content_t files and directories
+</summary>
+</param>
+</interface>
+<tunable name="dropbox_bind_port" dftval="false">
+<desc>
+<p>
+Determine whether dropbox can bind to
+local tcp and udp ports.
+Required for Dropbox' LAN Sync feature
+</p>
+</desc>
+</tunable>
+<tunable name="dropbox_read_generic_user_content" dftval="true">
+<desc>
+<p>
+Grant the dropbox domains read access to generic user content
+</p>
+</desc>
+</tunable>
+<tunable name="dropbox_read_all_user_content" dftval="false">
+<desc>
+<p>
+Grant the dropbox domains read access to all user content
+</p>
+</desc>
+</tunable>
+<tunable name="dropbox_manage_generic_user_content" dftval="false">
+<desc>
+<p>
+Grant the dropbox domains manage rights on generic user content
+</p>
+</desc>
+</tunable>
+<tunable name="dropbox_manage_all_user_content" dftval="false">
+<desc>
+<p>
+Grant the dropbox domains manage rights on all user content
+</p>
+</desc>
+</tunable>
+</module>
+<module name="flash" filename="policy/modules/contrib/flash.if">
+<summary>
+Flash player
+</summary>
+<interface name="flash_manage_home" lineno="15">
+<summary>
+Manage the Flash player home files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
 </summary>
 </param>
 </interface>
-<interface name="gpg_rw_agent_pipes" lineno="134">
+<interface name="flash_relabel_home" lineno="33">
 <summary>
-Read and write GPG agent pipes.
+Relabel the flash home resources
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed access
 </summary>
 </param>
 </interface>
-<interface name="gpg_pinentry_dbus_chat" lineno="154">
+</module>
+<module name="googletalk" filename="policy/modules/contrib/googletalk.if">
 <summary>
-Send messages to and from GPG
-Pinentry over DBUS.
+Google Talk
+</summary>
+<interface name="googletalk_plugin_domain" lineno="17">
+<summary>
+Grant the plugin domain the needed privileges to launch and
+interact with the GoogleTalk application. Used for web browser
+plugin domains.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed access
 </summary>
 </param>
 </interface>
-<interface name="gpg_list_user_secrets" lineno="174">
+<interface name="googletalk_domtrans_plugin" lineno="51">
 <summary>
-List Gnu Privacy Guard user secrets.
+Execute Google talk plugin in the Google talk plugin domain
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition
 </summary>
 </param>
 </interface>
-<tunable name="gpg_agent_env_file" dftval="false">
-<desc>
-<p>
-Allow usage of the gpg-agent --write-env-file option.
-This also allows gpg-agent to manage user files.
-</p>
-</desc>
-</tunable>
-</module>
-<module name="gpm" filename="policy/modules/contrib/gpm.if">
-<summary>General Purpose Mouse driver</summary>
-<interface name="gpm_stream_connect" lineno="14">
+<interface name="googletalk_run_plugin" lineno="76">
 <summary>
-Connect to GPM over a unix domain
-stream socket.
+Execute Google talk plugin in the Google talk plugin domain,
+and allow the specified role the google talk plugin domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access
 </summary>
 </param>
 </interface>
-<interface name="gpm_getattr_gpmctl" lineno="34">
+<interface name="googletalk_use_plugin_fds" lineno="95">
 <summary>
-Get the attributes of the GPM
-control channel named socket.
+Use the file descriptor of googletalk plugin
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed access
 </summary>
 </param>
 </interface>
-<interface name="gpm_dontaudit_getattr_gpmctl" lineno="55">
+<interface name="googletalk_rw_inherited_plugin_unix_stream_sockets" lineno="113">
 <summary>
-Do not audit attempts to get the
-attributes of the GPM control channel
-named socket.
+Read and write to the google talk plugin inherited stream sockets
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access
 </summary>
 </param>
 </interface>
-<interface name="gpm_setattr_gpmctl" lineno="74">
+<interface name="googletalk_generic_xdg_config_home_filetrans_plugin_xdg_config" lineno="143">
 <summary>
-Set the attributes of the GPM
-control channel named socket.
+Create objects in the xdg config home location
+with an automatic type transition to the googletalk
+plugin xdg config home type
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<param name="object_class">
+<summary>
+The class of the object to be created.
+</summary>
+</param>
+<param name="filename" optional="true">
+<summary>
+Name of the file or directory created
+</summary>
+</param>
+</interface>
+<interface name="googletalk_manage_plugin_xdg_config" lineno="161">
+<summary>
+Manage google talk plugin xdg configuration
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
 </interface>
 </module>
-<module name="gpsd" filename="policy/modules/contrib/gpsd.if">
-<summary>gpsd monitor daemon</summary>
-<interface name="gpsd_domtrans" lineno="13">
+<module name="gorg" filename="policy/modules/contrib/gorg.if">
+<summary>Policy for gorg</summary>
+<interface name="gorg_role" lineno="18">
 <summary>
-Execute a domain transition to run gpsd.
+Role access for gorg
 </summary>
+<param name="role">
+<summary>
+Role allowed access
+</summary>
+</param>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+User domain for the role
 </summary>
 </param>
 </interface>
-<interface name="gpsd_run" lineno="37">
+</module>
+<module name="kdeconnect" filename="policy/modules/contrib/kdeconnect.if">
+<summary>policy for kdeconnect</summary>
+<interface name="kdeconnect_domtrans" lineno="13">
 <summary>
-Execute gpsd in the gpsd domain, and
-allow the specified role the gpsd domain.
+Execute kdeconnect in the kdeconnect domin.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed to transition.
 </summary>
 </param>
+</interface>
+<interface name="kdeconnect_run" lineno="38">
+<summary>
+Execute kdeconnect in the kdeconnect domain, and
+allow the specified role the kdeconnect domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition
+</summary>
+</param>
 <param name="role">
 <summary>
-Role allowed access.
+The role to be allowed the kdeconnect domain.
 </summary>
 </param>
 </interface>
-<interface name="gpsd_rw_shm" lineno="56">
+<interface name="kdeconnect_role" lineno="62">
 <summary>
-Read and write gpsd shared memory.
+Role access for kdeconnect
+</summary>
+<param name="role">
+<summary>
+Role allowed access
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role
+</summary>
+</param>
+</interface>
+<interface name="kdeconnect_dbus_chat" lineno="89">
+<summary>
+Send and receive messages from the kdeconnect daemon
+over dbus.
 </summary>
 <param name="domain">
 <summary>
@@ -7529,98 +9125,143 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
+<tunable name="kdeconnect_read_user_files" dftval="true">
+<desc>
+<p>
+Allow KDEConnect to read user home files
+</p>
+</desc>
+</tunable>
 </module>
-<module name="guest" filename="policy/modules/contrib/guest.if">
-<summary>Least privledge terminal user role</summary>
-<interface name="guest_role_change" lineno="14">
+<module name="links" filename="policy/modules/contrib/links.if">
+<summary>Links web browser</summary>
+<interface name="links_role" lineno="18">
 <summary>
-Change to the guest role.
+The role interface for the links module.
 </summary>
-<param name="role">
+<param name="user_role">
 <summary>
-Role allowed access.
+The role associated with the user domain.
 </summary>
 </param>
-<rolecap/>
-</interface>
-<interface name="guest_role_change_to" lineno="44">
+<param name="user_domain">
 <summary>
-Change from the guest role.
+The type of the user domain.
 </summary>
+</param>
+</interface>
+<tunable name="links_manage_user_files" dftval="false">
 <desc>
 <p>
-Change from the guest role to
-the specified role.
-</p>
-<p>
-This is an interface to support third party modules
-and its use is not allowed in upstream reference
-policy.
+Allow links to manage files in users home directories (download files)
 </p>
 </desc>
+</tunable>
+</module>
+<module name="logsentry" filename="policy/modules/contrib/logsentry.if">
+<summary>Log file monitoring tool</summary>
+<interface name="logsentry_admin" lineno="19">
+<summary>
+All of the rules required to administrate
+a logsentry environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
 <param name="role">
 <summary>
 Role allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
 </module>
-<module name="hadoop" filename="policy/modules/contrib/hadoop.if">
-<summary>Software for reliable, scalable, distributed computing.</summary>
-<template name="hadoop_domain_template" lineno="13">
+<module name="makewhatis" filename="policy/modules/contrib/makewhatis.if">
+<summary>Build whatis database from man pages</summary>
+</module>
+<module name="mutt" filename="policy/modules/contrib/mutt.if">
+<summary>Mutt e-mail client</summary>
+<interface name="mutt_role" lineno="18">
 <summary>
-The template to define a hadoop domain.
+The role for using the mutt application.
 </summary>
-<param name="domain_prefix">
+<param name="role">
 <summary>
-Domain prefix to be used.
+The role associated with the user domain.
 </summary>
 </param>
-</template>
-<interface name="hadoop_role" lineno="219">
+<param name="domain">
 <summary>
-Role access for hadoop.
+The user domain.
 </summary>
-<param name="role">
+</param>
+</interface>
+<interface name="mutt_read_home_files" lineno="58">
 <summary>
-Role allowed access.
+Allow other domains to read mutt's home files
 </summary>
-</param>
 <param name="domain">
 <summary>
-Domain allowed access.
+The domain that is allowed read access to the mutt_home_t files
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="hadoop_domtrans" lineno="248">
+<interface name="mutt_read_tmp_files" lineno="76">
 <summary>
-Execute hadoop in the
-hadoop domain.
+Allow other domains to read mutt's temporary files
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+The domain that is allowed read access to the temporary files
 </summary>
 </param>
 </interface>
-<interface name="hadoop_recvfrom" lineno="268">
+<interface name="mutt_rw_tmp_files" lineno="95">
 <summary>
-Give permission to a domain to
-recvfrom hadoop_t
+Allow other domains to handle mutt's temporary files (used for instance
+for e-mail drafts)
 </summary>
 <param name="domain">
 <summary>
-Domain needing recvfrom
-permission
+The domain that is allowed read/write access to the temporary files
 </summary>
 </param>
 </interface>
-<interface name="hadoop_domtrans_zookeeper_client" lineno="287">
+<tunable name="mutt_read_generic_user_content" dftval="true">
+<desc>
+<p>
+Grant the mutt domains read access to generic user content
+</p>
+</desc>
+</tunable>
+<tunable name="mutt_read_all_user_content" dftval="false">
+<desc>
+<p>
+Grant the mutt domains read access to all user content
+</p>
+</desc>
+</tunable>
+<tunable name="mutt_manage_generic_user_content" dftval="false">
+<desc>
+<p>
+Grant the mutt domains manage rights on generic user content
+</p>
+</desc>
+</tunable>
+<tunable name="mutt_manage_all_user_content" dftval="false">
+<desc>
+<p>
+Grant the mutt domains manage rights on all user content
+</p>
+</desc>
+</tunable>
+</module>
+<module name="nginx" filename="policy/modules/contrib/nginx.if">
+<summary>policy for nginx</summary>
+<interface name="nginx_domtrans" lineno="55">
 <summary>
-Execute zookeeper client in the
-zookeeper client domain.
+Execute a domain transition to run nginx.
 </summary>
 <param name="domain">
 <summary>
@@ -7628,163 +9269,323 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="hadoop_recvfrom_zookeeper_client" lineno="308">
+<interface name="nginx_admin" lineno="82">
 <summary>
-Give permission to a domain to
-recvfrom zookeeper_t
+Administer the nginx domain
 </summary>
 <param name="domain">
 <summary>
-Domain needing recvfrom
-permission
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be allowed to manage the nginx domain.
 </summary>
 </param>
+<rolecap/>
 </interface>
-<interface name="hadoop_domtrans_zookeeper_server" lineno="327">
+<tunable name="nginx_enable_http_server" dftval="false">
+<desc>
+<p>
+Allow nginx to serve HTTP content (act as an http server)
+</p>
+</desc>
+</tunable>
+<tunable name="nginx_enable_imap_server" dftval="false">
+<desc>
+<p>
+Allow nginx to act as an imap proxy server)
+</p>
+</desc>
+</tunable>
+<tunable name="nginx_enable_pop3_server" dftval="false">
+<desc>
+<p>
+Allow nginx to act as a pop3 server)
+</p>
+</desc>
+</tunable>
+<tunable name="nginx_enable_smtp_server" dftval="false">
+<desc>
+<p>
+Allow nginx to act as an smtp server)
+</p>
+</desc>
+</tunable>
+<tunable name="nginx_can_network_connect_http" dftval="false">
+<desc>
+<p>
+Allow nginx to connect to remote HTTP servers
+</p>
+</desc>
+</tunable>
+<tunable name="nginx_can_network_connect" dftval="false">
+<desc>
+<p>
+Allow nginx to connect to remote servers (regardless of protocol)
+</p>
+</desc>
+</tunable>
+</module>
+<module name="openrc" filename="policy/modules/contrib/openrc.if">
+<summary>OpenRC is an init system</summary>
+</module>
+<module name="pan" filename="policy/modules/contrib/pan.if">
+<summary>Pan news reader client</summary>
+<interface name="pan_role" lineno="18">
 <summary>
-Execute zookeeper server in the
-zookeeper server domain.
+Role access for pan
+</summary>
+<param name="role">
+<summary>
+Role allowed access
 </summary>
+</param>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+User domain for the role
 </summary>
 </param>
 </interface>
-<interface name="hadoop_recvfrom_zookeeper_server" lineno="348">
+<tunable name="pan_manage_user_content" dftval="false">
+<desc>
+<p>
+Be able to manage user files (needed to support sending and downloading
+attachments). Without this boolean set, only files marked as pan_home_t
+can be used for sending and receiving.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="phpfpm" filename="policy/modules/contrib/phpfpm.if">
+<summary>PHP FastCGI Process Manager</summary>
+<interface name="phpfpm_admin" lineno="13">
 <summary>
-Give permission to a domain to
-recvfrom zookeeper_server_t
+Administrate a phpfpm environment
 </summary>
 <param name="domain">
 <summary>
-Domain needing recvfrom
-permission
+Domain allowed access
 </summary>
 </param>
 </interface>
-<interface name="hadoop_initrc_domtrans_zookeeper_server" lineno="367">
+<interface name="phpfpm_stream_connect" lineno="43">
 <summary>
-Execute zookeeper server in the
-zookeeper domain.
+Connect to phpfpm using a unix domain stream socket.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<rolecap/>
 </interface>
-<interface name="hadoop_recvfrom_datanode" lineno="387">
+<tunable name="phpfpm_use_ldap" dftval="false">
+<desc>
+<p>
+Allow phpfpm to use LDAP services
+</p>
+</desc>
+</tunable>
+</module>
+<module name="resolvconf" filename="policy/modules/contrib/resolvconf.if">
+<summary>OpenResolv network configuration management</summary>
+<interface name="resolvconf_client_domain" lineno="14">
 <summary>
-Give permission to a domain to
-recvfrom hadoop_datanode_t
+Mark the domain as a resolvconf client, automatically granting
+the necessary privileges (execute resolvconf and type access).
 </summary>
 <param name="domain">
 <summary>
-Domain needing recvfrom
-permission
+Domain to mark as a resolvconf client
 </summary>
 </param>
 </interface>
-<interface name="hadoop_read_config" lineno="406">
+<interface name="resolvconf_client_domain_privs" lineno="33">
 <summary>
-Give permission to a domain to read
-hadoop_etc_t
+Assign the proper permissions to the domain, such as
+executing resolvconf and accessing its types.
 </summary>
 <param name="domain">
 <summary>
-Domain needing read permission
+Domain to assign proper permissions to
 </summary>
 </param>
 </interface>
-<interface name="hadoop_exec_config" lineno="427">
+<interface name="resolvconf_domtrans" lineno="48">
 <summary>
-Give permission to a domain to
-execute hadoop_etc_t
+Execute resolvconf and transition to the resolvconf_t domain
 </summary>
 <param name="domain">
 <summary>
-Domain needing read and execute
-permission
+Domain allowed to transition
 </summary>
 </param>
 </interface>
-<interface name="hadoop_recvfrom_jobtracker" lineno="448">
+<interface name="resolvconf_exec" lineno="67">
 <summary>
-Give permission to a domain to
-recvfrom hadoop_jobtracker_t
+Execute resolvconf in the calling domain (no transition)
 </summary>
 <param name="domain">
 <summary>
-Domain needing recvfrom
-permission
+Domain allowed to execute
 </summary>
 </param>
 </interface>
-<interface name="hadoop_match_lan_spd" lineno="468">
+<interface name="resolvconf_generic_run_filetrans_run" lineno="96">
 <summary>
-Give permission to a domain to
-polmatch on hadoop_lan_t
+Transition to resolvconf_run_t when creating resources
+inside the generic run directory
 </summary>
 <param name="domain">
 <summary>
-Domain needing polmatch
-permission
+Domain allowed access
+</summary>
+</param>
+<param name="class">
+<summary>
+Class on which a file transition has to occur
+</summary>
+</param>
+<param name="filename" optional="true">
+<summary>
+Name of the resource on which a file transition has to occur
+</summary>
+</param>
+</interface>
+</module>
+<module name="rtorrent" filename="policy/modules/contrib/rtorrent.if">
+<summary>rtorrent torrent client</summary>
+<interface name="rtorrent_role" lineno="18">
+<summary>
+Role access for rtorrent
+</summary>
+<param name="user_role">
+<summary>
+The role associated with the user domain.
+</summary>
+</param>
+<param name="user_domain">
+<summary>
+The user domain.
 </summary>
 </param>
 </interface>
-<interface name="hadoop_recvfrom_namenode" lineno="488">
+<interface name="rtorrent_admin" lineno="52">
 <summary>
-Give permission to a domain to
-recvfrom hadoop_namenode_t
+Administer the rtorrent application.
 </summary>
 <param name="domain">
 <summary>
-Domain needing recvfrom
-permission
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
 </summary>
 </param>
 </interface>
-<interface name="hadoop_recvfrom_secondarynamenode" lineno="508">
+<tunable name="rtorrent_use_dht" dftval="true">
+<desc>
+<p>
+Allow rtorrent to use dht.
+The correspondig port must be rtorrent_udp_port_t.
+</p>
+</desc>
+</tunable>
+<tunable name="rtorrent_use_rsync" dftval="false">
+<desc>
+<p>
+Allow rtorrent to use rsync, for example in a hook.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="salt" filename="policy/modules/contrib/salt.if">
+<summary>Infrastructure management toolset</summary>
+<interface name="salt_admin_master" lineno="18">
 <summary>
-Give permission to a domain to
-recvfrom hadoop_secondarynamenode_t
+All the rules required to administer a salt master environment
 </summary>
 <param name="domain">
 <summary>
-Domain needing recvfrom
-permission
+Domain allowed access
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access
 </summary>
 </param>
 </interface>
-<interface name="hadoop_recvfrom_tasktracker" lineno="528">
+<interface name="salt_admin_minion" lineno="62">
 <summary>
-Give permission to a domain to
-recvfrom hadoop_tasktracker_t
+All the rules required to administer a salt minion environment
 </summary>
 <param name="domain">
 <summary>
-Domain needing recvfrom
-permission
+Domain allowed access
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access
 </summary>
 </param>
 </interface>
+<tunable name="salt_master_read_nfs" dftval="false">
+<desc>
+<p>
+Determine wether the salt master can read NFS files
+</p>
+</desc>
+</tunable>
+<tunable name="salt_minion_manage_nfs" dftval="false">
+<desc>
+<p>
+Determine wether the salt minion can manage NFS files
+</p>
+</desc>
+</tunable>
 </module>
-<module name="hal" filename="policy/modules/contrib/hal.if">
-<summary>Hardware abstraction layer</summary>
-<interface name="hal_domtrans" lineno="13">
+<module name="skype" filename="policy/modules/contrib/skype.if">
+<summary>Skype softphone.</summary>
+<interface name="skype_role" lineno="18">
 <summary>
-Execute hal in the hal domain.
+Role access for the skype module.
 </summary>
-<param name="domain">
+<param name="role">
 <summary>
-Domain allowed to transition.
+The role associated with the user domain.
+</summary>
+</param>
+<param name="user_domain">
+<summary>
+The type of the user domain.
 </summary>
 </param>
 </interface>
-<interface name="hal_getattr" lineno="31">
+<tunable name="skype_manage_user_content" dftval="false">
+<desc>
+<p>
+Be able to manage user files (needed to support sending and receiving files).
+Without this boolean set, only files marked as skype_home_t can be used for
+sending and receiving.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="subsonic" filename="policy/modules/contrib/subsonic.if">
+<summary>Subsonic Music Streaming Server</summary>
+</module>
+<module name="uwsgi" filename="policy/modules/contrib/uwsgi.if">
+<summary>uWSGI server for Python web applications</summary>
+<interface name="uwsgi_stream_connect" lineno="14">
 <summary>
-Get the attributes of a hal process.
+Connect to uwsgi using a unix
+domain stream socket.
 </summary>
 <param name="domain">
 <summary>
@@ -7792,9 +9593,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="hal_read_state" lineno="49">
+<interface name="uwsgi_manage_content" lineno="34">
 <summary>
-Read hal system state
+Manage uwsgi content.
 </summary>
 <param name="domain">
 <summary>
@@ -7802,19 +9603,19 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="hal_ptrace" lineno="67">
+<interface name="uwsgi_domtrans" lineno="62">
 <summary>
-Allow ptrace of hal domain
+Execute uwsgi in the uwsgi domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="hal_use_fds" lineno="85">
+<interface name="uwsgi_content_exec" lineno="82">
 <summary>
-Allow domain to use file descriptors from hal.
+Execute uwsgi in the callers domain.
 </summary>
 <param name="domain">
 <summary>
@@ -7822,73 +9623,102 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="hal_dontaudit_use_fds" lineno="103">
+<interface name="uwsgi_admin" lineno="108">
 <summary>
-Do not audit attempts to use file descriptors from hal.
+All of the rules required to
+administrate a uWSGI environment.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
 </interface>
-<interface name="hal_rw_pipes" lineno="122">
+</module>
+<module name="vde" filename="policy/modules/contrib/vde.if">
+<summary>Virtual Distributed Ethernet switch service</summary>
+<interface name="vde_role" lineno="19">
 <summary>
-Allow attempts to read and write to
-hald unnamed pipes.
 </summary>
+<param name="role">
+<summary>
+The role to be allowed to manage the vde domain.
+</summary>
+</param>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<rolecap/>
 </interface>
-<interface name="hal_dontaudit_rw_pipes" lineno="141">
+<interface name="vde_connect" lineno="50">
 <summary>
-Do not audit attempts to read and write to
-hald unnamed pipes.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
+<rolecap/>
 </interface>
-<interface name="hal_dgram_send" lineno="160">
+</module>
+</layer>
+<layer name="kernel">
+<summary>Policy modules for kernel resources.</summary>
+<module name="corecommands" filename="policy/modules/kernel/corecommands.if">
 <summary>
-Send to hal over a unix domain
-datagram socket.
+Core policy for shells, and generic programs
+in /bin, /sbin, /usr/bin, and /usr/sbin.
 </summary>
-<param name="domain">
+<required val="true">
+Contains the base bin and sbin directory types
+which need to be searched for the kernel to
+run init.
+</required>
+<interface name="corecmd_executable_file" lineno="23">
 <summary>
-Domain allowed access.
+Make the specified type usable for files
+that are exectuables, such as binary programs.
+This does not include shared libraries.
+</summary>
+<param name="type">
+<summary>
+Type to be used for files.
 </summary>
 </param>
 </interface>
-<interface name="hal_stream_connect" lineno="179">
+<interface name="corecmd_bin_entry_type" lineno="44">
 <summary>
-Send to hal over a unix domain
-stream socket.
+Make general progams in bin an entrypoint for
+the specified domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+The domain for which bin_t is an entrypoint.
 </summary>
 </param>
 </interface>
-<interface name="hal_dontaudit_rw_dgram_sockets" lineno="197">
+<interface name="corecmd_shell_entry_type" lineno="62">
 <summary>
-Dontaudit read/write to a hal unix datagram socket.
+Make the shell an entrypoint for the specified domain.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+The domain for which the shell is an entrypoint.
 </summary>
 </param>
 </interface>
-<interface name="hal_dbus_send" lineno="215">
+<interface name="corecmd_search_bin" lineno="81">
 <summary>
-Send a dbus message to hal.
+Search the contents of bin directories.
+Also allow to read a possible /bin->/usr/bin symlink.
 </summary>
 <param name="domain">
 <summary>
@@ -7896,10 +9726,19 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="hal_dbus_chat" lineno="235">
+<interface name="corecmd_dontaudit_search_bin" lineno="100">
 <summary>
-Send and receive messages from
-hal over dbus.
+Do not audit attempts to search the contents of bin directories.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="corecmd_list_bin" lineno="118">
+<summary>
+List the contents of bin directories.
 </summary>
 <param name="domain">
 <summary>
@@ -7907,20 +9746,19 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="hal_domtrans_mac" lineno="255">
+<interface name="corecmd_dontaudit_write_bin_dirs" lineno="137">
 <summary>
-Execute hal mac in the hal mac domain.
+Do not audit attempts to write bin directories.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="hal_write_log" lineno="274">
+<interface name="corecmd_getattr_bin_files" lineno="155">
 <summary>
-Allow attempts to write the hal
-log files.
+Get the attributes of files in bin directories.
 </summary>
 <param name="domain">
 <summary>
@@ -7928,10 +9766,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="hal_dontaudit_write_log" lineno="294">
+<interface name="corecmd_dontaudit_getattr_bin_files" lineno="174">
 <summary>
-Do not audit attempts to write the hal
-log files.
+Do not audit attempts to get the attributes of files in bin directories.
 </summary>
 <param name="domain">
 <summary>
@@ -7939,9 +9776,9 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="hal_manage_log" lineno="312">
+<interface name="corecmd_check_exec_bin_files" lineno="193">
 <summary>
-Manage hald log files.
+Check if files in bin directories are executable (DAC-wise)
 </summary>
 <param name="domain">
 <summary>
@@ -7949,9 +9786,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="hal_read_tmp_files" lineno="332">
+<interface name="corecmd_read_bin_files" lineno="212">
 <summary>
-Read hald tmp files.
+Read files in bin directories.
 </summary>
 <param name="domain">
 <summary>
@@ -7959,10 +9796,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="hal_dontaudit_append_lib_files" lineno="351">
+<interface name="corecmd_dontaudit_write_bin_files" lineno="231">
 <summary>
-Do not audit attempts to read or write
-HAL libraries files
+Do not audit attempts to write bin files.
 </summary>
 <param name="domain">
 <summary>
@@ -7970,9 +9806,9 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="hal_read_pid_files" lineno="369">
+<interface name="corecmd_read_bin_symlinks" lineno="249">
 <summary>
-Read hald PID files.
+Read symbolic links in bin directories.
 </summary>
 <param name="domain">
 <summary>
@@ -7980,9 +9816,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="hal_rw_pid_files" lineno="388">
+<interface name="corecmd_read_bin_pipes" lineno="269">
 <summary>
-Read/Write hald PID files.
+Read pipes in bin directories.
 </summary>
 <param name="domain">
 <summary>
@@ -7990,9 +9826,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="hal_manage_pid_dirs" lineno="407">
+<interface name="corecmd_read_bin_sockets" lineno="288">
 <summary>
-Manage hald PID dirs.
+Read named sockets in bin directories.
 </summary>
 <param name="domain">
 <summary>
@@ -8000,32 +9836,50 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="hal_manage_pid_files" lineno="426">
+<interface name="corecmd_exec_bin" lineno="328">
 <summary>
-Manage hald PID files.
+Execute generic programs in bin directories,
+in the caller domain.
 </summary>
+<desc>
+<p>
+Allow the specified domain to execute generic programs
+in system bin directories (/bin, /sbin, /usr/bin,
+/usr/sbin) a without domain transition.
+</p>
+<p>
+Typically, this interface should be used when the domain
+executes general system progams within the privileges
+of the source domain.  Some examples of these programs
+are ls, cp, sed, python, and tar. This does not include
+shells, such as bash.
+</p>
+<p>
+Related interface:
+</p>
+<ul>
+<li>corecmd_exec_shell()</li>
+</ul>
+</desc>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
 </interface>
-</module>
-<module name="hddtemp" filename="policy/modules/contrib/hddtemp.if">
-<summary>hddtemp hard disk temperature tool running as a daemon.</summary>
-<interface name="hddtemp_domtrans" lineno="13">
+<interface name="corecmd_manage_bin_files" lineno="347">
 <summary>
-Execute a domain transition to run hddtemp.
+Create, read, write, and delete bin files.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="hddtemp_exec" lineno="32">
+<interface name="corecmd_relabel_bin_files" lineno="366">
 <summary>
-Execute hddtemp.
+Relabel to and from the bin type.
 </summary>
 <param name="domain">
 <summary>
@@ -8033,42 +9887,89 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="hddtemp_admin" lineno="58">
+<interface name="corecmd_mmap_bin_files" lineno="385">
 <summary>
-All of the rules required to
-administrate an hddtemp environment.
+Mmap a bin file as executable.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="corecmd_bin_spec_domtrans" lineno="430">
 <summary>
-Role allowed access.
+Execute a file in a bin directory
+in the specified domain but do not
+do it automatically. This is an explicit
+transition, requiring the caller to use setexeccon().
+</summary>
+<desc>
+<p>
+Execute a file in a bin directory
+in the specified domain.  This allows
+the specified domain to execute any file
+on these filesystems in the specified
+domain.  This is not suggested.
+</p>
+<p>
+No interprocess communication (signals, pipes,
+etc.) is provided by this interface since
+the domains are not owned by this module.
+</p>
+<p>
+This interface was added to handle
+the userhelper policy.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="target_domain">
+<summary>
+The type of the new process.
 </summary>
 </param>
-<rolecap/>
 </interface>
-</module>
-<module name="howl" filename="policy/modules/contrib/howl.if">
-<summary>Port of Apple Rendezvous multicast DNS</summary>
-<interface name="howl_signal" lineno="13">
+<interface name="corecmd_bin_domtrans" lineno="473">
 <summary>
-Send generic signals to howl.
+Execute a file in a bin directory
+in the specified domain.
 </summary>
+<desc>
+<p>
+Execute a file in a bin directory
+in the specified domain.  This allows
+the specified domain to execute any file
+on these filesystems in the specified
+domain.  This is not suggested.
+</p>
+<p>
+No interprocess communication (signals, pipes,
+etc.) is provided by this interface since
+the domains are not owned by this module.
+</p>
+<p>
+This interface was added to handle
+the ssh-agent policy.
+</p>
+</desc>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
+</summary>
+</param>
+<param name="target_domain">
+<summary>
+The type of the new process.
 </summary>
 </param>
 </interface>
-</module>
-<module name="i18n_input" filename="policy/modules/contrib/i18n_input.if">
-<summary>IIIMF htt server</summary>
-<interface name="i18n_use" lineno="13">
+<interface name="corecmd_check_exec_shell" lineno="492">
 <summary>
-Use i18n_input over a TCP connection.  (Deprecated)
+Check if a shell is executable (DAC-wise).
 </summary>
 <param name="domain">
 <summary>
@@ -8076,42 +9977,91 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-</module>
-<module name="icecast" filename="policy/modules/contrib/icecast.if">
-<summary> ShoutCast compatible streaming media server</summary>
-<interface name="icecast_domtrans" lineno="13">
+<interface name="corecmd_exec_shell" lineno="529">
 <summary>
-Execute a domain transition to run icecast.
+Execute shells in the caller domain.
 </summary>
+<desc>
+<p>
+Allow the specified domain to execute shells without
+a domain transition.
+</p>
+<p>
+Typically, this interface should be used when the domain
+executes shells within the privileges
+of the source domain.  Some examples of these programs
+are bash, tcsh, and zsh.
+</p>
+<p>
+Related interface:
+</p>
+<ul>
+<li>corecmd_exec_bin()</li>
+</ul>
+</desc>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="icecast_signal" lineno="31">
+<interface name="corecmd_shell_spec_domtrans" lineno="567">
 <summary>
-Allow domain signal icecast
+Execute a shell in the target domain.  This
+is an explicit transition, requiring the
+caller to use setexeccon().
 </summary>
+<desc>
+<p>
+Execute a shell in the target domain.  This
+is an explicit transition, requiring the
+caller to use setexeccon().
+</p>
+<p>
+No interprocess communication (signals, pipes,
+etc.) is provided by this interface since
+the domains are not owned by this module.
+</p>
+</desc>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
+</summary>
+</param>
+<param name="target_domain">
+<summary>
+The type of the shell process.
 </summary>
 </param>
 </interface>
-<interface name="icecast_initrc_domtrans" lineno="49">
+<interface name="corecmd_shell_domtrans" lineno="601">
 <summary>
-Execute icecast server in the icecast domain.
+Execute a shell in the specified domain.
 </summary>
+<desc>
+<p>
+Execute a shell in the specified domain.
+</p>
+<p>
+No interprocess communication (signals, pipes,
+etc.) is provided by this interface since
+the domains are not owned by this module.
+</p>
+</desc>
 <param name="domain">
 <summary>
 Domain allowed to transition.
 </summary>
 </param>
+<param name="target_domain">
+<summary>
+The type of the shell process.
+</summary>
+</param>
 </interface>
-<interface name="icecast_read_pid_files" lineno="67">
+<interface name="corecmd_exec_chroot" lineno="620">
 <summary>
-Read icecast PID files.
+Execute chroot in the caller domain.
 </summary>
 <param name="domain">
 <summary>
@@ -8119,19 +10069,20 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="icecast_manage_pid_files" lineno="86">
+<interface name="corecmd_getattr_all_executables" lineno="641">
 <summary>
-Manage icecast pid files.
+Get the attributes of all executable files.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<rolecap/>
 </interface>
-<interface name="icecast_read_log" lineno="106">
+<interface name="corecmd_read_all_executables" lineno="662">
 <summary>
-Allow the specified domain to read icecast's log files.
+Read all executable files.
 </summary>
 <param name="domain">
 <summary>
@@ -8140,60 +10091,62 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="icecast_append_log" lineno="126">
+<interface name="corecmd_exec_all_executables" lineno="682">
 <summary>
-Allow the specified domain to append
-icecast log files.
+Execute all executable files.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<rolecap/>
 </interface>
-<interface name="icecast_manage_log" lineno="145">
+<interface name="corecmd_dontaudit_exec_all_executables" lineno="703">
 <summary>
-Allow domain to manage icecast log files
+Do not audit attempts to execute all executables.
 </summary>
 <param name="domain">
 <summary>
-Domain allow access.
+Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="icecast_admin" lineno="171">
+<interface name="corecmd_manage_all_executables" lineno="722">
 <summary>
-All of the rules required to administrate
-an icecast environment
+Create, read, write, and all executable files.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<rolecap/>
+</interface>
+<interface name="corecmd_relabel_all_executables" lineno="744">
 <summary>
-Role allowed access.
+Relabel to and from the bin type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
 <rolecap/>
 </interface>
-</module>
-<module name="ifplugd" filename="policy/modules/contrib/ifplugd.if">
-<summary>Bring up/down ethernet interfaces based on cable detection.</summary>
-<interface name="ifplugd_domtrans" lineno="13">
+<interface name="corecmd_mmap_all_executables" lineno="764">
 <summary>
-Execute a domain transition to run ifplugd.
+Mmap all executables as executable.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="ifplugd_signal" lineno="31">
+<interface name="corecmd_relabel_bin_dirs" lineno="786">
 <summary>
-Send a generic signal to ifplugd
+Relabel to and from the bin type.
 </summary>
 <param name="domain">
 <summary>
@@ -8201,9 +10154,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="ifplugd_read_config" lineno="49">
+<interface name="corecmd_relabel_bin_lnk_files" lineno="804">
 <summary>
-Read ifplugd etc configuration files.
+Relabel to and from the bin type.
 </summary>
 <param name="domain">
 <summary>
@@ -8211,131 +10164,256 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="ifplugd_manage_config" lineno="68">
+</module>
+<module name="corenetwork" filename="policy/modules/kernel/corenetwork.if">
+<summary>Policy controlling access to network objects</summary>
+<required val="true">
+Contains the initial SIDs for network objects.
+</required>
+<interface name="corenet_port" lineno="29">
 <summary>
-Manage ifplugd etc configuration files.
+Define type to be a network port type
 </summary>
+<desc>
+<p>
+Define type to be a network port type
+</p>
+<p>
+This is for supporting third party modules and its
+use is not allowed in upstream reference policy.
+</p>
+</desc>
 <param name="domain">
 <summary>
-Domain allowed access.
+Type to be used for network ports.
 </summary>
 </param>
 </interface>
-<interface name="ifplugd_read_pid_files" lineno="88">
+<interface name="corenet_reserved_port" lineno="56">
 <summary>
-Read ifplugd PID files.
+Define network type to be a reserved port (lt 1024)
 </summary>
+<desc>
+<p>
+Define network type to be a reserved port (lt 1024)
+</p>
+<p>
+This is for supporting third party modules and its
+use is not allowed in upstream reference policy.
+</p>
+</desc>
 <param name="domain">
 <summary>
-Domain allowed access.
+Type to be used for network ports.
 </summary>
 </param>
 </interface>
-<interface name="ifplugd_admin" lineno="114">
+<interface name="corenet_rpc_port" lineno="83">
 <summary>
-All of the rules required to administrate
-an ifplugd environment
+Define network type to be a rpc port ( 512 lt PORT lt 1024)
 </summary>
+<desc>
+<p>
+Define network type to be a rpc port ( 512 lt PORT lt 1024)
+</p>
+<p>
+This is for supporting third party modules and its
+use is not allowed in upstream reference policy.
+</p>
+</desc>
 <param name="domain">
 <summary>
-Domain allowed access.
+Type to be used for network ports.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="corenet_node" lineno="110">
 <summary>
-The role to be allowed to manage the ifplugd domain.
+Define type to be a network node type
+</summary>
+<desc>
+<p>
+Define type to be a network node type
+</p>
+<p>
+This is for supporting third party modules and its
+use is not allowed in upstream reference policy.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Type to be used for network nodes.
 </summary>
 </param>
-<rolecap/>
 </interface>
-</module>
-<module name="imaze" filename="policy/modules/contrib/imaze.if">
-<summary>iMaze game server</summary>
-</module>
-<module name="inetd" filename="policy/modules/contrib/inetd.if">
-<summary>Internet services daemon.</summary>
-<interface name="inetd_core_service_domain" lineno="27">
+<interface name="corenet_packet" lineno="137">
 <summary>
-Define the specified domain as a inetd service.
+Define type to be a network packet type
 </summary>
 <desc>
 <p>
-Define the specified domain as a inetd service.  The
-inetd_service_domain(), inetd_tcp_service_domain(),
-or inetd_udp_service_domain() interfaces should be used
-instead of this interface, as this interface only provides
-the common rules to these three interfaces.
+Define type to be a network packet type
+</p>
+<p>
+This is for supporting third party modules and its
+use is not allowed in upstream reference policy.
 </p>
 </desc>
 <param name="domain">
 <summary>
-The type associated with the inetd service process.
+Type to be used for a network packet.
 </summary>
 </param>
-<param name="entrypoint">
+</interface>
+<interface name="corenet_client_packet" lineno="164">
 <summary>
-The type associated with the process program.
+Define type to be a network client packet type
+</summary>
+<desc>
+<p>
+Define type to be a network client packet type
+</p>
+<p>
+This is for supporting third party modules and its
+use is not allowed in upstream reference policy.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Type to be used for a network client packet.
 </summary>
 </param>
 </interface>
-<interface name="inetd_tcp_service_domain" lineno="57">
+<interface name="corenet_server_packet" lineno="191">
 <summary>
-Define the specified domain as a TCP inetd service.
+Define type to be a network server packet type
 </summary>
+<desc>
+<p>
+Define type to be a network server packet type
+</p>
+<p>
+This is for supporting third party modules and its
+use is not allowed in upstream reference policy.
+</p>
+</desc>
 <param name="domain">
 <summary>
-The type associated with the inetd service process.
+Type to be used for a network server packet.
 </summary>
 </param>
-<param name="entrypoint">
+</interface>
+<interface name="corenet_spd_type" lineno="210">
 <summary>
-The type associated with the process program.
+Make the specified type usable
+for labeled ipsec.
+</summary>
+<param name="domain">
+<summary>
+Type to be used for labeled ipsec.
 </summary>
 </param>
 </interface>
-<interface name="inetd_udp_service_domain" lineno="83">
+<interface name="corenet_ib_pkey" lineno="237">
 <summary>
-Define the specified domain as a UDP inetd service.
+Define type to be an infiniband pkey type
 </summary>
+<desc>
+<p>
+Define type to be an infiniband pkey type
+</p>
+<p>
+This is for supporting third party modules and its
+use is not allowed in upstream reference policy.
+</p>
+</desc>
 <param name="domain">
 <summary>
-The type associated with the inetd service process.
+Type to be used for infiniband pkeys.
 </summary>
 </param>
-<param name="entrypoint">
+</interface>
+<interface name="corenet_ib_endport" lineno="264">
 <summary>
-The type associated with the process program.
+Define type to be an infiniband endport
+</summary>
+<desc>
+<p>
+Define type to be an infiniband endport
+</p>
+<p>
+This is for supporting third party modules and its
+use is not allowed in upstream reference policy.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Type to be used for infiniband endports.
 </summary>
 </param>
 </interface>
-<interface name="inetd_service_domain" lineno="108">
+<interface name="corenet_tcp_sendrecv_generic_if" lineno="310">
 <summary>
-Define the specified domain as a TCP and UDP inetd service.
+Send and receive TCP network traffic on generic interfaces.
 </summary>
+<desc>
+<p>
+Allow the specified domain to send and receive TCP network
+traffic on generic network interfaces.
+</p>
+<p>
+Related interface:
+</p>
+<ul>
+<li>corenet_all_recvfrom_unlabeled()</li>
+<li>corenet_tcp_sendrecv_generic_node()</li>
+<li>corenet_tcp_sendrecv_all_ports()</li>
+<li>corenet_tcp_connect_all_ports()</li>
+</ul>
+<p>
+Example client being able to connect to all ports over
+generic nodes, without labeled networking:
+</p>
+<p>
+allow myclient_t self:tcp_socket create_stream_socket_perms;
+corenet_tcp_sendrecv_generic_if(myclient_t)
+corenet_tcp_sendrecv_generic_node(myclient_t)
+corenet_tcp_sendrecv_all_ports(myclient_t)
+corenet_tcp_connect_all_ports(myclient_t)
+corenet_all_recvfrom_unlabeled(myclient_t)
+</p>
+</desc>
 <param name="domain">
 <summary>
-The type associated with the inetd service process.
+Domain allowed access.
 </summary>
 </param>
-<param name="entrypoint">
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_generic_if" lineno="328">
 <summary>
-The type associated with the process program.
+Send UDP network traffic on generic interfaces.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="inetd_use_fds" lineno="134">
+<interface name="corenet_dontaudit_udp_send_generic_if" lineno="347">
 <summary>
-Inherit and use file descriptors from inetd.
+Dontaudit attempts to send UDP network traffic
+on generic interfaces.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="inetd_tcp_connect" lineno="152">
+<interface name="corenet_udp_receive_generic_if" lineno="365">
 <summary>
-Connect to the inetd service using a TCP connection.  (Deprecated)
+Receive UDP network traffic on generic interfaces.
 </summary>
 <param name="domain">
 <summary>
@@ -8343,43 +10421,67 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="inetd_domtrans_child" lineno="166">
+<interface name="corenet_dontaudit_udp_receive_generic_if" lineno="384">
 <summary>
-Run inetd child process in the inet child domain
+Do not audit attempts to receive UDP network
+traffic on generic interfaces.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="inetd_udp_send" lineno="185">
+<interface name="corenet_udp_sendrecv_generic_if" lineno="428">
 <summary>
-Send UDP network traffic to inetd.  (Deprecated)
+Send and receive UDP network traffic on generic interfaces.
 </summary>
+<desc>
+<p>
+Allow the specified domain to send and receive UDP network
+traffic on generic network interfaces.
+</p>
+<p>
+Related interface:
+</p>
+<ul>
+<li>corenet_all_recvfrom_unlabeled()</li>
+<li>corenet_udp_sendrecv_generic_node()</li>
+<li>corenet_udp_sendrecv_all_ports()</li>
+</ul>
+<p>
+Example client being able to send to all ports over
+generic nodes, without labeled networking:
+</p>
+<p>
+allow myclient_t self:udp_socket create_socket_perms;
+corenet_udp_sendrecv_generic_if(myclient_t)
+corenet_udp_sendrecv_generic_node(myclient_t)
+corenet_udp_sendrecv_all_ports(myclient_t)
+corenet_all_recvfrom_unlabeled(myclient_t)
+</p>
+</desc>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="inetd_rw_tcp_sockets" lineno="199">
+<interface name="corenet_dontaudit_udp_sendrecv_generic_if" lineno="444">
 <summary>
-Read and write inetd TCP sockets.
+Do not audit attempts to send and receive UDP network
+traffic on generic interfaces.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
 </interface>
-</module>
-<module name="inn" filename="policy/modules/contrib/inn.if">
-<summary>Internet News NNTP server</summary>
-<interface name="inn_exec" lineno="14">
+<interface name="corenet_raw_send_generic_if" lineno="459">
 <summary>
-Allow the specified domain to execute innd
-in the caller domain.
+Send raw IP packets on generic interfaces.
 </summary>
 <param name="domain">
 <summary>
@@ -8387,10 +10489,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="inn_exec_config" lineno="33">
+<interface name="corenet_raw_receive_generic_if" lineno="477">
 <summary>
-Allow the specified domain to execute
-inn configuration files in /etc.
+Receive raw IP packets on generic interfaces.
 </summary>
 <param name="domain">
 <summary>
@@ -8398,9 +10499,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="inn_manage_log" lineno="51">
+<interface name="corenet_raw_sendrecv_generic_if" lineno="495">
 <summary>
-Create, read, write, and delete the innd log.
+Send and receive raw IP packets on generic interfaces.
 </summary>
 <param name="domain">
 <summary>
@@ -8408,29 +10509,42 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="inn_manage_pid" lineno="70">
+<interface name="corenet_out_generic_if" lineno="511">
 <summary>
-Create, read, write, and delete the innd pid files.
+Allow outgoing network traffic on the generic interfaces.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+The peer label of the outgoing network traffic.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="inn_read_config" lineno="91">
+<interface name="corenet_in_generic_if" lineno="530">
 <summary>
-Read innd configuration files.
+Allow incoming traffic on the generic interfaces.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+The peer label of the incoming network traffic.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_inout_generic_if" lineno="549">
+<summary>
+Allow incoming and outgoing network traffic on the generic interfaces.
+</summary>
+<param name="domain">
+<summary>
+The peer label of the network traffic.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="inn_read_news_lib" lineno="111">
+<interface name="corenet_tcp_sendrecv_all_if" lineno="564">
 <summary>
-Read innd news library files.
+Send and receive TCP network traffic on all interfaces.
 </summary>
 <param name="domain">
 <summary>
@@ -8438,9 +10552,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="inn_read_news_spool" lineno="131">
+<interface name="corenet_udp_send_all_if" lineno="582">
 <summary>
-Read innd news library files.
+Send UDP network traffic on all interfaces.
 </summary>
 <param name="domain">
 <summary>
@@ -8448,9 +10562,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="inn_dgram_send" lineno="151">
+<interface name="corenet_udp_receive_all_if" lineno="600">
 <summary>
-Send to a innd unix dgram socket.
+Receive UDP network traffic on all interfaces.
 </summary>
 <param name="domain">
 <summary>
@@ -8458,73 +10572,97 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="inn_domtrans" lineno="169">
+<interface name="corenet_udp_sendrecv_all_if" lineno="618">
 <summary>
-Execute inn in the inn domain.
+Send and receive UDP network traffic on all interfaces.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="inn_admin" lineno="195">
+<interface name="corenet_raw_send_all_if" lineno="633">
 <summary>
-All of the rules required to administrate
-an inn environment
+Send raw IP packets on all interfaces.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="corenet_sctp_sendrecv_generic_node" lineno="651">
 <summary>
-The role to be allowed to manage the inn domain.
+Send and receive SCTP network traffic on generic nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-</module>
-<module name="irc" filename="policy/modules/contrib/irc.if">
-<summary>IRC client policy</summary>
-<interface name="irc_role" lineno="18">
+<interface name="corenet_raw_receive_all_if" lineno="669">
 <summary>
-Role access for IRC
+Receive raw IP packets on all interfaces.
 </summary>
-<param name="role">
+<param name="domain">
 <summary>
-Role allowed access
+Domain allowed access.
 </summary>
 </param>
+</interface>
+<interface name="corenet_raw_sendrecv_all_if" lineno="687">
+<summary>
+Send and receive raw IP packets on all interfaces.
+</summary>
 <param name="domain">
 <summary>
-User domain for the role
+Domain allowed access.
 </summary>
 </param>
 </interface>
-</module>
-<module name="ircd" filename="policy/modules/contrib/ircd.if">
-<summary>IRC server</summary>
-</module>
-<module name="irqbalance" filename="policy/modules/contrib/irqbalance.if">
-<summary>IRQ balancing daemon</summary>
-</module>
-<module name="iscsi" filename="policy/modules/contrib/iscsi.if">
-<summary>Establish connections to iSCSI devices</summary>
-<interface name="iscsid_domtrans" lineno="13">
+<interface name="corenet_tcp_sendrecv_generic_node" lineno="730">
 <summary>
-Execute a domain transition to run iscsid.
+Send and receive TCP network traffic on generic nodes.
 </summary>
+<desc>
+<p>
+Allow the specified domain to send and receive TCP network
+traffic to/from generic network nodes (hostnames/networks).
+</p>
+<p>
+Related interface:
+</p>
+<ul>
+<li>corenet_all_recvfrom_unlabeled()</li>
+<li>corenet_tcp_sendrecv_generic_if()</li>
+<li>corenet_tcp_sendrecv_all_ports()</li>
+<li>corenet_tcp_connect_all_ports()</li>
+</ul>
+<p>
+Example client being able to connect to all ports over
+generic nodes, without labeled networking:
+</p>
+<p>
+allow myclient_t self:tcp_socket create_stream_socket_perms;
+corenet_tcp_sendrecv_generic_if(myclient_t)
+corenet_tcp_sendrecv_generic_node(myclient_t)
+corenet_tcp_sendrecv_all_ports(myclient_t)
+corenet_tcp_connect_all_ports(myclient_t)
+corenet_all_recvfrom_unlabeled(myclient_t)
+</p>
+</desc>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="iscsi_manage_semaphores" lineno="31">
+<interface name="corenet_udp_send_generic_node" lineno="748">
 <summary>
-Manage iscsid sempaphores.
+Send UDP network traffic on generic nodes.
 </summary>
 <param name="domain">
 <summary>
@@ -8532,9 +10670,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="iscsi_stream_connect" lineno="49">
+<interface name="corenet_udp_receive_generic_node" lineno="766">
 <summary>
-Connect to ISCSI using a unix domain stream socket.
+Receive UDP network traffic on generic nodes.
 </summary>
 <param name="domain">
 <summary>
@@ -8542,22 +10680,45 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="iscsi_read_lib_files" lineno="68">
+<interface name="corenet_udp_sendrecv_generic_node" lineno="810">
 <summary>
-Read iscsi lib files.
+Send and receive UDP network traffic on generic nodes.
 </summary>
+<desc>
+<p>
+Allow the specified domain to send and receive UDP network
+traffic to/from generic network nodes (hostnames/networks).
+</p>
+<p>
+Related interface:
+</p>
+<ul>
+<li>corenet_all_recvfrom_unlabeled()</li>
+<li>corenet_udp_sendrecv_generic_if()</li>
+<li>corenet_udp_sendrecv_all_ports()</li>
+</ul>
+<p>
+Example client being able to send to all ports over
+generic nodes, without labeled networking:
+</p>
+<p>
+allow myclient_t self:udp_socket create_socket_perms;
+corenet_udp_sendrecv_generic_if(myclient_t)
+corenet_udp_sendrecv_generic_node(myclient_t)
+corenet_udp_sendrecv_all_ports(myclient_t)
+corenet_all_recvfrom_unlabeled(myclient_t)
+</p>
+</desc>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-</module>
-<module name="jabber" filename="policy/modules/contrib/jabber.if">
-<summary>Jabber instant messaging server</summary>
-<interface name="jabber_tcp_connect" lineno="13">
+<interface name="corenet_raw_send_generic_node" lineno="825">
 <summary>
-Connect to jabber over a TCP socket  (Deprecated)
+Send raw IP packets on generic nodes.
 </summary>
 <param name="domain">
 <summary>
@@ -8565,122 +10726,173 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="jabber_admin" lineno="34">
+<interface name="corenet_raw_receive_generic_node" lineno="843">
 <summary>
-All of the rules required to administrate
-an jabber environment
+Receive raw IP packets on generic nodes.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="corenet_raw_sendrecv_generic_node" lineno="861">
 <summary>
-The role to be allowed to manage the jabber domain.
+Send and receive raw IP packets on generic nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-</module>
-<module name="java" filename="policy/modules/contrib/java.if">
-<summary>Java virtual machine</summary>
-<interface name="java_role" lineno="18">
+<interface name="corenet_sctp_bind_generic_node" lineno="876">
 <summary>
-Role access for java
+Bind SCTP sockets to generic nodes.
 </summary>
-<param name="role">
+<param name="domain">
 <summary>
-Role allowed access
+Domain allowed access.
 </summary>
 </param>
+</interface>
+<interface name="corenet_tcp_bind_generic_node" lineno="909">
+<summary>
+Bind TCP sockets to generic nodes.
+</summary>
+<desc>
+<p>
+Bind TCP sockets to generic nodes.  This is
+necessary for binding a socket so it
+can be used for servers to listen
+for incoming connections.
+</p>
+<p>
+Related interface:
+</p>
+<ul>
+<li>corenet_udp_bind_generic_node()</li>
+</ul>
+</desc>
 <param name="domain">
 <summary>
-User domain for the role
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="1"/>
 </interface>
-<template name="java_role_template" lineno="63">
+<interface name="corenet_udp_bind_generic_node" lineno="942">
 <summary>
-The role template for the java module.
+Bind UDP sockets to generic nodes.
 </summary>
 <desc>
 <p>
-This template creates a derived domains which are used
-for java applications.
+Bind UDP sockets to generic nodes.  This is
+necessary for binding a socket so it
+can be used for servers to listen
+for incoming connections.
+</p>
+<p>
+Related interface:
 </p>
+<ul>
+<li>corenet_tcp_bind_generic_node()</li>
+</ul>
 </desc>
-<param name="role_prefix">
+<param name="domain">
 <summary>
-The prefix of the user domain (e.g., user
-is the prefix for user_t).
+Domain allowed access.
 </summary>
 </param>
-<param name="user_role">
+<infoflow type="read" weight="1"/>
+</interface>
+<interface name="corenet_raw_bind_generic_node" lineno="961">
 <summary>
-The role associated with the user domain.
+Bind raw sockets to generic nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<param name="user_domain">
+</interface>
+<interface name="corenet_out_generic_node" lineno="980">
 <summary>
-The type of the user domain.
+Allow outgoing network traffic to generic nodes.
+</summary>
+<param name="domain">
+<summary>
+The peer label of the outgoing network traffic.
 </summary>
 </param>
-</template>
-<template name="java_domtrans" lineno="108">
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_in_generic_node" lineno="999">
 <summary>
-Run java in javaplugin domain.
+Allow incoming network traffic from generic nodes.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+The peer label of the incoming network traffic.
 </summary>
 </param>
-</template>
-<interface name="java_run" lineno="132">
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_inout_generic_node" lineno="1018">
 <summary>
-Execute java in the java domain, and
-allow the specified role the java domain.
+Allow incoming and outgoing network traffic with generic nodes.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+The peer label of the network traffic.
 </summary>
 </param>
-<param name="role">
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_tcp_sendrecv_all_nodes" lineno="1033">
 <summary>
-Role allowed access.
+Send and receive TCP network traffic on all nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="java_domtrans_unconfined" lineno="151">
+<interface name="corenet_udp_send_all_nodes" lineno="1051">
 <summary>
-Execute the java program in the unconfined java domain.
+Send UDP network traffic on all nodes.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="java_run_unconfined" lineno="175">
+<interface name="corenet_dontaudit_udp_send_all_nodes" lineno="1070">
 <summary>
-Execute the java program in the unconfined java domain.
+Do not audit attempts to send UDP network
+traffic on any nodes.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="corenet_sctp_sendrecv_all_nodes" lineno="1088">
 <summary>
-Role allowed access.
+Send and receive SCTP network traffic on all nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="java_exec" lineno="194">
+<interface name="corenet_udp_receive_all_nodes" lineno="1106">
 <summary>
-Execute the java program in the java domain.
+Receive UDP network traffic on all nodes.
 </summary>
 <param name="domain">
 <summary>
@@ -8688,39 +10900,41 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<tunable name="allow_java_execstack" dftval="false">
-<desc>
-<p>
-Allow java executable stack
-</p>
-</desc>
-</tunable>
-</module>
-<module name="kdump" filename="policy/modules/contrib/kdump.if">
-<summary>Kernel crash dumping mechanism</summary>
-<interface name="kdump_domtrans" lineno="13">
+<interface name="corenet_dontaudit_udp_receive_all_nodes" lineno="1125">
 <summary>
-Execute kdump in the kdump domain.
+Do not audit attempts to receive UDP
+network traffic on all nodes.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="kdump_initrc_domtrans" lineno="32">
+<interface name="corenet_udp_sendrecv_all_nodes" lineno="1143">
 <summary>
-Execute kdump in the kdump domain.
+Send and receive UDP network traffic on all nodes.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_all_nodes" lineno="1159">
+<summary>
+Do not audit attempts to send and receive UDP
+network traffic on any nodes nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="kdump_read_config" lineno="50">
+<interface name="corenet_raw_send_all_nodes" lineno="1174">
 <summary>
-Read kdump configuration file.
+Send raw IP packets on all nodes.
 </summary>
 <param name="domain">
 <summary>
@@ -8728,9 +10942,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kdump_manage_config" lineno="69">
+<interface name="corenet_raw_receive_all_nodes" lineno="1192">
 <summary>
-Manage kdump configuration file.
+Receive raw IP packets on all nodes.
 </summary>
 <param name="domain">
 <summary>
@@ -8738,53 +10952,29 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kdump_admin" lineno="95">
+<interface name="corenet_raw_sendrecv_all_nodes" lineno="1210">
 <summary>
-All of the rules required to administrate
-an kdump environment
+Send and receive raw IP packets on all nodes.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="corenet_tcp_bind_all_nodes" lineno="1225">
 <summary>
-The role to be allowed to manage the kdump domain.
+Bind TCP sockets to all nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-</module>
-<module name="kdumpgui" filename="policy/modules/contrib/kdumpgui.if">
-<summary>system-config-kdump GUI</summary>
-</module>
-<module name="kerberos" filename="policy/modules/contrib/kerberos.if">
-<summary>MIT Kerberos admin and KDC</summary>
-<desc>
-<p>
-This policy supports:
-</p>
-<p>
-Servers:
-<ul>
-<li>kadmind</li>
-<li>krb5kdc</li>
-</ul>
-</p>
-<p>
-Clients:
-<ul>
-<li>kinit</li>
-<li>kdestroy</li>
-<li>klist</li>
-<li>ksu (incomplete)</li>
-</ul>
-</p>
-</desc>
-<interface name="kerberos_exec_kadmind" lineno="34">
+<interface name="corenet_udp_bind_all_nodes" lineno="1243">
 <summary>
-Execute kadmind in the current domain
+Bind UDP sockets to all nodes.
 </summary>
 <param name="domain">
 <summary>
@@ -8792,19 +10982,19 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kerberos_domtrans_kpropd" lineno="52">
+<interface name="corenet_raw_bind_all_nodes" lineno="1262">
 <summary>
-Execute a domain transition to run kpropd.
+Bind raw sockets to all nodes.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kerberos_use" lineno="70">
+<interface name="corenet_tcp_sendrecv_generic_port" lineno="1280">
 <summary>
-Use kerberos services
+Send and receive TCP network traffic on generic ports.
 </summary>
 <param name="domain">
 <summary>
@@ -8812,53 +11002,49 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kerberos_read_config" lineno="131">
+<interface name="corenet_sctp_bind_all_nodes" lineno="1298">
 <summary>
-Read the kerberos configuration file (/etc/krb5.conf).
+Bind SCTP sockets to all nodes.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="kerberos_dontaudit_write_config" lineno="152">
+<interface name="corenet_dontaudit_tcp_sendrecv_generic_port" lineno="1317">
 <summary>
-Do not audit attempts to write the kerberos
-configuration file (/etc/krb5.conf).
+Do not audit send and receive TCP network traffic on generic ports.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kerberos_rw_config" lineno="171">
+<interface name="corenet_udp_send_generic_port" lineno="1335">
 <summary>
-Read and write the kerberos configuration file (/etc/krb5.conf).
+Send UDP network traffic on generic ports.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="kerberos_read_keytab" lineno="191">
+<interface name="corenet_udp_receive_generic_port" lineno="1353">
 <summary>
-Read the kerberos key table.
+Receive UDP network traffic on generic ports.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="kerberos_rw_keytab" lineno="210">
+<interface name="corenet_udp_sendrecv_generic_port" lineno="1371">
 <summary>
-Read/Write the kerberos key table.
+Send and receive UDP network traffic on generic ports.
 </summary>
 <param name="domain">
 <summary>
@@ -8866,46 +11052,85 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<template name="kerberos_keytab_template" lineno="234">
+<interface name="corenet_tcp_bind_generic_port" lineno="1386">
 <summary>
-Create a derived type for kerberos keytab
+Bind TCP sockets to generic ports.
 </summary>
-<param name="prefix">
+<param name="domain">
 <summary>
-The prefix to be used for deriving type names.
+Domain allowed access.
 </summary>
 </param>
+</interface>
+<interface name="corenet_dontaudit_tcp_bind_generic_port" lineno="1406">
+<summary>
+Do not audit bind TCP sockets to generic ports.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="corenet_udp_bind_generic_port" lineno="1424">
+<summary>
+Bind UDP sockets to generic ports.
+</summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-</template>
-<interface name="kerberos_read_kdc_config" lineno="255">
+</interface>
+<interface name="corenet_tcp_connect_generic_port" lineno="1444">
 <summary>
-Read the kerberos kdc configuration file (/etc/krb5kdc.conf).
+Connect TCP sockets to generic ports.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="kerberos_manage_host_rcache" lineno="275">
+<interface name="corenet_tcp_sendrecv_all_ports" lineno="1488">
 <summary>
-Read the kerberos kdc configuration file (/etc/krb5kdc.conf).
+Send and receive TCP network traffic on all ports.
 </summary>
+<desc>
+<p>
+Send and receive TCP network traffic on all ports.
+Related interfaces:
+</p>
+<ul>
+<li>corenet_all_recvfrom_unlabeled()</li>
+<li>corenet_tcp_sendrecv_generic_if()</li>
+<li>corenet_tcp_sendrecv_generic_node()</li>
+<li>corenet_tcp_connect_all_ports()</li>
+<li>corenet_tcp_bind_all_ports()</li>
+</ul>
+<p>
+Example client being able to connect to all ports over
+generic nodes, without labeled networking:
+</p>
+<p>
+allow myclient_t self:tcp_socket create_stream_socket_perms;
+corenet_tcp_sendrecv_generic_if(myclient_t)
+corenet_tcp_sendrecv_generic_node(myclient_t)
+corenet_tcp_sendrecv_all_ports(myclient_t)
+corenet_tcp_connect_all_ports(myclient_t)
+corenet_all_recvfrom_unlabeled(myclient_t)
+</p>
+</desc>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="kerberos_connect_524" lineno="307">
+<interface name="corenet_udp_send_all_ports" lineno="1506">
 <summary>
-Connect to krb524 service
+Send UDP network traffic on all ports.
 </summary>
 <param name="domain">
 <summary>
@@ -8913,47 +11138,74 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kerberos_admin" lineno="336">
+<interface name="corenet_sctp_bind_generic_port" lineno="1524">
 <summary>
-All of the rules required to administrate
-an kerberos environment
+Bind SCTP sockets to generic ports.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="corenet_udp_receive_all_ports" lineno="1544">
 <summary>
-The role to be allowed to manage the kerberos domain.
+Receive UDP network traffic on all ports.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<tunable name="allow_kerberos" dftval="false">
+<interface name="corenet_udp_sendrecv_all_ports" lineno="1586">
+<summary>
+Send and receive UDP network traffic on all ports.
+</summary>
 <desc>
 <p>
-Allow confined applications to run with kerberos.
+Send and receive UDP network traffic on all ports.
+Related interfaces:
+</p>
+<ul>
+<li>corenet_all_recvfrom_unlabeled()</li>
+<li>corenet_udp_sendrecv_generic_if()</li>
+<li>corenet_udp_sendrecv_generic_node()</li>
+<li>corenet_udp_bind_all_ports()</li>
+</ul>
+<p>
+Example client being able to send to all ports over
+generic nodes, without labeled networking:
+</p>
+<p>
+allow myclient_t self:udp_socket create_socket_perms;
+corenet_udp_sendrecv_generic_if(myclient_t)
+corenet_udp_sendrecv_generic_node(myclient_t)
+corenet_udp_sendrecv_all_ports(myclient_t)
+corenet_all_recvfrom_unlabeled(myclient_t)
 </p>
 </desc>
-</tunable>
-</module>
-<module name="kerneloops" filename="policy/modules/contrib/kerneloops.if">
-<summary>Service for reporting kernel oopses to kerneloops.org</summary>
-<interface name="kerneloops_domtrans" lineno="13">
+<param name="domain">
 <summary>
-Execute a domain transition to run kerneloops.
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sctp_bind_generic_port" lineno="1602">
+<summary>
+Do not audit attempts to bind SCTP
+sockets to generic ports.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="kerneloops_dbus_chat" lineno="33">
+<interface name="corenet_tcp_bind_all_ports" lineno="1620">
 <summary>
-Send and receive messages from
-kerneloops over dbus.
+Bind TCP sockets to all ports.
 </summary>
 <param name="domain">
 <summary>
@@ -8961,10 +11213,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kerneloops_dontaudit_dbus_chat" lineno="54">
+<interface name="corenet_dontaudit_tcp_bind_all_ports" lineno="1639">
 <summary>
-dontaudit attempts to Send and receive messages from
-kerneloops over dbus.
+Do not audit attepts to bind TCP sockets to any ports.
 </summary>
 <param name="domain">
 <summary>
@@ -8972,9 +11223,9 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="kerneloops_manage_tmp_files" lineno="74">
+<interface name="corenet_udp_bind_all_ports" lineno="1657">
 <summary>
-Allow domain to manage kerneloops tmp files
+Bind UDP sockets to all ports.
 </summary>
 <param name="domain">
 <summary>
@@ -8982,55 +11233,88 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kerneloops_admin" lineno="100">
+<interface name="corenet_sctp_connect_generic_port" lineno="1676">
 <summary>
-All of the rules required to administrate
-an kerneloops environment
+Connect SCTP sockets to generic ports.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="corenet_dontaudit_udp_bind_all_ports" lineno="1694">
 <summary>
-The role to be allowed to manage the kerneloops domain.
+Do not audit attepts to bind UDP sockets to any ports.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
 </interface>
-</module>
-<module name="kismet" filename="policy/modules/contrib/kismet.if">
-<summary>Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.</summary>
-<interface name="kismet_domtrans" lineno="13">
+<interface name="corenet_tcp_connect_all_ports" lineno="1740">
 <summary>
-Execute a domain transition to run kismet.
+Connect TCP sockets to all ports.
 </summary>
+<desc>
+<p>
+Connect TCP sockets to all ports
+</p>
+<p>
+Related interfaces:
+</p>
+<ul>
+<li>corenet_all_recvfrom_unlabeled()</li>
+<li>corenet_tcp_sendrecv_generic_if()</li>
+<li>corenet_tcp_sendrecv_generic_node()</li>
+<li>corenet_tcp_sendrecv_all_ports()</li>
+<li>corenet_tcp_bind_all_ports()</li>
+</ul>
+<p>
+Example client being able to connect to all ports over
+generic nodes, without labeled networking:
+</p>
+<p>
+allow myclient_t self:tcp_socket create_stream_socket_perms;
+corenet_tcp_sendrecv_generic_if(myclient_t)
+corenet_tcp_sendrecv_generic_node(myclient_t)
+corenet_tcp_sendrecv_all_ports(myclient_t)
+corenet_tcp_connect_all_ports(myclient_t)
+corenet_all_recvfrom_unlabeled(myclient_t)
+</p>
+</desc>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="1"/>
 </interface>
-<interface name="kismet_run" lineno="38">
+<interface name="corenet_dontaudit_tcp_connect_all_ports" lineno="1759">
 <summary>
-Execute kismet in the kismet domain, and
-allow the specified role the kismet domain.
+Do not audit attempts to connect TCP sockets
+to all ports.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="corenet_tcp_sendrecv_reserved_port" lineno="1777">
 <summary>
-Role allowed access.
+Send and receive TCP network traffic on generic reserved ports.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kismet_read_pid_files" lineno="57">
+<interface name="corenet_udp_send_reserved_port" lineno="1795">
 <summary>
-Read kismet PID files.
+Send UDP network traffic on generic reserved ports.
 </summary>
 <param name="domain">
 <summary>
@@ -9038,9 +11322,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kismet_manage_pid_files" lineno="76">
+<interface name="corenet_udp_receive_reserved_port" lineno="1813">
 <summary>
-Manage kismet var_run files.
+Receive UDP network traffic on generic reserved ports.
 </summary>
 <param name="domain">
 <summary>
@@ -9048,9 +11332,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kismet_search_lib" lineno="95">
+<interface name="corenet_udp_sendrecv_reserved_port" lineno="1831">
 <summary>
-Search kismet lib directories.
+Send and receive UDP network traffic on generic reserved ports.
 </summary>
 <param name="domain">
 <summary>
@@ -9058,9 +11342,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kismet_read_lib_files" lineno="114">
+<interface name="corenet_tcp_bind_reserved_port" lineno="1846">
 <summary>
-Read kismet lib files.
+Bind TCP sockets to generic reserved ports.
 </summary>
 <param name="domain">
 <summary>
@@ -9068,10 +11352,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kismet_manage_lib_files" lineno="135">
+<interface name="corenet_sctp_bind_all_ports" lineno="1865">
 <summary>
-Create, read, write, and delete
-kismet lib files.
+Bind SCTP sockets to all ports.
 </summary>
 <param name="domain">
 <summary>
@@ -9079,9 +11362,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kismet_manage_lib" lineno="154">
+<interface name="corenet_udp_bind_reserved_port" lineno="1884">
 <summary>
-Manage kismet var_lib files.
+Bind UDP sockets to generic reserved ports.
 </summary>
 <param name="domain">
 <summary>
@@ -9089,31 +11372,29 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kismet_read_log" lineno="175">
+<interface name="corenet_tcp_connect_reserved_port" lineno="1903">
 <summary>
-Allow the specified domain to read kismet's log files.
+Connect TCP sockets to generic reserved ports.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="kismet_append_log" lineno="195">
+<interface name="corenet_dontaudit_sctp_bind_all_ports" lineno="1921">
 <summary>
-Allow the specified domain to append
-kismet log files.
+Do not audit attempts to bind SCTP sockets to any ports.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="kismet_manage_log" lineno="214">
+<interface name="corenet_tcp_sendrecv_all_reserved_ports" lineno="1939">
 <summary>
-Allow domain to manage kismet log files
+Send and receive TCP network traffic on all reserved ports.
 </summary>
 <param name="domain">
 <summary>
@@ -9121,107 +11402,100 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kismet_admin" lineno="236">
+<interface name="corenet_udp_send_all_reserved_ports" lineno="1957">
 <summary>
-All of the rules required to administrate an kismet environment
+Send UDP network traffic on all reserved ports.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-</module>
-<module name="ksmtuned" filename="policy/modules/contrib/ksmtuned.if">
-<summary>Kernel Samepage Merging (KSM) Tuning Daemon</summary>
-<interface name="ksmtuned_domtrans" lineno="13">
+<interface name="corenet_udp_receive_all_reserved_ports" lineno="1975">
 <summary>
-Execute a domain transition to run ksmtuned.
+Receive UDP network traffic on all reserved ports.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="ksmtuned_initrc_domtrans" lineno="31">
+<interface name="corenet_udp_sendrecv_all_reserved_ports" lineno="1993">
 <summary>
-Execute ksmtuned server in the ksmtuned domain.
+Send and receive UDP network traffic on all reserved ports.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="ksmtuned_admin" lineno="56">
+<interface name="corenet_sctp_connect_all_ports" lineno="2008">
 <summary>
-All of the rules required to administrate
-an ksmtuned environment
+Connect SCTP sockets to all ports.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="corenet_tcp_bind_all_reserved_ports" lineno="2026">
 <summary>
-Role allowed access.
+Bind TCP sockets to all reserved ports.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-</module>
-<module name="ktalk" filename="policy/modules/contrib/ktalk.if">
-<summary>KDE Talk daemon</summary>
-</module>
-<module name="kudzu" filename="policy/modules/contrib/kudzu.if">
-<summary>Hardware detection and configuration tools</summary>
-<interface name="kudzu_domtrans" lineno="13">
+<interface name="corenet_dontaudit_tcp_bind_all_reserved_ports" lineno="2045">
 <summary>
-Execute kudzu in the kudzu domain.
+Do not audit attempts to bind TCP sockets to all reserved ports.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="kudzu_run" lineno="38">
+<interface name="corenet_udp_bind_all_reserved_ports" lineno="2063">
 <summary>
-Execute kudzu in the kudzu domain, and
-allow the specified role the kudzu domain.
+Bind UDP sockets to all reserved ports.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="corenet_dontaudit_udp_bind_all_reserved_ports" lineno="2082">
 <summary>
-Role allowed access.
+Do not audit attempts to bind UDP sockets to all reserved ports.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="kudzu_getattr_exec_files" lineno="58">
+<interface name="corenet_dontaudit_sctp_connect_all_ports" lineno="2101">
 <summary>
-Get attributes of kudzu executable.
+Do not audit attempts to connect SCTP sockets
+to all ports.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
 </interface>
-</module>
-<module name="ldap" filename="policy/modules/contrib/ldap.if">
-<summary>OpenLDAP directory server</summary>
-<interface name="ldap_list_db" lineno="14">
+<interface name="corenet_tcp_bind_all_unreserved_ports" lineno="2119">
 <summary>
-Read the contents of the OpenLDAP
-database directories.
+Bind TCP sockets to all ports > 1024.
 </summary>
 <param name="domain">
 <summary>
@@ -9229,20 +11503,19 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="ldap_read_config" lineno="33">
+<interface name="corenet_udp_bind_all_unreserved_ports" lineno="2137">
 <summary>
-Read the OpenLDAP configuration files.
+Bind UDP sockets to all ports > 1024.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="ldap_use" lineno="52">
+<interface name="corenet_tcp_connect_all_reserved_ports" lineno="2155">
 <summary>
-Use LDAP over TCP connection.  (Deprecated)
+Connect TCP sockets to reserved ports.
 </summary>
 <param name="domain">
 <summary>
@@ -9250,9 +11523,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="ldap_stream_connect" lineno="66">
+<interface name="corenet_sctp_connect_all_unreserved_ports" lineno="2173">
 <summary>
-Connect to slapd over an unix stream socket.
+Connect SCTP sockets to all ports > 1024.
 </summary>
 <param name="domain">
 <summary>
@@ -9260,52 +11533,41 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="ldap_admin" lineno="92">
+<interface name="corenet_dontaudit_tcp_connect_all_unreserved_ports" lineno="2192">
 <summary>
-All of the rules required to administrate
-an ldap environment
+Do not audit connect attempts to TCP sockets on
+ports greater than 1024.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain not to audit access to.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="corenet_tcp_connect_all_unreserved_ports" lineno="2210">
 <summary>
-The role to be allowed to manage the ldap domain.
+Connect TCP sockets to all ports > 1024.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-</module>
-<module name="likewise" filename="policy/modules/contrib/likewise.if">
-<summary>Likewise Active Directory support for UNIX.</summary>
-<desc>
-<p>
-Likewise Open is a free, open source application that joins Linux, Unix,
-and Mac machines to Microsoft Active Directory to securely authenticate
-users with their domain credentials.
-</p>
-</desc>
-<template name="likewise_domain_template" lineno="26">
+<interface name="corenet_dontaudit_tcp_connect_all_reserved_ports" lineno="2229">
 <summary>
-The template to define a likewise domain.
+Do not audit attempts to connect TCP sockets
+all reserved ports.
 </summary>
-<desc>
-<p>
-This template creates a domain to be used for
-a new likewise daemon.
-</p>
-</desc>
-<param name="userdomain_prefix">
+<param name="domain">
 <summary>
-The type of daemon to be used.
+Domain to not audit.
 </summary>
 </param>
-</template>
-<interface name="likewise_stream_connect_lsassd" lineno="98">
+</interface>
+<interface name="corenet_tcp_connect_all_rpc_ports" lineno="2247">
 <summary>
-Connect to lsassd.
+Connect TCP sockets to rpc ports.
 </summary>
 <param name="domain">
 <summary>
@@ -9313,23 +11575,20 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-</module>
-<module name="lircd" filename="policy/modules/contrib/lircd.if">
-<summary>Linux infared remote control daemon</summary>
-<interface name="lircd_domtrans" lineno="13">
+<interface name="corenet_dontaudit_tcp_connect_all_rpc_ports" lineno="2266">
 <summary>
-Execute a domain transition to run lircd.
+Do not audit attempts to connect TCP sockets
+all rpc ports.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="lircd_stream_connect" lineno="33">
+<interface name="corenet_sctp_bind_reserved_port" lineno="2284">
 <summary>
-Connect to lircd over a unix domain
-stream socket.
+Bind SCTP sockets to generic reserved ports.
 </summary>
 <param name="domain">
 <summary>
@@ -9337,75 +11596,80 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="lircd_read_config" lineno="52">
+<interface name="corenet_read_tun_tap_dev" lineno="2303">
 <summary>
-Read lircd etc file
+Read the TUN/TAP virtual network device.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+The domain read allowed access.
 </summary>
 </param>
 </interface>
-<interface name="lircd_admin" lineno="77">
+<interface name="corenet_write_tun_tap_dev" lineno="2322">
 <summary>
-All of the rules required to administrate
-a lircd environment
+Write the TUN/TAP virtual network device.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+The domain allowed write access.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="corenet_rw_tun_tap_dev" lineno="2341">
 <summary>
-The role to be allowed to manage the syslog domain.
+Read and write the TUN/TAP virtual network device.
+</summary>
+<param name="domain">
+<summary>
+The domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-</module>
-<module name="livecd" filename="policy/modules/contrib/livecd.if">
-<summary>Livecd tool for building alternate livecd for different os and policy versions.</summary>
-<interface name="livecd_domtrans" lineno="13">
+<interface name="corenet_sctp_connect_reserved_port" lineno="2360">
 <summary>
-Execute a domain transition to run livecd.
+Connect SCTP sockets to generic reserved ports.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="livecd_run" lineno="37">
+<interface name="corenet_dontaudit_rw_tun_tap_dev" lineno="2379">
 <summary>
-Execute livecd in the livecd domain, and
-allow the specified role the livecd domain.
+Do not audit attempts to read or write the TUN/TAP
+virtual network device.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="corenet_getattr_ppp_dev" lineno="2397">
 <summary>
-Role allowed access.
+Getattr the point-to-point device.
+</summary>
+<param name="domain">
+<summary>
+The domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="livecd_read_tmp_files" lineno="56">
+<interface name="corenet_rw_ppp_dev" lineno="2415">
 <summary>
-Read livecd temporary files.
+Read and write the point-to-point device.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+The domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="livecd_rw_tmp_files" lineno="75">
+<interface name="corenet_tcp_bind_all_rpc_ports" lineno="2434">
 <summary>
-Read and write livecd temporary files.
+Bind TCP sockets to all RPC ports.
 </summary>
 <param name="domain">
 <summary>
@@ -9413,48 +11677,49 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="livecd_rw_semaphores" lineno="94">
+<interface name="corenet_dontaudit_tcp_bind_all_rpc_ports" lineno="2453">
 <summary>
-Allow read and write access to livecd semaphores.
+Do not audit attempts to bind TCP sockets to all RPC ports.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
 </interface>
-</module>
-<module name="loadkeys" filename="policy/modules/contrib/loadkeys.if">
-<summary>Load keyboard mappings.</summary>
-<interface name="loadkeys_domtrans" lineno="13">
+<interface name="corenet_udp_bind_all_rpc_ports" lineno="2471">
 <summary>
-Execute the loadkeys program in the loadkeys domain.
+Bind UDP sockets to all RPC ports.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="loadkeys_run" lineno="42">
+<interface name="corenet_dontaudit_udp_bind_all_rpc_ports" lineno="2490">
 <summary>
-Execute the loadkeys program in the loadkeys domain.
+Do not audit attempts to bind UDP sockets to all RPC ports.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="corenet_sctp_bind_all_reserved_ports" lineno="2508">
 <summary>
-The role to allow the loadkeys domain.
+Bind SCTP sockets to all reserved ports.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="loadkeys_exec" lineno="61">
+<interface name="corenet_tcp_recvfrom_netlabel" lineno="2527">
 <summary>
-Execute the loadkeys program in the caller domain.
+Receive TCP packets from a NetLabel connection.
 </summary>
 <param name="domain">
 <summary>
@@ -9462,57 +11727,61 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-</module>
-<module name="lockdev" filename="policy/modules/contrib/lockdev.if">
-<summary>device locking policy for lockdev</summary>
-<interface name="lockdev_role" lineno="18">
+<interface name="corenet_tcp_recvfrom_unlabeled" lineno="2546">
 <summary>
-Role access for lockdev
+Receive TCP packets from an unlabled connection.
 </summary>
-<param name="role">
+<param name="domain">
 <summary>
-Role allowed access
+Domain allowed access.
 </summary>
 </param>
+</interface>
+<interface name="corenet_dontaudit_sctp_bind_all_reserved_ports" lineno="2566">
+<summary>
+Do not audit attempts to bind SCTP sockets to all reserved ports.
+</summary>
 <param name="domain">
 <summary>
-User domain for the role
+Domain to not audit.
 </summary>
 </param>
 </interface>
-</module>
-<module name="logrotate" filename="policy/modules/contrib/logrotate.if">
-<summary>Rotate and archive system logs</summary>
-<interface name="logrotate_domtrans" lineno="13">
+<interface name="corenet_dontaudit_tcp_recvfrom_netlabel" lineno="2585">
 <summary>
-Execute logrotate in the logrotate domain.
+Do not audit attempts to receive TCP packets from a NetLabel
+connection.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="logrotate_run" lineno="39">
+<interface name="corenet_dontaudit_tcp_recvfrom_unlabeled" lineno="2605">
 <summary>
-Execute logrotate in the logrotate domain, and
-allow the specified role the logrotate domain.
+Do not audit attempts to receive TCP packets from an unlabeled
+connection.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="corenet_udp_recvfrom_netlabel" lineno="2625">
 <summary>
-Role allowed access.
+Receive UDP packets from a NetLabel connection.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="logrotate_exec" lineno="58">
+<interface name="corenet_udp_recvfrom_unlabeled" lineno="2644">
 <summary>
-Execute logrotate in the caller domain.
+Receive UDP packets from an unlabeled connection.
 </summary>
 <param name="domain">
 <summary>
@@ -9520,9 +11789,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="logrotate_use_fds" lineno="77">
+<interface name="corenet_sctp_bind_all_unreserved_ports" lineno="2664">
 <summary>
-Inherit and use logrotate file descriptors.
+Bind SCTP sockets to all ports > 1024.
 </summary>
 <param name="domain">
 <summary>
@@ -9530,9 +11799,10 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="logrotate_dontaudit_use_fds" lineno="95">
+<interface name="corenet_dontaudit_udp_recvfrom_netlabel" lineno="2683">
 <summary>
-Do not audit attempts to inherit logrotate file descriptors.
+Do not audit attempts to receive UDP packets from a NetLabel
+connection.
 </summary>
 <param name="domain">
 <summary>
@@ -9540,22 +11810,20 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="logrotate_read_tmp_files" lineno="113">
+<interface name="corenet_dontaudit_udp_recvfrom_unlabeled" lineno="2703">
 <summary>
-Read a logrotate temporary files.
+Do not audit attempts to receive UDP packets from an unlabeled
+connection.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
 </interface>
-</module>
-<module name="logwatch" filename="policy/modules/contrib/logwatch.if">
-<summary>System log analyzer and reporter</summary>
-<interface name="logwatch_read_tmp_files" lineno="13">
+<interface name="corenet_raw_recvfrom_netlabel" lineno="2723">
 <summary>
-Read logwatch temporary files.
+Receive Raw IP packets from a NetLabel connection.
 </summary>
 <param name="domain">
 <summary>
@@ -9563,9 +11831,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="logwatch_search_cache_dir" lineno="32">
+<interface name="corenet_raw_recvfrom_unlabeled" lineno="2742">
 <summary>
-Search logwatch cache directory.
+Receive Raw IP packets from an unlabeled connection.
 </summary>
 <param name="domain">
 <summary>
@@ -9573,64 +11841,84 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-</module>
-<module name="lpd" filename="policy/modules/contrib/lpd.if">
-<summary>Line printer daemon</summary>
-<interface name="lpd_role" lineno="18">
+<interface name="corenet_dontaudit_raw_recvfrom_netlabel" lineno="2763">
 <summary>
-Role access for lpd
-</summary>
-<param name="role">
-<summary>
-Role allowed access
+Do not audit attempts to receive Raw IP packets from a NetLabel
+connection.
 </summary>
-</param>
 <param name="domain">
 <summary>
-User domain for the role
+Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="lpd_domtrans_checkpc" lineno="47">
+<interface name="corenet_sctp_connect_all_reserved_ports" lineno="2782">
 <summary>
-Execute lpd in the lpd domain.
+Connect SCTP sockets to reserved ports.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="lpd_run_checkpc" lineno="72">
+<interface name="corenet_dontaudit_raw_recvfrom_unlabeled" lineno="2801">
 <summary>
-Execute amrecover in the lpd domain, and
-allow the specified role the lpd domain.
+Do not audit attempts to receive Raw IP packets from an unlabeled
+connection.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="corenet_all_recvfrom_unlabeled" lineno="2833">
 <summary>
-Role allowed access.
+Receive packets from an unlabeled connection.
+</summary>
+<desc>
+<p>
+Allow the specified domain to receive packets from an
+unlabeled connection.  On machines that do not utilize
+labeled networking, this will be required on all
+networking domains.  On machines tha do utilize
+labeled networking, this will be required for any
+networking domain that is allowed to receive
+network traffic that does not have a label.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="lpd_list_spool" lineno="91">
+<interface name="corenet_all_recvfrom_netlabel" lineno="2866">
 <summary>
-List the contents of the printer spool directories.
+Receive packets from a NetLabel connection.
 </summary>
+<desc>
+<p>
+Allow the specified domain to receive NetLabel
+network traffic, which utilizes the Commercial IP
+Security Option (CIPSO) to set the MLS level
+of the network packets.  This is required for
+all networking domains that receive NetLabel
+network traffic.
+</p>
+</desc>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="lpd_read_spool" lineno="110">
+<interface name="corenet_dontaudit_all_recvfrom_unlabeled" lineno="2885">
 <summary>
-Read the printer spool files.
+Do not audit attempts to receive packets from an unlabeled connection.
 </summary>
 <param name="domain">
 <summary>
@@ -9638,118 +11926,139 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="lpd_manage_spool" lineno="129">
+<interface name="corenet_dontaudit_sctp_connect_all_reserved_ports" lineno="2908">
 <summary>
-Create, read, write, and delete printer spool files.
+Do not audit attempts to connect SCTP sockets
+all reserved ports.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="lpd_relabel_spool" lineno="150">
+<interface name="corenet_dontaudit_all_recvfrom_netlabel" lineno="2927">
 <summary>
-Relabel from and to the spool files.
+Do not audit attempts to receive packets from a NetLabel
+connection.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="lpd_read_config" lineno="170">
+<interface name="corenet_tcp_recvfrom_labeled" lineno="2959">
 <summary>
-List the contents of the printer spool directories.
+Rules for receiving labeled TCP packets.
 </summary>
+<desc>
+<p>
+Rules for receiving labeled TCP packets.
+</p>
+<p>
+Due to the nature of TCP, this is bidirectional.
+</p>
+</desc>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<param name="peer_domain">
+<summary>
+Peer domain.
+</summary>
+</param>
 </interface>
-<template name="lpd_domtrans_lpr" lineno="189">
+<interface name="corenet_udp_recvfrom_labeled" lineno="2987">
 <summary>
-Transition to a user lpr domain.
+Rules for receiving labeled UDP packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
-</template>
-<interface name="lpd_exec_lpr" lineno="208">
+<param name="peer_domain">
 <summary>
-Allow the specified domain to execute lpr
-in the caller domain.
+Peer domain.
+</summary>
+</param>
+</interface>
+<interface name="corenet_raw_recvfrom_labeled" lineno="3012">
+<summary>
+Rules for receiving labeled raw IP packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<param name="peer_domain">
+<summary>
+Peer domain.
+</summary>
+</param>
 </interface>
-<tunable name="use_lpd_server" dftval="false">
-<desc>
-<p>
-Use lpd server instead of cups
-</p>
-</desc>
-</tunable>
-</module>
-<module name="mailman" filename="policy/modules/contrib/mailman.if">
-<summary>Mailman is for managing electronic mail discussion and e-newsletter lists</summary>
-<template name="mailman_domain_template" lineno="19">
+<interface name="corenet_all_recvfrom_labeled" lineno="3046">
 <summary>
-The template to define a mailmain domain.
+Rules for receiving labeled packets via TCP, UDP and raw IP.
 </summary>
 <desc>
 <p>
-This template creates a domain to be used for
-a new mailman daemon.
+Rules for receiving labeled packets via TCP, UDP and raw IP.
+</p>
+<p>
+Due to the nature of TCP, the rules (for TCP
+networking only) are bidirectional.
 </p>
 </desc>
-<param name="userdomain_prefix">
+<param name="domain">
 <summary>
-The type of daemon to be used eg, cgi would give mailman_cgi_
+Domain allowed access.
 </summary>
 </param>
-</template>
-<interface name="mailman_domtrans" lineno="103">
+<param name="peer_domain">
 <summary>
-Execute mailman in the mailman domain.
+Peer domain.
+</summary>
+</param>
+</interface>
+<interface name="corenet_setcontext_all_spds" lineno="3064">
+<summary>
+Allow specified type to set the context of
+a SPD entry for labeled ipsec associations.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="mailman_domtrans_cgi" lineno="122">
+<interface name="corenet_send_generic_client_packets" lineno="3082">
 <summary>
-Execute mailman CGI scripts in the
-mailman CGI domain.
+Send generic client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="mailman_exec" lineno="140">
+<interface name="corenet_receive_generic_client_packets" lineno="3100">
 <summary>
-Execute mailman in the caller domain.
+Receive generic client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowd access.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="mailman_signal_cgi" lineno="158">
+<interface name="corenet_sendrecv_generic_client_packets" lineno="3118">
 <summary>
-Send generic signals to the mailman cgi domain.
+Send and receive generic client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -9757,9 +12066,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="mailman_search_data" lineno="176">
+<interface name="corenet_relabelto_generic_client_packets" lineno="3133">
 <summary>
-Allow domain to search data directories.
+Relabel packets to the generic client packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -9767,9 +12076,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="mailman_read_data_files" lineno="194">
+<interface name="corenet_send_generic_server_packets" lineno="3151">
 <summary>
-Allow domain to to read mailman data files.
+Send generic server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -9777,10 +12086,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="mailman_manage_data_files" lineno="215">
+<interface name="corenet_receive_generic_server_packets" lineno="3169">
 <summary>
-Allow domain to to create mailman data files
-and write the directory.
+Receive generic server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -9788,9 +12096,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="mailman_list_data" lineno="234">
+<interface name="corenet_sendrecv_generic_server_packets" lineno="3187">
 <summary>
-List the contents of mailman data directories.
+Send and receive generic server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -9798,9 +12106,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="mailman_read_data_symlinks" lineno="252">
+<interface name="corenet_relabelto_generic_server_packets" lineno="3202">
 <summary>
-Allow read acces to mailman data symbolic links.
+Relabel packets to the generic server packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -9808,19 +12116,26 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="mailman_read_log" lineno="270">
+<interface name="corenet_sendrecv_unlabeled_packets" lineno="3227">
 <summary>
-Read mailman logs.
+Send and receive unlabeled packets.
 </summary>
+<desc>
+<p>
+Send and receive unlabeled packets.
+These packets do not match any netfilter
+SECMARK rules.
+</p>
+</desc>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="mailman_append_log" lineno="288">
+<interface name="corenet_send_all_client_packets" lineno="3241">
 <summary>
-Append to mailman logs.
+Send all client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -9828,10 +12143,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="mailman_manage_log" lineno="307">
+<interface name="corenet_receive_all_client_packets" lineno="3259">
 <summary>
-Create, read, write, and delete
-mailman logs.
+Receive all client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -9839,9 +12153,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="mailman_read_archive" lineno="326">
+<interface name="corenet_sendrecv_all_client_packets" lineno="3277">
 <summary>
-Allow domain to read mailman archive files.
+Send and receive all client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -9849,48 +12163,39 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="mailman_domtrans_queue" lineno="346">
+<interface name="corenet_relabelto_all_client_packets" lineno="3292">
 <summary>
-Execute mailman_queue in the mailman_queue domain.
+Relabel packets to any client packet type.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-</module>
-<module name="mcelog" filename="policy/modules/contrib/mcelog.if">
-<summary>policy for mcelog</summary>
-<interface name="mcelog_domtrans" lineno="13">
+<interface name="corenet_send_all_server_packets" lineno="3310">
 <summary>
-Execute a domain transition to run mcelog.
+Send all server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-</module>
-<module name="mediawiki" filename="policy/modules/contrib/mediawiki.if">
-<summary>Mediawiki policy</summary>
-</module>
-<module name="memcached" filename="policy/modules/contrib/memcached.if">
-<summary>high-performance memory object caching system</summary>
-<interface name="memcached_domtrans" lineno="13">
+<interface name="corenet_sctp_recvfrom_netlabel" lineno="3328">
 <summary>
-Execute a domain transition to run memcached.
+Receive SCTP packets from a NetLabel connection.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="memcached_read_pid_files" lineno="32">
+<interface name="corenet_receive_all_server_packets" lineno="3346">
 <summary>
-Read memcached PID files.
+Receive all server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -9898,40 +12203,39 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="memcached_admin" lineno="58">
+<interface name="corenet_sendrecv_all_server_packets" lineno="3364">
 <summary>
-All of the rules required to administrate
-an memcached environment
+Send and receive all server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="corenet_relabelto_all_server_packets" lineno="3379">
 <summary>
-The role to be allowed to manage the memcached domain.
+Relabel packets to any server packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-</module>
-<module name="milter" filename="policy/modules/contrib/milter.if">
-<summary>Milter mail filters</summary>
-<template name="milter_template" lineno="14">
+<interface name="corenet_sctp_recvfrom_unlabeled" lineno="3397">
 <summary>
-Create a set of derived types for various
-mail filter applications using the milter interface.
+Receive SCTP packets from an unlabled connection.
 </summary>
-<param name="milter_name">
+<param name="domain">
 <summary>
-The name to be used for deriving type names.
+Domain allowed access.
 </summary>
 </param>
-</template>
-<interface name="milter_stream_connect_all" lineno="59">
+</interface>
+<interface name="corenet_send_all_packets" lineno="3418">
 <summary>
-MTA communication with milter sockets
+Send all packets.
 </summary>
 <param name="domain">
 <summary>
@@ -9939,9 +12243,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="milter_getattr_all_sockets" lineno="78">
+<interface name="corenet_receive_all_packets" lineno="3436">
 <summary>
-Allow getattr of milter sockets
+Receive all packets.
 </summary>
 <param name="domain">
 <summary>
@@ -9949,9 +12253,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="milter_manage_spamass_state" lineno="97">
+<interface name="corenet_sendrecv_all_packets" lineno="3454">
 <summary>
-Manage spamassassin milter state
+Send and receive all packets.
 </summary>
 <param name="domain">
 <summary>
@@ -9959,23 +12263,19 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-</module>
-<module name="modemmanager" filename="policy/modules/contrib/modemmanager.if">
-<summary>Provides a DBus interface to communicate with mobile broadband (GSM, CDMA, UMTS, ...) cards.</summary>
-<interface name="modemmanager_domtrans" lineno="13">
+<interface name="corenet_relabelto_all_packets" lineno="3469">
 <summary>
-Execute a domain transition to run modemmanager.
+Relabel packets to any packet type.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="modemmanager_dbus_chat" lineno="32">
+<interface name="corenet_ib_access_unlabeled_pkeys" lineno="3487">
 <summary>
-Send and receive messages from
-modemmanager over dbus.
+Access unlabeled infiniband pkeys.
 </summary>
 <param name="domain">
 <summary>
@@ -9983,223 +12283,240 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-</module>
-<module name="mojomojo" filename="policy/modules/contrib/mojomojo.if">
-<summary>MojoMojo Wiki</summary>
-<interface name="mojomojo_admin" lineno="20">
+<interface name="corenet_ib_access_all_pkeys" lineno="3501">
 <summary>
-All of the rules required to administrate
-an mojomojo environment
+Access all labeled infiniband pkeys.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="corenet_ib_manage_subnet_all_endports" lineno="3519">
 <summary>
-Role allowed access.
+Manage subnets on all labeled Infiniband endports
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-</module>
-<module name="mono" filename="policy/modules/contrib/mono.if">
-<summary>Run .NET server and client applications on Linux.</summary>
-<template name="mono_role_template" lineno="30">
+<interface name="corenet_ib_manage_subnet_unlabeled_endports" lineno="3537">
 <summary>
-The role template for the mono module.
+Manage subnet on all unlabeled Infiniband endports
 </summary>
-<desc>
-<p>
-This template creates a derived domains which are used
-for mono applications.
-</p>
-</desc>
-<param name="role_prefix">
+<param name="domain">
 <summary>
-The prefix of the user domain (e.g., user
-is the prefix for user_t).
+Domain allowed access.
 </summary>
 </param>
-<param name="user_role">
+</interface>
+<interface name="corenet_sctp_recvfrom_labeled" lineno="3556">
 <summary>
-The role associated with the user domain.
+Rules for receiving labeled SCTP packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<param name="user_domain">
+<param name="peer_domain">
 <summary>
-The type of the user domain.
+Peer domain.
 </summary>
 </param>
-</template>
-<interface name="mono_domtrans" lineno="69">
+</interface>
+<interface name="corenet_unconfined" lineno="3579">
 <summary>
-Execute the mono program in the mono domain.
+Unconfined access to network objects.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+The domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="mono_run" lineno="94">
+<interface name="corenet_tcp_sendrecv_adb_port" lineno="3599">
 <summary>
-Execute mono in the mono domain, and
-allow the specified role the mono domain.
+Send and receive TCP traffic on the adb port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_adb_port" lineno="3618">
 <summary>
-Role allowed access.
+Send UDP traffic on the adb port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="mono_exec" lineno="113">
+<interface name="corenet_dontaudit_udp_send_adb_port" lineno="3637">
 <summary>
-Execute the mono program in the caller domain.
+Do not audit attempts to send UDP traffic on the adb port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="mono_rw_shm" lineno="132">
+<interface name="corenet_udp_receive_adb_port" lineno="3656">
 <summary>
-Read and write to mono shared memory.
+Receive UDP traffic on the adb port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-</module>
-<module name="monop" filename="policy/modules/contrib/monop.if">
-<summary>Monopoly daemon</summary>
-</module>
-<module name="mozilla" filename="policy/modules/contrib/mozilla.if">
-<summary>Policy for Mozilla and related web browsers</summary>
-<interface name="mozilla_role" lineno="18">
+<interface name="corenet_dontaudit_udp_receive_adb_port" lineno="3675">
 <summary>
-Role access for mozilla
+Do not audit attempts to receive UDP traffic on the adb port.
 </summary>
-<param name="role">
+<param name="domain">
 <summary>
-Role allowed access
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_adb_port" lineno="3694">
+<summary>
+Send and receive UDP traffic on the adb port.
+</summary>
 <param name="domain">
 <summary>
-User domain for the role
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="mozilla_read_user_home_files" lineno="63">
+<interface name="corenet_dontaudit_udp_sendrecv_adb_port" lineno="3711">
 <summary>
-Read mozilla home directory content
+Do not audit attempts to send and receive
+UDP traffic on the adb port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="mozilla_write_user_home_files" lineno="84">
+<interface name="corenet_tcp_bind_adb_port" lineno="3727">
 <summary>
-Write mozilla home directory content
+Bind TCP sockets to the adb port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="mozilla_dontaudit_rw_user_home_files" lineno="103">
+<interface name="corenet_udp_bind_adb_port" lineno="3747">
 <summary>
-Dontaudit attempts to read/write mozilla home directory content
+Bind UDP sockets to the adb port.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="mozilla_dontaudit_manage_user_home_files" lineno="121">
+<interface name="corenet_tcp_connect_adb_port" lineno="3766">
 <summary>
-Dontaudit attempts to write mozilla home directory content
+Make a TCP connection to the adb port.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="mozilla_exec_user_home_files" lineno="140">
+<interface name="corenet_send_adb_client_packets" lineno="3786">
 <summary>
-Execute mozilla home directory content.
+Send adb_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="mozilla_execmod_user_home_files" lineno="158">
+<interface name="corenet_dontaudit_send_adb_client_packets" lineno="3805">
 <summary>
-Execmod mozilla home directory content.
+Do not audit attempts to send adb_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="mozilla_domtrans" lineno="176">
+<interface name="corenet_receive_adb_client_packets" lineno="3824">
 <summary>
-Run mozilla in the mozilla domain.
+Receive adb_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="mozilla_domtrans_plugin" lineno="194">
+<interface name="corenet_dontaudit_receive_adb_client_packets" lineno="3843">
 <summary>
-Execute a domain transition to run mozilla_plugin.
+Do not audit attempts to receive adb_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="mozilla_run_plugin" lineno="220">
+<interface name="corenet_sendrecv_adb_client_packets" lineno="3862">
 <summary>
-Execute mozilla_plugin in the mozilla_plugin domain, and
-allow the specified role the mozilla_plugin domain.
+Send and receive adb_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access
+Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_adb_client_packets" lineno="3878">
+<summary>
+Do not audit attempts to send and receive adb_client packets.
+</summary>
+<param name="domain">
 <summary>
-The role to be allowed the mozilla_plugin domain.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="mozilla_dbus_chat" lineno="240">
+<interface name="corenet_relabelto_adb_client_packets" lineno="3893">
 <summary>
-Send and receive messages from
-mozilla over dbus.
+Relabel packets to adb_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -10207,79 +12524,75 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="mozilla_rw_tcp_sockets" lineno="260">
+<interface name="corenet_send_adb_server_packets" lineno="3913">
 <summary>
-read/write mozilla per user tcp_socket
+Send adb_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="mozilla_plugin_read_tmpfs_files" lineno="278">
+<interface name="corenet_dontaudit_send_adb_server_packets" lineno="3932">
 <summary>
-Read mozilla_plugin tmpfs files
+Do not audit attempts to send adb_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="mozilla_plugin_delete_tmpfs_files" lineno="296">
+<interface name="corenet_receive_adb_server_packets" lineno="3951">
 <summary>
-Delete mozilla_plugin tmpfs files
+Receive adb_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<tunable name="mozilla_read_content" dftval="false">
-<desc>
-<p>
-Allow confined web browsers to read home directory content
-</p>
-</desc>
-</tunable>
-</module>
-<module name="mpd" filename="policy/modules/contrib/mpd.if">
-<summary>Music Player Daemon</summary>
-<interface name="mpd_domtrans" lineno="13">
+<interface name="corenet_dontaudit_receive_adb_server_packets" lineno="3970">
 <summary>
-Execute a domain transition to run mpd.
+Do not audit attempts to receive adb_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="mpd_initrc_domtrans" lineno="31">
+<interface name="corenet_sendrecv_adb_server_packets" lineno="3989">
 <summary>
-Execute mpd server in the mpd domain.
+Send and receive adb_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="mpd_read_data_files" lineno="49">
+<interface name="corenet_dontaudit_sendrecv_adb_server_packets" lineno="4005">
 <summary>
-Read mpd data files.
+Do not audit attempts to send and receive adb_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="mpd_manage_data_files" lineno="68">
+<interface name="corenet_relabelto_adb_server_packets" lineno="4020">
 <summary>
-Manage mpd data files.
+Relabel packets to adb_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -10287,450 +12600,447 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="mpd_read_tmpfs_files" lineno="87">
+<interface name="corenet_tcp_sendrecv_afs_bos_port" lineno="4042">
 <summary>
-Read mpd tmpfs files.
+Send and receive TCP traffic on the afs_bos port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="mpd_manage_tmpfs_files" lineno="106">
+<interface name="corenet_udp_send_afs_bos_port" lineno="4061">
 <summary>
-Manage mpd tmpfs files.
+Send UDP traffic on the afs_bos port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="mpd_search_lib" lineno="126">
+<interface name="corenet_dontaudit_udp_send_afs_bos_port" lineno="4080">
 <summary>
-Search mpd lib directories.
+Do not audit attempts to send UDP traffic on the afs_bos port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="mpd_read_lib_files" lineno="145">
+<interface name="corenet_udp_receive_afs_bos_port" lineno="4099">
 <summary>
-Read mpd lib files.
+Receive UDP traffic on the afs_bos port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="mpd_manage_lib_files" lineno="165">
+<interface name="corenet_dontaudit_udp_receive_afs_bos_port" lineno="4118">
 <summary>
-Create, read, write, and delete
-mpd lib files.
+Do not audit attempts to receive UDP traffic on the afs_bos port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="mpd_var_lib_filetrans" lineno="195">
+<interface name="corenet_udp_sendrecv_afs_bos_port" lineno="4137">
 <summary>
-Create an object in the root directory, with a private
-type using a type transition.
+Send and receive UDP traffic on the afs_bos port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="private type">
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_afs_bos_port" lineno="4154">
 <summary>
-The type of the object to be created.
+Do not audit attempts to send and receive
+UDP traffic on the afs_bos port.
 </summary>
-</param>
-<param name="object">
+<param name="domain">
 <summary>
-The object class of the object being created.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="mpd_manage_lib_dirs" lineno="214">
+<interface name="corenet_tcp_bind_afs_bos_port" lineno="4170">
 <summary>
-Manage mpd lib dirs files.
+Bind TCP sockets to the afs_bos port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="mpd_admin" lineno="240">
+<interface name="corenet_udp_bind_afs_bos_port" lineno="4190">
 <summary>
-All of the rules required to administrate
-an mpd environment
+Bind UDP sockets to the afs_bos port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_afs_bos_port" lineno="4209">
 <summary>
-Role allowed access.
+Make a TCP connection to the afs_bos port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-</module>
-<module name="mplayer" filename="policy/modules/contrib/mplayer.if">
-<summary>Mplayer media player and encoder</summary>
-<interface name="mplayer_role" lineno="18">
+<interface name="corenet_send_afs_bos_client_packets" lineno="4229">
 <summary>
-Role access for mplayer
+Send afs_bos_client packets.
 </summary>
-<param name="role">
+<param name="domain">
 <summary>
-Role allowed access
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_afs_bos_client_packets" lineno="4248">
+<summary>
+Do not audit attempts to send afs_bos_client packets.
+</summary>
 <param name="domain">
 <summary>
-User domain for the role
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="mplayer_domtrans" lineno="60">
+<interface name="corenet_receive_afs_bos_client_packets" lineno="4267">
 <summary>
-Run mplayer in mplayer domain.
+Receive afs_bos_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="mplayer_exec" lineno="79">
+<interface name="corenet_dontaudit_receive_afs_bos_client_packets" lineno="4286">
 <summary>
-Execute mplayer in the caller domain.
+Do not audit attempts to receive afs_bos_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="mplayer_read_user_home_files" lineno="97">
+<interface name="corenet_sendrecv_afs_bos_client_packets" lineno="4305">
 <summary>
-Read mplayer per user homedir
+Send and receive afs_bos_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<tunable name="allow_mplayer_execstack" dftval="false">
-<desc>
-<p>
-Allow mplayer executable stack
-</p>
-</desc>
-</tunable>
-</module>
-<module name="mrtg" filename="policy/modules/contrib/mrtg.if">
-<summary>Network traffic graphing</summary>
-<interface name="mrtg_append_create_logs" lineno="13">
+<interface name="corenet_dontaudit_sendrecv_afs_bos_client_packets" lineno="4321">
 <summary>
-Create and append mrtg logs.
+Do not audit attempts to send and receive afs_bos_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="mta" filename="policy/modules/contrib/mta.if">
-<summary>Policy common to all email tranfer agents.</summary>
-<interface name="mta_stub" lineno="13">
+<interface name="corenet_relabelto_afs_bos_client_packets" lineno="4336">
 <summary>
-MTA stub interface.  No access allowed.
+Relabel packets to afs_bos_client the packet type.
 </summary>
-<param name="domain" unused="true">
+<param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
 </interface>
-<template name="mta_base_mail_template" lineno="41">
+<interface name="corenet_send_afs_bos_server_packets" lineno="4356">
 <summary>
-Basic mail transfer agent domain template.
+Send afs_bos_server packets.
 </summary>
-<desc>
-<p>
-This template creates a derived domain which is
-a email transfer agent, which sends mail on
-behalf of the user.
-</p>
-<p>
-This is the basic types and rules, common
-to the system agent and user agents.
-</p>
-</desc>
-<param name="domain_prefix">
+<param name="domain">
 <summary>
-The prefix of the domain (e.g., user
-is the prefix for user_t).
+Domain allowed access.
 </summary>
 </param>
-</template>
-<interface name="mta_role" lineno="162">
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_afs_bos_server_packets" lineno="4375">
 <summary>
-Role access for mta
+Do not audit attempts to send afs_bos_server packets.
 </summary>
-<param name="role">
+<param name="domain">
 <summary>
-Role allowed access
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_afs_bos_server_packets" lineno="4394">
+<summary>
+Receive afs_bos_server packets.
+</summary>
 <param name="domain">
 <summary>
-User domain for the role
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="mta_mailserver" lineno="194">
+<interface name="corenet_dontaudit_receive_afs_bos_server_packets" lineno="4413">
 <summary>
-Make the specified domain usable for a mail server.
+Do not audit attempts to receive afs_bos_server packets.
 </summary>
-<param name="type">
+<param name="domain">
 <summary>
-Type to be used as a mail server domain.
+Domain allowed access.
 </summary>
 </param>
-<param name="entry_point">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_afs_bos_server_packets" lineno="4432">
 <summary>
-Type of the program to be used as an entry point to this domain.
+Send and receive afs_bos_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="mta_agent_executable" lineno="213">
+<interface name="corenet_dontaudit_sendrecv_afs_bos_server_packets" lineno="4448">
 <summary>
-Make the specified type a MTA executable file.
+Do not audit attempts to send and receive afs_bos_server packets.
 </summary>
-<param name="type">
+<param name="domain">
 <summary>
-Type to be used as a mail client.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="mta_system_content" lineno="233">
+<interface name="corenet_relabelto_afs_bos_server_packets" lineno="4463">
 <summary>
-Make the specified type by a system MTA.
+Relabel packets to afs_bos_server the packet type.
 </summary>
-<param name="type">
+<param name="domain">
 <summary>
-Type to be used as a mail client.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="mta_sendmail_mailserver" lineno="266">
+<interface name="corenet_tcp_sendrecv_afs_fs_port" lineno="4485">
 <summary>
-Modified mailserver interface for
-sendmail daemon use.
+Send and receive TCP traffic on the afs_fs port.
 </summary>
-<desc>
-<p>
-A modified MTA mail server interface for
-the sendmail program.  It's design does
-not fit well with policy, and using the
-regular interface causes a type_transition
-conflict if direct running of init scripts
-is enabled.
-</p>
-<p>
-This interface should most likely only be used
-by the sendmail policy.
-</p>
-</desc>
 <param name="domain">
 <summary>
-The type to be used for the mail server.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="mta_mailserver_sender" lineno="287">
+<interface name="corenet_udp_send_afs_fs_port" lineno="4504">
 <summary>
-Make a type a mailserver type used
-for sending mail.
+Send UDP traffic on the afs_fs port.
 </summary>
 <param name="domain">
 <summary>
-Mail server domain type used for sending mail.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="mta_mailserver_delivery" lineno="306">
+<interface name="corenet_dontaudit_udp_send_afs_fs_port" lineno="4523">
 <summary>
-Make a type a mailserver type used
-for delivering mail to local users.
+Do not audit attempts to send UDP traffic on the afs_fs port.
 </summary>
 <param name="domain">
 <summary>
-Mail server domain type used for delivering mail.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="mta_mailserver_user_agent" lineno="327">
+<interface name="corenet_udp_receive_afs_fs_port" lineno="4542">
 <summary>
-Make a type a mailserver type used
-for sending mail on behalf of local
-users to the local mail spool.
+Receive UDP traffic on the afs_fs port.
 </summary>
 <param name="domain">
 <summary>
-Mail server domain type used for sending local mail.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="mta_send_mail" lineno="351">
+<interface name="corenet_dontaudit_udp_receive_afs_fs_port" lineno="4561">
 <summary>
-Send mail from the system.
+Do not audit attempts to receive UDP traffic on the afs_fs port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="mta_sendmail_domtrans" lineno="394">
+<interface name="corenet_udp_sendrecv_afs_fs_port" lineno="4580">
 <summary>
-Execute send mail in a specified domain.
+Send and receive UDP traffic on the afs_fs port.
 </summary>
-<desc>
-<p>
-Execute send mail in a specified domain.
-</p>
-<p>
-No interprocess communication (signals, pipes,
-etc.) is provided by this interface since
-the domains are not owned by this module.
-</p>
-</desc>
-<param name="source_domain">
+<param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
-<param name="target_domain">
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_afs_fs_port" lineno="4597">
 <summary>
-Domain to transition to.
+Do not audit attempts to send and receive
+UDP traffic on the afs_fs port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="mta_signal_system_mail" lineno="415">
+<interface name="corenet_tcp_bind_afs_fs_port" lineno="4613">
 <summary>
-Send system mail client a signal
+Bind TCP sockets to the afs_fs port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="mta_sendmail_exec" lineno="433">
+<interface name="corenet_udp_bind_afs_fs_port" lineno="4633">
 <summary>
-Execute sendmail in the caller domain.
+Bind UDP sockets to the afs_fs port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="mta_read_config" lineno="452">
+<interface name="corenet_tcp_connect_afs_fs_port" lineno="4652">
 <summary>
-Read mail server configuration.
+Make a TCP connection to the afs_fs port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="mta_write_config" lineno="474">
+<interface name="corenet_send_afs_fs_client_packets" lineno="4672">
 <summary>
-write mail server configuration.
+Send afs_fs_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="mta_read_aliases" lineno="492">
+<interface name="corenet_dontaudit_send_afs_fs_client_packets" lineno="4691">
 <summary>
-Read mail address aliases.
+Do not audit attempts to send afs_fs_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="mta_manage_aliases" lineno="511">
+<interface name="corenet_receive_afs_fs_client_packets" lineno="4710">
 <summary>
-Create, read, write, and delete mail address aliases.
+Receive afs_fs_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="mta_etc_filetrans_aliases" lineno="532">
+<interface name="corenet_dontaudit_receive_afs_fs_client_packets" lineno="4729">
 <summary>
-Type transition files created in /etc
-to the mail address aliases type.
+Do not audit attempts to receive afs_fs_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="mta_rw_aliases" lineno="551">
+<interface name="corenet_sendrecv_afs_fs_client_packets" lineno="4748">
 <summary>
-Read and write mail aliases.
+Send and receive afs_fs_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="mta_dontaudit_rw_delivery_tcp_sockets" lineno="571">
+<interface name="corenet_dontaudit_sendrecv_afs_fs_client_packets" lineno="4764">
 <summary>
-Do not audit attempts to read and write TCP
-sockets of mail delivery domains.
+Do not audit attempts to send and receive afs_fs_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="mta_tcp_connect_all_mailservers" lineno="589">
+<interface name="corenet_relabelto_afs_fs_client_packets" lineno="4779">
 <summary>
-Connect to all mail servers over TCP.  (Deprecated)
+Relabel packets to afs_fs_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -10738,62 +13048,75 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="mta_dontaudit_read_spool_symlinks" lineno="604">
+<interface name="corenet_send_afs_fs_server_packets" lineno="4799">
 <summary>
-Do not audit attempts to read a symlink
-in the mail spool.
+Send afs_fs_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_afs_fs_server_packets" lineno="4818">
+<summary>
+Do not audit attempts to send afs_fs_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="mta_getattr_spool" lineno="622">
+<interface name="corenet_receive_afs_fs_server_packets" lineno="4837">
 <summary>
-Get the attributes of mail spool files.
+Receive afs_fs_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="mta_dontaudit_getattr_spool_files" lineno="644">
+<interface name="corenet_dontaudit_receive_afs_fs_server_packets" lineno="4856">
 <summary>
-Do not audit attempts to get the attributes
-of mail spool files.
+Do not audit attempts to receive afs_fs_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="mta_spool_filetrans" lineno="676">
+<interface name="corenet_sendrecv_afs_fs_server_packets" lineno="4875">
 <summary>
-Create private objects in the
-mail spool directory.
+Send and receive afs_fs_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="private type">
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_afs_fs_server_packets" lineno="4891">
 <summary>
-The type of the object to be created.
+Do not audit attempts to send and receive afs_fs_server packets.
 </summary>
-</param>
-<param name="object">
+<param name="domain">
 <summary>
-The object class of the object being created.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="mta_rw_spool" lineno="695">
+<interface name="corenet_relabelto_afs_fs_server_packets" lineno="4906">
 <summary>
-Read and write the mail spool.
+Relabel packets to afs_fs_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -10801,102 +13124,109 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="mta_append_spool" lineno="717">
+<interface name="corenet_tcp_sendrecv_afs_ka_port" lineno="4928">
 <summary>
-Create, read, and write the mail spool.
+Send and receive TCP traffic on the afs_ka port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="mta_delete_spool" lineno="739">
+<interface name="corenet_udp_send_afs_ka_port" lineno="4947">
 <summary>
-Delete from the mail spool.
+Send UDP traffic on the afs_ka port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="mta_manage_spool" lineno="758">
+<interface name="corenet_dontaudit_udp_send_afs_ka_port" lineno="4966">
 <summary>
-Create, read, write, and delete mail spool files.
+Do not audit attempts to send UDP traffic on the afs_ka port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="mta_search_queue" lineno="779">
+<interface name="corenet_udp_receive_afs_ka_port" lineno="4985">
 <summary>
-Search mail queue dirs.
+Receive UDP traffic on the afs_ka port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="mta_list_queue" lineno="798">
+<interface name="corenet_dontaudit_udp_receive_afs_ka_port" lineno="5004">
 <summary>
-List the mail queue.
+Do not audit attempts to receive UDP traffic on the afs_ka port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="mta_read_queue" lineno="817">
+<interface name="corenet_udp_sendrecv_afs_ka_port" lineno="5023">
 <summary>
-Read the mail queue.
+Send and receive UDP traffic on the afs_ka port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="mta_dontaudit_rw_queue" lineno="837">
+<interface name="corenet_dontaudit_udp_sendrecv_afs_ka_port" lineno="5040">
 <summary>
-Do not audit attempts to read and
-write the mail queue.
+Do not audit attempts to send and receive
+UDP traffic on the afs_ka port.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="mta_manage_queue" lineno="857">
+<interface name="corenet_tcp_bind_afs_ka_port" lineno="5056">
 <summary>
-Create, read, write, and delete
-mail queue files.
+Bind TCP sockets to the afs_ka port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="mta_read_sendmail_bin" lineno="878">
+<interface name="corenet_udp_bind_afs_ka_port" lineno="5076">
 <summary>
-Read sendmail binary.
+Bind UDP sockets to the afs_ka port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="mta_rw_user_mail_stream_sockets" lineno="897">
+<interface name="corenet_tcp_connect_afs_ka_port" lineno="5095">
 <summary>
-Read and write unix domain stream sockets
-of user mail domains.
+Make a TCP connection to the afs_ka port.
 </summary>
 <param name="domain">
 <summary>
@@ -10904,160 +13234,151 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-</module>
-<module name="munin" filename="policy/modules/contrib/munin.if">
-<summary>Munin network-wide load graphing (formerly LRRD)</summary>
-<template name="munin_plugin_template" lineno="14">
+<interface name="corenet_send_afs_ka_client_packets" lineno="5115">
 <summary>
-Create a set of derived types for various
-munin plugins,
+Send afs_ka_client packets.
 </summary>
-<param name="prefix">
+<param name="domain">
 <summary>
-The name to be used for deriving type names.
+Domain allowed access.
 </summary>
 </param>
-</template>
-<interface name="munin_stream_connect" lineno="63">
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_afs_ka_client_packets" lineno="5134">
 <summary>
-Connect to munin over a unix domain
-stream socket.
+Do not audit attempts to send afs_ka_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="munin_read_config" lineno="84">
+<interface name="corenet_receive_afs_ka_client_packets" lineno="5153">
 <summary>
-Read munin configuration files.
+Receive afs_ka_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="munin_append_log" lineno="106">
+<interface name="corenet_dontaudit_receive_afs_ka_client_packets" lineno="5172">
 <summary>
-Append to the munin log.
+Do not audit attempts to receive afs_ka_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-<interface name="munin_search_lib" lineno="126">
+<interface name="corenet_sendrecv_afs_ka_client_packets" lineno="5191">
 <summary>
-Search munin library directories.
+Send and receive afs_ka_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="munin_dontaudit_search_lib" lineno="146">
+<interface name="corenet_dontaudit_sendrecv_afs_ka_client_packets" lineno="5207">
 <summary>
-Do not audit attempts to search
-munin library directories.
+Do not audit attempts to send and receive afs_ka_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="munin_admin" lineno="171">
+<interface name="corenet_relabelto_afs_ka_client_packets" lineno="5222">
 <summary>
-All of the rules required to administrate
-an munin environment
+Relabel packets to afs_ka_client the packet type.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
-<summary>
-The role to be allowed to manage the munin domain.
-</summary>
-</param>
-<rolecap/>
 </interface>
-</module>
-<module name="mysql" filename="policy/modules/contrib/mysql.if">
-<summary>Policy for MySQL</summary>
-<interface name="mysql_domtrans" lineno="13">
+<interface name="corenet_send_afs_ka_server_packets" lineno="5242">
 <summary>
-Execute MySQL in the mysql domain.
+Send afs_ka_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="mysql_signal" lineno="31">
+<interface name="corenet_dontaudit_send_afs_ka_server_packets" lineno="5261">
 <summary>
-Send a generic signal to MySQL.
+Do not audit attempts to send afs_ka_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="mysql_tcp_connect" lineno="49">
+<interface name="corenet_receive_afs_ka_server_packets" lineno="5280">
 <summary>
-Allow the specified domain to connect to postgresql with a tcp socket.
+Receive afs_ka_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="mysql_stream_connect" lineno="71">
+<interface name="corenet_dontaudit_receive_afs_ka_server_packets" lineno="5299">
 <summary>
-Connect to MySQL using a unix domain stream socket.
+Do not audit attempts to receive afs_ka_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-<interface name="mysql_read_config" lineno="91">
+<interface name="corenet_sendrecv_afs_ka_server_packets" lineno="5318">
 <summary>
-Read MySQL configuration files.
+Send and receive afs_ka_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="mysql_search_db" lineno="114">
+<interface name="corenet_dontaudit_sendrecv_afs_ka_server_packets" lineno="5334">
 <summary>
-Search the directories that contain MySQL
-database storage.
+Do not audit attempts to send and receive afs_ka_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="mysql_rw_db_dirs" lineno="133">
+<interface name="corenet_relabelto_afs_ka_server_packets" lineno="5349">
 <summary>
-Read and write to the MySQL database directory.
+Relabel packets to afs_ka_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -11065,182 +13386,185 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="mysql_manage_db_dirs" lineno="152">
+<interface name="corenet_tcp_sendrecv_afs_pt_port" lineno="5371">
 <summary>
-Create, read, write, and delete MySQL database directories.
+Send and receive TCP traffic on the afs_pt port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="mysql_append_db_files" lineno="171">
+<interface name="corenet_udp_send_afs_pt_port" lineno="5390">
 <summary>
-Append to the MySQL database directory.
+Send UDP traffic on the afs_pt port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="mysql_rw_db_files" lineno="190">
+<interface name="corenet_dontaudit_udp_send_afs_pt_port" lineno="5409">
 <summary>
-Read and write to the MySQL database directory.
+Do not audit attempts to send UDP traffic on the afs_pt port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="mysql_manage_db_files" lineno="209">
+<interface name="corenet_udp_receive_afs_pt_port" lineno="5428">
 <summary>
-Create, read, write, and delete MySQL database files.
+Receive UDP traffic on the afs_pt port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="mysql_rw_db_sockets" lineno="229">
+<interface name="corenet_dontaudit_udp_receive_afs_pt_port" lineno="5447">
 <summary>
-Read and write to the MySQL database
-named socket.
+Do not audit attempts to receive UDP traffic on the afs_pt port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="mysql_write_log" lineno="249">
+<interface name="corenet_udp_sendrecv_afs_pt_port" lineno="5466">
 <summary>
-Write to the MySQL log.
+Send and receive UDP traffic on the afs_pt port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="mysql_domtrans_mysql_safe" lineno="268">
+<interface name="corenet_dontaudit_udp_sendrecv_afs_pt_port" lineno="5483">
 <summary>
-Execute MySQL server in the mysql domain.
+Do not audit attempts to send and receive
+UDP traffic on the afs_pt port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="mysql_read_pid_files" lineno="286">
+<interface name="corenet_tcp_bind_afs_pt_port" lineno="5499">
 <summary>
-Read MySQL PID files.
+Bind TCP sockets to the afs_pt port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="mysql_search_pid_files" lineno="306">
+<interface name="corenet_udp_bind_afs_pt_port" lineno="5519">
 <summary>
-Search MySQL PID files.
+Bind UDP sockets to the afs_pt port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-
+<infoflow type="none"/>
 </interface>
-<interface name="mysql_admin" lineno="330">
+<interface name="corenet_tcp_connect_afs_pt_port" lineno="5538">
 <summary>
-All of the rules required to administrate an mysql environment
+Make a TCP connection to the afs_pt port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="corenet_send_afs_pt_client_packets" lineno="5558">
 <summary>
-The role to be allowed to manage the mysql domain.
+Send afs_pt_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="write" weight="10"/>
 </interface>
-<tunable name="mysql_connect_any" dftval="false">
-<desc>
-<p>
-Allow mysqld to connect to all ports
-</p>
-</desc>
-</tunable>
-</module>
-<module name="nagios" filename="policy/modules/contrib/nagios.if">
-<summary>Net Saint / NAGIOS - network monitoring server</summary>
-<template name="nagios_plugin_template" lineno="14">
+<interface name="corenet_dontaudit_send_afs_pt_client_packets" lineno="5577">
 <summary>
-Create a set of derived types for various
-nagios plugins,
+Do not audit attempts to send afs_pt_client packets.
 </summary>
-<param name="plugins_group_name">
+<param name="domain">
 <summary>
-The name to be used for deriving type names.
+Domain to not audit.
 </summary>
 </param>
-</template>
-<interface name="nagios_dontaudit_rw_pipes" lineno="54">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_afs_pt_client_packets" lineno="5596">
 <summary>
-Do not audit attempts to read or write nagios
-unnamed pipes.
+Receive afs_pt_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="nagios_read_config" lineno="74">
+<interface name="corenet_dontaudit_receive_afs_pt_client_packets" lineno="5615">
 <summary>
-Allow the specified domain to read
-nagios configuration files.
+Do not audit attempts to receive afs_pt_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-<interface name="nagios_read_log" lineno="94">
+<interface name="corenet_sendrecv_afs_pt_client_packets" lineno="5634">
 <summary>
-Read nagios logs.
+Send and receive afs_pt_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="nagios_dontaudit_rw_log" lineno="113">
+<interface name="corenet_dontaudit_sendrecv_afs_pt_client_packets" lineno="5650">
 <summary>
-Do not audit attempts to read or write nagios logs.
+Do not audit attempts to send and receive afs_pt_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="nagios_search_spool" lineno="131">
+<interface name="corenet_relabelto_afs_pt_client_packets" lineno="5665">
 <summary>
-Search nagios spool directories.
+Relabel packets to afs_pt_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -11248,165 +13572,185 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="nagios_read_tmp_files" lineno="151">
+<interface name="corenet_send_afs_pt_server_packets" lineno="5685">
 <summary>
-Allow the specified domain to read
-nagios temporary files.
+Send afs_pt_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="nagios_domtrans_nrpe" lineno="171">
+<interface name="corenet_dontaudit_send_afs_pt_server_packets" lineno="5704">
 <summary>
-Execute the nagios NRPE with
-a domain transition.
+Do not audit attempts to send afs_pt_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="nagios_admin" lineno="196">
+<interface name="corenet_receive_afs_pt_server_packets" lineno="5723">
 <summary>
-All of the rules required to administrate
-an nagios environment
+Receive afs_pt_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_afs_pt_server_packets" lineno="5742">
+<summary>
+Do not audit attempts to receive afs_pt_server packets.
+</summary>
+<param name="domain">
 <summary>
-The role to be allowed to manage the nagios domain.
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="ncftool" filename="policy/modules/contrib/ncftool.if">
-<summary>Netcf network configuration tool (ncftool).</summary>
-<interface name="ncftool_domtrans" lineno="13">
+<interface name="corenet_sendrecv_afs_pt_server_packets" lineno="5761">
 <summary>
-Execute a domain transition to run ncftool.
+Send and receive afs_pt_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="ncftool_run" lineno="37">
+<interface name="corenet_dontaudit_sendrecv_afs_pt_server_packets" lineno="5777">
 <summary>
-Execute ncftool in the ncftool domain, and
-allow the specified role the ncftool domain.
+Do not audit attempts to send and receive afs_pt_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access
+Domain to not audit.
 </summary>
 </param>
-<param name="role">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_afs_pt_server_packets" lineno="5792">
+<summary>
+Relabel packets to afs_pt_server the packet type.
+</summary>
+<param name="domain">
 <summary>
-The role to be allowed the ncftool domain.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-</module>
-<module name="nessus" filename="policy/modules/contrib/nessus.if">
-<summary>Nessus network scanning daemon</summary>
-<interface name="nessus_tcp_connect" lineno="13">
+<interface name="corenet_tcp_sendrecv_afs_vl_port" lineno="5814">
 <summary>
-Connect to nessus over a TCP socket  (Deprecated)
+Send and receive TCP traffic on the afs_vl port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-</module>
-<module name="networkmanager" filename="policy/modules/contrib/networkmanager.if">
-<summary>Manager for dynamically switching between networks.</summary>
-<interface name="networkmanager_rw_udp_sockets" lineno="14">
+<interface name="corenet_udp_send_afs_vl_port" lineno="5833">
 <summary>
-Read and write NetworkManager UDP sockets.
+Send UDP traffic on the afs_vl port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="networkmanager_rw_packet_sockets" lineno="33">
+<interface name="corenet_dontaudit_udp_send_afs_vl_port" lineno="5852">
 <summary>
-Read and write NetworkManager packet sockets.
+Do not audit attempts to send UDP traffic on the afs_vl port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="networkmanager_attach_tun_iface" lineno="51">
+<interface name="corenet_udp_receive_afs_vl_port" lineno="5871">
 <summary>
-Allow caller to relabel tun_socket
+Receive UDP traffic on the afs_vl port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="networkmanager_rw_routing_sockets" lineno="72">
+<interface name="corenet_dontaudit_udp_receive_afs_vl_port" lineno="5890">
 <summary>
-Read and write NetworkManager netlink
-routing sockets.
+Do not audit attempts to receive UDP traffic on the afs_vl port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_afs_vl_port" lineno="5909">
+<summary>
+Send and receive UDP traffic on the afs_vl port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="networkmanager_domtrans" lineno="90">
+<interface name="corenet_dontaudit_udp_sendrecv_afs_vl_port" lineno="5926">
 <summary>
-Execute NetworkManager with a domain transition.
+Do not audit attempts to send and receive
+UDP traffic on the afs_vl port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="networkmanager_initrc_domtrans" lineno="109">
+<interface name="corenet_tcp_bind_afs_vl_port" lineno="5942">
 <summary>
-Execute NetworkManager scripts with an automatic domain transition to initrc.
+Bind TCP sockets to the afs_vl port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="networkmanager_dbus_chat" lineno="128">
+<interface name="corenet_udp_bind_afs_vl_port" lineno="5962">
 <summary>
-Send and receive messages from
-NetworkManager over dbus.
+Bind UDP sockets to the afs_vl port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="networkmanager_signal" lineno="148">
+<interface name="corenet_tcp_connect_afs_vl_port" lineno="5981">
 <summary>
-Send a generic signal to NetworkManager
+Make a TCP connection to the afs_vl port.
 </summary>
 <param name="domain">
 <summary>
@@ -11414,156 +13758,151 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="networkmanager_read_lib_files" lineno="166">
+<interface name="corenet_send_afs_vl_client_packets" lineno="6001">
 <summary>
-Read NetworkManager lib files.
+Send afs_vl_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="networkmanager_read_pid_files" lineno="186">
+<interface name="corenet_dontaudit_send_afs_vl_client_packets" lineno="6020">
 <summary>
-Read NetworkManager PID files.
+Do not audit attempts to send afs_vl_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_afs_vl_client_packets" lineno="6039">
+<summary>
+Receive afs_vl_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-</module>
-<module name="nis" filename="policy/modules/contrib/nis.if">
-<summary>Policy for NIS (YP) servers and clients</summary>
-<interface name="nis_use_ypbind_uncond" lineno="26">
+<interface name="corenet_dontaudit_receive_afs_vl_client_packets" lineno="6058">
 <summary>
-Use the ypbind service to access NIS services
-unconditionally.
+Do not audit attempts to receive afs_vl_client packets.
 </summary>
-<desc>
-<p>
-Use the ypbind service to access NIS services
-unconditionally.
-</p>
-<p>
-This interface was added because of apache and
-spamassassin, to fix a nested conditionals problem.
-When that support is added, this should be removed,
-and the regular	interface should be used.
-</p>
-</desc>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="nis_use_ypbind" lineno="90">
+<interface name="corenet_sendrecv_afs_vl_client_packets" lineno="6077">
 <summary>
-Use the ypbind service to access NIS services.
+Send and receive afs_vl_client packets.
 </summary>
-<desc>
-<p>
-Allow the specified domain to use the ypbind service
-to access Network Information Service (NIS) services.
-Information that can be retreived from NIS includes
-usernames, passwords, home directories, and groups.
-If the network is configured to have a single sign-on
-using NIS, it is likely that any program that does
-authentication will need this access.
-</p>
-</desc>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
 <infoflow type="both" weight="10"/>
-<rolecap/>
 </interface>
-<interface name="nis_authenticate" lineno="107">
+<interface name="corenet_dontaudit_sendrecv_afs_vl_client_packets" lineno="6093">
 <summary>
-Use the nis to authenticate passwords
+Do not audit attempts to send and receive afs_vl_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-<interface name="nis_domtrans_ypbind" lineno="125">
+<interface name="corenet_relabelto_afs_vl_client_packets" lineno="6108">
 <summary>
-Execute ypbind in the ypbind domain.
+Relabel packets to afs_vl_client the packet type.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="nis_run_ypbind" lineno="151">
+<interface name="corenet_send_afs_vl_server_packets" lineno="6128">
 <summary>
-Execute ypbind in the ypbind domain, and
-allow the specified role the ypbind domain.
+Send afs_vl_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_afs_vl_server_packets" lineno="6147">
 <summary>
-Role allowed access.
+Do not audit attempts to send afs_vl_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-<interface name="nis_signal_ypbind" lineno="170">
+<interface name="corenet_receive_afs_vl_server_packets" lineno="6166">
 <summary>
-Send generic signals to ypbind.
+Receive afs_vl_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="nis_list_var_yp" lineno="188">
+<interface name="corenet_dontaudit_receive_afs_vl_server_packets" lineno="6185">
 <summary>
-List the contents of the NIS data directory.
+Do not audit attempts to receive afs_vl_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="nis_udp_send_ypbind" lineno="207">
+<interface name="corenet_sendrecv_afs_vl_server_packets" lineno="6204">
 <summary>
-Send UDP network traffic to NIS clients.  (Deprecated)
+Send and receive afs_vl_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="nis_tcp_connect_ypbind" lineno="221">
+<interface name="corenet_dontaudit_sendrecv_afs_vl_server_packets" lineno="6220">
 <summary>
-Connect to ypbind over TCP.  (Deprecated)
+Do not audit attempts to send and receive afs_vl_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="nis_read_ypbind_pid" lineno="235">
+<interface name="corenet_relabelto_afs_vl_server_packets" lineno="6235">
 <summary>
-Read ypbind pid files.
+Relabel packets to afs_vl_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -11571,99 +13910,109 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="nis_delete_ypbind_pid" lineno="254">
+<interface name="corenet_tcp_sendrecv_afs3_callback_port" lineno="6257">
 <summary>
-Delete ypbind pid files.
+Send and receive TCP traffic on the afs3_callback port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="nis_read_ypserv_config" lineno="273">
+<interface name="corenet_udp_send_afs3_callback_port" lineno="6276">
 <summary>
-Read ypserv configuration files.
+Send UDP traffic on the afs3_callback port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="nis_domtrans_ypxfr" lineno="292">
+<interface name="corenet_dontaudit_udp_send_afs3_callback_port" lineno="6295">
 <summary>
-Execute ypxfr in the ypxfr domain.
+Do not audit attempts to send UDP traffic on the afs3_callback port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="nis_initrc_domtrans" lineno="312">
+<interface name="corenet_udp_receive_afs3_callback_port" lineno="6314">
 <summary>
-Execute nis server in the nis domain.
+Receive UDP traffic on the afs3_callback port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="nis_initrc_domtrans_ypbind" lineno="330">
+<interface name="corenet_dontaudit_udp_receive_afs3_callback_port" lineno="6333">
 <summary>
-Execute nis server in the nis domain.
+Do not audit attempts to receive UDP traffic on the afs3_callback port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="nis_admin" lineno="355">
+<interface name="corenet_udp_sendrecv_afs3_callback_port" lineno="6352">
 <summary>
-All of the rules required to administrate
-an nis environment
+Send and receive UDP traffic on the afs3_callback port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_afs3_callback_port" lineno="6369">
 <summary>
-Role allowed access.
+Do not audit attempts to send and receive
+UDP traffic on the afs3_callback port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="nscd" filename="policy/modules/contrib/nscd.if">
-<summary>Name service cache daemon</summary>
-<interface name="nscd_signal" lineno="13">
+<interface name="corenet_tcp_bind_afs3_callback_port" lineno="6385">
 <summary>
-Send generic signals to NSCD.
+Bind TCP sockets to the afs3_callback port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="nscd_kill" lineno="31">
+<interface name="corenet_udp_bind_afs3_callback_port" lineno="6405">
 <summary>
-Send NSCD the kill signal.
+Bind UDP sockets to the afs3_callback port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="nscd_signull" lineno="49">
+<interface name="corenet_tcp_connect_afs3_callback_port" lineno="6424">
 <summary>
-Send signulls to NSCD.
+Make a TCP connection to the afs3_callback port.
 </summary>
 <param name="domain">
 <summary>
@@ -11671,62 +14020,75 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="nscd_domtrans" lineno="67">
+<interface name="corenet_send_afs3_callback_client_packets" lineno="6444">
 <summary>
-Execute NSCD in the nscd domain.
+Send afs3_callback_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="nscd_exec" lineno="87">
+<interface name="corenet_dontaudit_send_afs3_callback_client_packets" lineno="6463">
 <summary>
-Allow the specified domain to execute nscd
-in the caller domain.
+Do not audit attempts to send afs3_callback_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_afs3_callback_client_packets" lineno="6482">
+<summary>
+Receive afs3_callback_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="nscd_socket_use" lineno="106">
+<interface name="corenet_dontaudit_receive_afs3_callback_client_packets" lineno="6501">
 <summary>
-Use NSCD services by connecting using
-a unix stream socket.
+Do not audit attempts to receive afs3_callback_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="nscd_shm_use" lineno="133">
+<interface name="corenet_sendrecv_afs3_callback_client_packets" lineno="6520">
 <summary>
-Use NSCD services by mapping the database from
-an inherited NSCD file descriptor.
+Send and receive afs3_callback_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="nscd_dontaudit_search_pid" lineno="166">
+<interface name="corenet_dontaudit_sendrecv_afs3_callback_client_packets" lineno="6536">
 <summary>
-Do not audit attempts to search the NSCD pid directory.
+Do not audit attempts to send and receive afs3_callback_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="nscd_read_pid" lineno="184">
+<interface name="corenet_relabelto_afs3_callback_client_packets" lineno="6551">
 <summary>
-Read NSCD pid file.
+Relabel packets to afs3_callback_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -11734,65 +14096,75 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="nscd_unconfined" lineno="203">
+<interface name="corenet_send_afs3_callback_server_packets" lineno="6571">
 <summary>
-Unconfined access to NSCD services.
+Send afs3_callback_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="nscd_run" lineno="228">
+<interface name="corenet_dontaudit_send_afs3_callback_server_packets" lineno="6590">
 <summary>
-Execute nscd in the nscd domain, and
-allow the specified role the nscd domain.
+Do not audit attempts to send afs3_callback_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
-<param name="role">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_afs3_callback_server_packets" lineno="6609">
 <summary>
-Role allowed access.
+Receive afs3_callback_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="nscd_initrc_domtrans" lineno="247">
+<interface name="corenet_dontaudit_receive_afs3_callback_server_packets" lineno="6628">
 <summary>
-Execute the nscd server init script.
+Do not audit attempts to receive afs3_callback_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="nscd_admin" lineno="272">
+<interface name="corenet_sendrecv_afs3_callback_server_packets" lineno="6647">
 <summary>
-All of the rules required to administrate
-an nscd environment
+Send and receive afs3_callback_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_afs3_callback_server_packets" lineno="6663">
 <summary>
-The role to be allowed to manage the nscd domain.
+Do not audit attempts to send and receive afs3_callback_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="nsd" filename="policy/modules/contrib/nsd.if">
-<summary>Authoritative only name server</summary>
-<interface name="nsd_udp_chat" lineno="13">
+<interface name="corenet_relabelto_afs3_callback_server_packets" lineno="6678">
 <summary>
-Send and receive datagrams from NSD.  (Deprecated)
+Relabel packets to afs3_callback_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -11800,348 +14172,371 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="nsd_tcp_connect" lineno="27">
+<interface name="corenet_tcp_sendrecv_agentx_port" lineno="6700">
 <summary>
-Connect to NSD over a TCP socket  (Deprecated)
+Send and receive TCP traffic on the agentx port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-</module>
-<module name="nslcd" filename="policy/modules/contrib/nslcd.if">
-<summary>nslcd - local LDAP name service daemon.</summary>
-<interface name="nslcd_domtrans" lineno="13">
+<interface name="corenet_udp_send_agentx_port" lineno="6719">
 <summary>
-Execute a domain transition to run nslcd.
+Send UDP traffic on the agentx port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="nslcd_initrc_domtrans" lineno="31">
+<interface name="corenet_dontaudit_udp_send_agentx_port" lineno="6738">
 <summary>
-Execute nslcd server in the nslcd domain.
+Do not audit attempts to send UDP traffic on the agentx port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="nslcd_read_pid_files" lineno="49">
+<interface name="corenet_udp_receive_agentx_port" lineno="6757">
 <summary>
-Read nslcd PID files.
+Receive UDP traffic on the agentx port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="nslcd_stream_connect" lineno="68">
+<interface name="corenet_dontaudit_udp_receive_agentx_port" lineno="6776">
 <summary>
-Connect to nslcd over an unix stream socket.
+Do not audit attempts to receive UDP traffic on the agentx port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="nslcd_admin" lineno="94">
+<interface name="corenet_udp_sendrecv_agentx_port" lineno="6795">
 <summary>
-All of the rules required to administrate
-an nslcd environment
+Send and receive UDP traffic on the agentx port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_agentx_port" lineno="6812">
 <summary>
-Role allowed access.
+Do not audit attempts to send and receive
+UDP traffic on the agentx port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="ntop" filename="policy/modules/contrib/ntop.if">
-<summary>Network Top</summary>
-</module>
-<module name="ntp" filename="policy/modules/contrib/ntp.if">
-<summary>Network time protocol daemon</summary>
-<interface name="ntp_stub" lineno="13">
+<interface name="corenet_tcp_bind_agentx_port" lineno="6828">
 <summary>
-NTP stub interface.  No access allowed.
+Bind TCP sockets to the agentx port.
 </summary>
-<param name="domain" unused="true">
+<param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="ntp_domtrans" lineno="29">
+<interface name="corenet_udp_bind_agentx_port" lineno="6848">
 <summary>
-Execute ntp server in the ntpd domain.
+Bind UDP sockets to the agentx port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="ntp_run" lineno="55">
+<interface name="corenet_tcp_connect_agentx_port" lineno="6867">
 <summary>
-Execute ntp in the ntp domain, and
-allow the specified role the ntp domain.
+Make a TCP connection to the agentx port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="corenet_send_agentx_client_packets" lineno="6887">
 <summary>
-Role allowed access.
+Send agentx_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="ntp_domtrans_ntpdate" lineno="74">
+<interface name="corenet_dontaudit_send_agentx_client_packets" lineno="6906">
 <summary>
-Execute ntp server in the ntpd domain.
+Do not audit attempts to send agentx_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="ntp_initrc_domtrans" lineno="93">
+<interface name="corenet_receive_agentx_client_packets" lineno="6925">
 <summary>
-Execute ntp server in the ntpd domain.
+Receive agentx_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="ntp_rw_shm" lineno="111">
+<interface name="corenet_dontaudit_receive_agentx_client_packets" lineno="6944">
 <summary>
-Read and write ntpd shared memory.
+Do not audit attempts to receive agentx_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="ntp_admin" lineno="140">
+<interface name="corenet_sendrecv_agentx_client_packets" lineno="6963">
 <summary>
-All of the rules required to administrate
-an ntp environment
+Send and receive agentx_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_agentx_client_packets" lineno="6979">
+<summary>
+Do not audit attempts to send and receive agentx_client packets.
+</summary>
+<param name="domain">
 <summary>
-The role to be allowed to manage the ntp domain.
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="nut" filename="policy/modules/contrib/nut.if">
-<summary>nut - Network UPS Tools </summary>
-</module>
-<module name="nx" filename="policy/modules/contrib/nx.if">
-<summary>NX remote desktop</summary>
-<interface name="nx_spec_domtrans_server" lineno="13">
+<interface name="corenet_relabelto_agentx_client_packets" lineno="6994">
 <summary>
-Transition to NX server.
+Relabel packets to agentx_client the packet type.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="nx_read_home_files" lineno="31">
+<interface name="corenet_send_agentx_server_packets" lineno="7014">
 <summary>
-Read nx home directory content
+Send agentx_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="nx_search_var_lib" lineno="50">
+<interface name="corenet_dontaudit_send_agentx_server_packets" lineno="7033">
 <summary>
-Read nx /var/lib content
+Do not audit attempts to send agentx_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="nx_var_lib_filetrans" lineno="79">
+<interface name="corenet_receive_agentx_server_packets" lineno="7052">
 <summary>
-Create an object in the root directory, with a private
-type using a type transition.
+Receive agentx_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="private type">
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_agentx_server_packets" lineno="7071">
 <summary>
-The type of the object to be created.
+Do not audit attempts to receive agentx_server packets.
 </summary>
-</param>
-<param name="object">
+<param name="domain">
 <summary>
-The object class of the object being created.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="oav" filename="policy/modules/contrib/oav.if">
-<summary>Open AntiVirus scannerdaemon and signature update</summary>
-<interface name="oav_domtrans_update" lineno="13">
+<interface name="corenet_sendrecv_agentx_server_packets" lineno="7090">
 <summary>
-Execute oav_update in the oav_update domain.
+Send and receive agentx_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="oav_run_update" lineno="39">
+<interface name="corenet_dontaudit_sendrecv_agentx_server_packets" lineno="7106">
 <summary>
-Execute oav_update in the oav_update domain, and
-allow the specified role the oav_update domain.
+Do not audit attempts to send and receive agentx_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
-<param name="role">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_agentx_server_packets" lineno="7121">
 <summary>
-Role allowed access.
+Relabel packets to agentx_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-</module>
-<module name="oddjob" filename="policy/modules/contrib/oddjob.if">
+<interface name="corenet_tcp_sendrecv_amanda_port" lineno="7143">
+<summary>
+Send and receive TCP traffic on the amanda port.
+</summary>
+<param name="domain">
 <summary>
-Oddjob provides a mechanism by which unprivileged applications can
-request that specified privileged operations be performed on their
-behalf.
+Domain allowed access.
 </summary>
-<interface name="oddjob_domtrans" lineno="17">
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_amanda_port" lineno="7162">
 <summary>
-Execute a domain transition to run oddjob.
+Send UDP traffic on the amanda port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="oddjob_system_entry" lineno="41">
+<interface name="corenet_dontaudit_udp_send_amanda_port" lineno="7181">
 <summary>
-Make the specified program domain accessable
-from the oddjob.
+Do not audit attempts to send UDP traffic on the amanda port.
 </summary>
 <param name="domain">
 <summary>
-The type of the process to transition to.
+Domain to not audit.
 </summary>
 </param>
-<param name="entrypoint">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_amanda_port" lineno="7200">
 <summary>
-The type of the file used as an entrypoint to this domain.
+Receive UDP traffic on the amanda port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="oddjob_dbus_chat" lineno="60">
+<interface name="corenet_dontaudit_udp_receive_amanda_port" lineno="7219">
 <summary>
-Send and receive messages from
-oddjob over dbus.
+Do not audit attempts to receive UDP traffic on the amanda port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="oddjob_domtrans_mkhomedir" lineno="80">
+<interface name="corenet_udp_sendrecv_amanda_port" lineno="7238">
 <summary>
-Execute a domain transition to run oddjob_mkhomedir.
+Send and receive UDP traffic on the amanda port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="oddjob_run_mkhomedir" lineno="104">
+<interface name="corenet_dontaudit_udp_sendrecv_amanda_port" lineno="7255">
 <summary>
-Execute the oddjob_mkhomedir program in the oddjob_mkhomedir domain.
+Do not audit attempts to send and receive
+UDP traffic on the amanda port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
-<param name="role">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_amanda_port" lineno="7271">
 <summary>
-Role allowed access.
+Bind TCP sockets to the amanda port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="oident" filename="policy/modules/contrib/oident.if">
-<summary>SELinux policy for Oident daemon.</summary>
-<desc>
-<p>
-Oident daemon is a server that implements the TCP/IP
-standard IDENT user identification protocol as
-specified in the RFC 1413 document.
-</p>
-</desc>
-<interface name="oident_read_user_content" lineno="21">
+<interface name="corenet_udp_bind_amanda_port" lineno="7291">
 <summary>
-Allow the specified domain to read
-Oidentd personal configuration files.
+Bind UDP sockets to the amanda port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="oident_manage_user_content" lineno="41">
+<interface name="corenet_tcp_connect_amanda_port" lineno="7310">
 <summary>
-Allow the specified domain to create, read, write, and delete
-Oidentd personal configuration files.
+Make a TCP connection to the amanda port.
 </summary>
 <param name="domain">
 <summary>
@@ -12149,77 +14544,75 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="oident_relabel_user_content" lineno="61">
+<interface name="corenet_send_amanda_client_packets" lineno="7330">
 <summary>
-Allow the specified domain to relabel
-Oidentd personal configuration files.
+Send amanda_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-</module>
-<module name="openca" filename="policy/modules/contrib/openca.if">
-<summary>OpenCA - Open Certificate Authority</summary>
-<interface name="openca_domtrans" lineno="14">
+<interface name="corenet_dontaudit_send_amanda_client_packets" lineno="7349">
 <summary>
-Execute the OpenCA program with
-a domain transition.
+Do not audit attempts to send amanda_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="openca_signal" lineno="34">
+<interface name="corenet_receive_amanda_client_packets" lineno="7368">
 <summary>
-Send OpenCA generic signals.
+Receive amanda_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="openca_sigstop" lineno="52">
+<interface name="corenet_dontaudit_receive_amanda_client_packets" lineno="7387">
 <summary>
-Send OpenCA stop signals.
+Do not audit attempts to receive amanda_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="openca_kill" lineno="70">
+<interface name="corenet_sendrecv_amanda_client_packets" lineno="7406">
 <summary>
-Kill OpenCA.
+Send and receive amanda_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-</module>
-<module name="openct" filename="policy/modules/contrib/openct.if">
-<summary>Service for handling smart card readers.</summary>
-<interface name="openct_signull" lineno="13">
+<interface name="corenet_dontaudit_sendrecv_amanda_client_packets" lineno="7422">
 <summary>
-Send openct a null signal.
+Do not audit attempts to send and receive amanda_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="openct_exec" lineno="31">
+<interface name="corenet_relabelto_amanda_client_packets" lineno="7437">
 <summary>
-Execute openct in the caller domain.
+Relabel packets to amanda_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -12227,69 +14620,75 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="openct_domtrans" lineno="50">
+<interface name="corenet_send_amanda_server_packets" lineno="7457">
 <summary>
-Execute a domain transition to run openct.
+Send amanda_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="openct_read_pid_files" lineno="69">
+<interface name="corenet_dontaudit_send_amanda_server_packets" lineno="7476">
 <summary>
-Read openct PID files.
+Do not audit attempts to send amanda_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="openct_stream_connect" lineno="88">
+<interface name="corenet_receive_amanda_server_packets" lineno="7495">
 <summary>
-Connect to openct over an unix stream socket.
+Receive amanda_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-</module>
-<module name="openvpn" filename="policy/modules/contrib/openvpn.if">
-<summary>full-featured SSL VPN solution</summary>
-<interface name="openvpn_domtrans" lineno="13">
+<interface name="corenet_dontaudit_receive_amanda_server_packets" lineno="7514">
 <summary>
-Execute OPENVPN clients in the openvpn domain.
+Do not audit attempts to receive amanda_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="openvpn_run" lineno="38">
+<interface name="corenet_sendrecv_amanda_server_packets" lineno="7533">
 <summary>
-Execute OPENVPN clients in the openvpn domain, and
-allow the specified role the openvpn domain.
+Send and receive amanda_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_amanda_server_packets" lineno="7549">
 <summary>
-Role allowed access.
+Do not audit attempts to send and receive amanda_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-<interface name="openvpn_kill" lineno="57">
+<interface name="corenet_relabelto_amanda_server_packets" lineno="7564">
 <summary>
-Send OPENVPN clients the kill signal.
+Relabel packets to amanda_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -12297,176 +14696,185 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="openvpn_signal" lineno="75">
+<interface name="corenet_tcp_sendrecv_amavisd_recv_port" lineno="7586">
 <summary>
-Send generic signals to OPENVPN clients.
+Send and receive TCP traffic on the amavisd_recv port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="openvpn_signull" lineno="93">
+<interface name="corenet_udp_send_amavisd_recv_port" lineno="7605">
 <summary>
-Send signulls to OPENVPN clients.
+Send UDP traffic on the amavisd_recv port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="openvpn_read_config" lineno="113">
+<interface name="corenet_dontaudit_udp_send_amavisd_recv_port" lineno="7624">
 <summary>
-Allow the specified domain to read
-OpenVPN configuration files.
+Do not audit attempts to send UDP traffic on the amavisd_recv port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-<interface name="openvpn_admin" lineno="141">
+<interface name="corenet_udp_receive_amavisd_recv_port" lineno="7643">
 <summary>
-All of the rules required to administrate
-an openvpn environment
+Receive UDP traffic on the amavisd_recv port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_amavisd_recv_port" lineno="7662">
 <summary>
-The role to be allowed to manage the openvpn domain.
+Do not audit attempts to receive UDP traffic on the amavisd_recv port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-<tunable name="openvpn_enable_homedirs" dftval="false">
-<desc>
-<p>
-Allow openvpn to read home directories
-</p>
-</desc>
-</tunable>
-</module>
-<module name="pads" filename="policy/modules/contrib/pads.if">
-<summary>Passive Asset Detection System</summary>
-<desc>
-<p>
-PADS is a libpcap based detection engine used to
-passively detect network assets.  It is designed to
-complement IDS technology by providing context to IDS
-alerts.
-</p>
-</desc>
-<interface name="pads_admin" lineno="28">
+<interface name="corenet_udp_sendrecv_amavisd_recv_port" lineno="7681">
 <summary>
-All of the rules required to administrate
-an pads environment
+Send and receive UDP traffic on the amavisd_recv port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_amavisd_recv_port" lineno="7698">
 <summary>
-Role allowed access.
+Do not audit attempts to send and receive
+UDP traffic on the amavisd_recv port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="passenger" filename="policy/modules/contrib/passenger.if">
-<summary>Ruby on rails deployment for Apache and Nginx servers.</summary>
-<interface name="passenger_domtrans" lineno="13">
+<interface name="corenet_tcp_bind_amavisd_recv_port" lineno="7714">
 <summary>
-Execute passenger in the passenger domain.
+Bind TCP sockets to the amavisd_recv port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="passenger_read_lib_files" lineno="31">
+<interface name="corenet_udp_bind_amavisd_recv_port" lineno="7734">
 <summary>
-Read passenger lib files
+Bind UDP sockets to the amavisd_recv port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="pcmcia" filename="policy/modules/contrib/pcmcia.if">
-<summary>PCMCIA card management services</summary>
-<interface name="pcmcia_stub" lineno="13">
+<interface name="corenet_tcp_connect_amavisd_recv_port" lineno="7753">
 <summary>
-PCMCIA stub interface.  No access allowed.
+Make a TCP connection to the amavisd_recv port.
 </summary>
-<param name="domain" unused="true">
+<param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="pcmcia_domtrans_cardmgr" lineno="29">
+<interface name="corenet_send_amavisd_recv_client_packets" lineno="7773">
 <summary>
-Execute cardmgr in the cardmgr domain.
+Send amavisd_recv_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="pcmcia_use_cardmgr_fds" lineno="47">
+<interface name="corenet_dontaudit_send_amavisd_recv_client_packets" lineno="7792">
 <summary>
-Inherit and use file descriptors from cardmgr.
+Do not audit attempts to send amavisd_recv_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_amavisd_recv_client_packets" lineno="7811">
+<summary>
+Receive amavisd_recv_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="pcmcia_domtrans_cardctl" lineno="65">
+<interface name="corenet_dontaudit_receive_amavisd_recv_client_packets" lineno="7830">
 <summary>
-Execute cardctl in the cardmgr domain.
+Do not audit attempts to receive amavisd_recv_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="pcmcia_run_cardctl" lineno="90">
+<interface name="corenet_sendrecv_amavisd_recv_client_packets" lineno="7849">
 <summary>
-Execute cardmgr in the cardctl domain, and
-allow the specified role the cardmgr domain.
+Send and receive amavisd_recv_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_amavisd_recv_client_packets" lineno="7865">
 <summary>
-Role allowed access.
+Do not audit attempts to send and receive amavisd_recv_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-<interface name="pcmcia_read_pid" lineno="109">
+<interface name="corenet_relabelto_amavisd_recv_client_packets" lineno="7880">
 <summary>
-Read cardmgr pid files.
+Relabel packets to amavisd_recv_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -12474,64 +14882,75 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="pcmcia_manage_pid" lineno="129">
+<interface name="corenet_send_amavisd_recv_server_packets" lineno="7900">
 <summary>
-Create, read, write, and delete
-cardmgr pid files.
+Send amavisd_recv_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="pcmcia_manage_pid_chr_files" lineno="149">
+<interface name="corenet_dontaudit_send_amavisd_recv_server_packets" lineno="7919">
 <summary>
-Create, read, write, and delete
-cardmgr runtime character nodes.
+Do not audit attempts to send amavisd_recv_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="pcscd" filename="policy/modules/contrib/pcscd.if">
-<summary>PCSC smart card service</summary>
-<interface name="pcscd_domtrans" lineno="13">
+<interface name="corenet_receive_amavisd_recv_server_packets" lineno="7938">
 <summary>
-Execute a domain transition to run pcscd.
+Receive amavisd_recv_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="pcscd_read_pub_files" lineno="31">
+<interface name="corenet_dontaudit_receive_amavisd_recv_server_packets" lineno="7957">
 <summary>
-Read pcscd pub files.
+Do not audit attempts to receive amavisd_recv_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="pcscd_manage_pub_files" lineno="50">
+<interface name="corenet_sendrecv_amavisd_recv_server_packets" lineno="7976">
 <summary>
-Manage pcscd pub files.
+Send and receive amavisd_recv_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="pcscd_manage_pub_pipes" lineno="69">
+<interface name="corenet_dontaudit_sendrecv_amavisd_recv_server_packets" lineno="7992">
 <summary>
-Manage pcscd pub fifo files.
+Do not audit attempts to send and receive amavisd_recv_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_amavisd_recv_server_packets" lineno="8007">
+<summary>
+Relabel packets to amavisd_recv_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -12539,109 +14958,109 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="pcscd_stream_connect" lineno="88">
+<interface name="corenet_tcp_sendrecv_amavisd_send_port" lineno="8029">
 <summary>
-Connect to pcscd over an unix stream socket.
+Send and receive TCP traffic on the amavisd_send port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-</module>
-<module name="pegasus" filename="policy/modules/contrib/pegasus.if">
-<summary>The Open Group Pegasus CIM/WBEM Server.</summary>
-</module>
-<module name="perdition" filename="policy/modules/contrib/perdition.if">
-<summary>Perdition POP and IMAP proxy</summary>
-<interface name="perdition_tcp_connect" lineno="13">
+<interface name="corenet_udp_send_amavisd_send_port" lineno="8048">
 <summary>
-Connect to perdition over a TCP socket  (Deprecated)
+Send UDP traffic on the amavisd_send port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-</module>
-<module name="pingd" filename="policy/modules/contrib/pingd.if">
-<summary>Pingd of the Whatsup cluster node up/down detection utility</summary>
-<interface name="pingd_domtrans" lineno="13">
+<interface name="corenet_dontaudit_udp_send_amavisd_send_port" lineno="8067">
 <summary>
-Execute a domain transition to run pingd.
+Do not audit attempts to send UDP traffic on the amavisd_send port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="pingd_read_config" lineno="31">
+<interface name="corenet_udp_receive_amavisd_send_port" lineno="8086">
 <summary>
-Read pingd etc configuration files.
+Receive UDP traffic on the amavisd_send port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="pingd_manage_config" lineno="50">
+<interface name="corenet_dontaudit_udp_receive_amavisd_send_port" lineno="8105">
 <summary>
-Manage pingd etc configuration files.
+Do not audit attempts to receive UDP traffic on the amavisd_send port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="pingd_admin" lineno="78">
+<interface name="corenet_udp_sendrecv_amavisd_send_port" lineno="8124">
 <summary>
-All of the rules required to administrate
-an pingd environment
+Send and receive UDP traffic on the amavisd_send port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_amavisd_send_port" lineno="8141">
 <summary>
-The role to be allowed to manage the pingd domain.
+Do not audit attempts to send and receive
+UDP traffic on the amavisd_send port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="plymouthd" filename="policy/modules/contrib/plymouthd.if">
-<summary>Plymouth graphical boot</summary>
-<interface name="plymouthd_domtrans" lineno="13">
+<interface name="corenet_tcp_bind_amavisd_send_port" lineno="8157">
 <summary>
-Execute a domain transition to run plymouthd.
+Bind TCP sockets to the amavisd_send port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="plymouthd_exec" lineno="31">
+<interface name="corenet_udp_bind_amavisd_send_port" lineno="8177">
 <summary>
-Execute the plymoth daemon in the current domain
+Bind UDP sockets to the amavisd_send port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="plymouthd_stream_connect" lineno="50">
+<interface name="corenet_tcp_connect_amavisd_send_port" lineno="8196">
 <summary>
-Allow domain to Stream socket connect
-to Plymouth daemon.
+Make a TCP connection to the amavisd_send port.
 </summary>
 <param name="domain">
 <summary>
@@ -12649,70 +15068,75 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="plymouthd_exec_plymouth" lineno="68">
+<interface name="corenet_send_amavisd_send_client_packets" lineno="8216">
 <summary>
-Execute the plymoth command in the current domain
+Send amavisd_send_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="plymouthd_domtrans_plymouth" lineno="86">
+<interface name="corenet_dontaudit_send_amavisd_send_client_packets" lineno="8235">
 <summary>
-Execute a domain transition to run plymouthd.
+Do not audit attempts to send amavisd_send_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="plymouthd_search_spool" lineno="104">
+<interface name="corenet_receive_amavisd_send_client_packets" lineno="8254">
 <summary>
-Search plymouthd spool directories.
+Receive amavisd_send_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="plymouthd_read_spool_files" lineno="123">
+<interface name="corenet_dontaudit_receive_amavisd_send_client_packets" lineno="8273">
 <summary>
-Read plymouthd spool files.
+Do not audit attempts to receive amavisd_send_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="plymouthd_manage_spool_files" lineno="143">
+<interface name="corenet_sendrecv_amavisd_send_client_packets" lineno="8292">
 <summary>
-Create, read, write, and delete
-plymouthd spool files.
+Send and receive amavisd_send_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="plymouthd_search_lib" lineno="162">
+<interface name="corenet_dontaudit_sendrecv_amavisd_send_client_packets" lineno="8308">
 <summary>
-Search plymouthd lib directories.
+Do not audit attempts to send and receive amavisd_send_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="plymouthd_read_lib_files" lineno="181">
+<interface name="corenet_relabelto_amavisd_send_client_packets" lineno="8323">
 <summary>
-Read plymouthd lib files.
+Relabel packets to amavisd_send_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -12720,565 +15144,599 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="plymouthd_manage_lib_files" lineno="201">
+<interface name="corenet_send_amavisd_send_server_packets" lineno="8343">
 <summary>
-Create, read, write, and delete
-plymouthd lib files.
+Send amavisd_send_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="plymouthd_read_pid_files" lineno="220">
+<interface name="corenet_dontaudit_send_amavisd_send_server_packets" lineno="8362">
 <summary>
-Read plymouthd PID files.
+Do not audit attempts to send amavisd_send_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="plymouthd_admin" lineno="246">
+<interface name="corenet_receive_amavisd_send_server_packets" lineno="8381">
 <summary>
-All of the rules required to administrate
-an plymouthd environment
+Receive amavisd_send_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_amavisd_send_server_packets" lineno="8400">
 <summary>
-Role allowed access.
+Do not audit attempts to receive amavisd_send_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="podsleuth" filename="policy/modules/contrib/podsleuth.if">
-<summary>Podsleuth is a tool to get information about an Apple (TM) iPod (TM)</summary>
-<interface name="podsleuth_domtrans" lineno="13">
+<interface name="corenet_sendrecv_amavisd_send_server_packets" lineno="8419">
 <summary>
-Execute a domain transition to run podsleuth.
+Send and receive amavisd_send_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="podsleuth_run" lineno="38">
+<interface name="corenet_dontaudit_sendrecv_amavisd_send_server_packets" lineno="8435">
 <summary>
-Execute podsleuth in the podsleuth domain, and
-allow the specified role the podsleuth domain.
+Do not audit attempts to send and receive amavisd_send_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
-<param name="role">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_amavisd_send_server_packets" lineno="8450">
 <summary>
-Role allowed access.
+Relabel packets to amavisd_send_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
 </interface>
-</module>
-<module name="policykit" filename="policy/modules/contrib/policykit.if">
-<summary>Policy framework for controlling privileges for system-wide services.</summary>
-<interface name="policykit_dbus_chat" lineno="14">
+<interface name="corenet_tcp_sendrecv_amqp_port" lineno="8472">
 <summary>
-Send and receive messages from
-policykit over dbus.
+Send and receive TCP traffic on the amqp port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="policykit_domtrans_auth" lineno="34">
+<interface name="corenet_udp_send_amqp_port" lineno="8491">
 <summary>
-Execute a domain transition to run polkit_auth.
+Send UDP traffic on the amqp port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="policykit_run_auth" lineno="58">
+<interface name="corenet_dontaudit_udp_send_amqp_port" lineno="8510">
 <summary>
-Execute a policy_auth in the policy_auth domain, and
-allow the specified role the policy_auth domain,
+Do not audit attempts to send UDP traffic on the amqp port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
-<param name="role">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_amqp_port" lineno="8529">
 <summary>
-Role allowed access.
+Receive UDP traffic on the amqp port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="policykit_domtrans_grant" lineno="77">
+<interface name="corenet_dontaudit_udp_receive_amqp_port" lineno="8548">
 <summary>
-Execute a domain transition to run polkit_grant.
+Do not audit attempts to receive UDP traffic on the amqp port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="policykit_run_grant" lineno="102">
+<interface name="corenet_udp_sendrecv_amqp_port" lineno="8567">
 <summary>
-Execute a policy_grant in the policy_grant domain, and
-allow the specified role the policy_grant domain,
+Send and receive UDP traffic on the amqp port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_amqp_port" lineno="8584">
 <summary>
-Role allowed access.
+Do not audit attempts to send and receive
+UDP traffic on the amqp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-<interface name="policykit_read_reload" lineno="125">
+<interface name="corenet_tcp_bind_amqp_port" lineno="8600">
 <summary>
-read policykit reload files
+Bind TCP sockets to the amqp port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="policykit_rw_reload" lineno="144">
+<interface name="corenet_udp_bind_amqp_port" lineno="8620">
 <summary>
-rw policykit reload files
+Bind UDP sockets to the amqp port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="policykit_domtrans_resolve" lineno="163">
+<interface name="corenet_tcp_connect_amqp_port" lineno="8639">
 <summary>
-Execute a domain transition to run polkit_resolve.
+Make a TCP connection to the amqp port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="policykit_search_lib" lineno="183">
+<interface name="corenet_send_amqp_client_packets" lineno="8659">
 <summary>
-Search policykit lib directories.
+Send amqp_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="policykit_read_lib" lineno="202">
+<interface name="corenet_dontaudit_send_amqp_client_packets" lineno="8678">
 <summary>
-read policykit lib files
+Do not audit attempts to send amqp_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="portage" filename="policy/modules/contrib/portage.if">
+<interface name="corenet_receive_amqp_client_packets" lineno="8697">
 <summary>
-Portage Package Management System. The primary package management and
-distribution system for Gentoo.
+Receive amqp_client packets.
 </summary>
-<interface name="portage_domtrans" lineno="16">
+<param name="domain">
 <summary>
-Execute emerge in the portage domain.
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_amqp_client_packets" lineno="8716">
+<summary>
+Do not audit attempts to receive amqp_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="portage_run" lineno="44">
+<interface name="corenet_sendrecv_amqp_client_packets" lineno="8735">
 <summary>
-Execute emerge in the portage domain, and
-allow the specified role the portage domain.
+Send and receive amqp_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_amqp_client_packets" lineno="8751">
+<summary>
+Do not audit attempts to send and receive amqp_client packets.
+</summary>
+<param name="domain">
 <summary>
-The role to allow the portage domain.
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-<interface name="portage_compile_domain" lineno="69">
+<interface name="corenet_relabelto_amqp_client_packets" lineno="8766">
 <summary>
-Template for portage sandbox.
+Relabel packets to amqp_client the packet type.
 </summary>
-<desc>
-<p>
-Template for portage sandbox.  Portage
-does all compiling in the sandbox.
-</p>
-</desc>
 <param name="domain">
 <summary>
-Domain Allowed Access
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="portage_domtrans_fetch" lineno="223">
+<interface name="corenet_send_amqp_server_packets" lineno="8786">
 <summary>
-Execute tree management functions (fetching, layman, ...)
-in the portage_fetch_t domain.
+Send amqp_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="portage_run_fetch" lineno="252">
+<interface name="corenet_dontaudit_send_amqp_server_packets" lineno="8805">
 <summary>
-Execute tree management functions (fetching, layman, ...)
-in the portage_fetch_t domain, and allow the specified role
-the portage_fetch_t domain.
+Do not audit attempts to send amqp_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
-<param name="role">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_amqp_server_packets" lineno="8824">
 <summary>
-The role to allow the portage_fetch domain.
+Receive amqp_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="portage_domtrans_gcc_config" lineno="272">
+<interface name="corenet_dontaudit_receive_amqp_server_packets" lineno="8843">
 <summary>
-Execute gcc-config in the gcc_config domain.
+Do not audit attempts to receive amqp_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="portage_run_gcc_config" lineno="300">
+<interface name="corenet_sendrecv_amqp_server_packets" lineno="8862">
 <summary>
-Execute gcc-config in the gcc_config domain, and
-allow the specified role the gcc_config domain.
+Send and receive amqp_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_amqp_server_packets" lineno="8878">
+<summary>
+Do not audit attempts to send and receive amqp_server packets.
+</summary>
+<param name="domain">
 <summary>
-The role to allow the gcc_config domain.
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-<interface name="portage_dontaudit_use_fds" lineno="320">
+<interface name="corenet_relabelto_amqp_server_packets" lineno="8893">
 <summary>
-Do not audit attempts to use
-portage file descriptors.
+Relabel packets to amqp_server the packet type.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="portage_dontaudit_search_tmp" lineno="339">
+<interface name="corenet_tcp_sendrecv_aol_port" lineno="8915">
 <summary>
-Do not audit attempts to search the
-portage temporary directories.
+Send and receive TCP traffic on the aol port.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="portage_dontaudit_rw_tmp_files" lineno="358">
+<interface name="corenet_udp_send_aol_port" lineno="8934">
 <summary>
-Do not audit attempts to read and write
-the portage temporary files.
+Send UDP traffic on the aol port.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<tunable name="portage_use_nfs" dftval="false">
-<desc>
-<p>
-Allow the portage domains to use NFS mounts (regular nfs_t)
-</p>
-</desc>
-</tunable>
-</module>
-<module name="portmap" filename="policy/modules/contrib/portmap.if">
-<summary>RPC port mapping service.</summary>
-<interface name="portmap_domtrans_helper" lineno="13">
+<interface name="corenet_dontaudit_udp_send_aol_port" lineno="8953">
 <summary>
-Execute portmap_helper in the helper domain.
+Do not audit attempts to send UDP traffic on the aol port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="portmap_run_helper" lineno="40">
+<interface name="corenet_udp_receive_aol_port" lineno="8972">
 <summary>
-Execute portmap helper in the helper domain, and
-allow the specified role the helper domain.
-Communicate with portmap.
+Receive UDP traffic on the aol port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_aol_port" lineno="8991">
 <summary>
-Role allowed access.
+Do not audit attempts to receive UDP traffic on the aol port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-<interface name="portmap_udp_send" lineno="59">
+<interface name="corenet_udp_sendrecv_aol_port" lineno="9010">
 <summary>
-Send UDP network traffic to portmap.  (Deprecated)
+Send and receive UDP traffic on the aol port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="portmap_udp_chat" lineno="73">
+<interface name="corenet_dontaudit_udp_sendrecv_aol_port" lineno="9027">
 <summary>
-Send and receive UDP network traffic from portmap.  (Deprecated)
+Do not audit attempts to send and receive
+UDP traffic on the aol port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="portmap_tcp_connect" lineno="87">
+<interface name="corenet_tcp_bind_aol_port" lineno="9043">
 <summary>
-Connect to portmap over a TCP socket  (Deprecated)
+Bind TCP sockets to the aol port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="portreserve" filename="policy/modules/contrib/portreserve.if">
-<summary>Reserve well-known ports in the RPC port range.</summary>
-<interface name="portreserve_domtrans" lineno="13">
+<interface name="corenet_udp_bind_aol_port" lineno="9063">
 <summary>
-Execute a domain transition to run portreserve.
+Bind UDP sockets to the aol port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="portreserve_read_config" lineno="33">
+<interface name="corenet_tcp_connect_aol_port" lineno="9082">
 <summary>
-Allow the specified domain to read
-portreserve etcuration files.
+Make a TCP connection to the aol port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="portreserve_manage_config" lineno="55">
+<interface name="corenet_send_aol_client_packets" lineno="9102">
 <summary>
-Allow the specified domain to manage
-portreserve etcuration files.
+Send aol_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="portreserve_initrc_domtrans" lineno="76">
+<interface name="corenet_dontaudit_send_aol_client_packets" lineno="9121">
 <summary>
-Execute portreserve in the portreserve domain.
+Do not audit attempts to send aol_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="portreserve_admin" lineno="101">
+<interface name="corenet_receive_aol_client_packets" lineno="9140">
 <summary>
-All of the rules required to administrate
-an portreserve environment.
+Receive aol_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_aol_client_packets" lineno="9159">
 <summary>
-Role allowed access.
+Do not audit attempts to receive aol_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="portslave" filename="policy/modules/contrib/portslave.if">
-<summary>Portslave terminal server software</summary>
-<interface name="portslave_domtrans" lineno="13">
+<interface name="corenet_sendrecv_aol_client_packets" lineno="9178">
 <summary>
-Execute portslave with a domain transition.
+Send and receive aol_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-</module>
-<module name="postfix" filename="policy/modules/contrib/postfix.if">
-<summary>Postfix email server</summary>
-<interface name="postfix_stub" lineno="13">
+<interface name="corenet_dontaudit_sendrecv_aol_client_packets" lineno="9194">
 <summary>
-Postfix stub interface.  No access allowed.
+Do not audit attempts to send and receive aol_client packets.
 </summary>
-<param name="domain" unused="true">
+<param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<template name="postfix_domain_template" lineno="30">
+<interface name="corenet_relabelto_aol_client_packets" lineno="9209">
 <summary>
-Creates types and rules for a basic
-postfix process domain.
+Relabel packets to aol_client the packet type.
 </summary>
-<param name="prefix">
+<param name="domain">
 <summary>
-Prefix for the domain.
+Domain allowed access.
 </summary>
 </param>
-</template>
-<template name="postfix_server_domain_template" lineno="112">
+</interface>
+<interface name="corenet_send_aol_server_packets" lineno="9229">
 <summary>
-Creates a postfix server process domain.
+Send aol_server packets.
 </summary>
-<param name="prefix">
+<param name="domain">
 <summary>
-Prefix of the domain.
+Domain allowed access.
 </summary>
 </param>
-</template>
-<template name="postfix_user_domain_template" lineno="154">
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_aol_server_packets" lineno="9248">
 <summary>
-Creates a process domain for programs
-that are ran by users.
+Do not audit attempts to send aol_server packets.
 </summary>
-<param name="prefix">
+<param name="domain">
 <summary>
-Prefix of the domain.
+Domain to not audit.
 </summary>
 </param>
-</template>
-<interface name="postfix_read_config" lineno="181">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_aol_server_packets" lineno="9267">
 <summary>
-Read postfix configuration files.
+Receive aol_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="postfix_config_filetrans" lineno="212">
+<interface name="corenet_dontaudit_receive_aol_server_packets" lineno="9286">
 <summary>
-Create files with the specified type in
-the postfix configuration directories.
+Do not audit attempts to receive aol_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="private type">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_aol_server_packets" lineno="9305">
 <summary>
-The type of the object to be created.
+Send and receive aol_server packets.
 </summary>
-</param>
-<param name="object">
+<param name="domain">
 <summary>
-The object class of the object being created.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="postfix_dontaudit_rw_local_tcp_sockets" lineno="233">
+<interface name="corenet_dontaudit_sendrecv_aol_server_packets" lineno="9321">
 <summary>
-Do not audit attempts to read and
-write postfix local delivery
-TCP sockets.
+Do not audit attempts to send and receive aol_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="postfix_rw_local_pipes" lineno="252">
+<interface name="corenet_relabelto_aol_server_packets" lineno="9336">
 <summary>
-Allow read/write postfix local pipes
-TCP sockets.
+Relabel packets to aol_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -13286,164 +15744,185 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="postfix_read_local_state" lineno="270">
+<interface name="corenet_tcp_sendrecv_apcupsd_port" lineno="9358">
 <summary>
-Allow domain to read postfix local process state
+Send and receive TCP traffic on the apcupsd port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="postfix_read_master_state" lineno="288">
+<interface name="corenet_udp_send_apcupsd_port" lineno="9377">
 <summary>
-Allow domain to read postfix master process state
+Send UDP traffic on the apcupsd port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="postfix_dontaudit_use_fds" lineno="308">
+<interface name="corenet_dontaudit_udp_send_apcupsd_port" lineno="9396">
 <summary>
-Do not audit attempts to use
-postfix master process file
-file descriptors.
+Do not audit attempts to send UDP traffic on the apcupsd port.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="postfix_domtrans_map" lineno="326">
+<interface name="corenet_udp_receive_apcupsd_port" lineno="9415">
 <summary>
-Execute postfix_map in the postfix_map domain.
+Receive UDP traffic on the apcupsd port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="postfix_run_map" lineno="351">
+<interface name="corenet_dontaudit_udp_receive_apcupsd_port" lineno="9434">
 <summary>
-Execute postfix_map in the postfix_map domain, and
-allow the specified role the postfix_map domain.
+Do not audit attempts to receive UDP traffic on the apcupsd port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
-<param name="role">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_apcupsd_port" lineno="9453">
 <summary>
-Role allowed access.
+Send and receive UDP traffic on the apcupsd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="postfix_domtrans_master" lineno="371">
+<interface name="corenet_dontaudit_udp_sendrecv_apcupsd_port" lineno="9470">
 <summary>
-Execute the master postfix program in the
-postfix_master domain.
+Do not audit attempts to send and receive
+UDP traffic on the apcupsd port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="postfix_exec_master" lineno="390">
+<interface name="corenet_tcp_bind_apcupsd_port" lineno="9486">
 <summary>
-Execute the master postfix program in the
-caller domain.
+Bind TCP sockets to the apcupsd port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="postfix_stream_connect_master" lineno="409">
+<interface name="corenet_udp_bind_apcupsd_port" lineno="9506">
 <summary>
-Connect to postfix master process using a unix domain stream socket.
+Bind UDP sockets to the apcupsd port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-<interface name="postfix_domtrans_postdrop" lineno="428">
+<interface name="corenet_tcp_connect_apcupsd_port" lineno="9525">
 <summary>
-Execute the master postdrop in the
-postfix_postdrop domain.
+Make a TCP connection to the apcupsd port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="postfix_domtrans_postqueue" lineno="447">
+<interface name="corenet_send_apcupsd_client_packets" lineno="9545">
 <summary>
-Execute the master postqueue in the
-postfix_postqueue domain.
+Send apcupsd_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_apcupsd_client_packets" lineno="9564">
+<summary>
+Do not audit attempts to send apcupsd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="posftix_exec_postqueue" lineno="465">
+<interface name="corenet_receive_apcupsd_client_packets" lineno="9583">
 <summary>
-Execute the master postqueue in the caller domain.
+Receive apcupsd_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="postfix_create_private_sockets" lineno="483">
+<interface name="corenet_dontaudit_receive_apcupsd_client_packets" lineno="9602">
 <summary>
-Create a named socket in a postfix private directory.
+Do not audit attempts to receive apcupsd_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="postfix_manage_private_sockets" lineno="502">
+<interface name="corenet_sendrecv_apcupsd_client_packets" lineno="9621">
 <summary>
-manage named socket in a postfix private directory.
+Send and receive apcupsd_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="postfix_domtrans_smtp" lineno="522">
+<interface name="corenet_dontaudit_sendrecv_apcupsd_client_packets" lineno="9637">
 <summary>
-Execute the master postfix program in the
-postfix_master domain.
+Do not audit attempts to send and receive apcupsd_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="postfix_search_spool" lineno="540">
+<interface name="corenet_relabelto_apcupsd_client_packets" lineno="9652">
 <summary>
-Search postfix mail spool directories.
+Relabel packets to apcupsd_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -13451,73 +15930,75 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="postfix_list_spool" lineno="559">
+<interface name="corenet_send_apcupsd_server_packets" lineno="9672">
 <summary>
-List postfix mail spool directories.
+Send apcupsd_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="postfix_read_spool_files" lineno="578">
+<interface name="corenet_dontaudit_send_apcupsd_server_packets" lineno="9691">
 <summary>
-Read postfix mail spool files.
+Do not audit attempts to send apcupsd_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="postfix_manage_spool_files" lineno="597">
+<interface name="corenet_receive_apcupsd_server_packets" lineno="9710">
 <summary>
-Create, read, write, and delete postfix mail spool files.
+Receive apcupsd_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="postfix_domtrans_user_mail_handler" lineno="617">
+<interface name="corenet_dontaudit_receive_apcupsd_server_packets" lineno="9729">
 <summary>
-Execute postfix user mail programs
-in their respective domains.
+Do not audit attempts to receive apcupsd_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="postfixpolicyd" filename="policy/modules/contrib/postfixpolicyd.if">
-<summary>Postfix policy server</summary>
-<interface name="postfixpolicyd_admin" lineno="20">
+<interface name="corenet_sendrecv_apcupsd_server_packets" lineno="9748">
 <summary>
-All of the rules required to administrate
-an postfixpolicyd environment
+Send and receive apcupsd_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_apcupsd_server_packets" lineno="9764">
 <summary>
-The role to be allowed to manage the postfixpolicyd domain.
+Do not audit attempts to send and receive apcupsd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="postgrey" filename="policy/modules/contrib/postgrey.if">
-<summary>Postfix grey-listing server</summary>
-<interface name="postgrey_stream_connect" lineno="13">
+<interface name="corenet_relabelto_apcupsd_server_packets" lineno="9779">
 <summary>
-Write to postgrey socket
+Relabel packets to apcupsd_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -13525,172 +16006,185 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="postgrey_search_spool" lineno="33">
+<interface name="corenet_tcp_sendrecv_apertus_ldp_port" lineno="9801">
 <summary>
-Search the spool directory
+Send and receive TCP traffic on the apertus_ldp port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="postgrey_admin" lineno="58">
+<interface name="corenet_udp_send_apertus_ldp_port" lineno="9820">
 <summary>
-All of the rules required to administrate
-an postgrey environment
+Send UDP traffic on the apertus_ldp port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_apertus_ldp_port" lineno="9839">
+<summary>
+Do not audit attempts to send UDP traffic on the apertus_ldp port.
+</summary>
+<param name="domain">
 <summary>
-The role to be allowed to manage the postgrey domain.
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="ppp" filename="policy/modules/contrib/ppp.if">
-<summary>Point to Point Protocol daemon creates links in ppp networks</summary>
-<interface name="ppp_use_fds" lineno="13">
+<interface name="corenet_udp_receive_apertus_ldp_port" lineno="9858">
 <summary>
-Use PPP file discriptors.
+Receive UDP traffic on the apertus_ldp port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="ppp_dontaudit_use_fds" lineno="32">
+<interface name="corenet_dontaudit_udp_receive_apertus_ldp_port" lineno="9877">
 <summary>
-Do not audit attempts to inherit
-and use PPP file discriptors.
+Do not audit attempts to receive UDP traffic on the apertus_ldp port.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="ppp_sigchld" lineno="50">
+<interface name="corenet_udp_sendrecv_apertus_ldp_port" lineno="9896">
 <summary>
-Send a SIGCHLD signal to PPP.
+Send and receive UDP traffic on the apertus_ldp port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="ppp_kill" lineno="70">
+<interface name="corenet_dontaudit_udp_sendrecv_apertus_ldp_port" lineno="9913">
 <summary>
-Send ppp a kill signal
+Do not audit attempts to send and receive
+UDP traffic on the apertus_ldp port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="ppp_signal" lineno="88">
+<interface name="corenet_tcp_bind_apertus_ldp_port" lineno="9929">
 <summary>
-Send a generic signal to PPP.
+Bind TCP sockets to the apertus_ldp port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="ppp_signull" lineno="106">
+<interface name="corenet_udp_bind_apertus_ldp_port" lineno="9949">
 <summary>
-Send a generic signull to PPP.
+Bind UDP sockets to the apertus_ldp port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="ppp_domtrans" lineno="124">
+<interface name="corenet_tcp_connect_apertus_ldp_port" lineno="9968">
 <summary>
-Execute domain in the ppp domain.
+Make a TCP connection to the apertus_ldp port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="ppp_run_cond" lineno="149">
+<interface name="corenet_send_apertus_ldp_client_packets" lineno="9988">
 <summary>
-Conditionally execute ppp daemon on behalf of a user or staff type.
+Send apertus_ldp_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
-</summary>
-</param>
-<param name="role">
-<summary>
-The role to allow the ppp domain.
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="ppp_run" lineno="177">
+<interface name="corenet_dontaudit_send_apertus_ldp_client_packets" lineno="10007">
 <summary>
-Unconditionally execute ppp daemon on behalf of a user or staff type.
+Do not audit attempts to send apertus_ldp_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
-<param name="role">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_apertus_ldp_client_packets" lineno="10026">
 <summary>
-The role to allow the ppp domain.
+Receive apertus_ldp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="ppp_exec" lineno="196">
+<interface name="corenet_dontaudit_receive_apertus_ldp_client_packets" lineno="10045">
 <summary>
-Execute domain in the ppp caller.
+Do not audit attempts to receive apertus_ldp_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="ppp_read_config" lineno="215">
+<interface name="corenet_sendrecv_apertus_ldp_client_packets" lineno="10064">
 <summary>
-Read ppp configuration files.
+Send and receive apertus_ldp_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="ppp_read_rw_config" lineno="234">
+<interface name="corenet_dontaudit_sendrecv_apertus_ldp_client_packets" lineno="10080">
 <summary>
-Read PPP-writable configuration files.
+Do not audit attempts to send and receive apertus_ldp_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="ppp_read_secrets" lineno="254">
+<interface name="corenet_relabelto_apertus_ldp_client_packets" lineno="10095">
 <summary>
-Read PPP secrets.
+Relabel packets to apertus_ldp_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -13698,88 +16192,75 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="ppp_read_pid_files" lineno="274">
+<interface name="corenet_send_apertus_ldp_server_packets" lineno="10115">
 <summary>
-Read PPP pid files.
+Send apertus_ldp_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="ppp_manage_pid_files" lineno="292">
+<interface name="corenet_dontaudit_send_apertus_ldp_server_packets" lineno="10134">
 <summary>
-Create, read, write, and delete PPP pid files.
+Do not audit attempts to send apertus_ldp_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="ppp_pid_filetrans" lineno="310">
+<interface name="corenet_receive_apertus_ldp_server_packets" lineno="10153">
 <summary>
-Create, read, write, and delete PPP pid files.
+Receive apertus_ldp_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="ppp_initrc_domtrans" lineno="328">
+<interface name="corenet_dontaudit_receive_apertus_ldp_server_packets" lineno="10172">
 <summary>
-Execute ppp server in the ntpd domain.
+Do not audit attempts to receive apertus_ldp_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="ppp_admin" lineno="348">
+<interface name="corenet_sendrecv_apertus_ldp_server_packets" lineno="10191">
 <summary>
-All of the rules required to administrate
-an ppp environment
+Send and receive apertus_ldp_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="both" weight="10"/>
 </interface>
-<tunable name="pppd_can_insmod" dftval="false">
-<desc>
-<p>
-Allow pppd to load kernel modules for certain modems
-</p>
-</desc>
-</tunable>
-<tunable name="pppd_for_user" dftval="false">
-<desc>
-<p>
-Allow pppd to be run for a regular user
-</p>
-</desc>
-</tunable>
-</module>
-<module name="prelink" filename="policy/modules/contrib/prelink.if">
-<summary>Prelink ELF shared library mappings.</summary>
-<interface name="prelink_domtrans" lineno="13">
+<interface name="corenet_dontaudit_sendrecv_apertus_ldp_server_packets" lineno="10207">
 <summary>
-Execute the prelink program in the prelink domain.
+Do not audit attempts to send and receive apertus_ldp_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="prelink_exec" lineno="37">
+<interface name="corenet_relabelto_apertus_ldp_server_packets" lineno="10222">
 <summary>
-Execute the prelink program in the current domain.
+Relabel packets to apertus_ldp_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -13787,251 +16268,261 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="prelink_run" lineno="62">
+<interface name="corenet_tcp_sendrecv_armtechdaemon_port" lineno="10244">
 <summary>
-Execute the prelink program in the prelink domain.
+Send and receive TCP traffic on the armtechdaemon port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_armtechdaemon_port" lineno="10263">
 <summary>
-The role to allow the prelink domain.
+Send UDP traffic on the armtechdaemon port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="prelink_object_file" lineno="82">
+<interface name="corenet_dontaudit_udp_send_armtechdaemon_port" lineno="10282">
 <summary>
-Make the specified file type prelinkable.
+Do not audit attempts to send UDP traffic on the armtechdaemon port.
 </summary>
-<param name="file_type">
+<param name="domain">
 <summary>
-File type to be prelinked.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="prelink_read_cache" lineno="100">
+<interface name="corenet_udp_receive_armtechdaemon_port" lineno="10301">
 <summary>
-Read the prelink cache.
+Receive UDP traffic on the armtechdaemon port.
 </summary>
-<param name="file_type">
+<param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="prelink_delete_cache" lineno="119">
+<interface name="corenet_dontaudit_udp_receive_armtechdaemon_port" lineno="10320">
 <summary>
-Delete the prelink cache.
+Do not audit attempts to receive UDP traffic on the armtechdaemon port.
 </summary>
-<param name="file_type">
+<param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="prelink_manage_log" lineno="139">
+<interface name="corenet_udp_sendrecv_armtechdaemon_port" lineno="10339">
 <summary>
-Create, read, write, and delete
-prelink log files.
+Send and receive UDP traffic on the armtechdaemon port.
 </summary>
-<param name="file_type">
+<param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="prelink_manage_lib" lineno="159">
+<interface name="corenet_dontaudit_udp_sendrecv_armtechdaemon_port" lineno="10356">
 <summary>
-Create, read, write, and delete
-prelink var_lib files.
+Do not audit attempts to send and receive
+UDP traffic on the armtechdaemon port.
 </summary>
-<param name="file_type">
+<param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="prelink_relabelfrom_lib" lineno="178">
+<interface name="corenet_tcp_bind_armtechdaemon_port" lineno="10372">
 <summary>
-Relabel from files in the /boot directory.
+Bind TCP sockets to the armtechdaemon port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="prelink_relabel_lib" lineno="197">
+<interface name="corenet_udp_bind_armtechdaemon_port" lineno="10392">
 <summary>
-Relabel from files in the /boot directory.
+Bind UDP sockets to the armtechdaemon port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="prelude" filename="policy/modules/contrib/prelude.if">
-<summary>Prelude hybrid intrusion detection system</summary>
-<interface name="prelude_domtrans" lineno="13">
+<interface name="corenet_tcp_connect_armtechdaemon_port" lineno="10411">
 <summary>
-Execute a domain transition to run prelude.
+Make a TCP connection to the armtechdaemon port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="prelude_domtrans_audisp" lineno="31">
+<interface name="corenet_send_armtechdaemon_client_packets" lineno="10431">
 <summary>
-Execute a domain transition to run prelude_audisp.
+Send armtechdaemon_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="prelude_signal_audisp" lineno="49">
+<interface name="corenet_dontaudit_send_armtechdaemon_client_packets" lineno="10450">
 <summary>
-Signal the prelude_audisp domain.
+Do not audit attempts to send armtechdaemon_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed acccess.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="prelude_read_spool" lineno="67">
+<interface name="corenet_receive_armtechdaemon_client_packets" lineno="10469">
 <summary>
-Read the prelude spool files
+Receive armtechdaemon_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="prelude_manage_spool" lineno="86">
+<interface name="corenet_dontaudit_receive_armtechdaemon_client_packets" lineno="10488">
 <summary>
-Manage to prelude-manager spool files.
+Do not audit attempts to receive armtechdaemon_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="prelude_admin" lineno="113">
+<interface name="corenet_sendrecv_armtechdaemon_client_packets" lineno="10507">
 <summary>
-All of the rules required to administrate
-an prelude environment
+Send and receive armtechdaemon_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_armtechdaemon_client_packets" lineno="10523">
 <summary>
-Role allowed access.
+Do not audit attempts to send and receive armtechdaemon_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="privoxy" filename="policy/modules/contrib/privoxy.if">
-<summary>Privacy enhancing web proxy.</summary>
-<interface name="privoxy_admin" lineno="20">
+<interface name="corenet_relabelto_armtechdaemon_client_packets" lineno="10538">
 <summary>
-All of the rules required to administrate
-an privoxy environment
+Relabel packets to armtechdaemon_client the packet type.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="corenet_send_armtechdaemon_server_packets" lineno="10558">
 <summary>
-Role allowed access.
+Send armtechdaemon_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="write" weight="10"/>
 </interface>
-<tunable name="privoxy_connect_any" dftval="false">
-<desc>
-<p>
-Allow privoxy to connect to all ports, not just
-HTTP, FTP, and Gopher ports.
-</p>
-</desc>
-</tunable>
-</module>
-<module name="procmail" filename="policy/modules/contrib/procmail.if">
-<summary>Procmail mail delivery agent</summary>
-<interface name="procmail_domtrans" lineno="13">
+<interface name="corenet_dontaudit_send_armtechdaemon_server_packets" lineno="10577">
 <summary>
-Execute procmail with a domain transition.
+Do not audit attempts to send armtechdaemon_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="procmail_exec" lineno="33">
+<interface name="corenet_receive_armtechdaemon_server_packets" lineno="10596">
 <summary>
-Execute procmail in the caller domain.
+Receive armtechdaemon_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="procmail_read_tmp_files" lineno="53">
+<interface name="corenet_dontaudit_receive_armtechdaemon_server_packets" lineno="10615">
 <summary>
-Read procmail tmp files.
+Do not audit attempts to receive armtechdaemon_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="procmail_rw_tmp_files" lineno="72">
+<interface name="corenet_sendrecv_armtechdaemon_server_packets" lineno="10634">
 <summary>
-Read/write procmail tmp files.
+Send and receive armtechdaemon_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-</module>
-<module name="psad" filename="policy/modules/contrib/psad.if">
-<summary>Intrusion Detection and Log Analysis with iptables</summary>
-<interface name="psad_domtrans" lineno="13">
+<interface name="corenet_dontaudit_sendrecv_armtechdaemon_server_packets" lineno="10650">
 <summary>
-Execute a domain transition to run psad.
+Do not audit attempts to send and receive armtechdaemon_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="psad_signal" lineno="31">
+<interface name="corenet_relabelto_armtechdaemon_server_packets" lineno="10665">
 <summary>
-Send a generic signal to psad
+Relabel packets to armtechdaemon_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -14039,237 +16530,261 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="psad_signull" lineno="49">
+<interface name="corenet_tcp_sendrecv_asterisk_port" lineno="10687">
 <summary>
-Send a null signal to psad.
+Send and receive TCP traffic on the asterisk port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="psad_read_config" lineno="67">
+<interface name="corenet_udp_send_asterisk_port" lineno="10706">
 <summary>
-Read psad etc configuration files.
+Send UDP traffic on the asterisk port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="psad_manage_config" lineno="86">
+<interface name="corenet_dontaudit_udp_send_asterisk_port" lineno="10725">
 <summary>
-Manage psad etc configuration files.
+Do not audit attempts to send UDP traffic on the asterisk port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="psad_read_pid_files" lineno="107">
+<interface name="corenet_udp_receive_asterisk_port" lineno="10744">
 <summary>
-Read psad PID files.
+Receive UDP traffic on the asterisk port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="psad_rw_pid_files" lineno="126">
+<interface name="corenet_dontaudit_udp_receive_asterisk_port" lineno="10763">
 <summary>
-Read psad PID files.
+Do not audit attempts to receive UDP traffic on the asterisk port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="psad_read_log" lineno="146">
+<interface name="corenet_udp_sendrecv_asterisk_port" lineno="10782">
 <summary>
-Allow the specified domain to read psad's log files.
+Send and receive UDP traffic on the asterisk port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="psad_append_log" lineno="167">
+<interface name="corenet_dontaudit_udp_sendrecv_asterisk_port" lineno="10799">
 <summary>
-Allow the specified domain to append to psad's log files.
+Do not audit attempts to send and receive
+UDP traffic on the asterisk port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-<interface name="psad_rw_fifo_file" lineno="187">
+<interface name="corenet_tcp_bind_asterisk_port" lineno="10815">
 <summary>
-Read and write psad fifo files.
+Bind TCP sockets to the asterisk port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="psad_rw_tmp_files" lineno="207">
+<interface name="corenet_udp_bind_asterisk_port" lineno="10835">
 <summary>
-Read and write psad tmp files.
+Bind UDP sockets to the asterisk port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="psad_admin" lineno="233">
+<interface name="corenet_tcp_connect_asterisk_port" lineno="10854">
 <summary>
-All of the rules required to administrate
-an psad environment
+Make a TCP connection to the asterisk port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="corenet_send_asterisk_client_packets" lineno="10874">
 <summary>
-The role to be allowed to manage the syslog domain.
+Send asterisk_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="write" weight="10"/>
 </interface>
-</module>
-<module name="ptchown" filename="policy/modules/contrib/ptchown.if">
-<summary>helper function for grantpt(3), changes ownship and permissions of pseudotty</summary>
-<interface name="ptchown_domtrans" lineno="13">
+<interface name="corenet_dontaudit_send_asterisk_client_packets" lineno="10893">
 <summary>
-Execute a domain transition to run ptchown.
+Do not audit attempts to send asterisk_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="ptchown_run" lineno="37">
+<interface name="corenet_receive_asterisk_client_packets" lineno="10912">
 <summary>
-Execute ptchown in the ptchown domain, and
-allow the specified role the ptchown domain.
+Receive asterisk_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_asterisk_client_packets" lineno="10931">
 <summary>
-Role allowed access.
+Do not audit attempts to receive asterisk_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="publicfile" filename="policy/modules/contrib/publicfile.if">
-<summary>publicfile supplies files to the public through HTTP and FTP</summary>
-</module>
-<module name="pulseaudio" filename="policy/modules/contrib/pulseaudio.if">
-<summary>Pulseaudio network sound server.</summary>
-<interface name="pulseaudio_role" lineno="18">
+<interface name="corenet_sendrecv_asterisk_client_packets" lineno="10950">
 <summary>
-Role access for pulseaudio
+Send and receive asterisk_client packets.
 </summary>
-<param name="role">
+<param name="domain">
 <summary>
-Role allowed access
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_asterisk_client_packets" lineno="10966">
+<summary>
+Do not audit attempts to send and receive asterisk_client packets.
+</summary>
 <param name="domain">
 <summary>
-User domain for the role
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="pulseaudio_domtrans" lineno="52">
+<interface name="corenet_relabelto_asterisk_client_packets" lineno="10981">
 <summary>
-Execute a domain transition to run pulseaudio.
+Relabel packets to asterisk_client the packet type.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="pulseaudio_run" lineno="76">
+<interface name="corenet_send_asterisk_server_packets" lineno="11001">
 <summary>
-Execute pulseaudio in the pulseaudio domain, and
-allow the specified role the pulseaudio domain.
+Send asterisk_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_asterisk_server_packets" lineno="11020">
 <summary>
-Role allowed access.
+Do not audit attempts to send asterisk_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="pulseaudio_exec" lineno="95">
+<interface name="corenet_receive_asterisk_server_packets" lineno="11039">
 <summary>
-Execute a pulseaudio in the current domain.
+Receive asterisk_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="pulseaudio_dontaudit_exec" lineno="113">
+<interface name="corenet_dontaudit_receive_asterisk_server_packets" lineno="11058">
 <summary>
-Do not audit to execute a pulseaudio.
+Do not audit attempts to receive asterisk_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="pulseaudio_signull" lineno="132">
+<interface name="corenet_sendrecv_asterisk_server_packets" lineno="11077">
 <summary>
-Send signull signal to pulseaudio
-processes.
+Send and receive asterisk_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="pulseaudio_stream_connect" lineno="151">
+<interface name="corenet_dontaudit_sendrecv_asterisk_server_packets" lineno="11093">
 <summary>
-Connect to pulseaudio over a unix domain
-stream socket.
+Do not audit attempts to send and receive asterisk_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="pulseaudio_dbus_chat" lineno="173">
+<interface name="corenet_relabelto_asterisk_server_packets" lineno="11108">
 <summary>
-Send and receive messages from
-pulseaudio over dbus.
+Relabel packets to asterisk_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -14277,252 +16792,261 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="pulseaudio_setattr_home_dir" lineno="193">
+<interface name="corenet_tcp_sendrecv_audit_port" lineno="11130">
 <summary>
-Set the attributes of the pulseaudio homedir.
+Send and receive TCP traffic on the audit port.
 </summary>
-<param name="user_domain">
+<param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="pulseaudio_read_home_files" lineno="211">
+<interface name="corenet_udp_send_audit_port" lineno="11149">
 <summary>
-Read pulseaudio homedir files.
+Send UDP traffic on the audit port.
 </summary>
-<param name="user_domain">
+<param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="pulseaudio_rw_home_files" lineno="231">
+<interface name="corenet_dontaudit_udp_send_audit_port" lineno="11168">
 <summary>
-Read and write Pulse Audio files.
+Do not audit attempts to send UDP traffic on the audit port.
 </summary>
-<param name="user_domain">
+<param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="pulseaudio_manage_home_files" lineno="252">
+<interface name="corenet_udp_receive_audit_port" lineno="11187">
 <summary>
-Create, read, write, and delete pulseaudio
-home directory files.
+Receive UDP traffic on the audit port.
 </summary>
-<param name="user_domain">
+<param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-</module>
-<module name="puppet" filename="policy/modules/contrib/puppet.if">
-<summary>Puppet client daemon</summary>
-<desc>
-<p>
-Puppet is a configuration management system written in Ruby.
-The client daemon is responsible for periodically requesting the
-desired system state from the server and ensuring the state of
-the client system matches.
-</p>
-</desc>
-<interface name="puppet_rw_tmp" lineno="24">
+<interface name="corenet_dontaudit_udp_receive_audit_port" lineno="11206">
 <summary>
-Read / Write to Puppet temp files.  Puppet uses
-some system binaries (groupadd, etc) that run in
-a non-puppet domain and redirects output into temp
-files.
+Do not audit attempts to receive UDP traffic on the audit port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_audit_port" lineno="11225">
+<summary>
+Send and receive UDP traffic on the audit port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<tunable name="puppet_manage_all_files" dftval="false">
-<desc>
-<p>
-Allow Puppet client to manage all file
-types.
-</p>
-</desc>
-</tunable>
-</module>
-<module name="pxe" filename="policy/modules/contrib/pxe.if">
-<summary>Server for the PXE network boot protocol</summary>
-</module>
-<module name="pyicqt" filename="policy/modules/contrib/pyicqt.if">
-<summary>PyICQt is an ICQ transport for XMPP server.</summary>
-</module>
-<module name="pyzor" filename="policy/modules/contrib/pyzor.if">
-<summary>Pyzor is a distributed, collaborative spam detection and filtering network.</summary>
-<interface name="pyzor_role" lineno="18">
+<interface name="corenet_dontaudit_udp_sendrecv_audit_port" lineno="11242">
 <summary>
-Role access for pyzor
+Do not audit attempts to send and receive
+UDP traffic on the audit port.
 </summary>
-<param name="role">
+<param name="domain">
 <summary>
-Role allowed access
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_audit_port" lineno="11258">
+<summary>
+Bind TCP sockets to the audit port.
+</summary>
 <param name="domain">
 <summary>
-User domain for the role
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="pyzor_signal" lineno="44">
+<interface name="corenet_udp_bind_audit_port" lineno="11278">
 <summary>
-Send generic signals to pyzor
+Bind UDP sockets to the audit port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="pyzor_domtrans" lineno="62">
+<interface name="corenet_tcp_connect_audit_port" lineno="11297">
 <summary>
-Execute pyzor with a domain transition.
+Make a TCP connection to the audit port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="pyzor_exec" lineno="82">
+<interface name="corenet_send_audit_client_packets" lineno="11317">
 <summary>
-Execute pyzor in the caller domain.
+Send audit_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-</module>
-<module name="qemu" filename="policy/modules/contrib/qemu.if">
-<summary>QEMU machine emulator and virtualizer</summary>
-<template name="qemu_domain_template" lineno="14">
+<interface name="corenet_dontaudit_send_audit_client_packets" lineno="11336">
 <summary>
-Creates types and rules for a basic
-qemu process domain.
+Do not audit attempts to send audit_client packets.
 </summary>
-<param name="prefix">
+<param name="domain">
 <summary>
-Prefix for the domain.
+Domain to not audit.
 </summary>
 </param>
-</template>
-<template name="qemu_role" lineno="127">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_audit_client_packets" lineno="11355">
 <summary>
-The per role template for the qemu module.
+Receive audit_client packets.
 </summary>
-<desc>
-<p>
-This template creates a derived domains which are used
-for qemu web browser.
-</p>
-<p>
-This template is invoked automatically for each user, and
-generally does not need to be invoked directly
-by policy writers.
-</p>
-</desc>
-<param name="user_role">
+<param name="domain">
 <summary>
-The role associated with the user domain.
+Domain allowed access.
 </summary>
 </param>
-<param name="user_domain">
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_audit_client_packets" lineno="11374">
 <summary>
-The type of the user domain.
+Do not audit attempts to receive audit_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-</template>
-<interface name="qemu_domtrans" lineno="150">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_audit_client_packets" lineno="11393">
 <summary>
-Execute a domain transition to run qemu.
+Send and receive audit_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="qemu_run" lineno="174">
+<interface name="corenet_dontaudit_sendrecv_audit_client_packets" lineno="11409">
 <summary>
-Execute qemu in the qemu domain.
+Do not audit attempts to send and receive audit_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
-<param name="role">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_audit_client_packets" lineno="11424">
+<summary>
+Relabel packets to audit_client the packet type.
+</summary>
+<param name="domain">
 <summary>
-The role to allow the qemu domain.
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="qemu_read_state" lineno="195">
+<interface name="corenet_send_audit_server_packets" lineno="11444">
 <summary>
-Allow the domain to read state files in /proc.
+Send audit_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain to allow access.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="qemu_setsched" lineno="213">
+<interface name="corenet_dontaudit_send_audit_server_packets" lineno="11463">
 <summary>
-Set the schedule on qemu.
+Do not audit attempts to send audit_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_audit_server_packets" lineno="11482">
+<summary>
+Receive audit_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="qemu_signal" lineno="231">
+<interface name="corenet_dontaudit_receive_audit_server_packets" lineno="11501">
 <summary>
-Send a signal to qemu.
+Do not audit attempts to receive audit_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="qemu_kill" lineno="249">
+<interface name="corenet_sendrecv_audit_server_packets" lineno="11520">
 <summary>
-Send a sigill to qemu
+Send and receive audit_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="qemu_domtrans_unconfined" lineno="267">
+<interface name="corenet_dontaudit_sendrecv_audit_server_packets" lineno="11536">
 <summary>
-Execute a domain transition to run qemu unconfined.
+Do not audit attempts to send and receive audit_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="qemu_manage_tmp_dirs" lineno="285">
+<interface name="corenet_relabelto_audit_server_packets" lineno="11551">
 <summary>
-Manage qemu temporary dirs.
+Relabel packets to audit_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -14530,132 +17054,109 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="qemu_manage_tmp_files" lineno="303">
+<interface name="corenet_tcp_sendrecv_auth_port" lineno="11573">
 <summary>
-Manage qemu temporary files.
+Send and receive TCP traffic on the auth port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<tunable name="qemu_full_network" dftval="false">
-<desc>
-<p>
-Allow qemu to connect fully to the network
-</p>
-</desc>
-</tunable>
-<tunable name="qemu_use_cifs" dftval="true">
-<desc>
-<p>
-Allow qemu to use cifs/Samba file systems
-</p>
-</desc>
-</tunable>
-<tunable name="qemu_use_comm" dftval="false">
-<desc>
-<p>
-Allow qemu to use serial/parallel communication ports
-</p>
-</desc>
-</tunable>
-<tunable name="qemu_use_nfs" dftval="true">
-<desc>
-<p>
-Allow qemu to use nfs file systems
-</p>
-</desc>
-</tunable>
-<tunable name="qemu_use_usb" dftval="true">
-<desc>
-<p>
-Allow qemu to use usb devices
-</p>
-</desc>
-</tunable>
-</module>
-<module name="qmail" filename="policy/modules/contrib/qmail.if">
-<summary>Qmail Mail Server</summary>
-<template name="qmail_child_domain_template" lineno="18">
+<interface name="corenet_udp_send_auth_port" lineno="11592">
 <summary>
-Template for qmail parent/sub-domain pairs
+Send UDP traffic on the auth port.
 </summary>
-<param name="child_prefix">
+<param name="domain">
 <summary>
-The prefix of the child domain
+Domain allowed access.
 </summary>
 </param>
-<param name="parent_domain">
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_auth_port" lineno="11611">
 <summary>
-The name of the parent domain.
+Do not audit attempts to send UDP traffic on the auth port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
-</template>
-<interface name="qmail_domtrans_inject" lineno="60">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_auth_port" lineno="11630">
 <summary>
-Transition to qmail_inject_t
+Receive UDP traffic on the auth port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="qmail_domtrans_queue" lineno="86">
+<interface name="corenet_dontaudit_udp_receive_auth_port" lineno="11649">
 <summary>
-Transition to qmail_queue_t
+Do not audit attempts to receive UDP traffic on the auth port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="qmail_read_config" lineno="113">
+<interface name="corenet_udp_sendrecv_auth_port" lineno="11668">
 <summary>
-Read qmail configuration files.
+Send and receive UDP traffic on the auth port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="qmail_smtpd_service_domain" lineno="145">
+<interface name="corenet_dontaudit_udp_sendrecv_auth_port" lineno="11685">
 <summary>
-Define the specified domain as a qmail-smtp service.
-Needed by antivirus/antispam filters.
+Do not audit attempts to send and receive
+UDP traffic on the auth port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access
+Domain to not audit.
 </summary>
 </param>
-<param name="entrypoint">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_auth_port" lineno="11701">
 <summary>
-The type associated with the process program.
+Bind TCP sockets to the auth port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="qpid" filename="policy/modules/contrib/qpid.if">
-<summary>Apache QPID AMQP messaging server.</summary>
-<interface name="qpidd_domtrans" lineno="13">
+<interface name="corenet_udp_bind_auth_port" lineno="11721">
 <summary>
-Execute a domain transition to run qpidd.
+Bind UDP sockets to the auth port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="qpidd_rw_semaphores" lineno="31">
+<interface name="corenet_tcp_connect_auth_port" lineno="11740">
 <summary>
-Allow read and write access to qpidd semaphores.
+Make a TCP connection to the auth port.
 </summary>
 <param name="domain">
 <summary>
@@ -14663,60 +17164,75 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="qpidd_rw_shm" lineno="49">
+<interface name="corenet_send_auth_client_packets" lineno="11760">
 <summary>
-Read and write to qpidd shared memory.
+Send auth_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="qpidd_initrc_domtrans" lineno="67">
+<interface name="corenet_dontaudit_send_auth_client_packets" lineno="11779">
 <summary>
-Execute qpidd server in the qpidd domain.
+Do not audit attempts to send auth_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="qpidd_read_pid_files" lineno="85">
+<interface name="corenet_receive_auth_client_packets" lineno="11798">
 <summary>
-Read qpidd PID files.
+Receive auth_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="qpidd_search_lib" lineno="104">
+<interface name="corenet_dontaudit_receive_auth_client_packets" lineno="11817">
 <summary>
-Search qpidd lib directories.
+Do not audit attempts to receive auth_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="qpidd_read_lib_files" lineno="123">
+<interface name="corenet_sendrecv_auth_client_packets" lineno="11836">
 <summary>
-Read qpidd lib files.
+Send and receive auth_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="qpidd_manage_lib_files" lineno="143">
+<interface name="corenet_dontaudit_sendrecv_auth_client_packets" lineno="11852">
 <summary>
-Create, read, write, and delete
-qpidd lib files.
+Do not audit attempts to send and receive auth_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_auth_client_packets" lineno="11867">
+<summary>
+Relabel packets to auth_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -14724,68 +17240,75 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="qpidd_admin" lineno="169">
+<interface name="corenet_send_auth_server_packets" lineno="11887">
 <summary>
-All of the rules required to administrate
-an qpidd environment
+Send auth_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_auth_server_packets" lineno="11906">
 <summary>
-Role allowed access.
+Do not audit attempts to send auth_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="quota" filename="policy/modules/contrib/quota.if">
-<summary>File system quota management</summary>
-<interface name="quota_domtrans" lineno="13">
+<interface name="corenet_receive_auth_server_packets" lineno="11925">
 <summary>
-Execute quota management tools in the quota domain.
+Receive auth_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="quota_run" lineno="39">
+<interface name="corenet_dontaudit_receive_auth_server_packets" lineno="11944">
 <summary>
-Execute quota management tools in the quota domain, and
-allow the specified role the quota domain.
+Do not audit attempts to receive auth_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_auth_server_packets" lineno="11963">
 <summary>
-Role allowed access.
+Send and receive auth_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="quota_dontaudit_getattr_db" lineno="59">
+<interface name="corenet_dontaudit_sendrecv_auth_server_packets" lineno="11979">
 <summary>
-Do not audit attempts to get the attributes
-of filesystem quota data files.
+Do not audit attempts to send and receive auth_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="quota_manage_flags" lineno="78">
+<interface name="corenet_relabelto_auth_server_packets" lineno="11994">
 <summary>
-Create, read, write, and delete quota
-flag files.
+Relabel packets to auth_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -14793,186 +17316,185 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-</module>
-<module name="radius" filename="policy/modules/contrib/radius.if">
-<summary>RADIUS authentication and accounting server.</summary>
-<interface name="radius_use" lineno="13">
+<interface name="corenet_tcp_sendrecv_bgp_port" lineno="12016">
 <summary>
-Use radius over a UDP connection.  (Deprecated)
+Send and receive TCP traffic on the bgp port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="radius_admin" lineno="34">
+<interface name="corenet_udp_send_bgp_port" lineno="12035">
 <summary>
-All of the rules required to administrate
-an radius environment
+Send UDP traffic on the bgp port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_bgp_port" lineno="12054">
 <summary>
-Role allowed access.
+Do not audit attempts to send UDP traffic on the bgp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="radvd" filename="policy/modules/contrib/radvd.if">
-<summary>IPv6 router advertisement daemon</summary>
-<interface name="radvd_admin" lineno="20">
+<interface name="corenet_udp_receive_bgp_port" lineno="12073">
 <summary>
-All of the rules required to administrate
-an radvd environment
+Receive UDP traffic on the bgp port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_bgp_port" lineno="12092">
 <summary>
-Role allowed access.
+Do not audit attempts to receive UDP traffic on the bgp port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="raid" filename="policy/modules/contrib/raid.if">
-<summary>RAID array management tools</summary>
-<interface name="raid_domtrans_mdadm" lineno="13">
+<interface name="corenet_udp_sendrecv_bgp_port" lineno="12111">
 <summary>
-Execute software raid tools in the mdadm domain.
+Send and receive UDP traffic on the bgp port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="raid_run_mdadm" lineno="39">
+<interface name="corenet_dontaudit_udp_sendrecv_bgp_port" lineno="12128">
 <summary>
-Execute a domain transition to mdadm_t for the
-specified role, allowing it to use the mdadm_t
-domain
+Do not audit attempts to send and receive
+UDP traffic on the bgp port.
 </summary>
-<param name="role">
+<param name="domain">
 <summary>
-Role allowed to access mdadm_t domain
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_bgp_port" lineno="12144">
+<summary>
+Bind TCP sockets to the bgp port.
+</summary>
 <param name="domain">
 <summary>
-Domain allowed to transition to mdadm_t
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="raid_manage_mdadm_pid" lineno="66">
+<interface name="corenet_udp_bind_bgp_port" lineno="12164">
 <summary>
-Create, read, write, and delete the mdadm pid files.
+Bind UDP sockets to the bgp port.
 </summary>
-<desc>
-<p>
-Create, read, write, and delete the mdadm pid files.
-</p>
-<p>
-Added for use in the init module.
-</p>
-</desc>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="razor" filename="policy/modules/contrib/razor.if">
-<summary>A distributed, collaborative, spam detection and filtering network.</summary>
-<desc>
-<p>
-A distributed, collaborative, spam detection and filtering network.
-</p>
-<p>
-This policy will work with either the ATrpms provided config
-file in /etc/razor, or with the default of dumping everything into
-$HOME/.razor.
-</p>
-</desc>
-<template name="razor_common_domain_template" lineno="25">
+<interface name="corenet_tcp_connect_bgp_port" lineno="12183">
 <summary>
-Template to create types and rules common to
-all razor domains.
+Make a TCP connection to the bgp port.
 </summary>
-<param name="prefix">
+<param name="domain">
 <summary>
-The prefix of the domain (e.g., user
-is the prefix for user_t).
+Domain allowed access.
 </summary>
 </param>
-</template>
-<interface name="razor_role" lineno="121">
+</interface>
+<interface name="corenet_send_bgp_client_packets" lineno="12203">
 <summary>
-Role access for razor
+Send bgp_client packets.
 </summary>
-<param name="role">
+<param name="domain">
 <summary>
-Role allowed access
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_bgp_client_packets" lineno="12222">
+<summary>
+Do not audit attempts to send bgp_client packets.
+</summary>
 <param name="domain">
 <summary>
-User domain for the role
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="razor_domtrans" lineno="153">
+<interface name="corenet_receive_bgp_client_packets" lineno="12241">
 <summary>
-Execute razor in the system razor domain.
+Receive bgp_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-</module>
-<module name="rdisc" filename="policy/modules/contrib/rdisc.if">
-<summary>Network router discovery daemon</summary>
-<interface name="rdisc_exec" lineno="13">
+<interface name="corenet_dontaudit_receive_bgp_client_packets" lineno="12260">
 <summary>
-Execute rdisc in the caller domain.
+Do not audit attempts to receive bgp_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="readahead" filename="policy/modules/contrib/readahead.if">
-<summary>Readahead, read files into page cache for improved performance</summary>
-</module>
-<module name="remotelogin" filename="policy/modules/contrib/remotelogin.if">
-<summary>Policy for rshd, rlogind, and telnetd.</summary>
-<interface name="remotelogin_domtrans" lineno="13">
+<interface name="corenet_sendrecv_bgp_client_packets" lineno="12279">
 <summary>
-Domain transition to the remote login domain.
+Send and receive bgp_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="remotelogin_signal" lineno="31">
+<interface name="corenet_dontaudit_sendrecv_bgp_client_packets" lineno="12295">
 <summary>
-allow Domain to signal remote login domain.
+Do not audit attempts to send and receive bgp_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_bgp_client_packets" lineno="12310">
+<summary>
+Relabel packets to bgp_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -14980,168 +17502,185 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-</module>
-<module name="resmgr" filename="policy/modules/contrib/resmgr.if">
-<summary>Resource management daemon</summary>
-<interface name="resmgr_stream_connect" lineno="14">
+<interface name="corenet_send_bgp_server_packets" lineno="12330">
 <summary>
-Connect to resmgrd over a unix domain
-stream socket.
+Send bgp_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-</module>
-<module name="rgmanager" filename="policy/modules/contrib/rgmanager.if">
-<summary>rgmanager - Resource Group Manager</summary>
-<interface name="rgmanager_domtrans" lineno="13">
+<interface name="corenet_dontaudit_send_bgp_server_packets" lineno="12349">
 <summary>
-Execute a domain transition to run rgmanager.
+Do not audit attempts to send bgp_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="rgmanager_stream_connect" lineno="32">
+<interface name="corenet_receive_bgp_server_packets" lineno="12368">
 <summary>
-Connect to rgmanager over an unix stream socket.
+Receive bgp_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="rgmanager_manage_tmp_files" lineno="51">
+<interface name="corenet_dontaudit_receive_bgp_server_packets" lineno="12387">
 <summary>
-Allow manage rgmanager tmp files.
+Do not audit attempts to receive bgp_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="rgmanager_manage_tmpfs_files" lineno="70">
+<interface name="corenet_sendrecv_bgp_server_packets" lineno="12406">
 <summary>
-Allow manage rgmanager tmpfs files.
+Send and receive bgp_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<tunable name="rgmanager_can_network_connect" dftval="false">
-<desc>
-<p>
-Allow rgmanager domain to connect to the network using TCP.
-</p>
-</desc>
-</tunable>
-</module>
-<module name="rhcs" filename="policy/modules/contrib/rhcs.if">
-<summary>RHCS - Red Hat Cluster Suite</summary>
-<template name="rhcs_domain_template" lineno="14">
+<interface name="corenet_dontaudit_sendrecv_bgp_server_packets" lineno="12422">
 <summary>
-Creates types and rules for a basic
-rhcs init daemon domain.
+Do not audit attempts to send and receive bgp_server packets.
 </summary>
-<param name="prefix">
+<param name="domain">
 <summary>
-Prefix for the domain.
+Domain to not audit.
 </summary>
 </param>
-</template>
-<interface name="rhcs_domtrans_dlm_controld" lineno="67">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_bgp_server_packets" lineno="12437">
 <summary>
-Execute a domain transition to run dlm_controld.
+Relabel packets to bgp_server the packet type.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="rhcs_stream_connect_dlm_controld" lineno="87">
+<interface name="corenet_tcp_sendrecv_bitcoin_port" lineno="12459">
 <summary>
-Connect to dlm_controld over a unix domain
-stream socket.
+Send and receive TCP traffic on the bitcoin port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="rhcs_rw_dlm_controld_semaphores" lineno="106">
+<interface name="corenet_udp_send_bitcoin_port" lineno="12478">
 <summary>
-Allow read and write access to dlm_controld semaphores.
+Send UDP traffic on the bitcoin port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="rhcs_domtrans_fenced" lineno="127">
+<interface name="corenet_dontaudit_udp_send_bitcoin_port" lineno="12497">
 <summary>
-Execute a domain transition to run fenced.
+Do not audit attempts to send UDP traffic on the bitcoin port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="rhcs_rw_fenced_semaphores" lineno="146">
+<interface name="corenet_udp_receive_bitcoin_port" lineno="12516">
 <summary>
-Allow read and write access to fenced semaphores.
+Receive UDP traffic on the bitcoin port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="rhcs_stream_connect_fenced" lineno="167">
+<interface name="corenet_dontaudit_udp_receive_bitcoin_port" lineno="12535">
 <summary>
-Connect to fenced over an unix domain stream socket.
+Do not audit attempts to receive UDP traffic on the bitcoin port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_bitcoin_port" lineno="12554">
+<summary>
+Send and receive UDP traffic on the bitcoin port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="rhcs_domtrans_gfs_controld" lineno="187">
+<interface name="corenet_dontaudit_udp_sendrecv_bitcoin_port" lineno="12571">
 <summary>
-Execute a domain transition to run gfs_controld.
+Do not audit attempts to send and receive
+UDP traffic on the bitcoin port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_bitcoin_port" lineno="12587">
+<summary>
+Bind TCP sockets to the bitcoin port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="rhcs_rw_gfs_controld_semaphores" lineno="206">
+<interface name="corenet_udp_bind_bitcoin_port" lineno="12607">
 <summary>
-Allow read and write access to gfs_controld semaphores.
+Bind UDP sockets to the bitcoin port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="rhcs_rw_gfs_controld_shm" lineno="227">
+<interface name="corenet_tcp_connect_bitcoin_port" lineno="12626">
 <summary>
-Read and write to gfs_controld_t shared memory.
+Make a TCP connection to the bitcoin port.
 </summary>
 <param name="domain">
 <summary>
@@ -15149,141 +17688,151 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="rhcs_stream_connect_gfs_controld" lineno="248">
+<interface name="corenet_send_bitcoin_client_packets" lineno="12646">
 <summary>
-Connect to gfs_controld_t over an unix domain stream socket.
+Send bitcoin_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="rhcs_domtrans_groupd" lineno="267">
+<interface name="corenet_dontaudit_send_bitcoin_client_packets" lineno="12665">
 <summary>
-Execute a domain transition to run groupd.
+Do not audit attempts to send bitcoin_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="rhcs_stream_connect_groupd" lineno="287">
+<interface name="corenet_receive_bitcoin_client_packets" lineno="12684">
 <summary>
-Connect to groupd over a unix domain
-stream socket.
+Receive bitcoin_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="rhcs_rw_groupd_semaphores" lineno="306">
+<interface name="corenet_dontaudit_receive_bitcoin_client_packets" lineno="12703">
 <summary>
-Allow read and write access to groupd semaphores.
+Do not audit attempts to receive bitcoin_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="rhcs_rw_groupd_shm" lineno="327">
+<interface name="corenet_sendrecv_bitcoin_client_packets" lineno="12722">
 <summary>
-Read and write to group shared memory.
+Send and receive bitcoin_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="rhcs_domtrans_qdiskd" lineno="348">
+<interface name="corenet_dontaudit_sendrecv_bitcoin_client_packets" lineno="12738">
 <summary>
-Execute a domain transition to run qdiskd.
+Do not audit attempts to send and receive bitcoin_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<tunable name="fenced_can_network_connect" dftval="false">
-<desc>
-<p>
-Allow fenced domain to connect to the network using TCP.
-</p>
-</desc>
-</tunable>
-</module>
-<module name="rhgb" filename="policy/modules/contrib/rhgb.if">
-<summary> Red Hat Graphical Boot </summary>
-<interface name="rhgb_stub" lineno="13">
+<interface name="corenet_relabelto_bitcoin_client_packets" lineno="12753">
 <summary>
-RHGB stub interface.  No access allowed.
+Relabel packets to bitcoin_client the packet type.
 </summary>
-<param name="domain" unused="true">
+<param name="domain">
 <summary>
-N/A
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="rhgb_use_fds" lineno="29">
+<interface name="corenet_send_bitcoin_server_packets" lineno="12773">
 <summary>
-Use a rhgb file descriptor.
+Send bitcoin_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="rhgb_getpgid" lineno="47">
+<interface name="corenet_dontaudit_send_bitcoin_server_packets" lineno="12792">
 <summary>
-Get the process group of rhgb.
+Do not audit attempts to send bitcoin_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_bitcoin_server_packets" lineno="12811">
+<summary>
+Receive bitcoin_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="rhgb_signal" lineno="65">
+<interface name="corenet_dontaudit_receive_bitcoin_server_packets" lineno="12830">
 <summary>
-Send a signal to rhgb.
+Do not audit attempts to receive bitcoin_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="rhgb_rw_stream_sockets" lineno="83">
+<interface name="corenet_sendrecv_bitcoin_server_packets" lineno="12849">
 <summary>
-Read and write to unix stream sockets.
+Send and receive bitcoin_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="rhgb_dontaudit_rw_stream_sockets" lineno="102">
+<interface name="corenet_dontaudit_sendrecv_bitcoin_server_packets" lineno="12865">
 <summary>
-Do not audit attempts to read and write
-rhgb unix domain stream sockets.
+Do not audit attempts to send and receive bitcoin_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="rhgb_stream_connect" lineno="120">
+<interface name="corenet_relabelto_bitcoin_server_packets" lineno="12880">
 <summary>
-Connected to rhgb unix stream socket.
+Relabel packets to bitcoin_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -15291,103 +17840,109 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="rhgb_rw_shm" lineno="138">
+<interface name="corenet_tcp_sendrecv_boinc_port" lineno="12902">
 <summary>
-Read and write to rhgb shared memory.
+Send and receive TCP traffic on the boinc port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="rhgb_use_ptys" lineno="156">
+<interface name="corenet_udp_send_boinc_port" lineno="12921">
 <summary>
-Read from and write to the rhgb devpts.
+Send UDP traffic on the boinc port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="rhgb_dontaudit_use_ptys" lineno="174">
+<interface name="corenet_dontaudit_udp_send_boinc_port" lineno="12940">
 <summary>
-dontaudit Read from and write to the rhgb devpts.
+Do not audit attempts to send UDP traffic on the boinc port.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="rhgb_rw_tmpfs_files" lineno="192">
+<interface name="corenet_udp_receive_boinc_port" lineno="12959">
 <summary>
-Read and write to rhgb temporary file system.
+Receive UDP traffic on the boinc port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-</module>
-<module name="rhsmcertd" filename="policy/modules/contrib/rhsmcertd.if">
-<summary>Subscription Management Certificate Daemon policy</summary>
-<interface name="rhsmcertd_domtrans" lineno="13">
+<interface name="corenet_dontaudit_udp_receive_boinc_port" lineno="12978">
 <summary>
-Transition to rhsmcertd.
+Do not audit attempts to receive UDP traffic on the boinc port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="rhsmcertd_initrc_domtrans" lineno="32">
+<interface name="corenet_udp_sendrecv_boinc_port" lineno="12997">
 <summary>
-Execute rhsmcertd server in the rhsmcertd domain.
+Send and receive UDP traffic on the boinc port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="rhsmcertd_read_log" lineno="51">
+<interface name="corenet_dontaudit_udp_sendrecv_boinc_port" lineno="13014">
 <summary>
-Read rhsmcertd's log files.
+Do not audit attempts to send and receive
+UDP traffic on the boinc port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-<interface name="rhsmcertd_append_log" lineno="70">
+<interface name="corenet_tcp_bind_boinc_port" lineno="13030">
 <summary>
-Append to rhsmcertd log files.
+Bind TCP sockets to the boinc port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="rhsmcertd_manage_log" lineno="89">
+<interface name="corenet_udp_bind_boinc_port" lineno="13050">
 <summary>
-Manage rhsmcertd log files
+Bind UDP sockets to the boinc port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="rhsmcertd_search_lib" lineno="110">
+<interface name="corenet_tcp_connect_boinc_port" lineno="13069">
 <summary>
-Search rhsmcertd lib directories.
+Make a TCP connection to the boinc port.
 </summary>
 <param name="domain">
 <summary>
@@ -15395,72 +17950,75 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="rhsmcertd_read_lib_files" lineno="129">
+<interface name="corenet_send_boinc_client_packets" lineno="13089">
 <summary>
-Read rhsmcertd lib files.
+Send boinc_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="rhsmcertd_manage_lib_files" lineno="148">
+<interface name="corenet_dontaudit_send_boinc_client_packets" lineno="13108">
 <summary>
-Manage rhsmcertd lib files.
+Do not audit attempts to send boinc_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="rhsmcertd_manage_lib_dirs" lineno="167">
+<interface name="corenet_receive_boinc_client_packets" lineno="13127">
 <summary>
-Manage rhsmcertd lib directories.
+Receive boinc_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="rhsmcertd_read_pid_files" lineno="186">
+<interface name="corenet_dontaudit_receive_boinc_client_packets" lineno="13146">
 <summary>
-Read rhsmcertd PID files.
+Do not audit attempts to receive boinc_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="rhsmcertd_stream_connect" lineno="206">
+<interface name="corenet_sendrecv_boinc_client_packets" lineno="13165">
 <summary>
-Connect to rhsmcertd over a unix domain
-stream socket.
+Send and receive boinc_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="rhsmcertd_dbus_chat" lineno="226">
+<interface name="corenet_dontaudit_sendrecv_boinc_client_packets" lineno="13181">
 <summary>
-Send and receive messages from
-rhsmcertd over dbus.
+Do not audit attempts to send and receive boinc_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="rhsmcertd_dontaudit_dbus_chat" lineno="247">
+<interface name="corenet_relabelto_boinc_client_packets" lineno="13196">
 <summary>
-Dontaudit Send and receive messages from
-rhsmcertd over dbus.
+Relabel packets to boinc_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -15468,71 +18026,75 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="rhsmcertd_admin" lineno="274">
+<interface name="corenet_send_boinc_server_packets" lineno="13216">
 <summary>
-All of the rules required to administrate
-an rhsmcertd environment
+Send boinc_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_boinc_server_packets" lineno="13235">
 <summary>
-Role allowed access.
+Do not audit attempts to send boinc_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="ricci" filename="policy/modules/contrib/ricci.if">
-<summary>Ricci cluster management agent</summary>
-<interface name="ricci_domtrans" lineno="13">
+<interface name="corenet_receive_boinc_server_packets" lineno="13254">
 <summary>
-Execute a domain transition to run ricci.
+Receive boinc_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="ricci_domtrans_modcluster" lineno="31">
+<interface name="corenet_dontaudit_receive_boinc_server_packets" lineno="13273">
 <summary>
-Execute a domain transition to run ricci_modcluster.
+Do not audit attempts to receive boinc_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="ricci_dontaudit_use_modcluster_fds" lineno="50">
+<interface name="corenet_sendrecv_boinc_server_packets" lineno="13292">
 <summary>
-Do not audit attempts to use
-ricci_modcluster file descriptors.
+Send and receive boinc_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="ricci_dontaudit_rw_modcluster_pipes" lineno="69">
+<interface name="corenet_dontaudit_sendrecv_boinc_server_packets" lineno="13308">
 <summary>
-Do not audit attempts to read write
-ricci_modcluster unamed pipes.
+Do not audit attempts to send and receive boinc_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="ricci_stream_connect_modclusterd" lineno="87">
+<interface name="corenet_relabelto_boinc_server_packets" lineno="13323">
 <summary>
-Connect to ricci_modclusterd over an unix stream socket.
+Relabel packets to boinc_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -15540,251 +18102,261 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="ricci_domtrans_modlog" lineno="107">
+<interface name="corenet_tcp_sendrecv_boinc_client_port" lineno="13345">
 <summary>
-Execute a domain transition to run ricci_modlog.
+Send and receive TCP traffic on the boinc_client port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="ricci_domtrans_modrpm" lineno="125">
+<interface name="corenet_udp_send_boinc_client_port" lineno="13364">
 <summary>
-Execute a domain transition to run ricci_modrpm.
+Send UDP traffic on the boinc_client port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="ricci_domtrans_modservice" lineno="143">
+<interface name="corenet_dontaudit_udp_send_boinc_client_port" lineno="13383">
 <summary>
-Execute a domain transition to run ricci_modservice.
+Do not audit attempts to send UDP traffic on the boinc_client port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="ricci_domtrans_modstorage" lineno="161">
+<interface name="corenet_udp_receive_boinc_client_port" lineno="13402">
 <summary>
-Execute a domain transition to run ricci_modstorage.
+Receive UDP traffic on the boinc_client port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-</module>
-<module name="rlogin" filename="policy/modules/contrib/rlogin.if">
-<summary>Remote login daemon</summary>
-<interface name="rlogin_domtrans" lineno="13">
+<interface name="corenet_dontaudit_udp_receive_boinc_client_port" lineno="13421">
 <summary>
-Execute rlogind in the rlogin domain.
+Do not audit attempts to receive UDP traffic on the boinc_client port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<template name="rlogin_read_home_content" lineno="38">
+<interface name="corenet_udp_sendrecv_boinc_client_port" lineno="13440">
 <summary>
-read rlogin homedir content (.config)
+Send and receive UDP traffic on the boinc_client port.
 </summary>
-<param name="userdomain_prefix">
+<param name="domain">
 <summary>
-The prefix of the user domain (e.g., user
-is the prefix for user_t).
+Domain allowed access.
 </summary>
 </param>
-<param name="user_domain">
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_boinc_client_port" lineno="13457">
 <summary>
-The type of the user domain.
+Do not audit attempts to send and receive
+UDP traffic on the boinc_client port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
-</template>
-</module>
-<module name="roundup" filename="policy/modules/contrib/roundup.if">
-<summary>Roundup Issue Tracking System policy</summary>
-<interface name="roundup_admin" lineno="20">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_boinc_client_port" lineno="13473">
 <summary>
-All of the rules required to administrate
-an roundup environment
+Bind TCP sockets to the boinc_client port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_boinc_client_port" lineno="13493">
 <summary>
-The role to be allowed to manage the roundup domain.
+Bind UDP sockets to the boinc_client port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="rpc" filename="policy/modules/contrib/rpc.if">
-<summary>Remote Procedure Call Daemon for managment of network based process communication</summary>
-<interface name="rpc_stub" lineno="13">
+<interface name="corenet_tcp_connect_boinc_client_port" lineno="13512">
 <summary>
-RPC stub interface.  No access allowed.
+Make a TCP connection to the boinc_client port.
 </summary>
-<param name="domain" unused="true">
+<param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
 </interface>
-<template name="rpc_domain_template" lineno="35">
+<interface name="corenet_send_boinc_client_client_packets" lineno="13532">
 <summary>
-The template to define a rpc domain.
+Send boinc_client_client packets.
 </summary>
-<desc>
-<p>
-This template creates a domain to be used for
-a new rpc daemon.
-</p>
-</desc>
-<param name="userdomain_prefix">
+<param name="domain">
 <summary>
-The type of daemon to be used.
+Domain allowed access.
 </summary>
 </param>
-</template>
-<interface name="rpc_udp_send" lineno="135">
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_boinc_client_client_packets" lineno="13551">
 <summary>
-Send UDP network traffic to rpc and recieve UDP traffic from rpc.  (Deprecated)
+Do not audit attempts to send boinc_client_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="rpc_dontaudit_getattr_exports" lineno="150">
+<interface name="corenet_receive_boinc_client_client_packets" lineno="13570">
 <summary>
-Do not audit attempts to get the attributes
-of the NFS export file.
+Receive boinc_client_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="rpc_read_exports" lineno="168">
+<interface name="corenet_dontaudit_receive_boinc_client_client_packets" lineno="13589">
 <summary>
-Allow read access to exports.
+Do not audit attempts to receive boinc_client_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="rpc_write_exports" lineno="186">
+<interface name="corenet_sendrecv_boinc_client_client_packets" lineno="13608">
 <summary>
-Allow write access to exports.
+Send and receive boinc_client_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="rpc_domtrans_nfsd" lineno="204">
+<interface name="corenet_dontaudit_sendrecv_boinc_client_client_packets" lineno="13624">
 <summary>
-Execute domain in nfsd domain.
+Do not audit attempts to send and receive boinc_client_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="rpc_initrc_domtrans_nfsd" lineno="222">
+<interface name="corenet_relabelto_boinc_client_client_packets" lineno="13639">
 <summary>
-Execute domain in nfsd domain.
+Relabel packets to boinc_client_client the packet type.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="rpc_domtrans_rpcd" lineno="240">
+<interface name="corenet_send_boinc_client_server_packets" lineno="13659">
 <summary>
-Execute domain in rpcd domain.
+Send boinc_client_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="rpc_initrc_domtrans_rpcd" lineno="259">
+<interface name="corenet_dontaudit_send_boinc_client_server_packets" lineno="13678">
 <summary>
-Execute domain in rpcd domain.
+Do not audit attempts to send boinc_client_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="rpc_read_nfs_content" lineno="278">
+<interface name="corenet_receive_boinc_client_server_packets" lineno="13697">
 <summary>
-Read NFS exported content.
+Receive boinc_client_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="rpc_manage_nfs_rw_content" lineno="299">
+<interface name="corenet_dontaudit_receive_boinc_client_server_packets" lineno="13716">
 <summary>
-Allow domain to create read and write NFS directories.
+Do not audit attempts to receive boinc_client_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-<interface name="rpc_manage_nfs_ro_content" lineno="320">
+<interface name="corenet_sendrecv_boinc_client_server_packets" lineno="13735">
 <summary>
-Allow domain to create read and write NFS directories.
+Send and receive boinc_client_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="rpc_tcp_rw_nfs_sockets" lineno="340">
+<interface name="corenet_dontaudit_sendrecv_boinc_client_server_packets" lineno="13751">
 <summary>
-Allow domain to read and write to an NFS TCP socket.
+Do not audit attempts to send and receive boinc_client_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="rpc_udp_rw_nfs_sockets" lineno="358">
+<interface name="corenet_relabelto_boinc_client_server_packets" lineno="13766">
 <summary>
-Allow domain to read and write to an NFS UDP socket.
+Relabel packets to boinc_client_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -15792,108 +18364,109 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="rpc_udp_send_nfs" lineno="376">
+<interface name="corenet_tcp_sendrecv_biff_port" lineno="13788">
 <summary>
-Send UDP traffic to NFSd.  (Deprecated)
+Send and receive TCP traffic on the biff port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="rpc_search_nfs_state_data" lineno="390">
+<interface name="corenet_udp_send_biff_port" lineno="13807">
 <summary>
-Search NFS state data in /var/lib/nfs.
+Send UDP traffic on the biff port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="rpc_read_nfs_state_data" lineno="409">
+<interface name="corenet_dontaudit_udp_send_biff_port" lineno="13826">
 <summary>
-Read NFS state data in /var/lib/nfs.
+Do not audit attempts to send UDP traffic on the biff port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="rpc_manage_nfs_state_data" lineno="428">
+<interface name="corenet_udp_receive_biff_port" lineno="13845">
 <summary>
-Manage NFS state data in /var/lib/nfs.
+Receive UDP traffic on the biff port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<tunable name="allow_gssd_read_tmp" dftval="true">
-<desc>
-<p>
-Allow gssd to read temp directory.  For access to kerberos tgt.
-</p>
-</desc>
-</tunable>
-<tunable name="allow_nfsd_anon_write" dftval="false">
-<desc>
-<p>
-Allow nfs servers to modify public files
-used for public file transfer services.  Files/Directories must be
-labeled public_content_rw_t.
-</p>
-</desc>
-</tunable>
-</module>
-<module name="rpcbind" filename="policy/modules/contrib/rpcbind.if">
-<summary>Universal Addresses to RPC Program Number Mapper</summary>
-<interface name="rpcbind_domtrans" lineno="13">
+<interface name="corenet_dontaudit_udp_receive_biff_port" lineno="13864">
 <summary>
-Execute a domain transition to run rpcbind.
+Do not audit attempts to receive UDP traffic on the biff port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="rpcbind_stream_connect" lineno="31">
+<interface name="corenet_udp_sendrecv_biff_port" lineno="13883">
 <summary>
-Connect to rpcbindd over an unix stream socket.
+Send and receive UDP traffic on the biff port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="rpcbind_read_pid_files" lineno="51">
+<interface name="corenet_dontaudit_udp_sendrecv_biff_port" lineno="13900">
 <summary>
-Read rpcbind PID files.
+Do not audit attempts to send and receive
+UDP traffic on the biff port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_biff_port" lineno="13916">
+<summary>
+Bind TCP sockets to the biff port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="rpcbind_search_lib" lineno="70">
+<interface name="corenet_udp_bind_biff_port" lineno="13936">
 <summary>
-Search rpcbind lib directories.
+Bind UDP sockets to the biff port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="rpcbind_read_lib_files" lineno="89">
+<interface name="corenet_tcp_connect_biff_port" lineno="13955">
 <summary>
-Read rpcbind lib files.
+Make a TCP connection to the biff port.
 </summary>
 <param name="domain">
 <summary>
@@ -15901,116 +18474,151 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="rpcbind_manage_lib_files" lineno="109">
+<interface name="corenet_send_biff_client_packets" lineno="13975">
 <summary>
-Create, read, write, and delete
-rpcbind lib files.
+Send biff_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="rpcbind_admin" lineno="135">
+<interface name="corenet_dontaudit_send_biff_client_packets" lineno="13994">
 <summary>
-All of the rules required to administrate
-an rpcbind environment
+Do not audit attempts to send biff_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_biff_client_packets" lineno="14013">
+<summary>
+Receive biff_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_biff_client_packets" lineno="14032">
 <summary>
-The role to be allowed to manage the rpcbind domain.
+Do not audit attempts to receive biff_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="rpm" filename="policy/modules/contrib/rpm.if">
-<summary>Policy for the RPM package manager.</summary>
-<interface name="rpm_domtrans" lineno="13">
+<interface name="corenet_sendrecv_biff_client_packets" lineno="14051">
 <summary>
-Execute rpm programs in the rpm domain.
+Send and receive biff_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="rpm_debuginfo_domtrans" lineno="32">
+<interface name="corenet_dontaudit_sendrecv_biff_client_packets" lineno="14067">
 <summary>
-Execute debuginfo_install programs in the rpm domain.
+Do not audit attempts to send and receive biff_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="rpm_domtrans_script" lineno="51">
+<interface name="corenet_relabelto_biff_client_packets" lineno="14082">
 <summary>
-Execute rpm_script programs in the rpm_script domain.
+Relabel packets to biff_client the packet type.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="rpm_run" lineno="79">
+<interface name="corenet_send_biff_server_packets" lineno="14102">
 <summary>
-Execute RPM programs in the RPM domain.
+Send biff_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_biff_server_packets" lineno="14121">
+<summary>
+Do not audit attempts to send biff_server packets.
+</summary>
+<param name="domain">
 <summary>
-The role to allow the RPM domain.
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-<interface name="rpm_exec" lineno="98">
+<interface name="corenet_receive_biff_server_packets" lineno="14140">
 <summary>
-Execute the rpm client in the caller domain.
+Receive biff_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="rpm_signull" lineno="117">
+<interface name="corenet_dontaudit_receive_biff_server_packets" lineno="14159">
 <summary>
-Send a null signal to rpm.
+Do not audit attempts to receive biff_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="rpm_use_fds" lineno="135">
+<interface name="corenet_sendrecv_biff_server_packets" lineno="14178">
 <summary>
-Inherit and use file descriptors from RPM.
+Send and receive biff_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="rpm_read_pipes" lineno="153">
+<interface name="corenet_dontaudit_sendrecv_biff_server_packets" lineno="14194">
 <summary>
-Read from an unnamed RPM pipe.
+Do not audit attempts to send and receive biff_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_biff_server_packets" lineno="14209">
+<summary>
+Relabel packets to biff_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -16018,105 +18626,109 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="rpm_rw_pipes" lineno="171">
+<interface name="corenet_tcp_sendrecv_certmaster_port" lineno="14231">
 <summary>
-Read and write an unnamed RPM pipe.
+Send and receive TCP traffic on the certmaster port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="rpm_dbus_chat" lineno="190">
+<interface name="corenet_udp_send_certmaster_port" lineno="14250">
 <summary>
-Send and receive messages from
-rpm over dbus.
+Send UDP traffic on the certmaster port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="rpm_dontaudit_dbus_chat" lineno="211">
+<interface name="corenet_dontaudit_udp_send_certmaster_port" lineno="14269">
 <summary>
-Do not audit attempts to send and
-receive messages from rpm over dbus.
+Do not audit attempts to send UDP traffic on the certmaster port.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="rpm_script_dbus_chat" lineno="232">
+<interface name="corenet_udp_receive_certmaster_port" lineno="14288">
 <summary>
-Send and receive messages from
-rpm_script over dbus.
+Receive UDP traffic on the certmaster port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="rpm_search_log" lineno="252">
+<interface name="corenet_dontaudit_udp_receive_certmaster_port" lineno="14307">
 <summary>
-Search RPM log directory.
+Do not audit attempts to receive UDP traffic on the certmaster port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="rpm_append_log" lineno="272">
+<interface name="corenet_udp_sendrecv_certmaster_port" lineno="14326">
 <summary>
-Allow the specified domain to append
-to rpm log files.
+Send and receive UDP traffic on the certmaster port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="rpm_manage_log" lineno="291">
+<interface name="corenet_dontaudit_udp_sendrecv_certmaster_port" lineno="14343">
 <summary>
-Create, read, write, and delete the RPM log.
+Do not audit attempts to send and receive
+UDP traffic on the certmaster port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="rpm_use_script_fds" lineno="310">
+<interface name="corenet_tcp_bind_certmaster_port" lineno="14359">
 <summary>
-Inherit and use file descriptors from RPM scripts.
+Bind TCP sockets to the certmaster port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="rpm_manage_script_tmp_files" lineno="329">
+<interface name="corenet_udp_bind_certmaster_port" lineno="14379">
 <summary>
-Create, read, write, and delete RPM
-script temporary files.
+Bind UDP sockets to the certmaster port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="rpm_append_tmp_files" lineno="349">
+<interface name="corenet_tcp_connect_certmaster_port" lineno="14398">
 <summary>
-Allow the specified domain to append
-to rpm tmp files.
+Make a TCP connection to the certmaster port.
 </summary>
 <param name="domain">
 <summary>
@@ -16124,60 +18736,75 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="rpm_manage_tmp_files" lineno="369">
+<interface name="corenet_send_certmaster_client_packets" lineno="14418">
 <summary>
-Create, read, write, and delete RPM
-temporary files.
+Send certmaster_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_certmaster_client_packets" lineno="14437">
+<summary>
+Do not audit attempts to send certmaster_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
 </interface>
-<interface name="rpm_read_script_tmp_files" lineno="388">
+<interface name="corenet_receive_certmaster_client_packets" lineno="14456">
 <summary>
-Read RPM script temporary files.
+Receive certmaster_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="rpm_read_cache" lineno="408">
+<interface name="corenet_dontaudit_receive_certmaster_client_packets" lineno="14475">
 <summary>
-Read the RPM cache.
+Do not audit attempts to receive certmaster_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="rpm_manage_cache" lineno="429">
+<interface name="corenet_sendrecv_certmaster_client_packets" lineno="14494">
 <summary>
-Create, read, write, and delete the RPM package database.
+Send and receive certmaster_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="rpm_read_db" lineno="450">
+<interface name="corenet_dontaudit_sendrecv_certmaster_client_packets" lineno="14510">
 <summary>
-Read the RPM package database.
+Do not audit attempts to send and receive certmaster_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="rpm_delete_db" lineno="471">
+<interface name="corenet_relabelto_certmaster_client_packets" lineno="14525">
 <summary>
-Delete the RPM package database.
+Relabel packets to certmaster_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -16185,257 +18812,261 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="rpm_manage_db" lineno="490">
+<interface name="corenet_send_certmaster_server_packets" lineno="14545">
 <summary>
-Create, read, write, and delete the RPM package database.
+Send certmaster_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="rpm_dontaudit_manage_db" lineno="511">
+<interface name="corenet_dontaudit_send_certmaster_server_packets" lineno="14564">
 <summary>
-Do not audit attempts to create, read,
-write, and delete the RPM package database.
+Do not audit attempts to send certmaster_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="rpm_read_pid_files" lineno="531">
+<interface name="corenet_receive_certmaster_server_packets" lineno="14583">
 <summary>
-Read rpm pid files.
+Receive certmaster_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="rpm_manage_pid_files" lineno="550">
+<interface name="corenet_dontaudit_receive_certmaster_server_packets" lineno="14602">
 <summary>
-Create, read, write, and delete rpm pid files.
+Do not audit attempts to receive certmaster_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="rpm_pid_filetrans" lineno="569">
+<interface name="corenet_sendrecv_certmaster_server_packets" lineno="14621">
 <summary>
-Create files in /var/run with the rpm pid file type.
+Send and receive certmaster_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-</module>
-<module name="rshd" filename="policy/modules/contrib/rshd.if">
-<summary>Remote shell service.</summary>
-<interface name="rshd_domtrans" lineno="13">
+<interface name="corenet_dontaudit_sendrecv_certmaster_server_packets" lineno="14637">
 <summary>
-Domain transition to rshd.
+Do not audit attempts to send and receive certmaster_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="rssh" filename="policy/modules/contrib/rssh.if">
-<summary>Restricted (scp/sftp) only shell</summary>
-<interface name="rssh_role" lineno="18">
+<interface name="corenet_relabelto_certmaster_server_packets" lineno="14652">
 <summary>
-Role access for rssh
+Relabel packets to certmaster_server the packet type.
 </summary>
-<param name="role">
+<param name="domain">
 <summary>
-Role allowed access
+Domain allowed access.
 </summary>
 </param>
+</interface>
+<interface name="corenet_tcp_sendrecv_chronyd_port" lineno="14674">
+<summary>
+Send and receive TCP traffic on the chronyd port.
+</summary>
 <param name="domain">
 <summary>
-User domain for the role
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="rssh_spec_domtrans" lineno="40">
+<interface name="corenet_udp_send_chronyd_port" lineno="14693">
 <summary>
-Transition to all user rssh domains.
+Send UDP traffic on the chronyd port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="rssh_exec" lineno="59">
+<interface name="corenet_dontaudit_udp_send_chronyd_port" lineno="14712">
 <summary>
-Execute the rssh program
-in the caller domain.
+Do not audit attempts to send UDP traffic on the chronyd port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="rssh_domtrans_chroot_helper" lineno="77">
+<interface name="corenet_udp_receive_chronyd_port" lineno="14731">
 <summary>
-Execute a domain transition to run rssh_chroot_helper.
+Receive UDP traffic on the chronyd port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="rssh_read_ro_content" lineno="95">
+<interface name="corenet_dontaudit_udp_receive_chronyd_port" lineno="14750">
 <summary>
-Read all users rssh read-only content.
+Do not audit attempts to receive UDP traffic on the chronyd port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_chronyd_port" lineno="14769">
+<summary>
+Send and receive UDP traffic on the chronyd port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-</module>
-<module name="rsync" filename="policy/modules/contrib/rsync.if">
-<summary>Fast incremental file transfer for synchronization</summary>
-<interface name="rsync_entry_type" lineno="14">
+<interface name="corenet_dontaudit_udp_sendrecv_chronyd_port" lineno="14786">
 <summary>
-Make rsync an entry point for
-the specified domain.
+Do not audit attempts to send and receive
+UDP traffic on the chronyd port.
 </summary>
 <param name="domain">
 <summary>
-The domain for which init scripts are an entrypoint.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="rsync_entry_spec_domtrans" lineno="47">
+<interface name="corenet_tcp_bind_chronyd_port" lineno="14802">
 <summary>
-Execute a rsync in a specified domain.
+Bind TCP sockets to the chronyd port.
 </summary>
-<desc>
-<p>
-Execute a rsync in a specified domain.
-</p>
-<p>
-No interprocess communication (signals, pipes,
-etc.) is provided by this interface since
-the domains are not owned by this module.
-</p>
-</desc>
-<param name="source_domain">
+<param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
-<param name="target_domain">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_chronyd_port" lineno="14822">
 <summary>
-Domain to transition to.
+Bind UDP sockets to the chronyd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="rsync_entry_domtrans" lineno="80">
+<interface name="corenet_tcp_connect_chronyd_port" lineno="14841">
 <summary>
-Execute a rsync in a specified domain.
+Make a TCP connection to the chronyd port.
 </summary>
-<desc>
-<p>
-Execute a rsync in a specified domain.
-</p>
-<p>
-No interprocess communication (signals, pipes,
-etc.) is provided by this interface since
-the domains are not owned by this module.
-</p>
-</desc>
-<param name="source_domain">
+<param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
-<param name="target_domain">
+</interface>
+<interface name="corenet_send_chronyd_client_packets" lineno="14861">
 <summary>
-Domain to transition to.
+Send chronyd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="rsync_exec" lineno="99">
+<interface name="corenet_dontaudit_send_chronyd_client_packets" lineno="14880">
 <summary>
-Execute rsync in the caller domain domain.
+Do not audit attempts to send chronyd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_chronyd_client_packets" lineno="14899">
+<summary>
+Receive chronyd_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="rsync_read_config" lineno="117">
+<interface name="corenet_dontaudit_receive_chronyd_client_packets" lineno="14918">
 <summary>
-Read rsync config files.
+Do not audit attempts to receive chronyd_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="rsync_write_config" lineno="136">
+<interface name="corenet_sendrecv_chronyd_client_packets" lineno="14937">
 <summary>
-Write to rsync config files.
+Send and receive chronyd_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<tunable name="rsync_export_all_ro" dftval="false">
-<desc>
-<p>
-Allow rsync to export any files/directories read only.
-</p>
-</desc>
-</tunable>
-<tunable name="allow_rsync_anon_write" dftval="false">
-<desc>
-<p>
-Allow rsync to modify public files
-used for public file transfer services.  Files/Directories must be
-labeled public_content_rw_t.
-</p>
-</desc>
-</tunable>
-</module>
-<module name="rtkit" filename="policy/modules/contrib/rtkit.if">
-<summary>Realtime scheduling for user processes.</summary>
-<interface name="rtkit_daemon_domtrans" lineno="13">
+<interface name="corenet_dontaudit_sendrecv_chronyd_client_packets" lineno="14953">
 <summary>
-Execute a domain transition to run rtkit_daemon.
+Do not audit attempts to send and receive chronyd_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="rtkit_daemon_dbus_chat" lineno="32">
+<interface name="corenet_relabelto_chronyd_client_packets" lineno="14968">
 <summary>
-Send and receive messages from
-rtkit_daemon over dbus.
+Relabel packets to chronyd_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -16443,73 +19074,75 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="rtkit_scheduled" lineno="52">
+<interface name="corenet_send_chronyd_server_packets" lineno="14988">
 <summary>
-Allow rtkit to control scheduling for your process
+Send chronyd_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-</module>
-<module name="rwho" filename="policy/modules/contrib/rwho.if">
-<summary>Who is logged in on other machines?</summary>
-<interface name="rwho_domtrans" lineno="13">
+<interface name="corenet_dontaudit_send_chronyd_server_packets" lineno="15007">
 <summary>
-Execute a domain transition to run rwho.
+Do not audit attempts to send chronyd_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="rwho_search_log" lineno="31">
+<interface name="corenet_receive_chronyd_server_packets" lineno="15026">
 <summary>
-Search rwho log directories.
+Receive chronyd_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="rwho_read_log_files" lineno="50">
+<interface name="corenet_dontaudit_receive_chronyd_server_packets" lineno="15045">
 <summary>
-Read rwho log files.
+Do not audit attempts to receive chronyd_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="rwho_search_spool" lineno="70">
+<interface name="corenet_sendrecv_chronyd_server_packets" lineno="15064">
 <summary>
-Search rwho spool directories.
+Send and receive chronyd_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="rwho_read_spool_files" lineno="89">
+<interface name="corenet_dontaudit_sendrecv_chronyd_server_packets" lineno="15080">
 <summary>
-Read rwho spool files.
+Do not audit attempts to send and receive chronyd_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="rwho_manage_spool_files" lineno="109">
+<interface name="corenet_relabelto_chronyd_server_packets" lineno="15095">
 <summary>
-Create, read, write, and delete
-rwho spool files.
+Relabel packets to chronyd_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -16517,239 +19150,261 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="rwho_admin" lineno="135">
+<interface name="corenet_tcp_sendrecv_clamd_port" lineno="15117">
 <summary>
-All of the rules required to administrate
-an rwho environment
+Send and receive TCP traffic on the clamd port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_clamd_port" lineno="15136">
 <summary>
-The role allowed access.
+Send UDP traffic on the clamd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="write" weight="10"/>
 </interface>
-</module>
-<module name="samba" filename="policy/modules/contrib/samba.if">
+<interface name="corenet_dontaudit_udp_send_clamd_port" lineno="15155">
 <summary>
-SMB and CIFS client/server programs for UNIX and
-name  Service  Switch  daemon for resolving names
-from Windows NT servers.
+Do not audit attempts to send UDP traffic on the clamd port.
 </summary>
-<interface name="samba_domtrans_nmbd" lineno="17">
+<param name="domain">
 <summary>
-Execute nmbd net in the nmbd_t domain.
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_clamd_port" lineno="15174">
+<summary>
+Receive UDP traffic on the clamd port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="samba_signal_nmbd" lineno="36">
+<interface name="corenet_dontaudit_udp_receive_clamd_port" lineno="15193">
 <summary>
-Allow domain to signal samba
+Do not audit attempts to receive UDP traffic on the clamd port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="samba_initrc_domtrans" lineno="53">
+<interface name="corenet_udp_sendrecv_clamd_port" lineno="15212">
 <summary>
-Execute samba server in the samba domain.
+Send and receive UDP traffic on the clamd port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="samba_domtrans_net" lineno="71">
+<interface name="corenet_dontaudit_udp_sendrecv_clamd_port" lineno="15229">
 <summary>
-Execute samba net in the samba_net domain.
+Do not audit attempts to send and receive
+UDP traffic on the clamd port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="samba_run_net" lineno="97">
+<interface name="corenet_tcp_bind_clamd_port" lineno="15245">
 <summary>
-Execute samba net in the samba_net domain, and
-allow the specified role the samba_net domain.
+Bind TCP sockets to the clamd port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_clamd_port" lineno="15265">
 <summary>
-Role allowed access.
+Bind UDP sockets to the clamd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-<interface name="samba_domtrans_smbmount" lineno="116">
+<interface name="corenet_tcp_connect_clamd_port" lineno="15284">
 <summary>
-Execute smbmount in the smbmount domain.
+Make a TCP connection to the clamd port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="samba_run_smbmount" lineno="142">
+<interface name="corenet_send_clamd_client_packets" lineno="15304">
 <summary>
-Execute smbmount interactively and do
-a domain transition to the smbmount domain.
+Send clamd_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_clamd_client_packets" lineno="15323">
 <summary>
-Role allowed access.
+Do not audit attempts to send clamd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-<interface name="samba_read_config" lineno="163">
+<interface name="corenet_receive_clamd_client_packets" lineno="15342">
 <summary>
-Allow the specified domain to read
-samba configuration files.
+Receive clamd_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="samba_rw_config" lineno="184">
+<interface name="corenet_dontaudit_receive_clamd_client_packets" lineno="15361">
 <summary>
-Allow the specified domain to read
-and write samba configuration files.
+Do not audit attempts to receive clamd_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-<interface name="samba_manage_config" lineno="205">
+<interface name="corenet_sendrecv_clamd_client_packets" lineno="15380">
 <summary>
-Allow the specified domain to read
-and write samba configuration files.
+Send and receive clamd_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="samba_read_log" lineno="226">
+<interface name="corenet_dontaudit_sendrecv_clamd_client_packets" lineno="15396">
 <summary>
-Allow the specified domain to read samba's log files.
+Do not audit attempts to send and receive clamd_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-<interface name="samba_append_log" lineno="247">
+<interface name="corenet_relabelto_clamd_client_packets" lineno="15411">
 <summary>
-Allow the specified domain to append to samba's log files.
+Relabel packets to clamd_client the packet type.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="samba_exec_log" lineno="267">
+<interface name="corenet_send_clamd_server_packets" lineno="15431">
 <summary>
-Execute samba log in the caller domain.
+Send clamd_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="samba_read_secrets" lineno="286">
+<interface name="corenet_dontaudit_send_clamd_server_packets" lineno="15450">
 <summary>
-Allow the specified domain to read samba's secrets.
+Do not audit attempts to send clamd_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="samba_read_share_files" lineno="305">
+<interface name="corenet_receive_clamd_server_packets" lineno="15469">
 <summary>
-Allow the specified domain to read samba's shares
+Receive clamd_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="samba_search_var" lineno="325">
+<interface name="corenet_dontaudit_receive_clamd_server_packets" lineno="15488">
 <summary>
-Allow the specified domain to search
-samba /var directories.
+Do not audit attempts to receive clamd_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="samba_read_var_files" lineno="346">
+<interface name="corenet_sendrecv_clamd_server_packets" lineno="15507">
 <summary>
-Allow the specified domain to
-read samba /var files.
+Send and receive clamd_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="samba_dontaudit_write_var_files" lineno="367">
+<interface name="corenet_dontaudit_sendrecv_clamd_server_packets" lineno="15523">
 <summary>
-Do not audit attempts to write samba
-/var files.
+Do not audit attempts to send and receive clamd_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="samba_rw_var_files" lineno="386">
+<interface name="corenet_relabelto_clamd_server_packets" lineno="15538">
 <summary>
-Allow the specified domain to
-read and write samba /var files.
+Relabel packets to clamd_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -16757,315 +19412,261 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="samba_manage_var_files" lineno="407">
+<interface name="corenet_tcp_sendrecv_clockspeed_port" lineno="15560">
 <summary>
-Allow the specified domain to
-read and write samba /var files.
+Send and receive TCP traffic on the clockspeed port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="samba_domtrans_smbcontrol" lineno="427">
+<interface name="corenet_udp_send_clockspeed_port" lineno="15579">
 <summary>
-Execute a domain transition to run smbcontrol.
+Send UDP traffic on the clockspeed port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="samba_run_smbcontrol" lineno="452">
+<interface name="corenet_dontaudit_udp_send_clockspeed_port" lineno="15598">
 <summary>
-Execute smbcontrol in the smbcontrol domain, and
-allow the specified role the smbcontrol domain.
+Do not audit attempts to send UDP traffic on the clockspeed port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
-<param name="role">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_clockspeed_port" lineno="15617">
 <summary>
-Role allowed access.
+Receive UDP traffic on the clockspeed port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="samba_domtrans_smbd" lineno="471">
+<interface name="corenet_dontaudit_udp_receive_clockspeed_port" lineno="15636">
 <summary>
-Execute smbd in the smbd_t domain.
+Do not audit attempts to receive UDP traffic on the clockspeed port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="samba_signal_smbd" lineno="490">
+<interface name="corenet_udp_sendrecv_clockspeed_port" lineno="15655">
 <summary>
-Allow domain to signal samba
+Send and receive UDP traffic on the clockspeed port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="samba_dontaudit_use_fds" lineno="507">
+<interface name="corenet_dontaudit_udp_sendrecv_clockspeed_port" lineno="15672">
 <summary>
-Do not audit attempts to use file descriptors from samba.
+Do not audit attempts to send and receive
+UDP traffic on the clockspeed port.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="samba_write_smbmount_tcp_sockets" lineno="525">
+<interface name="corenet_tcp_bind_clockspeed_port" lineno="15688">
 <summary>
-Allow the specified domain to write to smbmount tcp sockets.
+Bind TCP sockets to the clockspeed port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="samba_rw_smbmount_tcp_sockets" lineno="543">
+<interface name="corenet_udp_bind_clockspeed_port" lineno="15708">
 <summary>
-Allow the specified domain to read and write to smbmount tcp sockets.
+Bind UDP sockets to the clockspeed port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="samba_domtrans_winbind_helper" lineno="561">
+<interface name="corenet_tcp_connect_clockspeed_port" lineno="15727">
 <summary>
-Execute winbind_helper in the winbind_helper domain.
+Make a TCP connection to the clockspeed port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="samba_run_winbind_helper" lineno="586">
+<interface name="corenet_send_clockspeed_client_packets" lineno="15747">
 <summary>
-Execute winbind_helper in the winbind_helper domain, and
-allow the specified role the winbind_helper domain.
+Send clockspeed_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_clockspeed_client_packets" lineno="15766">
 <summary>
-Role allowed access.
+Do not audit attempts to send clockspeed_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-<interface name="samba_read_winbind_pid" lineno="605">
+<interface name="corenet_receive_clockspeed_client_packets" lineno="15785">
 <summary>
-Allow the specified domain to read the winbind pid files.
+Receive clockspeed_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="samba_stream_connect_winbind" lineno="624">
+<interface name="corenet_dontaudit_receive_clockspeed_client_packets" lineno="15804">
 <summary>
-Connect to winbind.
+Do not audit attempts to receive clockspeed_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="samba_admin" lineno="662">
+<interface name="corenet_sendrecv_clockspeed_client_packets" lineno="15823">
 <summary>
-All of the rules required to administrate
-an samba environment
+Send and receive clockspeed_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_clockspeed_client_packets" lineno="15839">
+<summary>
+Do not audit attempts to send and receive clockspeed_client packets.
+</summary>
+<param name="domain">
 <summary>
-The role to be allowed to manage the samba domain.
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-<tunable name="allow_smbd_anon_write" dftval="false">
-<desc>
-<p>
-Allow samba to modify public files used for public file
-transfer services.  Files/Directories must be labeled
-public_content_rw_t.
-</p>
-</desc>
-</tunable>
-<tunable name="samba_create_home_dirs" dftval="false">
-<desc>
-<p>
-Allow samba to create new home directories (e.g. via PAM)
-</p>
-</desc>
-</tunable>
-<tunable name="samba_domain_controller" dftval="false">
-<desc>
-<p>
-Allow samba to act as the domain controller, add users,
-groups and change passwords.
-
-</p>
-</desc>
-</tunable>
-<tunable name="samba_enable_home_dirs" dftval="false">
-<desc>
-<p>
-Allow samba to share users home directories.
-</p>
-</desc>
-</tunable>
-<tunable name="samba_export_all_ro" dftval="false">
-<desc>
-<p>
-Allow samba to share any file/directory read only.
-</p>
-</desc>
-</tunable>
-<tunable name="samba_export_all_rw" dftval="false">
-<desc>
-<p>
-Allow samba to share any file/directory read/write.
-</p>
-</desc>
-</tunable>
-<tunable name="samba_run_unconfined" dftval="false">
-<desc>
-<p>
-Allow samba to run unconfined scripts
-</p>
-</desc>
-</tunable>
-<tunable name="samba_share_nfs" dftval="false">
-<desc>
-<p>
-Allow samba to export NFS volumes.
-</p>
-</desc>
-</tunable>
-<tunable name="samba_share_fusefs" dftval="false">
-<desc>
-<p>
-Allow samba to export ntfs/fusefs volumes.
-</p>
-</desc>
-</tunable>
-</module>
-<module name="sambagui" filename="policy/modules/contrib/sambagui.if">
-<summary>system-config-samba dbus service policy</summary>
-</module>
-<module name="samhain" filename="policy/modules/contrib/samhain.if">
-<summary>Samhain - check file integrity</summary>
-<template name="samhain_service_template" lineno="17">
+<interface name="corenet_relabelto_clockspeed_client_packets" lineno="15854">
 <summary>
-The template containing the most basic rules
-common to the samhain domains.
+Relabel packets to clockspeed_client the packet type.
 </summary>
-<param name="samhaindomain_prefix">
+<param name="domain">
 <summary>
-The prefix of the samhain domains(e.g., samhain
-for the domain of command line access, samhaind
-for the domain started by init script).
+Domain allowed access.
 </summary>
 </param>
-<rolebase/>
-</template>
-<interface name="samhain_domtrans" lineno="104">
+</interface>
+<interface name="corenet_send_clockspeed_server_packets" lineno="15874">
 <summary>
-Execute samhain in the samhain domain
+Send clockspeed_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="samhain_run" lineno="141">
+<interface name="corenet_dontaudit_send_clockspeed_server_packets" lineno="15893">
 <summary>
-Execute samhain in the samhain domain with the clearance security
-level and allow the specifiled role the samhain domain.
+Do not audit attempts to send clockspeed_server packets.
 </summary>
-<desc>
-<p>
-Execute samhain in the samhain domain with the clearance security
-level and allow the specifiled role the samhain domain.
-</p>
-<p>
-The range_transition rule used in this interface requires that
-the calling domain should have the clearance security level
-otherwise the MLS constraint for process transition would fail.
-</p>
-</desc>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
-<param name="role">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_clockspeed_server_packets" lineno="15912">
 <summary>
-Role allowed to access.
+Receive clockspeed_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="samhain_manage_config_files" lineno="164">
+<interface name="corenet_dontaudit_receive_clockspeed_server_packets" lineno="15931">
 <summary>
-Manage samhain configuration files.
+Do not audit attempts to receive clockspeed_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="samhain_manage_db_files" lineno="183">
+<interface name="corenet_sendrecv_clockspeed_server_packets" lineno="15950">
 <summary>
-Manage samhain database files.
+Send and receive clockspeed_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="samhain_manage_init_script_files" lineno="202">
+<interface name="corenet_dontaudit_sendrecv_clockspeed_server_packets" lineno="15966">
 <summary>
-Manage samhain init script files
+Do not audit attempts to send and receive clockspeed_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="samhain_manage_log_files" lineno="221">
+<interface name="corenet_relabelto_clockspeed_server_packets" lineno="15981">
 <summary>
-Manage samhain log and log.lock files.
+Relabel packets to clockspeed_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -17073,115 +19674,109 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="samhain_manage_pid_files" lineno="240">
+<interface name="corenet_tcp_sendrecv_cluster_port" lineno="16003">
 <summary>
-Manage samhain pid files.
+Send and receive TCP traffic on the cluster port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="samhain_admin" lineno="268">
+<interface name="corenet_udp_send_cluster_port" lineno="16022">
 <summary>
-All of the rules required to administrate
-the samhain environment.
+Send UDP traffic on the cluster port.
 </summary>
-<desc>
-<p>
-This interface assumes that the calling domain has been able to
-remove an entry from /var/lib/ or /var/log/ and belongs to the
-mlsfilewrite attribute, since samhain files may be of clearance
-security level while their parent directories are of s0.
-</p>
-</desc>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-</module>
-<module name="sanlock" filename="policy/modules/contrib/sanlock.if">
-<summary>policy for sanlock</summary>
-<interface name="sanlock_domtrans" lineno="13">
+<interface name="corenet_dontaudit_udp_send_cluster_port" lineno="16041">
 <summary>
-Execute a domain transition to run sanlock.
+Do not audit attempts to send UDP traffic on the cluster port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_cluster_port" lineno="16060">
+<summary>
+Receive UDP traffic on the cluster port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="sanlock_initrc_domtrans" lineno="31">
+<interface name="corenet_dontaudit_udp_receive_cluster_port" lineno="16079">
 <summary>
-Execute sanlock server in the sanlock domain.
+Do not audit attempts to receive UDP traffic on the cluster port.
 </summary>
 <param name="domain">
 <summary>
-The type of the process performing this action.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="sanlock_manage_pid_files" lineno="49">
+<interface name="corenet_udp_sendrecv_cluster_port" lineno="16098">
 <summary>
-Create, read, write, and delete sanlock PID files.
+Send and receive UDP traffic on the cluster port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="sanlock_stream_connect" lineno="68">
+<interface name="corenet_dontaudit_udp_sendrecv_cluster_port" lineno="16115">
 <summary>
-Connect to sanlock over an unix stream socket.
+Do not audit attempts to send and receive
+UDP traffic on the cluster port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="sanlock_admin" lineno="94">
+<interface name="corenet_tcp_bind_cluster_port" lineno="16131">
 <summary>
-All of the rules required to administrate
-an sanlock environment
+Bind TCP sockets to the cluster port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_cluster_port" lineno="16151">
 <summary>
-Role allowed access.
+Bind UDP sockets to the cluster port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-<tunable name="sanlock_use_nfs" dftval="false">
-<desc>
-<p>
-Allow confined virtual guests to manage nfs files
-</p>
-</desc>
-</tunable>
-<tunable name="sanlock_use_samba" dftval="false">
-<desc>
-<p>
-Allow confined virtual guests to manage cifs files
-</p>
-</desc>
-</tunable>
-</module>
-<module name="sasl" filename="policy/modules/contrib/sasl.if">
-<summary>SASL authentication server</summary>
-<interface name="sasl_connect" lineno="13">
+<interface name="corenet_tcp_connect_cluster_port" lineno="16170">
 <summary>
-Connect to SASL.
+Make a TCP connection to the cluster port.
 </summary>
 <param name="domain">
 <summary>
@@ -17189,319 +19784,337 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sasl_admin" lineno="39">
+<interface name="corenet_send_cluster_client_packets" lineno="16190">
 <summary>
-All of the rules required to administrate
-an sasl environment
+Send cluster_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_cluster_client_packets" lineno="16209">
 <summary>
-Role allowed access.
+Do not audit attempts to send cluster_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-<tunable name="allow_saslauthd_read_shadow" dftval="false">
-<desc>
-<p>
-Allow sasl to read shadow
-</p>
-</desc>
-</tunable>
-</module>
-<module name="sblim" filename="policy/modules/contrib/sblim.if">
-<summary> policy for SBLIM Gatherer </summary>
-<interface name="sblim_domtrans_gatherd" lineno="13">
+<interface name="corenet_receive_cluster_client_packets" lineno="16228">
 <summary>
-Transition to gatherd.
+Receive cluster_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="sblim_read_pid_files" lineno="32">
+<interface name="corenet_dontaudit_receive_cluster_client_packets" lineno="16247">
 <summary>
-Read gatherd PID files.
+Do not audit attempts to receive cluster_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="sblim_admin" lineno="58">
+<interface name="corenet_sendrecv_cluster_client_packets" lineno="16266">
 <summary>
-All of the rules required to administrate
-an gatherd environment
+Send and receive cluster_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_cluster_client_packets" lineno="16282">
 <summary>
-Role allowed access.
+Do not audit attempts to send and receive cluster_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="screen" filename="policy/modules/contrib/screen.if">
-<summary>GNU terminal multiplexer</summary>
-<template name="screen_role_template" lineno="24">
+<interface name="corenet_relabelto_cluster_client_packets" lineno="16297">
 <summary>
-The role template for the screen module.
+Relabel packets to cluster_client the packet type.
 </summary>
-<param name="role_prefix">
+<param name="domain">
 <summary>
-The prefix of the user role (e.g., user
-is the prefix for user_r).
+Domain allowed access.
 </summary>
 </param>
-<param name="user_role">
+</interface>
+<interface name="corenet_send_cluster_server_packets" lineno="16317">
 <summary>
-The role associated with the user domain.
+Send cluster_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<param name="user_domain">
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_cluster_server_packets" lineno="16336">
 <summary>
-The type of the user domain.
+Do not audit attempts to send cluster_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
-</template>
-</module>
-<module name="sectoolm" filename="policy/modules/contrib/sectoolm.if">
-<summary>Sectool security audit tool</summary>
-</module>
-<module name="sendmail" filename="policy/modules/contrib/sendmail.if">
-<summary>Policy for sendmail.</summary>
-<interface name="sendmail_stub" lineno="13">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_cluster_server_packets" lineno="16355">
 <summary>
-Sendmail stub interface.  No access allowed.
+Receive cluster_server packets.
 </summary>
-<param name="domain" unused="true">
+<param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="sendmail_rw_pipes" lineno="30">
+<interface name="corenet_dontaudit_receive_cluster_server_packets" lineno="16374">
 <summary>
-Allow attempts to read and write to
-sendmail unnamed pipes.
+Do not audit attempts to receive cluster_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="sendmail_domtrans" lineno="48">
+<interface name="corenet_sendrecv_cluster_server_packets" lineno="16393">
 <summary>
-Domain transition to sendmail.
+Send and receive cluster_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="sendmail_run" lineno="76">
+<interface name="corenet_dontaudit_sendrecv_cluster_server_packets" lineno="16409">
 <summary>
-Execute the sendmail program in the sendmail domain.
+Do not audit attempts to send and receive cluster_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
-<param name="role">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_cluster_server_packets" lineno="16424">
+<summary>
+Relabel packets to cluster_server the packet type.
+</summary>
+<param name="domain">
 <summary>
-The role to allow the sendmail domain.
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="sendmail_signal" lineno="95">
+<interface name="corenet_tcp_sendrecv_cma_port" lineno="16446">
 <summary>
-Send generic signals to sendmail.
+Send and receive TCP traffic on the cma port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="sendmail_rw_tcp_sockets" lineno="113">
+<interface name="corenet_udp_send_cma_port" lineno="16465">
 <summary>
-Read and write sendmail TCP sockets.
+Send UDP traffic on the cma port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="sendmail_dontaudit_rw_tcp_sockets" lineno="132">
+<interface name="corenet_dontaudit_udp_send_cma_port" lineno="16484">
 <summary>
-Do not audit attempts to read and write
-sendmail TCP sockets.
+Do not audit attempts to send UDP traffic on the cma port.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="sendmail_rw_unix_stream_sockets" lineno="150">
+<interface name="corenet_udp_receive_cma_port" lineno="16503">
 <summary>
-Read and write sendmail unix_stream_sockets.
+Receive UDP traffic on the cma port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="sendmail_dontaudit_rw_unix_stream_sockets" lineno="169">
+<interface name="corenet_dontaudit_udp_receive_cma_port" lineno="16522">
 <summary>
-Do not audit attempts to read and write
-sendmail unix_stream_sockets.
+Do not audit attempts to receive UDP traffic on the cma port.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="sendmail_read_log" lineno="188">
+<interface name="corenet_udp_sendrecv_cma_port" lineno="16541">
 <summary>
-Read sendmail logs.
+Send and receive UDP traffic on the cma port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="sendmail_manage_log" lineno="208">
+<interface name="corenet_dontaudit_udp_sendrecv_cma_port" lineno="16558">
 <summary>
-Create, read, write, and delete sendmail logs.
+Do not audit attempts to send and receive
+UDP traffic on the cma port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-<interface name="sendmail_create_log" lineno="227">
+<interface name="corenet_tcp_bind_cma_port" lineno="16574">
 <summary>
-Create sendmail logs with the correct type.
+Bind TCP sockets to the cma port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="sendmail_manage_tmp_files" lineno="245">
+<interface name="corenet_udp_bind_cma_port" lineno="16594">
 <summary>
-Manage sendmail tmp files.
+Bind UDP sockets to the cma port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="sendmail_domtrans_unconfined" lineno="264">
+<interface name="corenet_tcp_connect_cma_port" lineno="16613">
 <summary>
-Execute sendmail in the unconfined sendmail domain.
+Make a TCP connection to the cma port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sendmail_run_unconfined" lineno="290">
+<interface name="corenet_send_cma_client_packets" lineno="16633">
 <summary>
-Execute sendmail in the unconfined sendmail domain, and
-allow the specified role the unconfined sendmail domain,
-and use the caller's terminal.
+Send cma_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_cma_client_packets" lineno="16652">
 <summary>
-Role allowed access.
+Do not audit attempts to send cma_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="setroubleshoot" filename="policy/modules/contrib/setroubleshoot.if">
-<summary>SELinux troubleshooting service</summary>
-<interface name="setroubleshoot_stream_connect" lineno="13">
+<interface name="corenet_receive_cma_client_packets" lineno="16671">
 <summary>
-Connect to setroubleshootd over an unix stream socket.
+Receive cma_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="setroubleshoot_dontaudit_stream_connect" lineno="34">
+<interface name="corenet_dontaudit_receive_cma_client_packets" lineno="16690">
 <summary>
-Dontaudit attempts to connect to setroubleshootd
-over an unix stream socket.
+Do not audit attempts to receive cma_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="setroubleshoot_dbus_chat" lineno="54">
+<interface name="corenet_sendrecv_cma_client_packets" lineno="16709">
 <summary>
-Send and receive messages from
-setroubleshoot over dbus.
+Send and receive cma_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="setroubleshoot_dontaudit_dbus_chat" lineno="75">
+<interface name="corenet_dontaudit_sendrecv_cma_client_packets" lineno="16725">
 <summary>
-Do not audit send and receive messages from
-setroubleshoot over dbus.
+Do not audit attempts to send and receive cma_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="setroubleshoot_dbus_chat_fixit" lineno="96">
+<interface name="corenet_relabelto_cma_client_packets" lineno="16740">
 <summary>
-Send and receive messages from
-setroubleshoot fixit over dbus.
+Relabel packets to cma_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -17509,74 +20122,75 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="setroubleshoot_admin" lineno="118">
+<interface name="corenet_send_cma_server_packets" lineno="16760">
 <summary>
-All of the rules required to administrate
-an setroubleshoot environment
+Send cma_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="write" weight="10"/>
 </interface>
-</module>
-<module name="shorewall" filename="policy/modules/contrib/shorewall.if">
-<summary>Shoreline Firewall high-level tool for configuring netfilter</summary>
-<interface name="shorewall_domtrans" lineno="13">
+<interface name="corenet_dontaudit_send_cma_server_packets" lineno="16779">
 <summary>
-Execute a domain transition to run shorewall.
+Do not audit attempts to send cma_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="shorewall_lib_domtrans" lineno="31">
+<interface name="corenet_receive_cma_server_packets" lineno="16798">
 <summary>
-Execute a domain transition to run shorewall.
+Receive cma_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="shorewall_read_config" lineno="49">
+<interface name="corenet_dontaudit_receive_cma_server_packets" lineno="16817">
 <summary>
-Read shorewall etc configuration files.
+Do not audit attempts to receive cma_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="shorewall_read_pid_files" lineno="68">
+<interface name="corenet_sendrecv_cma_server_packets" lineno="16836">
 <summary>
-Read shorewall PID files.
+Send and receive cma_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="shorewall_rw_pid_files" lineno="87">
+<interface name="corenet_dontaudit_sendrecv_cma_server_packets" lineno="16852">
 <summary>
-Read and write shorewall PID files.
+Do not audit attempts to send and receive cma_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="shorewall_read_lib_files" lineno="106">
+<interface name="corenet_relabelto_cma_server_packets" lineno="16867">
 <summary>
-Read shorewall /var/lib files.
+Relabel packets to cma_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -17584,98 +20198,109 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="shorewall_rw_lib_files" lineno="126">
+<interface name="corenet_tcp_sendrecv_cobbler_port" lineno="16889">
 <summary>
-Read and write shorewall /var/lib files.
+Send and receive TCP traffic on the cobbler port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="shorewall_read_tmp_files" lineno="146">
+<interface name="corenet_udp_send_cobbler_port" lineno="16908">
 <summary>
-Read shorewall tmp files.
+Send UDP traffic on the cobbler port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="shorewall_admin" lineno="172">
+<interface name="corenet_dontaudit_udp_send_cobbler_port" lineno="16927">
 <summary>
-All of the rules required to administrate
-an shorewall environment
+Do not audit attempts to send UDP traffic on the cobbler port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
-<param name="role">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_cobbler_port" lineno="16946">
 <summary>
-The role to be allowed to manage the syslog domain.
+Receive UDP traffic on the cobbler port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="read" weight="10"/>
 </interface>
-</module>
-<module name="shutdown" filename="policy/modules/contrib/shutdown.if">
-<summary>System shutdown command</summary>
-<interface name="shutdown_domtrans" lineno="13">
+<interface name="corenet_dontaudit_udp_receive_cobbler_port" lineno="16965">
 <summary>
-Execute a domain transition to run shutdown.
+Do not audit attempts to receive UDP traffic on the cobbler port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="shutdown_run" lineno="43">
+<interface name="corenet_udp_sendrecv_cobbler_port" lineno="16984">
 <summary>
-Execute shutdown in the shutdown domain, and
-allow the specified role the shutdown domain.
+Send and receive UDP traffic on the cobbler port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_cobbler_port" lineno="17001">
 <summary>
-Role allowed access.
+Do not audit attempts to send and receive
+UDP traffic on the cobbler port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="shutdown_getattr_exec_files" lineno="62">
+<interface name="corenet_tcp_bind_cobbler_port" lineno="17017">
 <summary>
-Get attributes of shutdown executable.
+Bind TCP sockets to the cobbler port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="slocate" filename="policy/modules/contrib/slocate.if">
-<summary>Update database for mlocate</summary>
-<interface name="slocate_create_append_log" lineno="13">
+<interface name="corenet_udp_bind_cobbler_port" lineno="17037">
 <summary>
-Create the locate log with append mode.
+Bind UDP sockets to the cobbler port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="locate_read_lib_files" lineno="33">
+<interface name="corenet_tcp_connect_cobbler_port" lineno="17056">
 <summary>
-Read locate lib files.
+Make a TCP connection to the cobbler port.
 </summary>
 <param name="domain">
 <summary>
@@ -17683,481 +20308,523 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-</module>
-<module name="slrnpull" filename="policy/modules/contrib/slrnpull.if">
-<summary>Service for downloading news feeds the slrn newsreader.</summary>
-<interface name="slrnpull_search_spool" lineno="13">
+<interface name="corenet_send_cobbler_client_packets" lineno="17076">
 <summary>
-Allow the domain to search slrnpull spools.
+Send cobbler_client packets.
 </summary>
-<param name="pty_type">
+<param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="slrnpull_manage_spool" lineno="33">
+<interface name="corenet_dontaudit_send_cobbler_client_packets" lineno="17095">
 <summary>
-Allow the domain to create, read,
-write, and delete slrnpull spools.
+Do not audit attempts to send cobbler_client packets.
 </summary>
-<param name="pty_type">
+<param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="smartmon" filename="policy/modules/contrib/smartmon.if">
-<summary>Smart disk monitoring daemon policy</summary>
-<interface name="smartmon_read_tmp_files" lineno="13">
+<interface name="corenet_receive_cobbler_client_packets" lineno="17114">
 <summary>
-Allow caller to read smartmon temporary files.
+Receive cobbler_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="smartmon_admin" lineno="38">
+<interface name="corenet_dontaudit_receive_cobbler_client_packets" lineno="17133">
 <summary>
-All of the rules required to administrate
-an smartmon environment
+Do not audit attempts to receive cobbler_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_cobbler_client_packets" lineno="17152">
 <summary>
-Role allowed access.
+Send and receive cobbler_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="both" weight="10"/>
 </interface>
-<tunable name="smartmon_3ware" dftval="false">
-<desc>
-<p>
-Enable additional permissions needed to support
-devices on 3ware controllers.
-</p>
-</desc>
-</tunable>
-</module>
-<module name="smokeping" filename="policy/modules/contrib/smokeping.if">
-<summary>Smokeping network latency measurement.</summary>
-<interface name="smokeping_domtrans" lineno="13">
+<interface name="corenet_dontaudit_sendrecv_cobbler_client_packets" lineno="17168">
 <summary>
-Execute a domain transition to run smokeping.
+Do not audit attempts to send and receive cobbler_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="smokeping_initrc_domtrans" lineno="31">
+<interface name="corenet_relabelto_cobbler_client_packets" lineno="17183">
 <summary>
-Execute smokeping server in the smokeping domain.
+Relabel packets to cobbler_client the packet type.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="smokeping_read_pid_files" lineno="49">
+<interface name="corenet_send_cobbler_server_packets" lineno="17203">
 <summary>
-Read smokeping PID files.
+Send cobbler_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="smokeping_manage_pid_files" lineno="68">
+<interface name="corenet_dontaudit_send_cobbler_server_packets" lineno="17222">
 <summary>
-Manage smokeping PID files.
+Do not audit attempts to send cobbler_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="smokeping_getattr_lib_files" lineno="87">
+<interface name="corenet_receive_cobbler_server_packets" lineno="17241">
 <summary>
-Get attributes of smokeping lib files.
+Receive cobbler_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="smokeping_read_lib_files" lineno="106">
+<interface name="corenet_dontaudit_receive_cobbler_server_packets" lineno="17260">
 <summary>
-Read smokeping lib files.
+Do not audit attempts to receive cobbler_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="smokeping_manage_lib_files" lineno="125">
+<interface name="corenet_sendrecv_cobbler_server_packets" lineno="17279">
 <summary>
-Manage smokeping lib files.
+Send and receive cobbler_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="smokeping_admin" lineno="151">
+<interface name="corenet_dontaudit_sendrecv_cobbler_server_packets" lineno="17295">
 <summary>
-All of the rules required to administrate
-a smokeping environment
+Do not audit attempts to send and receive cobbler_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
-<param name="role">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_cobbler_server_packets" lineno="17310">
 <summary>
-Role allowed access.
+Relabel packets to cobbler_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-</module>
-<module name="smoltclient" filename="policy/modules/contrib/smoltclient.if">
-<summary>The Fedora hardware profiler client</summary>
-</module>
-<module name="snmp" filename="policy/modules/contrib/snmp.if">
-<summary>Simple network management protocol services</summary>
-<interface name="snmp_stream_connect" lineno="13">
+<interface name="corenet_tcp_sendrecv_commplex_link_port" lineno="17332">
 <summary>
-Connect to snmpd using a unix domain stream socket.
+Send and receive TCP traffic on the commplex_link port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="snmp_tcp_connect" lineno="32">
+<interface name="corenet_udp_send_commplex_link_port" lineno="17351">
 <summary>
-Use snmp over a TCP connection.  (Deprecated)
+Send UDP traffic on the commplex_link port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="snmp_udp_chat" lineno="46">
+<interface name="corenet_dontaudit_udp_send_commplex_link_port" lineno="17370">
 <summary>
-Send and receive UDP traffic to SNMP  (Deprecated)
+Do not audit attempts to send UDP traffic on the commplex_link port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="snmp_read_snmp_var_lib_files" lineno="60">
+<interface name="corenet_udp_receive_commplex_link_port" lineno="17389">
 <summary>
-Read snmpd libraries.
+Receive UDP traffic on the commplex_link port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="snmp_dontaudit_read_snmp_var_lib_files" lineno="80">
+<interface name="corenet_dontaudit_udp_receive_commplex_link_port" lineno="17408">
 <summary>
-dontaudit Read snmpd libraries.
+Do not audit attempts to receive UDP traffic on the commplex_link port.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="snmp_dontaudit_write_snmp_var_lib_files" lineno="99">
+<interface name="corenet_udp_sendrecv_commplex_link_port" lineno="17427">
 <summary>
-dontaudit write snmpd libraries files.
+Send and receive UDP traffic on the commplex_link port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_commplex_link_port" lineno="17444">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the commplex_link port.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="snmp_admin" lineno="124">
+<interface name="corenet_tcp_bind_commplex_link_port" lineno="17460">
 <summary>
-All of the rules required to administrate
-an snmp environment
+Bind TCP sockets to the commplex_link port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_commplex_link_port" lineno="17480">
+<summary>
+Bind UDP sockets to the commplex_link port.
+</summary>
+<param name="domain">
 <summary>
-The role to be allowed to manage the snmp domain.
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="snort" filename="policy/modules/contrib/snort.if">
-<summary>Snort network intrusion detection system</summary>
-<interface name="snort_domtrans" lineno="13">
+<interface name="corenet_tcp_connect_commplex_link_port" lineno="17499">
 <summary>
-Execute a domain transition to run snort.
+Make a TCP connection to the commplex_link port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="snort_admin" lineno="38">
+<interface name="corenet_send_commplex_link_client_packets" lineno="17519">
 <summary>
-All of the rules required to administrate
-an snort environment
+Send commplex_link_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_commplex_link_client_packets" lineno="17538">
 <summary>
-The role to be allowed to manage the snort domain.
+Do not audit attempts to send commplex_link_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="sosreport" filename="policy/modules/contrib/sosreport.if">
-<summary>sosreport - Generate debugging information for system</summary>
-<interface name="sosreport_domtrans" lineno="13">
+<interface name="corenet_receive_commplex_link_client_packets" lineno="17557">
 <summary>
-Execute a domain transition to run sosreport.
+Receive commplex_link_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="sosreport_run" lineno="37">
+<interface name="corenet_dontaudit_receive_commplex_link_client_packets" lineno="17576">
 <summary>
-Execute sosreport in the sosreport domain, and
-allow the specified role the sosreport domain.
+Do not audit attempts to receive commplex_link_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_commplex_link_client_packets" lineno="17595">
 <summary>
-Role allowed access.
+Send and receive commplex_link_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="sosreport_role" lineno="61">
+<interface name="corenet_dontaudit_sendrecv_commplex_link_client_packets" lineno="17611">
 <summary>
-Role access for sosreport
+Do not audit attempts to send and receive commplex_link_client packets.
 </summary>
-<param name="role">
+<param name="domain">
 <summary>
-Role allowed access
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_commplex_link_client_packets" lineno="17626">
+<summary>
+Relabel packets to commplex_link_client the packet type.
+</summary>
 <param name="domain">
 <summary>
-User domain for the role
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sosreport_read_tmp_files" lineno="85">
+<interface name="corenet_send_commplex_link_server_packets" lineno="17646">
 <summary>
-Allow the specified domain to read
-sosreport tmp files.
+Send commplex_link_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="sosreport_append_tmp_files" lineno="104">
+<interface name="corenet_dontaudit_send_commplex_link_server_packets" lineno="17665">
 <summary>
-Append sosreport tmp files.
+Do not audit attempts to send commplex_link_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="sosreport_delete_tmp_files" lineno="122">
+<interface name="corenet_receive_commplex_link_server_packets" lineno="17684">
 <summary>
-Delete sosreport tmp files.
+Receive commplex_link_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-</module>
-<module name="soundserver" filename="policy/modules/contrib/soundserver.if">
-<summary>sound server for network audio server programs, nasd, yiff, etc</summary>
-<interface name="soundserver_tcp_connect" lineno="13">
+<interface name="corenet_dontaudit_receive_commplex_link_server_packets" lineno="17703">
 <summary>
-Connect to the sound server over a TCP socket  (Deprecated)
+Do not audit attempts to receive commplex_link_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="soundserver_admin" lineno="34">
+<interface name="corenet_sendrecv_commplex_link_server_packets" lineno="17722">
 <summary>
-All of the rules required to administrate
-an soundd environment
+Send and receive commplex_link_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_commplex_link_server_packets" lineno="17738">
+<summary>
+Do not audit attempts to send and receive commplex_link_server packets.
+</summary>
+<param name="domain">
 <summary>
-The role to be allowed to manage the soundd domain.
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="spamassassin" filename="policy/modules/contrib/spamassassin.if">
-<summary>Filter used for removing unsolicited email.</summary>
-<interface name="spamassassin_role" lineno="18">
+<interface name="corenet_relabelto_commplex_link_server_packets" lineno="17753">
 <summary>
-Role access for spamassassin
+Relabel packets to commplex_link_server the packet type.
 </summary>
-<param name="role">
+<param name="domain">
 <summary>
-Role allowed access
+Domain allowed access.
 </summary>
 </param>
+</interface>
+<interface name="corenet_tcp_sendrecv_commplex_main_port" lineno="17775">
+<summary>
+Send and receive TCP traffic on the commplex_main port.
+</summary>
 <param name="domain">
 <summary>
-User domain for the role
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="spamassassin_exec" lineno="52">
+<interface name="corenet_udp_send_commplex_main_port" lineno="17794">
 <summary>
-Execute the standalone spamassassin
-program in the caller directory.
+Send UDP traffic on the commplex_main port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="spamassassin_signal_spamd" lineno="71">
+<interface name="corenet_dontaudit_udp_send_commplex_main_port" lineno="17813">
 <summary>
-Singnal the spam assassin daemon
+Do not audit attempts to send UDP traffic on the commplex_main port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="spamassassin_exec_spamd" lineno="90">
+<interface name="corenet_udp_receive_commplex_main_port" lineno="17832">
 <summary>
-Execute the spamassassin daemon
-program in the caller directory.
+Receive UDP traffic on the commplex_main port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="spamassassin_domtrans_client" lineno="108">
+<interface name="corenet_dontaudit_udp_receive_commplex_main_port" lineno="17851">
 <summary>
-Execute spamassassin client in the spamassassin client domain.
+Do not audit attempts to receive UDP traffic on the commplex_main port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="spamassassin_exec_client" lineno="127">
+<interface name="corenet_udp_sendrecv_commplex_main_port" lineno="17870">
 <summary>
-Execute the spamassassin client
-program in the caller directory.
+Send and receive UDP traffic on the commplex_main port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="spamassassin_domtrans_local_client" lineno="145">
+<interface name="corenet_dontaudit_udp_sendrecv_commplex_main_port" lineno="17887">
 <summary>
-Execute spamassassin standalone client in the user spamassassin domain.
+Do not audit attempts to send and receive
+UDP traffic on the commplex_main port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="spamassassin_read_lib_files" lineno="163">
+<interface name="corenet_tcp_bind_commplex_main_port" lineno="17903">
 <summary>
-read spamd lib files.
+Bind TCP sockets to the commplex_main port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="spamassassin_manage_lib_files" lineno="183">
+<interface name="corenet_udp_bind_commplex_main_port" lineno="17923">
 <summary>
-Create, read, write, and delete
-spamd lib files.
+Bind UDP sockets to the commplex_main port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="spamassassin_read_spamd_tmp_files" lineno="202">
+<interface name="corenet_tcp_connect_commplex_main_port" lineno="17942">
 <summary>
-Read temporary spamd file.
+Make a TCP connection to the commplex_main port.
 </summary>
 <param name="domain">
 <summary>
@@ -18165,547 +20832,523 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="spamassassin_dontaudit_getattr_spamd_tmp_sockets" lineno="221">
+<interface name="corenet_send_commplex_main_client_packets" lineno="17962">
 <summary>
-Do not audit attempts to get attributes of temporary
-spamd sockets/
+Send commplex_main_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<tunable name="spamassassin_can_network" dftval="false">
-<desc>
-<p>
-Allow user spamassassin clients to use the network.
-</p>
-</desc>
-</tunable>
-<tunable name="spamd_enable_home_dirs" dftval="true">
-<desc>
-<p>
-Allow spamd to read/write user home directories.
-</p>
-</desc>
-</tunable>
-</module>
-<module name="speedtouch" filename="policy/modules/contrib/speedtouch.if">
-<summary>Alcatel speedtouch USB ADSL modem</summary>
-</module>
-<module name="squid" filename="policy/modules/contrib/squid.if">
-<summary>Squid caching http proxy server</summary>
-<interface name="squid_domtrans" lineno="13">
+<interface name="corenet_dontaudit_send_commplex_main_client_packets" lineno="17981">
 <summary>
-Execute squid in the squid domain.
+Do not audit attempts to send commplex_main_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="squid_exec" lineno="32">
+<interface name="corenet_receive_commplex_main_client_packets" lineno="18000">
 <summary>
-Execute squid
+Receive commplex_main_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="squid_signal" lineno="50">
+<interface name="corenet_dontaudit_receive_commplex_main_client_packets" lineno="18019">
 <summary>
-Send generic signals to squid.
+Do not audit attempts to receive commplex_main_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="squid_rw_stream_sockets" lineno="69">
+<interface name="corenet_sendrecv_commplex_main_client_packets" lineno="18038">
 <summary>
-Allow read and write squid
-unix domain stream sockets.
+Send and receive commplex_main_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="squid_dontaudit_search_cache" lineno="88">
+<interface name="corenet_dontaudit_sendrecv_commplex_main_client_packets" lineno="18054">
 <summary>
-Do not audit attempts to search squid cache dirs
+Do not audit attempts to send and receive commplex_main_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-<interface name="squid_read_config" lineno="107">
+<interface name="corenet_relabelto_commplex_main_client_packets" lineno="18069">
 <summary>
-Read squid configuration file.
+Relabel packets to commplex_main_client the packet type.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="squid_read_log" lineno="127">
+<interface name="corenet_send_commplex_main_server_packets" lineno="18089">
 <summary>
-Append squid logs.
+Send commplex_main_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="squid_append_log" lineno="146">
+<interface name="corenet_dontaudit_send_commplex_main_server_packets" lineno="18108">
 <summary>
-Append squid logs.
+Do not audit attempts to send commplex_main_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="squid_manage_logs" lineno="167">
+<interface name="corenet_receive_commplex_main_server_packets" lineno="18127">
 <summary>
-Create, read, write, and delete
-squid logs.
+Receive commplex_main_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="squid_use" lineno="186">
+<interface name="corenet_dontaudit_receive_commplex_main_server_packets" lineno="18146">
 <summary>
-Use squid services by connecting over TCP.  (Deprecated)
+Do not audit attempts to receive commplex_main_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="squid_admin" lineno="207">
+<interface name="corenet_sendrecv_commplex_main_server_packets" lineno="18165">
 <summary>
-All of the rules required to administrate
-an squid environment
+Send and receive commplex_main_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
-<summary>
-The role to be allowed to manage the squid domain.
-</summary>
-</param>
-<rolecap/>
+<infoflow type="both" weight="10"/>
 </interface>
-<tunable name="squid_connect_any" dftval="false">
-<desc>
-<p>
-Allow squid to connect to all ports, not just
-HTTP, FTP, and Gopher ports.
-</p>
-</desc>
-</tunable>
-<tunable name="squid_use_tproxy" dftval="false">
-<desc>
-<p>
-Allow squid to run as a transparent proxy (TPROXY)
-</p>
-</desc>
-</tunable>
-</module>
-<module name="sssd" filename="policy/modules/contrib/sssd.if">
-<summary>System Security Services Daemon</summary>
-<interface name="sssd_domtrans" lineno="13">
+<interface name="corenet_dontaudit_sendrecv_commplex_main_server_packets" lineno="18181">
 <summary>
-Execute a domain transition to run sssd.
+Do not audit attempts to send and receive commplex_main_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="sssd_initrc_domtrans" lineno="31">
+<interface name="corenet_relabelto_commplex_main_server_packets" lineno="18196">
 <summary>
-Execute sssd server in the sssd domain.
+Relabel packets to commplex_main_server the packet type.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sssd_read_public_files" lineno="49">
+<interface name="corenet_tcp_sendrecv_comsat_port" lineno="18218">
 <summary>
-Read sssd public files.
+Send and receive TCP traffic on the comsat port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="sssd_read_pid_files" lineno="68">
+<interface name="corenet_udp_send_comsat_port" lineno="18237">
 <summary>
-Read sssd PID files.
+Send UDP traffic on the comsat port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="sssd_manage_pids" lineno="87">
+<interface name="corenet_dontaudit_udp_send_comsat_port" lineno="18256">
 <summary>
-Manage sssd var_run files.
+Do not audit attempts to send UDP traffic on the comsat port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="sssd_search_lib" lineno="106">
+<interface name="corenet_udp_receive_comsat_port" lineno="18275">
 <summary>
-Search sssd lib directories.
+Receive UDP traffic on the comsat port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="sssd_dontaudit_search_lib" lineno="125">
+<interface name="corenet_dontaudit_udp_receive_comsat_port" lineno="18294">
 <summary>
-Do not audit attempts to search sssd lib directories.
+Do not audit attempts to receive UDP traffic on the comsat port.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="sssd_read_lib_files" lineno="144">
+<interface name="corenet_udp_sendrecv_comsat_port" lineno="18313">
 <summary>
-Read sssd lib files.
+Send and receive UDP traffic on the comsat port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="sssd_manage_lib_files" lineno="164">
+<interface name="corenet_dontaudit_udp_sendrecv_comsat_port" lineno="18330">
 <summary>
-Create, read, write, and delete
-sssd lib files.
+Do not audit attempts to send and receive
+UDP traffic on the comsat port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="sssd_dbus_chat" lineno="184">
+<interface name="corenet_tcp_bind_comsat_port" lineno="18346">
 <summary>
-Send and receive messages from
-sssd over dbus.
+Bind TCP sockets to the comsat port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="sssd_stream_connect" lineno="204">
+<interface name="corenet_udp_bind_comsat_port" lineno="18366">
 <summary>
-Connect to sssd over an unix stream socket.
+Bind UDP sockets to the comsat port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="sssd_admin" lineno="235">
+<interface name="corenet_tcp_connect_comsat_port" lineno="18385">
 <summary>
-All of the rules required to administrate
-an sssd environment
+Make a TCP connection to the comsat port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="corenet_send_comsat_client_packets" lineno="18405">
 <summary>
-The role to be allowed to manage the sssd domain.
+Send comsat_client packets.
 </summary>
-</param>
-<param name="terminal">
+<param name="domain">
 <summary>
-The type of the user terminal.
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="write" weight="10"/>
 </interface>
-</module>
-<module name="stunnel" filename="policy/modules/contrib/stunnel.if">
-<summary>SSL Tunneling Proxy</summary>
-<interface name="stunnel_service_domain" lineno="18">
+<interface name="corenet_dontaudit_send_comsat_client_packets" lineno="18424">
 <summary>
-Define the specified domain as a stunnel inetd service.
+Do not audit attempts to send comsat_client packets.
 </summary>
 <param name="domain">
 <summary>
-The type associated with the stunnel inetd service process.
-</summary>
-</param>
-<param name="entrypoint">
-<summary>
-The type associated with the process program.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="sxid" filename="policy/modules/contrib/sxid.if">
-<summary>SUID/SGID program monitoring</summary>
-<interface name="sxid_read_log" lineno="15">
+<interface name="corenet_receive_comsat_client_packets" lineno="18443">
 <summary>
-Allow the specified domain to read
-sxid log files.
+Receive comsat_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="read" weight="10"/>
 </interface>
-</module>
-<module name="sysstat" filename="policy/modules/contrib/sysstat.if">
-<summary>Policy for sysstat. Reports on various system states</summary>
-<interface name="sysstat_manage_log" lineno="14">
+<interface name="corenet_dontaudit_receive_comsat_client_packets" lineno="18462">
 <summary>
-Manage sysstat logs.
+Do not audit attempts to receive comsat_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="tcpd" filename="policy/modules/contrib/tcpd.if">
-<summary>Policy for TCP daemon.</summary>
-<interface name="tcpd_domtrans" lineno="13">
+<interface name="corenet_sendrecv_comsat_client_packets" lineno="18481">
 <summary>
-Execute tcpd in the tcpd domain.
+Send and receive comsat_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="tcpd_wrapped_domain" lineno="37">
+<interface name="corenet_dontaudit_sendrecv_comsat_client_packets" lineno="18497">
 <summary>
-Create a domain for services that
-utilize tcp wrappers.
+Do not audit attempts to send and receive comsat_client packets.
 </summary>
 <param name="domain">
 <summary>
-Type to be used as a domain.
+Domain to not audit.
 </summary>
 </param>
-<param name="entry_point">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_comsat_client_packets" lineno="18512">
 <summary>
-Type of the program to be used as an entry point to this domain.
+Relabel packets to comsat_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
 </interface>
-</module>
-<module name="tcsd" filename="policy/modules/contrib/tcsd.if">
-<summary>TSS Core Services (TCS) daemon (tcsd) policy</summary>
-<interface name="tcsd_domtrans" lineno="13">
+<interface name="corenet_send_comsat_server_packets" lineno="18532">
 <summary>
-Execute a domain transition to run tcsd.
+Send comsat_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="tcsd_initrc_domtrans" lineno="31">
+<interface name="corenet_dontaudit_send_comsat_server_packets" lineno="18551">
 <summary>
-Execute tcsd server in the tcsd domain.
+Do not audit attempts to send comsat_server packets.
 </summary>
 <param name="domain">
 <summary>
-The type of the process performing this action.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="tcsd_search_lib" lineno="49">
+<interface name="corenet_receive_comsat_server_packets" lineno="18570">
 <summary>
-Search tcsd lib directories.
+Receive comsat_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="tcsd_manage_lib_dirs" lineno="68">
+<interface name="corenet_dontaudit_receive_comsat_server_packets" lineno="18589">
 <summary>
-Manage tcsd lib dirs files.
+Do not audit attempts to receive comsat_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="tcsd_read_lib_files" lineno="87">
+<interface name="corenet_sendrecv_comsat_server_packets" lineno="18608">
 <summary>
-Read tcsd lib files.
+Send and receive comsat_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="tcsd_manage_lib_files" lineno="107">
+<interface name="corenet_dontaudit_sendrecv_comsat_server_packets" lineno="18624">
 <summary>
-Create, read, write, and delete
-tcsd lib files.
+Do not audit attempts to send and receive comsat_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="tcsd_admin" lineno="133">
+<interface name="corenet_relabelto_comsat_server_packets" lineno="18639">
 <summary>
-All of the rules required to administrate
-an tcsd environment
+Relabel packets to comsat_server the packet type.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="corenet_tcp_sendrecv_condor_port" lineno="18661">
 <summary>
-Role allowed access.
+Send and receive TCP traffic on the condor port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="both" weight="10"/>
 </interface>
-</module>
-<module name="telepathy" filename="policy/modules/contrib/telepathy.if">
-<summary>Telepathy communications framework.</summary>
-<template name="telepathy_domain_template" lineno="15">
+<interface name="corenet_udp_send_condor_port" lineno="18680">
 <summary>
-Creates basic types for telepathy
-domain
+Send UDP traffic on the condor port.
 </summary>
-<param name="prefix">
+<param name="domain">
 <summary>
-Prefix for the domain.
+Domain allowed access.
 </summary>
 </param>
-</template>
-<template name="telepathy_role" lineno="48">
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_condor_port" lineno="18699">
 <summary>
-Role access for telepathy domains
+Do not audit attempts to send UDP traffic on the condor port.
 </summary>
-<param name="user_role">
+<param name="domain">
 <summary>
-The role associated with the user domain.
+Domain to not audit.
 </summary>
 </param>
-<param name="user_domain">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_condor_port" lineno="18718">
 <summary>
-The type of the user domain.
+Receive UDP traffic on the condor port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-</template>
-<interface name="telepathy_gabble_stream_connect" lineno="91">
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_condor_port" lineno="18737">
 <summary>
-Stream connect to Telepathy Gabble
+Do not audit attempts to receive UDP traffic on the condor port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="telepathy_gabble_dbus_chat" lineno="111">
+<interface name="corenet_udp_sendrecv_condor_port" lineno="18756">
 <summary>
-Send DBus messages to and from
-Telepathy Gabble.
+Send and receive UDP traffic on the condor port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="telepathy_mission_control_read_state" lineno="136">
+<interface name="corenet_dontaudit_udp_sendrecv_condor_port" lineno="18773">
 <summary>
-Read telepathy mission control state.
+Do not audit attempts to send and receive
+UDP traffic on the condor port.
 </summary>
-<param name="role_prefix">
+<param name="domain">
 <summary>
-Prefix to be used.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_condor_port" lineno="18789">
+<summary>
+Bind TCP sockets to the condor port.
+</summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="telepathy_msn_stream_connect" lineno="155">
+<interface name="corenet_udp_bind_condor_port" lineno="18809">
 <summary>
-Stream connect to telepathy MSN managers
+Bind UDP sockets to the condor port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="telepathy_salut_stream_connect" lineno="174">
+<interface name="corenet_tcp_connect_condor_port" lineno="18828">
 <summary>
-Stream connect to Telepathy Salut
+Make a TCP connection to the condor port.
 </summary>
 <param name="domain">
 <summary>
@@ -18713,325 +21356,261 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<tunable name="telepathy_tcp_connect_generic_network_ports" dftval="false">
-<desc>
-<p>
-Allow the Telepathy connection managers
-to connect to any generic TCP port.
-</p>
-</desc>
-</tunable>
-<tunable name="telepathy_connect_all_ports" dftval="false">
-<desc>
-<p>
-Allow the Telepathy connection managers
-to connect to any network port.
-</p>
-</desc>
-</tunable>
-</module>
-<module name="telnet" filename="policy/modules/contrib/telnet.if">
-<summary>Telnet daemon</summary>
-</module>
-<module name="tftp" filename="policy/modules/contrib/tftp.if">
-<summary>Trivial file transfer protocol daemon</summary>
-<interface name="tftp_read_content" lineno="13">
+<interface name="corenet_send_condor_client_packets" lineno="18848">
 <summary>
-Read tftp content
+Send condor_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="tftp_manage_rw_content" lineno="31">
+<interface name="corenet_dontaudit_send_condor_client_packets" lineno="18867">
 <summary>
-Manage tftp /var/lib files.
+Do not audit attempts to send condor_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="tftp_admin" lineno="53">
+<interface name="corenet_receive_condor_client_packets" lineno="18886">
 <summary>
-All of the rules required to administrate
-an tftp environment
+Receive condor_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="read" weight="10"/>
 </interface>
-<tunable name="tftp_anon_write" dftval="false">
-<desc>
-<p>
-Allow tftp to modify public files
-used for public file transfer services.
-</p>
-</desc>
-</tunable>
-</module>
-<module name="tgtd" filename="policy/modules/contrib/tgtd.if">
-<summary>Linux Target Framework Daemon.</summary>
-<desc>
-<p>
-Linux target framework (tgt) aims to simplify various
-SCSI target driver (iSCSI, Fibre Channel, SRP, etc) creation
-and maintenance. Our key goals are the clean integration into
-the scsi-mid layer and implementing a great portion of tgt
-in user space.
-</p>
-</desc>
-<interface name="tgtd_rw_semaphores" lineno="22">
+<interface name="corenet_dontaudit_receive_condor_client_packets" lineno="18905">
 <summary>
-Allow read and write access to tgtd semaphores.
+Do not audit attempts to receive condor_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="tgtd_manage_semaphores" lineno="40">
+<interface name="corenet_sendrecv_condor_client_packets" lineno="18924">
 <summary>
-Manage tgtd sempaphores.
+Send and receive condor_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-</module>
-<module name="thunderbird" filename="policy/modules/contrib/thunderbird.if">
-<summary>Thunderbird email client</summary>
-<interface name="thunderbird_role" lineno="18">
-<summary>
-Role access for thunderbird
-</summary>
-<param name="role">
+<interface name="corenet_dontaudit_sendrecv_condor_client_packets" lineno="18940">
 <summary>
-Role allowed access
+Do not audit attempts to send and receive condor_client packets.
 </summary>
-</param>
 <param name="domain">
 <summary>
-User domain for the role
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="thunderbird_domtrans" lineno="57">
+<interface name="corenet_relabelto_condor_client_packets" lineno="18955">
 <summary>
-Run thunderbird in the user thunderbird domain.
+Relabel packets to condor_client the packet type.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-</module>
-<module name="timidity" filename="policy/modules/contrib/timidity.if">
-<summary>MIDI to WAV converter and player configured as a service</summary>
-</module>
-<module name="tmpreaper" filename="policy/modules/contrib/tmpreaper.if">
-<summary>Manage temporary directory sizes and file ages</summary>
-<interface name="tmpreaper_exec" lineno="13">
+<interface name="corenet_send_condor_server_packets" lineno="18975">
 <summary>
-Execute tmpreaper in the caller domain.
+Send condor_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-</module>
-<module name="tor" filename="policy/modules/contrib/tor.if">
-<summary>TOR, the onion router</summary>
-<interface name="tor_domtrans" lineno="13">
+<interface name="corenet_dontaudit_send_condor_server_packets" lineno="18994">
 <summary>
-Execute a domain transition to run TOR.
+Do not audit attempts to send condor_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="tor_admin" lineno="38">
+<interface name="corenet_receive_condor_server_packets" lineno="19013">
 <summary>
-All of the rules required to administrate
-an tor environment
+Receive condor_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
-<summary>
-The role to be allowed to manage the tor domain.
-</summary>
-</param>
-<rolecap/>
+<infoflow type="read" weight="10"/>
 </interface>
-<tunable name="tor_bind_all_unreserved_ports" dftval="false">
-<desc>
-<p>
-Allow tor daemon to bind
-tcp sockets to all unreserved ports.
-</p>
-</desc>
-</tunable>
-</module>
-<module name="transproxy" filename="policy/modules/contrib/transproxy.if">
-<summary>HTTP transperant proxy</summary>
-</module>
-<module name="tripwire" filename="policy/modules/contrib/tripwire.if">
-<summary>Tripwire file integrity checker.</summary>
-<desc>
-<p>
-Tripwire file integrity checker.
-</p>
-<p>
-NOTE: Tripwire creates temp file in its current working directory.
-This policy does not allow write access to home directories, so
-users will need to either cd to a directory where they have write
-permission, or set the TEMPDIRECTORY variable in the tripwire config
-file.  The latter is preferable, as then the file_type_auto_trans
-rules will kick in and label the files as private to tripwire.
-</p>
-</desc>
-<interface name="tripwire_domtrans_tripwire" lineno="26">
+<interface name="corenet_dontaudit_receive_condor_server_packets" lineno="19032">
 <summary>
-Execute tripwire in the tripwire domain.
+Do not audit attempts to receive condor_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="tripwire_run_tripwire" lineno="51">
+<interface name="corenet_sendrecv_condor_server_packets" lineno="19051">
 <summary>
-Execute tripwire in the tripwire domain, and
-allow the specified role the tripwire domain.
+Send and receive condor_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_condor_server_packets" lineno="19067">
 <summary>
-Role allowed access.
+Do not audit attempts to send and receive condor_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-<interface name="tripwire_domtrans_twadmin" lineno="70">
+<interface name="corenet_relabelto_condor_server_packets" lineno="19082">
 <summary>
-Execute twadmin in the twadmin domain.
+Relabel packets to condor_server the packet type.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="tripwire_run_twadmin" lineno="95">
+<interface name="corenet_tcp_sendrecv_couchdb_port" lineno="19104">
 <summary>
-Execute twadmin in the twadmin domain, and
-allow the specified role the twadmin domain.
+Send and receive TCP traffic on the couchdb port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_couchdb_port" lineno="19123">
 <summary>
-Role allowed access.
+Send UDP traffic on the couchdb port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="tripwire_domtrans_twprint" lineno="114">
+<interface name="corenet_dontaudit_udp_send_couchdb_port" lineno="19142">
 <summary>
-Execute twprint in the twprint domain.
+Do not audit attempts to send UDP traffic on the couchdb port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="tripwire_run_twprint" lineno="139">
+<interface name="corenet_udp_receive_couchdb_port" lineno="19161">
 <summary>
-Execute twprint in the twprint domain, and
-allow the specified role the twprint domain.
+Receive UDP traffic on the couchdb port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_couchdb_port" lineno="19180">
 <summary>
-Role allowed access.
+Do not audit attempts to receive UDP traffic on the couchdb port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-<interface name="tripwire_domtrans_siggen" lineno="158">
+<interface name="corenet_udp_sendrecv_couchdb_port" lineno="19199">
 <summary>
-Execute siggen in the siggen domain.
+Send and receive UDP traffic on the couchdb port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="tripwire_run_siggen" lineno="183">
+<interface name="corenet_dontaudit_udp_sendrecv_couchdb_port" lineno="19216">
 <summary>
-Execute siggen in the siggen domain, and
-allow the specified role the siggen domain.
+Do not audit attempts to send and receive
+UDP traffic on the couchdb port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
-<param name="role">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_couchdb_port" lineno="19232">
 <summary>
-Role allowed access.
+Bind TCP sockets to the couchdb port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="tuned" filename="policy/modules/contrib/tuned.if">
-<summary>Dynamic adaptive system tuning daemon</summary>
-<interface name="tuned_domtrans" lineno="13">
+<interface name="corenet_udp_bind_couchdb_port" lineno="19252">
 <summary>
-Execute a domain transition to run tuned.
+Bind UDP sockets to the couchdb port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="tuned_exec" lineno="31">
+<interface name="corenet_tcp_connect_couchdb_port" lineno="19271">
 <summary>
-Execute tuned in the caller domain.
+Make a TCP connection to the couchdb port.
 </summary>
 <param name="domain">
 <summary>
@@ -19039,505 +21618,523 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="tuned_read_pid_files" lineno="50">
+<interface name="corenet_send_couchdb_client_packets" lineno="19291">
 <summary>
-Read tuned PID files.
+Send couchdb_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="tuned_manage_pid_files" lineno="69">
+<interface name="corenet_dontaudit_send_couchdb_client_packets" lineno="19310">
 <summary>
-Manage tuned PID files.
+Do not audit attempts to send couchdb_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="tuned_initrc_domtrans" lineno="88">
+<interface name="corenet_receive_couchdb_client_packets" lineno="19329">
 <summary>
-Execute tuned server in the tuned domain.
+Receive couchdb_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="tuned_admin" lineno="113">
+<interface name="corenet_dontaudit_receive_couchdb_client_packets" lineno="19348">
 <summary>
-All of the rules required to administrate
-an tuned environment
+Do not audit attempts to receive couchdb_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_couchdb_client_packets" lineno="19367">
 <summary>
-Role allowed access.
+Send and receive couchdb_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="both" weight="10"/>
 </interface>
-</module>
-<module name="tvtime" filename="policy/modules/contrib/tvtime.if">
-<summary> tvtime - a high quality television application </summary>
-<interface name="tvtime_role" lineno="18">
+<interface name="corenet_dontaudit_sendrecv_couchdb_client_packets" lineno="19383">
 <summary>
-Role access for tvtime
+Do not audit attempts to send and receive couchdb_client packets.
 </summary>
-<param name="role">
+<param name="domain">
 <summary>
-Role allowed access
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_couchdb_client_packets" lineno="19398">
+<summary>
+Relabel packets to couchdb_client the packet type.
+</summary>
 <param name="domain">
 <summary>
-User domain for the role
+Domain allowed access.
 </summary>
 </param>
 </interface>
-</module>
-<module name="tzdata" filename="policy/modules/contrib/tzdata.if">
-<summary>Time zone updater</summary>
-<interface name="tzdata_domtrans" lineno="13">
+<interface name="corenet_send_couchdb_server_packets" lineno="19418">
 <summary>
-Execute a domain transition to run tzdata.
+Send couchdb_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="tzdata_run" lineno="38">
+<interface name="corenet_dontaudit_send_couchdb_server_packets" lineno="19437">
 <summary>
-Execute the tzdata program in the tzdata domain.
+Do not audit attempts to send couchdb_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
-<param name="role">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_couchdb_server_packets" lineno="19456">
+<summary>
+Receive couchdb_server packets.
+</summary>
+<param name="domain">
 <summary>
-The role to allow the tzdata domain.
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="read" weight="10"/>
 </interface>
-</module>
-<module name="ucspitcp" filename="policy/modules/contrib/ucspitcp.if">
-<summary>ucspitcp policy</summary>
-<desc>
-<p>
-Policy for DJB's ucspi-tcpd
-</p>
-</desc>
-<interface name="ucspitcp_service_domain" lineno="23">
+<interface name="corenet_dontaudit_receive_couchdb_server_packets" lineno="19475">
 <summary>
-Define a specified domain as a ucspitcp service.
+Do not audit attempts to receive couchdb_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="entrypoint">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_couchdb_server_packets" lineno="19494">
 <summary>
-The type associated with the process program.
+Send and receive couchdb_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-</module>
-<module name="ulogd" filename="policy/modules/contrib/ulogd.if">
-<summary>Iptables/netfilter userspace logging daemon.</summary>
-<interface name="ulogd_domtrans" lineno="13">
+<interface name="corenet_dontaudit_sendrecv_couchdb_server_packets" lineno="19510">
 <summary>
-Execute a domain transition to run ulogd.
+Do not audit attempts to send and receive couchdb_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="ulogd_read_config" lineno="33">
+<interface name="corenet_relabelto_couchdb_server_packets" lineno="19525">
 <summary>
-Allow the specified domain to read
-ulogd configuration files.
+Relabel packets to couchdb_server the packet type.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="ulogd_read_log" lineno="53">
+<interface name="corenet_tcp_sendrecv_cslistener_port" lineno="19547">
 <summary>
-Allow the specified domain to read ulogd's log files.
+Send and receive TCP traffic on the cslistener port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="ulogd_search_log" lineno="73">
+<interface name="corenet_udp_send_cslistener_port" lineno="19566">
 <summary>
-Allow the specified domain to search ulogd's log files.
+Send UDP traffic on the cslistener port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="ulogd_append_log" lineno="93">
+<interface name="corenet_dontaudit_udp_send_cslistener_port" lineno="19585">
 <summary>
-Allow the specified domain to append to ulogd's log files.
+Do not audit attempts to send UDP traffic on the cslistener port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-<interface name="ulogd_admin" lineno="120">
+<interface name="corenet_udp_receive_cslistener_port" lineno="19604">
 <summary>
-All of the rules required to administrate
-an ulogd environment
+Receive UDP traffic on the cslistener port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_cslistener_port" lineno="19623">
 <summary>
-The role to be allowed to manage the syslog domain.
+Do not audit attempts to receive UDP traffic on the cslistener port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="uml" filename="policy/modules/contrib/uml.if">
-<summary>Policy for UML</summary>
-<interface name="uml_role" lineno="18">
+<interface name="corenet_udp_sendrecv_cslistener_port" lineno="19642">
 <summary>
-Role access for uml
+Send and receive UDP traffic on the cslistener port.
 </summary>
-<param name="role">
+<param name="domain">
 <summary>
-Role allowed access
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_cslistener_port" lineno="19659">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the cslistener port.
+</summary>
 <param name="domain">
 <summary>
-User domain for the role
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="uml_setattr_util_sockets" lineno="74">
+<interface name="corenet_tcp_bind_cslistener_port" lineno="19675">
 <summary>
-Set attributes on uml utility socket files.
+Bind TCP sockets to the cslistener port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="uml_manage_util_files" lineno="92">
+<interface name="corenet_udp_bind_cslistener_port" lineno="19695">
 <summary>
-Manage uml utility files.
+Bind UDP sockets to the cslistener port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="updfstab" filename="policy/modules/contrib/updfstab.if">
-<summary>Red Hat utility to change /etc/fstab.</summary>
-<interface name="updfstab_domtrans" lineno="13">
+<interface name="corenet_tcp_connect_cslistener_port" lineno="19714">
 <summary>
-Execute updfstab in the updfstab domain.
+Make a TCP connection to the cslistener port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-</module>
-<module name="uptime" filename="policy/modules/contrib/uptime.if">
-<summary>Uptime daemon</summary>
-</module>
-<module name="usbmodules" filename="policy/modules/contrib/usbmodules.if">
-<summary>List kernel modules of USB devices</summary>
-<interface name="usbmodules_domtrans" lineno="13">
+<interface name="corenet_send_cslistener_client_packets" lineno="19734">
 <summary>
-Execute usbmodules in the usbmodules domain.
+Send cslistener_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="usbmodules_run" lineno="39">
+<interface name="corenet_dontaudit_send_cslistener_client_packets" lineno="19753">
 <summary>
-Execute usbmodules in the usbmodules domain, and
-allow the specified role the usbmodules domain,
-and use the caller's terminal.
+Do not audit attempts to send cslistener_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
-<param name="role">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_cslistener_client_packets" lineno="19772">
 <summary>
-Role allowed access.
+Receive cslistener_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="read" weight="10"/>
 </interface>
-</module>
-<module name="usbmuxd" filename="policy/modules/contrib/usbmuxd.if">
-<summary>USB multiplexing daemon for communicating with Apple iPod Touch and iPhone</summary>
-<interface name="usbmuxd_domtrans" lineno="13">
+<interface name="corenet_dontaudit_receive_cslistener_client_packets" lineno="19791">
 <summary>
-Execute a domain transition to run usbmuxd.
+Do not audit attempts to receive cslistener_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="usbmuxd_stream_connect" lineno="32">
+<interface name="corenet_sendrecv_cslistener_client_packets" lineno="19810">
 <summary>
-Connect to usbmuxd over a unix domain
-stream socket.
+Send and receive cslistener_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-</module>
-<module name="userhelper" filename="policy/modules/contrib/userhelper.if">
-<summary>SELinux utility to run a shell with a new role</summary>
-<template name="userhelper_role_template" lineno="24">
+<interface name="corenet_dontaudit_sendrecv_cslistener_client_packets" lineno="19826">
 <summary>
-The role template for the userhelper module.
+Do not audit attempts to send and receive cslistener_client packets.
 </summary>
-<param name="userrole_prefix">
+<param name="domain">
 <summary>
-The prefix of the user role (e.g., user
-is the prefix for user_r).
+Domain to not audit.
 </summary>
 </param>
-<param name="user_role">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_cslistener_client_packets" lineno="19841">
 <summary>
-The user role.
+Relabel packets to cslistener_client the packet type.
 </summary>
-</param>
-<param name="user_domain">
+<param name="domain">
 <summary>
-The user domain associated with the role.
+Domain allowed access.
 </summary>
 </param>
-</template>
-<interface name="userhelper_search_config" lineno="178">
+</interface>
+<interface name="corenet_send_cslistener_server_packets" lineno="19861">
 <summary>
-Search the userhelper configuration directory.
+Send cslistener_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="userhelper_dontaudit_search_config" lineno="197">
+<interface name="corenet_dontaudit_send_cslistener_server_packets" lineno="19880">
 <summary>
-Do not audit attempts to search
-the userhelper configuration directory.
+Do not audit attempts to send cslistener_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="userhelper_use_fd" lineno="215">
+<interface name="corenet_receive_cslistener_server_packets" lineno="19899">
 <summary>
-Allow domain to use userhelper file descriptor.
+Receive cslistener_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="userhelper_sigchld" lineno="233">
+<interface name="corenet_dontaudit_receive_cslistener_server_packets" lineno="19918">
 <summary>
-Allow domain to send sigchld to userhelper.
+Do not audit attempts to receive cslistener_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="userhelper_exec" lineno="251">
+<interface name="corenet_sendrecv_cslistener_server_packets" lineno="19937">
 <summary>
-Execute the userhelper program in the caller domain.
+Send and receive cslistener_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-</module>
-<module name="usernetctl" filename="policy/modules/contrib/usernetctl.if">
-<summary>User network interface configuration helper</summary>
-<interface name="usernetctl_domtrans" lineno="13">
+<interface name="corenet_dontaudit_sendrecv_cslistener_server_packets" lineno="19953">
 <summary>
-Execute usernetctl in the usernetctl domain.
+Do not audit attempts to send and receive cslistener_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="usernetctl_run" lineno="38">
+<interface name="corenet_relabelto_cslistener_server_packets" lineno="19968">
 <summary>
-Execute usernetctl in the usernetctl domain, and
-allow the specified role the usernetctl domain.
+Relabel packets to cslistener_server the packet type.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="corenet_tcp_sendrecv_ctdb_port" lineno="19990">
 <summary>
-Role allowed access.
+Send and receive TCP traffic on the ctdb port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="both" weight="10"/>
 </interface>
-</module>
-<module name="uucp" filename="policy/modules/contrib/uucp.if">
-<summary>Unix to Unix Copy</summary>
-<interface name="uucp_domtrans" lineno="14">
+<interface name="corenet_udp_send_ctdb_port" lineno="20009">
 <summary>
-Execute the uucico program in the
-uucpd_t domain.
+Send UDP traffic on the ctdb port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="uucp_append_log" lineno="33">
+<interface name="corenet_dontaudit_udp_send_ctdb_port" lineno="20028">
 <summary>
-Allow the specified domain to append
-to uucp log files.
+Do not audit attempts to send UDP traffic on the ctdb port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="uucp_manage_spool" lineno="53">
+<interface name="corenet_udp_receive_ctdb_port" lineno="20047">
 <summary>
-Create, read, write, and delete uucp spool files.
+Receive UDP traffic on the ctdb port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="uucp_domtrans_uux" lineno="75">
+<interface name="corenet_dontaudit_udp_receive_ctdb_port" lineno="20066">
 <summary>
-Execute the master uux program in the
-uux_t domain.
+Do not audit attempts to receive UDP traffic on the ctdb port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="uucp_admin" lineno="95">
+<interface name="corenet_udp_sendrecv_ctdb_port" lineno="20085">
 <summary>
-All of the rules required to administrate
-an uucp environment
+Send and receive UDP traffic on the ctdb port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="both" weight="10"/>
 </interface>
-</module>
-<module name="uuidd" filename="policy/modules/contrib/uuidd.if">
-<summary>policy for uuidd</summary>
-<interface name="uuidd_domtrans" lineno="13">
+<interface name="corenet_dontaudit_udp_sendrecv_ctdb_port" lineno="20102">
 <summary>
-Transition to uuidd.
+Do not audit attempts to send and receive
+UDP traffic on the ctdb port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="uuidd_initrc_domtrans" lineno="32">
+<interface name="corenet_tcp_bind_ctdb_port" lineno="20118">
 <summary>
-Execute uuidd server in the uuidd domain.
+Bind TCP sockets to the ctdb port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="uuidd_search_lib" lineno="50">
+<interface name="corenet_udp_bind_ctdb_port" lineno="20138">
 <summary>
-Search uuidd lib directories.
+Bind UDP sockets to the ctdb port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="uuidd_read_lib_files" lineno="69">
+<interface name="corenet_tcp_connect_ctdb_port" lineno="20157">
 <summary>
-Read uuidd lib files.
+Make a TCP connection to the ctdb port.
 </summary>
 <param name="domain">
 <summary>
@@ -19545,132 +22142,151 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="uuidd_manage_lib_files" lineno="88">
+<interface name="corenet_send_ctdb_client_packets" lineno="20177">
 <summary>
-Manage uuidd lib files.
+Send ctdb_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="uuidd_manage_lib_dirs" lineno="107">
+<interface name="corenet_dontaudit_send_ctdb_client_packets" lineno="20196">
 <summary>
-Manage uuidd lib directories.
+Do not audit attempts to send ctdb_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="uuidd_read_pid_files" lineno="126">
+<interface name="corenet_receive_ctdb_client_packets" lineno="20215">
 <summary>
-Read uuidd PID files.
+Receive ctdb_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="uuidd_stream_connect_manager" lineno="145">
+<interface name="corenet_dontaudit_receive_ctdb_client_packets" lineno="20234">
 <summary>
-Connect to uuidd over an unix stream socket.
+Do not audit attempts to receive ctdb_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="uuidd_admin" lineno="171">
+<interface name="corenet_sendrecv_ctdb_client_packets" lineno="20253">
 <summary>
-All of the rules required to administrate
-an uuidd environment
+Send and receive ctdb_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_ctdb_client_packets" lineno="20269">
 <summary>
-Role allowed access.
+Do not audit attempts to send and receive ctdb_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="uwimap" filename="policy/modules/contrib/uwimap.if">
-<summary>University of Washington IMAP toolkit POP3 and IMAP mail server</summary>
-<interface name="uwimap_domtrans" lineno="13">
+<interface name="corenet_relabelto_ctdb_client_packets" lineno="20284">
 <summary>
-Execute the UW IMAP/POP3 servers with a domain transition.
+Relabel packets to ctdb_client the packet type.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-</module>
-<module name="varnishd" filename="policy/modules/contrib/varnishd.if">
-<summary>Varnishd http accelerator daemon</summary>
-<interface name="varnishd_domtrans" lineno="13">
+<interface name="corenet_send_ctdb_server_packets" lineno="20304">
 <summary>
-Execute varnishd in the varnishd domain.
+Send ctdb_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="varnishd_exec" lineno="32">
+<interface name="corenet_dontaudit_send_ctdb_server_packets" lineno="20323">
 <summary>
-Execute varnishd
+Do not audit attempts to send ctdb_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="varnishd_read_config" lineno="50">
+<interface name="corenet_receive_ctdb_server_packets" lineno="20342">
 <summary>
-Read varnishd configuration file.
+Receive ctdb_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="varnishd_read_lib_files" lineno="69">
+<interface name="corenet_dontaudit_receive_ctdb_server_packets" lineno="20361">
 <summary>
-Read varnish lib files.
+Do not audit attempts to receive ctdb_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="varnishd_read_log" lineno="88">
+<interface name="corenet_sendrecv_ctdb_server_packets" lineno="20380">
 <summary>
-Read varnish logs.
+Send and receive ctdb_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_ctdb_server_packets" lineno="20396">
+<summary>
+Do not audit attempts to send and receive ctdb_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
 </interface>
-<interface name="varnishd_append_log" lineno="107">
+<interface name="corenet_relabelto_ctdb_server_packets" lineno="20411">
 <summary>
-Append varnish logs.
+Relabel packets to ctdb_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -19678,110 +22294,109 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="varnishd_manage_log" lineno="126">
+<interface name="corenet_tcp_sendrecv_cvs_port" lineno="20433">
 <summary>
-Manage varnish logs.
+Send and receive TCP traffic on the cvs port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="varnishd_admin_varnishlog" lineno="152">
+<interface name="corenet_udp_send_cvs_port" lineno="20452">
 <summary>
-All of the rules required to administrate
-an varnishlog environment
+Send UDP traffic on the cvs port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_cvs_port" lineno="20471">
 <summary>
-The role to be allowed to manage the varnishlog domain.
+Do not audit attempts to send UDP traffic on the cvs port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-<interface name="varnishd_admin" lineno="190">
+<interface name="corenet_udp_receive_cvs_port" lineno="20490">
 <summary>
-All of the rules required to administrate
-an varnishd environment
+Receive UDP traffic on the cvs port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_cvs_port" lineno="20509">
+<summary>
+Do not audit attempts to receive UDP traffic on the cvs port.
+</summary>
+<param name="domain">
 <summary>
-The role to be allowed to manage the varnishd domain.
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-<tunable name="varnishd_connect_any" dftval="false">
-<desc>
-<p>
-Allow varnishd to connect to all ports,
-not just HTTP.
-</p>
-</desc>
-</tunable>
-</module>
-<module name="vbetool" filename="policy/modules/contrib/vbetool.if">
-<summary>run real-mode video BIOS code to alter hardware state</summary>
-<interface name="vbetool_domtrans" lineno="13">
+<interface name="corenet_udp_sendrecv_cvs_port" lineno="20528">
 <summary>
-Execute vbetool application in the vbetool domain.
+Send and receive UDP traffic on the cvs port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="vbetool_run" lineno="38">
+<interface name="corenet_dontaudit_udp_sendrecv_cvs_port" lineno="20545">
 <summary>
-Execute vbetool in the vbetool domain, and
-allow the specified role the vbetool domain.
+Do not audit attempts to send and receive
+UDP traffic on the cvs port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
-<param name="role">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_cvs_port" lineno="20561">
 <summary>
-Role allowed access.
+Bind TCP sockets to the cvs port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<tunable name="vbetool_mmap_zero_ignore" dftval="false">
-<desc>
-<p>
-Ignore vbetool mmap_zero errors.
-</p>
-</desc>
-</tunable>
-</module>
-<module name="vdagent" filename="policy/modules/contrib/vdagent.if">
-<summary>policy for vdagent</summary>
-<interface name="vdagent_domtrans" lineno="13">
+<interface name="corenet_udp_bind_cvs_port" lineno="20581">
 <summary>
-Execute a domain transition to run vdagent.
+Bind UDP sockets to the cvs port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="vdagent_getattr_exec_files" lineno="31">
+<interface name="corenet_tcp_connect_cvs_port" lineno="20600">
 <summary>
-Getattr on vdagent executable.
+Make a TCP connection to the cvs port.
 </summary>
 <param name="domain">
 <summary>
@@ -19789,141 +22404,151 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="vdagent_getattr_log" lineno="49">
+<interface name="corenet_send_cvs_client_packets" lineno="20620">
 <summary>
-Get the attributes of vdagent logs.
+Send cvs_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="vdagent_read_pid_files" lineno="68">
+<interface name="corenet_dontaudit_send_cvs_client_packets" lineno="20639">
 <summary>
-Read vdagent PID files.
+Do not audit attempts to send cvs_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="vdagent_stream_connect" lineno="88">
+<interface name="corenet_receive_cvs_client_packets" lineno="20658">
 <summary>
-Connect to vdagent over a unix domain
-stream socket.
+Receive cvs_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="vdagent_admin" lineno="114">
+<interface name="corenet_dontaudit_receive_cvs_client_packets" lineno="20677">
 <summary>
-All of the rules required to administrate
-an vdagent environment
+Do not audit attempts to receive cvs_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_cvs_client_packets" lineno="20696">
 <summary>
-Role allowed access.
+Send and receive cvs_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="both" weight="10"/>
 </interface>
-</module>
-<module name="vhostmd" filename="policy/modules/contrib/vhostmd.if">
-<summary>Virtual host metrics daemon</summary>
-<interface name="vhostmd_domtrans" lineno="13">
+<interface name="corenet_dontaudit_sendrecv_cvs_client_packets" lineno="20712">
 <summary>
-Execute a domain transition to run vhostmd.
+Do not audit attempts to send and receive cvs_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="vhostmd_initrc_domtrans" lineno="31">
+<interface name="corenet_relabelto_cvs_client_packets" lineno="20727">
 <summary>
-Execute vhostmd server in the vhostmd domain.
+Relabel packets to cvs_client the packet type.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="vhostmd_read_tmpfs_files" lineno="49">
+<interface name="corenet_send_cvs_server_packets" lineno="20747">
 <summary>
-Allow domain to read, vhostmd tmpfs files
+Send cvs_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="vhostmd_dontaudit_read_tmpfs_files" lineno="69">
+<interface name="corenet_dontaudit_send_cvs_server_packets" lineno="20766">
 <summary>
-Do not audit attempts to read,
-vhostmd tmpfs files
+Do not audit attempts to send cvs_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="vhostmd_rw_tmpfs_files" lineno="87">
+<interface name="corenet_receive_cvs_server_packets" lineno="20785">
 <summary>
-Allow domain to read and write vhostmd tmpfs files
+Receive cvs_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="vhostmd_manage_tmpfs_files" lineno="106">
+<interface name="corenet_dontaudit_receive_cvs_server_packets" lineno="20804">
 <summary>
-Create, read, write, and delete vhostmd tmpfs files.
+Do not audit attempts to receive cvs_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="vhostmd_read_pid_files" lineno="125">
+<interface name="corenet_sendrecv_cvs_server_packets" lineno="20823">
 <summary>
-Read vhostmd PID files.
+Send and receive cvs_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="vhostmd_manage_pid_files" lineno="144">
+<interface name="corenet_dontaudit_sendrecv_cvs_server_packets" lineno="20839">
 <summary>
-Manage vhostmd var_run files.
+Do not audit attempts to send and receive cvs_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="vhostmd_stream_connect" lineno="162">
+<interface name="corenet_relabelto_cvs_server_packets" lineno="20854">
 <summary>
-Connect to vhostmd over an unix domain stream socket.
+Relabel packets to cvs_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -19931,101 +22556,109 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="vhostmd_dontaudit_rw_stream_connect" lineno="182">
+<interface name="corenet_tcp_sendrecv_cyphesis_port" lineno="20876">
 <summary>
-Dontaudit read and write to vhostmd
-over an unix domain stream socket.
+Send and receive TCP traffic on the cyphesis port.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="vhostmd_admin" lineno="207">
+<interface name="corenet_udp_send_cyphesis_port" lineno="20895">
 <summary>
-All of the rules required to administrate
-an vhostmd environment
+Send UDP traffic on the cyphesis port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_cyphesis_port" lineno="20914">
 <summary>
-Role allowed access.
+Do not audit attempts to send UDP traffic on the cyphesis port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="virt" filename="policy/modules/contrib/virt.if">
-<summary>Libvirt virtualization API</summary>
-<template name="virt_domain_template" lineno="14">
+<interface name="corenet_udp_receive_cyphesis_port" lineno="20933">
 <summary>
-Creates types and rules for a basic
-qemu process domain.
+Receive UDP traffic on the cyphesis port.
 </summary>
-<param name="prefix">
+<param name="domain">
 <summary>
-Prefix for the domain.
+Domain allowed access.
 </summary>
 </param>
-</template>
-<interface name="virt_image" lineno="89">
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_cyphesis_port" lineno="20952">
 <summary>
-Make the specified type usable as a virt image
+Do not audit attempts to receive UDP traffic on the cyphesis port.
 </summary>
-<param name="type">
+<param name="domain">
 <summary>
-Type to be used as a virtual image
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="virt_domtrans" lineno="111">
+<interface name="corenet_udp_sendrecv_cyphesis_port" lineno="20971">
 <summary>
-Execute a domain transition to run virt.
+Send and receive UDP traffic on the cyphesis port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="virt_stream_connect" lineno="129">
+<interface name="corenet_dontaudit_udp_sendrecv_cyphesis_port" lineno="20988">
 <summary>
-Connect to virt over an unix domain stream socket.
+Do not audit attempts to send and receive
+UDP traffic on the cyphesis port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="virt_attach_tun_iface" lineno="148">
+<interface name="corenet_tcp_bind_cyphesis_port" lineno="21004">
 <summary>
-Allow domain to attach to virt TUN devices
+Bind TCP sockets to the cyphesis port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="virt_read_config" lineno="167">
+<interface name="corenet_udp_bind_cyphesis_port" lineno="21024">
 <summary>
-Read virt config files.
+Bind UDP sockets to the cyphesis port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="virt_manage_config" lineno="188">
+<interface name="corenet_tcp_connect_cyphesis_port" lineno="21043">
 <summary>
-manage virt config files.
+Make a TCP connection to the cyphesis port.
 </summary>
 <param name="domain">
 <summary>
@@ -20033,422 +22666,413 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="virt_read_content" lineno="209">
+<interface name="corenet_send_cyphesis_client_packets" lineno="21063">
 <summary>
-Allow domain to manage virt image files
+Send cyphesis_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="virt_read_pid_files" lineno="244">
+<interface name="corenet_dontaudit_send_cyphesis_client_packets" lineno="21082">
 <summary>
-Read virt PID files.
+Do not audit attempts to send cyphesis_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="virt_manage_pid_files" lineno="263">
+<interface name="corenet_receive_cyphesis_client_packets" lineno="21101">
 <summary>
-Manage virt pid files.
+Receive cyphesis_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="virt_search_lib" lineno="282">
+<interface name="corenet_dontaudit_receive_cyphesis_client_packets" lineno="21120">
 <summary>
-Search virt lib directories.
+Do not audit attempts to receive cyphesis_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="virt_read_lib_files" lineno="301">
+<interface name="corenet_sendrecv_cyphesis_client_packets" lineno="21139">
 <summary>
-Read virt lib files.
+Send and receive cyphesis_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="virt_manage_lib_files" lineno="322">
+<interface name="corenet_dontaudit_sendrecv_cyphesis_client_packets" lineno="21155">
 <summary>
-Create, read, write, and delete
-virt lib files.
+Do not audit attempts to send and receive cyphesis_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="virt_read_log" lineno="342">
+<interface name="corenet_relabelto_cyphesis_client_packets" lineno="21170">
 <summary>
-Allow the specified domain to read virt's log files.
+Relabel packets to cyphesis_client the packet type.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="virt_append_log" lineno="362">
+<interface name="corenet_send_cyphesis_server_packets" lineno="21190">
 <summary>
-Allow the specified domain to append
-virt log files.
+Send cyphesis_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="virt_manage_log" lineno="381">
+<interface name="corenet_dontaudit_send_cyphesis_server_packets" lineno="21209">
 <summary>
-Allow domain to manage virt log files
+Do not audit attempts to send cyphesis_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="virt_read_images" lineno="401">
+<interface name="corenet_receive_cyphesis_server_packets" lineno="21228">
 <summary>
-Allow domain to read virt image files
+Receive cyphesis_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="virt_manage_svirt_cache" lineno="438">
+<interface name="corenet_dontaudit_receive_cyphesis_server_packets" lineno="21247">
 <summary>
-Create, read, write, and delete
-svirt cache files.
+Do not audit attempts to receive cyphesis_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="virt_manage_images" lineno="459">
+<interface name="corenet_sendrecv_cyphesis_server_packets" lineno="21266">
 <summary>
-Allow domain to manage virt image files
+Send and receive cyphesis_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="virt_admin" lineno="502">
+<interface name="corenet_dontaudit_sendrecv_cyphesis_server_packets" lineno="21282">
 <summary>
-All of the rules required to administrate
-an virt environment
+Do not audit attempts to send and receive cyphesis_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
-<param name="role">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_cyphesis_server_packets" lineno="21297">
 <summary>
-Role allowed access.
+Relabel packets to cyphesis_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<tunable name="virt_use_comm" dftval="false">
-<desc>
-<p>
-Allow virt to use serial/parallell communication ports
-</p>
-</desc>
-</tunable>
-<tunable name="virt_use_fusefs" dftval="false">
-<desc>
-<p>
-Allow virt to read fuse files
-</p>
-</desc>
-</tunable>
-<tunable name="virt_use_nfs" dftval="false">
-<desc>
-<p>
-Allow virt to manage nfs files
-</p>
-</desc>
-</tunable>
-<tunable name="virt_use_samba" dftval="false">
-<desc>
-<p>
-Allow virt to manage cifs files
-</p>
-</desc>
-</tunable>
-<tunable name="virt_use_sysfs" dftval="false">
-<desc>
-<p>
-Allow virt to manage device configuration, (pci)
-</p>
-</desc>
-</tunable>
-<tunable name="virt_use_usb" dftval="true">
-<desc>
-<p>
-Allow virt to use usb devices
-</p>
-</desc>
-</tunable>
-</module>
-<module name="vlock" filename="policy/modules/contrib/vlock.if">
-<summary>Lock one or more sessions on the Linux console.</summary>
-<interface name="vlock_domtrans" lineno="13">
+<interface name="corenet_tcp_sendrecv_daap_port" lineno="21319">
 <summary>
-Execute vlock in the vlock domain.
+Send and receive TCP traffic on the daap port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="vlock_run" lineno="39">
+<interface name="corenet_udp_send_daap_port" lineno="21338">
 <summary>
-Execute vlock in the vlock domain, and
-allow the specified role the vlock domain.
+Send UDP traffic on the daap port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_daap_port" lineno="21357">
 <summary>
-Role allowed to access.
+Do not audit attempts to send UDP traffic on the daap port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="vmware" filename="policy/modules/contrib/vmware.if">
-<summary>VMWare Workstation virtual machines</summary>
-<interface name="vmware_role" lineno="18">
+<interface name="corenet_udp_receive_daap_port" lineno="21376">
 <summary>
-Role access for vmware
+Receive UDP traffic on the daap port.
 </summary>
-<param name="role">
+<param name="domain">
 <summary>
-Role allowed access
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_daap_port" lineno="21395">
+<summary>
+Do not audit attempts to receive UDP traffic on the daap port.
+</summary>
 <param name="domain">
 <summary>
-User domain for the role
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="vmware_exec_host" lineno="43">
+<interface name="corenet_udp_sendrecv_daap_port" lineno="21414">
 <summary>
-Execute vmware host executables
+Send and receive UDP traffic on the daap port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="vmware_read_system_config" lineno="61">
+<interface name="corenet_dontaudit_udp_sendrecv_daap_port" lineno="21431">
 <summary>
-Read VMWare system configuration files.
+Do not audit attempts to send and receive
+UDP traffic on the daap port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="vmware_append_system_config" lineno="79">
+<interface name="corenet_tcp_bind_daap_port" lineno="21447">
 <summary>
-Append to VMWare system configuration files.
+Bind TCP sockets to the daap port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="vmware_append_log" lineno="97">
+<interface name="corenet_udp_bind_daap_port" lineno="21467">
 <summary>
-Append to VMWare log files.
+Bind UDP sockets to the daap port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="vnstatd" filename="policy/modules/contrib/vnstatd.if">
-<summary>Console network traffic monitor.</summary>
-<interface name="vnstatd_domtrans_vnstat" lineno="13">
+<interface name="corenet_tcp_connect_daap_port" lineno="21486">
 <summary>
-Execute a domain transition to run vnstat.
+Make a TCP connection to the daap port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="vnstatd_domtrans" lineno="31">
+<interface name="corenet_send_daap_client_packets" lineno="21506">
 <summary>
-Execute a domain transition to run vnstatd.
+Send daap_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="vnstatd_search_lib" lineno="49">
+<interface name="corenet_dontaudit_send_daap_client_packets" lineno="21525">
 <summary>
-Search vnstatd lib directories.
+Do not audit attempts to send daap_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="vnstatd_manage_lib_dirs" lineno="68">
+<interface name="corenet_receive_daap_client_packets" lineno="21544">
 <summary>
-Manage vnstatd lib dirs.
+Receive daap_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="vnstatd_read_lib_files" lineno="87">
+<interface name="corenet_dontaudit_receive_daap_client_packets" lineno="21563">
 <summary>
-Read vnstatd lib files.
+Do not audit attempts to receive daap_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="vnstatd_manage_lib_files" lineno="107">
+<interface name="corenet_sendrecv_daap_client_packets" lineno="21582">
 <summary>
-Create, read, write, and delete
-vnstatd lib files.
+Send and receive daap_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="vnstatd_admin" lineno="133">
+<interface name="corenet_dontaudit_sendrecv_daap_client_packets" lineno="21598">
 <summary>
-All of the rules required to administrate
-an vnstatd environment
+Do not audit attempts to send and receive daap_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
-<param name="role">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_daap_client_packets" lineno="21613">
 <summary>
-Role allowed access.
+Relabel packets to daap_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-</module>
-<module name="vpn" filename="policy/modules/contrib/vpn.if">
-<summary>Virtual Private Networking client</summary>
-<interface name="vpn_domtrans" lineno="13">
+<interface name="corenet_send_daap_server_packets" lineno="21633">
 <summary>
-Execute VPN clients in the vpnc domain.
+Send daap_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="vpn_run" lineno="38">
+<interface name="corenet_dontaudit_send_daap_server_packets" lineno="21652">
 <summary>
-Execute VPN clients in the vpnc domain, and
-allow the specified role the vpnc domain.
+Do not audit attempts to send daap_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
-<param name="role">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_daap_server_packets" lineno="21671">
 <summary>
-Role allowed access.
+Receive daap_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="vpn_kill" lineno="57">
+<interface name="corenet_dontaudit_receive_daap_server_packets" lineno="21690">
 <summary>
-Send VPN clients the kill signal.
+Do not audit attempts to receive daap_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="vpn_signal" lineno="75">
+<interface name="corenet_sendrecv_daap_server_packets" lineno="21709">
 <summary>
-Send generic signals to VPN clients.
+Send and receive daap_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="vpn_signull" lineno="93">
+<interface name="corenet_dontaudit_sendrecv_daap_server_packets" lineno="21725">
 <summary>
-Send signull to VPN clients.
+Do not audit attempts to send and receive daap_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="vpn_dbus_chat" lineno="112">
+<interface name="corenet_relabelto_daap_server_packets" lineno="21740">
 <summary>
-Send and receive messages from
-Vpnc over dbus.
+Relabel packets to daap_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -20456,308 +23080,261 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="vpn_relabelfrom_tun_socket" lineno="132">
+<interface name="corenet_tcp_sendrecv_dbskkd_port" lineno="21762">
 <summary>
-Relabelfrom from vpnc socket.
+Send and receive TCP traffic on the dbskkd port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-</module>
-<module name="w3c" filename="policy/modules/contrib/w3c.if">
-<summary>W3C Markup Validator</summary>
-</module>
-<module name="watchdog" filename="policy/modules/contrib/watchdog.if">
-<summary>Software watchdog</summary>
-</module>
-<module name="webadm" filename="policy/modules/contrib/webadm.if">
-<summary>Web administrator role</summary>
-<interface name="webadm_role_change" lineno="14">
+<interface name="corenet_udp_send_dbskkd_port" lineno="21781">
 <summary>
-Change to the web administrator role.
+Send UDP traffic on the dbskkd port.
 </summary>
-<param name="role">
+<param name="domain">
 <summary>
-Role allowed access.
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="webadm_role_change_to" lineno="44">
+<interface name="corenet_dontaudit_udp_send_dbskkd_port" lineno="21800">
 <summary>
-Change from the web administrator role.
+Do not audit attempts to send UDP traffic on the dbskkd port.
 </summary>
-<desc>
-<p>
-Change from the web administrator role to
-the specified role.
-</p>
-<p>
-This is an interface to support third party modules
-and its use is not allowed in upstream reference
-policy.
-</p>
-</desc>
-<param name="role">
+<param name="domain">
 <summary>
-Role allowed access.
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-<tunable name="webadm_manage_user_files" dftval="false">
-<desc>
-<p>
-Allow webadm to manage files in users home directories
-</p>
-</desc>
-</tunable>
-<tunable name="webadm_read_user_files" dftval="false">
-<desc>
-<p>
-Allow webadm to read files in users home directories
-</p>
-</desc>
-</tunable>
-</module>
-<module name="webalizer" filename="policy/modules/contrib/webalizer.if">
-<summary>Web server log analysis</summary>
-<interface name="webalizer_domtrans" lineno="13">
+<interface name="corenet_udp_receive_dbskkd_port" lineno="21819">
 <summary>
-Execute webalizer in the webalizer domain.
+Receive UDP traffic on the dbskkd port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="webalizer_run" lineno="38">
+<interface name="corenet_dontaudit_udp_receive_dbskkd_port" lineno="21838">
 <summary>
-Execute webalizer in the webalizer domain, and
-allow the specified role the webalizer domain.
+Do not audit attempts to receive UDP traffic on the dbskkd port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
-<param name="role">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_dbskkd_port" lineno="21857">
 <summary>
-Role allowed access.
+Send and receive UDP traffic on the dbskkd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="both" weight="10"/>
 </interface>
-</module>
-<module name="wine" filename="policy/modules/contrib/wine.if">
-<summary>Wine Is Not an Emulator.  Run Windows programs in Linux.</summary>
-<template name="wine_role" lineno="30">
+<interface name="corenet_dontaudit_udp_sendrecv_dbskkd_port" lineno="21874">
 <summary>
-The per role template for the wine module.
+Do not audit attempts to send and receive
+UDP traffic on the dbskkd port.
 </summary>
-<desc>
-<p>
-This template creates a derived domains which are used
-for wine applications.
-</p>
-</desc>
-<param name="userdomain_prefix">
+<param name="domain">
 <summary>
-The prefix of the user domain (e.g., user
-is the prefix for user_t).
+Domain to not audit.
 </summary>
 </param>
-<param name="user_domain">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_dbskkd_port" lineno="21890">
 <summary>
-The type of the user domain.
+Bind TCP sockets to the dbskkd port.
 </summary>
-</param>
-<param name="user_role">
+<param name="domain">
 <summary>
-The role associated with the user domain.
+Domain allowed access.
 </summary>
 </param>
-</template>
-<template name="wine_role_template" lineno="87">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_dbskkd_port" lineno="21910">
 <summary>
-The role template for the wine module.
+Bind UDP sockets to the dbskkd port.
 </summary>
-<desc>
-<p>
-This template creates a derived domains which are used
-for wine applications.
-</p>
-</desc>
-<param name="role_prefix">
+<param name="domain">
 <summary>
-The prefix of the user domain (e.g., user
-is the prefix for user_t).
+Domain allowed access.
 </summary>
 </param>
-<param name="user_role">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_dbskkd_port" lineno="21929">
 <summary>
-The role associated with the user domain.
+Make a TCP connection to the dbskkd port.
 </summary>
-</param>
-<param name="user_domain">
+<param name="domain">
 <summary>
-The type of the user domain.
+Domain allowed access.
 </summary>
 </param>
-</template>
-<interface name="wine_domtrans" lineno="127">
+</interface>
+<interface name="corenet_send_dbskkd_client_packets" lineno="21949">
 <summary>
-Execute the wine program in the wine domain.
+Send dbskkd_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="wine_run" lineno="152">
+<interface name="corenet_dontaudit_send_dbskkd_client_packets" lineno="21968">
 <summary>
-Execute wine in the wine domain, and
-allow the specified role the wine domain.
+Do not audit attempts to send dbskkd_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
-<param name="role">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_dbskkd_client_packets" lineno="21987">
 <summary>
-Role allowed access.
+Receive dbskkd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="wine_rw_shm" lineno="172">
+<interface name="corenet_dontaudit_receive_dbskkd_client_packets" lineno="22006">
 <summary>
-Read and write wine Shared
-memory segments.
+Do not audit attempts to receive dbskkd_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<tunable name="wine_mmap_zero_ignore" dftval="false">
-<desc>
-<p>
-Ignore wine mmap_zero errors.
-</p>
-</desc>
-</tunable>
-</module>
-<module name="wireshark" filename="policy/modules/contrib/wireshark.if">
-<summary>Wireshark packet capture tool.</summary>
-<interface name="wireshark_role" lineno="18">
+<interface name="corenet_sendrecv_dbskkd_client_packets" lineno="22025">
 <summary>
-Role access for wireshark
+Send and receive dbskkd_client packets.
 </summary>
-<param name="role">
+<param name="domain">
 <summary>
-Role allowed access
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_dbskkd_client_packets" lineno="22041">
+<summary>
+Do not audit attempts to send and receive dbskkd_client packets.
+</summary>
 <param name="domain">
 <summary>
-User domain for the role
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="wireshark_domtrans" lineno="49">
+<interface name="corenet_relabelto_dbskkd_client_packets" lineno="22056">
 <summary>
-Run wireshark in wireshark domain.
+Relabel packets to dbskkd_client the packet type.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-</module>
-<module name="wm" filename="policy/modules/contrib/wm.if">
-<summary>X Window Managers</summary>
-<template name="wm_role_template" lineno="30">
+<interface name="corenet_send_dbskkd_server_packets" lineno="22076">
 <summary>
-The role template for the wm module.
+Send dbskkd_server packets.
 </summary>
-<desc>
-<p>
-This template creates a derived domains which are used
-for window manager applications.
-</p>
-</desc>
-<param name="role_prefix">
+<param name="domain">
 <summary>
-The prefix of the user domain (e.g., user
-is the prefix for user_t).
+Domain allowed access.
 </summary>
 </param>
-<param name="user_role">
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_dbskkd_server_packets" lineno="22095">
 <summary>
-The role associated with the user domain.
+Do not audit attempts to send dbskkd_server packets.
 </summary>
-</param>
-<param name="user_domain">
+<param name="domain">
 <summary>
-The type of the user domain.
+Domain to not audit.
 </summary>
 </param>
-</template>
-<interface name="wm_exec" lineno="105">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_dbskkd_server_packets" lineno="22114">
 <summary>
-Execute the wm program in the wm domain.
+Receive dbskkd_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-</module>
-<module name="xen" filename="policy/modules/contrib/xen.if">
-<summary>Xen hypervisor</summary>
-<interface name="xen_domtrans" lineno="13">
+<interface name="corenet_dontaudit_receive_dbskkd_server_packets" lineno="22133">
 <summary>
-Execute a domain transition to run xend.
+Do not audit attempts to receive dbskkd_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="xen_use_fds" lineno="31">
+<interface name="corenet_sendrecv_dbskkd_server_packets" lineno="22152">
 <summary>
-Inherit and use xen file descriptors.
+Send and receive dbskkd_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="xen_dontaudit_use_fds" lineno="50">
+<interface name="corenet_dontaudit_sendrecv_dbskkd_server_packets" lineno="22168">
 <summary>
-Do not audit attempts to inherit
-xen file descriptors.
+Do not audit attempts to send and receive dbskkd_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="xen_read_image_files" lineno="68">
+<interface name="corenet_relabelto_dbskkd_server_packets" lineno="22183">
 <summary>
-Read xend image files.
+Relabel packets to dbskkd_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -20765,131 +23342,109 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="xen_rw_image_files" lineno="90">
+<interface name="corenet_tcp_sendrecv_dcc_port" lineno="22205">
 <summary>
-Allow the specified domain to read/write
-xend image files.
+Send and receive TCP traffic on the dcc port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="xen_append_log" lineno="111">
+<interface name="corenet_udp_send_dcc_port" lineno="22224">
 <summary>
-Allow the specified domain to append
-xend log files.
+Send UDP traffic on the dcc port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="xen_manage_log" lineno="132">
+<interface name="corenet_dontaudit_udp_send_dcc_port" lineno="22243">
 <summary>
-Create, read, write, and delete the
-xend log files.
+Do not audit attempts to send UDP traffic on the dcc port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="xen_dontaudit_rw_unix_stream_sockets" lineno="154">
+<interface name="corenet_udp_receive_dcc_port" lineno="22262">
 <summary>
-Do not audit attempts to read and write
-Xen unix domain stream sockets.  These
-are leaked file descriptors.
+Receive UDP traffic on the dcc port.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="xen_stream_connect_xenstore" lineno="172">
+<interface name="corenet_dontaudit_udp_receive_dcc_port" lineno="22281">
 <summary>
-Connect to xenstored over an unix stream socket.
+Do not audit attempts to receive UDP traffic on the dcc port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="xen_stream_connect" lineno="191">
+<interface name="corenet_udp_sendrecv_dcc_port" lineno="22300">
 <summary>
-Connect to xend over an unix domain stream socket.
+Send and receive UDP traffic on the dcc port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="xen_domtrans_xm" lineno="213">
+<interface name="corenet_dontaudit_udp_sendrecv_dcc_port" lineno="22317">
 <summary>
-Execute a domain transition to run xm.
+Do not audit attempts to send and receive
+UDP traffic on the dcc port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="xen_stream_connect_xm" lineno="231">
+<interface name="corenet_tcp_bind_dcc_port" lineno="22333">
 <summary>
-Connect to xm over an unix stream socket.
+Bind TCP sockets to the dcc port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<tunable name="xend_run_blktap" dftval="true">
-<desc>
-<p>
-Allow xend to run blktapctrl/tapdisk.
-Not required if using dedicated logical volumes for disk images.
-</p>
-</desc>
-</tunable>
-<tunable name="xend_run_qemu" dftval="true">
-<desc>
-<p>
-Allow xend to run qemu-dm.
-Not required if using paravirt and no vfb.
-</p>
-</desc>
-</tunable>
-<tunable name="xen_use_nfs" dftval="false">
-<desc>
-<p>
-Allow xen to manage nfs files
-</p>
-</desc>
-</tunable>
-</module>
-<module name="xfs" filename="policy/modules/contrib/xfs.if">
-<summary>X Windows Font Server </summary>
-<interface name="xfs_read_sockets" lineno="13">
+<interface name="corenet_udp_bind_dcc_port" lineno="22353">
 <summary>
-Read a X font server named socket.
+Bind UDP sockets to the dcc port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="xfs_stream_connect" lineno="33">
+<interface name="corenet_tcp_connect_dcc_port" lineno="22372">
 <summary>
-Connect to a X font server over
-a unix domain stream socket.
+Make a TCP connection to the dcc port.
 </summary>
 <param name="domain">
 <summary>
@@ -20897,183 +23452,151 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="xfs_exec" lineno="53">
+<interface name="corenet_send_dcc_client_packets" lineno="22392">
 <summary>
-Allow the specified domain to execute xfs
-in the caller domain.
+Send dcc_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-</module>
-<module name="xguest" filename="policy/modules/contrib/xguest.if">
-<summary>Least privledge xwindows user role</summary>
-<interface name="xguest_role_change" lineno="14">
+<interface name="corenet_dontaudit_send_dcc_client_packets" lineno="22411">
 <summary>
-Change to the xguest role.
+Do not audit attempts to send dcc_client packets.
 </summary>
-<param name="role">
+<param name="domain">
 <summary>
-Role allowed access.
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-<interface name="xguest_role_change_to" lineno="44">
+<interface name="corenet_receive_dcc_client_packets" lineno="22430">
 <summary>
-Change from the xguest role.
+Receive dcc_client packets.
 </summary>
-<desc>
-<p>
-Change from the xguest role to
-the specified role.
-</p>
-<p>
-This is an interface to support third party modules
-and its use is not allowed in upstream reference
-policy.
-</p>
-</desc>
-<param name="role">
+<param name="domain">
 <summary>
-Role allowed access.
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="read" weight="10"/>
 </interface>
-<tunable name="xguest_mount_media" dftval="true">
-<desc>
-<p>
-Allow xguest users to mount removable media
-</p>
-</desc>
-</tunable>
-<tunable name="xguest_connect_network" dftval="true">
-<desc>
-<p>
-Allow xguest to configure Network Manager
-</p>
-</desc>
-</tunable>
-<tunable name="xguest_use_bluetooth" dftval="true">
-<desc>
-<p>
-Allow xguest to use blue tooth devices
-</p>
-</desc>
-</tunable>
-</module>
-<module name="xprint" filename="policy/modules/contrib/xprint.if">
-<summary>X print server</summary>
-</module>
-<module name="xscreensaver" filename="policy/modules/contrib/xscreensaver.if">
-<summary>X Screensaver</summary>
-<interface name="xscreensaver_role" lineno="18">
+<interface name="corenet_dontaudit_receive_dcc_client_packets" lineno="22449">
 <summary>
-Role access for xscreensaver
+Do not audit attempts to receive dcc_client packets.
 </summary>
-<param name="role">
+<param name="domain">
 <summary>
-Role allowed access
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_dcc_client_packets" lineno="22468">
+<summary>
+Send and receive dcc_client packets.
+</summary>
 <param name="domain">
 <summary>
-User domain for the role
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-</module>
-<module name="yam" filename="policy/modules/contrib/yam.if">
-<summary>Yum/Apt Mirroring</summary>
-<interface name="yam_domtrans" lineno="13">
+<interface name="corenet_dontaudit_sendrecv_dcc_client_packets" lineno="22484">
 <summary>
-Execute yam in the yam domain.
+Do not audit attempts to send and receive dcc_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="yam_run" lineno="39">
+<interface name="corenet_relabelto_dcc_client_packets" lineno="22499">
 <summary>
-Execute yam in the yam domain, and
-allow the specified role the yam domain.
+Relabel packets to dcc_client the packet type.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
-<param name="role">
+</interface>
+<interface name="corenet_send_dcc_server_packets" lineno="22519">
 <summary>
-Role allowed access.
+Send dcc_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="yam_read_content" lineno="58">
+<interface name="corenet_dontaudit_send_dcc_server_packets" lineno="22538">
 <summary>
-Read yam content.
+Do not audit attempts to send dcc_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="zabbix" filename="policy/modules/contrib/zabbix.if">
-<summary>Distributed infrastructure monitoring</summary>
-<interface name="zabbix_domtrans" lineno="13">
+<interface name="corenet_receive_dcc_server_packets" lineno="22557">
 <summary>
-Execute a domain transition to run zabbix.
+Receive dcc_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="zabbix_tcp_connect" lineno="31">
+<interface name="corenet_dontaudit_receive_dcc_server_packets" lineno="22576">
 <summary>
-Allow connectivity to the zabbix server
+Do not audit attempts to receive dcc_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="zabbix_read_log" lineno="53">
+<interface name="corenet_sendrecv_dcc_server_packets" lineno="22595">
 <summary>
-Allow the specified domain to read zabbix's log files.
+Send and receive dcc_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="zabbix_append_log" lineno="73">
+<interface name="corenet_dontaudit_sendrecv_dcc_server_packets" lineno="22611">
 <summary>
-Allow the specified domain to append
-zabbix log files.
+Do not audit attempts to send and receive dcc_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="zabbix_read_pid_files" lineno="92">
+<interface name="corenet_relabelto_dcc_server_packets" lineno="22626">
 <summary>
-Read zabbix PID files.
+Relabel packets to dcc_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -21081,105 +23604,109 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="zabbix_agent_tcp_connect" lineno="111">
+<interface name="corenet_tcp_sendrecv_dccm_port" lineno="22648">
 <summary>
-Allow connectivity to a zabbix agent
+Send and receive TCP traffic on the dccm port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="zabbix_admin" lineno="139">
+<interface name="corenet_udp_send_dccm_port" lineno="22667">
 <summary>
-All of the rules required to administrate
-an zabbix environment
+Send UDP traffic on the dccm port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_dccm_port" lineno="22686">
 <summary>
-The role to be allowed to manage the zabbix domain.
+Do not audit attempts to send UDP traffic on the dccm port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="zarafa" filename="policy/modules/contrib/zarafa.if">
-<summary>Zarafa collaboration platform.</summary>
-<template name="zarafa_domain_template" lineno="14">
+<interface name="corenet_udp_receive_dccm_port" lineno="22705">
 <summary>
-Creates types and rules for a basic
-zararfa init daemon domain.
+Receive UDP traffic on the dccm port.
 </summary>
-<param name="prefix">
+<param name="domain">
 <summary>
-Prefix for the domain.
+Domain allowed access.
 </summary>
 </param>
-</template>
-<interface name="zarafa_search_config" lineno="58">
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_dccm_port" lineno="22724">
 <summary>
-Allow the specified domain to search
-zarafa configuration dirs.
+Do not audit attempts to receive UDP traffic on the dccm port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="zarafa_domtrans_deliver" lineno="77">
+<interface name="corenet_udp_sendrecv_dccm_port" lineno="22743">
 <summary>
-Execute a domain transition to run zarafa_deliver.
+Send and receive UDP traffic on the dccm port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="zarafa_domtrans_server" lineno="95">
+<interface name="corenet_dontaudit_udp_sendrecv_dccm_port" lineno="22760">
 <summary>
-Execute a domain transition to run zarafa_server.
+Do not audit attempts to send and receive
+UDP traffic on the dccm port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="zarafa_stream_connect_server" lineno="113">
+<interface name="corenet_tcp_bind_dccm_port" lineno="22776">
 <summary>
-Connect to zarafa-server unix domain stream socket.
+Bind TCP sockets to the dccm port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-</module>
-<module name="zebra" filename="policy/modules/contrib/zebra.if">
-<summary>Zebra border gateway protocol network routing service</summary>
-<interface name="zebra_read_config" lineno="14">
+<interface name="corenet_udp_bind_dccm_port" lineno="22796">
 <summary>
-Read the configuration files for zebra.
+Bind UDP sockets to the dccm port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-<interface name="zebra_stream_connect" lineno="35">
+<interface name="corenet_tcp_connect_dccm_port" lineno="22815">
 <summary>
-Connect to zebra over an unix stream socket.
+Make a TCP connection to the dccm port.
 </summary>
 <param name="domain">
 <summary>
@@ -21187,161 +23714,151 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="zebra_admin" lineno="62">
+<interface name="corenet_send_dccm_client_packets" lineno="22835">
 <summary>
-All of the rules required to administrate
-an zebra environment
+Send dccm_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_dccm_client_packets" lineno="22854">
+<summary>
+Do not audit attempts to send dccm_client packets.
+</summary>
+<param name="domain">
 <summary>
-The role to be allowed to manage the zebra domain.
+Domain to not audit.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-<tunable name="allow_zebra_write_config" dftval="false">
-<desc>
-<p>
-Allow zebra daemon to write it configuration files
-</p>
-</desc>
-</tunable>
-</module>
-<module name="zosremote" filename="policy/modules/contrib/zosremote.if">
-<summary>policy for z/OS Remote-services Audit dispatcher plugin</summary>
-<interface name="zosremote_domtrans" lineno="13">
+<interface name="corenet_receive_dccm_client_packets" lineno="22873">
 <summary>
-Execute a domain transition to run audispd-zos-remote.
+Receive dccm_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="zosremote_run" lineno="38">
+<interface name="corenet_dontaudit_receive_dccm_client_packets" lineno="22892">
 <summary>
-Allow specified type and role to transition and
-run in the zos_remote_t domain. Allow specified type
-to use zos_remote_t terminal.
+Do not audit attempts to receive dccm_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
-<param name="role">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_dccm_client_packets" lineno="22911">
 <summary>
-Role allowed access.
+Send and receive dccm_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-</module>
-</layer>
-<layer name="kernel">
-<summary>Policy modules for kernel resources.</summary>
-<module name="corecommands" filename="policy/modules/kernel/corecommands.if">
+<interface name="corenet_dontaudit_sendrecv_dccm_client_packets" lineno="22927">
 <summary>
-Core policy for shells, and generic programs
-in /bin, /sbin, /usr/bin, and /usr/sbin.
+Do not audit attempts to send and receive dccm_client packets.
 </summary>
-<required val="true">
-Contains the base bin and sbin directory types
-which need to be searched for the kernel to
-run init.
-</required>
-<interface name="corecmd_executable_file" lineno="23">
+<param name="domain">
 <summary>
-Make the specified type usable for files
-that are exectuables, such as binary programs.
-This does not include shared libraries.
+Domain to not audit.
 </summary>
-<param name="type">
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_dccm_client_packets" lineno="22942">
 <summary>
-Type to be used for files.
+Relabel packets to dccm_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corecmd_bin_alias" lineno="53">
+<interface name="corenet_send_dccm_server_packets" lineno="22962">
 <summary>
-Create a aliased type to generic bin files.  (Deprecated)
+Send dccm_server packets.
 </summary>
-<desc>
-<p>
-Create a aliased type to generic bin files.  (Deprecated)
-</p>
-<p>
-This is added to support targeted policy.  Its
-use should be limited.  It has no effect
-on the strict policy.
-</p>
-</desc>
 <param name="domain">
 <summary>
-Alias type for bin_t.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="corecmd_bin_entry_type" lineno="68">
+<interface name="corenet_dontaudit_send_dccm_server_packets" lineno="22981">
 <summary>
-Make general progams in bin an entrypoint for
-the specified domain.
+Do not audit attempts to send dccm_server packets.
 </summary>
 <param name="domain">
 <summary>
-The domain for which bin_t is an entrypoint.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corecmd_sbin_entry_type" lineno="87">
+<interface name="corenet_receive_dccm_server_packets" lineno="23000">
 <summary>
-Make general progams in sbin an entrypoint for
-the specified domain.  (Deprecated)
+Receive dccm_server packets.
 </summary>
 <param name="domain">
 <summary>
-The domain for which sbin programs are an entrypoint.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="corecmd_shell_entry_type" lineno="102">
+<interface name="corenet_dontaudit_receive_dccm_server_packets" lineno="23019">
 <summary>
-Make the shell an entrypoint for the specified domain.
+Do not audit attempts to receive dccm_server packets.
 </summary>
 <param name="domain">
 <summary>
-The domain for which the shell is an entrypoint.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corecmd_search_bin" lineno="120">
+<interface name="corenet_sendrecv_dccm_server_packets" lineno="23038">
 <summary>
-Search the contents of bin directories.
+Send and receive dccm_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="corecmd_dontaudit_search_bin" lineno="138">
+<interface name="corenet_dontaudit_sendrecv_dccm_server_packets" lineno="23054">
 <summary>
-Do not audit attempts to search the contents of bin directories.
+Do not audit attempts to send and receive dccm_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corecmd_list_bin" lineno="156">
+<interface name="corenet_relabelto_dccm_server_packets" lineno="23069">
 <summary>
-List the contents of bin directories.
+Relabel packets to dccm_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -21349,120 +23866,109 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corecmd_dontaudit_write_bin_dirs" lineno="174">
+<interface name="corenet_tcp_sendrecv_dhcpc_port" lineno="23091">
 <summary>
-Do not audit attempts to write bin directories.
+Send and receive TCP traffic on the dhcpc port.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="corecmd_getattr_bin_files" lineno="192">
+<interface name="corenet_udp_send_dhcpc_port" lineno="23110">
 <summary>
-Get the attributes of files in bin directories.
+Send UDP traffic on the dhcpc port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="corecmd_dontaudit_getattr_bin_files" lineno="210">
+<interface name="corenet_dontaudit_udp_send_dhcpc_port" lineno="23129">
 <summary>
-Get the attributes of files in bin directories.
+Do not audit attempts to send UDP traffic on the dhcpc port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corecmd_read_bin_files" lineno="229">
+<interface name="corenet_udp_receive_dhcpc_port" lineno="23148">
 <summary>
-Read files in bin directories.
+Receive UDP traffic on the dhcpc port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="corecmd_dontaudit_write_bin_files" lineno="247">
+<interface name="corenet_dontaudit_udp_receive_dhcpc_port" lineno="23167">
 <summary>
-Do not audit attempts to write bin files.
+Do not audit attempts to receive UDP traffic on the dhcpc port.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corecmd_read_bin_symlinks" lineno="265">
+<interface name="corenet_udp_sendrecv_dhcpc_port" lineno="23186">
 <summary>
-Read symbolic links in bin directories.
+Send and receive UDP traffic on the dhcpc port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="corecmd_read_bin_pipes" lineno="283">
+<interface name="corenet_dontaudit_udp_sendrecv_dhcpc_port" lineno="23203">
 <summary>
-Read pipes in bin directories.
+Do not audit attempts to send and receive
+UDP traffic on the dhcpc port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corecmd_read_bin_sockets" lineno="301">
+<interface name="corenet_tcp_bind_dhcpc_port" lineno="23219">
 <summary>
-Read named sockets in bin directories.
+Bind TCP sockets to the dhcpc port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corecmd_exec_bin" lineno="340">
+<interface name="corenet_udp_bind_dhcpc_port" lineno="23239">
 <summary>
-Execute generic programs in bin directories,
-in the caller domain.
+Bind UDP sockets to the dhcpc port.
 </summary>
-<desc>
-<p>
-Allow the specified domain to execute generic programs
-in system bin directories (/bin, /sbin, /usr/bin,
-/usr/sbin) a without domain transition.
-</p>
-<p>
-Typically, this interface should be used when the domain
-executes general system progams within the privileges
-of the source domain.  Some examples of these programs
-are ls, cp, sed, python, and tar. This does not include
-shells, such as bash.
-</p>
-<p>
-Related interface:
-</p>
-<ul>
-<li>corecmd_exec_shell()</li>
-</ul>
-</desc>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corecmd_manage_bin_files" lineno="360">
+<interface name="corenet_tcp_connect_dhcpc_port" lineno="23258">
 <summary>
-Create, read, write, and delete bin files.
+Make a TCP connection to the dhcpc port.
 </summary>
 <param name="domain">
 <summary>
@@ -21470,162 +23976,151 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corecmd_relabel_bin_files" lineno="378">
+<interface name="corenet_send_dhcpc_client_packets" lineno="23278">
 <summary>
-Relabel to and from the bin type.
+Send dhcpc_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="corecmd_mmap_bin_files" lineno="396">
+<interface name="corenet_dontaudit_send_dhcpc_client_packets" lineno="23297">
 <summary>
-Mmap a bin file as executable.
+Do not audit attempts to send dhcpc_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_dhcpc_client_packets" lineno="23316">
+<summary>
+Receive dhcpc_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="corecmd_bin_spec_domtrans" lineno="440">
+<interface name="corenet_dontaudit_receive_dhcpc_client_packets" lineno="23335">
 <summary>
-Execute a file in a bin directory
-in the specified domain but do not
-do it automatically. This is an explicit
-transition, requiring the caller to use setexeccon().
+Do not audit attempts to receive dhcpc_client packets.
 </summary>
-<desc>
-<p>
-Execute a file in a bin directory
-in the specified domain.  This allows
-the specified domain to execute any file
-on these filesystems in the specified
-domain.  This is not suggested.
-</p>
-<p>
-No interprocess communication (signals, pipes,
-etc.) is provided by this interface since
-the domains are not owned by this module.
-</p>
-<p>
-This interface was added to handle
-the userhelper policy.
-</p>
-</desc>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
-<param name="target_domain">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_dhcpc_client_packets" lineno="23354">
 <summary>
-The type of the new process.
+Send and receive dhcpc_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="corecmd_bin_domtrans" lineno="483">
+<interface name="corenet_dontaudit_sendrecv_dhcpc_client_packets" lineno="23370">
 <summary>
-Execute a file in a bin directory
-in the specified domain.
+Do not audit attempts to send and receive dhcpc_client packets.
 </summary>
-<desc>
-<p>
-Execute a file in a bin directory
-in the specified domain.  This allows
-the specified domain to execute any file
-on these filesystems in the specified
-domain.  This is not suggested.
-</p>
-<p>
-No interprocess communication (signals, pipes,
-etc.) is provided by this interface since
-the domains are not owned by this module.
-</p>
-<p>
-This interface was added to handle
-the ssh-agent policy.
-</p>
-</desc>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain to not audit.
 </summary>
 </param>
-<param name="target_domain">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_dhcpc_client_packets" lineno="23385">
 <summary>
-The type of the new process.
+Relabel packets to dhcpc_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corecmd_search_sbin" lineno="502">
+<interface name="corenet_send_dhcpc_server_packets" lineno="23405">
 <summary>
-Search the contents of sbin directories.  (Deprecated)
+Send dhcpc_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="corecmd_dontaudit_search_sbin" lineno="518">
+<interface name="corenet_dontaudit_send_dhcpc_server_packets" lineno="23424">
 <summary>
-Do not audit attempts to search
-sbin directories.  (Deprecated)
+Do not audit attempts to send dhcpc_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corecmd_list_sbin" lineno="533">
+<interface name="corenet_receive_dhcpc_server_packets" lineno="23443">
 <summary>
-List the contents of sbin directories.  (Deprecated)
+Receive dhcpc_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="corecmd_dontaudit_write_sbin_dirs" lineno="549">
+<interface name="corenet_dontaudit_receive_dhcpc_server_packets" lineno="23462">
 <summary>
-Do not audit attempts to write
-sbin directories.  (Deprecated)
+Do not audit attempts to receive dhcpc_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corecmd_getattr_sbin_files" lineno="564">
+<interface name="corenet_sendrecv_dhcpc_server_packets" lineno="23481">
 <summary>
-Get the attributes of sbin files.  (Deprecated)
+Send and receive dhcpc_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="corecmd_dontaudit_getattr_sbin_files" lineno="580">
+<interface name="corenet_dontaudit_sendrecv_dhcpc_server_packets" lineno="23497">
 <summary>
-Do not audit attempts to get the attibutes
-of sbin files.  (Deprecated)
+Do not audit attempts to send and receive dhcpc_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corecmd_read_sbin_files" lineno="595">
+<interface name="corenet_relabelto_dhcpc_server_packets" lineno="23512">
 <summary>
-Read files in sbin directories.  (Deprecated)
+Relabel packets to dhcpc_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -21633,785 +24128,633 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corecmd_read_sbin_symlinks" lineno="610">
+<interface name="corenet_tcp_sendrecv_dhcpd_port" lineno="23534">
 <summary>
-Read symbolic links in sbin directories.  (Deprecated)
+Send and receive TCP traffic on the dhcpd port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="corecmd_read_sbin_pipes" lineno="625">
+<interface name="corenet_udp_send_dhcpd_port" lineno="23553">
 <summary>
-Read named pipes in sbin directories.  (Deprecated)
+Send UDP traffic on the dhcpd port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="corecmd_read_sbin_sockets" lineno="640">
+<interface name="corenet_dontaudit_udp_send_dhcpd_port" lineno="23572">
 <summary>
-Read named sockets in sbin directories.  (Deprecated)
+Do not audit attempts to send UDP traffic on the dhcpd port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corecmd_exec_sbin" lineno="656">
+<interface name="corenet_udp_receive_dhcpd_port" lineno="23591">
 <summary>
-Execute generic programs in sbin directories,
-in the caller domain.  (Deprecated)
+Receive UDP traffic on the dhcpd port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="corecmd_manage_sbin_files" lineno="672">
+<interface name="corenet_dontaudit_udp_receive_dhcpd_port" lineno="23610">
 <summary>
-Create, read, write, and delete sbin files.  (Deprecated)
+Do not audit attempts to receive UDP traffic on the dhcpd port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corecmd_relabel_sbin_files" lineno="688">
+<interface name="corenet_udp_sendrecv_dhcpd_port" lineno="23629">
 <summary>
-Relabel to and from the sbin type.  (Deprecated)
+Send and receive UDP traffic on the dhcpd port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="corecmd_mmap_sbin_files" lineno="704">
+<interface name="corenet_dontaudit_udp_sendrecv_dhcpd_port" lineno="23646">
 <summary>
-Mmap a sbin file as executable.  (Deprecated)
+Do not audit attempts to send and receive
+UDP traffic on the dhcpd port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corecmd_sbin_domtrans" lineno="743">
+<interface name="corenet_tcp_bind_dhcpd_port" lineno="23662">
 <summary>
-Execute a file in a sbin directory
-in the specified domain.  (Deprecated)
+Bind TCP sockets to the dhcpd port.
 </summary>
-<desc>
-<p>
-Execute a file in a sbin directory
-in the specified domain.  This allows
-the specified domain to execute any file
-on these filesystems in the specified
-domain.  This is not suggested.  (Deprecated)
-</p>
-<p>
-No interprocess communication (signals, pipes,
-etc.) is provided by this interface since
-the domains are not owned by this module.
-</p>
-<p>
-This interface was added to handle
-the ssh-agent policy.
-</p>
-</desc>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
-<param name="target_domain">
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_dhcpd_port" lineno="23682">
 <summary>
-The type of the new process.
+Bind UDP sockets to the dhcpd port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corecmd_sbin_spec_domtrans" lineno="784">
+<interface name="corenet_tcp_connect_dhcpd_port" lineno="23701">
 <summary>
-Execute a file in a sbin directory
-in the specified domain but do not
-do it automatically. This is an explicit
-transition, requiring the caller to use setexeccon().  (Deprecated)
+Make a TCP connection to the dhcpd port.
 </summary>
-<desc>
-<p>
-Execute a file in a sbin directory
-in the specified domain.  This allows
-the specified domain to execute any file
-on these filesystems in the specified
-domain.  This is not suggested.  (Deprecated)
-</p>
-<p>
-No interprocess communication (signals, pipes,
-etc.) is provided by this interface since
-the domains are not owned by this module.
-</p>
-<p>
-This interface was added to handle
-the userhelper policy.
-</p>
-</desc>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
-<param name="target_domain">
+</interface>
+<interface name="corenet_send_dhcpd_client_packets" lineno="23721">
 <summary>
-The type of the new process.
+Send dhcpd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="corecmd_check_exec_shell" lineno="799">
+<interface name="corenet_dontaudit_send_dhcpd_client_packets" lineno="23740">
 <summary>
-Check if a shell is executable (DAC-wise).
+Do not audit attempts to send dhcpd_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corecmd_exec_shell" lineno="837">
+<interface name="corenet_receive_dhcpd_client_packets" lineno="23759">
 <summary>
-Execute shells in the caller domain.
+Receive dhcpd_client packets.
 </summary>
-<desc>
-<p>
-Allow the specified domain to execute shells without
-a domain transition.
-</p>
-<p>
-Typically, this interface should be used when the domain
-executes shells within the privileges
-of the source domain.  Some examples of these programs
-are bash, tcsh, and zsh.
-</p>
-<p>
-Related interface:
-</p>
-<ul>
-<li>corecmd_exec_bin()</li>
-</ul>
-</desc>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="corecmd_exec_ls" lineno="857">
+<interface name="corenet_dontaudit_receive_dhcpd_client_packets" lineno="23778">
 <summary>
-Execute ls in the caller domain.  (Deprecated)
+Do not audit attempts to receive dhcpd_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corecmd_shell_spec_domtrans" lineno="891">
+<interface name="corenet_sendrecv_dhcpd_client_packets" lineno="23797">
 <summary>
-Execute a shell in the target domain.  This
-is an explicit transition, requiring the
-caller to use setexeccon().
+Send and receive dhcpd_client packets.
 </summary>
-<desc>
-<p>
-Execute a shell in the target domain.  This
-is an explicit transition, requiring the
-caller to use setexeccon().
-</p>
-<p>
-No interprocess communication (signals, pipes,
-etc.) is provided by this interface since
-the domains are not owned by this module.
-</p>
-</desc>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
-<param name="target_domain">
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_dhcpd_client_packets" lineno="23813">
 <summary>
-The type of the shell process.
+Do not audit attempts to send and receive dhcpd_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corecmd_shell_domtrans" lineno="926">
+<interface name="corenet_relabelto_dhcpd_client_packets" lineno="23828">
 <summary>
-Execute a shell in the specified domain.
+Relabel packets to dhcpd_client the packet type.
 </summary>
-<desc>
-<p>
-Execute a shell in the specified domain.
-</p>
-<p>
-No interprocess communication (signals, pipes,
-etc.) is provided by this interface since
-the domains are not owned by this module.
-</p>
-</desc>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
-<param name="target_domain">
+</interface>
+<interface name="corenet_send_dhcpd_server_packets" lineno="23848">
 <summary>
-The type of the shell process.
+Send dhcpd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="corecmd_exec_chroot" lineno="945">
+<interface name="corenet_dontaudit_send_dhcpd_server_packets" lineno="23867">
 <summary>
-Execute chroot in the caller domain.
+Do not audit attempts to send dhcpd_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corecmd_getattr_all_executables" lineno="966">
+<interface name="corenet_receive_dhcpd_server_packets" lineno="23886">
 <summary>
-Get the attributes of all executable files.
+Receive dhcpd_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="corecmd_read_all_executables" lineno="987">
+<interface name="corenet_dontaudit_receive_dhcpd_server_packets" lineno="23905">
 <summary>
-Read all executable files.
+Do not audit attempts to receive dhcpd_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="none"/>
 </interface>
-<interface name="corecmd_exec_all_executables" lineno="1006">
+<interface name="corenet_sendrecv_dhcpd_server_packets" lineno="23924">
 <summary>
-Execute all executable files.
+Send and receive dhcpd_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="corecmd_dontaudit_exec_all_executables" lineno="1027">
+<interface name="corenet_dontaudit_sendrecv_dhcpd_server_packets" lineno="23940">
 <summary>
-Do not audit attempts to execute all executables.
+Do not audit attempts to send and receive dhcpd_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corecmd_manage_all_executables" lineno="1046">
+<interface name="corenet_relabelto_dhcpd_server_packets" lineno="23955">
 <summary>
-Create, read, write, and all executable files.
+Relabel packets to dhcpd_server the packet type.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="corecmd_relabel_all_executables" lineno="1067">
+<interface name="corenet_tcp_sendrecv_dict_port" lineno="23977">
 <summary>
-Relabel to and from the bin type.
+Send and receive TCP traffic on the dict port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="corecmd_mmap_all_executables" lineno="1086">
+<interface name="corenet_udp_send_dict_port" lineno="23996">
 <summary>
-Mmap all executables as executable.
+Send UDP traffic on the dict port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-</module>
-<module name="corenetwork" filename="policy/modules/kernel/corenetwork.if">
-<summary>Policy controlling access to network objects</summary>
-<required val="true">
-Contains the initial SIDs for network objects.
-</required>
-<interface name="corenet_port" lineno="29">
+<interface name="corenet_dontaudit_udp_send_dict_port" lineno="24015">
 <summary>
-Define type to be a network port type
+Do not audit attempts to send UDP traffic on the dict port.
 </summary>
-<desc>
-<p>
-Define type to be a network port type
-</p>
-<p>
-This is for supporting third party modules and its
-use is not allowed in upstream reference policy.
-</p>
-</desc>
 <param name="domain">
 <summary>
-Type to be used for network ports.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_reserved_port" lineno="56">
+<interface name="corenet_udp_receive_dict_port" lineno="24034">
 <summary>
-Define network type to be a reserved port (lt 1024)
+Receive UDP traffic on the dict port.
 </summary>
-<desc>
-<p>
-Define network type to be a reserved port (lt 1024)
-</p>
-<p>
-This is for supporting third party modules and its
-use is not allowed in upstream reference policy.
-</p>
-</desc>
 <param name="domain">
 <summary>
-Type to be used for network ports.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_rpc_port" lineno="83">
+<interface name="corenet_dontaudit_udp_receive_dict_port" lineno="24053">
 <summary>
-Define network type to be a rpc port ( 512 lt PORT lt 1024)
+Do not audit attempts to receive UDP traffic on the dict port.
 </summary>
-<desc>
-<p>
-Define network type to be a rpc port ( 512 lt PORT lt 1024)
-</p>
-<p>
-This is for supporting third party modules and its
-use is not allowed in upstream reference policy.
-</p>
-</desc>
 <param name="domain">
 <summary>
-Type to be used for network ports.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_node" lineno="110">
+<interface name="corenet_udp_sendrecv_dict_port" lineno="24072">
 <summary>
-Define type to be a network node type
+Send and receive UDP traffic on the dict port.
 </summary>
-<desc>
-<p>
-Define type to be a network node type
-</p>
-<p>
-This is for supporting third party modules and its
-use is not allowed in upstream reference policy.
-</p>
-</desc>
 <param name="domain">
 <summary>
-Type to be used for network nodes.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_packet" lineno="137">
+<interface name="corenet_dontaudit_udp_sendrecv_dict_port" lineno="24089">
 <summary>
-Define type to be a network packet type
+Do not audit attempts to send and receive
+UDP traffic on the dict port.
 </summary>
-<desc>
-<p>
-Define type to be a network packet type
-</p>
-<p>
-This is for supporting third party modules and its
-use is not allowed in upstream reference policy.
-</p>
-</desc>
 <param name="domain">
 <summary>
-Type to be used for a network packet.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_client_packet" lineno="164">
+<interface name="corenet_tcp_bind_dict_port" lineno="24105">
 <summary>
-Define type to be a network client packet type
+Bind TCP sockets to the dict port.
 </summary>
-<desc>
-<p>
-Define type to be a network client packet type
-</p>
-<p>
-This is for supporting third party modules and its
-use is not allowed in upstream reference policy.
-</p>
-</desc>
 <param name="domain">
 <summary>
-Type to be used for a network client packet.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_server_packet" lineno="191">
+<interface name="corenet_udp_bind_dict_port" lineno="24125">
 <summary>
-Define type to be a network server packet type
+Bind UDP sockets to the dict port.
 </summary>
-<desc>
-<p>
-Define type to be a network server packet type
-</p>
-<p>
-This is for supporting third party modules and its
-use is not allowed in upstream reference policy.
-</p>
-</desc>
 <param name="domain">
 <summary>
-Type to be used for a network server packet.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_spd_type" lineno="210">
+<interface name="corenet_tcp_connect_dict_port" lineno="24144">
 <summary>
-Make the specified type usable
-for labeled ipsec.
+Make a TCP connection to the dict port.
 </summary>
 <param name="domain">
 <summary>
-Type to be used for labeled ipsec.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_generic_if" lineno="256">
+<interface name="corenet_send_dict_client_packets" lineno="24164">
 <summary>
-Send and receive TCP network traffic on generic interfaces.
+Send dict_client packets.
 </summary>
-<desc>
-<p>
-Allow the specified domain to send and receive TCP network
-traffic on generic network interfaces.
-</p>
-<p>
-Related interface:
-</p>
-<ul>
-<li>corenet_all_recvfrom_unlabeled()</li>
-<li>corenet_tcp_sendrecv_generic_node()</li>
-<li>corenet_tcp_sendrecv_all_ports()</li>
-<li>corenet_tcp_connect_all_ports()</li>
-</ul>
-<p>
-Example client being able to connect to all ports over
-generic nodes, without labeled networking:
-</p>
-<p>
-allow myclient_t self:tcp_socket create_stream_socket_perms;
-corenet_tcp_sendrecv_generic_if(myclient_t)
-corenet_tcp_sendrecv_generic_node(myclient_t)
-corenet_tcp_sendrecv_all_ports(myclient_t)
-corenet_tcp_connect_all_ports(myclient_t)
-corenet_all_recvfrom_unlabeled(myclient_t)
-</p>
-</desc>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<infoflow type="both" weight="10"/>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_generic_if" lineno="274">
+<interface name="corenet_dontaudit_send_dict_client_packets" lineno="24183">
 <summary>
-Send UDP network traffic on generic interfaces.
+Do not audit attempts to send dict_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_dict_client_packets" lineno="24202">
+<summary>
+Receive dict_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_generic_if" lineno="293">
+<interface name="corenet_dontaudit_receive_dict_client_packets" lineno="24221">
 <summary>
-Dontaudit attempts to send UDP network traffic
-on generic interfaces.
+Do not audit attempts to receive dict_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_generic_if" lineno="311">
+<interface name="corenet_sendrecv_dict_client_packets" lineno="24240">
 <summary>
-Receive UDP network traffic on generic interfaces.
+Send and receive dict_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_generic_if" lineno="330">
+<interface name="corenet_dontaudit_sendrecv_dict_client_packets" lineno="24256">
 <summary>
-Do not audit attempts to receive UDP network
-traffic on generic interfaces.
+Do not audit attempts to send and receive dict_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_generic_if" lineno="374">
+<interface name="corenet_relabelto_dict_client_packets" lineno="24271">
 <summary>
-Send and receive UDP network traffic on generic interfaces.
+Relabel packets to dict_client the packet type.
 </summary>
-<desc>
-<p>
-Allow the specified domain to send and receive UDP network
-traffic on generic network interfaces.
-</p>
-<p>
-Related interface:
-</p>
-<ul>
-<li>corenet_all_recvfrom_unlabeled()</li>
-<li>corenet_udp_sendrecv_generic_node()</li>
-<li>corenet_udp_sendrecv_all_ports()</li>
-</ul>
-<p>
-Example client being able to send to all ports over
-generic nodes, without labeled networking:
-</p>
-<p>
-allow myclient_t self:udp_socket create_socket_perms;
-corenet_udp_sendrecv_generic_if(myclient_t)
-corenet_udp_sendrecv_generic_node(myclient_t)
-corenet_udp_sendrecv_all_ports(myclient_t)
-corenet_all_recvfrom_unlabeled(myclient_t)
-</p>
-</desc>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_generic_if" lineno="390">
+<interface name="corenet_send_dict_server_packets" lineno="24291">
 <summary>
-Do not audit attempts to send and receive UDP network
-traffic on generic interfaces.
+Send dict_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_dict_server_packets" lineno="24310">
+<summary>
+Do not audit attempts to send dict_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_raw_send_generic_if" lineno="405">
+<interface name="corenet_receive_dict_server_packets" lineno="24329">
 <summary>
-Send raw IP packets on generic interfaces.
+Receive dict_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_raw_receive_generic_if" lineno="423">
+<interface name="corenet_dontaudit_receive_dict_server_packets" lineno="24348">
 <summary>
-Receive raw IP packets on generic interfaces.
+Do not audit attempts to receive dict_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_raw_sendrecv_generic_if" lineno="441">
+<interface name="corenet_sendrecv_dict_server_packets" lineno="24367">
 <summary>
-Send and receive raw IP packets on generic interfaces.
+Send and receive dict_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_out_generic_if" lineno="457">
+<interface name="corenet_dontaudit_sendrecv_dict_server_packets" lineno="24383">
 <summary>
-Allow outgoing network traffic on the generic interfaces.
+Do not audit attempts to send and receive dict_server packets.
 </summary>
 <param name="domain">
 <summary>
-The peer label of the outgoing network traffic.
+Domain to not audit.
 </summary>
 </param>
-<infoflow type="write" weight="10"/>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_in_generic_if" lineno="476">
+<interface name="corenet_relabelto_dict_server_packets" lineno="24398">
 <summary>
-Allow incoming traffic on the generic interfaces.
+Relabel packets to dict_server the packet type.
 </summary>
 <param name="domain">
 <summary>
-The peer label of the incoming network traffic.
+Domain allowed access.
 </summary>
 </param>
-<infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_inout_generic_if" lineno="495">
+<interface name="corenet_tcp_sendrecv_distccd_port" lineno="24420">
 <summary>
-Allow incoming and outgoing network traffic on the generic interfaces.
+Send and receive TCP traffic on the distccd port.
 </summary>
 <param name="domain">
 <summary>
-The peer label of the network traffic.
+Domain allowed access.
 </summary>
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_tcp_sendrecv_all_if" lineno="510">
+<interface name="corenet_udp_send_distccd_port" lineno="24439">
 <summary>
-Send and receive TCP network traffic on all interfaces.
+Send UDP traffic on the distccd port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_all_if" lineno="528">
+<interface name="corenet_dontaudit_udp_send_distccd_port" lineno="24458">
 <summary>
-Send UDP network traffic on all interfaces.
+Do not audit attempts to send UDP traffic on the distccd port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_all_if" lineno="546">
+<interface name="corenet_udp_receive_distccd_port" lineno="24477">
 <summary>
-Receive UDP network traffic on all interfaces.
+Receive UDP traffic on the distccd port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_udp_sendrecv_all_if" lineno="564">
+<interface name="corenet_dontaudit_udp_receive_distccd_port" lineno="24496">
 <summary>
-Send and receive UDP network traffic on all interfaces.
+Do not audit attempts to receive UDP traffic on the distccd port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_raw_send_all_if" lineno="579">
+<interface name="corenet_udp_sendrecv_distccd_port" lineno="24515">
 <summary>
-Send raw IP packets on all interfaces.
+Send and receive UDP traffic on the distccd port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_raw_receive_all_if" lineno="597">
+<interface name="corenet_dontaudit_udp_sendrecv_distccd_port" lineno="24532">
 <summary>
-Receive raw IP packets on all interfaces.
+Do not audit attempts to send and receive
+UDP traffic on the distccd port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_raw_sendrecv_all_if" lineno="615">
+<interface name="corenet_tcp_bind_distccd_port" lineno="24548">
 <summary>
-Send and receive raw IP packets on all interfaces.
+Bind TCP sockets to the distccd port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_sendrecv_generic_node" lineno="658">
+<interface name="corenet_udp_bind_distccd_port" lineno="24568">
 <summary>
-Send and receive TCP network traffic on generic nodes.
+Bind UDP sockets to the distccd port.
 </summary>
-<desc>
-<p>
-Allow the specified domain to send and receive TCP network
-traffic to/from generic network nodes (hostnames/networks).
-</p>
-<p>
-Related interface:
-</p>
-<ul>
-<li>corenet_all_recvfrom_unlabeled()</li>
-<li>corenet_tcp_sendrecv_generic_if()</li>
-<li>corenet_tcp_sendrecv_all_ports()</li>
-<li>corenet_tcp_connect_all_ports()</li>
-</ul>
-<p>
-Example client being able to connect to all ports over
-generic nodes, without labeled networking:
-</p>
-<p>
-allow myclient_t self:tcp_socket create_stream_socket_perms;
-corenet_tcp_sendrecv_generic_if(myclient_t)
-corenet_tcp_sendrecv_generic_node(myclient_t)
-corenet_tcp_sendrecv_all_ports(myclient_t)
-corenet_tcp_connect_all_ports(myclient_t)
-corenet_all_recvfrom_unlabeled(myclient_t)
-</p>
-</desc>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<infoflow type="both" weight="10"/>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_send_generic_node" lineno="676">
+<interface name="corenet_tcp_connect_distccd_port" lineno="24587">
 <summary>
-Send UDP network traffic on generic nodes.
+Make a TCP connection to the distccd port.
 </summary>
 <param name="domain">
 <summary>
@@ -22419,188 +24762,151 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_udp_receive_generic_node" lineno="694">
+<interface name="corenet_send_distccd_client_packets" lineno="24607">
 <summary>
-Receive UDP network traffic on generic nodes.
+Send distccd_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_udp_sendrecv_generic_node" lineno="738">
+<interface name="corenet_dontaudit_send_distccd_client_packets" lineno="24626">
 <summary>
-Send and receive UDP network traffic on generic nodes.
+Do not audit attempts to send distccd_client packets.
 </summary>
-<desc>
-<p>
-Allow the specified domain to send and receive UDP network
-traffic to/from generic network nodes (hostnames/networks).
-</p>
-<p>
-Related interface:
-</p>
-<ul>
-<li>corenet_all_recvfrom_unlabeled()</li>
-<li>corenet_udp_sendrecv_generic_if()</li>
-<li>corenet_udp_sendrecv_all_ports()</li>
-</ul>
-<p>
-Example client being able to send to all ports over
-generic nodes, without labeled networking:
-</p>
-<p>
-allow myclient_t self:udp_socket create_socket_perms;
-corenet_udp_sendrecv_generic_if(myclient_t)
-corenet_udp_sendrecv_generic_node(myclient_t)
-corenet_udp_sendrecv_all_ports(myclient_t)
-corenet_all_recvfrom_unlabeled(myclient_t)
-</p>
-</desc>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
-<infoflow type="both" weight="10"/>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_raw_send_generic_node" lineno="753">
+<interface name="corenet_receive_distccd_client_packets" lineno="24645">
 <summary>
-Send raw IP packets on generic nodes.
+Receive distccd_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_raw_receive_generic_node" lineno="771">
+<interface name="corenet_dontaudit_receive_distccd_client_packets" lineno="24664">
 <summary>
-Receive raw IP packets on generic nodes.
+Do not audit attempts to receive distccd_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_raw_sendrecv_generic_node" lineno="789">
+<interface name="corenet_sendrecv_distccd_client_packets" lineno="24683">
 <summary>
-Send and receive raw IP packets on generic nodes.
+Send and receive distccd_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_tcp_bind_generic_node" lineno="819">
+<interface name="corenet_dontaudit_sendrecv_distccd_client_packets" lineno="24699">
 <summary>
-Bind TCP sockets to generic nodes.
+Do not audit attempts to send and receive distccd_client packets.
 </summary>
-<desc>
-<p>
-Bind TCP sockets to generic nodes.  This is
-necessary for binding a socket so it
-can be used for servers to listen
-for incoming connections.
-</p>
-<p>
-Related interface:
-</p>
-<ul>
-<li>corenet_udp_bind_generic_node()</li>
-</ul>
-</desc>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
-<infoflow type="read" weight="1"/>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_generic_node" lineno="852">
+<interface name="corenet_relabelto_distccd_client_packets" lineno="24714">
 <summary>
-Bind UDP sockets to generic nodes.
+Relabel packets to distccd_client the packet type.
 </summary>
-<desc>
-<p>
-Bind UDP sockets to generic nodes.  This is
-necessary for binding a socket so it
-can be used for servers to listen
-for incoming connections.
-</p>
-<p>
-Related interface:
-</p>
-<ul>
-<li>corenet_tcp_bind_generic_node()</li>
-</ul>
-</desc>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<infoflow type="read" weight="1"/>
 </interface>
-<interface name="corenet_raw_bind_generic_node" lineno="871">
+<interface name="corenet_send_distccd_server_packets" lineno="24734">
 <summary>
-Bind raw sockets to genric nodes.
+Send distccd_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_out_generic_node" lineno="890">
+<interface name="corenet_dontaudit_send_distccd_server_packets" lineno="24753">
 <summary>
-Allow outgoing network traffic to generic nodes.
+Do not audit attempts to send distccd_server packets.
 </summary>
 <param name="domain">
 <summary>
-The peer label of the outgoing network traffic.
+Domain to not audit.
 </summary>
 </param>
-<infoflow type="write" weight="10"/>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_in_generic_node" lineno="909">
+<interface name="corenet_receive_distccd_server_packets" lineno="24772">
 <summary>
-Allow incoming network traffic from generic nodes.
+Receive distccd_server packets.
 </summary>
 <param name="domain">
 <summary>
-The peer label of the incoming network traffic.
+Domain allowed access.
 </summary>
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_inout_generic_node" lineno="928">
+<interface name="corenet_dontaudit_receive_distccd_server_packets" lineno="24791">
 <summary>
-Allow incoming and outgoing network traffic with generic nodes.
+Do not audit attempts to receive distccd_server packets.
 </summary>
 <param name="domain">
 <summary>
-The peer label of the network traffic.
+Domain allowed access.
 </summary>
 </param>
-<infoflow type="both" weight="10"/>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_sendrecv_all_nodes" lineno="943">
+<interface name="corenet_sendrecv_distccd_server_packets" lineno="24810">
 <summary>
-Send and receive TCP network traffic on all nodes.
+Send and receive distccd_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_all_nodes" lineno="961">
+<interface name="corenet_dontaudit_sendrecv_distccd_server_packets" lineno="24826">
 <summary>
-Send UDP network traffic on all nodes.
+Do not audit attempts to send and receive distccd_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_distccd_server_packets" lineno="24841">
+<summary>
+Relabel packets to distccd_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -22608,102 +24914,109 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_dontaudit_udp_send_all_nodes" lineno="980">
+<interface name="corenet_tcp_sendrecv_dns_port" lineno="24863">
 <summary>
-Do not audit attempts to send UDP network
-traffic on any nodes.
+Send and receive TCP traffic on the dns port.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_receive_all_nodes" lineno="998">
+<interface name="corenet_udp_send_dns_port" lineno="24882">
 <summary>
-Receive UDP network traffic on all nodes.
+Send UDP traffic on the dns port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_all_nodes" lineno="1017">
+<interface name="corenet_dontaudit_udp_send_dns_port" lineno="24901">
 <summary>
-Do not audit attempts to receive UDP
-network traffic on all nodes.
+Do not audit attempts to send UDP traffic on the dns port.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_all_nodes" lineno="1035">
+<interface name="corenet_udp_receive_dns_port" lineno="24920">
 <summary>
-Send and receive UDP network traffic on all nodes.
+Receive UDP traffic on the dns port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_all_nodes" lineno="1051">
+<interface name="corenet_dontaudit_udp_receive_dns_port" lineno="24939">
 <summary>
-Do not audit attempts to send and receive UDP
-network traffic on any nodes nodes.
+Do not audit attempts to receive UDP traffic on the dns port.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_raw_send_all_nodes" lineno="1066">
+<interface name="corenet_udp_sendrecv_dns_port" lineno="24958">
 <summary>
-Send raw IP packets on all nodes.
+Send and receive UDP traffic on the dns port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_raw_receive_all_nodes" lineno="1084">
+<interface name="corenet_dontaudit_udp_sendrecv_dns_port" lineno="24975">
 <summary>
-Receive raw IP packets on all nodes.
+Do not audit attempts to send and receive
+UDP traffic on the dns port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_raw_sendrecv_all_nodes" lineno="1102">
+<interface name="corenet_tcp_bind_dns_port" lineno="24991">
 <summary>
-Send and receive raw IP packets on all nodes.
+Bind TCP sockets to the dns port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_all_nodes" lineno="1117">
+<interface name="corenet_udp_bind_dns_port" lineno="25011">
 <summary>
-Bind TCP sockets to all nodes.
+Bind UDP sockets to the dns port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_all_nodes" lineno="1135">
+<interface name="corenet_tcp_connect_dns_port" lineno="25030">
 <summary>
-Bind UDP sockets to all nodes.
+Make a TCP connection to the dns port.
 </summary>
 <param name="domain">
 <summary>
@@ -22711,59 +25024,75 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_raw_bind_all_nodes" lineno="1154">
+<interface name="corenet_send_dns_client_packets" lineno="25050">
 <summary>
-Bind raw sockets to all nodes.
+Send dns_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_tcp_sendrecv_generic_port" lineno="1172">
+<interface name="corenet_dontaudit_send_dns_client_packets" lineno="25069">
 <summary>
-Send and receive TCP network traffic on generic ports.
+Do not audit attempts to send dns_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_dontaudit_tcp_sendrecv_generic_port" lineno="1190">
+<interface name="corenet_receive_dns_client_packets" lineno="25088">
 <summary>
-Do not audit send and receive TCP network traffic on generic ports.
+Receive dns_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_generic_port" lineno="1208">
+<interface name="corenet_dontaudit_receive_dns_client_packets" lineno="25107">
 <summary>
-Send UDP network traffic on generic ports.
+Do not audit attempts to receive dns_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_generic_port" lineno="1226">
+<interface name="corenet_sendrecv_dns_client_packets" lineno="25126">
 <summary>
-Receive UDP network traffic on generic ports.
+Send and receive dns_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_sendrecv_generic_port" lineno="1244">
+<interface name="corenet_dontaudit_sendrecv_dns_client_packets" lineno="25142">
 <summary>
-Send and receive UDP network traffic on generic ports.
+Do not audit attempts to send and receive dns_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_dns_client_packets" lineno="25157">
+<summary>
+Relabel packets to dns_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -22771,75 +25100,54 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_bind_generic_port" lineno="1259">
+<interface name="corenet_send_dns_server_packets" lineno="25177">
 <summary>
-Bind TCP sockets to generic ports.
+Send dns_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_tcp_bind_generic_port" lineno="1279">
+<interface name="corenet_dontaudit_send_dns_server_packets" lineno="25196">
 <summary>
-Do not audit bind TCP sockets to generic ports.
+Do not audit attempts to send dns_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_generic_port" lineno="1297">
+<interface name="corenet_receive_dns_server_packets" lineno="25215">
 <summary>
-Bind UDP sockets to generic ports.
+Receive dns_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_tcp_connect_generic_port" lineno="1317">
+<interface name="corenet_dontaudit_receive_dns_server_packets" lineno="25234">
 <summary>
-Connect TCP sockets to generic ports.
+Do not audit attempts to receive dns_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_sendrecv_all_ports" lineno="1361">
+<interface name="corenet_sendrecv_dns_server_packets" lineno="25253">
 <summary>
-Send and receive TCP network traffic on all ports.
+Send and receive dns_server packets.
 </summary>
-<desc>
-<p>
-Send and receive TCP network traffic on all ports.
-Related interfaces:
-</p>
-<ul>
-<li>corenet_all_recvfrom_unlabeled()</li>
-<li>corenet_tcp_sendrecv_generic_if()</li>
-<li>corenet_tcp_sendrecv_generic_node()</li>
-<li>corenet_tcp_connect_all_ports()</li>
-<li>corenet_tcp_bind_all_ports()</li>
-</ul>
-<p>
-Example client being able to connect to all ports over
-generic nodes, without labeled networking:
-</p>
-<p>
-allow myclient_t self:tcp_socket create_stream_socket_perms;
-corenet_tcp_sendrecv_generic_if(myclient_t)
-corenet_tcp_sendrecv_generic_node(myclient_t)
-corenet_tcp_sendrecv_all_ports(myclient_t)
-corenet_tcp_connect_all_ports(myclient_t)
-corenet_all_recvfrom_unlabeled(myclient_t)
-</p>
-</desc>
 <param name="domain">
 <summary>
 Domain allowed access.
@@ -22847,19 +25155,20 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_all_ports" lineno="1379">
+<interface name="corenet_dontaudit_sendrecv_dns_server_packets" lineno="25269">
 <summary>
-Send UDP network traffic on all ports.
+Do not audit attempts to send and receive dns_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_all_ports" lineno="1397">
+<interface name="corenet_relabelto_dns_server_packets" lineno="25284">
 <summary>
-Receive UDP network traffic on all ports.
+Relabel packets to dns_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -22867,33 +25176,10 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_udp_sendrecv_all_ports" lineno="1439">
+<interface name="corenet_tcp_sendrecv_dropbox_port" lineno="25306">
 <summary>
-Send and receive UDP network traffic on all ports.
+Send and receive TCP traffic on the dropbox port.
 </summary>
-<desc>
-<p>
-Send and receive UDP network traffic on all ports.
-Related interfaces:
-</p>
-<ul>
-<li>corenet_all_recvfrom_unlabeled()</li>
-<li>corenet_udp_sendrecv_generic_if()</li>
-<li>corenet_udp_sendrecv_generic_node()</li>
-<li>corenet_udp_bind_all_ports()</li>
-</ul>
-<p>
-Example client being able to send to all ports over
-generic nodes, without labeled networking:
-</p>
-<p>
-allow myclient_t self:udp_socket create_socket_perms;
-corenet_udp_sendrecv_generic_if(myclient_t)
-corenet_udp_sendrecv_generic_node(myclient_t)
-corenet_udp_sendrecv_all_ports(myclient_t)
-corenet_all_recvfrom_unlabeled(myclient_t)
-</p>
-</desc>
 <param name="domain">
 <summary>
 Domain allowed access.
@@ -22901,118 +25187,98 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_tcp_bind_all_ports" lineno="1454">
+<interface name="corenet_udp_send_dropbox_port" lineno="25325">
 <summary>
-Bind TCP sockets to all ports.
+Send UDP traffic on the dropbox port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_tcp_bind_all_ports" lineno="1473">
+<interface name="corenet_dontaudit_udp_send_dropbox_port" lineno="25344">
 <summary>
-Do not audit attepts to bind TCP sockets to any ports.
+Do not audit attempts to send UDP traffic on the dropbox port.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_all_ports" lineno="1491">
+<interface name="corenet_udp_receive_dropbox_port" lineno="25363">
 <summary>
-Bind UDP sockets to all ports.
+Receive UDP traffic on the dropbox port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_bind_all_ports" lineno="1510">
+<interface name="corenet_dontaudit_udp_receive_dropbox_port" lineno="25382">
 <summary>
-Do not audit attepts to bind UDP sockets to any ports.
+Do not audit attempts to receive UDP traffic on the dropbox port.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_all_ports" lineno="1556">
+<interface name="corenet_udp_sendrecv_dropbox_port" lineno="25401">
 <summary>
-Connect TCP sockets to all ports.
+Send and receive UDP traffic on the dropbox port.
 </summary>
-<desc>
-<p>
-Connect TCP sockets to all ports
-</p>
-<p>
-Related interfaces:
-</p>
-<ul>
-<li>corenet_all_recvfrom_unlabeled()</li>
-<li>corenet_tcp_sendrecv_generic_if()</li>
-<li>corenet_tcp_sendrecv_generic_node()</li>
-<li>corenet_tcp_sendrecv_all_ports()</li>
-<li>corenet_tcp_bind_all_ports()</li>
-</ul>
-<p>
-Example client being able to connect to all ports over
-generic nodes, without labeled networking:
-</p>
-<p>
-allow myclient_t self:tcp_socket create_stream_socket_perms;
-corenet_tcp_sendrecv_generic_if(myclient_t)
-corenet_tcp_sendrecv_generic_node(myclient_t)
-corenet_tcp_sendrecv_all_ports(myclient_t)
-corenet_tcp_connect_all_ports(myclient_t)
-corenet_all_recvfrom_unlabeled(myclient_t)
-</p>
-</desc>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<infoflow type="write" weight="1"/>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_tcp_connect_all_ports" lineno="1575">
+<interface name="corenet_dontaudit_udp_sendrecv_dropbox_port" lineno="25418">
 <summary>
-Do not audit attempts to connect TCP sockets
-to all ports.
+Do not audit attempts to send and receive
+UDP traffic on the dropbox port.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_sendrecv_reserved_port" lineno="1593">
+<interface name="corenet_tcp_bind_dropbox_port" lineno="25434">
 <summary>
-Send and receive TCP network traffic on generic reserved ports.
+Bind TCP sockets to the dropbox port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_send_reserved_port" lineno="1611">
+<interface name="corenet_udp_bind_dropbox_port" lineno="25454">
 <summary>
-Send UDP network traffic on generic reserved ports.
+Bind UDP sockets to the dropbox port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_reserved_port" lineno="1629">
+<interface name="corenet_tcp_connect_dropbox_port" lineno="25473">
 <summary>
-Receive UDP network traffic on generic reserved ports.
+Make a TCP connection to the dropbox port.
 </summary>
 <param name="domain">
 <summary>
@@ -23020,69 +25286,75 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_udp_sendrecv_reserved_port" lineno="1647">
+<interface name="corenet_send_dropbox_client_packets" lineno="25493">
 <summary>
-Send and receive UDP network traffic on generic reserved ports.
+Send dropbox_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_tcp_bind_reserved_port" lineno="1662">
+<interface name="corenet_dontaudit_send_dropbox_client_packets" lineno="25512">
 <summary>
-Bind TCP sockets to generic reserved ports.
+Do not audit attempts to send dropbox_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_reserved_port" lineno="1681">
+<interface name="corenet_receive_dropbox_client_packets" lineno="25531">
 <summary>
-Bind UDP sockets to generic reserved ports.
+Receive dropbox_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_tcp_connect_reserved_port" lineno="1700">
+<interface name="corenet_dontaudit_receive_dropbox_client_packets" lineno="25550">
 <summary>
-Connect TCP sockets to generic reserved ports.
+Do not audit attempts to receive dropbox_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_sendrecv_all_reserved_ports" lineno="1718">
+<interface name="corenet_sendrecv_dropbox_client_packets" lineno="25569">
 <summary>
-Send and receive TCP network traffic on all reserved ports.
+Send and receive dropbox_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_all_reserved_ports" lineno="1736">
+<interface name="corenet_dontaudit_sendrecv_dropbox_client_packets" lineno="25585">
 <summary>
-Send UDP network traffic on all reserved ports.
+Do not audit attempts to send and receive dropbox_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_all_reserved_ports" lineno="1754">
+<interface name="corenet_relabelto_dropbox_client_packets" lineno="25600">
 <summary>
-Receive UDP network traffic on all reserved ports.
+Relabel packets to dropbox_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -23090,69 +25362,75 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_udp_sendrecv_all_reserved_ports" lineno="1772">
+<interface name="corenet_send_dropbox_server_packets" lineno="25620">
 <summary>
-Send and receive UDP network traffic on all reserved ports.
+Send dropbox_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_tcp_bind_all_reserved_ports" lineno="1787">
+<interface name="corenet_dontaudit_send_dropbox_server_packets" lineno="25639">
 <summary>
-Bind TCP sockets to all reserved ports.
+Do not audit attempts to send dropbox_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_dontaudit_tcp_bind_all_reserved_ports" lineno="1806">
+<interface name="corenet_receive_dropbox_server_packets" lineno="25658">
 <summary>
-Do not audit attempts to bind TCP sockets to all reserved ports.
+Receive dropbox_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_udp_bind_all_reserved_ports" lineno="1824">
+<interface name="corenet_dontaudit_receive_dropbox_server_packets" lineno="25677">
 <summary>
-Bind UDP sockets to all reserved ports.
+Do not audit attempts to receive dropbox_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_dontaudit_udp_bind_all_reserved_ports" lineno="1843">
+<interface name="corenet_sendrecv_dropbox_server_packets" lineno="25696">
 <summary>
-Do not audit attempts to bind UDP sockets to all reserved ports.
+Send and receive dropbox_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_tcp_bind_all_unreserved_ports" lineno="1861">
+<interface name="corenet_dontaudit_sendrecv_dropbox_server_packets" lineno="25712">
 <summary>
-Bind TCP sockets to all ports > 1024.
+Do not audit attempts to send and receive dropbox_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_all_unreserved_ports" lineno="1879">
+<interface name="corenet_relabelto_dropbox_server_packets" lineno="25727">
 <summary>
-Bind UDP sockets to all ports > 1024.
+Relabel packets to dropbox_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -23160,102 +25438,109 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_connect_all_reserved_ports" lineno="1897">
+<interface name="corenet_tcp_sendrecv_efs_port" lineno="25749">
 <summary>
-Connect TCP sockets to reserved ports.
+Send and receive TCP traffic on the efs port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_tcp_connect_all_unreserved_ports" lineno="1915">
+<interface name="corenet_udp_send_efs_port" lineno="25768">
 <summary>
-Connect TCP sockets to all ports > 1024.
+Send UDP traffic on the efs port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_tcp_connect_all_reserved_ports" lineno="1934">
+<interface name="corenet_dontaudit_udp_send_efs_port" lineno="25787">
 <summary>
-Do not audit attempts to connect TCP sockets
-all reserved ports.
+Do not audit attempts to send UDP traffic on the efs port.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_all_rpc_ports" lineno="1952">
+<interface name="corenet_udp_receive_efs_port" lineno="25806">
 <summary>
-Connect TCP sockets to rpc ports.
+Receive UDP traffic on the efs port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_tcp_connect_all_rpc_ports" lineno="1971">
+<interface name="corenet_dontaudit_udp_receive_efs_port" lineno="25825">
 <summary>
-Do not audit attempts to connect TCP sockets
-all rpc ports.
+Do not audit attempts to receive UDP traffic on the efs port.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_rw_tun_tap_dev" lineno="1989">
+<interface name="corenet_udp_sendrecv_efs_port" lineno="25844">
 <summary>
-Read and write the TUN/TAP virtual network device.
+Send and receive UDP traffic on the efs port.
 </summary>
 <param name="domain">
 <summary>
-The domain allowed access.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_rw_tun_tap_dev" lineno="2009">
+<interface name="corenet_dontaudit_udp_sendrecv_efs_port" lineno="25861">
 <summary>
-Do not audit attempts to read or write the TUN/TAP
-virtual network device.
+Do not audit attempts to send and receive
+UDP traffic on the efs port.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_getattr_ppp_dev" lineno="2027">
+<interface name="corenet_tcp_bind_efs_port" lineno="25877">
 <summary>
-Getattr the point-to-point device.
+Bind TCP sockets to the efs port.
 </summary>
 <param name="domain">
 <summary>
-The domain allowed access.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_rw_ppp_dev" lineno="2045">
+<interface name="corenet_udp_bind_efs_port" lineno="25897">
 <summary>
-Read and write the point-to-point device.
+Bind UDP sockets to the efs port.
 </summary>
 <param name="domain">
 <summary>
-The domain allowed access.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_all_rpc_ports" lineno="2064">
+<interface name="corenet_tcp_connect_efs_port" lineno="25916">
 <summary>
-Bind TCP sockets to all RPC ports.
+Make a TCP connection to the efs port.
 </summary>
 <param name="domain">
 <summary>
@@ -23263,85 +25548,75 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_dontaudit_tcp_bind_all_rpc_ports" lineno="2083">
+<interface name="corenet_send_efs_client_packets" lineno="25936">
 <summary>
-Do not audit attempts to bind TCP sockets to all RPC ports.
+Send efs_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_efs_client_packets" lineno="25955">
+<summary>
+Do not audit attempts to send efs_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_all_rpc_ports" lineno="2101">
+<interface name="corenet_receive_efs_client_packets" lineno="25974">
 <summary>
-Bind UDP sockets to all RPC ports.
+Receive efs_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_bind_all_rpc_ports" lineno="2120">
+<interface name="corenet_dontaudit_receive_efs_client_packets" lineno="25993">
 <summary>
-Do not audit attempts to bind UDP sockets to all RPC ports.
+Do not audit attempts to receive efs_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_non_ipsec_sendrecv" lineno="2151">
+<interface name="corenet_sendrecv_efs_client_packets" lineno="26012">
 <summary>
-Send and receive messages on a
-non-encrypted (no IPSEC) network
-session.
+Send and receive efs_client packets.
 </summary>
-<desc>
-<p>
-Send and receive messages on a
-non-encrypted (no IPSEC) network
-session.  (Deprecated)
-</p>
-<p>
-The corenet_all_recvfrom_unlabeled() interface should be used instead
-of this one.
-</p>
-</desc>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_non_ipsec_sendrecv" lineno="2179">
+<interface name="corenet_dontaudit_sendrecv_efs_client_packets" lineno="26028">
 <summary>
-Do not audit attempts to send and receive
-messages on a non-encrypted (no IPSEC) network
-session.
+Do not audit attempts to send and receive efs_client packets.
 </summary>
-<desc>
-<p>
-Do not audit attempts to send and receive
-messages on a non-encrypted (no IPSEC) network
-session.
-</p>
-<p>
-The corenet_dontaudit_all_recvfrom_unlabeled() interface should be
-used instead of this one.
-</p>
-</desc>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_recv_netlabel" lineno="2194">
+<interface name="corenet_relabelto_efs_client_packets" lineno="26043">
 <summary>
-Receive TCP packets from a NetLabel connection.
+Relabel packets to efs_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -23349,62 +25624,75 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_recvfrom_netlabel" lineno="2209">
+<interface name="corenet_send_efs_server_packets" lineno="26063">
 <summary>
-Receive TCP packets from a NetLabel connection.
+Send efs_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_tcp_recvfrom_unlabeled" lineno="2228">
+<interface name="corenet_dontaudit_send_efs_server_packets" lineno="26082">
 <summary>
-Receive TCP packets from an unlabled connection.
+Do not audit attempts to send efs_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_efs_server_packets" lineno="26101">
+<summary>
+Receive efs_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_tcp_recv_netlabel" lineno="2249">
+<interface name="corenet_dontaudit_receive_efs_server_packets" lineno="26120">
 <summary>
-Do not audit attempts to receive TCP packets from a NetLabel
-connection.
+Do not audit attempts to receive efs_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_dontaudit_tcp_recvfrom_netlabel" lineno="2265">
+<interface name="corenet_sendrecv_efs_server_packets" lineno="26139">
 <summary>
-Do not audit attempts to receive TCP packets from a NetLabel
-connection.
+Send and receive efs_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_tcp_recvfrom_unlabeled" lineno="2285">
+<interface name="corenet_dontaudit_sendrecv_efs_server_packets" lineno="26155">
 <summary>
-Do not audit attempts to receive TCP packets from an unlabeled
-connection.
+Do not audit attempts to send and receive efs_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_recv_netlabel" lineno="2305">
+<interface name="corenet_relabelto_efs_server_packets" lineno="26170">
 <summary>
-Receive UDP packets from a NetLabel connection.
+Relabel packets to efs_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -23412,137 +25700,142 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_udp_recvfrom_netlabel" lineno="2320">
+<interface name="corenet_tcp_sendrecv_embrace_dp_c_port" lineno="26192">
 <summary>
-Receive UDP packets from a NetLabel connection.
+Send and receive TCP traffic on the embrace_dp_c port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_recvfrom_unlabeled" lineno="2339">
+<interface name="corenet_udp_send_embrace_dp_c_port" lineno="26211">
 <summary>
-Receive UDP packets from an unlabeled connection.
+Send UDP traffic on the embrace_dp_c port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_recv_netlabel" lineno="2360">
+<interface name="corenet_dontaudit_udp_send_embrace_dp_c_port" lineno="26230">
 <summary>
-Do not audit attempts to receive UDP packets from a NetLabel
-connection.
+Do not audit attempts to send UDP traffic on the embrace_dp_c port.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_dontaudit_udp_recvfrom_netlabel" lineno="2376">
+<interface name="corenet_udp_receive_embrace_dp_c_port" lineno="26249">
 <summary>
-Do not audit attempts to receive UDP packets from a NetLabel
-connection.
+Receive UDP traffic on the embrace_dp_c port.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_recvfrom_unlabeled" lineno="2396">
+<interface name="corenet_dontaudit_udp_receive_embrace_dp_c_port" lineno="26268">
 <summary>
-Do not audit attempts to receive UDP packets from an unlabeled
-connection.
+Do not audit attempts to receive UDP traffic on the embrace_dp_c port.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_raw_recv_netlabel" lineno="2416">
+<interface name="corenet_udp_sendrecv_embrace_dp_c_port" lineno="26287">
 <summary>
-Receive Raw IP packets from a NetLabel connection.
+Send and receive UDP traffic on the embrace_dp_c port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_raw_recvfrom_netlabel" lineno="2431">
+<interface name="corenet_dontaudit_udp_sendrecv_embrace_dp_c_port" lineno="26304">
 <summary>
-Receive Raw IP packets from a NetLabel connection.
+Do not audit attempts to send and receive
+UDP traffic on the embrace_dp_c port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_embrace_dp_c_port" lineno="26320">
+<summary>
+Bind TCP sockets to the embrace_dp_c port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_raw_recvfrom_unlabeled" lineno="2450">
+<interface name="corenet_udp_bind_embrace_dp_c_port" lineno="26340">
 <summary>
-Receive Raw IP packets from an unlabeled connection.
+Bind UDP sockets to the embrace_dp_c port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_dontaudit_raw_recv_netlabel" lineno="2471">
+<interface name="corenet_tcp_connect_embrace_dp_c_port" lineno="26359">
 <summary>
-Do not audit attempts to receive Raw IP packets from a NetLabel
-connection.
+Make a TCP connection to the embrace_dp_c port.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_dontaudit_raw_recvfrom_netlabel" lineno="2487">
+<interface name="corenet_send_embrace_dp_c_client_packets" lineno="26379">
 <summary>
-Do not audit attempts to receive Raw IP packets from a NetLabel
-connection.
+Send embrace_dp_c_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_raw_recvfrom_unlabeled" lineno="2507">
+<interface name="corenet_dontaudit_send_embrace_dp_c_client_packets" lineno="26398">
 <summary>
-Do not audit attempts to receive Raw IP packets from an unlabeled
-connection.
+Do not audit attempts to send embrace_dp_c_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_all_recvfrom_unlabeled" lineno="2539">
+<interface name="corenet_receive_embrace_dp_c_client_packets" lineno="26417">
 <summary>
-Receive packets from an unlabeled connection.
+Receive embrace_dp_c_client packets.
 </summary>
-<desc>
-<p>
-Allow the specified domain to receive packets from an
-unlabeled connection.  On machines that do not utilize
-labeled networking, this will be required on all
-networking domains.  On machines tha do utilize
-labeled networking, this will be required for any
-networking domain that is allowed to receive
-network traffic that does not have a label.
-</p>
-</desc>
 <param name="domain">
 <summary>
 Domain allowed access.
@@ -23550,209 +25843,228 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_all_recvfrom_netlabel" lineno="2572">
+<interface name="corenet_dontaudit_receive_embrace_dp_c_client_packets" lineno="26436">
 <summary>
-Receive packets from a NetLabel connection.
+Do not audit attempts to receive embrace_dp_c_client packets.
 </summary>
-<desc>
-<p>
-Allow the specified domain to receive NetLabel
-network traffic, which utilizes the Commercial IP
-Security Option (CIPSO) to set the MLS level
-of the network packets.  This is required for
-all networking domains that receive NetLabel
-network traffic.
-</p>
-</desc>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<infoflow type="read" weight="10"/>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_dontaudit_all_recvfrom_unlabeled" lineno="2591">
+<interface name="corenet_sendrecv_embrace_dp_c_client_packets" lineno="26455">
 <summary>
-Do not audit attempts to receive packets from an unlabeled connection.
+Send and receive embrace_dp_c_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_all_recvfrom_netlabel" lineno="2614">
+<interface name="corenet_dontaudit_sendrecv_embrace_dp_c_client_packets" lineno="26471">
 <summary>
-Do not audit attempts to receive packets from a NetLabel
-connection.
+Do not audit attempts to send and receive embrace_dp_c_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_recvfrom_labeled" lineno="2646">
+<interface name="corenet_relabelto_embrace_dp_c_client_packets" lineno="26486">
 <summary>
-Rules for receiving labeled TCP packets.
+Relabel packets to embrace_dp_c_client the packet type.
 </summary>
-<desc>
-<p>
-Rules for receiving labeled TCP packets.
-</p>
-<p>
-Due to the nature of TCP, this is bidirectional.
-</p>
-</desc>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="peer_domain">
+</interface>
+<interface name="corenet_send_embrace_dp_c_server_packets" lineno="26506">
 <summary>
-Peer domain.
+Send embrace_dp_c_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_udp_recvfrom_labeled" lineno="2674">
+<interface name="corenet_dontaudit_send_embrace_dp_c_server_packets" lineno="26525">
 <summary>
-Rules for receiving labeled UDP packets.
+Do not audit attempts to send embrace_dp_c_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_embrace_dp_c_server_packets" lineno="26544">
+<summary>
+Receive embrace_dp_c_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="peer_domain">
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_embrace_dp_c_server_packets" lineno="26563">
 <summary>
-Peer domain.
+Do not audit attempts to receive embrace_dp_c_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_raw_recvfrom_labeled" lineno="2699">
+<interface name="corenet_sendrecv_embrace_dp_c_server_packets" lineno="26582">
 <summary>
-Rules for receiving labeled raw IP packets.
+Send and receive embrace_dp_c_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="peer_domain">
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_embrace_dp_c_server_packets" lineno="26598">
 <summary>
-Peer domain.
+Do not audit attempts to send and receive embrace_dp_c_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_all_recvfrom_labeled" lineno="2733">
+<interface name="corenet_relabelto_embrace_dp_c_server_packets" lineno="26613">
 <summary>
-Rules for receiving labeled packets via TCP, UDP and raw IP.
+Relabel packets to embrace_dp_c_server the packet type.
 </summary>
-<desc>
-<p>
-Rules for receiving labeled packets via TCP, UDP and raw IP.
-</p>
-<p>
-Due to the nature of TCP, the rules (for TCP
-networking only) are bidirectional.
-</p>
-</desc>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="peer_domain">
+</interface>
+<interface name="corenet_tcp_sendrecv_epmap_port" lineno="26635">
 <summary>
-Peer domain.
+Send and receive TCP traffic on the epmap port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_setcontext_all_spds" lineno="2750">
+<interface name="corenet_udp_send_epmap_port" lineno="26654">
 <summary>
-Make the specified type usable
-for labeled ipsec.
+Send UDP traffic on the epmap port.
 </summary>
 <param name="domain">
 <summary>
-Type to be used for labeled ipsec.
+Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_send_generic_client_packets" lineno="2768">
+<interface name="corenet_dontaudit_udp_send_epmap_port" lineno="26673">
 <summary>
-Send generic client packets.
+Do not audit attempts to send UDP traffic on the epmap port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_generic_client_packets" lineno="2786">
+<interface name="corenet_udp_receive_epmap_port" lineno="26692">
 <summary>
-Receive generic client packets.
+Receive UDP traffic on the epmap port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_sendrecv_generic_client_packets" lineno="2804">
+<interface name="corenet_dontaudit_udp_receive_epmap_port" lineno="26711">
 <summary>
-Send and receive generic client packets.
+Do not audit attempts to receive UDP traffic on the epmap port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_generic_client_packets" lineno="2819">
+<interface name="corenet_udp_sendrecv_epmap_port" lineno="26730">
 <summary>
-Relabel packets to the generic client packet type.
+Send and receive UDP traffic on the epmap port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_send_generic_server_packets" lineno="2837">
+<interface name="corenet_dontaudit_udp_sendrecv_epmap_port" lineno="26747">
 <summary>
-Send generic server packets.
+Do not audit attempts to send and receive
+UDP traffic on the epmap port.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_generic_server_packets" lineno="2855">
+<interface name="corenet_tcp_bind_epmap_port" lineno="26763">
 <summary>
-Receive generic server packets.
+Bind TCP sockets to the epmap port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_generic_server_packets" lineno="2873">
+<interface name="corenet_udp_bind_epmap_port" lineno="26783">
 <summary>
-Send and receive generic server packets.
+Bind UDP sockets to the epmap port.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_generic_server_packets" lineno="2888">
+<interface name="corenet_tcp_connect_epmap_port" lineno="26802">
 <summary>
-Relabel packets to the generic server packet type.
+Make a TCP connection to the epmap port.
 </summary>
 <param name="domain">
 <summary>
@@ -23760,76 +26072,75 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_sendrecv_unlabeled_packets" lineno="2913">
+<interface name="corenet_send_epmap_client_packets" lineno="26822">
 <summary>
-Send and receive unlabeled packets.
+Send epmap_client packets.
 </summary>
-<desc>
-<p>
-Send and receive unlabeled packets.
-These packets do not match any netfilter
-SECMARK rules.
-</p>
-</desc>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_send_all_client_packets" lineno="2927">
+<interface name="corenet_dontaudit_send_epmap_client_packets" lineno="26841">
 <summary>
-Send all client packets.
+Do not audit attempts to send epmap_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_all_client_packets" lineno="2945">
+<interface name="corenet_receive_epmap_client_packets" lineno="26860">
 <summary>
-Receive all client packets.
+Receive epmap_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_sendrecv_all_client_packets" lineno="2963">
+<interface name="corenet_dontaudit_receive_epmap_client_packets" lineno="26879">
 <summary>
-Send and receive all client packets.
+Do not audit attempts to receive epmap_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_all_client_packets" lineno="2978">
+<interface name="corenet_sendrecv_epmap_client_packets" lineno="26898">
 <summary>
-Relabel packets to any client packet type.
+Send and receive epmap_client packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_send_all_server_packets" lineno="2996">
+<interface name="corenet_dontaudit_sendrecv_epmap_client_packets" lineno="26914">
 <summary>
-Send all server packets.
+Do not audit attempts to send and receive epmap_client packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_all_server_packets" lineno="3014">
+<interface name="corenet_relabelto_epmap_client_packets" lineno="26929">
 <summary>
-Receive all server packets.
+Relabel packets to epmap_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -23837,79 +26148,85 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_sendrecv_all_server_packets" lineno="3032">
+<interface name="corenet_send_epmap_server_packets" lineno="26949">
 <summary>
-Send and receive all server packets.
+Send epmap_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_relabelto_all_server_packets" lineno="3047">
+<interface name="corenet_dontaudit_send_epmap_server_packets" lineno="26968">
 <summary>
-Relabel packets to any server packet type.
+Do not audit attempts to send epmap_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_send_all_packets" lineno="3065">
+<interface name="corenet_receive_epmap_server_packets" lineno="26987">
 <summary>
-Send all packets.
+Receive epmap_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_receive_all_packets" lineno="3083">
+<interface name="corenet_dontaudit_receive_epmap_server_packets" lineno="27006">
 <summary>
-Receive all packets.
+Do not audit attempts to receive epmap_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_all_packets" lineno="3101">
+<interface name="corenet_sendrecv_epmap_server_packets" lineno="27025">
 <summary>
-Send and receive all packets.
+Send and receive epmap_server packets.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_relabelto_all_packets" lineno="3116">
+<interface name="corenet_dontaudit_sendrecv_epmap_server_packets" lineno="27041">
 <summary>
-Relabel packets to any packet type.
+Do not audit attempts to send and receive epmap_server packets.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
+<infoflow type="none"/>
 </interface>
-<interface name="corenet_unconfined" lineno="3134">
+<interface name="corenet_relabelto_epmap_server_packets" lineno="27056">
 <summary>
-Unconfined access to network objects.
+Relabel packets to epmap_server the packet type.
 </summary>
 <param name="domain">
 <summary>
-The domain allowed access.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_afs_bos_port" lineno="3154">
+<interface name="corenet_tcp_sendrecv_epmd_port" lineno="27078">
 <summary>
-Send and receive TCP traffic on the afs_bos port.
+Send and receive TCP traffic on the epmd port.
 </summary>
 <param name="domain">
 <summary>
@@ -23918,9 +26235,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_afs_bos_port" lineno="3173">
+<interface name="corenet_udp_send_epmd_port" lineno="27097">
 <summary>
-Send UDP traffic on the afs_bos port.
+Send UDP traffic on the epmd port.
 </summary>
 <param name="domain">
 <summary>
@@ -23929,9 +26246,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_afs_bos_port" lineno="3192">
+<interface name="corenet_dontaudit_udp_send_epmd_port" lineno="27116">
 <summary>
-Do not audit attempts to send UDP traffic on the afs_bos port.
+Do not audit attempts to send UDP traffic on the epmd port.
 </summary>
 <param name="domain">
 <summary>
@@ -23940,9 +26257,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_afs_bos_port" lineno="3211">
+<interface name="corenet_udp_receive_epmd_port" lineno="27135">
 <summary>
-Receive UDP traffic on the afs_bos port.
+Receive UDP traffic on the epmd port.
 </summary>
 <param name="domain">
 <summary>
@@ -23951,9 +26268,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_afs_bos_port" lineno="3230">
+<interface name="corenet_dontaudit_udp_receive_epmd_port" lineno="27154">
 <summary>
-Do not audit attempts to receive UDP traffic on the afs_bos port.
+Do not audit attempts to receive UDP traffic on the epmd port.
 </summary>
 <param name="domain">
 <summary>
@@ -23962,9 +26279,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_afs_bos_port" lineno="3249">
+<interface name="corenet_udp_sendrecv_epmd_port" lineno="27173">
 <summary>
-Send and receive UDP traffic on the afs_bos port.
+Send and receive UDP traffic on the epmd port.
 </summary>
 <param name="domain">
 <summary>
@@ -23973,10 +26290,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_afs_bos_port" lineno="3266">
+<interface name="corenet_dontaudit_udp_sendrecv_epmd_port" lineno="27190">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the afs_bos port.
+UDP traffic on the epmd port.
 </summary>
 <param name="domain">
 <summary>
@@ -23985,9 +26302,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_afs_bos_port" lineno="3282">
+<interface name="corenet_tcp_bind_epmd_port" lineno="27206">
 <summary>
-Bind TCP sockets to the afs_bos port.
+Bind TCP sockets to the epmd port.
 </summary>
 <param name="domain">
 <summary>
@@ -23996,9 +26313,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_afs_bos_port" lineno="3302">
+<interface name="corenet_udp_bind_epmd_port" lineno="27226">
 <summary>
-Bind UDP sockets to the afs_bos port.
+Bind UDP sockets to the epmd port.
 </summary>
 <param name="domain">
 <summary>
@@ -24007,9 +26324,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_afs_bos_port" lineno="3321">
+<interface name="corenet_tcp_connect_epmd_port" lineno="27245">
 <summary>
-Make a TCP connection to the afs_bos port.
+Make a TCP connection to the epmd port.
 </summary>
 <param name="domain">
 <summary>
@@ -24017,9 +26334,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_afs_bos_client_packets" lineno="3341">
+<interface name="corenet_send_epmd_client_packets" lineno="27265">
 <summary>
-Send afs_bos_client packets.
+Send epmd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24028,9 +26345,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_afs_bos_client_packets" lineno="3360">
+<interface name="corenet_dontaudit_send_epmd_client_packets" lineno="27284">
 <summary>
-Do not audit attempts to send afs_bos_client packets.
+Do not audit attempts to send epmd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24039,9 +26356,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_afs_bos_client_packets" lineno="3379">
+<interface name="corenet_receive_epmd_client_packets" lineno="27303">
 <summary>
-Receive afs_bos_client packets.
+Receive epmd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24050,9 +26367,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_afs_bos_client_packets" lineno="3398">
+<interface name="corenet_dontaudit_receive_epmd_client_packets" lineno="27322">
 <summary>
-Do not audit attempts to receive afs_bos_client packets.
+Do not audit attempts to receive epmd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24061,9 +26378,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_afs_bos_client_packets" lineno="3417">
+<interface name="corenet_sendrecv_epmd_client_packets" lineno="27341">
 <summary>
-Send and receive afs_bos_client packets.
+Send and receive epmd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24072,9 +26389,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_afs_bos_client_packets" lineno="3433">
+<interface name="corenet_dontaudit_sendrecv_epmd_client_packets" lineno="27357">
 <summary>
-Do not audit attempts to send and receive afs_bos_client packets.
+Do not audit attempts to send and receive epmd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24083,9 +26400,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_afs_bos_client_packets" lineno="3448">
+<interface name="corenet_relabelto_epmd_client_packets" lineno="27372">
 <summary>
-Relabel packets to afs_bos_client the packet type.
+Relabel packets to epmd_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -24093,9 +26410,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_afs_bos_server_packets" lineno="3468">
+<interface name="corenet_send_epmd_server_packets" lineno="27392">
 <summary>
-Send afs_bos_server packets.
+Send epmd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24104,9 +26421,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_afs_bos_server_packets" lineno="3487">
+<interface name="corenet_dontaudit_send_epmd_server_packets" lineno="27411">
 <summary>
-Do not audit attempts to send afs_bos_server packets.
+Do not audit attempts to send epmd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24115,9 +26432,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_afs_bos_server_packets" lineno="3506">
+<interface name="corenet_receive_epmd_server_packets" lineno="27430">
 <summary>
-Receive afs_bos_server packets.
+Receive epmd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24126,9 +26443,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_afs_bos_server_packets" lineno="3525">
+<interface name="corenet_dontaudit_receive_epmd_server_packets" lineno="27449">
 <summary>
-Do not audit attempts to receive afs_bos_server packets.
+Do not audit attempts to receive epmd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24137,9 +26454,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_afs_bos_server_packets" lineno="3544">
+<interface name="corenet_sendrecv_epmd_server_packets" lineno="27468">
 <summary>
-Send and receive afs_bos_server packets.
+Send and receive epmd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24148,9 +26465,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_afs_bos_server_packets" lineno="3560">
+<interface name="corenet_dontaudit_sendrecv_epmd_server_packets" lineno="27484">
 <summary>
-Do not audit attempts to send and receive afs_bos_server packets.
+Do not audit attempts to send and receive epmd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24159,9 +26476,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_afs_bos_server_packets" lineno="3575">
+<interface name="corenet_relabelto_epmd_server_packets" lineno="27499">
 <summary>
-Relabel packets to afs_bos_server the packet type.
+Relabel packets to epmd_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -24169,9 +26486,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_afs_fs_port" lineno="3597">
+<interface name="corenet_tcp_sendrecv_fingerd_port" lineno="27521">
 <summary>
-Send and receive TCP traffic on the afs_fs port.
+Send and receive TCP traffic on the fingerd port.
 </summary>
 <param name="domain">
 <summary>
@@ -24180,9 +26497,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_afs_fs_port" lineno="3616">
+<interface name="corenet_udp_send_fingerd_port" lineno="27540">
 <summary>
-Send UDP traffic on the afs_fs port.
+Send UDP traffic on the fingerd port.
 </summary>
 <param name="domain">
 <summary>
@@ -24191,9 +26508,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_afs_fs_port" lineno="3635">
+<interface name="corenet_dontaudit_udp_send_fingerd_port" lineno="27559">
 <summary>
-Do not audit attempts to send UDP traffic on the afs_fs port.
+Do not audit attempts to send UDP traffic on the fingerd port.
 </summary>
 <param name="domain">
 <summary>
@@ -24202,9 +26519,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_afs_fs_port" lineno="3654">
+<interface name="corenet_udp_receive_fingerd_port" lineno="27578">
 <summary>
-Receive UDP traffic on the afs_fs port.
+Receive UDP traffic on the fingerd port.
 </summary>
 <param name="domain">
 <summary>
@@ -24213,9 +26530,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_afs_fs_port" lineno="3673">
+<interface name="corenet_dontaudit_udp_receive_fingerd_port" lineno="27597">
 <summary>
-Do not audit attempts to receive UDP traffic on the afs_fs port.
+Do not audit attempts to receive UDP traffic on the fingerd port.
 </summary>
 <param name="domain">
 <summary>
@@ -24224,9 +26541,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_afs_fs_port" lineno="3692">
+<interface name="corenet_udp_sendrecv_fingerd_port" lineno="27616">
 <summary>
-Send and receive UDP traffic on the afs_fs port.
+Send and receive UDP traffic on the fingerd port.
 </summary>
 <param name="domain">
 <summary>
@@ -24235,10 +26552,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_afs_fs_port" lineno="3709">
+<interface name="corenet_dontaudit_udp_sendrecv_fingerd_port" lineno="27633">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the afs_fs port.
+UDP traffic on the fingerd port.
 </summary>
 <param name="domain">
 <summary>
@@ -24247,9 +26564,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_afs_fs_port" lineno="3725">
+<interface name="corenet_tcp_bind_fingerd_port" lineno="27649">
 <summary>
-Bind TCP sockets to the afs_fs port.
+Bind TCP sockets to the fingerd port.
 </summary>
 <param name="domain">
 <summary>
@@ -24258,9 +26575,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_afs_fs_port" lineno="3745">
+<interface name="corenet_udp_bind_fingerd_port" lineno="27669">
 <summary>
-Bind UDP sockets to the afs_fs port.
+Bind UDP sockets to the fingerd port.
 </summary>
 <param name="domain">
 <summary>
@@ -24269,9 +26586,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_afs_fs_port" lineno="3764">
+<interface name="corenet_tcp_connect_fingerd_port" lineno="27688">
 <summary>
-Make a TCP connection to the afs_fs port.
+Make a TCP connection to the fingerd port.
 </summary>
 <param name="domain">
 <summary>
@@ -24279,9 +26596,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_afs_fs_client_packets" lineno="3784">
+<interface name="corenet_send_fingerd_client_packets" lineno="27708">
 <summary>
-Send afs_fs_client packets.
+Send fingerd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24290,9 +26607,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_afs_fs_client_packets" lineno="3803">
+<interface name="corenet_dontaudit_send_fingerd_client_packets" lineno="27727">
 <summary>
-Do not audit attempts to send afs_fs_client packets.
+Do not audit attempts to send fingerd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24301,9 +26618,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_afs_fs_client_packets" lineno="3822">
+<interface name="corenet_receive_fingerd_client_packets" lineno="27746">
 <summary>
-Receive afs_fs_client packets.
+Receive fingerd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24312,9 +26629,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_afs_fs_client_packets" lineno="3841">
+<interface name="corenet_dontaudit_receive_fingerd_client_packets" lineno="27765">
 <summary>
-Do not audit attempts to receive afs_fs_client packets.
+Do not audit attempts to receive fingerd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24323,9 +26640,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_afs_fs_client_packets" lineno="3860">
+<interface name="corenet_sendrecv_fingerd_client_packets" lineno="27784">
 <summary>
-Send and receive afs_fs_client packets.
+Send and receive fingerd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24334,9 +26651,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_afs_fs_client_packets" lineno="3876">
+<interface name="corenet_dontaudit_sendrecv_fingerd_client_packets" lineno="27800">
 <summary>
-Do not audit attempts to send and receive afs_fs_client packets.
+Do not audit attempts to send and receive fingerd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24345,9 +26662,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_afs_fs_client_packets" lineno="3891">
+<interface name="corenet_relabelto_fingerd_client_packets" lineno="27815">
 <summary>
-Relabel packets to afs_fs_client the packet type.
+Relabel packets to fingerd_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -24355,9 +26672,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_afs_fs_server_packets" lineno="3911">
+<interface name="corenet_send_fingerd_server_packets" lineno="27835">
 <summary>
-Send afs_fs_server packets.
+Send fingerd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24366,9 +26683,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_afs_fs_server_packets" lineno="3930">
+<interface name="corenet_dontaudit_send_fingerd_server_packets" lineno="27854">
 <summary>
-Do not audit attempts to send afs_fs_server packets.
+Do not audit attempts to send fingerd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24377,9 +26694,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_afs_fs_server_packets" lineno="3949">
+<interface name="corenet_receive_fingerd_server_packets" lineno="27873">
 <summary>
-Receive afs_fs_server packets.
+Receive fingerd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24388,9 +26705,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_afs_fs_server_packets" lineno="3968">
+<interface name="corenet_dontaudit_receive_fingerd_server_packets" lineno="27892">
 <summary>
-Do not audit attempts to receive afs_fs_server packets.
+Do not audit attempts to receive fingerd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24399,9 +26716,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_afs_fs_server_packets" lineno="3987">
+<interface name="corenet_sendrecv_fingerd_server_packets" lineno="27911">
 <summary>
-Send and receive afs_fs_server packets.
+Send and receive fingerd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24410,9 +26727,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_afs_fs_server_packets" lineno="4003">
+<interface name="corenet_dontaudit_sendrecv_fingerd_server_packets" lineno="27927">
 <summary>
-Do not audit attempts to send and receive afs_fs_server packets.
+Do not audit attempts to send and receive fingerd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24421,9 +26738,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_afs_fs_server_packets" lineno="4018">
+<interface name="corenet_relabelto_fingerd_server_packets" lineno="27942">
 <summary>
-Relabel packets to afs_fs_server the packet type.
+Relabel packets to fingerd_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -24431,9 +26748,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_afs_ka_port" lineno="4040">
+<interface name="corenet_tcp_sendrecv_ftp_port" lineno="27964">
 <summary>
-Send and receive TCP traffic on the afs_ka port.
+Send and receive TCP traffic on the ftp port.
 </summary>
 <param name="domain">
 <summary>
@@ -24442,9 +26759,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_afs_ka_port" lineno="4059">
+<interface name="corenet_udp_send_ftp_port" lineno="27983">
 <summary>
-Send UDP traffic on the afs_ka port.
+Send UDP traffic on the ftp port.
 </summary>
 <param name="domain">
 <summary>
@@ -24453,9 +26770,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_afs_ka_port" lineno="4078">
+<interface name="corenet_dontaudit_udp_send_ftp_port" lineno="28002">
 <summary>
-Do not audit attempts to send UDP traffic on the afs_ka port.
+Do not audit attempts to send UDP traffic on the ftp port.
 </summary>
 <param name="domain">
 <summary>
@@ -24464,9 +26781,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_afs_ka_port" lineno="4097">
+<interface name="corenet_udp_receive_ftp_port" lineno="28021">
 <summary>
-Receive UDP traffic on the afs_ka port.
+Receive UDP traffic on the ftp port.
 </summary>
 <param name="domain">
 <summary>
@@ -24475,9 +26792,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_afs_ka_port" lineno="4116">
+<interface name="corenet_dontaudit_udp_receive_ftp_port" lineno="28040">
 <summary>
-Do not audit attempts to receive UDP traffic on the afs_ka port.
+Do not audit attempts to receive UDP traffic on the ftp port.
 </summary>
 <param name="domain">
 <summary>
@@ -24486,9 +26803,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_afs_ka_port" lineno="4135">
+<interface name="corenet_udp_sendrecv_ftp_port" lineno="28059">
 <summary>
-Send and receive UDP traffic on the afs_ka port.
+Send and receive UDP traffic on the ftp port.
 </summary>
 <param name="domain">
 <summary>
@@ -24497,10 +26814,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_afs_ka_port" lineno="4152">
+<interface name="corenet_dontaudit_udp_sendrecv_ftp_port" lineno="28076">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the afs_ka port.
+UDP traffic on the ftp port.
 </summary>
 <param name="domain">
 <summary>
@@ -24509,9 +26826,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_afs_ka_port" lineno="4168">
+<interface name="corenet_tcp_bind_ftp_port" lineno="28092">
 <summary>
-Bind TCP sockets to the afs_ka port.
+Bind TCP sockets to the ftp port.
 </summary>
 <param name="domain">
 <summary>
@@ -24520,9 +26837,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_afs_ka_port" lineno="4188">
+<interface name="corenet_udp_bind_ftp_port" lineno="28112">
 <summary>
-Bind UDP sockets to the afs_ka port.
+Bind UDP sockets to the ftp port.
 </summary>
 <param name="domain">
 <summary>
@@ -24531,9 +26848,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_afs_ka_port" lineno="4207">
+<interface name="corenet_tcp_connect_ftp_port" lineno="28131">
 <summary>
-Make a TCP connection to the afs_ka port.
+Make a TCP connection to the ftp port.
 </summary>
 <param name="domain">
 <summary>
@@ -24541,9 +26858,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_afs_ka_client_packets" lineno="4227">
+<interface name="corenet_send_ftp_client_packets" lineno="28151">
 <summary>
-Send afs_ka_client packets.
+Send ftp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24552,9 +26869,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_afs_ka_client_packets" lineno="4246">
+<interface name="corenet_dontaudit_send_ftp_client_packets" lineno="28170">
 <summary>
-Do not audit attempts to send afs_ka_client packets.
+Do not audit attempts to send ftp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24563,9 +26880,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_afs_ka_client_packets" lineno="4265">
+<interface name="corenet_receive_ftp_client_packets" lineno="28189">
 <summary>
-Receive afs_ka_client packets.
+Receive ftp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24574,9 +26891,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_afs_ka_client_packets" lineno="4284">
+<interface name="corenet_dontaudit_receive_ftp_client_packets" lineno="28208">
 <summary>
-Do not audit attempts to receive afs_ka_client packets.
+Do not audit attempts to receive ftp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24585,9 +26902,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_afs_ka_client_packets" lineno="4303">
+<interface name="corenet_sendrecv_ftp_client_packets" lineno="28227">
 <summary>
-Send and receive afs_ka_client packets.
+Send and receive ftp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24596,9 +26913,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_afs_ka_client_packets" lineno="4319">
+<interface name="corenet_dontaudit_sendrecv_ftp_client_packets" lineno="28243">
 <summary>
-Do not audit attempts to send and receive afs_ka_client packets.
+Do not audit attempts to send and receive ftp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24607,9 +26924,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_afs_ka_client_packets" lineno="4334">
+<interface name="corenet_relabelto_ftp_client_packets" lineno="28258">
 <summary>
-Relabel packets to afs_ka_client the packet type.
+Relabel packets to ftp_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -24617,9 +26934,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_afs_ka_server_packets" lineno="4354">
+<interface name="corenet_send_ftp_server_packets" lineno="28278">
 <summary>
-Send afs_ka_server packets.
+Send ftp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24628,9 +26945,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_afs_ka_server_packets" lineno="4373">
+<interface name="corenet_dontaudit_send_ftp_server_packets" lineno="28297">
 <summary>
-Do not audit attempts to send afs_ka_server packets.
+Do not audit attempts to send ftp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24639,9 +26956,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_afs_ka_server_packets" lineno="4392">
+<interface name="corenet_receive_ftp_server_packets" lineno="28316">
 <summary>
-Receive afs_ka_server packets.
+Receive ftp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24650,9 +26967,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_afs_ka_server_packets" lineno="4411">
+<interface name="corenet_dontaudit_receive_ftp_server_packets" lineno="28335">
 <summary>
-Do not audit attempts to receive afs_ka_server packets.
+Do not audit attempts to receive ftp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24661,9 +26978,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_afs_ka_server_packets" lineno="4430">
+<interface name="corenet_sendrecv_ftp_server_packets" lineno="28354">
 <summary>
-Send and receive afs_ka_server packets.
+Send and receive ftp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24672,9 +26989,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_afs_ka_server_packets" lineno="4446">
+<interface name="corenet_dontaudit_sendrecv_ftp_server_packets" lineno="28370">
 <summary>
-Do not audit attempts to send and receive afs_ka_server packets.
+Do not audit attempts to send and receive ftp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24683,9 +27000,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_afs_ka_server_packets" lineno="4461">
+<interface name="corenet_relabelto_ftp_server_packets" lineno="28385">
 <summary>
-Relabel packets to afs_ka_server the packet type.
+Relabel packets to ftp_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -24693,9 +27010,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_afs_pt_port" lineno="4483">
+<interface name="corenet_tcp_sendrecv_ftp_data_port" lineno="28407">
 <summary>
-Send and receive TCP traffic on the afs_pt port.
+Send and receive TCP traffic on the ftp_data port.
 </summary>
 <param name="domain">
 <summary>
@@ -24704,9 +27021,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_afs_pt_port" lineno="4502">
+<interface name="corenet_udp_send_ftp_data_port" lineno="28426">
 <summary>
-Send UDP traffic on the afs_pt port.
+Send UDP traffic on the ftp_data port.
 </summary>
 <param name="domain">
 <summary>
@@ -24715,9 +27032,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_afs_pt_port" lineno="4521">
+<interface name="corenet_dontaudit_udp_send_ftp_data_port" lineno="28445">
 <summary>
-Do not audit attempts to send UDP traffic on the afs_pt port.
+Do not audit attempts to send UDP traffic on the ftp_data port.
 </summary>
 <param name="domain">
 <summary>
@@ -24726,9 +27043,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_afs_pt_port" lineno="4540">
+<interface name="corenet_udp_receive_ftp_data_port" lineno="28464">
 <summary>
-Receive UDP traffic on the afs_pt port.
+Receive UDP traffic on the ftp_data port.
 </summary>
 <param name="domain">
 <summary>
@@ -24737,9 +27054,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_afs_pt_port" lineno="4559">
+<interface name="corenet_dontaudit_udp_receive_ftp_data_port" lineno="28483">
 <summary>
-Do not audit attempts to receive UDP traffic on the afs_pt port.
+Do not audit attempts to receive UDP traffic on the ftp_data port.
 </summary>
 <param name="domain">
 <summary>
@@ -24748,9 +27065,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_afs_pt_port" lineno="4578">
+<interface name="corenet_udp_sendrecv_ftp_data_port" lineno="28502">
 <summary>
-Send and receive UDP traffic on the afs_pt port.
+Send and receive UDP traffic on the ftp_data port.
 </summary>
 <param name="domain">
 <summary>
@@ -24759,10 +27076,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_afs_pt_port" lineno="4595">
+<interface name="corenet_dontaudit_udp_sendrecv_ftp_data_port" lineno="28519">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the afs_pt port.
+UDP traffic on the ftp_data port.
 </summary>
 <param name="domain">
 <summary>
@@ -24771,9 +27088,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_afs_pt_port" lineno="4611">
+<interface name="corenet_tcp_bind_ftp_data_port" lineno="28535">
 <summary>
-Bind TCP sockets to the afs_pt port.
+Bind TCP sockets to the ftp_data port.
 </summary>
 <param name="domain">
 <summary>
@@ -24782,9 +27099,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_afs_pt_port" lineno="4631">
+<interface name="corenet_udp_bind_ftp_data_port" lineno="28555">
 <summary>
-Bind UDP sockets to the afs_pt port.
+Bind UDP sockets to the ftp_data port.
 </summary>
 <param name="domain">
 <summary>
@@ -24793,9 +27110,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_afs_pt_port" lineno="4650">
+<interface name="corenet_tcp_connect_ftp_data_port" lineno="28574">
 <summary>
-Make a TCP connection to the afs_pt port.
+Make a TCP connection to the ftp_data port.
 </summary>
 <param name="domain">
 <summary>
@@ -24803,9 +27120,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_afs_pt_client_packets" lineno="4670">
+<interface name="corenet_send_ftp_data_client_packets" lineno="28594">
 <summary>
-Send afs_pt_client packets.
+Send ftp_data_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24814,9 +27131,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_afs_pt_client_packets" lineno="4689">
+<interface name="corenet_dontaudit_send_ftp_data_client_packets" lineno="28613">
 <summary>
-Do not audit attempts to send afs_pt_client packets.
+Do not audit attempts to send ftp_data_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24825,9 +27142,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_afs_pt_client_packets" lineno="4708">
+<interface name="corenet_receive_ftp_data_client_packets" lineno="28632">
 <summary>
-Receive afs_pt_client packets.
+Receive ftp_data_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24836,9 +27153,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_afs_pt_client_packets" lineno="4727">
+<interface name="corenet_dontaudit_receive_ftp_data_client_packets" lineno="28651">
 <summary>
-Do not audit attempts to receive afs_pt_client packets.
+Do not audit attempts to receive ftp_data_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24847,9 +27164,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_afs_pt_client_packets" lineno="4746">
+<interface name="corenet_sendrecv_ftp_data_client_packets" lineno="28670">
 <summary>
-Send and receive afs_pt_client packets.
+Send and receive ftp_data_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24858,9 +27175,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_afs_pt_client_packets" lineno="4762">
+<interface name="corenet_dontaudit_sendrecv_ftp_data_client_packets" lineno="28686">
 <summary>
-Do not audit attempts to send and receive afs_pt_client packets.
+Do not audit attempts to send and receive ftp_data_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24869,9 +27186,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_afs_pt_client_packets" lineno="4777">
+<interface name="corenet_relabelto_ftp_data_client_packets" lineno="28701">
 <summary>
-Relabel packets to afs_pt_client the packet type.
+Relabel packets to ftp_data_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -24879,9 +27196,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_afs_pt_server_packets" lineno="4797">
+<interface name="corenet_send_ftp_data_server_packets" lineno="28721">
 <summary>
-Send afs_pt_server packets.
+Send ftp_data_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24890,9 +27207,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_afs_pt_server_packets" lineno="4816">
+<interface name="corenet_dontaudit_send_ftp_data_server_packets" lineno="28740">
 <summary>
-Do not audit attempts to send afs_pt_server packets.
+Do not audit attempts to send ftp_data_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24901,9 +27218,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_afs_pt_server_packets" lineno="4835">
+<interface name="corenet_receive_ftp_data_server_packets" lineno="28759">
 <summary>
-Receive afs_pt_server packets.
+Receive ftp_data_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24912,9 +27229,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_afs_pt_server_packets" lineno="4854">
+<interface name="corenet_dontaudit_receive_ftp_data_server_packets" lineno="28778">
 <summary>
-Do not audit attempts to receive afs_pt_server packets.
+Do not audit attempts to receive ftp_data_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24923,9 +27240,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_afs_pt_server_packets" lineno="4873">
+<interface name="corenet_sendrecv_ftp_data_server_packets" lineno="28797">
 <summary>
-Send and receive afs_pt_server packets.
+Send and receive ftp_data_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24934,9 +27251,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_afs_pt_server_packets" lineno="4889">
+<interface name="corenet_dontaudit_sendrecv_ftp_data_server_packets" lineno="28813">
 <summary>
-Do not audit attempts to send and receive afs_pt_server packets.
+Do not audit attempts to send and receive ftp_data_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -24945,9 +27262,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_afs_pt_server_packets" lineno="4904">
+<interface name="corenet_relabelto_ftp_data_server_packets" lineno="28828">
 <summary>
-Relabel packets to afs_pt_server the packet type.
+Relabel packets to ftp_data_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -24955,9 +27272,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_afs_vl_port" lineno="4926">
+<interface name="corenet_tcp_sendrecv_gatekeeper_port" lineno="28850">
 <summary>
-Send and receive TCP traffic on the afs_vl port.
+Send and receive TCP traffic on the gatekeeper port.
 </summary>
 <param name="domain">
 <summary>
@@ -24966,9 +27283,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_afs_vl_port" lineno="4945">
+<interface name="corenet_udp_send_gatekeeper_port" lineno="28869">
 <summary>
-Send UDP traffic on the afs_vl port.
+Send UDP traffic on the gatekeeper port.
 </summary>
 <param name="domain">
 <summary>
@@ -24977,9 +27294,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_afs_vl_port" lineno="4964">
+<interface name="corenet_dontaudit_udp_send_gatekeeper_port" lineno="28888">
 <summary>
-Do not audit attempts to send UDP traffic on the afs_vl port.
+Do not audit attempts to send UDP traffic on the gatekeeper port.
 </summary>
 <param name="domain">
 <summary>
@@ -24988,9 +27305,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_afs_vl_port" lineno="4983">
+<interface name="corenet_udp_receive_gatekeeper_port" lineno="28907">
 <summary>
-Receive UDP traffic on the afs_vl port.
+Receive UDP traffic on the gatekeeper port.
 </summary>
 <param name="domain">
 <summary>
@@ -24999,9 +27316,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_afs_vl_port" lineno="5002">
+<interface name="corenet_dontaudit_udp_receive_gatekeeper_port" lineno="28926">
 <summary>
-Do not audit attempts to receive UDP traffic on the afs_vl port.
+Do not audit attempts to receive UDP traffic on the gatekeeper port.
 </summary>
 <param name="domain">
 <summary>
@@ -25010,9 +27327,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_afs_vl_port" lineno="5021">
+<interface name="corenet_udp_sendrecv_gatekeeper_port" lineno="28945">
 <summary>
-Send and receive UDP traffic on the afs_vl port.
+Send and receive UDP traffic on the gatekeeper port.
 </summary>
 <param name="domain">
 <summary>
@@ -25021,10 +27338,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_afs_vl_port" lineno="5038">
+<interface name="corenet_dontaudit_udp_sendrecv_gatekeeper_port" lineno="28962">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the afs_vl port.
+UDP traffic on the gatekeeper port.
 </summary>
 <param name="domain">
 <summary>
@@ -25033,9 +27350,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_afs_vl_port" lineno="5054">
+<interface name="corenet_tcp_bind_gatekeeper_port" lineno="28978">
 <summary>
-Bind TCP sockets to the afs_vl port.
+Bind TCP sockets to the gatekeeper port.
 </summary>
 <param name="domain">
 <summary>
@@ -25044,9 +27361,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_afs_vl_port" lineno="5074">
+<interface name="corenet_udp_bind_gatekeeper_port" lineno="28998">
 <summary>
-Bind UDP sockets to the afs_vl port.
+Bind UDP sockets to the gatekeeper port.
 </summary>
 <param name="domain">
 <summary>
@@ -25055,9 +27372,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_afs_vl_port" lineno="5093">
+<interface name="corenet_tcp_connect_gatekeeper_port" lineno="29017">
 <summary>
-Make a TCP connection to the afs_vl port.
+Make a TCP connection to the gatekeeper port.
 </summary>
 <param name="domain">
 <summary>
@@ -25065,9 +27382,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_afs_vl_client_packets" lineno="5113">
+<interface name="corenet_send_gatekeeper_client_packets" lineno="29037">
 <summary>
-Send afs_vl_client packets.
+Send gatekeeper_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25076,9 +27393,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_afs_vl_client_packets" lineno="5132">
+<interface name="corenet_dontaudit_send_gatekeeper_client_packets" lineno="29056">
 <summary>
-Do not audit attempts to send afs_vl_client packets.
+Do not audit attempts to send gatekeeper_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25087,9 +27404,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_afs_vl_client_packets" lineno="5151">
+<interface name="corenet_receive_gatekeeper_client_packets" lineno="29075">
 <summary>
-Receive afs_vl_client packets.
+Receive gatekeeper_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25098,9 +27415,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_afs_vl_client_packets" lineno="5170">
+<interface name="corenet_dontaudit_receive_gatekeeper_client_packets" lineno="29094">
 <summary>
-Do not audit attempts to receive afs_vl_client packets.
+Do not audit attempts to receive gatekeeper_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25109,9 +27426,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_afs_vl_client_packets" lineno="5189">
+<interface name="corenet_sendrecv_gatekeeper_client_packets" lineno="29113">
 <summary>
-Send and receive afs_vl_client packets.
+Send and receive gatekeeper_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25120,9 +27437,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_afs_vl_client_packets" lineno="5205">
+<interface name="corenet_dontaudit_sendrecv_gatekeeper_client_packets" lineno="29129">
 <summary>
-Do not audit attempts to send and receive afs_vl_client packets.
+Do not audit attempts to send and receive gatekeeper_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25131,9 +27448,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_afs_vl_client_packets" lineno="5220">
+<interface name="corenet_relabelto_gatekeeper_client_packets" lineno="29144">
 <summary>
-Relabel packets to afs_vl_client the packet type.
+Relabel packets to gatekeeper_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -25141,9 +27458,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_afs_vl_server_packets" lineno="5240">
+<interface name="corenet_send_gatekeeper_server_packets" lineno="29164">
 <summary>
-Send afs_vl_server packets.
+Send gatekeeper_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25152,9 +27469,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_afs_vl_server_packets" lineno="5259">
+<interface name="corenet_dontaudit_send_gatekeeper_server_packets" lineno="29183">
 <summary>
-Do not audit attempts to send afs_vl_server packets.
+Do not audit attempts to send gatekeeper_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25163,9 +27480,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_afs_vl_server_packets" lineno="5278">
+<interface name="corenet_receive_gatekeeper_server_packets" lineno="29202">
 <summary>
-Receive afs_vl_server packets.
+Receive gatekeeper_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25174,9 +27491,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_afs_vl_server_packets" lineno="5297">
+<interface name="corenet_dontaudit_receive_gatekeeper_server_packets" lineno="29221">
 <summary>
-Do not audit attempts to receive afs_vl_server packets.
+Do not audit attempts to receive gatekeeper_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25185,9 +27502,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_afs_vl_server_packets" lineno="5316">
+<interface name="corenet_sendrecv_gatekeeper_server_packets" lineno="29240">
 <summary>
-Send and receive afs_vl_server packets.
+Send and receive gatekeeper_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25196,9 +27513,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_afs_vl_server_packets" lineno="5332">
+<interface name="corenet_dontaudit_sendrecv_gatekeeper_server_packets" lineno="29256">
 <summary>
-Do not audit attempts to send and receive afs_vl_server packets.
+Do not audit attempts to send and receive gatekeeper_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25207,9 +27524,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_afs_vl_server_packets" lineno="5347">
+<interface name="corenet_relabelto_gatekeeper_server_packets" lineno="29271">
 <summary>
-Relabel packets to afs_vl_server the packet type.
+Relabel packets to gatekeeper_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -25217,9 +27534,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_agentx_port" lineno="5369">
+<interface name="corenet_tcp_sendrecv_gdomap_port" lineno="29293">
 <summary>
-Send and receive TCP traffic on the agentx port.
+Send and receive TCP traffic on the gdomap port.
 </summary>
 <param name="domain">
 <summary>
@@ -25228,9 +27545,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_agentx_port" lineno="5388">
+<interface name="corenet_udp_send_gdomap_port" lineno="29312">
 <summary>
-Send UDP traffic on the agentx port.
+Send UDP traffic on the gdomap port.
 </summary>
 <param name="domain">
 <summary>
@@ -25239,9 +27556,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_agentx_port" lineno="5407">
+<interface name="corenet_dontaudit_udp_send_gdomap_port" lineno="29331">
 <summary>
-Do not audit attempts to send UDP traffic on the agentx port.
+Do not audit attempts to send UDP traffic on the gdomap port.
 </summary>
 <param name="domain">
 <summary>
@@ -25250,9 +27567,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_agentx_port" lineno="5426">
+<interface name="corenet_udp_receive_gdomap_port" lineno="29350">
 <summary>
-Receive UDP traffic on the agentx port.
+Receive UDP traffic on the gdomap port.
 </summary>
 <param name="domain">
 <summary>
@@ -25261,9 +27578,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_agentx_port" lineno="5445">
+<interface name="corenet_dontaudit_udp_receive_gdomap_port" lineno="29369">
 <summary>
-Do not audit attempts to receive UDP traffic on the agentx port.
+Do not audit attempts to receive UDP traffic on the gdomap port.
 </summary>
 <param name="domain">
 <summary>
@@ -25272,9 +27589,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_agentx_port" lineno="5464">
+<interface name="corenet_udp_sendrecv_gdomap_port" lineno="29388">
 <summary>
-Send and receive UDP traffic on the agentx port.
+Send and receive UDP traffic on the gdomap port.
 </summary>
 <param name="domain">
 <summary>
@@ -25283,10 +27600,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_agentx_port" lineno="5481">
+<interface name="corenet_dontaudit_udp_sendrecv_gdomap_port" lineno="29405">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the agentx port.
+UDP traffic on the gdomap port.
 </summary>
 <param name="domain">
 <summary>
@@ -25295,9 +27612,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_agentx_port" lineno="5497">
+<interface name="corenet_tcp_bind_gdomap_port" lineno="29421">
 <summary>
-Bind TCP sockets to the agentx port.
+Bind TCP sockets to the gdomap port.
 </summary>
 <param name="domain">
 <summary>
@@ -25306,9 +27623,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_agentx_port" lineno="5517">
+<interface name="corenet_udp_bind_gdomap_port" lineno="29441">
 <summary>
-Bind UDP sockets to the agentx port.
+Bind UDP sockets to the gdomap port.
 </summary>
 <param name="domain">
 <summary>
@@ -25317,9 +27634,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_agentx_port" lineno="5536">
+<interface name="corenet_tcp_connect_gdomap_port" lineno="29460">
 <summary>
-Make a TCP connection to the agentx port.
+Make a TCP connection to the gdomap port.
 </summary>
 <param name="domain">
 <summary>
@@ -25327,9 +27644,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_agentx_client_packets" lineno="5556">
+<interface name="corenet_send_gdomap_client_packets" lineno="29480">
 <summary>
-Send agentx_client packets.
+Send gdomap_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25338,9 +27655,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_agentx_client_packets" lineno="5575">
+<interface name="corenet_dontaudit_send_gdomap_client_packets" lineno="29499">
 <summary>
-Do not audit attempts to send agentx_client packets.
+Do not audit attempts to send gdomap_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25349,9 +27666,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_agentx_client_packets" lineno="5594">
+<interface name="corenet_receive_gdomap_client_packets" lineno="29518">
 <summary>
-Receive agentx_client packets.
+Receive gdomap_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25360,9 +27677,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_agentx_client_packets" lineno="5613">
+<interface name="corenet_dontaudit_receive_gdomap_client_packets" lineno="29537">
 <summary>
-Do not audit attempts to receive agentx_client packets.
+Do not audit attempts to receive gdomap_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25371,9 +27688,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_agentx_client_packets" lineno="5632">
+<interface name="corenet_sendrecv_gdomap_client_packets" lineno="29556">
 <summary>
-Send and receive agentx_client packets.
+Send and receive gdomap_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25382,9 +27699,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_agentx_client_packets" lineno="5648">
+<interface name="corenet_dontaudit_sendrecv_gdomap_client_packets" lineno="29572">
 <summary>
-Do not audit attempts to send and receive agentx_client packets.
+Do not audit attempts to send and receive gdomap_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25393,9 +27710,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_agentx_client_packets" lineno="5663">
+<interface name="corenet_relabelto_gdomap_client_packets" lineno="29587">
 <summary>
-Relabel packets to agentx_client the packet type.
+Relabel packets to gdomap_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -25403,9 +27720,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_agentx_server_packets" lineno="5683">
+<interface name="corenet_send_gdomap_server_packets" lineno="29607">
 <summary>
-Send agentx_server packets.
+Send gdomap_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25414,9 +27731,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_agentx_server_packets" lineno="5702">
+<interface name="corenet_dontaudit_send_gdomap_server_packets" lineno="29626">
 <summary>
-Do not audit attempts to send agentx_server packets.
+Do not audit attempts to send gdomap_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25425,9 +27742,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_agentx_server_packets" lineno="5721">
+<interface name="corenet_receive_gdomap_server_packets" lineno="29645">
 <summary>
-Receive agentx_server packets.
+Receive gdomap_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25436,9 +27753,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_agentx_server_packets" lineno="5740">
+<interface name="corenet_dontaudit_receive_gdomap_server_packets" lineno="29664">
 <summary>
-Do not audit attempts to receive agentx_server packets.
+Do not audit attempts to receive gdomap_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25447,9 +27764,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_agentx_server_packets" lineno="5759">
+<interface name="corenet_sendrecv_gdomap_server_packets" lineno="29683">
 <summary>
-Send and receive agentx_server packets.
+Send and receive gdomap_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25458,9 +27775,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_agentx_server_packets" lineno="5775">
+<interface name="corenet_dontaudit_sendrecv_gdomap_server_packets" lineno="29699">
 <summary>
-Do not audit attempts to send and receive agentx_server packets.
+Do not audit attempts to send and receive gdomap_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25469,9 +27786,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_agentx_server_packets" lineno="5790">
+<interface name="corenet_relabelto_gdomap_server_packets" lineno="29714">
 <summary>
-Relabel packets to agentx_server the packet type.
+Relabel packets to gdomap_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -25479,9 +27796,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_amanda_port" lineno="5812">
+<interface name="corenet_tcp_sendrecv_gds_db_port" lineno="29736">
 <summary>
-Send and receive TCP traffic on the amanda port.
+Send and receive TCP traffic on the gds_db port.
 </summary>
 <param name="domain">
 <summary>
@@ -25490,9 +27807,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_amanda_port" lineno="5831">
+<interface name="corenet_udp_send_gds_db_port" lineno="29755">
 <summary>
-Send UDP traffic on the amanda port.
+Send UDP traffic on the gds_db port.
 </summary>
 <param name="domain">
 <summary>
@@ -25501,9 +27818,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_amanda_port" lineno="5850">
+<interface name="corenet_dontaudit_udp_send_gds_db_port" lineno="29774">
 <summary>
-Do not audit attempts to send UDP traffic on the amanda port.
+Do not audit attempts to send UDP traffic on the gds_db port.
 </summary>
 <param name="domain">
 <summary>
@@ -25512,9 +27829,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_amanda_port" lineno="5869">
+<interface name="corenet_udp_receive_gds_db_port" lineno="29793">
 <summary>
-Receive UDP traffic on the amanda port.
+Receive UDP traffic on the gds_db port.
 </summary>
 <param name="domain">
 <summary>
@@ -25523,9 +27840,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_amanda_port" lineno="5888">
+<interface name="corenet_dontaudit_udp_receive_gds_db_port" lineno="29812">
 <summary>
-Do not audit attempts to receive UDP traffic on the amanda port.
+Do not audit attempts to receive UDP traffic on the gds_db port.
 </summary>
 <param name="domain">
 <summary>
@@ -25534,9 +27851,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_amanda_port" lineno="5907">
+<interface name="corenet_udp_sendrecv_gds_db_port" lineno="29831">
 <summary>
-Send and receive UDP traffic on the amanda port.
+Send and receive UDP traffic on the gds_db port.
 </summary>
 <param name="domain">
 <summary>
@@ -25545,10 +27862,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_amanda_port" lineno="5924">
+<interface name="corenet_dontaudit_udp_sendrecv_gds_db_port" lineno="29848">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the amanda port.
+UDP traffic on the gds_db port.
 </summary>
 <param name="domain">
 <summary>
@@ -25557,9 +27874,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_amanda_port" lineno="5940">
+<interface name="corenet_tcp_bind_gds_db_port" lineno="29864">
 <summary>
-Bind TCP sockets to the amanda port.
+Bind TCP sockets to the gds_db port.
 </summary>
 <param name="domain">
 <summary>
@@ -25568,9 +27885,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_amanda_port" lineno="5960">
+<interface name="corenet_udp_bind_gds_db_port" lineno="29884">
 <summary>
-Bind UDP sockets to the amanda port.
+Bind UDP sockets to the gds_db port.
 </summary>
 <param name="domain">
 <summary>
@@ -25579,9 +27896,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_amanda_port" lineno="5979">
+<interface name="corenet_tcp_connect_gds_db_port" lineno="29903">
 <summary>
-Make a TCP connection to the amanda port.
+Make a TCP connection to the gds_db port.
 </summary>
 <param name="domain">
 <summary>
@@ -25589,9 +27906,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_amanda_client_packets" lineno="5999">
+<interface name="corenet_send_gds_db_client_packets" lineno="29923">
 <summary>
-Send amanda_client packets.
+Send gds_db_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25600,9 +27917,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_amanda_client_packets" lineno="6018">
+<interface name="corenet_dontaudit_send_gds_db_client_packets" lineno="29942">
 <summary>
-Do not audit attempts to send amanda_client packets.
+Do not audit attempts to send gds_db_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25611,9 +27928,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_amanda_client_packets" lineno="6037">
+<interface name="corenet_receive_gds_db_client_packets" lineno="29961">
 <summary>
-Receive amanda_client packets.
+Receive gds_db_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25622,9 +27939,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_amanda_client_packets" lineno="6056">
+<interface name="corenet_dontaudit_receive_gds_db_client_packets" lineno="29980">
 <summary>
-Do not audit attempts to receive amanda_client packets.
+Do not audit attempts to receive gds_db_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25633,9 +27950,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_amanda_client_packets" lineno="6075">
+<interface name="corenet_sendrecv_gds_db_client_packets" lineno="29999">
 <summary>
-Send and receive amanda_client packets.
+Send and receive gds_db_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25644,9 +27961,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_amanda_client_packets" lineno="6091">
+<interface name="corenet_dontaudit_sendrecv_gds_db_client_packets" lineno="30015">
 <summary>
-Do not audit attempts to send and receive amanda_client packets.
+Do not audit attempts to send and receive gds_db_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25655,9 +27972,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_amanda_client_packets" lineno="6106">
+<interface name="corenet_relabelto_gds_db_client_packets" lineno="30030">
 <summary>
-Relabel packets to amanda_client the packet type.
+Relabel packets to gds_db_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -25665,9 +27982,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_amanda_server_packets" lineno="6126">
+<interface name="corenet_send_gds_db_server_packets" lineno="30050">
 <summary>
-Send amanda_server packets.
+Send gds_db_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25676,9 +27993,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_amanda_server_packets" lineno="6145">
+<interface name="corenet_dontaudit_send_gds_db_server_packets" lineno="30069">
 <summary>
-Do not audit attempts to send amanda_server packets.
+Do not audit attempts to send gds_db_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25687,9 +28004,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_amanda_server_packets" lineno="6164">
+<interface name="corenet_receive_gds_db_server_packets" lineno="30088">
 <summary>
-Receive amanda_server packets.
+Receive gds_db_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25698,9 +28015,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_amanda_server_packets" lineno="6183">
+<interface name="corenet_dontaudit_receive_gds_db_server_packets" lineno="30107">
 <summary>
-Do not audit attempts to receive amanda_server packets.
+Do not audit attempts to receive gds_db_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25709,9 +28026,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_amanda_server_packets" lineno="6202">
+<interface name="corenet_sendrecv_gds_db_server_packets" lineno="30126">
 <summary>
-Send and receive amanda_server packets.
+Send and receive gds_db_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25720,9 +28037,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_amanda_server_packets" lineno="6218">
+<interface name="corenet_dontaudit_sendrecv_gds_db_server_packets" lineno="30142">
 <summary>
-Do not audit attempts to send and receive amanda_server packets.
+Do not audit attempts to send and receive gds_db_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25731,9 +28048,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_amanda_server_packets" lineno="6233">
+<interface name="corenet_relabelto_gds_db_server_packets" lineno="30157">
 <summary>
-Relabel packets to amanda_server the packet type.
+Relabel packets to gds_db_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -25741,9 +28058,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_amavisd_recv_port" lineno="6255">
+<interface name="corenet_tcp_sendrecv_giftd_port" lineno="30179">
 <summary>
-Send and receive TCP traffic on the amavisd_recv port.
+Send and receive TCP traffic on the giftd port.
 </summary>
 <param name="domain">
 <summary>
@@ -25752,9 +28069,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_amavisd_recv_port" lineno="6274">
+<interface name="corenet_udp_send_giftd_port" lineno="30198">
 <summary>
-Send UDP traffic on the amavisd_recv port.
+Send UDP traffic on the giftd port.
 </summary>
 <param name="domain">
 <summary>
@@ -25763,9 +28080,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_amavisd_recv_port" lineno="6293">
+<interface name="corenet_dontaudit_udp_send_giftd_port" lineno="30217">
 <summary>
-Do not audit attempts to send UDP traffic on the amavisd_recv port.
+Do not audit attempts to send UDP traffic on the giftd port.
 </summary>
 <param name="domain">
 <summary>
@@ -25774,9 +28091,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_amavisd_recv_port" lineno="6312">
+<interface name="corenet_udp_receive_giftd_port" lineno="30236">
 <summary>
-Receive UDP traffic on the amavisd_recv port.
+Receive UDP traffic on the giftd port.
 </summary>
 <param name="domain">
 <summary>
@@ -25785,9 +28102,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_amavisd_recv_port" lineno="6331">
+<interface name="corenet_dontaudit_udp_receive_giftd_port" lineno="30255">
 <summary>
-Do not audit attempts to receive UDP traffic on the amavisd_recv port.
+Do not audit attempts to receive UDP traffic on the giftd port.
 </summary>
 <param name="domain">
 <summary>
@@ -25796,9 +28113,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_amavisd_recv_port" lineno="6350">
+<interface name="corenet_udp_sendrecv_giftd_port" lineno="30274">
 <summary>
-Send and receive UDP traffic on the amavisd_recv port.
+Send and receive UDP traffic on the giftd port.
 </summary>
 <param name="domain">
 <summary>
@@ -25807,10 +28124,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_amavisd_recv_port" lineno="6367">
+<interface name="corenet_dontaudit_udp_sendrecv_giftd_port" lineno="30291">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the amavisd_recv port.
+UDP traffic on the giftd port.
 </summary>
 <param name="domain">
 <summary>
@@ -25819,9 +28136,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_amavisd_recv_port" lineno="6383">
+<interface name="corenet_tcp_bind_giftd_port" lineno="30307">
 <summary>
-Bind TCP sockets to the amavisd_recv port.
+Bind TCP sockets to the giftd port.
 </summary>
 <param name="domain">
 <summary>
@@ -25830,9 +28147,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_amavisd_recv_port" lineno="6403">
+<interface name="corenet_udp_bind_giftd_port" lineno="30327">
 <summary>
-Bind UDP sockets to the amavisd_recv port.
+Bind UDP sockets to the giftd port.
 </summary>
 <param name="domain">
 <summary>
@@ -25841,9 +28158,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_amavisd_recv_port" lineno="6422">
+<interface name="corenet_tcp_connect_giftd_port" lineno="30346">
 <summary>
-Make a TCP connection to the amavisd_recv port.
+Make a TCP connection to the giftd port.
 </summary>
 <param name="domain">
 <summary>
@@ -25851,9 +28168,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_amavisd_recv_client_packets" lineno="6442">
+<interface name="corenet_send_giftd_client_packets" lineno="30366">
 <summary>
-Send amavisd_recv_client packets.
+Send giftd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25862,9 +28179,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_amavisd_recv_client_packets" lineno="6461">
+<interface name="corenet_dontaudit_send_giftd_client_packets" lineno="30385">
 <summary>
-Do not audit attempts to send amavisd_recv_client packets.
+Do not audit attempts to send giftd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25873,9 +28190,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_amavisd_recv_client_packets" lineno="6480">
+<interface name="corenet_receive_giftd_client_packets" lineno="30404">
 <summary>
-Receive amavisd_recv_client packets.
+Receive giftd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25884,9 +28201,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_amavisd_recv_client_packets" lineno="6499">
+<interface name="corenet_dontaudit_receive_giftd_client_packets" lineno="30423">
 <summary>
-Do not audit attempts to receive amavisd_recv_client packets.
+Do not audit attempts to receive giftd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25895,9 +28212,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_amavisd_recv_client_packets" lineno="6518">
+<interface name="corenet_sendrecv_giftd_client_packets" lineno="30442">
 <summary>
-Send and receive amavisd_recv_client packets.
+Send and receive giftd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25906,9 +28223,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_amavisd_recv_client_packets" lineno="6534">
+<interface name="corenet_dontaudit_sendrecv_giftd_client_packets" lineno="30458">
 <summary>
-Do not audit attempts to send and receive amavisd_recv_client packets.
+Do not audit attempts to send and receive giftd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25917,9 +28234,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_amavisd_recv_client_packets" lineno="6549">
+<interface name="corenet_relabelto_giftd_client_packets" lineno="30473">
 <summary>
-Relabel packets to amavisd_recv_client the packet type.
+Relabel packets to giftd_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -25927,9 +28244,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_amavisd_recv_server_packets" lineno="6569">
+<interface name="corenet_send_giftd_server_packets" lineno="30493">
 <summary>
-Send amavisd_recv_server packets.
+Send giftd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25938,9 +28255,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_amavisd_recv_server_packets" lineno="6588">
+<interface name="corenet_dontaudit_send_giftd_server_packets" lineno="30512">
 <summary>
-Do not audit attempts to send amavisd_recv_server packets.
+Do not audit attempts to send giftd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25949,9 +28266,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_amavisd_recv_server_packets" lineno="6607">
+<interface name="corenet_receive_giftd_server_packets" lineno="30531">
 <summary>
-Receive amavisd_recv_server packets.
+Receive giftd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25960,9 +28277,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_amavisd_recv_server_packets" lineno="6626">
+<interface name="corenet_dontaudit_receive_giftd_server_packets" lineno="30550">
 <summary>
-Do not audit attempts to receive amavisd_recv_server packets.
+Do not audit attempts to receive giftd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25971,9 +28288,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_amavisd_recv_server_packets" lineno="6645">
+<interface name="corenet_sendrecv_giftd_server_packets" lineno="30569">
 <summary>
-Send and receive amavisd_recv_server packets.
+Send and receive giftd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25982,9 +28299,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_amavisd_recv_server_packets" lineno="6661">
+<interface name="corenet_dontaudit_sendrecv_giftd_server_packets" lineno="30585">
 <summary>
-Do not audit attempts to send and receive amavisd_recv_server packets.
+Do not audit attempts to send and receive giftd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -25993,9 +28310,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_amavisd_recv_server_packets" lineno="6676">
+<interface name="corenet_relabelto_giftd_server_packets" lineno="30600">
 <summary>
-Relabel packets to amavisd_recv_server the packet type.
+Relabel packets to giftd_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -26003,9 +28320,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_amavisd_send_port" lineno="6698">
+<interface name="corenet_tcp_sendrecv_git_port" lineno="30622">
 <summary>
-Send and receive TCP traffic on the amavisd_send port.
+Send and receive TCP traffic on the git port.
 </summary>
 <param name="domain">
 <summary>
@@ -26014,9 +28331,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_amavisd_send_port" lineno="6717">
+<interface name="corenet_udp_send_git_port" lineno="30641">
 <summary>
-Send UDP traffic on the amavisd_send port.
+Send UDP traffic on the git port.
 </summary>
 <param name="domain">
 <summary>
@@ -26025,9 +28342,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_amavisd_send_port" lineno="6736">
+<interface name="corenet_dontaudit_udp_send_git_port" lineno="30660">
 <summary>
-Do not audit attempts to send UDP traffic on the amavisd_send port.
+Do not audit attempts to send UDP traffic on the git port.
 </summary>
 <param name="domain">
 <summary>
@@ -26036,9 +28353,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_amavisd_send_port" lineno="6755">
+<interface name="corenet_udp_receive_git_port" lineno="30679">
 <summary>
-Receive UDP traffic on the amavisd_send port.
+Receive UDP traffic on the git port.
 </summary>
 <param name="domain">
 <summary>
@@ -26047,9 +28364,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_amavisd_send_port" lineno="6774">
+<interface name="corenet_dontaudit_udp_receive_git_port" lineno="30698">
 <summary>
-Do not audit attempts to receive UDP traffic on the amavisd_send port.
+Do not audit attempts to receive UDP traffic on the git port.
 </summary>
 <param name="domain">
 <summary>
@@ -26058,9 +28375,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_amavisd_send_port" lineno="6793">
+<interface name="corenet_udp_sendrecv_git_port" lineno="30717">
 <summary>
-Send and receive UDP traffic on the amavisd_send port.
+Send and receive UDP traffic on the git port.
 </summary>
 <param name="domain">
 <summary>
@@ -26069,10 +28386,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_amavisd_send_port" lineno="6810">
+<interface name="corenet_dontaudit_udp_sendrecv_git_port" lineno="30734">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the amavisd_send port.
+UDP traffic on the git port.
 </summary>
 <param name="domain">
 <summary>
@@ -26081,9 +28398,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_amavisd_send_port" lineno="6826">
+<interface name="corenet_tcp_bind_git_port" lineno="30750">
 <summary>
-Bind TCP sockets to the amavisd_send port.
+Bind TCP sockets to the git port.
 </summary>
 <param name="domain">
 <summary>
@@ -26092,9 +28409,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_amavisd_send_port" lineno="6846">
+<interface name="corenet_udp_bind_git_port" lineno="30770">
 <summary>
-Bind UDP sockets to the amavisd_send port.
+Bind UDP sockets to the git port.
 </summary>
 <param name="domain">
 <summary>
@@ -26103,9 +28420,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_amavisd_send_port" lineno="6865">
+<interface name="corenet_tcp_connect_git_port" lineno="30789">
 <summary>
-Make a TCP connection to the amavisd_send port.
+Make a TCP connection to the git port.
 </summary>
 <param name="domain">
 <summary>
@@ -26113,9 +28430,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_amavisd_send_client_packets" lineno="6885">
+<interface name="corenet_send_git_client_packets" lineno="30809">
 <summary>
-Send amavisd_send_client packets.
+Send git_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -26124,9 +28441,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_amavisd_send_client_packets" lineno="6904">
+<interface name="corenet_dontaudit_send_git_client_packets" lineno="30828">
 <summary>
-Do not audit attempts to send amavisd_send_client packets.
+Do not audit attempts to send git_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -26135,9 +28452,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_amavisd_send_client_packets" lineno="6923">
+<interface name="corenet_receive_git_client_packets" lineno="30847">
 <summary>
-Receive amavisd_send_client packets.
+Receive git_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -26146,9 +28463,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_amavisd_send_client_packets" lineno="6942">
+<interface name="corenet_dontaudit_receive_git_client_packets" lineno="30866">
 <summary>
-Do not audit attempts to receive amavisd_send_client packets.
+Do not audit attempts to receive git_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -26157,9 +28474,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_amavisd_send_client_packets" lineno="6961">
+<interface name="corenet_sendrecv_git_client_packets" lineno="30885">
 <summary>
-Send and receive amavisd_send_client packets.
+Send and receive git_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -26168,9 +28485,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_amavisd_send_client_packets" lineno="6977">
+<interface name="corenet_dontaudit_sendrecv_git_client_packets" lineno="30901">
 <summary>
-Do not audit attempts to send and receive amavisd_send_client packets.
+Do not audit attempts to send and receive git_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -26179,9 +28496,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_amavisd_send_client_packets" lineno="6992">
+<interface name="corenet_relabelto_git_client_packets" lineno="30916">
 <summary>
-Relabel packets to amavisd_send_client the packet type.
+Relabel packets to git_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -26189,9 +28506,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_amavisd_send_server_packets" lineno="7012">
+<interface name="corenet_send_git_server_packets" lineno="30936">
 <summary>
-Send amavisd_send_server packets.
+Send git_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -26200,9 +28517,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_amavisd_send_server_packets" lineno="7031">
+<interface name="corenet_dontaudit_send_git_server_packets" lineno="30955">
 <summary>
-Do not audit attempts to send amavisd_send_server packets.
+Do not audit attempts to send git_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -26211,9 +28528,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_amavisd_send_server_packets" lineno="7050">
+<interface name="corenet_receive_git_server_packets" lineno="30974">
 <summary>
-Receive amavisd_send_server packets.
+Receive git_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -26222,9 +28539,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_amavisd_send_server_packets" lineno="7069">
+<interface name="corenet_dontaudit_receive_git_server_packets" lineno="30993">
 <summary>
-Do not audit attempts to receive amavisd_send_server packets.
+Do not audit attempts to receive git_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -26233,9 +28550,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_amavisd_send_server_packets" lineno="7088">
+<interface name="corenet_sendrecv_git_server_packets" lineno="31012">
 <summary>
-Send and receive amavisd_send_server packets.
+Send and receive git_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -26244,9 +28561,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_amavisd_send_server_packets" lineno="7104">
+<interface name="corenet_dontaudit_sendrecv_git_server_packets" lineno="31028">
 <summary>
-Do not audit attempts to send and receive amavisd_send_server packets.
+Do not audit attempts to send and receive git_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -26255,9 +28572,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_amavisd_send_server_packets" lineno="7119">
+<interface name="corenet_relabelto_git_server_packets" lineno="31043">
 <summary>
-Relabel packets to amavisd_send_server the packet type.
+Relabel packets to git_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -26265,9 +28582,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_amqp_port" lineno="7141">
+<interface name="corenet_tcp_sendrecv_glance_registry_port" lineno="31065">
 <summary>
-Send and receive TCP traffic on the amqp port.
+Send and receive TCP traffic on the glance_registry port.
 </summary>
 <param name="domain">
 <summary>
@@ -26276,9 +28593,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_amqp_port" lineno="7160">
+<interface name="corenet_udp_send_glance_registry_port" lineno="31084">
 <summary>
-Send UDP traffic on the amqp port.
+Send UDP traffic on the glance_registry port.
 </summary>
 <param name="domain">
 <summary>
@@ -26287,9 +28604,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_amqp_port" lineno="7179">
+<interface name="corenet_dontaudit_udp_send_glance_registry_port" lineno="31103">
 <summary>
-Do not audit attempts to send UDP traffic on the amqp port.
+Do not audit attempts to send UDP traffic on the glance_registry port.
 </summary>
 <param name="domain">
 <summary>
@@ -26298,9 +28615,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_amqp_port" lineno="7198">
+<interface name="corenet_udp_receive_glance_registry_port" lineno="31122">
 <summary>
-Receive UDP traffic on the amqp port.
+Receive UDP traffic on the glance_registry port.
 </summary>
 <param name="domain">
 <summary>
@@ -26309,9 +28626,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_amqp_port" lineno="7217">
+<interface name="corenet_dontaudit_udp_receive_glance_registry_port" lineno="31141">
 <summary>
-Do not audit attempts to receive UDP traffic on the amqp port.
+Do not audit attempts to receive UDP traffic on the glance_registry port.
 </summary>
 <param name="domain">
 <summary>
@@ -26320,9 +28637,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_amqp_port" lineno="7236">
+<interface name="corenet_udp_sendrecv_glance_registry_port" lineno="31160">
 <summary>
-Send and receive UDP traffic on the amqp port.
+Send and receive UDP traffic on the glance_registry port.
 </summary>
 <param name="domain">
 <summary>
@@ -26331,10 +28648,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_amqp_port" lineno="7253">
+<interface name="corenet_dontaudit_udp_sendrecv_glance_registry_port" lineno="31177">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the amqp port.
+UDP traffic on the glance_registry port.
 </summary>
 <param name="domain">
 <summary>
@@ -26343,9 +28660,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_amqp_port" lineno="7269">
+<interface name="corenet_tcp_bind_glance_registry_port" lineno="31193">
 <summary>
-Bind TCP sockets to the amqp port.
+Bind TCP sockets to the glance_registry port.
 </summary>
 <param name="domain">
 <summary>
@@ -26354,9 +28671,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_amqp_port" lineno="7289">
+<interface name="corenet_udp_bind_glance_registry_port" lineno="31213">
 <summary>
-Bind UDP sockets to the amqp port.
+Bind UDP sockets to the glance_registry port.
 </summary>
 <param name="domain">
 <summary>
@@ -26365,9 +28682,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_amqp_port" lineno="7308">
+<interface name="corenet_tcp_connect_glance_registry_port" lineno="31232">
 <summary>
-Make a TCP connection to the amqp port.
+Make a TCP connection to the glance_registry port.
 </summary>
 <param name="domain">
 <summary>
@@ -26375,9 +28692,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_amqp_client_packets" lineno="7328">
+<interface name="corenet_send_glance_registry_client_packets" lineno="31252">
 <summary>
-Send amqp_client packets.
+Send glance_registry_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -26386,9 +28703,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_amqp_client_packets" lineno="7347">
+<interface name="corenet_dontaudit_send_glance_registry_client_packets" lineno="31271">
 <summary>
-Do not audit attempts to send amqp_client packets.
+Do not audit attempts to send glance_registry_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -26397,9 +28714,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_amqp_client_packets" lineno="7366">
+<interface name="corenet_receive_glance_registry_client_packets" lineno="31290">
 <summary>
-Receive amqp_client packets.
+Receive glance_registry_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -26408,9 +28725,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_amqp_client_packets" lineno="7385">
+<interface name="corenet_dontaudit_receive_glance_registry_client_packets" lineno="31309">
 <summary>
-Do not audit attempts to receive amqp_client packets.
+Do not audit attempts to receive glance_registry_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -26419,9 +28736,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_amqp_client_packets" lineno="7404">
+<interface name="corenet_sendrecv_glance_registry_client_packets" lineno="31328">
 <summary>
-Send and receive amqp_client packets.
+Send and receive glance_registry_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -26430,9 +28747,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_amqp_client_packets" lineno="7420">
+<interface name="corenet_dontaudit_sendrecv_glance_registry_client_packets" lineno="31344">
 <summary>
-Do not audit attempts to send and receive amqp_client packets.
+Do not audit attempts to send and receive glance_registry_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -26441,9 +28758,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_amqp_client_packets" lineno="7435">
+<interface name="corenet_relabelto_glance_registry_client_packets" lineno="31359">
 <summary>
-Relabel packets to amqp_client the packet type.
+Relabel packets to glance_registry_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -26451,9 +28768,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_amqp_server_packets" lineno="7455">
+<interface name="corenet_send_glance_registry_server_packets" lineno="31379">
 <summary>
-Send amqp_server packets.
+Send glance_registry_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -26462,9 +28779,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_amqp_server_packets" lineno="7474">
+<interface name="corenet_dontaudit_send_glance_registry_server_packets" lineno="31398">
 <summary>
-Do not audit attempts to send amqp_server packets.
+Do not audit attempts to send glance_registry_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -26473,9 +28790,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_amqp_server_packets" lineno="7493">
+<interface name="corenet_receive_glance_registry_server_packets" lineno="31417">
 <summary>
-Receive amqp_server packets.
+Receive glance_registry_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -26484,9 +28801,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_amqp_server_packets" lineno="7512">
+<interface name="corenet_dontaudit_receive_glance_registry_server_packets" lineno="31436">
 <summary>
-Do not audit attempts to receive amqp_server packets.
+Do not audit attempts to receive glance_registry_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -26495,9 +28812,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_amqp_server_packets" lineno="7531">
+<interface name="corenet_sendrecv_glance_registry_server_packets" lineno="31455">
 <summary>
-Send and receive amqp_server packets.
+Send and receive glance_registry_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -26506,9 +28823,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_amqp_server_packets" lineno="7547">
+<interface name="corenet_dontaudit_sendrecv_glance_registry_server_packets" lineno="31471">
 <summary>
-Do not audit attempts to send and receive amqp_server packets.
+Do not audit attempts to send and receive glance_registry_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -26517,9 +28834,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_amqp_server_packets" lineno="7562">
+<interface name="corenet_relabelto_glance_registry_server_packets" lineno="31486">
 <summary>
-Relabel packets to amqp_server the packet type.
+Relabel packets to glance_registry_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -26527,9 +28844,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_aol_port" lineno="7584">
+<interface name="corenet_tcp_sendrecv_gopher_port" lineno="31508">
 <summary>
-Send and receive TCP traffic on the aol port.
+Send and receive TCP traffic on the gopher port.
 </summary>
 <param name="domain">
 <summary>
@@ -26538,9 +28855,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_aol_port" lineno="7603">
+<interface name="corenet_udp_send_gopher_port" lineno="31527">
 <summary>
-Send UDP traffic on the aol port.
+Send UDP traffic on the gopher port.
 </summary>
 <param name="domain">
 <summary>
@@ -26549,9 +28866,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_aol_port" lineno="7622">
+<interface name="corenet_dontaudit_udp_send_gopher_port" lineno="31546">
 <summary>
-Do not audit attempts to send UDP traffic on the aol port.
+Do not audit attempts to send UDP traffic on the gopher port.
 </summary>
 <param name="domain">
 <summary>
@@ -26560,9 +28877,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_aol_port" lineno="7641">
+<interface name="corenet_udp_receive_gopher_port" lineno="31565">
 <summary>
-Receive UDP traffic on the aol port.
+Receive UDP traffic on the gopher port.
 </summary>
 <param name="domain">
 <summary>
@@ -26571,9 +28888,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_aol_port" lineno="7660">
+<interface name="corenet_dontaudit_udp_receive_gopher_port" lineno="31584">
 <summary>
-Do not audit attempts to receive UDP traffic on the aol port.
+Do not audit attempts to receive UDP traffic on the gopher port.
 </summary>
 <param name="domain">
 <summary>
@@ -26582,9 +28899,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_aol_port" lineno="7679">
+<interface name="corenet_udp_sendrecv_gopher_port" lineno="31603">
 <summary>
-Send and receive UDP traffic on the aol port.
+Send and receive UDP traffic on the gopher port.
 </summary>
 <param name="domain">
 <summary>
@@ -26593,10 +28910,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_aol_port" lineno="7696">
+<interface name="corenet_dontaudit_udp_sendrecv_gopher_port" lineno="31620">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the aol port.
+UDP traffic on the gopher port.
 </summary>
 <param name="domain">
 <summary>
@@ -26605,9 +28922,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_aol_port" lineno="7712">
+<interface name="corenet_tcp_bind_gopher_port" lineno="31636">
 <summary>
-Bind TCP sockets to the aol port.
+Bind TCP sockets to the gopher port.
 </summary>
 <param name="domain">
 <summary>
@@ -26616,9 +28933,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_aol_port" lineno="7732">
+<interface name="corenet_udp_bind_gopher_port" lineno="31656">
 <summary>
-Bind UDP sockets to the aol port.
+Bind UDP sockets to the gopher port.
 </summary>
 <param name="domain">
 <summary>
@@ -26627,9 +28944,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_aol_port" lineno="7751">
+<interface name="corenet_tcp_connect_gopher_port" lineno="31675">
 <summary>
-Make a TCP connection to the aol port.
+Make a TCP connection to the gopher port.
 </summary>
 <param name="domain">
 <summary>
@@ -26637,9 +28954,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_aol_client_packets" lineno="7771">
+<interface name="corenet_send_gopher_client_packets" lineno="31695">
 <summary>
-Send aol_client packets.
+Send gopher_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -26648,9 +28965,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_aol_client_packets" lineno="7790">
+<interface name="corenet_dontaudit_send_gopher_client_packets" lineno="31714">
 <summary>
-Do not audit attempts to send aol_client packets.
+Do not audit attempts to send gopher_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -26659,9 +28976,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_aol_client_packets" lineno="7809">
+<interface name="corenet_receive_gopher_client_packets" lineno="31733">
 <summary>
-Receive aol_client packets.
+Receive gopher_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -26670,9 +28987,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_aol_client_packets" lineno="7828">
+<interface name="corenet_dontaudit_receive_gopher_client_packets" lineno="31752">
 <summary>
-Do not audit attempts to receive aol_client packets.
+Do not audit attempts to receive gopher_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -26681,9 +28998,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_aol_client_packets" lineno="7847">
+<interface name="corenet_sendrecv_gopher_client_packets" lineno="31771">
 <summary>
-Send and receive aol_client packets.
+Send and receive gopher_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -26692,9 +29009,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_aol_client_packets" lineno="7863">
+<interface name="corenet_dontaudit_sendrecv_gopher_client_packets" lineno="31787">
 <summary>
-Do not audit attempts to send and receive aol_client packets.
+Do not audit attempts to send and receive gopher_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -26703,9 +29020,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_aol_client_packets" lineno="7878">
+<interface name="corenet_relabelto_gopher_client_packets" lineno="31802">
 <summary>
-Relabel packets to aol_client the packet type.
+Relabel packets to gopher_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -26713,9 +29030,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_aol_server_packets" lineno="7898">
+<interface name="corenet_send_gopher_server_packets" lineno="31822">
 <summary>
-Send aol_server packets.
+Send gopher_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -26724,9 +29041,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_aol_server_packets" lineno="7917">
+<interface name="corenet_dontaudit_send_gopher_server_packets" lineno="31841">
 <summary>
-Do not audit attempts to send aol_server packets.
+Do not audit attempts to send gopher_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -26735,9 +29052,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_aol_server_packets" lineno="7936">
+<interface name="corenet_receive_gopher_server_packets" lineno="31860">
 <summary>
-Receive aol_server packets.
+Receive gopher_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -26746,9 +29063,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_aol_server_packets" lineno="7955">
+<interface name="corenet_dontaudit_receive_gopher_server_packets" lineno="31879">
 <summary>
-Do not audit attempts to receive aol_server packets.
+Do not audit attempts to receive gopher_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -26757,9 +29074,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_aol_server_packets" lineno="7974">
+<interface name="corenet_sendrecv_gopher_server_packets" lineno="31898">
 <summary>
-Send and receive aol_server packets.
+Send and receive gopher_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -26768,9 +29085,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_aol_server_packets" lineno="7990">
+<interface name="corenet_dontaudit_sendrecv_gopher_server_packets" lineno="31914">
 <summary>
-Do not audit attempts to send and receive aol_server packets.
+Do not audit attempts to send and receive gopher_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -26779,9 +29096,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_aol_server_packets" lineno="8005">
+<interface name="corenet_relabelto_gopher_server_packets" lineno="31929">
 <summary>
-Relabel packets to aol_server the packet type.
+Relabel packets to gopher_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -26789,9 +29106,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_apcupsd_port" lineno="8027">
+<interface name="corenet_tcp_sendrecv_gpsd_port" lineno="31951">
 <summary>
-Send and receive TCP traffic on the apcupsd port.
+Send and receive TCP traffic on the gpsd port.
 </summary>
 <param name="domain">
 <summary>
@@ -26800,9 +29117,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_apcupsd_port" lineno="8046">
+<interface name="corenet_udp_send_gpsd_port" lineno="31970">
 <summary>
-Send UDP traffic on the apcupsd port.
+Send UDP traffic on the gpsd port.
 </summary>
 <param name="domain">
 <summary>
@@ -26811,9 +29128,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_apcupsd_port" lineno="8065">
+<interface name="corenet_dontaudit_udp_send_gpsd_port" lineno="31989">
 <summary>
-Do not audit attempts to send UDP traffic on the apcupsd port.
+Do not audit attempts to send UDP traffic on the gpsd port.
 </summary>
 <param name="domain">
 <summary>
@@ -26822,9 +29139,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_apcupsd_port" lineno="8084">
+<interface name="corenet_udp_receive_gpsd_port" lineno="32008">
 <summary>
-Receive UDP traffic on the apcupsd port.
+Receive UDP traffic on the gpsd port.
 </summary>
 <param name="domain">
 <summary>
@@ -26833,9 +29150,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_apcupsd_port" lineno="8103">
+<interface name="corenet_dontaudit_udp_receive_gpsd_port" lineno="32027">
 <summary>
-Do not audit attempts to receive UDP traffic on the apcupsd port.
+Do not audit attempts to receive UDP traffic on the gpsd port.
 </summary>
 <param name="domain">
 <summary>
@@ -26844,9 +29161,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_apcupsd_port" lineno="8122">
+<interface name="corenet_udp_sendrecv_gpsd_port" lineno="32046">
 <summary>
-Send and receive UDP traffic on the apcupsd port.
+Send and receive UDP traffic on the gpsd port.
 </summary>
 <param name="domain">
 <summary>
@@ -26855,10 +29172,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_apcupsd_port" lineno="8139">
+<interface name="corenet_dontaudit_udp_sendrecv_gpsd_port" lineno="32063">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the apcupsd port.
+UDP traffic on the gpsd port.
 </summary>
 <param name="domain">
 <summary>
@@ -26867,9 +29184,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_apcupsd_port" lineno="8155">
+<interface name="corenet_tcp_bind_gpsd_port" lineno="32079">
 <summary>
-Bind TCP sockets to the apcupsd port.
+Bind TCP sockets to the gpsd port.
 </summary>
 <param name="domain">
 <summary>
@@ -26878,9 +29195,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_apcupsd_port" lineno="8175">
+<interface name="corenet_udp_bind_gpsd_port" lineno="32099">
 <summary>
-Bind UDP sockets to the apcupsd port.
+Bind UDP sockets to the gpsd port.
 </summary>
 <param name="domain">
 <summary>
@@ -26889,9 +29206,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_apcupsd_port" lineno="8194">
+<interface name="corenet_tcp_connect_gpsd_port" lineno="32118">
 <summary>
-Make a TCP connection to the apcupsd port.
+Make a TCP connection to the gpsd port.
 </summary>
 <param name="domain">
 <summary>
@@ -26899,9 +29216,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_apcupsd_client_packets" lineno="8214">
+<interface name="corenet_send_gpsd_client_packets" lineno="32138">
 <summary>
-Send apcupsd_client packets.
+Send gpsd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -26910,9 +29227,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_apcupsd_client_packets" lineno="8233">
+<interface name="corenet_dontaudit_send_gpsd_client_packets" lineno="32157">
 <summary>
-Do not audit attempts to send apcupsd_client packets.
+Do not audit attempts to send gpsd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -26921,9 +29238,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_apcupsd_client_packets" lineno="8252">
+<interface name="corenet_receive_gpsd_client_packets" lineno="32176">
 <summary>
-Receive apcupsd_client packets.
+Receive gpsd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -26932,9 +29249,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_apcupsd_client_packets" lineno="8271">
+<interface name="corenet_dontaudit_receive_gpsd_client_packets" lineno="32195">
 <summary>
-Do not audit attempts to receive apcupsd_client packets.
+Do not audit attempts to receive gpsd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -26943,9 +29260,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_apcupsd_client_packets" lineno="8290">
+<interface name="corenet_sendrecv_gpsd_client_packets" lineno="32214">
 <summary>
-Send and receive apcupsd_client packets.
+Send and receive gpsd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -26954,9 +29271,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_apcupsd_client_packets" lineno="8306">
+<interface name="corenet_dontaudit_sendrecv_gpsd_client_packets" lineno="32230">
 <summary>
-Do not audit attempts to send and receive apcupsd_client packets.
+Do not audit attempts to send and receive gpsd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -26965,9 +29282,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_apcupsd_client_packets" lineno="8321">
+<interface name="corenet_relabelto_gpsd_client_packets" lineno="32245">
 <summary>
-Relabel packets to apcupsd_client the packet type.
+Relabel packets to gpsd_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -26975,9 +29292,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_apcupsd_server_packets" lineno="8341">
+<interface name="corenet_send_gpsd_server_packets" lineno="32265">
 <summary>
-Send apcupsd_server packets.
+Send gpsd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -26986,9 +29303,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_apcupsd_server_packets" lineno="8360">
+<interface name="corenet_dontaudit_send_gpsd_server_packets" lineno="32284">
 <summary>
-Do not audit attempts to send apcupsd_server packets.
+Do not audit attempts to send gpsd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -26997,9 +29314,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_apcupsd_server_packets" lineno="8379">
+<interface name="corenet_receive_gpsd_server_packets" lineno="32303">
 <summary>
-Receive apcupsd_server packets.
+Receive gpsd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -27008,9 +29325,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_apcupsd_server_packets" lineno="8398">
+<interface name="corenet_dontaudit_receive_gpsd_server_packets" lineno="32322">
 <summary>
-Do not audit attempts to receive apcupsd_server packets.
+Do not audit attempts to receive gpsd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -27019,9 +29336,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_apcupsd_server_packets" lineno="8417">
+<interface name="corenet_sendrecv_gpsd_server_packets" lineno="32341">
 <summary>
-Send and receive apcupsd_server packets.
+Send and receive gpsd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -27030,9 +29347,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_apcupsd_server_packets" lineno="8433">
+<interface name="corenet_dontaudit_sendrecv_gpsd_server_packets" lineno="32357">
 <summary>
-Do not audit attempts to send and receive apcupsd_server packets.
+Do not audit attempts to send and receive gpsd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -27041,9 +29358,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_apcupsd_server_packets" lineno="8448">
+<interface name="corenet_relabelto_gpsd_server_packets" lineno="32372">
 <summary>
-Relabel packets to apcupsd_server the packet type.
+Relabel packets to gpsd_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -27051,9 +29368,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_asterisk_port" lineno="8470">
+<interface name="corenet_tcp_sendrecv_hadoop_datanode_port" lineno="32394">
 <summary>
-Send and receive TCP traffic on the asterisk port.
+Send and receive TCP traffic on the hadoop_datanode port.
 </summary>
 <param name="domain">
 <summary>
@@ -27062,9 +29379,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_asterisk_port" lineno="8489">
+<interface name="corenet_udp_send_hadoop_datanode_port" lineno="32413">
 <summary>
-Send UDP traffic on the asterisk port.
+Send UDP traffic on the hadoop_datanode port.
 </summary>
 <param name="domain">
 <summary>
@@ -27073,9 +29390,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_asterisk_port" lineno="8508">
+<interface name="corenet_dontaudit_udp_send_hadoop_datanode_port" lineno="32432">
 <summary>
-Do not audit attempts to send UDP traffic on the asterisk port.
+Do not audit attempts to send UDP traffic on the hadoop_datanode port.
 </summary>
 <param name="domain">
 <summary>
@@ -27084,9 +29401,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_asterisk_port" lineno="8527">
+<interface name="corenet_udp_receive_hadoop_datanode_port" lineno="32451">
 <summary>
-Receive UDP traffic on the asterisk port.
+Receive UDP traffic on the hadoop_datanode port.
 </summary>
 <param name="domain">
 <summary>
@@ -27095,9 +29412,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_asterisk_port" lineno="8546">
+<interface name="corenet_dontaudit_udp_receive_hadoop_datanode_port" lineno="32470">
 <summary>
-Do not audit attempts to receive UDP traffic on the asterisk port.
+Do not audit attempts to receive UDP traffic on the hadoop_datanode port.
 </summary>
 <param name="domain">
 <summary>
@@ -27106,9 +29423,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_asterisk_port" lineno="8565">
+<interface name="corenet_udp_sendrecv_hadoop_datanode_port" lineno="32489">
 <summary>
-Send and receive UDP traffic on the asterisk port.
+Send and receive UDP traffic on the hadoop_datanode port.
 </summary>
 <param name="domain">
 <summary>
@@ -27117,10 +29434,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_asterisk_port" lineno="8582">
+<interface name="corenet_dontaudit_udp_sendrecv_hadoop_datanode_port" lineno="32506">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the asterisk port.
+UDP traffic on the hadoop_datanode port.
 </summary>
 <param name="domain">
 <summary>
@@ -27129,9 +29446,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_asterisk_port" lineno="8598">
+<interface name="corenet_tcp_bind_hadoop_datanode_port" lineno="32522">
 <summary>
-Bind TCP sockets to the asterisk port.
+Bind TCP sockets to the hadoop_datanode port.
 </summary>
 <param name="domain">
 <summary>
@@ -27140,9 +29457,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_asterisk_port" lineno="8618">
+<interface name="corenet_udp_bind_hadoop_datanode_port" lineno="32542">
 <summary>
-Bind UDP sockets to the asterisk port.
+Bind UDP sockets to the hadoop_datanode port.
 </summary>
 <param name="domain">
 <summary>
@@ -27151,9 +29468,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_asterisk_port" lineno="8637">
+<interface name="corenet_tcp_connect_hadoop_datanode_port" lineno="32561">
 <summary>
-Make a TCP connection to the asterisk port.
+Make a TCP connection to the hadoop_datanode port.
 </summary>
 <param name="domain">
 <summary>
@@ -27161,9 +29478,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_asterisk_client_packets" lineno="8657">
+<interface name="corenet_send_hadoop_datanode_client_packets" lineno="32581">
 <summary>
-Send asterisk_client packets.
+Send hadoop_datanode_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -27172,9 +29489,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_asterisk_client_packets" lineno="8676">
+<interface name="corenet_dontaudit_send_hadoop_datanode_client_packets" lineno="32600">
 <summary>
-Do not audit attempts to send asterisk_client packets.
+Do not audit attempts to send hadoop_datanode_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -27183,9 +29500,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_asterisk_client_packets" lineno="8695">
+<interface name="corenet_receive_hadoop_datanode_client_packets" lineno="32619">
 <summary>
-Receive asterisk_client packets.
+Receive hadoop_datanode_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -27194,9 +29511,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_asterisk_client_packets" lineno="8714">
+<interface name="corenet_dontaudit_receive_hadoop_datanode_client_packets" lineno="32638">
 <summary>
-Do not audit attempts to receive asterisk_client packets.
+Do not audit attempts to receive hadoop_datanode_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -27205,9 +29522,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_asterisk_client_packets" lineno="8733">
+<interface name="corenet_sendrecv_hadoop_datanode_client_packets" lineno="32657">
 <summary>
-Send and receive asterisk_client packets.
+Send and receive hadoop_datanode_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -27216,9 +29533,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_asterisk_client_packets" lineno="8749">
+<interface name="corenet_dontaudit_sendrecv_hadoop_datanode_client_packets" lineno="32673">
 <summary>
-Do not audit attempts to send and receive asterisk_client packets.
+Do not audit attempts to send and receive hadoop_datanode_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -27227,9 +29544,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_asterisk_client_packets" lineno="8764">
+<interface name="corenet_relabelto_hadoop_datanode_client_packets" lineno="32688">
 <summary>
-Relabel packets to asterisk_client the packet type.
+Relabel packets to hadoop_datanode_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -27237,9 +29554,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_asterisk_server_packets" lineno="8784">
+<interface name="corenet_send_hadoop_datanode_server_packets" lineno="32708">
 <summary>
-Send asterisk_server packets.
+Send hadoop_datanode_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -27248,9 +29565,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_asterisk_server_packets" lineno="8803">
+<interface name="corenet_dontaudit_send_hadoop_datanode_server_packets" lineno="32727">
 <summary>
-Do not audit attempts to send asterisk_server packets.
+Do not audit attempts to send hadoop_datanode_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -27259,9 +29576,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_asterisk_server_packets" lineno="8822">
+<interface name="corenet_receive_hadoop_datanode_server_packets" lineno="32746">
 <summary>
-Receive asterisk_server packets.
+Receive hadoop_datanode_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -27270,9 +29587,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_asterisk_server_packets" lineno="8841">
+<interface name="corenet_dontaudit_receive_hadoop_datanode_server_packets" lineno="32765">
 <summary>
-Do not audit attempts to receive asterisk_server packets.
+Do not audit attempts to receive hadoop_datanode_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -27281,9 +29598,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_asterisk_server_packets" lineno="8860">
+<interface name="corenet_sendrecv_hadoop_datanode_server_packets" lineno="32784">
 <summary>
-Send and receive asterisk_server packets.
+Send and receive hadoop_datanode_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -27292,9 +29609,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_asterisk_server_packets" lineno="8876">
+<interface name="corenet_dontaudit_sendrecv_hadoop_datanode_server_packets" lineno="32800">
 <summary>
-Do not audit attempts to send and receive asterisk_server packets.
+Do not audit attempts to send and receive hadoop_datanode_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -27303,9 +29620,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_asterisk_server_packets" lineno="8891">
+<interface name="corenet_relabelto_hadoop_datanode_server_packets" lineno="32815">
 <summary>
-Relabel packets to asterisk_server the packet type.
+Relabel packets to hadoop_datanode_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -27313,9 +29630,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_audit_port" lineno="8913">
+<interface name="corenet_tcp_sendrecv_hadoop_namenode_port" lineno="32837">
 <summary>
-Send and receive TCP traffic on the audit port.
+Send and receive TCP traffic on the hadoop_namenode port.
 </summary>
 <param name="domain">
 <summary>
@@ -27324,9 +29641,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_audit_port" lineno="8932">
+<interface name="corenet_udp_send_hadoop_namenode_port" lineno="32856">
 <summary>
-Send UDP traffic on the audit port.
+Send UDP traffic on the hadoop_namenode port.
 </summary>
 <param name="domain">
 <summary>
@@ -27335,9 +29652,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_audit_port" lineno="8951">
+<interface name="corenet_dontaudit_udp_send_hadoop_namenode_port" lineno="32875">
 <summary>
-Do not audit attempts to send UDP traffic on the audit port.
+Do not audit attempts to send UDP traffic on the hadoop_namenode port.
 </summary>
 <param name="domain">
 <summary>
@@ -27346,9 +29663,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_audit_port" lineno="8970">
+<interface name="corenet_udp_receive_hadoop_namenode_port" lineno="32894">
 <summary>
-Receive UDP traffic on the audit port.
+Receive UDP traffic on the hadoop_namenode port.
 </summary>
 <param name="domain">
 <summary>
@@ -27357,9 +29674,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_audit_port" lineno="8989">
+<interface name="corenet_dontaudit_udp_receive_hadoop_namenode_port" lineno="32913">
 <summary>
-Do not audit attempts to receive UDP traffic on the audit port.
+Do not audit attempts to receive UDP traffic on the hadoop_namenode port.
 </summary>
 <param name="domain">
 <summary>
@@ -27368,9 +29685,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_audit_port" lineno="9008">
+<interface name="corenet_udp_sendrecv_hadoop_namenode_port" lineno="32932">
 <summary>
-Send and receive UDP traffic on the audit port.
+Send and receive UDP traffic on the hadoop_namenode port.
 </summary>
 <param name="domain">
 <summary>
@@ -27379,10 +29696,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_audit_port" lineno="9025">
+<interface name="corenet_dontaudit_udp_sendrecv_hadoop_namenode_port" lineno="32949">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the audit port.
+UDP traffic on the hadoop_namenode port.
 </summary>
 <param name="domain">
 <summary>
@@ -27391,9 +29708,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_audit_port" lineno="9041">
+<interface name="corenet_tcp_bind_hadoop_namenode_port" lineno="32965">
 <summary>
-Bind TCP sockets to the audit port.
+Bind TCP sockets to the hadoop_namenode port.
 </summary>
 <param name="domain">
 <summary>
@@ -27402,9 +29719,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_audit_port" lineno="9061">
+<interface name="corenet_udp_bind_hadoop_namenode_port" lineno="32985">
 <summary>
-Bind UDP sockets to the audit port.
+Bind UDP sockets to the hadoop_namenode port.
 </summary>
 <param name="domain">
 <summary>
@@ -27413,9 +29730,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_audit_port" lineno="9080">
+<interface name="corenet_tcp_connect_hadoop_namenode_port" lineno="33004">
 <summary>
-Make a TCP connection to the audit port.
+Make a TCP connection to the hadoop_namenode port.
 </summary>
 <param name="domain">
 <summary>
@@ -27423,9 +29740,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_audit_client_packets" lineno="9100">
+<interface name="corenet_send_hadoop_namenode_client_packets" lineno="33024">
 <summary>
-Send audit_client packets.
+Send hadoop_namenode_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -27434,9 +29751,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_audit_client_packets" lineno="9119">
+<interface name="corenet_dontaudit_send_hadoop_namenode_client_packets" lineno="33043">
 <summary>
-Do not audit attempts to send audit_client packets.
+Do not audit attempts to send hadoop_namenode_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -27445,9 +29762,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_audit_client_packets" lineno="9138">
+<interface name="corenet_receive_hadoop_namenode_client_packets" lineno="33062">
 <summary>
-Receive audit_client packets.
+Receive hadoop_namenode_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -27456,9 +29773,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_audit_client_packets" lineno="9157">
+<interface name="corenet_dontaudit_receive_hadoop_namenode_client_packets" lineno="33081">
 <summary>
-Do not audit attempts to receive audit_client packets.
+Do not audit attempts to receive hadoop_namenode_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -27467,9 +29784,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_audit_client_packets" lineno="9176">
+<interface name="corenet_sendrecv_hadoop_namenode_client_packets" lineno="33100">
 <summary>
-Send and receive audit_client packets.
+Send and receive hadoop_namenode_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -27478,9 +29795,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_audit_client_packets" lineno="9192">
+<interface name="corenet_dontaudit_sendrecv_hadoop_namenode_client_packets" lineno="33116">
 <summary>
-Do not audit attempts to send and receive audit_client packets.
+Do not audit attempts to send and receive hadoop_namenode_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -27489,9 +29806,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_audit_client_packets" lineno="9207">
+<interface name="corenet_relabelto_hadoop_namenode_client_packets" lineno="33131">
 <summary>
-Relabel packets to audit_client the packet type.
+Relabel packets to hadoop_namenode_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -27499,9 +29816,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_audit_server_packets" lineno="9227">
+<interface name="corenet_send_hadoop_namenode_server_packets" lineno="33151">
 <summary>
-Send audit_server packets.
+Send hadoop_namenode_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -27510,9 +29827,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_audit_server_packets" lineno="9246">
+<interface name="corenet_dontaudit_send_hadoop_namenode_server_packets" lineno="33170">
 <summary>
-Do not audit attempts to send audit_server packets.
+Do not audit attempts to send hadoop_namenode_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -27521,9 +29838,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_audit_server_packets" lineno="9265">
+<interface name="corenet_receive_hadoop_namenode_server_packets" lineno="33189">
 <summary>
-Receive audit_server packets.
+Receive hadoop_namenode_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -27532,9 +29849,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_audit_server_packets" lineno="9284">
+<interface name="corenet_dontaudit_receive_hadoop_namenode_server_packets" lineno="33208">
 <summary>
-Do not audit attempts to receive audit_server packets.
+Do not audit attempts to receive hadoop_namenode_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -27543,9 +29860,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_audit_server_packets" lineno="9303">
+<interface name="corenet_sendrecv_hadoop_namenode_server_packets" lineno="33227">
 <summary>
-Send and receive audit_server packets.
+Send and receive hadoop_namenode_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -27554,9 +29871,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_audit_server_packets" lineno="9319">
+<interface name="corenet_dontaudit_sendrecv_hadoop_namenode_server_packets" lineno="33243">
 <summary>
-Do not audit attempts to send and receive audit_server packets.
+Do not audit attempts to send and receive hadoop_namenode_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -27565,9 +29882,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_audit_server_packets" lineno="9334">
+<interface name="corenet_relabelto_hadoop_namenode_server_packets" lineno="33258">
 <summary>
-Relabel packets to audit_server the packet type.
+Relabel packets to hadoop_namenode_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -27575,9 +29892,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_auth_port" lineno="9356">
+<interface name="corenet_tcp_sendrecv_hddtemp_port" lineno="33280">
 <summary>
-Send and receive TCP traffic on the auth port.
+Send and receive TCP traffic on the hddtemp port.
 </summary>
 <param name="domain">
 <summary>
@@ -27586,9 +29903,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_auth_port" lineno="9375">
+<interface name="corenet_udp_send_hddtemp_port" lineno="33299">
 <summary>
-Send UDP traffic on the auth port.
+Send UDP traffic on the hddtemp port.
 </summary>
 <param name="domain">
 <summary>
@@ -27597,9 +29914,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_auth_port" lineno="9394">
+<interface name="corenet_dontaudit_udp_send_hddtemp_port" lineno="33318">
 <summary>
-Do not audit attempts to send UDP traffic on the auth port.
+Do not audit attempts to send UDP traffic on the hddtemp port.
 </summary>
 <param name="domain">
 <summary>
@@ -27608,9 +29925,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_auth_port" lineno="9413">
+<interface name="corenet_udp_receive_hddtemp_port" lineno="33337">
 <summary>
-Receive UDP traffic on the auth port.
+Receive UDP traffic on the hddtemp port.
 </summary>
 <param name="domain">
 <summary>
@@ -27619,9 +29936,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_auth_port" lineno="9432">
+<interface name="corenet_dontaudit_udp_receive_hddtemp_port" lineno="33356">
 <summary>
-Do not audit attempts to receive UDP traffic on the auth port.
+Do not audit attempts to receive UDP traffic on the hddtemp port.
 </summary>
 <param name="domain">
 <summary>
@@ -27630,9 +29947,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_auth_port" lineno="9451">
+<interface name="corenet_udp_sendrecv_hddtemp_port" lineno="33375">
 <summary>
-Send and receive UDP traffic on the auth port.
+Send and receive UDP traffic on the hddtemp port.
 </summary>
 <param name="domain">
 <summary>
@@ -27641,10 +29958,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_auth_port" lineno="9468">
+<interface name="corenet_dontaudit_udp_sendrecv_hddtemp_port" lineno="33392">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the auth port.
+UDP traffic on the hddtemp port.
 </summary>
 <param name="domain">
 <summary>
@@ -27653,9 +29970,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_auth_port" lineno="9484">
+<interface name="corenet_tcp_bind_hddtemp_port" lineno="33408">
 <summary>
-Bind TCP sockets to the auth port.
+Bind TCP sockets to the hddtemp port.
 </summary>
 <param name="domain">
 <summary>
@@ -27664,9 +29981,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_auth_port" lineno="9504">
+<interface name="corenet_udp_bind_hddtemp_port" lineno="33428">
 <summary>
-Bind UDP sockets to the auth port.
+Bind UDP sockets to the hddtemp port.
 </summary>
 <param name="domain">
 <summary>
@@ -27675,9 +29992,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_auth_port" lineno="9523">
+<interface name="corenet_tcp_connect_hddtemp_port" lineno="33447">
 <summary>
-Make a TCP connection to the auth port.
+Make a TCP connection to the hddtemp port.
 </summary>
 <param name="domain">
 <summary>
@@ -27685,9 +30002,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_auth_client_packets" lineno="9543">
+<interface name="corenet_send_hddtemp_client_packets" lineno="33467">
 <summary>
-Send auth_client packets.
+Send hddtemp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -27696,9 +30013,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_auth_client_packets" lineno="9562">
+<interface name="corenet_dontaudit_send_hddtemp_client_packets" lineno="33486">
 <summary>
-Do not audit attempts to send auth_client packets.
+Do not audit attempts to send hddtemp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -27707,9 +30024,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_auth_client_packets" lineno="9581">
+<interface name="corenet_receive_hddtemp_client_packets" lineno="33505">
 <summary>
-Receive auth_client packets.
+Receive hddtemp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -27718,9 +30035,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_auth_client_packets" lineno="9600">
+<interface name="corenet_dontaudit_receive_hddtemp_client_packets" lineno="33524">
 <summary>
-Do not audit attempts to receive auth_client packets.
+Do not audit attempts to receive hddtemp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -27729,9 +30046,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_auth_client_packets" lineno="9619">
+<interface name="corenet_sendrecv_hddtemp_client_packets" lineno="33543">
 <summary>
-Send and receive auth_client packets.
+Send and receive hddtemp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -27740,9 +30057,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_auth_client_packets" lineno="9635">
+<interface name="corenet_dontaudit_sendrecv_hddtemp_client_packets" lineno="33559">
 <summary>
-Do not audit attempts to send and receive auth_client packets.
+Do not audit attempts to send and receive hddtemp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -27751,9 +30068,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_auth_client_packets" lineno="9650">
+<interface name="corenet_relabelto_hddtemp_client_packets" lineno="33574">
 <summary>
-Relabel packets to auth_client the packet type.
+Relabel packets to hddtemp_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -27761,9 +30078,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_auth_server_packets" lineno="9670">
+<interface name="corenet_send_hddtemp_server_packets" lineno="33594">
 <summary>
-Send auth_server packets.
+Send hddtemp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -27772,9 +30089,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_auth_server_packets" lineno="9689">
+<interface name="corenet_dontaudit_send_hddtemp_server_packets" lineno="33613">
 <summary>
-Do not audit attempts to send auth_server packets.
+Do not audit attempts to send hddtemp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -27783,9 +30100,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_auth_server_packets" lineno="9708">
+<interface name="corenet_receive_hddtemp_server_packets" lineno="33632">
 <summary>
-Receive auth_server packets.
+Receive hddtemp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -27794,9 +30111,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_auth_server_packets" lineno="9727">
+<interface name="corenet_dontaudit_receive_hddtemp_server_packets" lineno="33651">
 <summary>
-Do not audit attempts to receive auth_server packets.
+Do not audit attempts to receive hddtemp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -27805,9 +30122,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_auth_server_packets" lineno="9746">
+<interface name="corenet_sendrecv_hddtemp_server_packets" lineno="33670">
 <summary>
-Send and receive auth_server packets.
+Send and receive hddtemp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -27816,9 +30133,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_auth_server_packets" lineno="9762">
+<interface name="corenet_dontaudit_sendrecv_hddtemp_server_packets" lineno="33686">
 <summary>
-Do not audit attempts to send and receive auth_server packets.
+Do not audit attempts to send and receive hddtemp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -27827,9 +30144,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_auth_server_packets" lineno="9777">
+<interface name="corenet_relabelto_hddtemp_server_packets" lineno="33701">
 <summary>
-Relabel packets to auth_server the packet type.
+Relabel packets to hddtemp_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -27837,9 +30154,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_bgp_port" lineno="9799">
+<interface name="corenet_tcp_sendrecv_howl_port" lineno="33723">
 <summary>
-Send and receive TCP traffic on the bgp port.
+Send and receive TCP traffic on the howl port.
 </summary>
 <param name="domain">
 <summary>
@@ -27848,9 +30165,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_bgp_port" lineno="9818">
+<interface name="corenet_udp_send_howl_port" lineno="33742">
 <summary>
-Send UDP traffic on the bgp port.
+Send UDP traffic on the howl port.
 </summary>
 <param name="domain">
 <summary>
@@ -27859,9 +30176,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_bgp_port" lineno="9837">
+<interface name="corenet_dontaudit_udp_send_howl_port" lineno="33761">
 <summary>
-Do not audit attempts to send UDP traffic on the bgp port.
+Do not audit attempts to send UDP traffic on the howl port.
 </summary>
 <param name="domain">
 <summary>
@@ -27870,9 +30187,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_bgp_port" lineno="9856">
+<interface name="corenet_udp_receive_howl_port" lineno="33780">
 <summary>
-Receive UDP traffic on the bgp port.
+Receive UDP traffic on the howl port.
 </summary>
 <param name="domain">
 <summary>
@@ -27881,9 +30198,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_bgp_port" lineno="9875">
+<interface name="corenet_dontaudit_udp_receive_howl_port" lineno="33799">
 <summary>
-Do not audit attempts to receive UDP traffic on the bgp port.
+Do not audit attempts to receive UDP traffic on the howl port.
 </summary>
 <param name="domain">
 <summary>
@@ -27892,9 +30209,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_bgp_port" lineno="9894">
+<interface name="corenet_udp_sendrecv_howl_port" lineno="33818">
 <summary>
-Send and receive UDP traffic on the bgp port.
+Send and receive UDP traffic on the howl port.
 </summary>
 <param name="domain">
 <summary>
@@ -27903,10 +30220,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_bgp_port" lineno="9911">
+<interface name="corenet_dontaudit_udp_sendrecv_howl_port" lineno="33835">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the bgp port.
+UDP traffic on the howl port.
 </summary>
 <param name="domain">
 <summary>
@@ -27915,9 +30232,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_bgp_port" lineno="9927">
+<interface name="corenet_tcp_bind_howl_port" lineno="33851">
 <summary>
-Bind TCP sockets to the bgp port.
+Bind TCP sockets to the howl port.
 </summary>
 <param name="domain">
 <summary>
@@ -27926,9 +30243,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_bgp_port" lineno="9947">
+<interface name="corenet_udp_bind_howl_port" lineno="33871">
 <summary>
-Bind UDP sockets to the bgp port.
+Bind UDP sockets to the howl port.
 </summary>
 <param name="domain">
 <summary>
@@ -27937,9 +30254,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_bgp_port" lineno="9966">
+<interface name="corenet_tcp_connect_howl_port" lineno="33890">
 <summary>
-Make a TCP connection to the bgp port.
+Make a TCP connection to the howl port.
 </summary>
 <param name="domain">
 <summary>
@@ -27947,9 +30264,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_bgp_client_packets" lineno="9986">
+<interface name="corenet_send_howl_client_packets" lineno="33910">
 <summary>
-Send bgp_client packets.
+Send howl_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -27958,9 +30275,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_bgp_client_packets" lineno="10005">
+<interface name="corenet_dontaudit_send_howl_client_packets" lineno="33929">
 <summary>
-Do not audit attempts to send bgp_client packets.
+Do not audit attempts to send howl_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -27969,9 +30286,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_bgp_client_packets" lineno="10024">
+<interface name="corenet_receive_howl_client_packets" lineno="33948">
 <summary>
-Receive bgp_client packets.
+Receive howl_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -27980,9 +30297,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_bgp_client_packets" lineno="10043">
+<interface name="corenet_dontaudit_receive_howl_client_packets" lineno="33967">
 <summary>
-Do not audit attempts to receive bgp_client packets.
+Do not audit attempts to receive howl_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -27991,9 +30308,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_bgp_client_packets" lineno="10062">
+<interface name="corenet_sendrecv_howl_client_packets" lineno="33986">
 <summary>
-Send and receive bgp_client packets.
+Send and receive howl_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -28002,9 +30319,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_bgp_client_packets" lineno="10078">
+<interface name="corenet_dontaudit_sendrecv_howl_client_packets" lineno="34002">
 <summary>
-Do not audit attempts to send and receive bgp_client packets.
+Do not audit attempts to send and receive howl_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -28013,9 +30330,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_bgp_client_packets" lineno="10093">
+<interface name="corenet_relabelto_howl_client_packets" lineno="34017">
 <summary>
-Relabel packets to bgp_client the packet type.
+Relabel packets to howl_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -28023,9 +30340,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_bgp_server_packets" lineno="10113">
+<interface name="corenet_send_howl_server_packets" lineno="34037">
 <summary>
-Send bgp_server packets.
+Send howl_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -28034,9 +30351,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_bgp_server_packets" lineno="10132">
+<interface name="corenet_dontaudit_send_howl_server_packets" lineno="34056">
 <summary>
-Do not audit attempts to send bgp_server packets.
+Do not audit attempts to send howl_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -28045,9 +30362,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_bgp_server_packets" lineno="10151">
+<interface name="corenet_receive_howl_server_packets" lineno="34075">
 <summary>
-Receive bgp_server packets.
+Receive howl_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -28056,9 +30373,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_bgp_server_packets" lineno="10170">
+<interface name="corenet_dontaudit_receive_howl_server_packets" lineno="34094">
 <summary>
-Do not audit attempts to receive bgp_server packets.
+Do not audit attempts to receive howl_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -28067,9 +30384,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_bgp_server_packets" lineno="10189">
+<interface name="corenet_sendrecv_howl_server_packets" lineno="34113">
 <summary>
-Send and receive bgp_server packets.
+Send and receive howl_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -28078,9 +30395,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_bgp_server_packets" lineno="10205">
+<interface name="corenet_dontaudit_sendrecv_howl_server_packets" lineno="34129">
 <summary>
-Do not audit attempts to send and receive bgp_server packets.
+Do not audit attempts to send and receive howl_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -28089,9 +30406,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_bgp_server_packets" lineno="10220">
+<interface name="corenet_relabelto_howl_server_packets" lineno="34144">
 <summary>
-Relabel packets to bgp_server the packet type.
+Relabel packets to howl_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -28099,9 +30416,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_boinc_port" lineno="10242">
+<interface name="corenet_tcp_sendrecv_hplip_port" lineno="34166">
 <summary>
-Send and receive TCP traffic on the boinc port.
+Send and receive TCP traffic on the hplip port.
 </summary>
 <param name="domain">
 <summary>
@@ -28110,9 +30427,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_boinc_port" lineno="10261">
+<interface name="corenet_udp_send_hplip_port" lineno="34185">
 <summary>
-Send UDP traffic on the boinc port.
+Send UDP traffic on the hplip port.
 </summary>
 <param name="domain">
 <summary>
@@ -28121,9 +30438,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_boinc_port" lineno="10280">
+<interface name="corenet_dontaudit_udp_send_hplip_port" lineno="34204">
 <summary>
-Do not audit attempts to send UDP traffic on the boinc port.
+Do not audit attempts to send UDP traffic on the hplip port.
 </summary>
 <param name="domain">
 <summary>
@@ -28132,9 +30449,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_boinc_port" lineno="10299">
+<interface name="corenet_udp_receive_hplip_port" lineno="34223">
 <summary>
-Receive UDP traffic on the boinc port.
+Receive UDP traffic on the hplip port.
 </summary>
 <param name="domain">
 <summary>
@@ -28143,9 +30460,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_boinc_port" lineno="10318">
+<interface name="corenet_dontaudit_udp_receive_hplip_port" lineno="34242">
 <summary>
-Do not audit attempts to receive UDP traffic on the boinc port.
+Do not audit attempts to receive UDP traffic on the hplip port.
 </summary>
 <param name="domain">
 <summary>
@@ -28154,9 +30471,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_boinc_port" lineno="10337">
+<interface name="corenet_udp_sendrecv_hplip_port" lineno="34261">
 <summary>
-Send and receive UDP traffic on the boinc port.
+Send and receive UDP traffic on the hplip port.
 </summary>
 <param name="domain">
 <summary>
@@ -28165,10 +30482,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_boinc_port" lineno="10354">
+<interface name="corenet_dontaudit_udp_sendrecv_hplip_port" lineno="34278">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the boinc port.
+UDP traffic on the hplip port.
 </summary>
 <param name="domain">
 <summary>
@@ -28177,9 +30494,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_boinc_port" lineno="10370">
+<interface name="corenet_tcp_bind_hplip_port" lineno="34294">
 <summary>
-Bind TCP sockets to the boinc port.
+Bind TCP sockets to the hplip port.
 </summary>
 <param name="domain">
 <summary>
@@ -28188,9 +30505,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_boinc_port" lineno="10390">
+<interface name="corenet_udp_bind_hplip_port" lineno="34314">
 <summary>
-Bind UDP sockets to the boinc port.
+Bind UDP sockets to the hplip port.
 </summary>
 <param name="domain">
 <summary>
@@ -28199,9 +30516,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_boinc_port" lineno="10409">
+<interface name="corenet_tcp_connect_hplip_port" lineno="34333">
 <summary>
-Make a TCP connection to the boinc port.
+Make a TCP connection to the hplip port.
 </summary>
 <param name="domain">
 <summary>
@@ -28209,9 +30526,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_boinc_client_packets" lineno="10429">
+<interface name="corenet_send_hplip_client_packets" lineno="34353">
 <summary>
-Send boinc_client packets.
+Send hplip_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -28220,9 +30537,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_boinc_client_packets" lineno="10448">
+<interface name="corenet_dontaudit_send_hplip_client_packets" lineno="34372">
 <summary>
-Do not audit attempts to send boinc_client packets.
+Do not audit attempts to send hplip_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -28231,9 +30548,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_boinc_client_packets" lineno="10467">
+<interface name="corenet_receive_hplip_client_packets" lineno="34391">
 <summary>
-Receive boinc_client packets.
+Receive hplip_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -28242,9 +30559,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_boinc_client_packets" lineno="10486">
+<interface name="corenet_dontaudit_receive_hplip_client_packets" lineno="34410">
 <summary>
-Do not audit attempts to receive boinc_client packets.
+Do not audit attempts to receive hplip_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -28253,9 +30570,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_boinc_client_packets" lineno="10505">
+<interface name="corenet_sendrecv_hplip_client_packets" lineno="34429">
 <summary>
-Send and receive boinc_client packets.
+Send and receive hplip_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -28264,9 +30581,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_boinc_client_packets" lineno="10521">
+<interface name="corenet_dontaudit_sendrecv_hplip_client_packets" lineno="34445">
 <summary>
-Do not audit attempts to send and receive boinc_client packets.
+Do not audit attempts to send and receive hplip_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -28275,9 +30592,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_boinc_client_packets" lineno="10536">
+<interface name="corenet_relabelto_hplip_client_packets" lineno="34460">
 <summary>
-Relabel packets to boinc_client the packet type.
+Relabel packets to hplip_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -28285,9 +30602,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_boinc_server_packets" lineno="10556">
+<interface name="corenet_send_hplip_server_packets" lineno="34480">
 <summary>
-Send boinc_server packets.
+Send hplip_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -28296,9 +30613,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_boinc_server_packets" lineno="10575">
+<interface name="corenet_dontaudit_send_hplip_server_packets" lineno="34499">
 <summary>
-Do not audit attempts to send boinc_server packets.
+Do not audit attempts to send hplip_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -28307,9 +30624,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_boinc_server_packets" lineno="10594">
+<interface name="corenet_receive_hplip_server_packets" lineno="34518">
 <summary>
-Receive boinc_server packets.
+Receive hplip_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -28318,9 +30635,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_boinc_server_packets" lineno="10613">
+<interface name="corenet_dontaudit_receive_hplip_server_packets" lineno="34537">
 <summary>
-Do not audit attempts to receive boinc_server packets.
+Do not audit attempts to receive hplip_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -28329,9 +30646,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_boinc_server_packets" lineno="10632">
+<interface name="corenet_sendrecv_hplip_server_packets" lineno="34556">
 <summary>
-Send and receive boinc_server packets.
+Send and receive hplip_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -28340,9 +30657,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_boinc_server_packets" lineno="10648">
+<interface name="corenet_dontaudit_sendrecv_hplip_server_packets" lineno="34572">
 <summary>
-Do not audit attempts to send and receive boinc_server packets.
+Do not audit attempts to send and receive hplip_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -28351,9 +30668,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_boinc_server_packets" lineno="10663">
+<interface name="corenet_relabelto_hplip_server_packets" lineno="34587">
 <summary>
-Relabel packets to boinc_server the packet type.
+Relabel packets to hplip_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -28361,9 +30678,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_biff_port" lineno="10685">
+<interface name="corenet_tcp_sendrecv_http_port" lineno="34609">
 <summary>
-Send and receive TCP traffic on the biff port.
+Send and receive TCP traffic on the http port.
 </summary>
 <param name="domain">
 <summary>
@@ -28372,9 +30689,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_biff_port" lineno="10704">
+<interface name="corenet_udp_send_http_port" lineno="34628">
 <summary>
-Send UDP traffic on the biff port.
+Send UDP traffic on the http port.
 </summary>
 <param name="domain">
 <summary>
@@ -28383,9 +30700,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_biff_port" lineno="10723">
+<interface name="corenet_dontaudit_udp_send_http_port" lineno="34647">
 <summary>
-Do not audit attempts to send UDP traffic on the biff port.
+Do not audit attempts to send UDP traffic on the http port.
 </summary>
 <param name="domain">
 <summary>
@@ -28394,9 +30711,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_biff_port" lineno="10742">
+<interface name="corenet_udp_receive_http_port" lineno="34666">
 <summary>
-Receive UDP traffic on the biff port.
+Receive UDP traffic on the http port.
 </summary>
 <param name="domain">
 <summary>
@@ -28405,9 +30722,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_biff_port" lineno="10761">
+<interface name="corenet_dontaudit_udp_receive_http_port" lineno="34685">
 <summary>
-Do not audit attempts to receive UDP traffic on the biff port.
+Do not audit attempts to receive UDP traffic on the http port.
 </summary>
 <param name="domain">
 <summary>
@@ -28416,9 +30733,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_biff_port" lineno="10780">
+<interface name="corenet_udp_sendrecv_http_port" lineno="34704">
 <summary>
-Send and receive UDP traffic on the biff port.
+Send and receive UDP traffic on the http port.
 </summary>
 <param name="domain">
 <summary>
@@ -28427,10 +30744,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_biff_port" lineno="10797">
+<interface name="corenet_dontaudit_udp_sendrecv_http_port" lineno="34721">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the biff port.
+UDP traffic on the http port.
 </summary>
 <param name="domain">
 <summary>
@@ -28439,9 +30756,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_biff_port" lineno="10813">
+<interface name="corenet_tcp_bind_http_port" lineno="34737">
 <summary>
-Bind TCP sockets to the biff port.
+Bind TCP sockets to the http port.
 </summary>
 <param name="domain">
 <summary>
@@ -28450,9 +30767,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_biff_port" lineno="10833">
+<interface name="corenet_udp_bind_http_port" lineno="34757">
 <summary>
-Bind UDP sockets to the biff port.
+Bind UDP sockets to the http port.
 </summary>
 <param name="domain">
 <summary>
@@ -28461,9 +30778,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_biff_port" lineno="10852">
+<interface name="corenet_tcp_connect_http_port" lineno="34776">
 <summary>
-Make a TCP connection to the biff port.
+Make a TCP connection to the http port.
 </summary>
 <param name="domain">
 <summary>
@@ -28471,9 +30788,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_biff_client_packets" lineno="10872">
+<interface name="corenet_send_http_client_packets" lineno="34796">
 <summary>
-Send biff_client packets.
+Send http_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -28482,9 +30799,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_biff_client_packets" lineno="10891">
+<interface name="corenet_dontaudit_send_http_client_packets" lineno="34815">
 <summary>
-Do not audit attempts to send biff_client packets.
+Do not audit attempts to send http_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -28493,9 +30810,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_biff_client_packets" lineno="10910">
+<interface name="corenet_receive_http_client_packets" lineno="34834">
 <summary>
-Receive biff_client packets.
+Receive http_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -28504,9 +30821,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_biff_client_packets" lineno="10929">
+<interface name="corenet_dontaudit_receive_http_client_packets" lineno="34853">
 <summary>
-Do not audit attempts to receive biff_client packets.
+Do not audit attempts to receive http_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -28515,9 +30832,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_biff_client_packets" lineno="10948">
+<interface name="corenet_sendrecv_http_client_packets" lineno="34872">
 <summary>
-Send and receive biff_client packets.
+Send and receive http_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -28526,9 +30843,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_biff_client_packets" lineno="10964">
+<interface name="corenet_dontaudit_sendrecv_http_client_packets" lineno="34888">
 <summary>
-Do not audit attempts to send and receive biff_client packets.
+Do not audit attempts to send and receive http_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -28537,9 +30854,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_biff_client_packets" lineno="10979">
+<interface name="corenet_relabelto_http_client_packets" lineno="34903">
 <summary>
-Relabel packets to biff_client the packet type.
+Relabel packets to http_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -28547,9 +30864,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_biff_server_packets" lineno="10999">
+<interface name="corenet_send_http_server_packets" lineno="34923">
 <summary>
-Send biff_server packets.
+Send http_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -28558,9 +30875,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_biff_server_packets" lineno="11018">
+<interface name="corenet_dontaudit_send_http_server_packets" lineno="34942">
 <summary>
-Do not audit attempts to send biff_server packets.
+Do not audit attempts to send http_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -28569,9 +30886,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_biff_server_packets" lineno="11037">
+<interface name="corenet_receive_http_server_packets" lineno="34961">
 <summary>
-Receive biff_server packets.
+Receive http_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -28580,9 +30897,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_biff_server_packets" lineno="11056">
+<interface name="corenet_dontaudit_receive_http_server_packets" lineno="34980">
 <summary>
-Do not audit attempts to receive biff_server packets.
+Do not audit attempts to receive http_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -28591,9 +30908,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_biff_server_packets" lineno="11075">
+<interface name="corenet_sendrecv_http_server_packets" lineno="34999">
 <summary>
-Send and receive biff_server packets.
+Send and receive http_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -28602,9 +30919,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_biff_server_packets" lineno="11091">
+<interface name="corenet_dontaudit_sendrecv_http_server_packets" lineno="35015">
 <summary>
-Do not audit attempts to send and receive biff_server packets.
+Do not audit attempts to send and receive http_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -28613,9 +30930,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_biff_server_packets" lineno="11106">
+<interface name="corenet_relabelto_http_server_packets" lineno="35030">
 <summary>
-Relabel packets to biff_server the packet type.
+Relabel packets to http_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -28623,9 +30940,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_certmaster_port" lineno="11128">
+<interface name="corenet_tcp_sendrecv_http_cache_port" lineno="35052">
 <summary>
-Send and receive TCP traffic on the certmaster port.
+Send and receive TCP traffic on the http_cache port.
 </summary>
 <param name="domain">
 <summary>
@@ -28634,9 +30951,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_certmaster_port" lineno="11147">
+<interface name="corenet_udp_send_http_cache_port" lineno="35071">
 <summary>
-Send UDP traffic on the certmaster port.
+Send UDP traffic on the http_cache port.
 </summary>
 <param name="domain">
 <summary>
@@ -28645,9 +30962,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_certmaster_port" lineno="11166">
+<interface name="corenet_dontaudit_udp_send_http_cache_port" lineno="35090">
 <summary>
-Do not audit attempts to send UDP traffic on the certmaster port.
+Do not audit attempts to send UDP traffic on the http_cache port.
 </summary>
 <param name="domain">
 <summary>
@@ -28656,9 +30973,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_certmaster_port" lineno="11185">
+<interface name="corenet_udp_receive_http_cache_port" lineno="35109">
 <summary>
-Receive UDP traffic on the certmaster port.
+Receive UDP traffic on the http_cache port.
 </summary>
 <param name="domain">
 <summary>
@@ -28667,9 +30984,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_certmaster_port" lineno="11204">
+<interface name="corenet_dontaudit_udp_receive_http_cache_port" lineno="35128">
 <summary>
-Do not audit attempts to receive UDP traffic on the certmaster port.
+Do not audit attempts to receive UDP traffic on the http_cache port.
 </summary>
 <param name="domain">
 <summary>
@@ -28678,9 +30995,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_certmaster_port" lineno="11223">
+<interface name="corenet_udp_sendrecv_http_cache_port" lineno="35147">
 <summary>
-Send and receive UDP traffic on the certmaster port.
+Send and receive UDP traffic on the http_cache port.
 </summary>
 <param name="domain">
 <summary>
@@ -28689,10 +31006,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_certmaster_port" lineno="11240">
+<interface name="corenet_dontaudit_udp_sendrecv_http_cache_port" lineno="35164">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the certmaster port.
+UDP traffic on the http_cache port.
 </summary>
 <param name="domain">
 <summary>
@@ -28701,9 +31018,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_certmaster_port" lineno="11256">
+<interface name="corenet_tcp_bind_http_cache_port" lineno="35180">
 <summary>
-Bind TCP sockets to the certmaster port.
+Bind TCP sockets to the http_cache port.
 </summary>
 <param name="domain">
 <summary>
@@ -28712,9 +31029,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_certmaster_port" lineno="11276">
+<interface name="corenet_udp_bind_http_cache_port" lineno="35200">
 <summary>
-Bind UDP sockets to the certmaster port.
+Bind UDP sockets to the http_cache port.
 </summary>
 <param name="domain">
 <summary>
@@ -28723,9 +31040,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_certmaster_port" lineno="11295">
+<interface name="corenet_tcp_connect_http_cache_port" lineno="35219">
 <summary>
-Make a TCP connection to the certmaster port.
+Make a TCP connection to the http_cache port.
 </summary>
 <param name="domain">
 <summary>
@@ -28733,9 +31050,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_certmaster_client_packets" lineno="11315">
+<interface name="corenet_send_http_cache_client_packets" lineno="35239">
 <summary>
-Send certmaster_client packets.
+Send http_cache_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -28744,9 +31061,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_certmaster_client_packets" lineno="11334">
+<interface name="corenet_dontaudit_send_http_cache_client_packets" lineno="35258">
 <summary>
-Do not audit attempts to send certmaster_client packets.
+Do not audit attempts to send http_cache_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -28755,9 +31072,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_certmaster_client_packets" lineno="11353">
+<interface name="corenet_receive_http_cache_client_packets" lineno="35277">
 <summary>
-Receive certmaster_client packets.
+Receive http_cache_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -28766,9 +31083,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_certmaster_client_packets" lineno="11372">
+<interface name="corenet_dontaudit_receive_http_cache_client_packets" lineno="35296">
 <summary>
-Do not audit attempts to receive certmaster_client packets.
+Do not audit attempts to receive http_cache_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -28777,9 +31094,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_certmaster_client_packets" lineno="11391">
+<interface name="corenet_sendrecv_http_cache_client_packets" lineno="35315">
 <summary>
-Send and receive certmaster_client packets.
+Send and receive http_cache_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -28788,9 +31105,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_certmaster_client_packets" lineno="11407">
+<interface name="corenet_dontaudit_sendrecv_http_cache_client_packets" lineno="35331">
 <summary>
-Do not audit attempts to send and receive certmaster_client packets.
+Do not audit attempts to send and receive http_cache_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -28799,9 +31116,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_certmaster_client_packets" lineno="11422">
+<interface name="corenet_relabelto_http_cache_client_packets" lineno="35346">
 <summary>
-Relabel packets to certmaster_client the packet type.
+Relabel packets to http_cache_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -28809,9 +31126,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_certmaster_server_packets" lineno="11442">
+<interface name="corenet_send_http_cache_server_packets" lineno="35366">
 <summary>
-Send certmaster_server packets.
+Send http_cache_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -28820,9 +31137,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_certmaster_server_packets" lineno="11461">
+<interface name="corenet_dontaudit_send_http_cache_server_packets" lineno="35385">
 <summary>
-Do not audit attempts to send certmaster_server packets.
+Do not audit attempts to send http_cache_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -28831,9 +31148,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_certmaster_server_packets" lineno="11480">
+<interface name="corenet_receive_http_cache_server_packets" lineno="35404">
 <summary>
-Receive certmaster_server packets.
+Receive http_cache_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -28842,9 +31159,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_certmaster_server_packets" lineno="11499">
+<interface name="corenet_dontaudit_receive_http_cache_server_packets" lineno="35423">
 <summary>
-Do not audit attempts to receive certmaster_server packets.
+Do not audit attempts to receive http_cache_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -28853,9 +31170,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_certmaster_server_packets" lineno="11518">
+<interface name="corenet_sendrecv_http_cache_server_packets" lineno="35442">
 <summary>
-Send and receive certmaster_server packets.
+Send and receive http_cache_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -28864,9 +31181,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_certmaster_server_packets" lineno="11534">
+<interface name="corenet_dontaudit_sendrecv_http_cache_server_packets" lineno="35458">
 <summary>
-Do not audit attempts to send and receive certmaster_server packets.
+Do not audit attempts to send and receive http_cache_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -28875,9 +31192,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_certmaster_server_packets" lineno="11549">
+<interface name="corenet_relabelto_http_cache_server_packets" lineno="35473">
 <summary>
-Relabel packets to certmaster_server the packet type.
+Relabel packets to http_cache_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -28885,9 +31202,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_chronyd_port" lineno="11571">
+<interface name="corenet_tcp_sendrecv_i18n_input_port" lineno="35495">
 <summary>
-Send and receive TCP traffic on the chronyd port.
+Send and receive TCP traffic on the i18n_input port.
 </summary>
 <param name="domain">
 <summary>
@@ -28896,9 +31213,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_chronyd_port" lineno="11590">
+<interface name="corenet_udp_send_i18n_input_port" lineno="35514">
 <summary>
-Send UDP traffic on the chronyd port.
+Send UDP traffic on the i18n_input port.
 </summary>
 <param name="domain">
 <summary>
@@ -28907,9 +31224,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_chronyd_port" lineno="11609">
+<interface name="corenet_dontaudit_udp_send_i18n_input_port" lineno="35533">
 <summary>
-Do not audit attempts to send UDP traffic on the chronyd port.
+Do not audit attempts to send UDP traffic on the i18n_input port.
 </summary>
 <param name="domain">
 <summary>
@@ -28918,9 +31235,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_chronyd_port" lineno="11628">
+<interface name="corenet_udp_receive_i18n_input_port" lineno="35552">
 <summary>
-Receive UDP traffic on the chronyd port.
+Receive UDP traffic on the i18n_input port.
 </summary>
 <param name="domain">
 <summary>
@@ -28929,9 +31246,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_chronyd_port" lineno="11647">
+<interface name="corenet_dontaudit_udp_receive_i18n_input_port" lineno="35571">
 <summary>
-Do not audit attempts to receive UDP traffic on the chronyd port.
+Do not audit attempts to receive UDP traffic on the i18n_input port.
 </summary>
 <param name="domain">
 <summary>
@@ -28940,9 +31257,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_chronyd_port" lineno="11666">
+<interface name="corenet_udp_sendrecv_i18n_input_port" lineno="35590">
 <summary>
-Send and receive UDP traffic on the chronyd port.
+Send and receive UDP traffic on the i18n_input port.
 </summary>
 <param name="domain">
 <summary>
@@ -28951,10 +31268,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_chronyd_port" lineno="11683">
+<interface name="corenet_dontaudit_udp_sendrecv_i18n_input_port" lineno="35607">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the chronyd port.
+UDP traffic on the i18n_input port.
 </summary>
 <param name="domain">
 <summary>
@@ -28963,9 +31280,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_chronyd_port" lineno="11699">
+<interface name="corenet_tcp_bind_i18n_input_port" lineno="35623">
 <summary>
-Bind TCP sockets to the chronyd port.
+Bind TCP sockets to the i18n_input port.
 </summary>
 <param name="domain">
 <summary>
@@ -28974,9 +31291,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_chronyd_port" lineno="11719">
+<interface name="corenet_udp_bind_i18n_input_port" lineno="35643">
 <summary>
-Bind UDP sockets to the chronyd port.
+Bind UDP sockets to the i18n_input port.
 </summary>
 <param name="domain">
 <summary>
@@ -28985,9 +31302,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_chronyd_port" lineno="11738">
+<interface name="corenet_tcp_connect_i18n_input_port" lineno="35662">
 <summary>
-Make a TCP connection to the chronyd port.
+Make a TCP connection to the i18n_input port.
 </summary>
 <param name="domain">
 <summary>
@@ -28995,9 +31312,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_chronyd_client_packets" lineno="11758">
+<interface name="corenet_send_i18n_input_client_packets" lineno="35682">
 <summary>
-Send chronyd_client packets.
+Send i18n_input_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29006,9 +31323,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_chronyd_client_packets" lineno="11777">
+<interface name="corenet_dontaudit_send_i18n_input_client_packets" lineno="35701">
 <summary>
-Do not audit attempts to send chronyd_client packets.
+Do not audit attempts to send i18n_input_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29017,9 +31334,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_chronyd_client_packets" lineno="11796">
+<interface name="corenet_receive_i18n_input_client_packets" lineno="35720">
 <summary>
-Receive chronyd_client packets.
+Receive i18n_input_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29028,9 +31345,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_chronyd_client_packets" lineno="11815">
+<interface name="corenet_dontaudit_receive_i18n_input_client_packets" lineno="35739">
 <summary>
-Do not audit attempts to receive chronyd_client packets.
+Do not audit attempts to receive i18n_input_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29039,9 +31356,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_chronyd_client_packets" lineno="11834">
+<interface name="corenet_sendrecv_i18n_input_client_packets" lineno="35758">
 <summary>
-Send and receive chronyd_client packets.
+Send and receive i18n_input_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29050,9 +31367,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_chronyd_client_packets" lineno="11850">
+<interface name="corenet_dontaudit_sendrecv_i18n_input_client_packets" lineno="35774">
 <summary>
-Do not audit attempts to send and receive chronyd_client packets.
+Do not audit attempts to send and receive i18n_input_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29061,9 +31378,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_chronyd_client_packets" lineno="11865">
+<interface name="corenet_relabelto_i18n_input_client_packets" lineno="35789">
 <summary>
-Relabel packets to chronyd_client the packet type.
+Relabel packets to i18n_input_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -29071,9 +31388,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_chronyd_server_packets" lineno="11885">
+<interface name="corenet_send_i18n_input_server_packets" lineno="35809">
 <summary>
-Send chronyd_server packets.
+Send i18n_input_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29082,9 +31399,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_chronyd_server_packets" lineno="11904">
+<interface name="corenet_dontaudit_send_i18n_input_server_packets" lineno="35828">
 <summary>
-Do not audit attempts to send chronyd_server packets.
+Do not audit attempts to send i18n_input_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29093,9 +31410,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_chronyd_server_packets" lineno="11923">
+<interface name="corenet_receive_i18n_input_server_packets" lineno="35847">
 <summary>
-Receive chronyd_server packets.
+Receive i18n_input_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29104,9 +31421,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_chronyd_server_packets" lineno="11942">
+<interface name="corenet_dontaudit_receive_i18n_input_server_packets" lineno="35866">
 <summary>
-Do not audit attempts to receive chronyd_server packets.
+Do not audit attempts to receive i18n_input_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29115,9 +31432,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_chronyd_server_packets" lineno="11961">
+<interface name="corenet_sendrecv_i18n_input_server_packets" lineno="35885">
 <summary>
-Send and receive chronyd_server packets.
+Send and receive i18n_input_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29126,9 +31443,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_chronyd_server_packets" lineno="11977">
+<interface name="corenet_dontaudit_sendrecv_i18n_input_server_packets" lineno="35901">
 <summary>
-Do not audit attempts to send and receive chronyd_server packets.
+Do not audit attempts to send and receive i18n_input_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29137,9 +31454,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_chronyd_server_packets" lineno="11992">
+<interface name="corenet_relabelto_i18n_input_server_packets" lineno="35916">
 <summary>
-Relabel packets to chronyd_server the packet type.
+Relabel packets to i18n_input_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -29147,9 +31464,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_clamd_port" lineno="12014">
+<interface name="corenet_tcp_sendrecv_imaze_port" lineno="35938">
 <summary>
-Send and receive TCP traffic on the clamd port.
+Send and receive TCP traffic on the imaze port.
 </summary>
 <param name="domain">
 <summary>
@@ -29158,9 +31475,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_clamd_port" lineno="12033">
+<interface name="corenet_udp_send_imaze_port" lineno="35957">
 <summary>
-Send UDP traffic on the clamd port.
+Send UDP traffic on the imaze port.
 </summary>
 <param name="domain">
 <summary>
@@ -29169,9 +31486,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_clamd_port" lineno="12052">
+<interface name="corenet_dontaudit_udp_send_imaze_port" lineno="35976">
 <summary>
-Do not audit attempts to send UDP traffic on the clamd port.
+Do not audit attempts to send UDP traffic on the imaze port.
 </summary>
 <param name="domain">
 <summary>
@@ -29180,9 +31497,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_clamd_port" lineno="12071">
+<interface name="corenet_udp_receive_imaze_port" lineno="35995">
 <summary>
-Receive UDP traffic on the clamd port.
+Receive UDP traffic on the imaze port.
 </summary>
 <param name="domain">
 <summary>
@@ -29191,9 +31508,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_clamd_port" lineno="12090">
+<interface name="corenet_dontaudit_udp_receive_imaze_port" lineno="36014">
 <summary>
-Do not audit attempts to receive UDP traffic on the clamd port.
+Do not audit attempts to receive UDP traffic on the imaze port.
 </summary>
 <param name="domain">
 <summary>
@@ -29202,9 +31519,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_clamd_port" lineno="12109">
+<interface name="corenet_udp_sendrecv_imaze_port" lineno="36033">
 <summary>
-Send and receive UDP traffic on the clamd port.
+Send and receive UDP traffic on the imaze port.
 </summary>
 <param name="domain">
 <summary>
@@ -29213,10 +31530,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_clamd_port" lineno="12126">
+<interface name="corenet_dontaudit_udp_sendrecv_imaze_port" lineno="36050">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the clamd port.
+UDP traffic on the imaze port.
 </summary>
 <param name="domain">
 <summary>
@@ -29225,9 +31542,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_clamd_port" lineno="12142">
+<interface name="corenet_tcp_bind_imaze_port" lineno="36066">
 <summary>
-Bind TCP sockets to the clamd port.
+Bind TCP sockets to the imaze port.
 </summary>
 <param name="domain">
 <summary>
@@ -29236,9 +31553,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_clamd_port" lineno="12162">
+<interface name="corenet_udp_bind_imaze_port" lineno="36086">
 <summary>
-Bind UDP sockets to the clamd port.
+Bind UDP sockets to the imaze port.
 </summary>
 <param name="domain">
 <summary>
@@ -29247,9 +31564,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_clamd_port" lineno="12181">
+<interface name="corenet_tcp_connect_imaze_port" lineno="36105">
 <summary>
-Make a TCP connection to the clamd port.
+Make a TCP connection to the imaze port.
 </summary>
 <param name="domain">
 <summary>
@@ -29257,9 +31574,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_clamd_client_packets" lineno="12201">
+<interface name="corenet_send_imaze_client_packets" lineno="36125">
 <summary>
-Send clamd_client packets.
+Send imaze_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29268,9 +31585,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_clamd_client_packets" lineno="12220">
+<interface name="corenet_dontaudit_send_imaze_client_packets" lineno="36144">
 <summary>
-Do not audit attempts to send clamd_client packets.
+Do not audit attempts to send imaze_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29279,9 +31596,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_clamd_client_packets" lineno="12239">
+<interface name="corenet_receive_imaze_client_packets" lineno="36163">
 <summary>
-Receive clamd_client packets.
+Receive imaze_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29290,9 +31607,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_clamd_client_packets" lineno="12258">
+<interface name="corenet_dontaudit_receive_imaze_client_packets" lineno="36182">
 <summary>
-Do not audit attempts to receive clamd_client packets.
+Do not audit attempts to receive imaze_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29301,9 +31618,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_clamd_client_packets" lineno="12277">
+<interface name="corenet_sendrecv_imaze_client_packets" lineno="36201">
 <summary>
-Send and receive clamd_client packets.
+Send and receive imaze_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29312,9 +31629,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_clamd_client_packets" lineno="12293">
+<interface name="corenet_dontaudit_sendrecv_imaze_client_packets" lineno="36217">
 <summary>
-Do not audit attempts to send and receive clamd_client packets.
+Do not audit attempts to send and receive imaze_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29323,9 +31640,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_clamd_client_packets" lineno="12308">
+<interface name="corenet_relabelto_imaze_client_packets" lineno="36232">
 <summary>
-Relabel packets to clamd_client the packet type.
+Relabel packets to imaze_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -29333,9 +31650,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_clamd_server_packets" lineno="12328">
+<interface name="corenet_send_imaze_server_packets" lineno="36252">
 <summary>
-Send clamd_server packets.
+Send imaze_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29344,9 +31661,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_clamd_server_packets" lineno="12347">
+<interface name="corenet_dontaudit_send_imaze_server_packets" lineno="36271">
 <summary>
-Do not audit attempts to send clamd_server packets.
+Do not audit attempts to send imaze_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29355,9 +31672,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_clamd_server_packets" lineno="12366">
+<interface name="corenet_receive_imaze_server_packets" lineno="36290">
 <summary>
-Receive clamd_server packets.
+Receive imaze_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29366,9 +31683,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_clamd_server_packets" lineno="12385">
+<interface name="corenet_dontaudit_receive_imaze_server_packets" lineno="36309">
 <summary>
-Do not audit attempts to receive clamd_server packets.
+Do not audit attempts to receive imaze_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29377,9 +31694,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_clamd_server_packets" lineno="12404">
+<interface name="corenet_sendrecv_imaze_server_packets" lineno="36328">
 <summary>
-Send and receive clamd_server packets.
+Send and receive imaze_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29388,9 +31705,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_clamd_server_packets" lineno="12420">
+<interface name="corenet_dontaudit_sendrecv_imaze_server_packets" lineno="36344">
 <summary>
-Do not audit attempts to send and receive clamd_server packets.
+Do not audit attempts to send and receive imaze_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29399,9 +31716,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_clamd_server_packets" lineno="12435">
+<interface name="corenet_relabelto_imaze_server_packets" lineno="36359">
 <summary>
-Relabel packets to clamd_server the packet type.
+Relabel packets to imaze_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -29409,9 +31726,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_clockspeed_port" lineno="12457">
+<interface name="corenet_tcp_sendrecv_inetd_child_port" lineno="36381">
 <summary>
-Send and receive TCP traffic on the clockspeed port.
+Send and receive TCP traffic on the inetd_child port.
 </summary>
 <param name="domain">
 <summary>
@@ -29420,9 +31737,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_clockspeed_port" lineno="12476">
+<interface name="corenet_udp_send_inetd_child_port" lineno="36400">
 <summary>
-Send UDP traffic on the clockspeed port.
+Send UDP traffic on the inetd_child port.
 </summary>
 <param name="domain">
 <summary>
@@ -29431,9 +31748,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_clockspeed_port" lineno="12495">
+<interface name="corenet_dontaudit_udp_send_inetd_child_port" lineno="36419">
 <summary>
-Do not audit attempts to send UDP traffic on the clockspeed port.
+Do not audit attempts to send UDP traffic on the inetd_child port.
 </summary>
 <param name="domain">
 <summary>
@@ -29442,9 +31759,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_clockspeed_port" lineno="12514">
+<interface name="corenet_udp_receive_inetd_child_port" lineno="36438">
 <summary>
-Receive UDP traffic on the clockspeed port.
+Receive UDP traffic on the inetd_child port.
 </summary>
 <param name="domain">
 <summary>
@@ -29453,9 +31770,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_clockspeed_port" lineno="12533">
+<interface name="corenet_dontaudit_udp_receive_inetd_child_port" lineno="36457">
 <summary>
-Do not audit attempts to receive UDP traffic on the clockspeed port.
+Do not audit attempts to receive UDP traffic on the inetd_child port.
 </summary>
 <param name="domain">
 <summary>
@@ -29464,9 +31781,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_clockspeed_port" lineno="12552">
+<interface name="corenet_udp_sendrecv_inetd_child_port" lineno="36476">
 <summary>
-Send and receive UDP traffic on the clockspeed port.
+Send and receive UDP traffic on the inetd_child port.
 </summary>
 <param name="domain">
 <summary>
@@ -29475,10 +31792,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_clockspeed_port" lineno="12569">
+<interface name="corenet_dontaudit_udp_sendrecv_inetd_child_port" lineno="36493">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the clockspeed port.
+UDP traffic on the inetd_child port.
 </summary>
 <param name="domain">
 <summary>
@@ -29487,9 +31804,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_clockspeed_port" lineno="12585">
+<interface name="corenet_tcp_bind_inetd_child_port" lineno="36509">
 <summary>
-Bind TCP sockets to the clockspeed port.
+Bind TCP sockets to the inetd_child port.
 </summary>
 <param name="domain">
 <summary>
@@ -29498,9 +31815,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_clockspeed_port" lineno="12605">
+<interface name="corenet_udp_bind_inetd_child_port" lineno="36529">
 <summary>
-Bind UDP sockets to the clockspeed port.
+Bind UDP sockets to the inetd_child port.
 </summary>
 <param name="domain">
 <summary>
@@ -29509,9 +31826,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_clockspeed_port" lineno="12624">
+<interface name="corenet_tcp_connect_inetd_child_port" lineno="36548">
 <summary>
-Make a TCP connection to the clockspeed port.
+Make a TCP connection to the inetd_child port.
 </summary>
 <param name="domain">
 <summary>
@@ -29519,9 +31836,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_clockspeed_client_packets" lineno="12644">
+<interface name="corenet_send_inetd_child_client_packets" lineno="36568">
 <summary>
-Send clockspeed_client packets.
+Send inetd_child_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29530,9 +31847,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_clockspeed_client_packets" lineno="12663">
+<interface name="corenet_dontaudit_send_inetd_child_client_packets" lineno="36587">
 <summary>
-Do not audit attempts to send clockspeed_client packets.
+Do not audit attempts to send inetd_child_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29541,9 +31858,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_clockspeed_client_packets" lineno="12682">
+<interface name="corenet_receive_inetd_child_client_packets" lineno="36606">
 <summary>
-Receive clockspeed_client packets.
+Receive inetd_child_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29552,9 +31869,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_clockspeed_client_packets" lineno="12701">
+<interface name="corenet_dontaudit_receive_inetd_child_client_packets" lineno="36625">
 <summary>
-Do not audit attempts to receive clockspeed_client packets.
+Do not audit attempts to receive inetd_child_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29563,9 +31880,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_clockspeed_client_packets" lineno="12720">
+<interface name="corenet_sendrecv_inetd_child_client_packets" lineno="36644">
 <summary>
-Send and receive clockspeed_client packets.
+Send and receive inetd_child_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29574,9 +31891,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_clockspeed_client_packets" lineno="12736">
+<interface name="corenet_dontaudit_sendrecv_inetd_child_client_packets" lineno="36660">
 <summary>
-Do not audit attempts to send and receive clockspeed_client packets.
+Do not audit attempts to send and receive inetd_child_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29585,9 +31902,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_clockspeed_client_packets" lineno="12751">
+<interface name="corenet_relabelto_inetd_child_client_packets" lineno="36675">
 <summary>
-Relabel packets to clockspeed_client the packet type.
+Relabel packets to inetd_child_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -29595,9 +31912,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_clockspeed_server_packets" lineno="12771">
+<interface name="corenet_send_inetd_child_server_packets" lineno="36695">
 <summary>
-Send clockspeed_server packets.
+Send inetd_child_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29606,9 +31923,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_clockspeed_server_packets" lineno="12790">
+<interface name="corenet_dontaudit_send_inetd_child_server_packets" lineno="36714">
 <summary>
-Do not audit attempts to send clockspeed_server packets.
+Do not audit attempts to send inetd_child_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29617,9 +31934,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_clockspeed_server_packets" lineno="12809">
+<interface name="corenet_receive_inetd_child_server_packets" lineno="36733">
 <summary>
-Receive clockspeed_server packets.
+Receive inetd_child_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29628,9 +31945,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_clockspeed_server_packets" lineno="12828">
+<interface name="corenet_dontaudit_receive_inetd_child_server_packets" lineno="36752">
 <summary>
-Do not audit attempts to receive clockspeed_server packets.
+Do not audit attempts to receive inetd_child_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29639,9 +31956,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_clockspeed_server_packets" lineno="12847">
+<interface name="corenet_sendrecv_inetd_child_server_packets" lineno="36771">
 <summary>
-Send and receive clockspeed_server packets.
+Send and receive inetd_child_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29650,9 +31967,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_clockspeed_server_packets" lineno="12863">
+<interface name="corenet_dontaudit_sendrecv_inetd_child_server_packets" lineno="36787">
 <summary>
-Do not audit attempts to send and receive clockspeed_server packets.
+Do not audit attempts to send and receive inetd_child_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29661,9 +31978,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_clockspeed_server_packets" lineno="12878">
+<interface name="corenet_relabelto_inetd_child_server_packets" lineno="36802">
 <summary>
-Relabel packets to clockspeed_server the packet type.
+Relabel packets to inetd_child_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -29671,9 +31988,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_cluster_port" lineno="12900">
+<interface name="corenet_tcp_sendrecv_innd_port" lineno="36824">
 <summary>
-Send and receive TCP traffic on the cluster port.
+Send and receive TCP traffic on the innd port.
 </summary>
 <param name="domain">
 <summary>
@@ -29682,9 +31999,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_cluster_port" lineno="12919">
+<interface name="corenet_udp_send_innd_port" lineno="36843">
 <summary>
-Send UDP traffic on the cluster port.
+Send UDP traffic on the innd port.
 </summary>
 <param name="domain">
 <summary>
@@ -29693,9 +32010,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_cluster_port" lineno="12938">
+<interface name="corenet_dontaudit_udp_send_innd_port" lineno="36862">
 <summary>
-Do not audit attempts to send UDP traffic on the cluster port.
+Do not audit attempts to send UDP traffic on the innd port.
 </summary>
 <param name="domain">
 <summary>
@@ -29704,9 +32021,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_cluster_port" lineno="12957">
+<interface name="corenet_udp_receive_innd_port" lineno="36881">
 <summary>
-Receive UDP traffic on the cluster port.
+Receive UDP traffic on the innd port.
 </summary>
 <param name="domain">
 <summary>
@@ -29715,9 +32032,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_cluster_port" lineno="12976">
+<interface name="corenet_dontaudit_udp_receive_innd_port" lineno="36900">
 <summary>
-Do not audit attempts to receive UDP traffic on the cluster port.
+Do not audit attempts to receive UDP traffic on the innd port.
 </summary>
 <param name="domain">
 <summary>
@@ -29726,9 +32043,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_cluster_port" lineno="12995">
+<interface name="corenet_udp_sendrecv_innd_port" lineno="36919">
 <summary>
-Send and receive UDP traffic on the cluster port.
+Send and receive UDP traffic on the innd port.
 </summary>
 <param name="domain">
 <summary>
@@ -29737,10 +32054,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_cluster_port" lineno="13012">
+<interface name="corenet_dontaudit_udp_sendrecv_innd_port" lineno="36936">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the cluster port.
+UDP traffic on the innd port.
 </summary>
 <param name="domain">
 <summary>
@@ -29749,9 +32066,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_cluster_port" lineno="13028">
+<interface name="corenet_tcp_bind_innd_port" lineno="36952">
 <summary>
-Bind TCP sockets to the cluster port.
+Bind TCP sockets to the innd port.
 </summary>
 <param name="domain">
 <summary>
@@ -29760,9 +32077,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_cluster_port" lineno="13048">
+<interface name="corenet_udp_bind_innd_port" lineno="36972">
 <summary>
-Bind UDP sockets to the cluster port.
+Bind UDP sockets to the innd port.
 </summary>
 <param name="domain">
 <summary>
@@ -29771,9 +32088,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_cluster_port" lineno="13067">
+<interface name="corenet_tcp_connect_innd_port" lineno="36991">
 <summary>
-Make a TCP connection to the cluster port.
+Make a TCP connection to the innd port.
 </summary>
 <param name="domain">
 <summary>
@@ -29781,9 +32098,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_cluster_client_packets" lineno="13087">
+<interface name="corenet_send_innd_client_packets" lineno="37011">
 <summary>
-Send cluster_client packets.
+Send innd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29792,9 +32109,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_cluster_client_packets" lineno="13106">
+<interface name="corenet_dontaudit_send_innd_client_packets" lineno="37030">
 <summary>
-Do not audit attempts to send cluster_client packets.
+Do not audit attempts to send innd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29803,9 +32120,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_cluster_client_packets" lineno="13125">
+<interface name="corenet_receive_innd_client_packets" lineno="37049">
 <summary>
-Receive cluster_client packets.
+Receive innd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29814,9 +32131,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_cluster_client_packets" lineno="13144">
+<interface name="corenet_dontaudit_receive_innd_client_packets" lineno="37068">
 <summary>
-Do not audit attempts to receive cluster_client packets.
+Do not audit attempts to receive innd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29825,9 +32142,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_cluster_client_packets" lineno="13163">
+<interface name="corenet_sendrecv_innd_client_packets" lineno="37087">
 <summary>
-Send and receive cluster_client packets.
+Send and receive innd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29836,9 +32153,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_cluster_client_packets" lineno="13179">
+<interface name="corenet_dontaudit_sendrecv_innd_client_packets" lineno="37103">
 <summary>
-Do not audit attempts to send and receive cluster_client packets.
+Do not audit attempts to send and receive innd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29847,9 +32164,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_cluster_client_packets" lineno="13194">
+<interface name="corenet_relabelto_innd_client_packets" lineno="37118">
 <summary>
-Relabel packets to cluster_client the packet type.
+Relabel packets to innd_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -29857,9 +32174,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_cluster_server_packets" lineno="13214">
+<interface name="corenet_send_innd_server_packets" lineno="37138">
 <summary>
-Send cluster_server packets.
+Send innd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29868,9 +32185,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_cluster_server_packets" lineno="13233">
+<interface name="corenet_dontaudit_send_innd_server_packets" lineno="37157">
 <summary>
-Do not audit attempts to send cluster_server packets.
+Do not audit attempts to send innd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29879,9 +32196,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_cluster_server_packets" lineno="13252">
+<interface name="corenet_receive_innd_server_packets" lineno="37176">
 <summary>
-Receive cluster_server packets.
+Receive innd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29890,9 +32207,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_cluster_server_packets" lineno="13271">
+<interface name="corenet_dontaudit_receive_innd_server_packets" lineno="37195">
 <summary>
-Do not audit attempts to receive cluster_server packets.
+Do not audit attempts to receive innd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29901,9 +32218,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_cluster_server_packets" lineno="13290">
+<interface name="corenet_sendrecv_innd_server_packets" lineno="37214">
 <summary>
-Send and receive cluster_server packets.
+Send and receive innd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29912,9 +32229,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_cluster_server_packets" lineno="13306">
+<interface name="corenet_dontaudit_sendrecv_innd_server_packets" lineno="37230">
 <summary>
-Do not audit attempts to send and receive cluster_server packets.
+Do not audit attempts to send and receive innd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -29923,9 +32240,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_cluster_server_packets" lineno="13321">
+<interface name="corenet_relabelto_innd_server_packets" lineno="37245">
 <summary>
-Relabel packets to cluster_server the packet type.
+Relabel packets to innd_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -29933,9 +32250,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_cobbler_port" lineno="13343">
+<interface name="corenet_tcp_sendrecv_interwise_port" lineno="37267">
 <summary>
-Send and receive TCP traffic on the cobbler port.
+Send and receive TCP traffic on the interwise port.
 </summary>
 <param name="domain">
 <summary>
@@ -29944,9 +32261,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_cobbler_port" lineno="13362">
+<interface name="corenet_udp_send_interwise_port" lineno="37286">
 <summary>
-Send UDP traffic on the cobbler port.
+Send UDP traffic on the interwise port.
 </summary>
 <param name="domain">
 <summary>
@@ -29955,9 +32272,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_cobbler_port" lineno="13381">
+<interface name="corenet_dontaudit_udp_send_interwise_port" lineno="37305">
 <summary>
-Do not audit attempts to send UDP traffic on the cobbler port.
+Do not audit attempts to send UDP traffic on the interwise port.
 </summary>
 <param name="domain">
 <summary>
@@ -29966,9 +32283,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_cobbler_port" lineno="13400">
+<interface name="corenet_udp_receive_interwise_port" lineno="37324">
 <summary>
-Receive UDP traffic on the cobbler port.
+Receive UDP traffic on the interwise port.
 </summary>
 <param name="domain">
 <summary>
@@ -29977,9 +32294,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_cobbler_port" lineno="13419">
+<interface name="corenet_dontaudit_udp_receive_interwise_port" lineno="37343">
 <summary>
-Do not audit attempts to receive UDP traffic on the cobbler port.
+Do not audit attempts to receive UDP traffic on the interwise port.
 </summary>
 <param name="domain">
 <summary>
@@ -29988,9 +32305,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_cobbler_port" lineno="13438">
+<interface name="corenet_udp_sendrecv_interwise_port" lineno="37362">
 <summary>
-Send and receive UDP traffic on the cobbler port.
+Send and receive UDP traffic on the interwise port.
 </summary>
 <param name="domain">
 <summary>
@@ -29999,10 +32316,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_cobbler_port" lineno="13455">
+<interface name="corenet_dontaudit_udp_sendrecv_interwise_port" lineno="37379">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the cobbler port.
+UDP traffic on the interwise port.
 </summary>
 <param name="domain">
 <summary>
@@ -30011,9 +32328,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_cobbler_port" lineno="13471">
+<interface name="corenet_tcp_bind_interwise_port" lineno="37395">
 <summary>
-Bind TCP sockets to the cobbler port.
+Bind TCP sockets to the interwise port.
 </summary>
 <param name="domain">
 <summary>
@@ -30022,9 +32339,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_cobbler_port" lineno="13491">
+<interface name="corenet_udp_bind_interwise_port" lineno="37415">
 <summary>
-Bind UDP sockets to the cobbler port.
+Bind UDP sockets to the interwise port.
 </summary>
 <param name="domain">
 <summary>
@@ -30033,9 +32350,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_cobbler_port" lineno="13510">
+<interface name="corenet_tcp_connect_interwise_port" lineno="37434">
 <summary>
-Make a TCP connection to the cobbler port.
+Make a TCP connection to the interwise port.
 </summary>
 <param name="domain">
 <summary>
@@ -30043,9 +32360,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_cobbler_client_packets" lineno="13530">
+<interface name="corenet_send_interwise_client_packets" lineno="37454">
 <summary>
-Send cobbler_client packets.
+Send interwise_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30054,9 +32371,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_cobbler_client_packets" lineno="13549">
+<interface name="corenet_dontaudit_send_interwise_client_packets" lineno="37473">
 <summary>
-Do not audit attempts to send cobbler_client packets.
+Do not audit attempts to send interwise_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30065,9 +32382,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_cobbler_client_packets" lineno="13568">
+<interface name="corenet_receive_interwise_client_packets" lineno="37492">
 <summary>
-Receive cobbler_client packets.
+Receive interwise_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30076,9 +32393,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_cobbler_client_packets" lineno="13587">
+<interface name="corenet_dontaudit_receive_interwise_client_packets" lineno="37511">
 <summary>
-Do not audit attempts to receive cobbler_client packets.
+Do not audit attempts to receive interwise_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30087,9 +32404,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_cobbler_client_packets" lineno="13606">
+<interface name="corenet_sendrecv_interwise_client_packets" lineno="37530">
 <summary>
-Send and receive cobbler_client packets.
+Send and receive interwise_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30098,9 +32415,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_cobbler_client_packets" lineno="13622">
+<interface name="corenet_dontaudit_sendrecv_interwise_client_packets" lineno="37546">
 <summary>
-Do not audit attempts to send and receive cobbler_client packets.
+Do not audit attempts to send and receive interwise_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30109,9 +32426,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_cobbler_client_packets" lineno="13637">
+<interface name="corenet_relabelto_interwise_client_packets" lineno="37561">
 <summary>
-Relabel packets to cobbler_client the packet type.
+Relabel packets to interwise_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -30119,9 +32436,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_cobbler_server_packets" lineno="13657">
+<interface name="corenet_send_interwise_server_packets" lineno="37581">
 <summary>
-Send cobbler_server packets.
+Send interwise_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30130,9 +32447,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_cobbler_server_packets" lineno="13676">
+<interface name="corenet_dontaudit_send_interwise_server_packets" lineno="37600">
 <summary>
-Do not audit attempts to send cobbler_server packets.
+Do not audit attempts to send interwise_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30141,9 +32458,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_cobbler_server_packets" lineno="13695">
+<interface name="corenet_receive_interwise_server_packets" lineno="37619">
 <summary>
-Receive cobbler_server packets.
+Receive interwise_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30152,9 +32469,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_cobbler_server_packets" lineno="13714">
+<interface name="corenet_dontaudit_receive_interwise_server_packets" lineno="37638">
 <summary>
-Do not audit attempts to receive cobbler_server packets.
+Do not audit attempts to receive interwise_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30163,9 +32480,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_cobbler_server_packets" lineno="13733">
+<interface name="corenet_sendrecv_interwise_server_packets" lineno="37657">
 <summary>
-Send and receive cobbler_server packets.
+Send and receive interwise_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30174,9 +32491,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_cobbler_server_packets" lineno="13749">
+<interface name="corenet_dontaudit_sendrecv_interwise_server_packets" lineno="37673">
 <summary>
-Do not audit attempts to send and receive cobbler_server packets.
+Do not audit attempts to send and receive interwise_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30185,9 +32502,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_cobbler_server_packets" lineno="13764">
+<interface name="corenet_relabelto_interwise_server_packets" lineno="37688">
 <summary>
-Relabel packets to cobbler_server the packet type.
+Relabel packets to interwise_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -30195,9 +32512,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_comsat_port" lineno="13786">
+<interface name="corenet_tcp_sendrecv_ionixnetmon_port" lineno="37710">
 <summary>
-Send and receive TCP traffic on the comsat port.
+Send and receive TCP traffic on the ionixnetmon port.
 </summary>
 <param name="domain">
 <summary>
@@ -30206,9 +32523,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_comsat_port" lineno="13805">
+<interface name="corenet_udp_send_ionixnetmon_port" lineno="37729">
 <summary>
-Send UDP traffic on the comsat port.
+Send UDP traffic on the ionixnetmon port.
 </summary>
 <param name="domain">
 <summary>
@@ -30217,9 +32534,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_comsat_port" lineno="13824">
+<interface name="corenet_dontaudit_udp_send_ionixnetmon_port" lineno="37748">
 <summary>
-Do not audit attempts to send UDP traffic on the comsat port.
+Do not audit attempts to send UDP traffic on the ionixnetmon port.
 </summary>
 <param name="domain">
 <summary>
@@ -30228,9 +32545,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_comsat_port" lineno="13843">
+<interface name="corenet_udp_receive_ionixnetmon_port" lineno="37767">
 <summary>
-Receive UDP traffic on the comsat port.
+Receive UDP traffic on the ionixnetmon port.
 </summary>
 <param name="domain">
 <summary>
@@ -30239,9 +32556,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_comsat_port" lineno="13862">
+<interface name="corenet_dontaudit_udp_receive_ionixnetmon_port" lineno="37786">
 <summary>
-Do not audit attempts to receive UDP traffic on the comsat port.
+Do not audit attempts to receive UDP traffic on the ionixnetmon port.
 </summary>
 <param name="domain">
 <summary>
@@ -30250,9 +32567,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_comsat_port" lineno="13881">
+<interface name="corenet_udp_sendrecv_ionixnetmon_port" lineno="37805">
 <summary>
-Send and receive UDP traffic on the comsat port.
+Send and receive UDP traffic on the ionixnetmon port.
 </summary>
 <param name="domain">
 <summary>
@@ -30261,10 +32578,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_comsat_port" lineno="13898">
+<interface name="corenet_dontaudit_udp_sendrecv_ionixnetmon_port" lineno="37822">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the comsat port.
+UDP traffic on the ionixnetmon port.
 </summary>
 <param name="domain">
 <summary>
@@ -30273,9 +32590,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_comsat_port" lineno="13914">
+<interface name="corenet_tcp_bind_ionixnetmon_port" lineno="37838">
 <summary>
-Bind TCP sockets to the comsat port.
+Bind TCP sockets to the ionixnetmon port.
 </summary>
 <param name="domain">
 <summary>
@@ -30284,9 +32601,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_comsat_port" lineno="13934">
+<interface name="corenet_udp_bind_ionixnetmon_port" lineno="37858">
 <summary>
-Bind UDP sockets to the comsat port.
+Bind UDP sockets to the ionixnetmon port.
 </summary>
 <param name="domain">
 <summary>
@@ -30295,9 +32612,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_comsat_port" lineno="13953">
+<interface name="corenet_tcp_connect_ionixnetmon_port" lineno="37877">
 <summary>
-Make a TCP connection to the comsat port.
+Make a TCP connection to the ionixnetmon port.
 </summary>
 <param name="domain">
 <summary>
@@ -30305,9 +32622,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_comsat_client_packets" lineno="13973">
+<interface name="corenet_send_ionixnetmon_client_packets" lineno="37897">
 <summary>
-Send comsat_client packets.
+Send ionixnetmon_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30316,9 +32633,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_comsat_client_packets" lineno="13992">
+<interface name="corenet_dontaudit_send_ionixnetmon_client_packets" lineno="37916">
 <summary>
-Do not audit attempts to send comsat_client packets.
+Do not audit attempts to send ionixnetmon_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30327,9 +32644,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_comsat_client_packets" lineno="14011">
+<interface name="corenet_receive_ionixnetmon_client_packets" lineno="37935">
 <summary>
-Receive comsat_client packets.
+Receive ionixnetmon_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30338,9 +32655,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_comsat_client_packets" lineno="14030">
+<interface name="corenet_dontaudit_receive_ionixnetmon_client_packets" lineno="37954">
 <summary>
-Do not audit attempts to receive comsat_client packets.
+Do not audit attempts to receive ionixnetmon_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30349,9 +32666,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_comsat_client_packets" lineno="14049">
+<interface name="corenet_sendrecv_ionixnetmon_client_packets" lineno="37973">
 <summary>
-Send and receive comsat_client packets.
+Send and receive ionixnetmon_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30360,9 +32677,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_comsat_client_packets" lineno="14065">
+<interface name="corenet_dontaudit_sendrecv_ionixnetmon_client_packets" lineno="37989">
 <summary>
-Do not audit attempts to send and receive comsat_client packets.
+Do not audit attempts to send and receive ionixnetmon_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30371,9 +32688,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_comsat_client_packets" lineno="14080">
+<interface name="corenet_relabelto_ionixnetmon_client_packets" lineno="38004">
 <summary>
-Relabel packets to comsat_client the packet type.
+Relabel packets to ionixnetmon_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -30381,9 +32698,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_comsat_server_packets" lineno="14100">
+<interface name="corenet_send_ionixnetmon_server_packets" lineno="38024">
 <summary>
-Send comsat_server packets.
+Send ionixnetmon_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30392,9 +32709,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_comsat_server_packets" lineno="14119">
+<interface name="corenet_dontaudit_send_ionixnetmon_server_packets" lineno="38043">
 <summary>
-Do not audit attempts to send comsat_server packets.
+Do not audit attempts to send ionixnetmon_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30403,9 +32720,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_comsat_server_packets" lineno="14138">
+<interface name="corenet_receive_ionixnetmon_server_packets" lineno="38062">
 <summary>
-Receive comsat_server packets.
+Receive ionixnetmon_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30414,9 +32731,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_comsat_server_packets" lineno="14157">
+<interface name="corenet_dontaudit_receive_ionixnetmon_server_packets" lineno="38081">
 <summary>
-Do not audit attempts to receive comsat_server packets.
+Do not audit attempts to receive ionixnetmon_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30425,9 +32742,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_comsat_server_packets" lineno="14176">
+<interface name="corenet_sendrecv_ionixnetmon_server_packets" lineno="38100">
 <summary>
-Send and receive comsat_server packets.
+Send and receive ionixnetmon_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30436,9 +32753,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_comsat_server_packets" lineno="14192">
+<interface name="corenet_dontaudit_sendrecv_ionixnetmon_server_packets" lineno="38116">
 <summary>
-Do not audit attempts to send and receive comsat_server packets.
+Do not audit attempts to send and receive ionixnetmon_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30447,9 +32764,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_comsat_server_packets" lineno="14207">
+<interface name="corenet_relabelto_ionixnetmon_server_packets" lineno="38131">
 <summary>
-Relabel packets to comsat_server the packet type.
+Relabel packets to ionixnetmon_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -30457,9 +32774,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_cvs_port" lineno="14229">
+<interface name="corenet_tcp_sendrecv_ipmi_port" lineno="38153">
 <summary>
-Send and receive TCP traffic on the cvs port.
+Send and receive TCP traffic on the ipmi port.
 </summary>
 <param name="domain">
 <summary>
@@ -30468,9 +32785,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_cvs_port" lineno="14248">
+<interface name="corenet_udp_send_ipmi_port" lineno="38172">
 <summary>
-Send UDP traffic on the cvs port.
+Send UDP traffic on the ipmi port.
 </summary>
 <param name="domain">
 <summary>
@@ -30479,9 +32796,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_cvs_port" lineno="14267">
+<interface name="corenet_dontaudit_udp_send_ipmi_port" lineno="38191">
 <summary>
-Do not audit attempts to send UDP traffic on the cvs port.
+Do not audit attempts to send UDP traffic on the ipmi port.
 </summary>
 <param name="domain">
 <summary>
@@ -30490,9 +32807,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_cvs_port" lineno="14286">
+<interface name="corenet_udp_receive_ipmi_port" lineno="38210">
 <summary>
-Receive UDP traffic on the cvs port.
+Receive UDP traffic on the ipmi port.
 </summary>
 <param name="domain">
 <summary>
@@ -30501,9 +32818,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_cvs_port" lineno="14305">
+<interface name="corenet_dontaudit_udp_receive_ipmi_port" lineno="38229">
 <summary>
-Do not audit attempts to receive UDP traffic on the cvs port.
+Do not audit attempts to receive UDP traffic on the ipmi port.
 </summary>
 <param name="domain">
 <summary>
@@ -30512,9 +32829,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_cvs_port" lineno="14324">
+<interface name="corenet_udp_sendrecv_ipmi_port" lineno="38248">
 <summary>
-Send and receive UDP traffic on the cvs port.
+Send and receive UDP traffic on the ipmi port.
 </summary>
 <param name="domain">
 <summary>
@@ -30523,10 +32840,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_cvs_port" lineno="14341">
+<interface name="corenet_dontaudit_udp_sendrecv_ipmi_port" lineno="38265">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the cvs port.
+UDP traffic on the ipmi port.
 </summary>
 <param name="domain">
 <summary>
@@ -30535,9 +32852,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_cvs_port" lineno="14357">
+<interface name="corenet_tcp_bind_ipmi_port" lineno="38281">
 <summary>
-Bind TCP sockets to the cvs port.
+Bind TCP sockets to the ipmi port.
 </summary>
 <param name="domain">
 <summary>
@@ -30546,9 +32863,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_cvs_port" lineno="14377">
+<interface name="corenet_udp_bind_ipmi_port" lineno="38301">
 <summary>
-Bind UDP sockets to the cvs port.
+Bind UDP sockets to the ipmi port.
 </summary>
 <param name="domain">
 <summary>
@@ -30557,9 +32874,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_cvs_port" lineno="14396">
+<interface name="corenet_tcp_connect_ipmi_port" lineno="38320">
 <summary>
-Make a TCP connection to the cvs port.
+Make a TCP connection to the ipmi port.
 </summary>
 <param name="domain">
 <summary>
@@ -30567,9 +32884,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_cvs_client_packets" lineno="14416">
+<interface name="corenet_send_ipmi_client_packets" lineno="38340">
 <summary>
-Send cvs_client packets.
+Send ipmi_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30578,9 +32895,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_cvs_client_packets" lineno="14435">
+<interface name="corenet_dontaudit_send_ipmi_client_packets" lineno="38359">
 <summary>
-Do not audit attempts to send cvs_client packets.
+Do not audit attempts to send ipmi_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30589,9 +32906,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_cvs_client_packets" lineno="14454">
+<interface name="corenet_receive_ipmi_client_packets" lineno="38378">
 <summary>
-Receive cvs_client packets.
+Receive ipmi_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30600,9 +32917,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_cvs_client_packets" lineno="14473">
+<interface name="corenet_dontaudit_receive_ipmi_client_packets" lineno="38397">
 <summary>
-Do not audit attempts to receive cvs_client packets.
+Do not audit attempts to receive ipmi_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30611,9 +32928,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_cvs_client_packets" lineno="14492">
+<interface name="corenet_sendrecv_ipmi_client_packets" lineno="38416">
 <summary>
-Send and receive cvs_client packets.
+Send and receive ipmi_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30622,9 +32939,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_cvs_client_packets" lineno="14508">
+<interface name="corenet_dontaudit_sendrecv_ipmi_client_packets" lineno="38432">
 <summary>
-Do not audit attempts to send and receive cvs_client packets.
+Do not audit attempts to send and receive ipmi_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30633,9 +32950,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_cvs_client_packets" lineno="14523">
+<interface name="corenet_relabelto_ipmi_client_packets" lineno="38447">
 <summary>
-Relabel packets to cvs_client the packet type.
+Relabel packets to ipmi_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -30643,9 +32960,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_cvs_server_packets" lineno="14543">
+<interface name="corenet_send_ipmi_server_packets" lineno="38467">
 <summary>
-Send cvs_server packets.
+Send ipmi_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30654,9 +32971,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_cvs_server_packets" lineno="14562">
+<interface name="corenet_dontaudit_send_ipmi_server_packets" lineno="38486">
 <summary>
-Do not audit attempts to send cvs_server packets.
+Do not audit attempts to send ipmi_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30665,9 +32982,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_cvs_server_packets" lineno="14581">
+<interface name="corenet_receive_ipmi_server_packets" lineno="38505">
 <summary>
-Receive cvs_server packets.
+Receive ipmi_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30676,9 +32993,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_cvs_server_packets" lineno="14600">
+<interface name="corenet_dontaudit_receive_ipmi_server_packets" lineno="38524">
 <summary>
-Do not audit attempts to receive cvs_server packets.
+Do not audit attempts to receive ipmi_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30687,9 +33004,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_cvs_server_packets" lineno="14619">
+<interface name="corenet_sendrecv_ipmi_server_packets" lineno="38543">
 <summary>
-Send and receive cvs_server packets.
+Send and receive ipmi_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30698,9 +33015,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_cvs_server_packets" lineno="14635">
+<interface name="corenet_dontaudit_sendrecv_ipmi_server_packets" lineno="38559">
 <summary>
-Do not audit attempts to send and receive cvs_server packets.
+Do not audit attempts to send and receive ipmi_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30709,9 +33026,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_cvs_server_packets" lineno="14650">
+<interface name="corenet_relabelto_ipmi_server_packets" lineno="38574">
 <summary>
-Relabel packets to cvs_server the packet type.
+Relabel packets to ipmi_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -30719,9 +33036,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_cyphesis_port" lineno="14672">
+<interface name="corenet_tcp_sendrecv_ipp_port" lineno="38596">
 <summary>
-Send and receive TCP traffic on the cyphesis port.
+Send and receive TCP traffic on the ipp port.
 </summary>
 <param name="domain">
 <summary>
@@ -30730,9 +33047,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_cyphesis_port" lineno="14691">
+<interface name="corenet_udp_send_ipp_port" lineno="38615">
 <summary>
-Send UDP traffic on the cyphesis port.
+Send UDP traffic on the ipp port.
 </summary>
 <param name="domain">
 <summary>
@@ -30741,9 +33058,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_cyphesis_port" lineno="14710">
+<interface name="corenet_dontaudit_udp_send_ipp_port" lineno="38634">
 <summary>
-Do not audit attempts to send UDP traffic on the cyphesis port.
+Do not audit attempts to send UDP traffic on the ipp port.
 </summary>
 <param name="domain">
 <summary>
@@ -30752,9 +33069,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_cyphesis_port" lineno="14729">
+<interface name="corenet_udp_receive_ipp_port" lineno="38653">
 <summary>
-Receive UDP traffic on the cyphesis port.
+Receive UDP traffic on the ipp port.
 </summary>
 <param name="domain">
 <summary>
@@ -30763,9 +33080,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_cyphesis_port" lineno="14748">
+<interface name="corenet_dontaudit_udp_receive_ipp_port" lineno="38672">
 <summary>
-Do not audit attempts to receive UDP traffic on the cyphesis port.
+Do not audit attempts to receive UDP traffic on the ipp port.
 </summary>
 <param name="domain">
 <summary>
@@ -30774,9 +33091,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_cyphesis_port" lineno="14767">
+<interface name="corenet_udp_sendrecv_ipp_port" lineno="38691">
 <summary>
-Send and receive UDP traffic on the cyphesis port.
+Send and receive UDP traffic on the ipp port.
 </summary>
 <param name="domain">
 <summary>
@@ -30785,10 +33102,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_cyphesis_port" lineno="14784">
+<interface name="corenet_dontaudit_udp_sendrecv_ipp_port" lineno="38708">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the cyphesis port.
+UDP traffic on the ipp port.
 </summary>
 <param name="domain">
 <summary>
@@ -30797,9 +33114,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_cyphesis_port" lineno="14800">
+<interface name="corenet_tcp_bind_ipp_port" lineno="38724">
 <summary>
-Bind TCP sockets to the cyphesis port.
+Bind TCP sockets to the ipp port.
 </summary>
 <param name="domain">
 <summary>
@@ -30808,9 +33125,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_cyphesis_port" lineno="14820">
+<interface name="corenet_udp_bind_ipp_port" lineno="38744">
 <summary>
-Bind UDP sockets to the cyphesis port.
+Bind UDP sockets to the ipp port.
 </summary>
 <param name="domain">
 <summary>
@@ -30819,9 +33136,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_cyphesis_port" lineno="14839">
+<interface name="corenet_tcp_connect_ipp_port" lineno="38763">
 <summary>
-Make a TCP connection to the cyphesis port.
+Make a TCP connection to the ipp port.
 </summary>
 <param name="domain">
 <summary>
@@ -30829,9 +33146,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_cyphesis_client_packets" lineno="14859">
+<interface name="corenet_send_ipp_client_packets" lineno="38783">
 <summary>
-Send cyphesis_client packets.
+Send ipp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30840,9 +33157,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_cyphesis_client_packets" lineno="14878">
+<interface name="corenet_dontaudit_send_ipp_client_packets" lineno="38802">
 <summary>
-Do not audit attempts to send cyphesis_client packets.
+Do not audit attempts to send ipp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30851,9 +33168,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_cyphesis_client_packets" lineno="14897">
+<interface name="corenet_receive_ipp_client_packets" lineno="38821">
 <summary>
-Receive cyphesis_client packets.
+Receive ipp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30862,9 +33179,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_cyphesis_client_packets" lineno="14916">
+<interface name="corenet_dontaudit_receive_ipp_client_packets" lineno="38840">
 <summary>
-Do not audit attempts to receive cyphesis_client packets.
+Do not audit attempts to receive ipp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30873,9 +33190,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_cyphesis_client_packets" lineno="14935">
+<interface name="corenet_sendrecv_ipp_client_packets" lineno="38859">
 <summary>
-Send and receive cyphesis_client packets.
+Send and receive ipp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30884,9 +33201,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_cyphesis_client_packets" lineno="14951">
+<interface name="corenet_dontaudit_sendrecv_ipp_client_packets" lineno="38875">
 <summary>
-Do not audit attempts to send and receive cyphesis_client packets.
+Do not audit attempts to send and receive ipp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30895,9 +33212,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_cyphesis_client_packets" lineno="14966">
+<interface name="corenet_relabelto_ipp_client_packets" lineno="38890">
 <summary>
-Relabel packets to cyphesis_client the packet type.
+Relabel packets to ipp_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -30905,9 +33222,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_cyphesis_server_packets" lineno="14986">
+<interface name="corenet_send_ipp_server_packets" lineno="38910">
 <summary>
-Send cyphesis_server packets.
+Send ipp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30916,9 +33233,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_cyphesis_server_packets" lineno="15005">
+<interface name="corenet_dontaudit_send_ipp_server_packets" lineno="38929">
 <summary>
-Do not audit attempts to send cyphesis_server packets.
+Do not audit attempts to send ipp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30927,9 +33244,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_cyphesis_server_packets" lineno="15024">
+<interface name="corenet_receive_ipp_server_packets" lineno="38948">
 <summary>
-Receive cyphesis_server packets.
+Receive ipp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30938,9 +33255,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_cyphesis_server_packets" lineno="15043">
+<interface name="corenet_dontaudit_receive_ipp_server_packets" lineno="38967">
 <summary>
-Do not audit attempts to receive cyphesis_server packets.
+Do not audit attempts to receive ipp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30949,9 +33266,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_cyphesis_server_packets" lineno="15062">
+<interface name="corenet_sendrecv_ipp_server_packets" lineno="38986">
 <summary>
-Send and receive cyphesis_server packets.
+Send and receive ipp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30960,9 +33277,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_cyphesis_server_packets" lineno="15078">
+<interface name="corenet_dontaudit_sendrecv_ipp_server_packets" lineno="39002">
 <summary>
-Do not audit attempts to send and receive cyphesis_server packets.
+Do not audit attempts to send and receive ipp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -30971,9 +33288,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_cyphesis_server_packets" lineno="15093">
+<interface name="corenet_relabelto_ipp_server_packets" lineno="39017">
 <summary>
-Relabel packets to cyphesis_server the packet type.
+Relabel packets to ipp_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -30981,9 +33298,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_daap_port" lineno="15115">
+<interface name="corenet_tcp_sendrecv_ipsecnat_port" lineno="39039">
 <summary>
-Send and receive TCP traffic on the daap port.
+Send and receive TCP traffic on the ipsecnat port.
 </summary>
 <param name="domain">
 <summary>
@@ -30992,9 +33309,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_daap_port" lineno="15134">
+<interface name="corenet_udp_send_ipsecnat_port" lineno="39058">
 <summary>
-Send UDP traffic on the daap port.
+Send UDP traffic on the ipsecnat port.
 </summary>
 <param name="domain">
 <summary>
@@ -31003,9 +33320,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_daap_port" lineno="15153">
+<interface name="corenet_dontaudit_udp_send_ipsecnat_port" lineno="39077">
 <summary>
-Do not audit attempts to send UDP traffic on the daap port.
+Do not audit attempts to send UDP traffic on the ipsecnat port.
 </summary>
 <param name="domain">
 <summary>
@@ -31014,9 +33331,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_daap_port" lineno="15172">
+<interface name="corenet_udp_receive_ipsecnat_port" lineno="39096">
 <summary>
-Receive UDP traffic on the daap port.
+Receive UDP traffic on the ipsecnat port.
 </summary>
 <param name="domain">
 <summary>
@@ -31025,9 +33342,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_daap_port" lineno="15191">
+<interface name="corenet_dontaudit_udp_receive_ipsecnat_port" lineno="39115">
 <summary>
-Do not audit attempts to receive UDP traffic on the daap port.
+Do not audit attempts to receive UDP traffic on the ipsecnat port.
 </summary>
 <param name="domain">
 <summary>
@@ -31036,9 +33353,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_daap_port" lineno="15210">
+<interface name="corenet_udp_sendrecv_ipsecnat_port" lineno="39134">
 <summary>
-Send and receive UDP traffic on the daap port.
+Send and receive UDP traffic on the ipsecnat port.
 </summary>
 <param name="domain">
 <summary>
@@ -31047,10 +33364,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_daap_port" lineno="15227">
+<interface name="corenet_dontaudit_udp_sendrecv_ipsecnat_port" lineno="39151">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the daap port.
+UDP traffic on the ipsecnat port.
 </summary>
 <param name="domain">
 <summary>
@@ -31059,9 +33376,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_daap_port" lineno="15243">
+<interface name="corenet_tcp_bind_ipsecnat_port" lineno="39167">
 <summary>
-Bind TCP sockets to the daap port.
+Bind TCP sockets to the ipsecnat port.
 </summary>
 <param name="domain">
 <summary>
@@ -31070,9 +33387,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_daap_port" lineno="15263">
+<interface name="corenet_udp_bind_ipsecnat_port" lineno="39187">
 <summary>
-Bind UDP sockets to the daap port.
+Bind UDP sockets to the ipsecnat port.
 </summary>
 <param name="domain">
 <summary>
@@ -31081,9 +33398,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_daap_port" lineno="15282">
+<interface name="corenet_tcp_connect_ipsecnat_port" lineno="39206">
 <summary>
-Make a TCP connection to the daap port.
+Make a TCP connection to the ipsecnat port.
 </summary>
 <param name="domain">
 <summary>
@@ -31091,9 +33408,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_daap_client_packets" lineno="15302">
+<interface name="corenet_send_ipsecnat_client_packets" lineno="39226">
 <summary>
-Send daap_client packets.
+Send ipsecnat_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31102,9 +33419,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_daap_client_packets" lineno="15321">
+<interface name="corenet_dontaudit_send_ipsecnat_client_packets" lineno="39245">
 <summary>
-Do not audit attempts to send daap_client packets.
+Do not audit attempts to send ipsecnat_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31113,9 +33430,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_daap_client_packets" lineno="15340">
+<interface name="corenet_receive_ipsecnat_client_packets" lineno="39264">
 <summary>
-Receive daap_client packets.
+Receive ipsecnat_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31124,9 +33441,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_daap_client_packets" lineno="15359">
+<interface name="corenet_dontaudit_receive_ipsecnat_client_packets" lineno="39283">
 <summary>
-Do not audit attempts to receive daap_client packets.
+Do not audit attempts to receive ipsecnat_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31135,9 +33452,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_daap_client_packets" lineno="15378">
+<interface name="corenet_sendrecv_ipsecnat_client_packets" lineno="39302">
 <summary>
-Send and receive daap_client packets.
+Send and receive ipsecnat_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31146,9 +33463,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_daap_client_packets" lineno="15394">
+<interface name="corenet_dontaudit_sendrecv_ipsecnat_client_packets" lineno="39318">
 <summary>
-Do not audit attempts to send and receive daap_client packets.
+Do not audit attempts to send and receive ipsecnat_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31157,9 +33474,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_daap_client_packets" lineno="15409">
+<interface name="corenet_relabelto_ipsecnat_client_packets" lineno="39333">
 <summary>
-Relabel packets to daap_client the packet type.
+Relabel packets to ipsecnat_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -31167,9 +33484,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_daap_server_packets" lineno="15429">
+<interface name="corenet_send_ipsecnat_server_packets" lineno="39353">
 <summary>
-Send daap_server packets.
+Send ipsecnat_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31178,9 +33495,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_daap_server_packets" lineno="15448">
+<interface name="corenet_dontaudit_send_ipsecnat_server_packets" lineno="39372">
 <summary>
-Do not audit attempts to send daap_server packets.
+Do not audit attempts to send ipsecnat_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31189,9 +33506,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_daap_server_packets" lineno="15467">
+<interface name="corenet_receive_ipsecnat_server_packets" lineno="39391">
 <summary>
-Receive daap_server packets.
+Receive ipsecnat_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31200,9 +33517,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_daap_server_packets" lineno="15486">
+<interface name="corenet_dontaudit_receive_ipsecnat_server_packets" lineno="39410">
 <summary>
-Do not audit attempts to receive daap_server packets.
+Do not audit attempts to receive ipsecnat_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31211,9 +33528,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_daap_server_packets" lineno="15505">
+<interface name="corenet_sendrecv_ipsecnat_server_packets" lineno="39429">
 <summary>
-Send and receive daap_server packets.
+Send and receive ipsecnat_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31222,9 +33539,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_daap_server_packets" lineno="15521">
+<interface name="corenet_dontaudit_sendrecv_ipsecnat_server_packets" lineno="39445">
 <summary>
-Do not audit attempts to send and receive daap_server packets.
+Do not audit attempts to send and receive ipsecnat_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31233,9 +33550,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_daap_server_packets" lineno="15536">
+<interface name="corenet_relabelto_ipsecnat_server_packets" lineno="39460">
 <summary>
-Relabel packets to daap_server the packet type.
+Relabel packets to ipsecnat_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -31243,9 +33560,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_dbskkd_port" lineno="15558">
+<interface name="corenet_tcp_sendrecv_ircd_port" lineno="39482">
 <summary>
-Send and receive TCP traffic on the dbskkd port.
+Send and receive TCP traffic on the ircd port.
 </summary>
 <param name="domain">
 <summary>
@@ -31254,9 +33571,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_dbskkd_port" lineno="15577">
+<interface name="corenet_udp_send_ircd_port" lineno="39501">
 <summary>
-Send UDP traffic on the dbskkd port.
+Send UDP traffic on the ircd port.
 </summary>
 <param name="domain">
 <summary>
@@ -31265,9 +33582,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_dbskkd_port" lineno="15596">
+<interface name="corenet_dontaudit_udp_send_ircd_port" lineno="39520">
 <summary>
-Do not audit attempts to send UDP traffic on the dbskkd port.
+Do not audit attempts to send UDP traffic on the ircd port.
 </summary>
 <param name="domain">
 <summary>
@@ -31276,9 +33593,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_dbskkd_port" lineno="15615">
+<interface name="corenet_udp_receive_ircd_port" lineno="39539">
 <summary>
-Receive UDP traffic on the dbskkd port.
+Receive UDP traffic on the ircd port.
 </summary>
 <param name="domain">
 <summary>
@@ -31287,9 +33604,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_dbskkd_port" lineno="15634">
+<interface name="corenet_dontaudit_udp_receive_ircd_port" lineno="39558">
 <summary>
-Do not audit attempts to receive UDP traffic on the dbskkd port.
+Do not audit attempts to receive UDP traffic on the ircd port.
 </summary>
 <param name="domain">
 <summary>
@@ -31298,9 +33615,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_dbskkd_port" lineno="15653">
+<interface name="corenet_udp_sendrecv_ircd_port" lineno="39577">
 <summary>
-Send and receive UDP traffic on the dbskkd port.
+Send and receive UDP traffic on the ircd port.
 </summary>
 <param name="domain">
 <summary>
@@ -31309,10 +33626,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_dbskkd_port" lineno="15670">
+<interface name="corenet_dontaudit_udp_sendrecv_ircd_port" lineno="39594">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the dbskkd port.
+UDP traffic on the ircd port.
 </summary>
 <param name="domain">
 <summary>
@@ -31321,9 +33638,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_dbskkd_port" lineno="15686">
+<interface name="corenet_tcp_bind_ircd_port" lineno="39610">
 <summary>
-Bind TCP sockets to the dbskkd port.
+Bind TCP sockets to the ircd port.
 </summary>
 <param name="domain">
 <summary>
@@ -31332,9 +33649,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_dbskkd_port" lineno="15706">
+<interface name="corenet_udp_bind_ircd_port" lineno="39630">
 <summary>
-Bind UDP sockets to the dbskkd port.
+Bind UDP sockets to the ircd port.
 </summary>
 <param name="domain">
 <summary>
@@ -31343,9 +33660,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_dbskkd_port" lineno="15725">
+<interface name="corenet_tcp_connect_ircd_port" lineno="39649">
 <summary>
-Make a TCP connection to the dbskkd port.
+Make a TCP connection to the ircd port.
 </summary>
 <param name="domain">
 <summary>
@@ -31353,9 +33670,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_dbskkd_client_packets" lineno="15745">
+<interface name="corenet_send_ircd_client_packets" lineno="39669">
 <summary>
-Send dbskkd_client packets.
+Send ircd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31364,9 +33681,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_dbskkd_client_packets" lineno="15764">
+<interface name="corenet_dontaudit_send_ircd_client_packets" lineno="39688">
 <summary>
-Do not audit attempts to send dbskkd_client packets.
+Do not audit attempts to send ircd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31375,9 +33692,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_dbskkd_client_packets" lineno="15783">
+<interface name="corenet_receive_ircd_client_packets" lineno="39707">
 <summary>
-Receive dbskkd_client packets.
+Receive ircd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31386,9 +33703,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_dbskkd_client_packets" lineno="15802">
+<interface name="corenet_dontaudit_receive_ircd_client_packets" lineno="39726">
 <summary>
-Do not audit attempts to receive dbskkd_client packets.
+Do not audit attempts to receive ircd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31397,9 +33714,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_dbskkd_client_packets" lineno="15821">
+<interface name="corenet_sendrecv_ircd_client_packets" lineno="39745">
 <summary>
-Send and receive dbskkd_client packets.
+Send and receive ircd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31408,9 +33725,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_dbskkd_client_packets" lineno="15837">
+<interface name="corenet_dontaudit_sendrecv_ircd_client_packets" lineno="39761">
 <summary>
-Do not audit attempts to send and receive dbskkd_client packets.
+Do not audit attempts to send and receive ircd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31419,9 +33736,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_dbskkd_client_packets" lineno="15852">
+<interface name="corenet_relabelto_ircd_client_packets" lineno="39776">
 <summary>
-Relabel packets to dbskkd_client the packet type.
+Relabel packets to ircd_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -31429,9 +33746,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_dbskkd_server_packets" lineno="15872">
+<interface name="corenet_send_ircd_server_packets" lineno="39796">
 <summary>
-Send dbskkd_server packets.
+Send ircd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31440,9 +33757,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_dbskkd_server_packets" lineno="15891">
+<interface name="corenet_dontaudit_send_ircd_server_packets" lineno="39815">
 <summary>
-Do not audit attempts to send dbskkd_server packets.
+Do not audit attempts to send ircd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31451,9 +33768,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_dbskkd_server_packets" lineno="15910">
+<interface name="corenet_receive_ircd_server_packets" lineno="39834">
 <summary>
-Receive dbskkd_server packets.
+Receive ircd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31462,9 +33779,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_dbskkd_server_packets" lineno="15929">
+<interface name="corenet_dontaudit_receive_ircd_server_packets" lineno="39853">
 <summary>
-Do not audit attempts to receive dbskkd_server packets.
+Do not audit attempts to receive ircd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31473,9 +33790,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_dbskkd_server_packets" lineno="15948">
+<interface name="corenet_sendrecv_ircd_server_packets" lineno="39872">
 <summary>
-Send and receive dbskkd_server packets.
+Send and receive ircd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31484,9 +33801,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_dbskkd_server_packets" lineno="15964">
+<interface name="corenet_dontaudit_sendrecv_ircd_server_packets" lineno="39888">
 <summary>
-Do not audit attempts to send and receive dbskkd_server packets.
+Do not audit attempts to send and receive ircd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31495,9 +33812,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_dbskkd_server_packets" lineno="15979">
+<interface name="corenet_relabelto_ircd_server_packets" lineno="39903">
 <summary>
-Relabel packets to dbskkd_server the packet type.
+Relabel packets to ircd_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -31505,9 +33822,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_dcc_port" lineno="16001">
+<interface name="corenet_tcp_sendrecv_isakmp_port" lineno="39925">
 <summary>
-Send and receive TCP traffic on the dcc port.
+Send and receive TCP traffic on the isakmp port.
 </summary>
 <param name="domain">
 <summary>
@@ -31516,9 +33833,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_dcc_port" lineno="16020">
+<interface name="corenet_udp_send_isakmp_port" lineno="39944">
 <summary>
-Send UDP traffic on the dcc port.
+Send UDP traffic on the isakmp port.
 </summary>
 <param name="domain">
 <summary>
@@ -31527,9 +33844,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_dcc_port" lineno="16039">
+<interface name="corenet_dontaudit_udp_send_isakmp_port" lineno="39963">
 <summary>
-Do not audit attempts to send UDP traffic on the dcc port.
+Do not audit attempts to send UDP traffic on the isakmp port.
 </summary>
 <param name="domain">
 <summary>
@@ -31538,9 +33855,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_dcc_port" lineno="16058">
+<interface name="corenet_udp_receive_isakmp_port" lineno="39982">
 <summary>
-Receive UDP traffic on the dcc port.
+Receive UDP traffic on the isakmp port.
 </summary>
 <param name="domain">
 <summary>
@@ -31549,9 +33866,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_dcc_port" lineno="16077">
+<interface name="corenet_dontaudit_udp_receive_isakmp_port" lineno="40001">
 <summary>
-Do not audit attempts to receive UDP traffic on the dcc port.
+Do not audit attempts to receive UDP traffic on the isakmp port.
 </summary>
 <param name="domain">
 <summary>
@@ -31560,9 +33877,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_dcc_port" lineno="16096">
+<interface name="corenet_udp_sendrecv_isakmp_port" lineno="40020">
 <summary>
-Send and receive UDP traffic on the dcc port.
+Send and receive UDP traffic on the isakmp port.
 </summary>
 <param name="domain">
 <summary>
@@ -31571,10 +33888,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_dcc_port" lineno="16113">
+<interface name="corenet_dontaudit_udp_sendrecv_isakmp_port" lineno="40037">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the dcc port.
+UDP traffic on the isakmp port.
 </summary>
 <param name="domain">
 <summary>
@@ -31583,9 +33900,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_dcc_port" lineno="16129">
+<interface name="corenet_tcp_bind_isakmp_port" lineno="40053">
 <summary>
-Bind TCP sockets to the dcc port.
+Bind TCP sockets to the isakmp port.
 </summary>
 <param name="domain">
 <summary>
@@ -31594,9 +33911,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_dcc_port" lineno="16149">
+<interface name="corenet_udp_bind_isakmp_port" lineno="40073">
 <summary>
-Bind UDP sockets to the dcc port.
+Bind UDP sockets to the isakmp port.
 </summary>
 <param name="domain">
 <summary>
@@ -31605,9 +33922,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_dcc_port" lineno="16168">
+<interface name="corenet_tcp_connect_isakmp_port" lineno="40092">
 <summary>
-Make a TCP connection to the dcc port.
+Make a TCP connection to the isakmp port.
 </summary>
 <param name="domain">
 <summary>
@@ -31615,9 +33932,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_dcc_client_packets" lineno="16188">
+<interface name="corenet_send_isakmp_client_packets" lineno="40112">
 <summary>
-Send dcc_client packets.
+Send isakmp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31626,9 +33943,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_dcc_client_packets" lineno="16207">
+<interface name="corenet_dontaudit_send_isakmp_client_packets" lineno="40131">
 <summary>
-Do not audit attempts to send dcc_client packets.
+Do not audit attempts to send isakmp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31637,9 +33954,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_dcc_client_packets" lineno="16226">
+<interface name="corenet_receive_isakmp_client_packets" lineno="40150">
 <summary>
-Receive dcc_client packets.
+Receive isakmp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31648,9 +33965,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_dcc_client_packets" lineno="16245">
+<interface name="corenet_dontaudit_receive_isakmp_client_packets" lineno="40169">
 <summary>
-Do not audit attempts to receive dcc_client packets.
+Do not audit attempts to receive isakmp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31659,9 +33976,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_dcc_client_packets" lineno="16264">
+<interface name="corenet_sendrecv_isakmp_client_packets" lineno="40188">
 <summary>
-Send and receive dcc_client packets.
+Send and receive isakmp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31670,9 +33987,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_dcc_client_packets" lineno="16280">
+<interface name="corenet_dontaudit_sendrecv_isakmp_client_packets" lineno="40204">
 <summary>
-Do not audit attempts to send and receive dcc_client packets.
+Do not audit attempts to send and receive isakmp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31681,9 +33998,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_dcc_client_packets" lineno="16295">
+<interface name="corenet_relabelto_isakmp_client_packets" lineno="40219">
 <summary>
-Relabel packets to dcc_client the packet type.
+Relabel packets to isakmp_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -31691,9 +34008,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_dcc_server_packets" lineno="16315">
+<interface name="corenet_send_isakmp_server_packets" lineno="40239">
 <summary>
-Send dcc_server packets.
+Send isakmp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31702,9 +34019,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_dcc_server_packets" lineno="16334">
+<interface name="corenet_dontaudit_send_isakmp_server_packets" lineno="40258">
 <summary>
-Do not audit attempts to send dcc_server packets.
+Do not audit attempts to send isakmp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31713,9 +34030,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_dcc_server_packets" lineno="16353">
+<interface name="corenet_receive_isakmp_server_packets" lineno="40277">
 <summary>
-Receive dcc_server packets.
+Receive isakmp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31724,9 +34041,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_dcc_server_packets" lineno="16372">
+<interface name="corenet_dontaudit_receive_isakmp_server_packets" lineno="40296">
 <summary>
-Do not audit attempts to receive dcc_server packets.
+Do not audit attempts to receive isakmp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31735,9 +34052,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_dcc_server_packets" lineno="16391">
+<interface name="corenet_sendrecv_isakmp_server_packets" lineno="40315">
 <summary>
-Send and receive dcc_server packets.
+Send and receive isakmp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31746,9 +34063,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_dcc_server_packets" lineno="16407">
+<interface name="corenet_dontaudit_sendrecv_isakmp_server_packets" lineno="40331">
 <summary>
-Do not audit attempts to send and receive dcc_server packets.
+Do not audit attempts to send and receive isakmp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31757,9 +34074,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_dcc_server_packets" lineno="16422">
+<interface name="corenet_relabelto_isakmp_server_packets" lineno="40346">
 <summary>
-Relabel packets to dcc_server the packet type.
+Relabel packets to isakmp_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -31767,9 +34084,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_dccm_port" lineno="16444">
+<interface name="corenet_tcp_sendrecv_iscsi_port" lineno="40368">
 <summary>
-Send and receive TCP traffic on the dccm port.
+Send and receive TCP traffic on the iscsi port.
 </summary>
 <param name="domain">
 <summary>
@@ -31778,9 +34095,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_dccm_port" lineno="16463">
+<interface name="corenet_udp_send_iscsi_port" lineno="40387">
 <summary>
-Send UDP traffic on the dccm port.
+Send UDP traffic on the iscsi port.
 </summary>
 <param name="domain">
 <summary>
@@ -31789,9 +34106,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_dccm_port" lineno="16482">
+<interface name="corenet_dontaudit_udp_send_iscsi_port" lineno="40406">
 <summary>
-Do not audit attempts to send UDP traffic on the dccm port.
+Do not audit attempts to send UDP traffic on the iscsi port.
 </summary>
 <param name="domain">
 <summary>
@@ -31800,9 +34117,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_dccm_port" lineno="16501">
+<interface name="corenet_udp_receive_iscsi_port" lineno="40425">
 <summary>
-Receive UDP traffic on the dccm port.
+Receive UDP traffic on the iscsi port.
 </summary>
 <param name="domain">
 <summary>
@@ -31811,9 +34128,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_dccm_port" lineno="16520">
+<interface name="corenet_dontaudit_udp_receive_iscsi_port" lineno="40444">
 <summary>
-Do not audit attempts to receive UDP traffic on the dccm port.
+Do not audit attempts to receive UDP traffic on the iscsi port.
 </summary>
 <param name="domain">
 <summary>
@@ -31822,9 +34139,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_dccm_port" lineno="16539">
+<interface name="corenet_udp_sendrecv_iscsi_port" lineno="40463">
 <summary>
-Send and receive UDP traffic on the dccm port.
+Send and receive UDP traffic on the iscsi port.
 </summary>
 <param name="domain">
 <summary>
@@ -31833,10 +34150,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_dccm_port" lineno="16556">
+<interface name="corenet_dontaudit_udp_sendrecv_iscsi_port" lineno="40480">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the dccm port.
+UDP traffic on the iscsi port.
 </summary>
 <param name="domain">
 <summary>
@@ -31845,9 +34162,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_dccm_port" lineno="16572">
+<interface name="corenet_tcp_bind_iscsi_port" lineno="40496">
 <summary>
-Bind TCP sockets to the dccm port.
+Bind TCP sockets to the iscsi port.
 </summary>
 <param name="domain">
 <summary>
@@ -31856,9 +34173,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_dccm_port" lineno="16592">
+<interface name="corenet_udp_bind_iscsi_port" lineno="40516">
 <summary>
-Bind UDP sockets to the dccm port.
+Bind UDP sockets to the iscsi port.
 </summary>
 <param name="domain">
 <summary>
@@ -31867,9 +34184,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_dccm_port" lineno="16611">
+<interface name="corenet_tcp_connect_iscsi_port" lineno="40535">
 <summary>
-Make a TCP connection to the dccm port.
+Make a TCP connection to the iscsi port.
 </summary>
 <param name="domain">
 <summary>
@@ -31877,9 +34194,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_dccm_client_packets" lineno="16631">
+<interface name="corenet_send_iscsi_client_packets" lineno="40555">
 <summary>
-Send dccm_client packets.
+Send iscsi_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31888,9 +34205,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_dccm_client_packets" lineno="16650">
+<interface name="corenet_dontaudit_send_iscsi_client_packets" lineno="40574">
 <summary>
-Do not audit attempts to send dccm_client packets.
+Do not audit attempts to send iscsi_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31899,9 +34216,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_dccm_client_packets" lineno="16669">
+<interface name="corenet_receive_iscsi_client_packets" lineno="40593">
 <summary>
-Receive dccm_client packets.
+Receive iscsi_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31910,9 +34227,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_dccm_client_packets" lineno="16688">
+<interface name="corenet_dontaudit_receive_iscsi_client_packets" lineno="40612">
 <summary>
-Do not audit attempts to receive dccm_client packets.
+Do not audit attempts to receive iscsi_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31921,9 +34238,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_dccm_client_packets" lineno="16707">
+<interface name="corenet_sendrecv_iscsi_client_packets" lineno="40631">
 <summary>
-Send and receive dccm_client packets.
+Send and receive iscsi_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31932,9 +34249,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_dccm_client_packets" lineno="16723">
+<interface name="corenet_dontaudit_sendrecv_iscsi_client_packets" lineno="40647">
 <summary>
-Do not audit attempts to send and receive dccm_client packets.
+Do not audit attempts to send and receive iscsi_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31943,9 +34260,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_dccm_client_packets" lineno="16738">
+<interface name="corenet_relabelto_iscsi_client_packets" lineno="40662">
 <summary>
-Relabel packets to dccm_client the packet type.
+Relabel packets to iscsi_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -31953,9 +34270,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_dccm_server_packets" lineno="16758">
+<interface name="corenet_send_iscsi_server_packets" lineno="40682">
 <summary>
-Send dccm_server packets.
+Send iscsi_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31964,9 +34281,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_dccm_server_packets" lineno="16777">
+<interface name="corenet_dontaudit_send_iscsi_server_packets" lineno="40701">
 <summary>
-Do not audit attempts to send dccm_server packets.
+Do not audit attempts to send iscsi_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31975,9 +34292,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_dccm_server_packets" lineno="16796">
+<interface name="corenet_receive_iscsi_server_packets" lineno="40720">
 <summary>
-Receive dccm_server packets.
+Receive iscsi_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31986,9 +34303,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_dccm_server_packets" lineno="16815">
+<interface name="corenet_dontaudit_receive_iscsi_server_packets" lineno="40739">
 <summary>
-Do not audit attempts to receive dccm_server packets.
+Do not audit attempts to receive iscsi_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -31997,9 +34314,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_dccm_server_packets" lineno="16834">
+<interface name="corenet_sendrecv_iscsi_server_packets" lineno="40758">
 <summary>
-Send and receive dccm_server packets.
+Send and receive iscsi_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -32008,9 +34325,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_dccm_server_packets" lineno="16850">
+<interface name="corenet_dontaudit_sendrecv_iscsi_server_packets" lineno="40774">
 <summary>
-Do not audit attempts to send and receive dccm_server packets.
+Do not audit attempts to send and receive iscsi_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -32019,9 +34336,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_dccm_server_packets" lineno="16865">
+<interface name="corenet_relabelto_iscsi_server_packets" lineno="40789">
 <summary>
-Relabel packets to dccm_server the packet type.
+Relabel packets to iscsi_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -32029,9 +34346,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_dhcpc_port" lineno="16887">
+<interface name="corenet_tcp_sendrecv_isns_port" lineno="40811">
 <summary>
-Send and receive TCP traffic on the dhcpc port.
+Send and receive TCP traffic on the isns port.
 </summary>
 <param name="domain">
 <summary>
@@ -32040,9 +34357,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_dhcpc_port" lineno="16906">
+<interface name="corenet_udp_send_isns_port" lineno="40830">
 <summary>
-Send UDP traffic on the dhcpc port.
+Send UDP traffic on the isns port.
 </summary>
 <param name="domain">
 <summary>
@@ -32051,9 +34368,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_dhcpc_port" lineno="16925">
+<interface name="corenet_dontaudit_udp_send_isns_port" lineno="40849">
 <summary>
-Do not audit attempts to send UDP traffic on the dhcpc port.
+Do not audit attempts to send UDP traffic on the isns port.
 </summary>
 <param name="domain">
 <summary>
@@ -32062,9 +34379,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_dhcpc_port" lineno="16944">
+<interface name="corenet_udp_receive_isns_port" lineno="40868">
 <summary>
-Receive UDP traffic on the dhcpc port.
+Receive UDP traffic on the isns port.
 </summary>
 <param name="domain">
 <summary>
@@ -32073,9 +34390,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_dhcpc_port" lineno="16963">
+<interface name="corenet_dontaudit_udp_receive_isns_port" lineno="40887">
 <summary>
-Do not audit attempts to receive UDP traffic on the dhcpc port.
+Do not audit attempts to receive UDP traffic on the isns port.
 </summary>
 <param name="domain">
 <summary>
@@ -32084,9 +34401,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_dhcpc_port" lineno="16982">
+<interface name="corenet_udp_sendrecv_isns_port" lineno="40906">
 <summary>
-Send and receive UDP traffic on the dhcpc port.
+Send and receive UDP traffic on the isns port.
 </summary>
 <param name="domain">
 <summary>
@@ -32095,10 +34412,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_dhcpc_port" lineno="16999">
+<interface name="corenet_dontaudit_udp_sendrecv_isns_port" lineno="40923">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the dhcpc port.
+UDP traffic on the isns port.
 </summary>
 <param name="domain">
 <summary>
@@ -32107,9 +34424,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_dhcpc_port" lineno="17015">
+<interface name="corenet_tcp_bind_isns_port" lineno="40939">
 <summary>
-Bind TCP sockets to the dhcpc port.
+Bind TCP sockets to the isns port.
 </summary>
 <param name="domain">
 <summary>
@@ -32118,9 +34435,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_dhcpc_port" lineno="17035">
+<interface name="corenet_udp_bind_isns_port" lineno="40959">
 <summary>
-Bind UDP sockets to the dhcpc port.
+Bind UDP sockets to the isns port.
 </summary>
 <param name="domain">
 <summary>
@@ -32129,9 +34446,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_dhcpc_port" lineno="17054">
+<interface name="corenet_tcp_connect_isns_port" lineno="40978">
 <summary>
-Make a TCP connection to the dhcpc port.
+Make a TCP connection to the isns port.
 </summary>
 <param name="domain">
 <summary>
@@ -32139,9 +34456,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_dhcpc_client_packets" lineno="17074">
+<interface name="corenet_send_isns_client_packets" lineno="40998">
 <summary>
-Send dhcpc_client packets.
+Send isns_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -32150,9 +34467,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_dhcpc_client_packets" lineno="17093">
+<interface name="corenet_dontaudit_send_isns_client_packets" lineno="41017">
 <summary>
-Do not audit attempts to send dhcpc_client packets.
+Do not audit attempts to send isns_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -32161,9 +34478,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_dhcpc_client_packets" lineno="17112">
+<interface name="corenet_receive_isns_client_packets" lineno="41036">
 <summary>
-Receive dhcpc_client packets.
+Receive isns_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -32172,9 +34489,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_dhcpc_client_packets" lineno="17131">
+<interface name="corenet_dontaudit_receive_isns_client_packets" lineno="41055">
 <summary>
-Do not audit attempts to receive dhcpc_client packets.
+Do not audit attempts to receive isns_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -32183,9 +34500,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_dhcpc_client_packets" lineno="17150">
+<interface name="corenet_sendrecv_isns_client_packets" lineno="41074">
 <summary>
-Send and receive dhcpc_client packets.
+Send and receive isns_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -32194,9 +34511,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_dhcpc_client_packets" lineno="17166">
+<interface name="corenet_dontaudit_sendrecv_isns_client_packets" lineno="41090">
 <summary>
-Do not audit attempts to send and receive dhcpc_client packets.
+Do not audit attempts to send and receive isns_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -32205,9 +34522,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_dhcpc_client_packets" lineno="17181">
+<interface name="corenet_relabelto_isns_client_packets" lineno="41105">
 <summary>
-Relabel packets to dhcpc_client the packet type.
+Relabel packets to isns_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -32215,9 +34532,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_dhcpc_server_packets" lineno="17201">
+<interface name="corenet_send_isns_server_packets" lineno="41125">
 <summary>
-Send dhcpc_server packets.
+Send isns_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -32226,9 +34543,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_dhcpc_server_packets" lineno="17220">
+<interface name="corenet_dontaudit_send_isns_server_packets" lineno="41144">
 <summary>
-Do not audit attempts to send dhcpc_server packets.
+Do not audit attempts to send isns_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -32237,9 +34554,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_dhcpc_server_packets" lineno="17239">
+<interface name="corenet_receive_isns_server_packets" lineno="41163">
 <summary>
-Receive dhcpc_server packets.
+Receive isns_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -32248,9 +34565,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_dhcpc_server_packets" lineno="17258">
+<interface name="corenet_dontaudit_receive_isns_server_packets" lineno="41182">
 <summary>
-Do not audit attempts to receive dhcpc_server packets.
+Do not audit attempts to receive isns_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -32259,9 +34576,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_dhcpc_server_packets" lineno="17277">
+<interface name="corenet_sendrecv_isns_server_packets" lineno="41201">
 <summary>
-Send and receive dhcpc_server packets.
+Send and receive isns_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -32270,9 +34587,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_dhcpc_server_packets" lineno="17293">
+<interface name="corenet_dontaudit_sendrecv_isns_server_packets" lineno="41217">
 <summary>
-Do not audit attempts to send and receive dhcpc_server packets.
+Do not audit attempts to send and receive isns_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -32281,9 +34598,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_dhcpc_server_packets" lineno="17308">
+<interface name="corenet_relabelto_isns_server_packets" lineno="41232">
 <summary>
-Relabel packets to dhcpc_server the packet type.
+Relabel packets to isns_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -32291,9 +34608,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_dhcpd_port" lineno="17330">
+<interface name="corenet_tcp_sendrecv_jabber_client_port" lineno="41254">
 <summary>
-Send and receive TCP traffic on the dhcpd port.
+Send and receive TCP traffic on the jabber_client port.
 </summary>
 <param name="domain">
 <summary>
@@ -32302,9 +34619,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_dhcpd_port" lineno="17349">
+<interface name="corenet_udp_send_jabber_client_port" lineno="41273">
 <summary>
-Send UDP traffic on the dhcpd port.
+Send UDP traffic on the jabber_client port.
 </summary>
 <param name="domain">
 <summary>
@@ -32313,9 +34630,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_dhcpd_port" lineno="17368">
+<interface name="corenet_dontaudit_udp_send_jabber_client_port" lineno="41292">
 <summary>
-Do not audit attempts to send UDP traffic on the dhcpd port.
+Do not audit attempts to send UDP traffic on the jabber_client port.
 </summary>
 <param name="domain">
 <summary>
@@ -32324,9 +34641,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_dhcpd_port" lineno="17387">
+<interface name="corenet_udp_receive_jabber_client_port" lineno="41311">
 <summary>
-Receive UDP traffic on the dhcpd port.
+Receive UDP traffic on the jabber_client port.
 </summary>
 <param name="domain">
 <summary>
@@ -32335,9 +34652,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_dhcpd_port" lineno="17406">
+<interface name="corenet_dontaudit_udp_receive_jabber_client_port" lineno="41330">
 <summary>
-Do not audit attempts to receive UDP traffic on the dhcpd port.
+Do not audit attempts to receive UDP traffic on the jabber_client port.
 </summary>
 <param name="domain">
 <summary>
@@ -32346,9 +34663,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_dhcpd_port" lineno="17425">
+<interface name="corenet_udp_sendrecv_jabber_client_port" lineno="41349">
 <summary>
-Send and receive UDP traffic on the dhcpd port.
+Send and receive UDP traffic on the jabber_client port.
 </summary>
 <param name="domain">
 <summary>
@@ -32357,10 +34674,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_dhcpd_port" lineno="17442">
+<interface name="corenet_dontaudit_udp_sendrecv_jabber_client_port" lineno="41366">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the dhcpd port.
+UDP traffic on the jabber_client port.
 </summary>
 <param name="domain">
 <summary>
@@ -32369,9 +34686,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_dhcpd_port" lineno="17458">
+<interface name="corenet_tcp_bind_jabber_client_port" lineno="41382">
 <summary>
-Bind TCP sockets to the dhcpd port.
+Bind TCP sockets to the jabber_client port.
 </summary>
 <param name="domain">
 <summary>
@@ -32380,9 +34697,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_dhcpd_port" lineno="17478">
+<interface name="corenet_udp_bind_jabber_client_port" lineno="41402">
 <summary>
-Bind UDP sockets to the dhcpd port.
+Bind UDP sockets to the jabber_client port.
 </summary>
 <param name="domain">
 <summary>
@@ -32391,9 +34708,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_dhcpd_port" lineno="17497">
+<interface name="corenet_tcp_connect_jabber_client_port" lineno="41421">
 <summary>
-Make a TCP connection to the dhcpd port.
+Make a TCP connection to the jabber_client port.
 </summary>
 <param name="domain">
 <summary>
@@ -32401,9 +34718,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_dhcpd_client_packets" lineno="17517">
+<interface name="corenet_send_jabber_client_client_packets" lineno="41441">
 <summary>
-Send dhcpd_client packets.
+Send jabber_client_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -32412,9 +34729,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_dhcpd_client_packets" lineno="17536">
+<interface name="corenet_dontaudit_send_jabber_client_client_packets" lineno="41460">
 <summary>
-Do not audit attempts to send dhcpd_client packets.
+Do not audit attempts to send jabber_client_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -32423,9 +34740,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_dhcpd_client_packets" lineno="17555">
+<interface name="corenet_receive_jabber_client_client_packets" lineno="41479">
 <summary>
-Receive dhcpd_client packets.
+Receive jabber_client_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -32434,9 +34751,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_dhcpd_client_packets" lineno="17574">
+<interface name="corenet_dontaudit_receive_jabber_client_client_packets" lineno="41498">
 <summary>
-Do not audit attempts to receive dhcpd_client packets.
+Do not audit attempts to receive jabber_client_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -32445,9 +34762,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_dhcpd_client_packets" lineno="17593">
+<interface name="corenet_sendrecv_jabber_client_client_packets" lineno="41517">
 <summary>
-Send and receive dhcpd_client packets.
+Send and receive jabber_client_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -32456,9 +34773,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_dhcpd_client_packets" lineno="17609">
+<interface name="corenet_dontaudit_sendrecv_jabber_client_client_packets" lineno="41533">
 <summary>
-Do not audit attempts to send and receive dhcpd_client packets.
+Do not audit attempts to send and receive jabber_client_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -32467,9 +34784,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_dhcpd_client_packets" lineno="17624">
+<interface name="corenet_relabelto_jabber_client_client_packets" lineno="41548">
 <summary>
-Relabel packets to dhcpd_client the packet type.
+Relabel packets to jabber_client_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -32477,9 +34794,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_dhcpd_server_packets" lineno="17644">
+<interface name="corenet_send_jabber_client_server_packets" lineno="41568">
 <summary>
-Send dhcpd_server packets.
+Send jabber_client_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -32488,9 +34805,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_dhcpd_server_packets" lineno="17663">
+<interface name="corenet_dontaudit_send_jabber_client_server_packets" lineno="41587">
 <summary>
-Do not audit attempts to send dhcpd_server packets.
+Do not audit attempts to send jabber_client_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -32499,9 +34816,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_dhcpd_server_packets" lineno="17682">
+<interface name="corenet_receive_jabber_client_server_packets" lineno="41606">
 <summary>
-Receive dhcpd_server packets.
+Receive jabber_client_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -32510,9 +34827,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_dhcpd_server_packets" lineno="17701">
+<interface name="corenet_dontaudit_receive_jabber_client_server_packets" lineno="41625">
 <summary>
-Do not audit attempts to receive dhcpd_server packets.
+Do not audit attempts to receive jabber_client_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -32521,9 +34838,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_dhcpd_server_packets" lineno="17720">
+<interface name="corenet_sendrecv_jabber_client_server_packets" lineno="41644">
 <summary>
-Send and receive dhcpd_server packets.
+Send and receive jabber_client_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -32532,9 +34849,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_dhcpd_server_packets" lineno="17736">
+<interface name="corenet_dontaudit_sendrecv_jabber_client_server_packets" lineno="41660">
 <summary>
-Do not audit attempts to send and receive dhcpd_server packets.
+Do not audit attempts to send and receive jabber_client_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -32543,9 +34860,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_dhcpd_server_packets" lineno="17751">
+<interface name="corenet_relabelto_jabber_client_server_packets" lineno="41675">
 <summary>
-Relabel packets to dhcpd_server the packet type.
+Relabel packets to jabber_client_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -32553,9 +34870,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_dict_port" lineno="17773">
+<interface name="corenet_tcp_sendrecv_jabber_interserver_port" lineno="41697">
 <summary>
-Send and receive TCP traffic on the dict port.
+Send and receive TCP traffic on the jabber_interserver port.
 </summary>
 <param name="domain">
 <summary>
@@ -32564,9 +34881,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_dict_port" lineno="17792">
+<interface name="corenet_udp_send_jabber_interserver_port" lineno="41716">
 <summary>
-Send UDP traffic on the dict port.
+Send UDP traffic on the jabber_interserver port.
 </summary>
 <param name="domain">
 <summary>
@@ -32575,9 +34892,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_dict_port" lineno="17811">
+<interface name="corenet_dontaudit_udp_send_jabber_interserver_port" lineno="41735">
 <summary>
-Do not audit attempts to send UDP traffic on the dict port.
+Do not audit attempts to send UDP traffic on the jabber_interserver port.
 </summary>
 <param name="domain">
 <summary>
@@ -32586,9 +34903,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_dict_port" lineno="17830">
+<interface name="corenet_udp_receive_jabber_interserver_port" lineno="41754">
 <summary>
-Receive UDP traffic on the dict port.
+Receive UDP traffic on the jabber_interserver port.
 </summary>
 <param name="domain">
 <summary>
@@ -32597,9 +34914,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_dict_port" lineno="17849">
+<interface name="corenet_dontaudit_udp_receive_jabber_interserver_port" lineno="41773">
 <summary>
-Do not audit attempts to receive UDP traffic on the dict port.
+Do not audit attempts to receive UDP traffic on the jabber_interserver port.
 </summary>
 <param name="domain">
 <summary>
@@ -32608,9 +34925,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_dict_port" lineno="17868">
+<interface name="corenet_udp_sendrecv_jabber_interserver_port" lineno="41792">
 <summary>
-Send and receive UDP traffic on the dict port.
+Send and receive UDP traffic on the jabber_interserver port.
 </summary>
 <param name="domain">
 <summary>
@@ -32619,10 +34936,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_dict_port" lineno="17885">
+<interface name="corenet_dontaudit_udp_sendrecv_jabber_interserver_port" lineno="41809">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the dict port.
+UDP traffic on the jabber_interserver port.
 </summary>
 <param name="domain">
 <summary>
@@ -32631,9 +34948,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_dict_port" lineno="17901">
+<interface name="corenet_tcp_bind_jabber_interserver_port" lineno="41825">
 <summary>
-Bind TCP sockets to the dict port.
+Bind TCP sockets to the jabber_interserver port.
 </summary>
 <param name="domain">
 <summary>
@@ -32642,9 +34959,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_dict_port" lineno="17921">
+<interface name="corenet_udp_bind_jabber_interserver_port" lineno="41845">
 <summary>
-Bind UDP sockets to the dict port.
+Bind UDP sockets to the jabber_interserver port.
 </summary>
 <param name="domain">
 <summary>
@@ -32653,9 +34970,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_dict_port" lineno="17940">
+<interface name="corenet_tcp_connect_jabber_interserver_port" lineno="41864">
 <summary>
-Make a TCP connection to the dict port.
+Make a TCP connection to the jabber_interserver port.
 </summary>
 <param name="domain">
 <summary>
@@ -32663,9 +34980,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_dict_client_packets" lineno="17960">
+<interface name="corenet_send_jabber_interserver_client_packets" lineno="41884">
 <summary>
-Send dict_client packets.
+Send jabber_interserver_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -32674,9 +34991,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_dict_client_packets" lineno="17979">
+<interface name="corenet_dontaudit_send_jabber_interserver_client_packets" lineno="41903">
 <summary>
-Do not audit attempts to send dict_client packets.
+Do not audit attempts to send jabber_interserver_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -32685,9 +35002,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_dict_client_packets" lineno="17998">
+<interface name="corenet_receive_jabber_interserver_client_packets" lineno="41922">
 <summary>
-Receive dict_client packets.
+Receive jabber_interserver_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -32696,9 +35013,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_dict_client_packets" lineno="18017">
+<interface name="corenet_dontaudit_receive_jabber_interserver_client_packets" lineno="41941">
 <summary>
-Do not audit attempts to receive dict_client packets.
+Do not audit attempts to receive jabber_interserver_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -32707,9 +35024,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_dict_client_packets" lineno="18036">
+<interface name="corenet_sendrecv_jabber_interserver_client_packets" lineno="41960">
 <summary>
-Send and receive dict_client packets.
+Send and receive jabber_interserver_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -32718,9 +35035,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_dict_client_packets" lineno="18052">
+<interface name="corenet_dontaudit_sendrecv_jabber_interserver_client_packets" lineno="41976">
 <summary>
-Do not audit attempts to send and receive dict_client packets.
+Do not audit attempts to send and receive jabber_interserver_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -32729,9 +35046,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_dict_client_packets" lineno="18067">
+<interface name="corenet_relabelto_jabber_interserver_client_packets" lineno="41991">
 <summary>
-Relabel packets to dict_client the packet type.
+Relabel packets to jabber_interserver_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -32739,9 +35056,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_dict_server_packets" lineno="18087">
+<interface name="corenet_send_jabber_interserver_server_packets" lineno="42011">
 <summary>
-Send dict_server packets.
+Send jabber_interserver_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -32750,9 +35067,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_dict_server_packets" lineno="18106">
+<interface name="corenet_dontaudit_send_jabber_interserver_server_packets" lineno="42030">
 <summary>
-Do not audit attempts to send dict_server packets.
+Do not audit attempts to send jabber_interserver_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -32761,9 +35078,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_dict_server_packets" lineno="18125">
+<interface name="corenet_receive_jabber_interserver_server_packets" lineno="42049">
 <summary>
-Receive dict_server packets.
+Receive jabber_interserver_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -32772,9 +35089,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_dict_server_packets" lineno="18144">
+<interface name="corenet_dontaudit_receive_jabber_interserver_server_packets" lineno="42068">
 <summary>
-Do not audit attempts to receive dict_server packets.
+Do not audit attempts to receive jabber_interserver_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -32783,9 +35100,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_dict_server_packets" lineno="18163">
+<interface name="corenet_sendrecv_jabber_interserver_server_packets" lineno="42087">
 <summary>
-Send and receive dict_server packets.
+Send and receive jabber_interserver_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -32794,9 +35111,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_dict_server_packets" lineno="18179">
+<interface name="corenet_dontaudit_sendrecv_jabber_interserver_server_packets" lineno="42103">
 <summary>
-Do not audit attempts to send and receive dict_server packets.
+Do not audit attempts to send and receive jabber_interserver_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -32805,9 +35122,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_dict_server_packets" lineno="18194">
+<interface name="corenet_relabelto_jabber_interserver_server_packets" lineno="42118">
 <summary>
-Relabel packets to dict_server the packet type.
+Relabel packets to jabber_interserver_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -32815,9 +35132,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_distccd_port" lineno="18216">
+<interface name="corenet_tcp_sendrecv_jboss_iiop_port" lineno="42140">
 <summary>
-Send and receive TCP traffic on the distccd port.
+Send and receive TCP traffic on the jboss_iiop port.
 </summary>
 <param name="domain">
 <summary>
@@ -32826,9 +35143,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_distccd_port" lineno="18235">
+<interface name="corenet_udp_send_jboss_iiop_port" lineno="42159">
 <summary>
-Send UDP traffic on the distccd port.
+Send UDP traffic on the jboss_iiop port.
 </summary>
 <param name="domain">
 <summary>
@@ -32837,9 +35154,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_distccd_port" lineno="18254">
+<interface name="corenet_dontaudit_udp_send_jboss_iiop_port" lineno="42178">
 <summary>
-Do not audit attempts to send UDP traffic on the distccd port.
+Do not audit attempts to send UDP traffic on the jboss_iiop port.
 </summary>
 <param name="domain">
 <summary>
@@ -32848,9 +35165,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_distccd_port" lineno="18273">
+<interface name="corenet_udp_receive_jboss_iiop_port" lineno="42197">
 <summary>
-Receive UDP traffic on the distccd port.
+Receive UDP traffic on the jboss_iiop port.
 </summary>
 <param name="domain">
 <summary>
@@ -32859,9 +35176,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_distccd_port" lineno="18292">
+<interface name="corenet_dontaudit_udp_receive_jboss_iiop_port" lineno="42216">
 <summary>
-Do not audit attempts to receive UDP traffic on the distccd port.
+Do not audit attempts to receive UDP traffic on the jboss_iiop port.
 </summary>
 <param name="domain">
 <summary>
@@ -32870,9 +35187,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_distccd_port" lineno="18311">
+<interface name="corenet_udp_sendrecv_jboss_iiop_port" lineno="42235">
 <summary>
-Send and receive UDP traffic on the distccd port.
+Send and receive UDP traffic on the jboss_iiop port.
 </summary>
 <param name="domain">
 <summary>
@@ -32881,10 +35198,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_distccd_port" lineno="18328">
+<interface name="corenet_dontaudit_udp_sendrecv_jboss_iiop_port" lineno="42252">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the distccd port.
+UDP traffic on the jboss_iiop port.
 </summary>
 <param name="domain">
 <summary>
@@ -32893,9 +35210,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_distccd_port" lineno="18344">
+<interface name="corenet_tcp_bind_jboss_iiop_port" lineno="42268">
 <summary>
-Bind TCP sockets to the distccd port.
+Bind TCP sockets to the jboss_iiop port.
 </summary>
 <param name="domain">
 <summary>
@@ -32904,9 +35221,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_distccd_port" lineno="18364">
+<interface name="corenet_udp_bind_jboss_iiop_port" lineno="42288">
 <summary>
-Bind UDP sockets to the distccd port.
+Bind UDP sockets to the jboss_iiop port.
 </summary>
 <param name="domain">
 <summary>
@@ -32915,9 +35232,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_distccd_port" lineno="18383">
+<interface name="corenet_tcp_connect_jboss_iiop_port" lineno="42307">
 <summary>
-Make a TCP connection to the distccd port.
+Make a TCP connection to the jboss_iiop port.
 </summary>
 <param name="domain">
 <summary>
@@ -32925,9 +35242,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_distccd_client_packets" lineno="18403">
+<interface name="corenet_send_jboss_iiop_client_packets" lineno="42327">
 <summary>
-Send distccd_client packets.
+Send jboss_iiop_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -32936,9 +35253,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_distccd_client_packets" lineno="18422">
+<interface name="corenet_dontaudit_send_jboss_iiop_client_packets" lineno="42346">
 <summary>
-Do not audit attempts to send distccd_client packets.
+Do not audit attempts to send jboss_iiop_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -32947,9 +35264,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_distccd_client_packets" lineno="18441">
+<interface name="corenet_receive_jboss_iiop_client_packets" lineno="42365">
 <summary>
-Receive distccd_client packets.
+Receive jboss_iiop_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -32958,9 +35275,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_distccd_client_packets" lineno="18460">
+<interface name="corenet_dontaudit_receive_jboss_iiop_client_packets" lineno="42384">
 <summary>
-Do not audit attempts to receive distccd_client packets.
+Do not audit attempts to receive jboss_iiop_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -32969,9 +35286,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_distccd_client_packets" lineno="18479">
+<interface name="corenet_sendrecv_jboss_iiop_client_packets" lineno="42403">
 <summary>
-Send and receive distccd_client packets.
+Send and receive jboss_iiop_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -32980,9 +35297,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_distccd_client_packets" lineno="18495">
+<interface name="corenet_dontaudit_sendrecv_jboss_iiop_client_packets" lineno="42419">
 <summary>
-Do not audit attempts to send and receive distccd_client packets.
+Do not audit attempts to send and receive jboss_iiop_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -32991,9 +35308,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_distccd_client_packets" lineno="18510">
+<interface name="corenet_relabelto_jboss_iiop_client_packets" lineno="42434">
 <summary>
-Relabel packets to distccd_client the packet type.
+Relabel packets to jboss_iiop_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -33001,9 +35318,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_distccd_server_packets" lineno="18530">
+<interface name="corenet_send_jboss_iiop_server_packets" lineno="42454">
 <summary>
-Send distccd_server packets.
+Send jboss_iiop_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -33012,9 +35329,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_distccd_server_packets" lineno="18549">
+<interface name="corenet_dontaudit_send_jboss_iiop_server_packets" lineno="42473">
 <summary>
-Do not audit attempts to send distccd_server packets.
+Do not audit attempts to send jboss_iiop_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -33023,9 +35340,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_distccd_server_packets" lineno="18568">
+<interface name="corenet_receive_jboss_iiop_server_packets" lineno="42492">
 <summary>
-Receive distccd_server packets.
+Receive jboss_iiop_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -33034,9 +35351,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_distccd_server_packets" lineno="18587">
+<interface name="corenet_dontaudit_receive_jboss_iiop_server_packets" lineno="42511">
 <summary>
-Do not audit attempts to receive distccd_server packets.
+Do not audit attempts to receive jboss_iiop_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -33045,9 +35362,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_distccd_server_packets" lineno="18606">
+<interface name="corenet_sendrecv_jboss_iiop_server_packets" lineno="42530">
 <summary>
-Send and receive distccd_server packets.
+Send and receive jboss_iiop_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -33056,9 +35373,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_distccd_server_packets" lineno="18622">
+<interface name="corenet_dontaudit_sendrecv_jboss_iiop_server_packets" lineno="42546">
 <summary>
-Do not audit attempts to send and receive distccd_server packets.
+Do not audit attempts to send and receive jboss_iiop_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -33067,9 +35384,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_distccd_server_packets" lineno="18637">
+<interface name="corenet_relabelto_jboss_iiop_server_packets" lineno="42561">
 <summary>
-Relabel packets to distccd_server the packet type.
+Relabel packets to jboss_iiop_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -33077,9 +35394,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_dns_port" lineno="18659">
+<interface name="corenet_tcp_sendrecv_kerberos_port" lineno="42583">
 <summary>
-Send and receive TCP traffic on the dns port.
+Send and receive TCP traffic on the kerberos port.
 </summary>
 <param name="domain">
 <summary>
@@ -33088,9 +35405,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_dns_port" lineno="18678">
+<interface name="corenet_udp_send_kerberos_port" lineno="42602">
 <summary>
-Send UDP traffic on the dns port.
+Send UDP traffic on the kerberos port.
 </summary>
 <param name="domain">
 <summary>
@@ -33099,9 +35416,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_dns_port" lineno="18697">
+<interface name="corenet_dontaudit_udp_send_kerberos_port" lineno="42621">
 <summary>
-Do not audit attempts to send UDP traffic on the dns port.
+Do not audit attempts to send UDP traffic on the kerberos port.
 </summary>
 <param name="domain">
 <summary>
@@ -33110,9 +35427,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_dns_port" lineno="18716">
+<interface name="corenet_udp_receive_kerberos_port" lineno="42640">
 <summary>
-Receive UDP traffic on the dns port.
+Receive UDP traffic on the kerberos port.
 </summary>
 <param name="domain">
 <summary>
@@ -33121,9 +35438,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_dns_port" lineno="18735">
+<interface name="corenet_dontaudit_udp_receive_kerberos_port" lineno="42659">
 <summary>
-Do not audit attempts to receive UDP traffic on the dns port.
+Do not audit attempts to receive UDP traffic on the kerberos port.
 </summary>
 <param name="domain">
 <summary>
@@ -33132,9 +35449,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_dns_port" lineno="18754">
+<interface name="corenet_udp_sendrecv_kerberos_port" lineno="42678">
 <summary>
-Send and receive UDP traffic on the dns port.
+Send and receive UDP traffic on the kerberos port.
 </summary>
 <param name="domain">
 <summary>
@@ -33143,10 +35460,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_dns_port" lineno="18771">
+<interface name="corenet_dontaudit_udp_sendrecv_kerberos_port" lineno="42695">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the dns port.
+UDP traffic on the kerberos port.
 </summary>
 <param name="domain">
 <summary>
@@ -33155,9 +35472,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_dns_port" lineno="18787">
+<interface name="corenet_tcp_bind_kerberos_port" lineno="42711">
 <summary>
-Bind TCP sockets to the dns port.
+Bind TCP sockets to the kerberos port.
 </summary>
 <param name="domain">
 <summary>
@@ -33166,9 +35483,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_dns_port" lineno="18807">
+<interface name="corenet_udp_bind_kerberos_port" lineno="42731">
 <summary>
-Bind UDP sockets to the dns port.
+Bind UDP sockets to the kerberos port.
 </summary>
 <param name="domain">
 <summary>
@@ -33177,9 +35494,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_dns_port" lineno="18826">
+<interface name="corenet_tcp_connect_kerberos_port" lineno="42750">
 <summary>
-Make a TCP connection to the dns port.
+Make a TCP connection to the kerberos port.
 </summary>
 <param name="domain">
 <summary>
@@ -33187,9 +35504,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_dns_client_packets" lineno="18846">
+<interface name="corenet_send_kerberos_client_packets" lineno="42770">
 <summary>
-Send dns_client packets.
+Send kerberos_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -33198,9 +35515,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_dns_client_packets" lineno="18865">
+<interface name="corenet_dontaudit_send_kerberos_client_packets" lineno="42789">
 <summary>
-Do not audit attempts to send dns_client packets.
+Do not audit attempts to send kerberos_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -33209,9 +35526,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_dns_client_packets" lineno="18884">
+<interface name="corenet_receive_kerberos_client_packets" lineno="42808">
 <summary>
-Receive dns_client packets.
+Receive kerberos_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -33220,9 +35537,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_dns_client_packets" lineno="18903">
+<interface name="corenet_dontaudit_receive_kerberos_client_packets" lineno="42827">
 <summary>
-Do not audit attempts to receive dns_client packets.
+Do not audit attempts to receive kerberos_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -33231,9 +35548,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_dns_client_packets" lineno="18922">
+<interface name="corenet_sendrecv_kerberos_client_packets" lineno="42846">
 <summary>
-Send and receive dns_client packets.
+Send and receive kerberos_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -33242,9 +35559,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_dns_client_packets" lineno="18938">
+<interface name="corenet_dontaudit_sendrecv_kerberos_client_packets" lineno="42862">
 <summary>
-Do not audit attempts to send and receive dns_client packets.
+Do not audit attempts to send and receive kerberos_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -33253,9 +35570,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_dns_client_packets" lineno="18953">
+<interface name="corenet_relabelto_kerberos_client_packets" lineno="42877">
 <summary>
-Relabel packets to dns_client the packet type.
+Relabel packets to kerberos_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -33263,9 +35580,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_dns_server_packets" lineno="18973">
+<interface name="corenet_send_kerberos_server_packets" lineno="42897">
 <summary>
-Send dns_server packets.
+Send kerberos_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -33274,9 +35591,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_dns_server_packets" lineno="18992">
+<interface name="corenet_dontaudit_send_kerberos_server_packets" lineno="42916">
 <summary>
-Do not audit attempts to send dns_server packets.
+Do not audit attempts to send kerberos_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -33285,9 +35602,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_dns_server_packets" lineno="19011">
+<interface name="corenet_receive_kerberos_server_packets" lineno="42935">
 <summary>
-Receive dns_server packets.
+Receive kerberos_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -33296,9 +35613,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_dns_server_packets" lineno="19030">
+<interface name="corenet_dontaudit_receive_kerberos_server_packets" lineno="42954">
 <summary>
-Do not audit attempts to receive dns_server packets.
+Do not audit attempts to receive kerberos_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -33307,9 +35624,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_dns_server_packets" lineno="19049">
+<interface name="corenet_sendrecv_kerberos_server_packets" lineno="42973">
 <summary>
-Send and receive dns_server packets.
+Send and receive kerberos_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -33318,9 +35635,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_dns_server_packets" lineno="19065">
+<interface name="corenet_dontaudit_sendrecv_kerberos_server_packets" lineno="42989">
 <summary>
-Do not audit attempts to send and receive dns_server packets.
+Do not audit attempts to send and receive kerberos_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -33329,9 +35646,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_dns_server_packets" lineno="19080">
+<interface name="corenet_relabelto_kerberos_server_packets" lineno="43004">
 <summary>
-Relabel packets to dns_server the packet type.
+Relabel packets to kerberos_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -33339,9 +35656,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_epmap_port" lineno="19102">
+<interface name="corenet_tcp_sendrecv_kerberos_admin_port" lineno="43026">
 <summary>
-Send and receive TCP traffic on the epmap port.
+Send and receive TCP traffic on the kerberos_admin port.
 </summary>
 <param name="domain">
 <summary>
@@ -33350,9 +35667,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_epmap_port" lineno="19121">
+<interface name="corenet_udp_send_kerberos_admin_port" lineno="43045">
 <summary>
-Send UDP traffic on the epmap port.
+Send UDP traffic on the kerberos_admin port.
 </summary>
 <param name="domain">
 <summary>
@@ -33361,9 +35678,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_epmap_port" lineno="19140">
+<interface name="corenet_dontaudit_udp_send_kerberos_admin_port" lineno="43064">
 <summary>
-Do not audit attempts to send UDP traffic on the epmap port.
+Do not audit attempts to send UDP traffic on the kerberos_admin port.
 </summary>
 <param name="domain">
 <summary>
@@ -33372,9 +35689,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_epmap_port" lineno="19159">
+<interface name="corenet_udp_receive_kerberos_admin_port" lineno="43083">
 <summary>
-Receive UDP traffic on the epmap port.
+Receive UDP traffic on the kerberos_admin port.
 </summary>
 <param name="domain">
 <summary>
@@ -33383,9 +35700,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_epmap_port" lineno="19178">
+<interface name="corenet_dontaudit_udp_receive_kerberos_admin_port" lineno="43102">
 <summary>
-Do not audit attempts to receive UDP traffic on the epmap port.
+Do not audit attempts to receive UDP traffic on the kerberos_admin port.
 </summary>
 <param name="domain">
 <summary>
@@ -33394,9 +35711,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_epmap_port" lineno="19197">
+<interface name="corenet_udp_sendrecv_kerberos_admin_port" lineno="43121">
 <summary>
-Send and receive UDP traffic on the epmap port.
+Send and receive UDP traffic on the kerberos_admin port.
 </summary>
 <param name="domain">
 <summary>
@@ -33405,10 +35722,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_epmap_port" lineno="19214">
+<interface name="corenet_dontaudit_udp_sendrecv_kerberos_admin_port" lineno="43138">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the epmap port.
+UDP traffic on the kerberos_admin port.
 </summary>
 <param name="domain">
 <summary>
@@ -33417,9 +35734,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_epmap_port" lineno="19230">
+<interface name="corenet_tcp_bind_kerberos_admin_port" lineno="43154">
 <summary>
-Bind TCP sockets to the epmap port.
+Bind TCP sockets to the kerberos_admin port.
 </summary>
 <param name="domain">
 <summary>
@@ -33428,9 +35745,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_epmap_port" lineno="19250">
+<interface name="corenet_udp_bind_kerberos_admin_port" lineno="43174">
 <summary>
-Bind UDP sockets to the epmap port.
+Bind UDP sockets to the kerberos_admin port.
 </summary>
 <param name="domain">
 <summary>
@@ -33439,9 +35756,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_epmap_port" lineno="19269">
+<interface name="corenet_tcp_connect_kerberos_admin_port" lineno="43193">
 <summary>
-Make a TCP connection to the epmap port.
+Make a TCP connection to the kerberos_admin port.
 </summary>
 <param name="domain">
 <summary>
@@ -33449,9 +35766,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_epmap_client_packets" lineno="19289">
+<interface name="corenet_send_kerberos_admin_client_packets" lineno="43213">
 <summary>
-Send epmap_client packets.
+Send kerberos_admin_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -33460,9 +35777,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_epmap_client_packets" lineno="19308">
+<interface name="corenet_dontaudit_send_kerberos_admin_client_packets" lineno="43232">
 <summary>
-Do not audit attempts to send epmap_client packets.
+Do not audit attempts to send kerberos_admin_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -33471,9 +35788,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_epmap_client_packets" lineno="19327">
+<interface name="corenet_receive_kerberos_admin_client_packets" lineno="43251">
 <summary>
-Receive epmap_client packets.
+Receive kerberos_admin_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -33482,9 +35799,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_epmap_client_packets" lineno="19346">
+<interface name="corenet_dontaudit_receive_kerberos_admin_client_packets" lineno="43270">
 <summary>
-Do not audit attempts to receive epmap_client packets.
+Do not audit attempts to receive kerberos_admin_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -33493,9 +35810,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_epmap_client_packets" lineno="19365">
+<interface name="corenet_sendrecv_kerberos_admin_client_packets" lineno="43289">
 <summary>
-Send and receive epmap_client packets.
+Send and receive kerberos_admin_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -33504,9 +35821,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_epmap_client_packets" lineno="19381">
+<interface name="corenet_dontaudit_sendrecv_kerberos_admin_client_packets" lineno="43305">
 <summary>
-Do not audit attempts to send and receive epmap_client packets.
+Do not audit attempts to send and receive kerberos_admin_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -33515,9 +35832,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_epmap_client_packets" lineno="19396">
+<interface name="corenet_relabelto_kerberos_admin_client_packets" lineno="43320">
 <summary>
-Relabel packets to epmap_client the packet type.
+Relabel packets to kerberos_admin_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -33525,9 +35842,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_epmap_server_packets" lineno="19416">
+<interface name="corenet_send_kerberos_admin_server_packets" lineno="43340">
 <summary>
-Send epmap_server packets.
+Send kerberos_admin_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -33536,9 +35853,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_epmap_server_packets" lineno="19435">
+<interface name="corenet_dontaudit_send_kerberos_admin_server_packets" lineno="43359">
 <summary>
-Do not audit attempts to send epmap_server packets.
+Do not audit attempts to send kerberos_admin_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -33547,9 +35864,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_epmap_server_packets" lineno="19454">
+<interface name="corenet_receive_kerberos_admin_server_packets" lineno="43378">
 <summary>
-Receive epmap_server packets.
+Receive kerberos_admin_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -33558,9 +35875,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_epmap_server_packets" lineno="19473">
+<interface name="corenet_dontaudit_receive_kerberos_admin_server_packets" lineno="43397">
 <summary>
-Do not audit attempts to receive epmap_server packets.
+Do not audit attempts to receive kerberos_admin_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -33569,9 +35886,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_epmap_server_packets" lineno="19492">
+<interface name="corenet_sendrecv_kerberos_admin_server_packets" lineno="43416">
 <summary>
-Send and receive epmap_server packets.
+Send and receive kerberos_admin_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -33580,9 +35897,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_epmap_server_packets" lineno="19508">
+<interface name="corenet_dontaudit_sendrecv_kerberos_admin_server_packets" lineno="43432">
 <summary>
-Do not audit attempts to send and receive epmap_server packets.
+Do not audit attempts to send and receive kerberos_admin_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -33591,9 +35908,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_epmap_server_packets" lineno="19523">
+<interface name="corenet_relabelto_kerberos_admin_server_packets" lineno="43447">
 <summary>
-Relabel packets to epmap_server the packet type.
+Relabel packets to kerberos_admin_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -33601,9 +35918,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_fingerd_port" lineno="19545">
+<interface name="corenet_tcp_sendrecv_kerberos_master_port" lineno="43469">
 <summary>
-Send and receive TCP traffic on the fingerd port.
+Send and receive TCP traffic on the kerberos_master port.
 </summary>
 <param name="domain">
 <summary>
@@ -33612,9 +35929,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_fingerd_port" lineno="19564">
+<interface name="corenet_udp_send_kerberos_master_port" lineno="43488">
 <summary>
-Send UDP traffic on the fingerd port.
+Send UDP traffic on the kerberos_master port.
 </summary>
 <param name="domain">
 <summary>
@@ -33623,9 +35940,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_fingerd_port" lineno="19583">
+<interface name="corenet_dontaudit_udp_send_kerberos_master_port" lineno="43507">
 <summary>
-Do not audit attempts to send UDP traffic on the fingerd port.
+Do not audit attempts to send UDP traffic on the kerberos_master port.
 </summary>
 <param name="domain">
 <summary>
@@ -33634,9 +35951,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_fingerd_port" lineno="19602">
+<interface name="corenet_udp_receive_kerberos_master_port" lineno="43526">
 <summary>
-Receive UDP traffic on the fingerd port.
+Receive UDP traffic on the kerberos_master port.
 </summary>
 <param name="domain">
 <summary>
@@ -33645,9 +35962,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_fingerd_port" lineno="19621">
+<interface name="corenet_dontaudit_udp_receive_kerberos_master_port" lineno="43545">
 <summary>
-Do not audit attempts to receive UDP traffic on the fingerd port.
+Do not audit attempts to receive UDP traffic on the kerberos_master port.
 </summary>
 <param name="domain">
 <summary>
@@ -33656,9 +35973,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_fingerd_port" lineno="19640">
+<interface name="corenet_udp_sendrecv_kerberos_master_port" lineno="43564">
 <summary>
-Send and receive UDP traffic on the fingerd port.
+Send and receive UDP traffic on the kerberos_master port.
 </summary>
 <param name="domain">
 <summary>
@@ -33667,10 +35984,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_fingerd_port" lineno="19657">
+<interface name="corenet_dontaudit_udp_sendrecv_kerberos_master_port" lineno="43581">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the fingerd port.
+UDP traffic on the kerberos_master port.
 </summary>
 <param name="domain">
 <summary>
@@ -33679,9 +35996,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_fingerd_port" lineno="19673">
+<interface name="corenet_tcp_bind_kerberos_master_port" lineno="43597">
 <summary>
-Bind TCP sockets to the fingerd port.
+Bind TCP sockets to the kerberos_master port.
 </summary>
 <param name="domain">
 <summary>
@@ -33690,9 +36007,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_fingerd_port" lineno="19693">
+<interface name="corenet_udp_bind_kerberos_master_port" lineno="43617">
 <summary>
-Bind UDP sockets to the fingerd port.
+Bind UDP sockets to the kerberos_master port.
 </summary>
 <param name="domain">
 <summary>
@@ -33701,9 +36018,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_fingerd_port" lineno="19712">
+<interface name="corenet_tcp_connect_kerberos_master_port" lineno="43636">
 <summary>
-Make a TCP connection to the fingerd port.
+Make a TCP connection to the kerberos_master port.
 </summary>
 <param name="domain">
 <summary>
@@ -33711,9 +36028,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_fingerd_client_packets" lineno="19732">
+<interface name="corenet_send_kerberos_master_client_packets" lineno="43656">
 <summary>
-Send fingerd_client packets.
+Send kerberos_master_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -33722,9 +36039,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_fingerd_client_packets" lineno="19751">
+<interface name="corenet_dontaudit_send_kerberos_master_client_packets" lineno="43675">
 <summary>
-Do not audit attempts to send fingerd_client packets.
+Do not audit attempts to send kerberos_master_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -33733,9 +36050,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_fingerd_client_packets" lineno="19770">
+<interface name="corenet_receive_kerberos_master_client_packets" lineno="43694">
 <summary>
-Receive fingerd_client packets.
+Receive kerberos_master_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -33744,9 +36061,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_fingerd_client_packets" lineno="19789">
+<interface name="corenet_dontaudit_receive_kerberos_master_client_packets" lineno="43713">
 <summary>
-Do not audit attempts to receive fingerd_client packets.
+Do not audit attempts to receive kerberos_master_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -33755,9 +36072,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_fingerd_client_packets" lineno="19808">
+<interface name="corenet_sendrecv_kerberos_master_client_packets" lineno="43732">
 <summary>
-Send and receive fingerd_client packets.
+Send and receive kerberos_master_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -33766,9 +36083,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_fingerd_client_packets" lineno="19824">
+<interface name="corenet_dontaudit_sendrecv_kerberos_master_client_packets" lineno="43748">
 <summary>
-Do not audit attempts to send and receive fingerd_client packets.
+Do not audit attempts to send and receive kerberos_master_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -33777,9 +36094,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_fingerd_client_packets" lineno="19839">
+<interface name="corenet_relabelto_kerberos_master_client_packets" lineno="43763">
 <summary>
-Relabel packets to fingerd_client the packet type.
+Relabel packets to kerberos_master_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -33787,9 +36104,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_fingerd_server_packets" lineno="19859">
+<interface name="corenet_send_kerberos_master_server_packets" lineno="43783">
 <summary>
-Send fingerd_server packets.
+Send kerberos_master_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -33798,9 +36115,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_fingerd_server_packets" lineno="19878">
+<interface name="corenet_dontaudit_send_kerberos_master_server_packets" lineno="43802">
 <summary>
-Do not audit attempts to send fingerd_server packets.
+Do not audit attempts to send kerberos_master_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -33809,9 +36126,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_fingerd_server_packets" lineno="19897">
+<interface name="corenet_receive_kerberos_master_server_packets" lineno="43821">
 <summary>
-Receive fingerd_server packets.
+Receive kerberos_master_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -33820,9 +36137,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_fingerd_server_packets" lineno="19916">
+<interface name="corenet_dontaudit_receive_kerberos_master_server_packets" lineno="43840">
 <summary>
-Do not audit attempts to receive fingerd_server packets.
+Do not audit attempts to receive kerberos_master_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -33831,9 +36148,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_fingerd_server_packets" lineno="19935">
+<interface name="corenet_sendrecv_kerberos_master_server_packets" lineno="43859">
 <summary>
-Send and receive fingerd_server packets.
+Send and receive kerberos_master_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -33842,9 +36159,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_fingerd_server_packets" lineno="19951">
+<interface name="corenet_dontaudit_sendrecv_kerberos_master_server_packets" lineno="43875">
 <summary>
-Do not audit attempts to send and receive fingerd_server packets.
+Do not audit attempts to send and receive kerberos_master_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -33853,9 +36170,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_fingerd_server_packets" lineno="19966">
+<interface name="corenet_relabelto_kerberos_master_server_packets" lineno="43890">
 <summary>
-Relabel packets to fingerd_server the packet type.
+Relabel packets to kerberos_master_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -33863,9 +36180,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_ftp_port" lineno="19988">
+<interface name="corenet_tcp_sendrecv_kismet_port" lineno="43912">
 <summary>
-Send and receive TCP traffic on the ftp port.
+Send and receive TCP traffic on the kismet port.
 </summary>
 <param name="domain">
 <summary>
@@ -33874,9 +36191,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_ftp_port" lineno="20007">
+<interface name="corenet_udp_send_kismet_port" lineno="43931">
 <summary>
-Send UDP traffic on the ftp port.
+Send UDP traffic on the kismet port.
 </summary>
 <param name="domain">
 <summary>
@@ -33885,9 +36202,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_ftp_port" lineno="20026">
+<interface name="corenet_dontaudit_udp_send_kismet_port" lineno="43950">
 <summary>
-Do not audit attempts to send UDP traffic on the ftp port.
+Do not audit attempts to send UDP traffic on the kismet port.
 </summary>
 <param name="domain">
 <summary>
@@ -33896,9 +36213,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_ftp_port" lineno="20045">
+<interface name="corenet_udp_receive_kismet_port" lineno="43969">
 <summary>
-Receive UDP traffic on the ftp port.
+Receive UDP traffic on the kismet port.
 </summary>
 <param name="domain">
 <summary>
@@ -33907,9 +36224,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_ftp_port" lineno="20064">
+<interface name="corenet_dontaudit_udp_receive_kismet_port" lineno="43988">
 <summary>
-Do not audit attempts to receive UDP traffic on the ftp port.
+Do not audit attempts to receive UDP traffic on the kismet port.
 </summary>
 <param name="domain">
 <summary>
@@ -33918,9 +36235,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_ftp_port" lineno="20083">
+<interface name="corenet_udp_sendrecv_kismet_port" lineno="44007">
 <summary>
-Send and receive UDP traffic on the ftp port.
+Send and receive UDP traffic on the kismet port.
 </summary>
 <param name="domain">
 <summary>
@@ -33929,10 +36246,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_ftp_port" lineno="20100">
+<interface name="corenet_dontaudit_udp_sendrecv_kismet_port" lineno="44024">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the ftp port.
+UDP traffic on the kismet port.
 </summary>
 <param name="domain">
 <summary>
@@ -33941,9 +36258,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_ftp_port" lineno="20116">
+<interface name="corenet_tcp_bind_kismet_port" lineno="44040">
 <summary>
-Bind TCP sockets to the ftp port.
+Bind TCP sockets to the kismet port.
 </summary>
 <param name="domain">
 <summary>
@@ -33952,9 +36269,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_ftp_port" lineno="20136">
+<interface name="corenet_udp_bind_kismet_port" lineno="44060">
 <summary>
-Bind UDP sockets to the ftp port.
+Bind UDP sockets to the kismet port.
 </summary>
 <param name="domain">
 <summary>
@@ -33963,9 +36280,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_ftp_port" lineno="20155">
+<interface name="corenet_tcp_connect_kismet_port" lineno="44079">
 <summary>
-Make a TCP connection to the ftp port.
+Make a TCP connection to the kismet port.
 </summary>
 <param name="domain">
 <summary>
@@ -33973,9 +36290,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_ftp_client_packets" lineno="20175">
+<interface name="corenet_send_kismet_client_packets" lineno="44099">
 <summary>
-Send ftp_client packets.
+Send kismet_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -33984,9 +36301,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_ftp_client_packets" lineno="20194">
+<interface name="corenet_dontaudit_send_kismet_client_packets" lineno="44118">
 <summary>
-Do not audit attempts to send ftp_client packets.
+Do not audit attempts to send kismet_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -33995,9 +36312,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_ftp_client_packets" lineno="20213">
+<interface name="corenet_receive_kismet_client_packets" lineno="44137">
 <summary>
-Receive ftp_client packets.
+Receive kismet_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34006,9 +36323,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_ftp_client_packets" lineno="20232">
+<interface name="corenet_dontaudit_receive_kismet_client_packets" lineno="44156">
 <summary>
-Do not audit attempts to receive ftp_client packets.
+Do not audit attempts to receive kismet_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34017,9 +36334,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_ftp_client_packets" lineno="20251">
+<interface name="corenet_sendrecv_kismet_client_packets" lineno="44175">
 <summary>
-Send and receive ftp_client packets.
+Send and receive kismet_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34028,9 +36345,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_ftp_client_packets" lineno="20267">
+<interface name="corenet_dontaudit_sendrecv_kismet_client_packets" lineno="44191">
 <summary>
-Do not audit attempts to send and receive ftp_client packets.
+Do not audit attempts to send and receive kismet_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34039,9 +36356,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_ftp_client_packets" lineno="20282">
+<interface name="corenet_relabelto_kismet_client_packets" lineno="44206">
 <summary>
-Relabel packets to ftp_client the packet type.
+Relabel packets to kismet_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -34049,9 +36366,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_ftp_server_packets" lineno="20302">
+<interface name="corenet_send_kismet_server_packets" lineno="44226">
 <summary>
-Send ftp_server packets.
+Send kismet_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34060,9 +36377,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_ftp_server_packets" lineno="20321">
+<interface name="corenet_dontaudit_send_kismet_server_packets" lineno="44245">
 <summary>
-Do not audit attempts to send ftp_server packets.
+Do not audit attempts to send kismet_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34071,9 +36388,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_ftp_server_packets" lineno="20340">
+<interface name="corenet_receive_kismet_server_packets" lineno="44264">
 <summary>
-Receive ftp_server packets.
+Receive kismet_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34082,9 +36399,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_ftp_server_packets" lineno="20359">
+<interface name="corenet_dontaudit_receive_kismet_server_packets" lineno="44283">
 <summary>
-Do not audit attempts to receive ftp_server packets.
+Do not audit attempts to receive kismet_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34093,9 +36410,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_ftp_server_packets" lineno="20378">
+<interface name="corenet_sendrecv_kismet_server_packets" lineno="44302">
 <summary>
-Send and receive ftp_server packets.
+Send and receive kismet_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34104,9 +36421,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_ftp_server_packets" lineno="20394">
+<interface name="corenet_dontaudit_sendrecv_kismet_server_packets" lineno="44318">
 <summary>
-Do not audit attempts to send and receive ftp_server packets.
+Do not audit attempts to send and receive kismet_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34115,9 +36432,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_ftp_server_packets" lineno="20409">
+<interface name="corenet_relabelto_kismet_server_packets" lineno="44333">
 <summary>
-Relabel packets to ftp_server the packet type.
+Relabel packets to kismet_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -34125,9 +36442,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_ftp_data_port" lineno="20431">
+<interface name="corenet_tcp_sendrecv_kdeconnect_port" lineno="44355">
 <summary>
-Send and receive TCP traffic on the ftp_data port.
+Send and receive TCP traffic on the kdeconnect port.
 </summary>
 <param name="domain">
 <summary>
@@ -34136,9 +36453,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_ftp_data_port" lineno="20450">
+<interface name="corenet_udp_send_kdeconnect_port" lineno="44374">
 <summary>
-Send UDP traffic on the ftp_data port.
+Send UDP traffic on the kdeconnect port.
 </summary>
 <param name="domain">
 <summary>
@@ -34147,9 +36464,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_ftp_data_port" lineno="20469">
+<interface name="corenet_dontaudit_udp_send_kdeconnect_port" lineno="44393">
 <summary>
-Do not audit attempts to send UDP traffic on the ftp_data port.
+Do not audit attempts to send UDP traffic on the kdeconnect port.
 </summary>
 <param name="domain">
 <summary>
@@ -34158,9 +36475,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_ftp_data_port" lineno="20488">
+<interface name="corenet_udp_receive_kdeconnect_port" lineno="44412">
 <summary>
-Receive UDP traffic on the ftp_data port.
+Receive UDP traffic on the kdeconnect port.
 </summary>
 <param name="domain">
 <summary>
@@ -34169,9 +36486,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_ftp_data_port" lineno="20507">
+<interface name="corenet_dontaudit_udp_receive_kdeconnect_port" lineno="44431">
 <summary>
-Do not audit attempts to receive UDP traffic on the ftp_data port.
+Do not audit attempts to receive UDP traffic on the kdeconnect port.
 </summary>
 <param name="domain">
 <summary>
@@ -34180,9 +36497,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_ftp_data_port" lineno="20526">
+<interface name="corenet_udp_sendrecv_kdeconnect_port" lineno="44450">
 <summary>
-Send and receive UDP traffic on the ftp_data port.
+Send and receive UDP traffic on the kdeconnect port.
 </summary>
 <param name="domain">
 <summary>
@@ -34191,10 +36508,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_ftp_data_port" lineno="20543">
+<interface name="corenet_dontaudit_udp_sendrecv_kdeconnect_port" lineno="44467">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the ftp_data port.
+UDP traffic on the kdeconnect port.
 </summary>
 <param name="domain">
 <summary>
@@ -34203,9 +36520,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_ftp_data_port" lineno="20559">
+<interface name="corenet_tcp_bind_kdeconnect_port" lineno="44483">
 <summary>
-Bind TCP sockets to the ftp_data port.
+Bind TCP sockets to the kdeconnect port.
 </summary>
 <param name="domain">
 <summary>
@@ -34214,9 +36531,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_ftp_data_port" lineno="20579">
+<interface name="corenet_udp_bind_kdeconnect_port" lineno="44503">
 <summary>
-Bind UDP sockets to the ftp_data port.
+Bind UDP sockets to the kdeconnect port.
 </summary>
 <param name="domain">
 <summary>
@@ -34225,9 +36542,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_ftp_data_port" lineno="20598">
+<interface name="corenet_tcp_connect_kdeconnect_port" lineno="44522">
 <summary>
-Make a TCP connection to the ftp_data port.
+Make a TCP connection to the kdeconnect port.
 </summary>
 <param name="domain">
 <summary>
@@ -34235,9 +36552,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_ftp_data_client_packets" lineno="20618">
+<interface name="corenet_send_kdeconnect_client_packets" lineno="44542">
 <summary>
-Send ftp_data_client packets.
+Send kdeconnect_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34246,9 +36563,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_ftp_data_client_packets" lineno="20637">
+<interface name="corenet_dontaudit_send_kdeconnect_client_packets" lineno="44561">
 <summary>
-Do not audit attempts to send ftp_data_client packets.
+Do not audit attempts to send kdeconnect_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34257,9 +36574,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_ftp_data_client_packets" lineno="20656">
+<interface name="corenet_receive_kdeconnect_client_packets" lineno="44580">
 <summary>
-Receive ftp_data_client packets.
+Receive kdeconnect_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34268,9 +36585,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_ftp_data_client_packets" lineno="20675">
+<interface name="corenet_dontaudit_receive_kdeconnect_client_packets" lineno="44599">
 <summary>
-Do not audit attempts to receive ftp_data_client packets.
+Do not audit attempts to receive kdeconnect_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34279,9 +36596,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_ftp_data_client_packets" lineno="20694">
+<interface name="corenet_sendrecv_kdeconnect_client_packets" lineno="44618">
 <summary>
-Send and receive ftp_data_client packets.
+Send and receive kdeconnect_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34290,9 +36607,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_ftp_data_client_packets" lineno="20710">
+<interface name="corenet_dontaudit_sendrecv_kdeconnect_client_packets" lineno="44634">
 <summary>
-Do not audit attempts to send and receive ftp_data_client packets.
+Do not audit attempts to send and receive kdeconnect_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34301,9 +36618,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_ftp_data_client_packets" lineno="20725">
+<interface name="corenet_relabelto_kdeconnect_client_packets" lineno="44649">
 <summary>
-Relabel packets to ftp_data_client the packet type.
+Relabel packets to kdeconnect_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -34311,9 +36628,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_ftp_data_server_packets" lineno="20745">
+<interface name="corenet_send_kdeconnect_server_packets" lineno="44669">
 <summary>
-Send ftp_data_server packets.
+Send kdeconnect_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34322,9 +36639,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_ftp_data_server_packets" lineno="20764">
+<interface name="corenet_dontaudit_send_kdeconnect_server_packets" lineno="44688">
 <summary>
-Do not audit attempts to send ftp_data_server packets.
+Do not audit attempts to send kdeconnect_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34333,9 +36650,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_ftp_data_server_packets" lineno="20783">
+<interface name="corenet_receive_kdeconnect_server_packets" lineno="44707">
 <summary>
-Receive ftp_data_server packets.
+Receive kdeconnect_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34344,9 +36661,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_ftp_data_server_packets" lineno="20802">
+<interface name="corenet_dontaudit_receive_kdeconnect_server_packets" lineno="44726">
 <summary>
-Do not audit attempts to receive ftp_data_server packets.
+Do not audit attempts to receive kdeconnect_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34355,9 +36672,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_ftp_data_server_packets" lineno="20821">
+<interface name="corenet_sendrecv_kdeconnect_server_packets" lineno="44745">
 <summary>
-Send and receive ftp_data_server packets.
+Send and receive kdeconnect_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34366,9 +36683,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_ftp_data_server_packets" lineno="20837">
+<interface name="corenet_dontaudit_sendrecv_kdeconnect_server_packets" lineno="44761">
 <summary>
-Do not audit attempts to send and receive ftp_data_server packets.
+Do not audit attempts to send and receive kdeconnect_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34377,9 +36694,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_ftp_data_server_packets" lineno="20852">
+<interface name="corenet_relabelto_kdeconnect_server_packets" lineno="44776">
 <summary>
-Relabel packets to ftp_data_server the packet type.
+Relabel packets to kdeconnect_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -34387,9 +36704,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_gatekeeper_port" lineno="20874">
+<interface name="corenet_tcp_sendrecv_kprop_port" lineno="44798">
 <summary>
-Send and receive TCP traffic on the gatekeeper port.
+Send and receive TCP traffic on the kprop port.
 </summary>
 <param name="domain">
 <summary>
@@ -34398,9 +36715,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_gatekeeper_port" lineno="20893">
+<interface name="corenet_udp_send_kprop_port" lineno="44817">
 <summary>
-Send UDP traffic on the gatekeeper port.
+Send UDP traffic on the kprop port.
 </summary>
 <param name="domain">
 <summary>
@@ -34409,9 +36726,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_gatekeeper_port" lineno="20912">
+<interface name="corenet_dontaudit_udp_send_kprop_port" lineno="44836">
 <summary>
-Do not audit attempts to send UDP traffic on the gatekeeper port.
+Do not audit attempts to send UDP traffic on the kprop port.
 </summary>
 <param name="domain">
 <summary>
@@ -34420,9 +36737,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_gatekeeper_port" lineno="20931">
+<interface name="corenet_udp_receive_kprop_port" lineno="44855">
 <summary>
-Receive UDP traffic on the gatekeeper port.
+Receive UDP traffic on the kprop port.
 </summary>
 <param name="domain">
 <summary>
@@ -34431,9 +36748,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_gatekeeper_port" lineno="20950">
+<interface name="corenet_dontaudit_udp_receive_kprop_port" lineno="44874">
 <summary>
-Do not audit attempts to receive UDP traffic on the gatekeeper port.
+Do not audit attempts to receive UDP traffic on the kprop port.
 </summary>
 <param name="domain">
 <summary>
@@ -34442,9 +36759,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_gatekeeper_port" lineno="20969">
+<interface name="corenet_udp_sendrecv_kprop_port" lineno="44893">
 <summary>
-Send and receive UDP traffic on the gatekeeper port.
+Send and receive UDP traffic on the kprop port.
 </summary>
 <param name="domain">
 <summary>
@@ -34453,10 +36770,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_gatekeeper_port" lineno="20986">
+<interface name="corenet_dontaudit_udp_sendrecv_kprop_port" lineno="44910">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the gatekeeper port.
+UDP traffic on the kprop port.
 </summary>
 <param name="domain">
 <summary>
@@ -34465,9 +36782,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_gatekeeper_port" lineno="21002">
+<interface name="corenet_tcp_bind_kprop_port" lineno="44926">
 <summary>
-Bind TCP sockets to the gatekeeper port.
+Bind TCP sockets to the kprop port.
 </summary>
 <param name="domain">
 <summary>
@@ -34476,9 +36793,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_gatekeeper_port" lineno="21022">
+<interface name="corenet_udp_bind_kprop_port" lineno="44946">
 <summary>
-Bind UDP sockets to the gatekeeper port.
+Bind UDP sockets to the kprop port.
 </summary>
 <param name="domain">
 <summary>
@@ -34487,9 +36804,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_gatekeeper_port" lineno="21041">
+<interface name="corenet_tcp_connect_kprop_port" lineno="44965">
 <summary>
-Make a TCP connection to the gatekeeper port.
+Make a TCP connection to the kprop port.
 </summary>
 <param name="domain">
 <summary>
@@ -34497,9 +36814,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_gatekeeper_client_packets" lineno="21061">
+<interface name="corenet_send_kprop_client_packets" lineno="44985">
 <summary>
-Send gatekeeper_client packets.
+Send kprop_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34508,9 +36825,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_gatekeeper_client_packets" lineno="21080">
+<interface name="corenet_dontaudit_send_kprop_client_packets" lineno="45004">
 <summary>
-Do not audit attempts to send gatekeeper_client packets.
+Do not audit attempts to send kprop_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34519,9 +36836,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_gatekeeper_client_packets" lineno="21099">
+<interface name="corenet_receive_kprop_client_packets" lineno="45023">
 <summary>
-Receive gatekeeper_client packets.
+Receive kprop_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34530,9 +36847,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_gatekeeper_client_packets" lineno="21118">
+<interface name="corenet_dontaudit_receive_kprop_client_packets" lineno="45042">
 <summary>
-Do not audit attempts to receive gatekeeper_client packets.
+Do not audit attempts to receive kprop_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34541,9 +36858,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_gatekeeper_client_packets" lineno="21137">
+<interface name="corenet_sendrecv_kprop_client_packets" lineno="45061">
 <summary>
-Send and receive gatekeeper_client packets.
+Send and receive kprop_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34552,9 +36869,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_gatekeeper_client_packets" lineno="21153">
+<interface name="corenet_dontaudit_sendrecv_kprop_client_packets" lineno="45077">
 <summary>
-Do not audit attempts to send and receive gatekeeper_client packets.
+Do not audit attempts to send and receive kprop_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34563,9 +36880,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_gatekeeper_client_packets" lineno="21168">
+<interface name="corenet_relabelto_kprop_client_packets" lineno="45092">
 <summary>
-Relabel packets to gatekeeper_client the packet type.
+Relabel packets to kprop_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -34573,9 +36890,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_gatekeeper_server_packets" lineno="21188">
+<interface name="corenet_send_kprop_server_packets" lineno="45112">
 <summary>
-Send gatekeeper_server packets.
+Send kprop_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34584,9 +36901,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_gatekeeper_server_packets" lineno="21207">
+<interface name="corenet_dontaudit_send_kprop_server_packets" lineno="45131">
 <summary>
-Do not audit attempts to send gatekeeper_server packets.
+Do not audit attempts to send kprop_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34595,9 +36912,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_gatekeeper_server_packets" lineno="21226">
+<interface name="corenet_receive_kprop_server_packets" lineno="45150">
 <summary>
-Receive gatekeeper_server packets.
+Receive kprop_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34606,9 +36923,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_gatekeeper_server_packets" lineno="21245">
+<interface name="corenet_dontaudit_receive_kprop_server_packets" lineno="45169">
 <summary>
-Do not audit attempts to receive gatekeeper_server packets.
+Do not audit attempts to receive kprop_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34617,9 +36934,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_gatekeeper_server_packets" lineno="21264">
+<interface name="corenet_sendrecv_kprop_server_packets" lineno="45188">
 <summary>
-Send and receive gatekeeper_server packets.
+Send and receive kprop_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34628,9 +36945,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_gatekeeper_server_packets" lineno="21280">
+<interface name="corenet_dontaudit_sendrecv_kprop_server_packets" lineno="45204">
 <summary>
-Do not audit attempts to send and receive gatekeeper_server packets.
+Do not audit attempts to send and receive kprop_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34639,9 +36956,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_gatekeeper_server_packets" lineno="21295">
+<interface name="corenet_relabelto_kprop_server_packets" lineno="45219">
 <summary>
-Relabel packets to gatekeeper_server the packet type.
+Relabel packets to kprop_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -34649,9 +36966,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_giftd_port" lineno="21317">
+<interface name="corenet_tcp_sendrecv_ktalkd_port" lineno="45241">
 <summary>
-Send and receive TCP traffic on the giftd port.
+Send and receive TCP traffic on the ktalkd port.
 </summary>
 <param name="domain">
 <summary>
@@ -34660,9 +36977,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_giftd_port" lineno="21336">
+<interface name="corenet_udp_send_ktalkd_port" lineno="45260">
 <summary>
-Send UDP traffic on the giftd port.
+Send UDP traffic on the ktalkd port.
 </summary>
 <param name="domain">
 <summary>
@@ -34671,9 +36988,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_giftd_port" lineno="21355">
+<interface name="corenet_dontaudit_udp_send_ktalkd_port" lineno="45279">
 <summary>
-Do not audit attempts to send UDP traffic on the giftd port.
+Do not audit attempts to send UDP traffic on the ktalkd port.
 </summary>
 <param name="domain">
 <summary>
@@ -34682,9 +36999,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_giftd_port" lineno="21374">
+<interface name="corenet_udp_receive_ktalkd_port" lineno="45298">
 <summary>
-Receive UDP traffic on the giftd port.
+Receive UDP traffic on the ktalkd port.
 </summary>
 <param name="domain">
 <summary>
@@ -34693,9 +37010,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_giftd_port" lineno="21393">
+<interface name="corenet_dontaudit_udp_receive_ktalkd_port" lineno="45317">
 <summary>
-Do not audit attempts to receive UDP traffic on the giftd port.
+Do not audit attempts to receive UDP traffic on the ktalkd port.
 </summary>
 <param name="domain">
 <summary>
@@ -34704,9 +37021,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_giftd_port" lineno="21412">
+<interface name="corenet_udp_sendrecv_ktalkd_port" lineno="45336">
 <summary>
-Send and receive UDP traffic on the giftd port.
+Send and receive UDP traffic on the ktalkd port.
 </summary>
 <param name="domain">
 <summary>
@@ -34715,10 +37032,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_giftd_port" lineno="21429">
+<interface name="corenet_dontaudit_udp_sendrecv_ktalkd_port" lineno="45353">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the giftd port.
+UDP traffic on the ktalkd port.
 </summary>
 <param name="domain">
 <summary>
@@ -34727,9 +37044,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_giftd_port" lineno="21445">
+<interface name="corenet_tcp_bind_ktalkd_port" lineno="45369">
 <summary>
-Bind TCP sockets to the giftd port.
+Bind TCP sockets to the ktalkd port.
 </summary>
 <param name="domain">
 <summary>
@@ -34738,9 +37055,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_giftd_port" lineno="21465">
+<interface name="corenet_udp_bind_ktalkd_port" lineno="45389">
 <summary>
-Bind UDP sockets to the giftd port.
+Bind UDP sockets to the ktalkd port.
 </summary>
 <param name="domain">
 <summary>
@@ -34749,9 +37066,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_giftd_port" lineno="21484">
+<interface name="corenet_tcp_connect_ktalkd_port" lineno="45408">
 <summary>
-Make a TCP connection to the giftd port.
+Make a TCP connection to the ktalkd port.
 </summary>
 <param name="domain">
 <summary>
@@ -34759,9 +37076,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_giftd_client_packets" lineno="21504">
+<interface name="corenet_send_ktalkd_client_packets" lineno="45428">
 <summary>
-Send giftd_client packets.
+Send ktalkd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34770,9 +37087,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_giftd_client_packets" lineno="21523">
+<interface name="corenet_dontaudit_send_ktalkd_client_packets" lineno="45447">
 <summary>
-Do not audit attempts to send giftd_client packets.
+Do not audit attempts to send ktalkd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34781,9 +37098,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_giftd_client_packets" lineno="21542">
+<interface name="corenet_receive_ktalkd_client_packets" lineno="45466">
 <summary>
-Receive giftd_client packets.
+Receive ktalkd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34792,9 +37109,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_giftd_client_packets" lineno="21561">
+<interface name="corenet_dontaudit_receive_ktalkd_client_packets" lineno="45485">
 <summary>
-Do not audit attempts to receive giftd_client packets.
+Do not audit attempts to receive ktalkd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34803,9 +37120,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_giftd_client_packets" lineno="21580">
+<interface name="corenet_sendrecv_ktalkd_client_packets" lineno="45504">
 <summary>
-Send and receive giftd_client packets.
+Send and receive ktalkd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34814,9 +37131,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_giftd_client_packets" lineno="21596">
+<interface name="corenet_dontaudit_sendrecv_ktalkd_client_packets" lineno="45520">
 <summary>
-Do not audit attempts to send and receive giftd_client packets.
+Do not audit attempts to send and receive ktalkd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34825,9 +37142,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_giftd_client_packets" lineno="21611">
+<interface name="corenet_relabelto_ktalkd_client_packets" lineno="45535">
 <summary>
-Relabel packets to giftd_client the packet type.
+Relabel packets to ktalkd_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -34835,9 +37152,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_giftd_server_packets" lineno="21631">
+<interface name="corenet_send_ktalkd_server_packets" lineno="45555">
 <summary>
-Send giftd_server packets.
+Send ktalkd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34846,9 +37163,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_giftd_server_packets" lineno="21650">
+<interface name="corenet_dontaudit_send_ktalkd_server_packets" lineno="45574">
 <summary>
-Do not audit attempts to send giftd_server packets.
+Do not audit attempts to send ktalkd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34857,9 +37174,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_giftd_server_packets" lineno="21669">
+<interface name="corenet_receive_ktalkd_server_packets" lineno="45593">
 <summary>
-Receive giftd_server packets.
+Receive ktalkd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34868,9 +37185,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_giftd_server_packets" lineno="21688">
+<interface name="corenet_dontaudit_receive_ktalkd_server_packets" lineno="45612">
 <summary>
-Do not audit attempts to receive giftd_server packets.
+Do not audit attempts to receive ktalkd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34879,9 +37196,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_giftd_server_packets" lineno="21707">
+<interface name="corenet_sendrecv_ktalkd_server_packets" lineno="45631">
 <summary>
-Send and receive giftd_server packets.
+Send and receive ktalkd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34890,9 +37207,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_giftd_server_packets" lineno="21723">
+<interface name="corenet_dontaudit_sendrecv_ktalkd_server_packets" lineno="45647">
 <summary>
-Do not audit attempts to send and receive giftd_server packets.
+Do not audit attempts to send and receive ktalkd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -34901,9 +37218,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_giftd_server_packets" lineno="21738">
+<interface name="corenet_relabelto_ktalkd_server_packets" lineno="45662">
 <summary>
-Relabel packets to giftd_server the packet type.
+Relabel packets to ktalkd_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -34911,9 +37228,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_git_port" lineno="21760">
+<interface name="corenet_tcp_sendrecv_l2tp_port" lineno="45684">
 <summary>
-Send and receive TCP traffic on the git port.
+Send and receive TCP traffic on the l2tp port.
 </summary>
 <param name="domain">
 <summary>
@@ -34922,9 +37239,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_git_port" lineno="21779">
+<interface name="corenet_udp_send_l2tp_port" lineno="45703">
 <summary>
-Send UDP traffic on the git port.
+Send UDP traffic on the l2tp port.
 </summary>
 <param name="domain">
 <summary>
@@ -34933,9 +37250,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_git_port" lineno="21798">
+<interface name="corenet_dontaudit_udp_send_l2tp_port" lineno="45722">
 <summary>
-Do not audit attempts to send UDP traffic on the git port.
+Do not audit attempts to send UDP traffic on the l2tp port.
 </summary>
 <param name="domain">
 <summary>
@@ -34944,9 +37261,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_git_port" lineno="21817">
+<interface name="corenet_udp_receive_l2tp_port" lineno="45741">
 <summary>
-Receive UDP traffic on the git port.
+Receive UDP traffic on the l2tp port.
 </summary>
 <param name="domain">
 <summary>
@@ -34955,9 +37272,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_git_port" lineno="21836">
+<interface name="corenet_dontaudit_udp_receive_l2tp_port" lineno="45760">
 <summary>
-Do not audit attempts to receive UDP traffic on the git port.
+Do not audit attempts to receive UDP traffic on the l2tp port.
 </summary>
 <param name="domain">
 <summary>
@@ -34966,9 +37283,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_git_port" lineno="21855">
+<interface name="corenet_udp_sendrecv_l2tp_port" lineno="45779">
 <summary>
-Send and receive UDP traffic on the git port.
+Send and receive UDP traffic on the l2tp port.
 </summary>
 <param name="domain">
 <summary>
@@ -34977,10 +37294,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_git_port" lineno="21872">
+<interface name="corenet_dontaudit_udp_sendrecv_l2tp_port" lineno="45796">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the git port.
+UDP traffic on the l2tp port.
 </summary>
 <param name="domain">
 <summary>
@@ -34989,9 +37306,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_git_port" lineno="21888">
+<interface name="corenet_tcp_bind_l2tp_port" lineno="45812">
 <summary>
-Bind TCP sockets to the git port.
+Bind TCP sockets to the l2tp port.
 </summary>
 <param name="domain">
 <summary>
@@ -35000,9 +37317,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_git_port" lineno="21908">
+<interface name="corenet_udp_bind_l2tp_port" lineno="45832">
 <summary>
-Bind UDP sockets to the git port.
+Bind UDP sockets to the l2tp port.
 </summary>
 <param name="domain">
 <summary>
@@ -35011,9 +37328,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_git_port" lineno="21927">
+<interface name="corenet_tcp_connect_l2tp_port" lineno="45851">
 <summary>
-Make a TCP connection to the git port.
+Make a TCP connection to the l2tp port.
 </summary>
 <param name="domain">
 <summary>
@@ -35021,9 +37338,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_git_client_packets" lineno="21947">
+<interface name="corenet_send_l2tp_client_packets" lineno="45871">
 <summary>
-Send git_client packets.
+Send l2tp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35032,9 +37349,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_git_client_packets" lineno="21966">
+<interface name="corenet_dontaudit_send_l2tp_client_packets" lineno="45890">
 <summary>
-Do not audit attempts to send git_client packets.
+Do not audit attempts to send l2tp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35043,9 +37360,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_git_client_packets" lineno="21985">
+<interface name="corenet_receive_l2tp_client_packets" lineno="45909">
 <summary>
-Receive git_client packets.
+Receive l2tp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35054,9 +37371,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_git_client_packets" lineno="22004">
+<interface name="corenet_dontaudit_receive_l2tp_client_packets" lineno="45928">
 <summary>
-Do not audit attempts to receive git_client packets.
+Do not audit attempts to receive l2tp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35065,9 +37382,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_git_client_packets" lineno="22023">
+<interface name="corenet_sendrecv_l2tp_client_packets" lineno="45947">
 <summary>
-Send and receive git_client packets.
+Send and receive l2tp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35076,9 +37393,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_git_client_packets" lineno="22039">
+<interface name="corenet_dontaudit_sendrecv_l2tp_client_packets" lineno="45963">
 <summary>
-Do not audit attempts to send and receive git_client packets.
+Do not audit attempts to send and receive l2tp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35087,9 +37404,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_git_client_packets" lineno="22054">
+<interface name="corenet_relabelto_l2tp_client_packets" lineno="45978">
 <summary>
-Relabel packets to git_client the packet type.
+Relabel packets to l2tp_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -35097,9 +37414,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_git_server_packets" lineno="22074">
+<interface name="corenet_send_l2tp_server_packets" lineno="45998">
 <summary>
-Send git_server packets.
+Send l2tp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35108,9 +37425,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_git_server_packets" lineno="22093">
+<interface name="corenet_dontaudit_send_l2tp_server_packets" lineno="46017">
 <summary>
-Do not audit attempts to send git_server packets.
+Do not audit attempts to send l2tp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35119,9 +37436,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_git_server_packets" lineno="22112">
+<interface name="corenet_receive_l2tp_server_packets" lineno="46036">
 <summary>
-Receive git_server packets.
+Receive l2tp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35130,9 +37447,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_git_server_packets" lineno="22131">
+<interface name="corenet_dontaudit_receive_l2tp_server_packets" lineno="46055">
 <summary>
-Do not audit attempts to receive git_server packets.
+Do not audit attempts to receive l2tp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35141,9 +37458,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_git_server_packets" lineno="22150">
+<interface name="corenet_sendrecv_l2tp_server_packets" lineno="46074">
 <summary>
-Send and receive git_server packets.
+Send and receive l2tp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35152,9 +37469,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_git_server_packets" lineno="22166">
+<interface name="corenet_dontaudit_sendrecv_l2tp_server_packets" lineno="46090">
 <summary>
-Do not audit attempts to send and receive git_server packets.
+Do not audit attempts to send and receive l2tp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35163,9 +37480,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_git_server_packets" lineno="22181">
+<interface name="corenet_relabelto_l2tp_server_packets" lineno="46105">
 <summary>
-Relabel packets to git_server the packet type.
+Relabel packets to l2tp_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -35173,9 +37490,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_glance_registry_port" lineno="22203">
+<interface name="corenet_tcp_sendrecv_ldap_port" lineno="46127">
 <summary>
-Send and receive TCP traffic on the glance_registry port.
+Send and receive TCP traffic on the ldap port.
 </summary>
 <param name="domain">
 <summary>
@@ -35184,9 +37501,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_glance_registry_port" lineno="22222">
+<interface name="corenet_udp_send_ldap_port" lineno="46146">
 <summary>
-Send UDP traffic on the glance_registry port.
+Send UDP traffic on the ldap port.
 </summary>
 <param name="domain">
 <summary>
@@ -35195,9 +37512,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_glance_registry_port" lineno="22241">
+<interface name="corenet_dontaudit_udp_send_ldap_port" lineno="46165">
 <summary>
-Do not audit attempts to send UDP traffic on the glance_registry port.
+Do not audit attempts to send UDP traffic on the ldap port.
 </summary>
 <param name="domain">
 <summary>
@@ -35206,9 +37523,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_glance_registry_port" lineno="22260">
+<interface name="corenet_udp_receive_ldap_port" lineno="46184">
 <summary>
-Receive UDP traffic on the glance_registry port.
+Receive UDP traffic on the ldap port.
 </summary>
 <param name="domain">
 <summary>
@@ -35217,9 +37534,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_glance_registry_port" lineno="22279">
+<interface name="corenet_dontaudit_udp_receive_ldap_port" lineno="46203">
 <summary>
-Do not audit attempts to receive UDP traffic on the glance_registry port.
+Do not audit attempts to receive UDP traffic on the ldap port.
 </summary>
 <param name="domain">
 <summary>
@@ -35228,9 +37545,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_glance_registry_port" lineno="22298">
+<interface name="corenet_udp_sendrecv_ldap_port" lineno="46222">
 <summary>
-Send and receive UDP traffic on the glance_registry port.
+Send and receive UDP traffic on the ldap port.
 </summary>
 <param name="domain">
 <summary>
@@ -35239,10 +37556,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_glance_registry_port" lineno="22315">
+<interface name="corenet_dontaudit_udp_sendrecv_ldap_port" lineno="46239">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the glance_registry port.
+UDP traffic on the ldap port.
 </summary>
 <param name="domain">
 <summary>
@@ -35251,9 +37568,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_glance_registry_port" lineno="22331">
+<interface name="corenet_tcp_bind_ldap_port" lineno="46255">
 <summary>
-Bind TCP sockets to the glance_registry port.
+Bind TCP sockets to the ldap port.
 </summary>
 <param name="domain">
 <summary>
@@ -35262,9 +37579,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_glance_registry_port" lineno="22351">
+<interface name="corenet_udp_bind_ldap_port" lineno="46275">
 <summary>
-Bind UDP sockets to the glance_registry port.
+Bind UDP sockets to the ldap port.
 </summary>
 <param name="domain">
 <summary>
@@ -35273,9 +37590,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_glance_registry_port" lineno="22370">
+<interface name="corenet_tcp_connect_ldap_port" lineno="46294">
 <summary>
-Make a TCP connection to the glance_registry port.
+Make a TCP connection to the ldap port.
 </summary>
 <param name="domain">
 <summary>
@@ -35283,9 +37600,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_glance_registry_client_packets" lineno="22390">
+<interface name="corenet_send_ldap_client_packets" lineno="46314">
 <summary>
-Send glance_registry_client packets.
+Send ldap_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35294,9 +37611,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_glance_registry_client_packets" lineno="22409">
+<interface name="corenet_dontaudit_send_ldap_client_packets" lineno="46333">
 <summary>
-Do not audit attempts to send glance_registry_client packets.
+Do not audit attempts to send ldap_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35305,9 +37622,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_glance_registry_client_packets" lineno="22428">
+<interface name="corenet_receive_ldap_client_packets" lineno="46352">
 <summary>
-Receive glance_registry_client packets.
+Receive ldap_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35316,9 +37633,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_glance_registry_client_packets" lineno="22447">
+<interface name="corenet_dontaudit_receive_ldap_client_packets" lineno="46371">
 <summary>
-Do not audit attempts to receive glance_registry_client packets.
+Do not audit attempts to receive ldap_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35327,9 +37644,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_glance_registry_client_packets" lineno="22466">
+<interface name="corenet_sendrecv_ldap_client_packets" lineno="46390">
 <summary>
-Send and receive glance_registry_client packets.
+Send and receive ldap_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35338,9 +37655,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_glance_registry_client_packets" lineno="22482">
+<interface name="corenet_dontaudit_sendrecv_ldap_client_packets" lineno="46406">
 <summary>
-Do not audit attempts to send and receive glance_registry_client packets.
+Do not audit attempts to send and receive ldap_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35349,9 +37666,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_glance_registry_client_packets" lineno="22497">
+<interface name="corenet_relabelto_ldap_client_packets" lineno="46421">
 <summary>
-Relabel packets to glance_registry_client the packet type.
+Relabel packets to ldap_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -35359,9 +37676,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_glance_registry_server_packets" lineno="22517">
+<interface name="corenet_send_ldap_server_packets" lineno="46441">
 <summary>
-Send glance_registry_server packets.
+Send ldap_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35370,9 +37687,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_glance_registry_server_packets" lineno="22536">
+<interface name="corenet_dontaudit_send_ldap_server_packets" lineno="46460">
 <summary>
-Do not audit attempts to send glance_registry_server packets.
+Do not audit attempts to send ldap_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35381,9 +37698,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_glance_registry_server_packets" lineno="22555">
+<interface name="corenet_receive_ldap_server_packets" lineno="46479">
 <summary>
-Receive glance_registry_server packets.
+Receive ldap_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35392,9 +37709,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_glance_registry_server_packets" lineno="22574">
+<interface name="corenet_dontaudit_receive_ldap_server_packets" lineno="46498">
 <summary>
-Do not audit attempts to receive glance_registry_server packets.
+Do not audit attempts to receive ldap_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35403,9 +37720,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_glance_registry_server_packets" lineno="22593">
+<interface name="corenet_sendrecv_ldap_server_packets" lineno="46517">
 <summary>
-Send and receive glance_registry_server packets.
+Send and receive ldap_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35414,9 +37731,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_glance_registry_server_packets" lineno="22609">
+<interface name="corenet_dontaudit_sendrecv_ldap_server_packets" lineno="46533">
 <summary>
-Do not audit attempts to send and receive glance_registry_server packets.
+Do not audit attempts to send and receive ldap_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35425,9 +37742,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_glance_registry_server_packets" lineno="22624">
+<interface name="corenet_relabelto_ldap_server_packets" lineno="46548">
 <summary>
-Relabel packets to glance_registry_server the packet type.
+Relabel packets to ldap_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -35435,9 +37752,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_gopher_port" lineno="22646">
+<interface name="corenet_tcp_sendrecv_lirc_port" lineno="46570">
 <summary>
-Send and receive TCP traffic on the gopher port.
+Send and receive TCP traffic on the lirc port.
 </summary>
 <param name="domain">
 <summary>
@@ -35446,9 +37763,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_gopher_port" lineno="22665">
+<interface name="corenet_udp_send_lirc_port" lineno="46589">
 <summary>
-Send UDP traffic on the gopher port.
+Send UDP traffic on the lirc port.
 </summary>
 <param name="domain">
 <summary>
@@ -35457,9 +37774,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_gopher_port" lineno="22684">
+<interface name="corenet_dontaudit_udp_send_lirc_port" lineno="46608">
 <summary>
-Do not audit attempts to send UDP traffic on the gopher port.
+Do not audit attempts to send UDP traffic on the lirc port.
 </summary>
 <param name="domain">
 <summary>
@@ -35468,9 +37785,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_gopher_port" lineno="22703">
+<interface name="corenet_udp_receive_lirc_port" lineno="46627">
 <summary>
-Receive UDP traffic on the gopher port.
+Receive UDP traffic on the lirc port.
 </summary>
 <param name="domain">
 <summary>
@@ -35479,9 +37796,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_gopher_port" lineno="22722">
+<interface name="corenet_dontaudit_udp_receive_lirc_port" lineno="46646">
 <summary>
-Do not audit attempts to receive UDP traffic on the gopher port.
+Do not audit attempts to receive UDP traffic on the lirc port.
 </summary>
 <param name="domain">
 <summary>
@@ -35490,9 +37807,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_gopher_port" lineno="22741">
+<interface name="corenet_udp_sendrecv_lirc_port" lineno="46665">
 <summary>
-Send and receive UDP traffic on the gopher port.
+Send and receive UDP traffic on the lirc port.
 </summary>
 <param name="domain">
 <summary>
@@ -35501,10 +37818,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_gopher_port" lineno="22758">
+<interface name="corenet_dontaudit_udp_sendrecv_lirc_port" lineno="46682">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the gopher port.
+UDP traffic on the lirc port.
 </summary>
 <param name="domain">
 <summary>
@@ -35513,9 +37830,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_gopher_port" lineno="22774">
+<interface name="corenet_tcp_bind_lirc_port" lineno="46698">
 <summary>
-Bind TCP sockets to the gopher port.
+Bind TCP sockets to the lirc port.
 </summary>
 <param name="domain">
 <summary>
@@ -35524,9 +37841,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_gopher_port" lineno="22794">
+<interface name="corenet_udp_bind_lirc_port" lineno="46718">
 <summary>
-Bind UDP sockets to the gopher port.
+Bind UDP sockets to the lirc port.
 </summary>
 <param name="domain">
 <summary>
@@ -35535,9 +37852,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_gopher_port" lineno="22813">
+<interface name="corenet_tcp_connect_lirc_port" lineno="46737">
 <summary>
-Make a TCP connection to the gopher port.
+Make a TCP connection to the lirc port.
 </summary>
 <param name="domain">
 <summary>
@@ -35545,9 +37862,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_gopher_client_packets" lineno="22833">
+<interface name="corenet_send_lirc_client_packets" lineno="46757">
 <summary>
-Send gopher_client packets.
+Send lirc_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35556,9 +37873,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_gopher_client_packets" lineno="22852">
+<interface name="corenet_dontaudit_send_lirc_client_packets" lineno="46776">
 <summary>
-Do not audit attempts to send gopher_client packets.
+Do not audit attempts to send lirc_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35567,9 +37884,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_gopher_client_packets" lineno="22871">
+<interface name="corenet_receive_lirc_client_packets" lineno="46795">
 <summary>
-Receive gopher_client packets.
+Receive lirc_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35578,9 +37895,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_gopher_client_packets" lineno="22890">
+<interface name="corenet_dontaudit_receive_lirc_client_packets" lineno="46814">
 <summary>
-Do not audit attempts to receive gopher_client packets.
+Do not audit attempts to receive lirc_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35589,9 +37906,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_gopher_client_packets" lineno="22909">
+<interface name="corenet_sendrecv_lirc_client_packets" lineno="46833">
 <summary>
-Send and receive gopher_client packets.
+Send and receive lirc_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35600,9 +37917,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_gopher_client_packets" lineno="22925">
+<interface name="corenet_dontaudit_sendrecv_lirc_client_packets" lineno="46849">
 <summary>
-Do not audit attempts to send and receive gopher_client packets.
+Do not audit attempts to send and receive lirc_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35611,9 +37928,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_gopher_client_packets" lineno="22940">
+<interface name="corenet_relabelto_lirc_client_packets" lineno="46864">
 <summary>
-Relabel packets to gopher_client the packet type.
+Relabel packets to lirc_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -35621,9 +37938,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_gopher_server_packets" lineno="22960">
+<interface name="corenet_send_lirc_server_packets" lineno="46884">
 <summary>
-Send gopher_server packets.
+Send lirc_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35632,9 +37949,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_gopher_server_packets" lineno="22979">
+<interface name="corenet_dontaudit_send_lirc_server_packets" lineno="46903">
 <summary>
-Do not audit attempts to send gopher_server packets.
+Do not audit attempts to send lirc_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35643,9 +37960,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_gopher_server_packets" lineno="22998">
+<interface name="corenet_receive_lirc_server_packets" lineno="46922">
 <summary>
-Receive gopher_server packets.
+Receive lirc_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35654,9 +37971,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_gopher_server_packets" lineno="23017">
+<interface name="corenet_dontaudit_receive_lirc_server_packets" lineno="46941">
 <summary>
-Do not audit attempts to receive gopher_server packets.
+Do not audit attempts to receive lirc_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35665,9 +37982,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_gopher_server_packets" lineno="23036">
+<interface name="corenet_sendrecv_lirc_server_packets" lineno="46960">
 <summary>
-Send and receive gopher_server packets.
+Send and receive lirc_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35676,9 +37993,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_gopher_server_packets" lineno="23052">
+<interface name="corenet_dontaudit_sendrecv_lirc_server_packets" lineno="46976">
 <summary>
-Do not audit attempts to send and receive gopher_server packets.
+Do not audit attempts to send and receive lirc_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35687,9 +38004,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_gopher_server_packets" lineno="23067">
+<interface name="corenet_relabelto_lirc_server_packets" lineno="46991">
 <summary>
-Relabel packets to gopher_server the packet type.
+Relabel packets to lirc_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -35697,9 +38014,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_gpsd_port" lineno="23089">
+<interface name="corenet_tcp_sendrecv_llmnr_port" lineno="47013">
 <summary>
-Send and receive TCP traffic on the gpsd port.
+Send and receive TCP traffic on the llmnr port.
 </summary>
 <param name="domain">
 <summary>
@@ -35708,9 +38025,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_gpsd_port" lineno="23108">
+<interface name="corenet_udp_send_llmnr_port" lineno="47032">
 <summary>
-Send UDP traffic on the gpsd port.
+Send UDP traffic on the llmnr port.
 </summary>
 <param name="domain">
 <summary>
@@ -35719,9 +38036,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_gpsd_port" lineno="23127">
+<interface name="corenet_dontaudit_udp_send_llmnr_port" lineno="47051">
 <summary>
-Do not audit attempts to send UDP traffic on the gpsd port.
+Do not audit attempts to send UDP traffic on the llmnr port.
 </summary>
 <param name="domain">
 <summary>
@@ -35730,9 +38047,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_gpsd_port" lineno="23146">
+<interface name="corenet_udp_receive_llmnr_port" lineno="47070">
 <summary>
-Receive UDP traffic on the gpsd port.
+Receive UDP traffic on the llmnr port.
 </summary>
 <param name="domain">
 <summary>
@@ -35741,9 +38058,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_gpsd_port" lineno="23165">
+<interface name="corenet_dontaudit_udp_receive_llmnr_port" lineno="47089">
 <summary>
-Do not audit attempts to receive UDP traffic on the gpsd port.
+Do not audit attempts to receive UDP traffic on the llmnr port.
 </summary>
 <param name="domain">
 <summary>
@@ -35752,9 +38069,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_gpsd_port" lineno="23184">
+<interface name="corenet_udp_sendrecv_llmnr_port" lineno="47108">
 <summary>
-Send and receive UDP traffic on the gpsd port.
+Send and receive UDP traffic on the llmnr port.
 </summary>
 <param name="domain">
 <summary>
@@ -35763,10 +38080,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_gpsd_port" lineno="23201">
+<interface name="corenet_dontaudit_udp_sendrecv_llmnr_port" lineno="47125">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the gpsd port.
+UDP traffic on the llmnr port.
 </summary>
 <param name="domain">
 <summary>
@@ -35775,9 +38092,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_gpsd_port" lineno="23217">
+<interface name="corenet_tcp_bind_llmnr_port" lineno="47141">
 <summary>
-Bind TCP sockets to the gpsd port.
+Bind TCP sockets to the llmnr port.
 </summary>
 <param name="domain">
 <summary>
@@ -35786,9 +38103,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_gpsd_port" lineno="23237">
+<interface name="corenet_udp_bind_llmnr_port" lineno="47161">
 <summary>
-Bind UDP sockets to the gpsd port.
+Bind UDP sockets to the llmnr port.
 </summary>
 <param name="domain">
 <summary>
@@ -35797,9 +38114,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_gpsd_port" lineno="23256">
+<interface name="corenet_tcp_connect_llmnr_port" lineno="47180">
 <summary>
-Make a TCP connection to the gpsd port.
+Make a TCP connection to the llmnr port.
 </summary>
 <param name="domain">
 <summary>
@@ -35807,9 +38124,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_gpsd_client_packets" lineno="23276">
+<interface name="corenet_send_llmnr_client_packets" lineno="47200">
 <summary>
-Send gpsd_client packets.
+Send llmnr_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35818,9 +38135,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_gpsd_client_packets" lineno="23295">
+<interface name="corenet_dontaudit_send_llmnr_client_packets" lineno="47219">
 <summary>
-Do not audit attempts to send gpsd_client packets.
+Do not audit attempts to send llmnr_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35829,9 +38146,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_gpsd_client_packets" lineno="23314">
+<interface name="corenet_receive_llmnr_client_packets" lineno="47238">
 <summary>
-Receive gpsd_client packets.
+Receive llmnr_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35840,9 +38157,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_gpsd_client_packets" lineno="23333">
+<interface name="corenet_dontaudit_receive_llmnr_client_packets" lineno="47257">
 <summary>
-Do not audit attempts to receive gpsd_client packets.
+Do not audit attempts to receive llmnr_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35851,9 +38168,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_gpsd_client_packets" lineno="23352">
+<interface name="corenet_sendrecv_llmnr_client_packets" lineno="47276">
 <summary>
-Send and receive gpsd_client packets.
+Send and receive llmnr_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35862,9 +38179,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_gpsd_client_packets" lineno="23368">
+<interface name="corenet_dontaudit_sendrecv_llmnr_client_packets" lineno="47292">
 <summary>
-Do not audit attempts to send and receive gpsd_client packets.
+Do not audit attempts to send and receive llmnr_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35873,9 +38190,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_gpsd_client_packets" lineno="23383">
+<interface name="corenet_relabelto_llmnr_client_packets" lineno="47307">
 <summary>
-Relabel packets to gpsd_client the packet type.
+Relabel packets to llmnr_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -35883,9 +38200,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_gpsd_server_packets" lineno="23403">
+<interface name="corenet_send_llmnr_server_packets" lineno="47327">
 <summary>
-Send gpsd_server packets.
+Send llmnr_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35894,9 +38211,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_gpsd_server_packets" lineno="23422">
+<interface name="corenet_dontaudit_send_llmnr_server_packets" lineno="47346">
 <summary>
-Do not audit attempts to send gpsd_server packets.
+Do not audit attempts to send llmnr_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35905,9 +38222,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_gpsd_server_packets" lineno="23441">
+<interface name="corenet_receive_llmnr_server_packets" lineno="47365">
 <summary>
-Receive gpsd_server packets.
+Receive llmnr_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35916,9 +38233,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_gpsd_server_packets" lineno="23460">
+<interface name="corenet_dontaudit_receive_llmnr_server_packets" lineno="47384">
 <summary>
-Do not audit attempts to receive gpsd_server packets.
+Do not audit attempts to receive llmnr_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35927,9 +38244,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_gpsd_server_packets" lineno="23479">
+<interface name="corenet_sendrecv_llmnr_server_packets" lineno="47403">
 <summary>
-Send and receive gpsd_server packets.
+Send and receive llmnr_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35938,9 +38255,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_gpsd_server_packets" lineno="23495">
+<interface name="corenet_dontaudit_sendrecv_llmnr_server_packets" lineno="47419">
 <summary>
-Do not audit attempts to send and receive gpsd_server packets.
+Do not audit attempts to send and receive llmnr_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -35949,9 +38266,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_gpsd_server_packets" lineno="23510">
+<interface name="corenet_relabelto_llmnr_server_packets" lineno="47434">
 <summary>
-Relabel packets to gpsd_server the packet type.
+Relabel packets to llmnr_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -35959,9 +38276,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_hadoop_datanode_port" lineno="23532">
+<interface name="corenet_tcp_sendrecv_lmtp_port" lineno="47456">
 <summary>
-Send and receive TCP traffic on the hadoop_datanode port.
+Send and receive TCP traffic on the lmtp port.
 </summary>
 <param name="domain">
 <summary>
@@ -35970,9 +38287,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_hadoop_datanode_port" lineno="23551">
+<interface name="corenet_udp_send_lmtp_port" lineno="47475">
 <summary>
-Send UDP traffic on the hadoop_datanode port.
+Send UDP traffic on the lmtp port.
 </summary>
 <param name="domain">
 <summary>
@@ -35981,9 +38298,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_hadoop_datanode_port" lineno="23570">
+<interface name="corenet_dontaudit_udp_send_lmtp_port" lineno="47494">
 <summary>
-Do not audit attempts to send UDP traffic on the hadoop_datanode port.
+Do not audit attempts to send UDP traffic on the lmtp port.
 </summary>
 <param name="domain">
 <summary>
@@ -35992,9 +38309,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_hadoop_datanode_port" lineno="23589">
+<interface name="corenet_udp_receive_lmtp_port" lineno="47513">
 <summary>
-Receive UDP traffic on the hadoop_datanode port.
+Receive UDP traffic on the lmtp port.
 </summary>
 <param name="domain">
 <summary>
@@ -36003,9 +38320,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_hadoop_datanode_port" lineno="23608">
+<interface name="corenet_dontaudit_udp_receive_lmtp_port" lineno="47532">
 <summary>
-Do not audit attempts to receive UDP traffic on the hadoop_datanode port.
+Do not audit attempts to receive UDP traffic on the lmtp port.
 </summary>
 <param name="domain">
 <summary>
@@ -36014,9 +38331,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_hadoop_datanode_port" lineno="23627">
+<interface name="corenet_udp_sendrecv_lmtp_port" lineno="47551">
 <summary>
-Send and receive UDP traffic on the hadoop_datanode port.
+Send and receive UDP traffic on the lmtp port.
 </summary>
 <param name="domain">
 <summary>
@@ -36025,10 +38342,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_hadoop_datanode_port" lineno="23644">
+<interface name="corenet_dontaudit_udp_sendrecv_lmtp_port" lineno="47568">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the hadoop_datanode port.
+UDP traffic on the lmtp port.
 </summary>
 <param name="domain">
 <summary>
@@ -36037,9 +38354,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_hadoop_datanode_port" lineno="23660">
+<interface name="corenet_tcp_bind_lmtp_port" lineno="47584">
 <summary>
-Bind TCP sockets to the hadoop_datanode port.
+Bind TCP sockets to the lmtp port.
 </summary>
 <param name="domain">
 <summary>
@@ -36048,9 +38365,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_hadoop_datanode_port" lineno="23680">
+<interface name="corenet_udp_bind_lmtp_port" lineno="47604">
 <summary>
-Bind UDP sockets to the hadoop_datanode port.
+Bind UDP sockets to the lmtp port.
 </summary>
 <param name="domain">
 <summary>
@@ -36059,9 +38376,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_hadoop_datanode_port" lineno="23699">
+<interface name="corenet_tcp_connect_lmtp_port" lineno="47623">
 <summary>
-Make a TCP connection to the hadoop_datanode port.
+Make a TCP connection to the lmtp port.
 </summary>
 <param name="domain">
 <summary>
@@ -36069,9 +38386,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_hadoop_datanode_client_packets" lineno="23719">
+<interface name="corenet_send_lmtp_client_packets" lineno="47643">
 <summary>
-Send hadoop_datanode_client packets.
+Send lmtp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36080,9 +38397,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_hadoop_datanode_client_packets" lineno="23738">
+<interface name="corenet_dontaudit_send_lmtp_client_packets" lineno="47662">
 <summary>
-Do not audit attempts to send hadoop_datanode_client packets.
+Do not audit attempts to send lmtp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36091,9 +38408,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_hadoop_datanode_client_packets" lineno="23757">
+<interface name="corenet_receive_lmtp_client_packets" lineno="47681">
 <summary>
-Receive hadoop_datanode_client packets.
+Receive lmtp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36102,9 +38419,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_hadoop_datanode_client_packets" lineno="23776">
+<interface name="corenet_dontaudit_receive_lmtp_client_packets" lineno="47700">
 <summary>
-Do not audit attempts to receive hadoop_datanode_client packets.
+Do not audit attempts to receive lmtp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36113,9 +38430,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_hadoop_datanode_client_packets" lineno="23795">
+<interface name="corenet_sendrecv_lmtp_client_packets" lineno="47719">
 <summary>
-Send and receive hadoop_datanode_client packets.
+Send and receive lmtp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36124,9 +38441,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_hadoop_datanode_client_packets" lineno="23811">
+<interface name="corenet_dontaudit_sendrecv_lmtp_client_packets" lineno="47735">
 <summary>
-Do not audit attempts to send and receive hadoop_datanode_client packets.
+Do not audit attempts to send and receive lmtp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36135,9 +38452,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_hadoop_datanode_client_packets" lineno="23826">
+<interface name="corenet_relabelto_lmtp_client_packets" lineno="47750">
 <summary>
-Relabel packets to hadoop_datanode_client the packet type.
+Relabel packets to lmtp_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -36145,9 +38462,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_hadoop_datanode_server_packets" lineno="23846">
+<interface name="corenet_send_lmtp_server_packets" lineno="47770">
 <summary>
-Send hadoop_datanode_server packets.
+Send lmtp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36156,9 +38473,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_hadoop_datanode_server_packets" lineno="23865">
+<interface name="corenet_dontaudit_send_lmtp_server_packets" lineno="47789">
 <summary>
-Do not audit attempts to send hadoop_datanode_server packets.
+Do not audit attempts to send lmtp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36167,9 +38484,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_hadoop_datanode_server_packets" lineno="23884">
+<interface name="corenet_receive_lmtp_server_packets" lineno="47808">
 <summary>
-Receive hadoop_datanode_server packets.
+Receive lmtp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36178,9 +38495,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_hadoop_datanode_server_packets" lineno="23903">
+<interface name="corenet_dontaudit_receive_lmtp_server_packets" lineno="47827">
 <summary>
-Do not audit attempts to receive hadoop_datanode_server packets.
+Do not audit attempts to receive lmtp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36189,9 +38506,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_hadoop_datanode_server_packets" lineno="23922">
+<interface name="corenet_sendrecv_lmtp_server_packets" lineno="47846">
 <summary>
-Send and receive hadoop_datanode_server packets.
+Send and receive lmtp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36200,9 +38517,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_hadoop_datanode_server_packets" lineno="23938">
+<interface name="corenet_dontaudit_sendrecv_lmtp_server_packets" lineno="47862">
 <summary>
-Do not audit attempts to send and receive hadoop_datanode_server packets.
+Do not audit attempts to send and receive lmtp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36211,9 +38528,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_hadoop_datanode_server_packets" lineno="23953">
+<interface name="corenet_relabelto_lmtp_server_packets" lineno="47877">
 <summary>
-Relabel packets to hadoop_datanode_server the packet type.
+Relabel packets to lmtp_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -36221,9 +38538,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_hadoop_namenode_port" lineno="23975">
+<interface name="corenet_tcp_sendrecv_lrrd_port" lineno="47899">
 <summary>
-Send and receive TCP traffic on the hadoop_namenode port.
+Send and receive TCP traffic on the lrrd port.
 </summary>
 <param name="domain">
 <summary>
@@ -36232,9 +38549,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_hadoop_namenode_port" lineno="23994">
+<interface name="corenet_udp_send_lrrd_port" lineno="47918">
 <summary>
-Send UDP traffic on the hadoop_namenode port.
+Send UDP traffic on the lrrd port.
 </summary>
 <param name="domain">
 <summary>
@@ -36243,9 +38560,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_hadoop_namenode_port" lineno="24013">
+<interface name="corenet_dontaudit_udp_send_lrrd_port" lineno="47937">
 <summary>
-Do not audit attempts to send UDP traffic on the hadoop_namenode port.
+Do not audit attempts to send UDP traffic on the lrrd port.
 </summary>
 <param name="domain">
 <summary>
@@ -36254,9 +38571,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_hadoop_namenode_port" lineno="24032">
+<interface name="corenet_udp_receive_lrrd_port" lineno="47956">
 <summary>
-Receive UDP traffic on the hadoop_namenode port.
+Receive UDP traffic on the lrrd port.
 </summary>
 <param name="domain">
 <summary>
@@ -36265,9 +38582,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_hadoop_namenode_port" lineno="24051">
+<interface name="corenet_dontaudit_udp_receive_lrrd_port" lineno="47975">
 <summary>
-Do not audit attempts to receive UDP traffic on the hadoop_namenode port.
+Do not audit attempts to receive UDP traffic on the lrrd port.
 </summary>
 <param name="domain">
 <summary>
@@ -36276,9 +38593,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_hadoop_namenode_port" lineno="24070">
+<interface name="corenet_udp_sendrecv_lrrd_port" lineno="47994">
 <summary>
-Send and receive UDP traffic on the hadoop_namenode port.
+Send and receive UDP traffic on the lrrd port.
 </summary>
 <param name="domain">
 <summary>
@@ -36287,10 +38604,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_hadoop_namenode_port" lineno="24087">
+<interface name="corenet_dontaudit_udp_sendrecv_lrrd_port" lineno="48011">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the hadoop_namenode port.
+UDP traffic on the lrrd port.
 </summary>
 <param name="domain">
 <summary>
@@ -36299,9 +38616,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_hadoop_namenode_port" lineno="24103">
+<interface name="corenet_tcp_bind_lrrd_port" lineno="48027">
 <summary>
-Bind TCP sockets to the hadoop_namenode port.
+Bind TCP sockets to the lrrd port.
 </summary>
 <param name="domain">
 <summary>
@@ -36310,9 +38627,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_hadoop_namenode_port" lineno="24123">
+<interface name="corenet_udp_bind_lrrd_port" lineno="48047">
 <summary>
-Bind UDP sockets to the hadoop_namenode port.
+Bind UDP sockets to the lrrd port.
 </summary>
 <param name="domain">
 <summary>
@@ -36321,9 +38638,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_hadoop_namenode_port" lineno="24142">
+<interface name="corenet_tcp_connect_lrrd_port" lineno="48066">
 <summary>
-Make a TCP connection to the hadoop_namenode port.
+Make a TCP connection to the lrrd port.
 </summary>
 <param name="domain">
 <summary>
@@ -36331,9 +38648,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_hadoop_namenode_client_packets" lineno="24162">
+<interface name="corenet_send_lrrd_client_packets" lineno="48086">
 <summary>
-Send hadoop_namenode_client packets.
+Send lrrd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36342,9 +38659,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_hadoop_namenode_client_packets" lineno="24181">
+<interface name="corenet_dontaudit_send_lrrd_client_packets" lineno="48105">
 <summary>
-Do not audit attempts to send hadoop_namenode_client packets.
+Do not audit attempts to send lrrd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36353,9 +38670,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_hadoop_namenode_client_packets" lineno="24200">
+<interface name="corenet_receive_lrrd_client_packets" lineno="48124">
 <summary>
-Receive hadoop_namenode_client packets.
+Receive lrrd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36364,9 +38681,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_hadoop_namenode_client_packets" lineno="24219">
+<interface name="corenet_dontaudit_receive_lrrd_client_packets" lineno="48143">
 <summary>
-Do not audit attempts to receive hadoop_namenode_client packets.
+Do not audit attempts to receive lrrd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36375,9 +38692,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_hadoop_namenode_client_packets" lineno="24238">
+<interface name="corenet_sendrecv_lrrd_client_packets" lineno="48162">
 <summary>
-Send and receive hadoop_namenode_client packets.
+Send and receive lrrd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36386,9 +38703,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_hadoop_namenode_client_packets" lineno="24254">
+<interface name="corenet_dontaudit_sendrecv_lrrd_client_packets" lineno="48178">
 <summary>
-Do not audit attempts to send and receive hadoop_namenode_client packets.
+Do not audit attempts to send and receive lrrd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36397,9 +38714,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_hadoop_namenode_client_packets" lineno="24269">
+<interface name="corenet_relabelto_lrrd_client_packets" lineno="48193">
 <summary>
-Relabel packets to hadoop_namenode_client the packet type.
+Relabel packets to lrrd_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -36407,9 +38724,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_hadoop_namenode_server_packets" lineno="24289">
+<interface name="corenet_send_lrrd_server_packets" lineno="48213">
 <summary>
-Send hadoop_namenode_server packets.
+Send lrrd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36418,9 +38735,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_hadoop_namenode_server_packets" lineno="24308">
+<interface name="corenet_dontaudit_send_lrrd_server_packets" lineno="48232">
 <summary>
-Do not audit attempts to send hadoop_namenode_server packets.
+Do not audit attempts to send lrrd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36429,9 +38746,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_hadoop_namenode_server_packets" lineno="24327">
+<interface name="corenet_receive_lrrd_server_packets" lineno="48251">
 <summary>
-Receive hadoop_namenode_server packets.
+Receive lrrd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36440,9 +38757,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_hadoop_namenode_server_packets" lineno="24346">
+<interface name="corenet_dontaudit_receive_lrrd_server_packets" lineno="48270">
 <summary>
-Do not audit attempts to receive hadoop_namenode_server packets.
+Do not audit attempts to receive lrrd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36451,9 +38768,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_hadoop_namenode_server_packets" lineno="24365">
+<interface name="corenet_sendrecv_lrrd_server_packets" lineno="48289">
 <summary>
-Send and receive hadoop_namenode_server packets.
+Send and receive lrrd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36462,9 +38779,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_hadoop_namenode_server_packets" lineno="24381">
+<interface name="corenet_dontaudit_sendrecv_lrrd_server_packets" lineno="48305">
 <summary>
-Do not audit attempts to send and receive hadoop_namenode_server packets.
+Do not audit attempts to send and receive lrrd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36473,9 +38790,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_hadoop_namenode_server_packets" lineno="24396">
+<interface name="corenet_relabelto_lrrd_server_packets" lineno="48320">
 <summary>
-Relabel packets to hadoop_namenode_server the packet type.
+Relabel packets to lrrd_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -36483,9 +38800,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_hddtemp_port" lineno="24418">
+<interface name="corenet_tcp_sendrecv_mail_port" lineno="48342">
 <summary>
-Send and receive TCP traffic on the hddtemp port.
+Send and receive TCP traffic on the mail port.
 </summary>
 <param name="domain">
 <summary>
@@ -36494,9 +38811,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_hddtemp_port" lineno="24437">
+<interface name="corenet_udp_send_mail_port" lineno="48361">
 <summary>
-Send UDP traffic on the hddtemp port.
+Send UDP traffic on the mail port.
 </summary>
 <param name="domain">
 <summary>
@@ -36505,9 +38822,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_hddtemp_port" lineno="24456">
+<interface name="corenet_dontaudit_udp_send_mail_port" lineno="48380">
 <summary>
-Do not audit attempts to send UDP traffic on the hddtemp port.
+Do not audit attempts to send UDP traffic on the mail port.
 </summary>
 <param name="domain">
 <summary>
@@ -36516,9 +38833,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_hddtemp_port" lineno="24475">
+<interface name="corenet_udp_receive_mail_port" lineno="48399">
 <summary>
-Receive UDP traffic on the hddtemp port.
+Receive UDP traffic on the mail port.
 </summary>
 <param name="domain">
 <summary>
@@ -36527,9 +38844,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_hddtemp_port" lineno="24494">
+<interface name="corenet_dontaudit_udp_receive_mail_port" lineno="48418">
 <summary>
-Do not audit attempts to receive UDP traffic on the hddtemp port.
+Do not audit attempts to receive UDP traffic on the mail port.
 </summary>
 <param name="domain">
 <summary>
@@ -36538,9 +38855,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_hddtemp_port" lineno="24513">
+<interface name="corenet_udp_sendrecv_mail_port" lineno="48437">
 <summary>
-Send and receive UDP traffic on the hddtemp port.
+Send and receive UDP traffic on the mail port.
 </summary>
 <param name="domain">
 <summary>
@@ -36549,10 +38866,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_hddtemp_port" lineno="24530">
+<interface name="corenet_dontaudit_udp_sendrecv_mail_port" lineno="48454">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the hddtemp port.
+UDP traffic on the mail port.
 </summary>
 <param name="domain">
 <summary>
@@ -36561,9 +38878,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_hddtemp_port" lineno="24546">
+<interface name="corenet_tcp_bind_mail_port" lineno="48470">
 <summary>
-Bind TCP sockets to the hddtemp port.
+Bind TCP sockets to the mail port.
 </summary>
 <param name="domain">
 <summary>
@@ -36572,9 +38889,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_hddtemp_port" lineno="24566">
+<interface name="corenet_udp_bind_mail_port" lineno="48490">
 <summary>
-Bind UDP sockets to the hddtemp port.
+Bind UDP sockets to the mail port.
 </summary>
 <param name="domain">
 <summary>
@@ -36583,9 +38900,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_hddtemp_port" lineno="24585">
+<interface name="corenet_tcp_connect_mail_port" lineno="48509">
 <summary>
-Make a TCP connection to the hddtemp port.
+Make a TCP connection to the mail port.
 </summary>
 <param name="domain">
 <summary>
@@ -36593,9 +38910,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_hddtemp_client_packets" lineno="24605">
+<interface name="corenet_send_mail_client_packets" lineno="48529">
 <summary>
-Send hddtemp_client packets.
+Send mail_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36604,9 +38921,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_hddtemp_client_packets" lineno="24624">
+<interface name="corenet_dontaudit_send_mail_client_packets" lineno="48548">
 <summary>
-Do not audit attempts to send hddtemp_client packets.
+Do not audit attempts to send mail_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36615,9 +38932,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_hddtemp_client_packets" lineno="24643">
+<interface name="corenet_receive_mail_client_packets" lineno="48567">
 <summary>
-Receive hddtemp_client packets.
+Receive mail_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36626,9 +38943,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_hddtemp_client_packets" lineno="24662">
+<interface name="corenet_dontaudit_receive_mail_client_packets" lineno="48586">
 <summary>
-Do not audit attempts to receive hddtemp_client packets.
+Do not audit attempts to receive mail_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36637,9 +38954,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_hddtemp_client_packets" lineno="24681">
+<interface name="corenet_sendrecv_mail_client_packets" lineno="48605">
 <summary>
-Send and receive hddtemp_client packets.
+Send and receive mail_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36648,9 +38965,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_hddtemp_client_packets" lineno="24697">
+<interface name="corenet_dontaudit_sendrecv_mail_client_packets" lineno="48621">
 <summary>
-Do not audit attempts to send and receive hddtemp_client packets.
+Do not audit attempts to send and receive mail_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36659,9 +38976,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_hddtemp_client_packets" lineno="24712">
+<interface name="corenet_relabelto_mail_client_packets" lineno="48636">
 <summary>
-Relabel packets to hddtemp_client the packet type.
+Relabel packets to mail_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -36669,9 +38986,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_hddtemp_server_packets" lineno="24732">
+<interface name="corenet_send_mail_server_packets" lineno="48656">
 <summary>
-Send hddtemp_server packets.
+Send mail_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36680,9 +38997,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_hddtemp_server_packets" lineno="24751">
+<interface name="corenet_dontaudit_send_mail_server_packets" lineno="48675">
 <summary>
-Do not audit attempts to send hddtemp_server packets.
+Do not audit attempts to send mail_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36691,9 +39008,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_hddtemp_server_packets" lineno="24770">
+<interface name="corenet_receive_mail_server_packets" lineno="48694">
 <summary>
-Receive hddtemp_server packets.
+Receive mail_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36702,9 +39019,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_hddtemp_server_packets" lineno="24789">
+<interface name="corenet_dontaudit_receive_mail_server_packets" lineno="48713">
 <summary>
-Do not audit attempts to receive hddtemp_server packets.
+Do not audit attempts to receive mail_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36713,9 +39030,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_hddtemp_server_packets" lineno="24808">
+<interface name="corenet_sendrecv_mail_server_packets" lineno="48732">
 <summary>
-Send and receive hddtemp_server packets.
+Send and receive mail_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36724,9 +39041,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_hddtemp_server_packets" lineno="24824">
+<interface name="corenet_dontaudit_sendrecv_mail_server_packets" lineno="48748">
 <summary>
-Do not audit attempts to send and receive hddtemp_server packets.
+Do not audit attempts to send and receive mail_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36735,9 +39052,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_hddtemp_server_packets" lineno="24839">
+<interface name="corenet_relabelto_mail_server_packets" lineno="48763">
 <summary>
-Relabel packets to hddtemp_server the packet type.
+Relabel packets to mail_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -36745,9 +39062,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_howl_port" lineno="24861">
+<interface name="corenet_tcp_sendrecv_matahari_port" lineno="48785">
 <summary>
-Send and receive TCP traffic on the howl port.
+Send and receive TCP traffic on the matahari port.
 </summary>
 <param name="domain">
 <summary>
@@ -36756,9 +39073,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_howl_port" lineno="24880">
+<interface name="corenet_udp_send_matahari_port" lineno="48804">
 <summary>
-Send UDP traffic on the howl port.
+Send UDP traffic on the matahari port.
 </summary>
 <param name="domain">
 <summary>
@@ -36767,9 +39084,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_howl_port" lineno="24899">
+<interface name="corenet_dontaudit_udp_send_matahari_port" lineno="48823">
 <summary>
-Do not audit attempts to send UDP traffic on the howl port.
+Do not audit attempts to send UDP traffic on the matahari port.
 </summary>
 <param name="domain">
 <summary>
@@ -36778,9 +39095,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_howl_port" lineno="24918">
+<interface name="corenet_udp_receive_matahari_port" lineno="48842">
 <summary>
-Receive UDP traffic on the howl port.
+Receive UDP traffic on the matahari port.
 </summary>
 <param name="domain">
 <summary>
@@ -36789,9 +39106,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_howl_port" lineno="24937">
+<interface name="corenet_dontaudit_udp_receive_matahari_port" lineno="48861">
 <summary>
-Do not audit attempts to receive UDP traffic on the howl port.
+Do not audit attempts to receive UDP traffic on the matahari port.
 </summary>
 <param name="domain">
 <summary>
@@ -36800,9 +39117,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_howl_port" lineno="24956">
+<interface name="corenet_udp_sendrecv_matahari_port" lineno="48880">
 <summary>
-Send and receive UDP traffic on the howl port.
+Send and receive UDP traffic on the matahari port.
 </summary>
 <param name="domain">
 <summary>
@@ -36811,10 +39128,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_howl_port" lineno="24973">
+<interface name="corenet_dontaudit_udp_sendrecv_matahari_port" lineno="48897">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the howl port.
+UDP traffic on the matahari port.
 </summary>
 <param name="domain">
 <summary>
@@ -36823,9 +39140,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_howl_port" lineno="24989">
+<interface name="corenet_tcp_bind_matahari_port" lineno="48913">
 <summary>
-Bind TCP sockets to the howl port.
+Bind TCP sockets to the matahari port.
 </summary>
 <param name="domain">
 <summary>
@@ -36834,9 +39151,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_howl_port" lineno="25009">
+<interface name="corenet_udp_bind_matahari_port" lineno="48933">
 <summary>
-Bind UDP sockets to the howl port.
+Bind UDP sockets to the matahari port.
 </summary>
 <param name="domain">
 <summary>
@@ -36845,9 +39162,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_howl_port" lineno="25028">
+<interface name="corenet_tcp_connect_matahari_port" lineno="48952">
 <summary>
-Make a TCP connection to the howl port.
+Make a TCP connection to the matahari port.
 </summary>
 <param name="domain">
 <summary>
@@ -36855,9 +39172,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_howl_client_packets" lineno="25048">
+<interface name="corenet_send_matahari_client_packets" lineno="48972">
 <summary>
-Send howl_client packets.
+Send matahari_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36866,9 +39183,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_howl_client_packets" lineno="25067">
+<interface name="corenet_dontaudit_send_matahari_client_packets" lineno="48991">
 <summary>
-Do not audit attempts to send howl_client packets.
+Do not audit attempts to send matahari_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36877,9 +39194,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_howl_client_packets" lineno="25086">
+<interface name="corenet_receive_matahari_client_packets" lineno="49010">
 <summary>
-Receive howl_client packets.
+Receive matahari_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36888,9 +39205,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_howl_client_packets" lineno="25105">
+<interface name="corenet_dontaudit_receive_matahari_client_packets" lineno="49029">
 <summary>
-Do not audit attempts to receive howl_client packets.
+Do not audit attempts to receive matahari_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36899,9 +39216,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_howl_client_packets" lineno="25124">
+<interface name="corenet_sendrecv_matahari_client_packets" lineno="49048">
 <summary>
-Send and receive howl_client packets.
+Send and receive matahari_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36910,9 +39227,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_howl_client_packets" lineno="25140">
+<interface name="corenet_dontaudit_sendrecv_matahari_client_packets" lineno="49064">
 <summary>
-Do not audit attempts to send and receive howl_client packets.
+Do not audit attempts to send and receive matahari_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36921,9 +39238,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_howl_client_packets" lineno="25155">
+<interface name="corenet_relabelto_matahari_client_packets" lineno="49079">
 <summary>
-Relabel packets to howl_client the packet type.
+Relabel packets to matahari_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -36931,9 +39248,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_howl_server_packets" lineno="25175">
+<interface name="corenet_send_matahari_server_packets" lineno="49099">
 <summary>
-Send howl_server packets.
+Send matahari_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36942,9 +39259,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_howl_server_packets" lineno="25194">
+<interface name="corenet_dontaudit_send_matahari_server_packets" lineno="49118">
 <summary>
-Do not audit attempts to send howl_server packets.
+Do not audit attempts to send matahari_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36953,9 +39270,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_howl_server_packets" lineno="25213">
+<interface name="corenet_receive_matahari_server_packets" lineno="49137">
 <summary>
-Receive howl_server packets.
+Receive matahari_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36964,9 +39281,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_howl_server_packets" lineno="25232">
+<interface name="corenet_dontaudit_receive_matahari_server_packets" lineno="49156">
 <summary>
-Do not audit attempts to receive howl_server packets.
+Do not audit attempts to receive matahari_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36975,9 +39292,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_howl_server_packets" lineno="25251">
+<interface name="corenet_sendrecv_matahari_server_packets" lineno="49175">
 <summary>
-Send and receive howl_server packets.
+Send and receive matahari_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36986,9 +39303,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_howl_server_packets" lineno="25267">
+<interface name="corenet_dontaudit_sendrecv_matahari_server_packets" lineno="49191">
 <summary>
-Do not audit attempts to send and receive howl_server packets.
+Do not audit attempts to send and receive matahari_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -36997,9 +39314,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_howl_server_packets" lineno="25282">
+<interface name="corenet_relabelto_matahari_server_packets" lineno="49206">
 <summary>
-Relabel packets to howl_server the packet type.
+Relabel packets to matahari_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -37007,9 +39324,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_hplip_port" lineno="25304">
+<interface name="corenet_tcp_sendrecv_memcache_port" lineno="49228">
 <summary>
-Send and receive TCP traffic on the hplip port.
+Send and receive TCP traffic on the memcache port.
 </summary>
 <param name="domain">
 <summary>
@@ -37018,9 +39335,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_hplip_port" lineno="25323">
+<interface name="corenet_udp_send_memcache_port" lineno="49247">
 <summary>
-Send UDP traffic on the hplip port.
+Send UDP traffic on the memcache port.
 </summary>
 <param name="domain">
 <summary>
@@ -37029,9 +39346,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_hplip_port" lineno="25342">
+<interface name="corenet_dontaudit_udp_send_memcache_port" lineno="49266">
 <summary>
-Do not audit attempts to send UDP traffic on the hplip port.
+Do not audit attempts to send UDP traffic on the memcache port.
 </summary>
 <param name="domain">
 <summary>
@@ -37040,9 +39357,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_hplip_port" lineno="25361">
+<interface name="corenet_udp_receive_memcache_port" lineno="49285">
 <summary>
-Receive UDP traffic on the hplip port.
+Receive UDP traffic on the memcache port.
 </summary>
 <param name="domain">
 <summary>
@@ -37051,9 +39368,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_hplip_port" lineno="25380">
+<interface name="corenet_dontaudit_udp_receive_memcache_port" lineno="49304">
 <summary>
-Do not audit attempts to receive UDP traffic on the hplip port.
+Do not audit attempts to receive UDP traffic on the memcache port.
 </summary>
 <param name="domain">
 <summary>
@@ -37062,9 +39379,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_hplip_port" lineno="25399">
+<interface name="corenet_udp_sendrecv_memcache_port" lineno="49323">
 <summary>
-Send and receive UDP traffic on the hplip port.
+Send and receive UDP traffic on the memcache port.
 </summary>
 <param name="domain">
 <summary>
@@ -37073,10 +39390,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_hplip_port" lineno="25416">
+<interface name="corenet_dontaudit_udp_sendrecv_memcache_port" lineno="49340">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the hplip port.
+UDP traffic on the memcache port.
 </summary>
 <param name="domain">
 <summary>
@@ -37085,9 +39402,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_hplip_port" lineno="25432">
+<interface name="corenet_tcp_bind_memcache_port" lineno="49356">
 <summary>
-Bind TCP sockets to the hplip port.
+Bind TCP sockets to the memcache port.
 </summary>
 <param name="domain">
 <summary>
@@ -37096,9 +39413,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_hplip_port" lineno="25452">
+<interface name="corenet_udp_bind_memcache_port" lineno="49376">
 <summary>
-Bind UDP sockets to the hplip port.
+Bind UDP sockets to the memcache port.
 </summary>
 <param name="domain">
 <summary>
@@ -37107,9 +39424,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_hplip_port" lineno="25471">
+<interface name="corenet_tcp_connect_memcache_port" lineno="49395">
 <summary>
-Make a TCP connection to the hplip port.
+Make a TCP connection to the memcache port.
 </summary>
 <param name="domain">
 <summary>
@@ -37117,9 +39434,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_hplip_client_packets" lineno="25491">
+<interface name="corenet_send_memcache_client_packets" lineno="49415">
 <summary>
-Send hplip_client packets.
+Send memcache_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -37128,9 +39445,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_hplip_client_packets" lineno="25510">
+<interface name="corenet_dontaudit_send_memcache_client_packets" lineno="49434">
 <summary>
-Do not audit attempts to send hplip_client packets.
+Do not audit attempts to send memcache_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -37139,9 +39456,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_hplip_client_packets" lineno="25529">
+<interface name="corenet_receive_memcache_client_packets" lineno="49453">
 <summary>
-Receive hplip_client packets.
+Receive memcache_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -37150,9 +39467,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_hplip_client_packets" lineno="25548">
+<interface name="corenet_dontaudit_receive_memcache_client_packets" lineno="49472">
 <summary>
-Do not audit attempts to receive hplip_client packets.
+Do not audit attempts to receive memcache_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -37161,9 +39478,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_hplip_client_packets" lineno="25567">
+<interface name="corenet_sendrecv_memcache_client_packets" lineno="49491">
 <summary>
-Send and receive hplip_client packets.
+Send and receive memcache_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -37172,9 +39489,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_hplip_client_packets" lineno="25583">
+<interface name="corenet_dontaudit_sendrecv_memcache_client_packets" lineno="49507">
 <summary>
-Do not audit attempts to send and receive hplip_client packets.
+Do not audit attempts to send and receive memcache_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -37183,9 +39500,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_hplip_client_packets" lineno="25598">
+<interface name="corenet_relabelto_memcache_client_packets" lineno="49522">
 <summary>
-Relabel packets to hplip_client the packet type.
+Relabel packets to memcache_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -37193,9 +39510,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_hplip_server_packets" lineno="25618">
+<interface name="corenet_send_memcache_server_packets" lineno="49542">
 <summary>
-Send hplip_server packets.
+Send memcache_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -37204,9 +39521,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_hplip_server_packets" lineno="25637">
+<interface name="corenet_dontaudit_send_memcache_server_packets" lineno="49561">
 <summary>
-Do not audit attempts to send hplip_server packets.
+Do not audit attempts to send memcache_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -37215,9 +39532,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_hplip_server_packets" lineno="25656">
+<interface name="corenet_receive_memcache_server_packets" lineno="49580">
 <summary>
-Receive hplip_server packets.
+Receive memcache_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -37226,9 +39543,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_hplip_server_packets" lineno="25675">
+<interface name="corenet_dontaudit_receive_memcache_server_packets" lineno="49599">
 <summary>
-Do not audit attempts to receive hplip_server packets.
+Do not audit attempts to receive memcache_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -37237,9 +39554,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_hplip_server_packets" lineno="25694">
+<interface name="corenet_sendrecv_memcache_server_packets" lineno="49618">
 <summary>
-Send and receive hplip_server packets.
+Send and receive memcache_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -37248,9 +39565,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_hplip_server_packets" lineno="25710">
+<interface name="corenet_dontaudit_sendrecv_memcache_server_packets" lineno="49634">
 <summary>
-Do not audit attempts to send and receive hplip_server packets.
+Do not audit attempts to send and receive memcache_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -37259,9 +39576,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_hplip_server_packets" lineno="25725">
+<interface name="corenet_relabelto_memcache_server_packets" lineno="49649">
 <summary>
-Relabel packets to hplip_server the packet type.
+Relabel packets to memcache_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -37269,9 +39586,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_http_port" lineno="25747">
+<interface name="corenet_tcp_sendrecv_milter_port" lineno="49671">
 <summary>
-Send and receive TCP traffic on the http port.
+Send and receive TCP traffic on the milter port.
 </summary>
 <param name="domain">
 <summary>
@@ -37280,9 +39597,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_http_port" lineno="25766">
+<interface name="corenet_udp_send_milter_port" lineno="49690">
 <summary>
-Send UDP traffic on the http port.
+Send UDP traffic on the milter port.
 </summary>
 <param name="domain">
 <summary>
@@ -37291,9 +39608,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_http_port" lineno="25785">
+<interface name="corenet_dontaudit_udp_send_milter_port" lineno="49709">
 <summary>
-Do not audit attempts to send UDP traffic on the http port.
+Do not audit attempts to send UDP traffic on the milter port.
 </summary>
 <param name="domain">
 <summary>
@@ -37302,9 +39619,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_http_port" lineno="25804">
+<interface name="corenet_udp_receive_milter_port" lineno="49728">
 <summary>
-Receive UDP traffic on the http port.
+Receive UDP traffic on the milter port.
 </summary>
 <param name="domain">
 <summary>
@@ -37313,9 +39630,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_http_port" lineno="25823">
+<interface name="corenet_dontaudit_udp_receive_milter_port" lineno="49747">
 <summary>
-Do not audit attempts to receive UDP traffic on the http port.
+Do not audit attempts to receive UDP traffic on the milter port.
 </summary>
 <param name="domain">
 <summary>
@@ -37324,9 +39641,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_http_port" lineno="25842">
+<interface name="corenet_udp_sendrecv_milter_port" lineno="49766">
 <summary>
-Send and receive UDP traffic on the http port.
+Send and receive UDP traffic on the milter port.
 </summary>
 <param name="domain">
 <summary>
@@ -37335,10 +39652,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_http_port" lineno="25859">
+<interface name="corenet_dontaudit_udp_sendrecv_milter_port" lineno="49783">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the http port.
+UDP traffic on the milter port.
 </summary>
 <param name="domain">
 <summary>
@@ -37347,9 +39664,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_http_port" lineno="25875">
+<interface name="corenet_tcp_bind_milter_port" lineno="49799">
 <summary>
-Bind TCP sockets to the http port.
+Bind TCP sockets to the milter port.
 </summary>
 <param name="domain">
 <summary>
@@ -37358,9 +39675,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_http_port" lineno="25895">
+<interface name="corenet_udp_bind_milter_port" lineno="49819">
 <summary>
-Bind UDP sockets to the http port.
+Bind UDP sockets to the milter port.
 </summary>
 <param name="domain">
 <summary>
@@ -37369,9 +39686,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_http_port" lineno="25914">
+<interface name="corenet_tcp_connect_milter_port" lineno="49838">
 <summary>
-Make a TCP connection to the http port.
+Make a TCP connection to the milter port.
 </summary>
 <param name="domain">
 <summary>
@@ -37379,9 +39696,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_http_client_packets" lineno="25934">
+<interface name="corenet_send_milter_client_packets" lineno="49858">
 <summary>
-Send http_client packets.
+Send milter_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -37390,9 +39707,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_http_client_packets" lineno="25953">
+<interface name="corenet_dontaudit_send_milter_client_packets" lineno="49877">
 <summary>
-Do not audit attempts to send http_client packets.
+Do not audit attempts to send milter_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -37401,9 +39718,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_http_client_packets" lineno="25972">
+<interface name="corenet_receive_milter_client_packets" lineno="49896">
 <summary>
-Receive http_client packets.
+Receive milter_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -37412,9 +39729,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_http_client_packets" lineno="25991">
+<interface name="corenet_dontaudit_receive_milter_client_packets" lineno="49915">
 <summary>
-Do not audit attempts to receive http_client packets.
+Do not audit attempts to receive milter_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -37423,9 +39740,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_http_client_packets" lineno="26010">
+<interface name="corenet_sendrecv_milter_client_packets" lineno="49934">
 <summary>
-Send and receive http_client packets.
+Send and receive milter_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -37434,9 +39751,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_http_client_packets" lineno="26026">
+<interface name="corenet_dontaudit_sendrecv_milter_client_packets" lineno="49950">
 <summary>
-Do not audit attempts to send and receive http_client packets.
+Do not audit attempts to send and receive milter_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -37445,9 +39762,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_http_client_packets" lineno="26041">
+<interface name="corenet_relabelto_milter_client_packets" lineno="49965">
 <summary>
-Relabel packets to http_client the packet type.
+Relabel packets to milter_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -37455,9 +39772,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_http_server_packets" lineno="26061">
+<interface name="corenet_send_milter_server_packets" lineno="49985">
 <summary>
-Send http_server packets.
+Send milter_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -37466,9 +39783,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_http_server_packets" lineno="26080">
+<interface name="corenet_dontaudit_send_milter_server_packets" lineno="50004">
 <summary>
-Do not audit attempts to send http_server packets.
+Do not audit attempts to send milter_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -37477,9 +39794,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_http_server_packets" lineno="26099">
+<interface name="corenet_receive_milter_server_packets" lineno="50023">
 <summary>
-Receive http_server packets.
+Receive milter_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -37488,9 +39805,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_http_server_packets" lineno="26118">
+<interface name="corenet_dontaudit_receive_milter_server_packets" lineno="50042">
 <summary>
-Do not audit attempts to receive http_server packets.
+Do not audit attempts to receive milter_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -37499,9 +39816,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_http_server_packets" lineno="26137">
+<interface name="corenet_sendrecv_milter_server_packets" lineno="50061">
 <summary>
-Send and receive http_server packets.
+Send and receive milter_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -37510,9 +39827,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_http_server_packets" lineno="26153">
+<interface name="corenet_dontaudit_sendrecv_milter_server_packets" lineno="50077">
 <summary>
-Do not audit attempts to send and receive http_server packets.
+Do not audit attempts to send and receive milter_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -37521,9 +39838,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_http_server_packets" lineno="26168">
+<interface name="corenet_relabelto_milter_server_packets" lineno="50092">
 <summary>
-Relabel packets to http_server the packet type.
+Relabel packets to milter_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -37531,9 +39848,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_http_cache_port" lineno="26190">
+<interface name="corenet_tcp_sendrecv_mmcc_port" lineno="50114">
 <summary>
-Send and receive TCP traffic on the http_cache port.
+Send and receive TCP traffic on the mmcc port.
 </summary>
 <param name="domain">
 <summary>
@@ -37542,9 +39859,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_http_cache_port" lineno="26209">
+<interface name="corenet_udp_send_mmcc_port" lineno="50133">
 <summary>
-Send UDP traffic on the http_cache port.
+Send UDP traffic on the mmcc port.
 </summary>
 <param name="domain">
 <summary>
@@ -37553,9 +39870,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_http_cache_port" lineno="26228">
+<interface name="corenet_dontaudit_udp_send_mmcc_port" lineno="50152">
 <summary>
-Do not audit attempts to send UDP traffic on the http_cache port.
+Do not audit attempts to send UDP traffic on the mmcc port.
 </summary>
 <param name="domain">
 <summary>
@@ -37564,9 +39881,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_http_cache_port" lineno="26247">
+<interface name="corenet_udp_receive_mmcc_port" lineno="50171">
 <summary>
-Receive UDP traffic on the http_cache port.
+Receive UDP traffic on the mmcc port.
 </summary>
 <param name="domain">
 <summary>
@@ -37575,9 +39892,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_http_cache_port" lineno="26266">
+<interface name="corenet_dontaudit_udp_receive_mmcc_port" lineno="50190">
 <summary>
-Do not audit attempts to receive UDP traffic on the http_cache port.
+Do not audit attempts to receive UDP traffic on the mmcc port.
 </summary>
 <param name="domain">
 <summary>
@@ -37586,9 +39903,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_http_cache_port" lineno="26285">
+<interface name="corenet_udp_sendrecv_mmcc_port" lineno="50209">
 <summary>
-Send and receive UDP traffic on the http_cache port.
+Send and receive UDP traffic on the mmcc port.
 </summary>
 <param name="domain">
 <summary>
@@ -37597,10 +39914,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_http_cache_port" lineno="26302">
+<interface name="corenet_dontaudit_udp_sendrecv_mmcc_port" lineno="50226">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the http_cache port.
+UDP traffic on the mmcc port.
 </summary>
 <param name="domain">
 <summary>
@@ -37609,9 +39926,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_http_cache_port" lineno="26318">
+<interface name="corenet_tcp_bind_mmcc_port" lineno="50242">
 <summary>
-Bind TCP sockets to the http_cache port.
+Bind TCP sockets to the mmcc port.
 </summary>
 <param name="domain">
 <summary>
@@ -37620,9 +39937,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_http_cache_port" lineno="26338">
+<interface name="corenet_udp_bind_mmcc_port" lineno="50262">
 <summary>
-Bind UDP sockets to the http_cache port.
+Bind UDP sockets to the mmcc port.
 </summary>
 <param name="domain">
 <summary>
@@ -37631,9 +39948,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_http_cache_port" lineno="26357">
+<interface name="corenet_tcp_connect_mmcc_port" lineno="50281">
 <summary>
-Make a TCP connection to the http_cache port.
+Make a TCP connection to the mmcc port.
 </summary>
 <param name="domain">
 <summary>
@@ -37641,9 +39958,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_http_cache_client_packets" lineno="26377">
+<interface name="corenet_send_mmcc_client_packets" lineno="50301">
 <summary>
-Send http_cache_client packets.
+Send mmcc_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -37652,9 +39969,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_http_cache_client_packets" lineno="26396">
+<interface name="corenet_dontaudit_send_mmcc_client_packets" lineno="50320">
 <summary>
-Do not audit attempts to send http_cache_client packets.
+Do not audit attempts to send mmcc_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -37663,9 +39980,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_http_cache_client_packets" lineno="26415">
+<interface name="corenet_receive_mmcc_client_packets" lineno="50339">
 <summary>
-Receive http_cache_client packets.
+Receive mmcc_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -37674,9 +39991,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_http_cache_client_packets" lineno="26434">
+<interface name="corenet_dontaudit_receive_mmcc_client_packets" lineno="50358">
 <summary>
-Do not audit attempts to receive http_cache_client packets.
+Do not audit attempts to receive mmcc_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -37685,9 +40002,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_http_cache_client_packets" lineno="26453">
+<interface name="corenet_sendrecv_mmcc_client_packets" lineno="50377">
 <summary>
-Send and receive http_cache_client packets.
+Send and receive mmcc_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -37696,9 +40013,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_http_cache_client_packets" lineno="26469">
+<interface name="corenet_dontaudit_sendrecv_mmcc_client_packets" lineno="50393">
 <summary>
-Do not audit attempts to send and receive http_cache_client packets.
+Do not audit attempts to send and receive mmcc_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -37707,9 +40024,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_http_cache_client_packets" lineno="26484">
+<interface name="corenet_relabelto_mmcc_client_packets" lineno="50408">
 <summary>
-Relabel packets to http_cache_client the packet type.
+Relabel packets to mmcc_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -37717,9 +40034,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_http_cache_server_packets" lineno="26504">
+<interface name="corenet_send_mmcc_server_packets" lineno="50428">
 <summary>
-Send http_cache_server packets.
+Send mmcc_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -37728,9 +40045,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_http_cache_server_packets" lineno="26523">
+<interface name="corenet_dontaudit_send_mmcc_server_packets" lineno="50447">
 <summary>
-Do not audit attempts to send http_cache_server packets.
+Do not audit attempts to send mmcc_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -37739,9 +40056,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_http_cache_server_packets" lineno="26542">
+<interface name="corenet_receive_mmcc_server_packets" lineno="50466">
 <summary>
-Receive http_cache_server packets.
+Receive mmcc_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -37750,9 +40067,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_http_cache_server_packets" lineno="26561">
+<interface name="corenet_dontaudit_receive_mmcc_server_packets" lineno="50485">
 <summary>
-Do not audit attempts to receive http_cache_server packets.
+Do not audit attempts to receive mmcc_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -37761,9 +40078,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_http_cache_server_packets" lineno="26580">
+<interface name="corenet_sendrecv_mmcc_server_packets" lineno="50504">
 <summary>
-Send and receive http_cache_server packets.
+Send and receive mmcc_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -37772,9 +40089,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_http_cache_server_packets" lineno="26596">
+<interface name="corenet_dontaudit_sendrecv_mmcc_server_packets" lineno="50520">
 <summary>
-Do not audit attempts to send and receive http_cache_server packets.
+Do not audit attempts to send and receive mmcc_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -37783,9 +40100,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_http_cache_server_packets" lineno="26611">
+<interface name="corenet_relabelto_mmcc_server_packets" lineno="50535">
 <summary>
-Relabel packets to http_cache_server the packet type.
+Relabel packets to mmcc_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -37793,9 +40110,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_i18n_input_port" lineno="26633">
+<interface name="corenet_tcp_sendrecv_mon_port" lineno="50557">
 <summary>
-Send and receive TCP traffic on the i18n_input port.
+Send and receive TCP traffic on the mon port.
 </summary>
 <param name="domain">
 <summary>
@@ -37804,9 +40121,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_i18n_input_port" lineno="26652">
+<interface name="corenet_udp_send_mon_port" lineno="50576">
 <summary>
-Send UDP traffic on the i18n_input port.
+Send UDP traffic on the mon port.
 </summary>
 <param name="domain">
 <summary>
@@ -37815,9 +40132,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_i18n_input_port" lineno="26671">
+<interface name="corenet_dontaudit_udp_send_mon_port" lineno="50595">
 <summary>
-Do not audit attempts to send UDP traffic on the i18n_input port.
+Do not audit attempts to send UDP traffic on the mon port.
 </summary>
 <param name="domain">
 <summary>
@@ -37826,9 +40143,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_i18n_input_port" lineno="26690">
+<interface name="corenet_udp_receive_mon_port" lineno="50614">
 <summary>
-Receive UDP traffic on the i18n_input port.
+Receive UDP traffic on the mon port.
 </summary>
 <param name="domain">
 <summary>
@@ -37837,9 +40154,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_i18n_input_port" lineno="26709">
+<interface name="corenet_dontaudit_udp_receive_mon_port" lineno="50633">
 <summary>
-Do not audit attempts to receive UDP traffic on the i18n_input port.
+Do not audit attempts to receive UDP traffic on the mon port.
 </summary>
 <param name="domain">
 <summary>
@@ -37848,9 +40165,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_i18n_input_port" lineno="26728">
+<interface name="corenet_udp_sendrecv_mon_port" lineno="50652">
 <summary>
-Send and receive UDP traffic on the i18n_input port.
+Send and receive UDP traffic on the mon port.
 </summary>
 <param name="domain">
 <summary>
@@ -37859,10 +40176,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_i18n_input_port" lineno="26745">
+<interface name="corenet_dontaudit_udp_sendrecv_mon_port" lineno="50669">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the i18n_input port.
+UDP traffic on the mon port.
 </summary>
 <param name="domain">
 <summary>
@@ -37871,9 +40188,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_i18n_input_port" lineno="26761">
+<interface name="corenet_tcp_bind_mon_port" lineno="50685">
 <summary>
-Bind TCP sockets to the i18n_input port.
+Bind TCP sockets to the mon port.
 </summary>
 <param name="domain">
 <summary>
@@ -37882,9 +40199,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_i18n_input_port" lineno="26781">
+<interface name="corenet_udp_bind_mon_port" lineno="50705">
 <summary>
-Bind UDP sockets to the i18n_input port.
+Bind UDP sockets to the mon port.
 </summary>
 <param name="domain">
 <summary>
@@ -37893,9 +40210,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_i18n_input_port" lineno="26800">
+<interface name="corenet_tcp_connect_mon_port" lineno="50724">
 <summary>
-Make a TCP connection to the i18n_input port.
+Make a TCP connection to the mon port.
 </summary>
 <param name="domain">
 <summary>
@@ -37903,9 +40220,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_i18n_input_client_packets" lineno="26820">
+<interface name="corenet_send_mon_client_packets" lineno="50744">
 <summary>
-Send i18n_input_client packets.
+Send mon_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -37914,9 +40231,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_i18n_input_client_packets" lineno="26839">
+<interface name="corenet_dontaudit_send_mon_client_packets" lineno="50763">
 <summary>
-Do not audit attempts to send i18n_input_client packets.
+Do not audit attempts to send mon_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -37925,9 +40242,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_i18n_input_client_packets" lineno="26858">
+<interface name="corenet_receive_mon_client_packets" lineno="50782">
 <summary>
-Receive i18n_input_client packets.
+Receive mon_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -37936,9 +40253,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_i18n_input_client_packets" lineno="26877">
+<interface name="corenet_dontaudit_receive_mon_client_packets" lineno="50801">
 <summary>
-Do not audit attempts to receive i18n_input_client packets.
+Do not audit attempts to receive mon_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -37947,9 +40264,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_i18n_input_client_packets" lineno="26896">
+<interface name="corenet_sendrecv_mon_client_packets" lineno="50820">
 <summary>
-Send and receive i18n_input_client packets.
+Send and receive mon_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -37958,9 +40275,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_i18n_input_client_packets" lineno="26912">
+<interface name="corenet_dontaudit_sendrecv_mon_client_packets" lineno="50836">
 <summary>
-Do not audit attempts to send and receive i18n_input_client packets.
+Do not audit attempts to send and receive mon_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -37969,9 +40286,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_i18n_input_client_packets" lineno="26927">
+<interface name="corenet_relabelto_mon_client_packets" lineno="50851">
 <summary>
-Relabel packets to i18n_input_client the packet type.
+Relabel packets to mon_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -37979,9 +40296,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_i18n_input_server_packets" lineno="26947">
+<interface name="corenet_send_mon_server_packets" lineno="50871">
 <summary>
-Send i18n_input_server packets.
+Send mon_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -37990,9 +40307,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_i18n_input_server_packets" lineno="26966">
+<interface name="corenet_dontaudit_send_mon_server_packets" lineno="50890">
 <summary>
-Do not audit attempts to send i18n_input_server packets.
+Do not audit attempts to send mon_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38001,9 +40318,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_i18n_input_server_packets" lineno="26985">
+<interface name="corenet_receive_mon_server_packets" lineno="50909">
 <summary>
-Receive i18n_input_server packets.
+Receive mon_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38012,9 +40329,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_i18n_input_server_packets" lineno="27004">
+<interface name="corenet_dontaudit_receive_mon_server_packets" lineno="50928">
 <summary>
-Do not audit attempts to receive i18n_input_server packets.
+Do not audit attempts to receive mon_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38023,9 +40340,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_i18n_input_server_packets" lineno="27023">
+<interface name="corenet_sendrecv_mon_server_packets" lineno="50947">
 <summary>
-Send and receive i18n_input_server packets.
+Send and receive mon_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38034,9 +40351,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_i18n_input_server_packets" lineno="27039">
+<interface name="corenet_dontaudit_sendrecv_mon_server_packets" lineno="50963">
 <summary>
-Do not audit attempts to send and receive i18n_input_server packets.
+Do not audit attempts to send and receive mon_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38045,9 +40362,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_i18n_input_server_packets" lineno="27054">
+<interface name="corenet_relabelto_mon_server_packets" lineno="50978">
 <summary>
-Relabel packets to i18n_input_server the packet type.
+Relabel packets to mon_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -38055,9 +40372,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_imaze_port" lineno="27076">
+<interface name="corenet_tcp_sendrecv_monit_port" lineno="51000">
 <summary>
-Send and receive TCP traffic on the imaze port.
+Send and receive TCP traffic on the monit port.
 </summary>
 <param name="domain">
 <summary>
@@ -38066,9 +40383,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_imaze_port" lineno="27095">
+<interface name="corenet_udp_send_monit_port" lineno="51019">
 <summary>
-Send UDP traffic on the imaze port.
+Send UDP traffic on the monit port.
 </summary>
 <param name="domain">
 <summary>
@@ -38077,9 +40394,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_imaze_port" lineno="27114">
+<interface name="corenet_dontaudit_udp_send_monit_port" lineno="51038">
 <summary>
-Do not audit attempts to send UDP traffic on the imaze port.
+Do not audit attempts to send UDP traffic on the monit port.
 </summary>
 <param name="domain">
 <summary>
@@ -38088,9 +40405,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_imaze_port" lineno="27133">
+<interface name="corenet_udp_receive_monit_port" lineno="51057">
 <summary>
-Receive UDP traffic on the imaze port.
+Receive UDP traffic on the monit port.
 </summary>
 <param name="domain">
 <summary>
@@ -38099,9 +40416,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_imaze_port" lineno="27152">
+<interface name="corenet_dontaudit_udp_receive_monit_port" lineno="51076">
 <summary>
-Do not audit attempts to receive UDP traffic on the imaze port.
+Do not audit attempts to receive UDP traffic on the monit port.
 </summary>
 <param name="domain">
 <summary>
@@ -38110,9 +40427,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_imaze_port" lineno="27171">
+<interface name="corenet_udp_sendrecv_monit_port" lineno="51095">
 <summary>
-Send and receive UDP traffic on the imaze port.
+Send and receive UDP traffic on the monit port.
 </summary>
 <param name="domain">
 <summary>
@@ -38121,10 +40438,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_imaze_port" lineno="27188">
+<interface name="corenet_dontaudit_udp_sendrecv_monit_port" lineno="51112">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the imaze port.
+UDP traffic on the monit port.
 </summary>
 <param name="domain">
 <summary>
@@ -38133,9 +40450,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_imaze_port" lineno="27204">
+<interface name="corenet_tcp_bind_monit_port" lineno="51128">
 <summary>
-Bind TCP sockets to the imaze port.
+Bind TCP sockets to the monit port.
 </summary>
 <param name="domain">
 <summary>
@@ -38144,9 +40461,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_imaze_port" lineno="27224">
+<interface name="corenet_udp_bind_monit_port" lineno="51148">
 <summary>
-Bind UDP sockets to the imaze port.
+Bind UDP sockets to the monit port.
 </summary>
 <param name="domain">
 <summary>
@@ -38155,9 +40472,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_imaze_port" lineno="27243">
+<interface name="corenet_tcp_connect_monit_port" lineno="51167">
 <summary>
-Make a TCP connection to the imaze port.
+Make a TCP connection to the monit port.
 </summary>
 <param name="domain">
 <summary>
@@ -38165,9 +40482,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_imaze_client_packets" lineno="27263">
+<interface name="corenet_send_monit_client_packets" lineno="51187">
 <summary>
-Send imaze_client packets.
+Send monit_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38176,9 +40493,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_imaze_client_packets" lineno="27282">
+<interface name="corenet_dontaudit_send_monit_client_packets" lineno="51206">
 <summary>
-Do not audit attempts to send imaze_client packets.
+Do not audit attempts to send monit_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38187,9 +40504,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_imaze_client_packets" lineno="27301">
+<interface name="corenet_receive_monit_client_packets" lineno="51225">
 <summary>
-Receive imaze_client packets.
+Receive monit_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38198,9 +40515,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_imaze_client_packets" lineno="27320">
+<interface name="corenet_dontaudit_receive_monit_client_packets" lineno="51244">
 <summary>
-Do not audit attempts to receive imaze_client packets.
+Do not audit attempts to receive monit_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38209,9 +40526,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_imaze_client_packets" lineno="27339">
+<interface name="corenet_sendrecv_monit_client_packets" lineno="51263">
 <summary>
-Send and receive imaze_client packets.
+Send and receive monit_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38220,9 +40537,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_imaze_client_packets" lineno="27355">
+<interface name="corenet_dontaudit_sendrecv_monit_client_packets" lineno="51279">
 <summary>
-Do not audit attempts to send and receive imaze_client packets.
+Do not audit attempts to send and receive monit_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38231,9 +40548,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_imaze_client_packets" lineno="27370">
+<interface name="corenet_relabelto_monit_client_packets" lineno="51294">
 <summary>
-Relabel packets to imaze_client the packet type.
+Relabel packets to monit_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -38241,9 +40558,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_imaze_server_packets" lineno="27390">
+<interface name="corenet_send_monit_server_packets" lineno="51314">
 <summary>
-Send imaze_server packets.
+Send monit_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38252,9 +40569,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_imaze_server_packets" lineno="27409">
+<interface name="corenet_dontaudit_send_monit_server_packets" lineno="51333">
 <summary>
-Do not audit attempts to send imaze_server packets.
+Do not audit attempts to send monit_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38263,9 +40580,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_imaze_server_packets" lineno="27428">
+<interface name="corenet_receive_monit_server_packets" lineno="51352">
 <summary>
-Receive imaze_server packets.
+Receive monit_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38274,9 +40591,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_imaze_server_packets" lineno="27447">
+<interface name="corenet_dontaudit_receive_monit_server_packets" lineno="51371">
 <summary>
-Do not audit attempts to receive imaze_server packets.
+Do not audit attempts to receive monit_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38285,9 +40602,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_imaze_server_packets" lineno="27466">
+<interface name="corenet_sendrecv_monit_server_packets" lineno="51390">
 <summary>
-Send and receive imaze_server packets.
+Send and receive monit_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38296,9 +40613,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_imaze_server_packets" lineno="27482">
+<interface name="corenet_dontaudit_sendrecv_monit_server_packets" lineno="51406">
 <summary>
-Do not audit attempts to send and receive imaze_server packets.
+Do not audit attempts to send and receive monit_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38307,9 +40624,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_imaze_server_packets" lineno="27497">
+<interface name="corenet_relabelto_monit_server_packets" lineno="51421">
 <summary>
-Relabel packets to imaze_server the packet type.
+Relabel packets to monit_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -38317,9 +40634,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_inetd_child_port" lineno="27519">
+<interface name="corenet_tcp_sendrecv_monopd_port" lineno="51443">
 <summary>
-Send and receive TCP traffic on the inetd_child port.
+Send and receive TCP traffic on the monopd port.
 </summary>
 <param name="domain">
 <summary>
@@ -38328,9 +40645,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_inetd_child_port" lineno="27538">
+<interface name="corenet_udp_send_monopd_port" lineno="51462">
 <summary>
-Send UDP traffic on the inetd_child port.
+Send UDP traffic on the monopd port.
 </summary>
 <param name="domain">
 <summary>
@@ -38339,9 +40656,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_inetd_child_port" lineno="27557">
+<interface name="corenet_dontaudit_udp_send_monopd_port" lineno="51481">
 <summary>
-Do not audit attempts to send UDP traffic on the inetd_child port.
+Do not audit attempts to send UDP traffic on the monopd port.
 </summary>
 <param name="domain">
 <summary>
@@ -38350,9 +40667,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_inetd_child_port" lineno="27576">
+<interface name="corenet_udp_receive_monopd_port" lineno="51500">
 <summary>
-Receive UDP traffic on the inetd_child port.
+Receive UDP traffic on the monopd port.
 </summary>
 <param name="domain">
 <summary>
@@ -38361,9 +40678,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_inetd_child_port" lineno="27595">
+<interface name="corenet_dontaudit_udp_receive_monopd_port" lineno="51519">
 <summary>
-Do not audit attempts to receive UDP traffic on the inetd_child port.
+Do not audit attempts to receive UDP traffic on the monopd port.
 </summary>
 <param name="domain">
 <summary>
@@ -38372,9 +40689,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_inetd_child_port" lineno="27614">
+<interface name="corenet_udp_sendrecv_monopd_port" lineno="51538">
 <summary>
-Send and receive UDP traffic on the inetd_child port.
+Send and receive UDP traffic on the monopd port.
 </summary>
 <param name="domain">
 <summary>
@@ -38383,10 +40700,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_inetd_child_port" lineno="27631">
+<interface name="corenet_dontaudit_udp_sendrecv_monopd_port" lineno="51555">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the inetd_child port.
+UDP traffic on the monopd port.
 </summary>
 <param name="domain">
 <summary>
@@ -38395,9 +40712,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_inetd_child_port" lineno="27647">
+<interface name="corenet_tcp_bind_monopd_port" lineno="51571">
 <summary>
-Bind TCP sockets to the inetd_child port.
+Bind TCP sockets to the monopd port.
 </summary>
 <param name="domain">
 <summary>
@@ -38406,9 +40723,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_inetd_child_port" lineno="27667">
+<interface name="corenet_udp_bind_monopd_port" lineno="51591">
 <summary>
-Bind UDP sockets to the inetd_child port.
+Bind UDP sockets to the monopd port.
 </summary>
 <param name="domain">
 <summary>
@@ -38417,9 +40734,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_inetd_child_port" lineno="27686">
+<interface name="corenet_tcp_connect_monopd_port" lineno="51610">
 <summary>
-Make a TCP connection to the inetd_child port.
+Make a TCP connection to the monopd port.
 </summary>
 <param name="domain">
 <summary>
@@ -38427,9 +40744,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_inetd_child_client_packets" lineno="27706">
+<interface name="corenet_send_monopd_client_packets" lineno="51630">
 <summary>
-Send inetd_child_client packets.
+Send monopd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38438,9 +40755,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_inetd_child_client_packets" lineno="27725">
+<interface name="corenet_dontaudit_send_monopd_client_packets" lineno="51649">
 <summary>
-Do not audit attempts to send inetd_child_client packets.
+Do not audit attempts to send monopd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38449,9 +40766,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_inetd_child_client_packets" lineno="27744">
+<interface name="corenet_receive_monopd_client_packets" lineno="51668">
 <summary>
-Receive inetd_child_client packets.
+Receive monopd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38460,9 +40777,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_inetd_child_client_packets" lineno="27763">
+<interface name="corenet_dontaudit_receive_monopd_client_packets" lineno="51687">
 <summary>
-Do not audit attempts to receive inetd_child_client packets.
+Do not audit attempts to receive monopd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38471,9 +40788,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_inetd_child_client_packets" lineno="27782">
+<interface name="corenet_sendrecv_monopd_client_packets" lineno="51706">
 <summary>
-Send and receive inetd_child_client packets.
+Send and receive monopd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38482,9 +40799,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_inetd_child_client_packets" lineno="27798">
+<interface name="corenet_dontaudit_sendrecv_monopd_client_packets" lineno="51722">
 <summary>
-Do not audit attempts to send and receive inetd_child_client packets.
+Do not audit attempts to send and receive monopd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38493,9 +40810,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_inetd_child_client_packets" lineno="27813">
+<interface name="corenet_relabelto_monopd_client_packets" lineno="51737">
 <summary>
-Relabel packets to inetd_child_client the packet type.
+Relabel packets to monopd_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -38503,9 +40820,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_inetd_child_server_packets" lineno="27833">
+<interface name="corenet_send_monopd_server_packets" lineno="51757">
 <summary>
-Send inetd_child_server packets.
+Send monopd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38514,9 +40831,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_inetd_child_server_packets" lineno="27852">
+<interface name="corenet_dontaudit_send_monopd_server_packets" lineno="51776">
 <summary>
-Do not audit attempts to send inetd_child_server packets.
+Do not audit attempts to send monopd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38525,9 +40842,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_inetd_child_server_packets" lineno="27871">
+<interface name="corenet_receive_monopd_server_packets" lineno="51795">
 <summary>
-Receive inetd_child_server packets.
+Receive monopd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38536,9 +40853,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_inetd_child_server_packets" lineno="27890">
+<interface name="corenet_dontaudit_receive_monopd_server_packets" lineno="51814">
 <summary>
-Do not audit attempts to receive inetd_child_server packets.
+Do not audit attempts to receive monopd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38547,9 +40864,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_inetd_child_server_packets" lineno="27909">
+<interface name="corenet_sendrecv_monopd_server_packets" lineno="51833">
 <summary>
-Send and receive inetd_child_server packets.
+Send and receive monopd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38558,9 +40875,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_inetd_child_server_packets" lineno="27925">
+<interface name="corenet_dontaudit_sendrecv_monopd_server_packets" lineno="51849">
 <summary>
-Do not audit attempts to send and receive inetd_child_server packets.
+Do not audit attempts to send and receive monopd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38569,9 +40886,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_inetd_child_server_packets" lineno="27940">
+<interface name="corenet_relabelto_monopd_server_packets" lineno="51864">
 <summary>
-Relabel packets to inetd_child_server the packet type.
+Relabel packets to monopd_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -38579,9 +40896,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_innd_port" lineno="27962">
+<interface name="corenet_tcp_sendrecv_mountd_port" lineno="51886">
 <summary>
-Send and receive TCP traffic on the innd port.
+Send and receive TCP traffic on the mountd port.
 </summary>
 <param name="domain">
 <summary>
@@ -38590,9 +40907,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_innd_port" lineno="27981">
+<interface name="corenet_udp_send_mountd_port" lineno="51905">
 <summary>
-Send UDP traffic on the innd port.
+Send UDP traffic on the mountd port.
 </summary>
 <param name="domain">
 <summary>
@@ -38601,9 +40918,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_innd_port" lineno="28000">
+<interface name="corenet_dontaudit_udp_send_mountd_port" lineno="51924">
 <summary>
-Do not audit attempts to send UDP traffic on the innd port.
+Do not audit attempts to send UDP traffic on the mountd port.
 </summary>
 <param name="domain">
 <summary>
@@ -38612,9 +40929,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_innd_port" lineno="28019">
+<interface name="corenet_udp_receive_mountd_port" lineno="51943">
 <summary>
-Receive UDP traffic on the innd port.
+Receive UDP traffic on the mountd port.
 </summary>
 <param name="domain">
 <summary>
@@ -38623,9 +40940,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_innd_port" lineno="28038">
+<interface name="corenet_dontaudit_udp_receive_mountd_port" lineno="51962">
 <summary>
-Do not audit attempts to receive UDP traffic on the innd port.
+Do not audit attempts to receive UDP traffic on the mountd port.
 </summary>
 <param name="domain">
 <summary>
@@ -38634,9 +40951,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_innd_port" lineno="28057">
+<interface name="corenet_udp_sendrecv_mountd_port" lineno="51981">
 <summary>
-Send and receive UDP traffic on the innd port.
+Send and receive UDP traffic on the mountd port.
 </summary>
 <param name="domain">
 <summary>
@@ -38645,10 +40962,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_innd_port" lineno="28074">
+<interface name="corenet_dontaudit_udp_sendrecv_mountd_port" lineno="51998">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the innd port.
+UDP traffic on the mountd port.
 </summary>
 <param name="domain">
 <summary>
@@ -38657,9 +40974,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_innd_port" lineno="28090">
+<interface name="corenet_tcp_bind_mountd_port" lineno="52014">
 <summary>
-Bind TCP sockets to the innd port.
+Bind TCP sockets to the mountd port.
 </summary>
 <param name="domain">
 <summary>
@@ -38668,9 +40985,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_innd_port" lineno="28110">
+<interface name="corenet_udp_bind_mountd_port" lineno="52034">
 <summary>
-Bind UDP sockets to the innd port.
+Bind UDP sockets to the mountd port.
 </summary>
 <param name="domain">
 <summary>
@@ -38679,9 +40996,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_innd_port" lineno="28129">
+<interface name="corenet_tcp_connect_mountd_port" lineno="52053">
 <summary>
-Make a TCP connection to the innd port.
+Make a TCP connection to the mountd port.
 </summary>
 <param name="domain">
 <summary>
@@ -38689,9 +41006,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_innd_client_packets" lineno="28149">
+<interface name="corenet_send_mountd_client_packets" lineno="52073">
 <summary>
-Send innd_client packets.
+Send mountd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38700,9 +41017,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_innd_client_packets" lineno="28168">
+<interface name="corenet_dontaudit_send_mountd_client_packets" lineno="52092">
 <summary>
-Do not audit attempts to send innd_client packets.
+Do not audit attempts to send mountd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38711,9 +41028,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_innd_client_packets" lineno="28187">
+<interface name="corenet_receive_mountd_client_packets" lineno="52111">
 <summary>
-Receive innd_client packets.
+Receive mountd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38722,9 +41039,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_innd_client_packets" lineno="28206">
+<interface name="corenet_dontaudit_receive_mountd_client_packets" lineno="52130">
 <summary>
-Do not audit attempts to receive innd_client packets.
+Do not audit attempts to receive mountd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38733,9 +41050,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_innd_client_packets" lineno="28225">
+<interface name="corenet_sendrecv_mountd_client_packets" lineno="52149">
 <summary>
-Send and receive innd_client packets.
+Send and receive mountd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38744,9 +41061,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_innd_client_packets" lineno="28241">
+<interface name="corenet_dontaudit_sendrecv_mountd_client_packets" lineno="52165">
 <summary>
-Do not audit attempts to send and receive innd_client packets.
+Do not audit attempts to send and receive mountd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38755,9 +41072,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_innd_client_packets" lineno="28256">
+<interface name="corenet_relabelto_mountd_client_packets" lineno="52180">
 <summary>
-Relabel packets to innd_client the packet type.
+Relabel packets to mountd_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -38765,9 +41082,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_innd_server_packets" lineno="28276">
+<interface name="corenet_send_mountd_server_packets" lineno="52200">
 <summary>
-Send innd_server packets.
+Send mountd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38776,9 +41093,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_innd_server_packets" lineno="28295">
+<interface name="corenet_dontaudit_send_mountd_server_packets" lineno="52219">
 <summary>
-Do not audit attempts to send innd_server packets.
+Do not audit attempts to send mountd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38787,9 +41104,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_innd_server_packets" lineno="28314">
+<interface name="corenet_receive_mountd_server_packets" lineno="52238">
 <summary>
-Receive innd_server packets.
+Receive mountd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38798,9 +41115,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_innd_server_packets" lineno="28333">
+<interface name="corenet_dontaudit_receive_mountd_server_packets" lineno="52257">
 <summary>
-Do not audit attempts to receive innd_server packets.
+Do not audit attempts to receive mountd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38809,9 +41126,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_innd_server_packets" lineno="28352">
+<interface name="corenet_sendrecv_mountd_server_packets" lineno="52276">
 <summary>
-Send and receive innd_server packets.
+Send and receive mountd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38820,9 +41137,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_innd_server_packets" lineno="28368">
+<interface name="corenet_dontaudit_sendrecv_mountd_server_packets" lineno="52292">
 <summary>
-Do not audit attempts to send and receive innd_server packets.
+Do not audit attempts to send and receive mountd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38831,9 +41148,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_innd_server_packets" lineno="28383">
+<interface name="corenet_relabelto_mountd_server_packets" lineno="52307">
 <summary>
-Relabel packets to innd_server the packet type.
+Relabel packets to mountd_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -38841,9 +41158,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_ipmi_port" lineno="28405">
+<interface name="corenet_tcp_sendrecv_movaz_ssc_port" lineno="52329">
 <summary>
-Send and receive TCP traffic on the ipmi port.
+Send and receive TCP traffic on the movaz_ssc port.
 </summary>
 <param name="domain">
 <summary>
@@ -38852,9 +41169,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_ipmi_port" lineno="28424">
+<interface name="corenet_udp_send_movaz_ssc_port" lineno="52348">
 <summary>
-Send UDP traffic on the ipmi port.
+Send UDP traffic on the movaz_ssc port.
 </summary>
 <param name="domain">
 <summary>
@@ -38863,9 +41180,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_ipmi_port" lineno="28443">
+<interface name="corenet_dontaudit_udp_send_movaz_ssc_port" lineno="52367">
 <summary>
-Do not audit attempts to send UDP traffic on the ipmi port.
+Do not audit attempts to send UDP traffic on the movaz_ssc port.
 </summary>
 <param name="domain">
 <summary>
@@ -38874,9 +41191,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_ipmi_port" lineno="28462">
+<interface name="corenet_udp_receive_movaz_ssc_port" lineno="52386">
 <summary>
-Receive UDP traffic on the ipmi port.
+Receive UDP traffic on the movaz_ssc port.
 </summary>
 <param name="domain">
 <summary>
@@ -38885,9 +41202,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_ipmi_port" lineno="28481">
+<interface name="corenet_dontaudit_udp_receive_movaz_ssc_port" lineno="52405">
 <summary>
-Do not audit attempts to receive UDP traffic on the ipmi port.
+Do not audit attempts to receive UDP traffic on the movaz_ssc port.
 </summary>
 <param name="domain">
 <summary>
@@ -38896,9 +41213,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_ipmi_port" lineno="28500">
+<interface name="corenet_udp_sendrecv_movaz_ssc_port" lineno="52424">
 <summary>
-Send and receive UDP traffic on the ipmi port.
+Send and receive UDP traffic on the movaz_ssc port.
 </summary>
 <param name="domain">
 <summary>
@@ -38907,10 +41224,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_ipmi_port" lineno="28517">
+<interface name="corenet_dontaudit_udp_sendrecv_movaz_ssc_port" lineno="52441">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the ipmi port.
+UDP traffic on the movaz_ssc port.
 </summary>
 <param name="domain">
 <summary>
@@ -38919,9 +41236,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_ipmi_port" lineno="28533">
+<interface name="corenet_tcp_bind_movaz_ssc_port" lineno="52457">
 <summary>
-Bind TCP sockets to the ipmi port.
+Bind TCP sockets to the movaz_ssc port.
 </summary>
 <param name="domain">
 <summary>
@@ -38930,9 +41247,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_ipmi_port" lineno="28553">
+<interface name="corenet_udp_bind_movaz_ssc_port" lineno="52477">
 <summary>
-Bind UDP sockets to the ipmi port.
+Bind UDP sockets to the movaz_ssc port.
 </summary>
 <param name="domain">
 <summary>
@@ -38941,9 +41258,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_ipmi_port" lineno="28572">
+<interface name="corenet_tcp_connect_movaz_ssc_port" lineno="52496">
 <summary>
-Make a TCP connection to the ipmi port.
+Make a TCP connection to the movaz_ssc port.
 </summary>
 <param name="domain">
 <summary>
@@ -38951,9 +41268,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_ipmi_client_packets" lineno="28592">
+<interface name="corenet_send_movaz_ssc_client_packets" lineno="52516">
 <summary>
-Send ipmi_client packets.
+Send movaz_ssc_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38962,9 +41279,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_ipmi_client_packets" lineno="28611">
+<interface name="corenet_dontaudit_send_movaz_ssc_client_packets" lineno="52535">
 <summary>
-Do not audit attempts to send ipmi_client packets.
+Do not audit attempts to send movaz_ssc_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38973,9 +41290,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_ipmi_client_packets" lineno="28630">
+<interface name="corenet_receive_movaz_ssc_client_packets" lineno="52554">
 <summary>
-Receive ipmi_client packets.
+Receive movaz_ssc_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38984,9 +41301,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_ipmi_client_packets" lineno="28649">
+<interface name="corenet_dontaudit_receive_movaz_ssc_client_packets" lineno="52573">
 <summary>
-Do not audit attempts to receive ipmi_client packets.
+Do not audit attempts to receive movaz_ssc_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -38995,9 +41312,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_ipmi_client_packets" lineno="28668">
+<interface name="corenet_sendrecv_movaz_ssc_client_packets" lineno="52592">
 <summary>
-Send and receive ipmi_client packets.
+Send and receive movaz_ssc_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -39006,9 +41323,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_ipmi_client_packets" lineno="28684">
+<interface name="corenet_dontaudit_sendrecv_movaz_ssc_client_packets" lineno="52608">
 <summary>
-Do not audit attempts to send and receive ipmi_client packets.
+Do not audit attempts to send and receive movaz_ssc_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -39017,9 +41334,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_ipmi_client_packets" lineno="28699">
+<interface name="corenet_relabelto_movaz_ssc_client_packets" lineno="52623">
 <summary>
-Relabel packets to ipmi_client the packet type.
+Relabel packets to movaz_ssc_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -39027,9 +41344,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_ipmi_server_packets" lineno="28719">
+<interface name="corenet_send_movaz_ssc_server_packets" lineno="52643">
 <summary>
-Send ipmi_server packets.
+Send movaz_ssc_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -39038,9 +41355,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_ipmi_server_packets" lineno="28738">
+<interface name="corenet_dontaudit_send_movaz_ssc_server_packets" lineno="52662">
 <summary>
-Do not audit attempts to send ipmi_server packets.
+Do not audit attempts to send movaz_ssc_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -39049,9 +41366,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_ipmi_server_packets" lineno="28757">
+<interface name="corenet_receive_movaz_ssc_server_packets" lineno="52681">
 <summary>
-Receive ipmi_server packets.
+Receive movaz_ssc_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -39060,9 +41377,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_ipmi_server_packets" lineno="28776">
+<interface name="corenet_dontaudit_receive_movaz_ssc_server_packets" lineno="52700">
 <summary>
-Do not audit attempts to receive ipmi_server packets.
+Do not audit attempts to receive movaz_ssc_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -39071,9 +41388,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_ipmi_server_packets" lineno="28795">
+<interface name="corenet_sendrecv_movaz_ssc_server_packets" lineno="52719">
 <summary>
-Send and receive ipmi_server packets.
+Send and receive movaz_ssc_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -39082,9 +41399,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_ipmi_server_packets" lineno="28811">
+<interface name="corenet_dontaudit_sendrecv_movaz_ssc_server_packets" lineno="52735">
 <summary>
-Do not audit attempts to send and receive ipmi_server packets.
+Do not audit attempts to send and receive movaz_ssc_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -39093,9 +41410,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_ipmi_server_packets" lineno="28826">
+<interface name="corenet_relabelto_movaz_ssc_server_packets" lineno="52750">
 <summary>
-Relabel packets to ipmi_server the packet type.
+Relabel packets to movaz_ssc_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -39103,9 +41420,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_ipp_port" lineno="28848">
+<interface name="corenet_tcp_sendrecv_mpd_port" lineno="52772">
 <summary>
-Send and receive TCP traffic on the ipp port.
+Send and receive TCP traffic on the mpd port.
 </summary>
 <param name="domain">
 <summary>
@@ -39114,9 +41431,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_ipp_port" lineno="28867">
+<interface name="corenet_udp_send_mpd_port" lineno="52791">
 <summary>
-Send UDP traffic on the ipp port.
+Send UDP traffic on the mpd port.
 </summary>
 <param name="domain">
 <summary>
@@ -39125,9 +41442,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_ipp_port" lineno="28886">
+<interface name="corenet_dontaudit_udp_send_mpd_port" lineno="52810">
 <summary>
-Do not audit attempts to send UDP traffic on the ipp port.
+Do not audit attempts to send UDP traffic on the mpd port.
 </summary>
 <param name="domain">
 <summary>
@@ -39136,9 +41453,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_ipp_port" lineno="28905">
+<interface name="corenet_udp_receive_mpd_port" lineno="52829">
 <summary>
-Receive UDP traffic on the ipp port.
+Receive UDP traffic on the mpd port.
 </summary>
 <param name="domain">
 <summary>
@@ -39147,9 +41464,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_ipp_port" lineno="28924">
+<interface name="corenet_dontaudit_udp_receive_mpd_port" lineno="52848">
 <summary>
-Do not audit attempts to receive UDP traffic on the ipp port.
+Do not audit attempts to receive UDP traffic on the mpd port.
 </summary>
 <param name="domain">
 <summary>
@@ -39158,9 +41475,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_ipp_port" lineno="28943">
+<interface name="corenet_udp_sendrecv_mpd_port" lineno="52867">
 <summary>
-Send and receive UDP traffic on the ipp port.
+Send and receive UDP traffic on the mpd port.
 </summary>
 <param name="domain">
 <summary>
@@ -39169,10 +41486,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_ipp_port" lineno="28960">
+<interface name="corenet_dontaudit_udp_sendrecv_mpd_port" lineno="52884">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the ipp port.
+UDP traffic on the mpd port.
 </summary>
 <param name="domain">
 <summary>
@@ -39181,9 +41498,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_ipp_port" lineno="28976">
+<interface name="corenet_tcp_bind_mpd_port" lineno="52900">
 <summary>
-Bind TCP sockets to the ipp port.
+Bind TCP sockets to the mpd port.
 </summary>
 <param name="domain">
 <summary>
@@ -39192,9 +41509,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_ipp_port" lineno="28996">
+<interface name="corenet_udp_bind_mpd_port" lineno="52920">
 <summary>
-Bind UDP sockets to the ipp port.
+Bind UDP sockets to the mpd port.
 </summary>
 <param name="domain">
 <summary>
@@ -39203,9 +41520,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_ipp_port" lineno="29015">
+<interface name="corenet_tcp_connect_mpd_port" lineno="52939">
 <summary>
-Make a TCP connection to the ipp port.
+Make a TCP connection to the mpd port.
 </summary>
 <param name="domain">
 <summary>
@@ -39213,9 +41530,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_ipp_client_packets" lineno="29035">
+<interface name="corenet_send_mpd_client_packets" lineno="52959">
 <summary>
-Send ipp_client packets.
+Send mpd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -39224,9 +41541,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_ipp_client_packets" lineno="29054">
+<interface name="corenet_dontaudit_send_mpd_client_packets" lineno="52978">
 <summary>
-Do not audit attempts to send ipp_client packets.
+Do not audit attempts to send mpd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -39235,9 +41552,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_ipp_client_packets" lineno="29073">
+<interface name="corenet_receive_mpd_client_packets" lineno="52997">
 <summary>
-Receive ipp_client packets.
+Receive mpd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -39246,9 +41563,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_ipp_client_packets" lineno="29092">
+<interface name="corenet_dontaudit_receive_mpd_client_packets" lineno="53016">
 <summary>
-Do not audit attempts to receive ipp_client packets.
+Do not audit attempts to receive mpd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -39257,9 +41574,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_ipp_client_packets" lineno="29111">
+<interface name="corenet_sendrecv_mpd_client_packets" lineno="53035">
 <summary>
-Send and receive ipp_client packets.
+Send and receive mpd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -39268,9 +41585,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_ipp_client_packets" lineno="29127">
+<interface name="corenet_dontaudit_sendrecv_mpd_client_packets" lineno="53051">
 <summary>
-Do not audit attempts to send and receive ipp_client packets.
+Do not audit attempts to send and receive mpd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -39279,9 +41596,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_ipp_client_packets" lineno="29142">
+<interface name="corenet_relabelto_mpd_client_packets" lineno="53066">
 <summary>
-Relabel packets to ipp_client the packet type.
+Relabel packets to mpd_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -39289,9 +41606,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_ipp_server_packets" lineno="29162">
+<interface name="corenet_send_mpd_server_packets" lineno="53086">
 <summary>
-Send ipp_server packets.
+Send mpd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -39300,9 +41617,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_ipp_server_packets" lineno="29181">
+<interface name="corenet_dontaudit_send_mpd_server_packets" lineno="53105">
 <summary>
-Do not audit attempts to send ipp_server packets.
+Do not audit attempts to send mpd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -39311,9 +41628,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_ipp_server_packets" lineno="29200">
+<interface name="corenet_receive_mpd_server_packets" lineno="53124">
 <summary>
-Receive ipp_server packets.
+Receive mpd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -39322,9 +41639,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_ipp_server_packets" lineno="29219">
+<interface name="corenet_dontaudit_receive_mpd_server_packets" lineno="53143">
 <summary>
-Do not audit attempts to receive ipp_server packets.
+Do not audit attempts to receive mpd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -39333,9 +41650,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_ipp_server_packets" lineno="29238">
+<interface name="corenet_sendrecv_mpd_server_packets" lineno="53162">
 <summary>
-Send and receive ipp_server packets.
+Send and receive mpd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -39344,9 +41661,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_ipp_server_packets" lineno="29254">
+<interface name="corenet_dontaudit_sendrecv_mpd_server_packets" lineno="53178">
 <summary>
-Do not audit attempts to send and receive ipp_server packets.
+Do not audit attempts to send and receive mpd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -39355,9 +41672,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_ipp_server_packets" lineno="29269">
+<interface name="corenet_relabelto_mpd_server_packets" lineno="53193">
 <summary>
-Relabel packets to ipp_server the packet type.
+Relabel packets to mpd_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -39365,9 +41682,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_ipsecnat_port" lineno="29291">
+<interface name="corenet_tcp_sendrecv_msgsrvr_port" lineno="53215">
 <summary>
-Send and receive TCP traffic on the ipsecnat port.
+Send and receive TCP traffic on the msgsrvr port.
 </summary>
 <param name="domain">
 <summary>
@@ -39376,9 +41693,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_ipsecnat_port" lineno="29310">
+<interface name="corenet_udp_send_msgsrvr_port" lineno="53234">
 <summary>
-Send UDP traffic on the ipsecnat port.
+Send UDP traffic on the msgsrvr port.
 </summary>
 <param name="domain">
 <summary>
@@ -39387,9 +41704,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_ipsecnat_port" lineno="29329">
+<interface name="corenet_dontaudit_udp_send_msgsrvr_port" lineno="53253">
 <summary>
-Do not audit attempts to send UDP traffic on the ipsecnat port.
+Do not audit attempts to send UDP traffic on the msgsrvr port.
 </summary>
 <param name="domain">
 <summary>
@@ -39398,9 +41715,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_ipsecnat_port" lineno="29348">
+<interface name="corenet_udp_receive_msgsrvr_port" lineno="53272">
 <summary>
-Receive UDP traffic on the ipsecnat port.
+Receive UDP traffic on the msgsrvr port.
 </summary>
 <param name="domain">
 <summary>
@@ -39409,9 +41726,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_ipsecnat_port" lineno="29367">
+<interface name="corenet_dontaudit_udp_receive_msgsrvr_port" lineno="53291">
 <summary>
-Do not audit attempts to receive UDP traffic on the ipsecnat port.
+Do not audit attempts to receive UDP traffic on the msgsrvr port.
 </summary>
 <param name="domain">
 <summary>
@@ -39420,9 +41737,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_ipsecnat_port" lineno="29386">
+<interface name="corenet_udp_sendrecv_msgsrvr_port" lineno="53310">
 <summary>
-Send and receive UDP traffic on the ipsecnat port.
+Send and receive UDP traffic on the msgsrvr port.
 </summary>
 <param name="domain">
 <summary>
@@ -39431,10 +41748,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_ipsecnat_port" lineno="29403">
+<interface name="corenet_dontaudit_udp_sendrecv_msgsrvr_port" lineno="53327">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the ipsecnat port.
+UDP traffic on the msgsrvr port.
 </summary>
 <param name="domain">
 <summary>
@@ -39443,9 +41760,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_ipsecnat_port" lineno="29419">
+<interface name="corenet_tcp_bind_msgsrvr_port" lineno="53343">
 <summary>
-Bind TCP sockets to the ipsecnat port.
+Bind TCP sockets to the msgsrvr port.
 </summary>
 <param name="domain">
 <summary>
@@ -39454,9 +41771,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_ipsecnat_port" lineno="29439">
+<interface name="corenet_udp_bind_msgsrvr_port" lineno="53363">
 <summary>
-Bind UDP sockets to the ipsecnat port.
+Bind UDP sockets to the msgsrvr port.
 </summary>
 <param name="domain">
 <summary>
@@ -39465,9 +41782,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_ipsecnat_port" lineno="29458">
+<interface name="corenet_tcp_connect_msgsrvr_port" lineno="53382">
 <summary>
-Make a TCP connection to the ipsecnat port.
+Make a TCP connection to the msgsrvr port.
 </summary>
 <param name="domain">
 <summary>
@@ -39475,9 +41792,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_ipsecnat_client_packets" lineno="29478">
+<interface name="corenet_send_msgsrvr_client_packets" lineno="53402">
 <summary>
-Send ipsecnat_client packets.
+Send msgsrvr_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -39486,9 +41803,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_ipsecnat_client_packets" lineno="29497">
+<interface name="corenet_dontaudit_send_msgsrvr_client_packets" lineno="53421">
 <summary>
-Do not audit attempts to send ipsecnat_client packets.
+Do not audit attempts to send msgsrvr_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -39497,9 +41814,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_ipsecnat_client_packets" lineno="29516">
+<interface name="corenet_receive_msgsrvr_client_packets" lineno="53440">
 <summary>
-Receive ipsecnat_client packets.
+Receive msgsrvr_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -39508,9 +41825,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_ipsecnat_client_packets" lineno="29535">
+<interface name="corenet_dontaudit_receive_msgsrvr_client_packets" lineno="53459">
 <summary>
-Do not audit attempts to receive ipsecnat_client packets.
+Do not audit attempts to receive msgsrvr_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -39519,9 +41836,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_ipsecnat_client_packets" lineno="29554">
+<interface name="corenet_sendrecv_msgsrvr_client_packets" lineno="53478">
 <summary>
-Send and receive ipsecnat_client packets.
+Send and receive msgsrvr_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -39530,9 +41847,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_ipsecnat_client_packets" lineno="29570">
+<interface name="corenet_dontaudit_sendrecv_msgsrvr_client_packets" lineno="53494">
 <summary>
-Do not audit attempts to send and receive ipsecnat_client packets.
+Do not audit attempts to send and receive msgsrvr_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -39541,9 +41858,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_ipsecnat_client_packets" lineno="29585">
+<interface name="corenet_relabelto_msgsrvr_client_packets" lineno="53509">
 <summary>
-Relabel packets to ipsecnat_client the packet type.
+Relabel packets to msgsrvr_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -39551,9 +41868,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_ipsecnat_server_packets" lineno="29605">
+<interface name="corenet_send_msgsrvr_server_packets" lineno="53529">
 <summary>
-Send ipsecnat_server packets.
+Send msgsrvr_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -39562,9 +41879,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_ipsecnat_server_packets" lineno="29624">
+<interface name="corenet_dontaudit_send_msgsrvr_server_packets" lineno="53548">
 <summary>
-Do not audit attempts to send ipsecnat_server packets.
+Do not audit attempts to send msgsrvr_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -39573,9 +41890,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_ipsecnat_server_packets" lineno="29643">
+<interface name="corenet_receive_msgsrvr_server_packets" lineno="53567">
 <summary>
-Receive ipsecnat_server packets.
+Receive msgsrvr_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -39584,9 +41901,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_ipsecnat_server_packets" lineno="29662">
+<interface name="corenet_dontaudit_receive_msgsrvr_server_packets" lineno="53586">
 <summary>
-Do not audit attempts to receive ipsecnat_server packets.
+Do not audit attempts to receive msgsrvr_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -39595,9 +41912,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_ipsecnat_server_packets" lineno="29681">
+<interface name="corenet_sendrecv_msgsrvr_server_packets" lineno="53605">
 <summary>
-Send and receive ipsecnat_server packets.
+Send and receive msgsrvr_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -39606,9 +41923,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_ipsecnat_server_packets" lineno="29697">
+<interface name="corenet_dontaudit_sendrecv_msgsrvr_server_packets" lineno="53621">
 <summary>
-Do not audit attempts to send and receive ipsecnat_server packets.
+Do not audit attempts to send and receive msgsrvr_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -39617,9 +41934,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_ipsecnat_server_packets" lineno="29712">
+<interface name="corenet_relabelto_msgsrvr_server_packets" lineno="53636">
 <summary>
-Relabel packets to ipsecnat_server the packet type.
+Relabel packets to msgsrvr_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -39627,9 +41944,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_ircd_port" lineno="29734">
+<interface name="corenet_tcp_sendrecv_msnp_port" lineno="53658">
 <summary>
-Send and receive TCP traffic on the ircd port.
+Send and receive TCP traffic on the msnp port.
 </summary>
 <param name="domain">
 <summary>
@@ -39638,9 +41955,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_ircd_port" lineno="29753">
+<interface name="corenet_udp_send_msnp_port" lineno="53677">
 <summary>
-Send UDP traffic on the ircd port.
+Send UDP traffic on the msnp port.
 </summary>
 <param name="domain">
 <summary>
@@ -39649,9 +41966,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_ircd_port" lineno="29772">
+<interface name="corenet_dontaudit_udp_send_msnp_port" lineno="53696">
 <summary>
-Do not audit attempts to send UDP traffic on the ircd port.
+Do not audit attempts to send UDP traffic on the msnp port.
 </summary>
 <param name="domain">
 <summary>
@@ -39660,9 +41977,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_ircd_port" lineno="29791">
+<interface name="corenet_udp_receive_msnp_port" lineno="53715">
 <summary>
-Receive UDP traffic on the ircd port.
+Receive UDP traffic on the msnp port.
 </summary>
 <param name="domain">
 <summary>
@@ -39671,9 +41988,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_ircd_port" lineno="29810">
+<interface name="corenet_dontaudit_udp_receive_msnp_port" lineno="53734">
 <summary>
-Do not audit attempts to receive UDP traffic on the ircd port.
+Do not audit attempts to receive UDP traffic on the msnp port.
 </summary>
 <param name="domain">
 <summary>
@@ -39682,9 +41999,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_ircd_port" lineno="29829">
+<interface name="corenet_udp_sendrecv_msnp_port" lineno="53753">
 <summary>
-Send and receive UDP traffic on the ircd port.
+Send and receive UDP traffic on the msnp port.
 </summary>
 <param name="domain">
 <summary>
@@ -39693,10 +42010,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_ircd_port" lineno="29846">
+<interface name="corenet_dontaudit_udp_sendrecv_msnp_port" lineno="53770">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the ircd port.
+UDP traffic on the msnp port.
 </summary>
 <param name="domain">
 <summary>
@@ -39705,9 +42022,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_ircd_port" lineno="29862">
+<interface name="corenet_tcp_bind_msnp_port" lineno="53786">
 <summary>
-Bind TCP sockets to the ircd port.
+Bind TCP sockets to the msnp port.
 </summary>
 <param name="domain">
 <summary>
@@ -39716,9 +42033,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_ircd_port" lineno="29882">
+<interface name="corenet_udp_bind_msnp_port" lineno="53806">
 <summary>
-Bind UDP sockets to the ircd port.
+Bind UDP sockets to the msnp port.
 </summary>
 <param name="domain">
 <summary>
@@ -39727,9 +42044,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_ircd_port" lineno="29901">
+<interface name="corenet_tcp_connect_msnp_port" lineno="53825">
 <summary>
-Make a TCP connection to the ircd port.
+Make a TCP connection to the msnp port.
 </summary>
 <param name="domain">
 <summary>
@@ -39737,9 +42054,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_ircd_client_packets" lineno="29921">
+<interface name="corenet_send_msnp_client_packets" lineno="53845">
 <summary>
-Send ircd_client packets.
+Send msnp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -39748,9 +42065,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_ircd_client_packets" lineno="29940">
+<interface name="corenet_dontaudit_send_msnp_client_packets" lineno="53864">
 <summary>
-Do not audit attempts to send ircd_client packets.
+Do not audit attempts to send msnp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -39759,9 +42076,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_ircd_client_packets" lineno="29959">
+<interface name="corenet_receive_msnp_client_packets" lineno="53883">
 <summary>
-Receive ircd_client packets.
+Receive msnp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -39770,9 +42087,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_ircd_client_packets" lineno="29978">
+<interface name="corenet_dontaudit_receive_msnp_client_packets" lineno="53902">
 <summary>
-Do not audit attempts to receive ircd_client packets.
+Do not audit attempts to receive msnp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -39781,9 +42098,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_ircd_client_packets" lineno="29997">
+<interface name="corenet_sendrecv_msnp_client_packets" lineno="53921">
 <summary>
-Send and receive ircd_client packets.
+Send and receive msnp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -39792,9 +42109,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_ircd_client_packets" lineno="30013">
+<interface name="corenet_dontaudit_sendrecv_msnp_client_packets" lineno="53937">
 <summary>
-Do not audit attempts to send and receive ircd_client packets.
+Do not audit attempts to send and receive msnp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -39803,9 +42120,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_ircd_client_packets" lineno="30028">
+<interface name="corenet_relabelto_msnp_client_packets" lineno="53952">
 <summary>
-Relabel packets to ircd_client the packet type.
+Relabel packets to msnp_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -39813,9 +42130,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_ircd_server_packets" lineno="30048">
+<interface name="corenet_send_msnp_server_packets" lineno="53972">
 <summary>
-Send ircd_server packets.
+Send msnp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -39824,9 +42141,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_ircd_server_packets" lineno="30067">
+<interface name="corenet_dontaudit_send_msnp_server_packets" lineno="53991">
 <summary>
-Do not audit attempts to send ircd_server packets.
+Do not audit attempts to send msnp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -39835,9 +42152,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_ircd_server_packets" lineno="30086">
+<interface name="corenet_receive_msnp_server_packets" lineno="54010">
 <summary>
-Receive ircd_server packets.
+Receive msnp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -39846,9 +42163,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_ircd_server_packets" lineno="30105">
+<interface name="corenet_dontaudit_receive_msnp_server_packets" lineno="54029">
 <summary>
-Do not audit attempts to receive ircd_server packets.
+Do not audit attempts to receive msnp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -39857,9 +42174,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_ircd_server_packets" lineno="30124">
+<interface name="corenet_sendrecv_msnp_server_packets" lineno="54048">
 <summary>
-Send and receive ircd_server packets.
+Send and receive msnp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -39868,9 +42185,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_ircd_server_packets" lineno="30140">
+<interface name="corenet_dontaudit_sendrecv_msnp_server_packets" lineno="54064">
 <summary>
-Do not audit attempts to send and receive ircd_server packets.
+Do not audit attempts to send and receive msnp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -39879,9 +42196,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_ircd_server_packets" lineno="30155">
+<interface name="corenet_relabelto_msnp_server_packets" lineno="54079">
 <summary>
-Relabel packets to ircd_server the packet type.
+Relabel packets to msnp_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -39889,9 +42206,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_isakmp_port" lineno="30177">
+<interface name="corenet_tcp_sendrecv_mssql_port" lineno="54101">
 <summary>
-Send and receive TCP traffic on the isakmp port.
+Send and receive TCP traffic on the mssql port.
 </summary>
 <param name="domain">
 <summary>
@@ -39900,9 +42217,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_isakmp_port" lineno="30196">
+<interface name="corenet_udp_send_mssql_port" lineno="54120">
 <summary>
-Send UDP traffic on the isakmp port.
+Send UDP traffic on the mssql port.
 </summary>
 <param name="domain">
 <summary>
@@ -39911,9 +42228,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_isakmp_port" lineno="30215">
+<interface name="corenet_dontaudit_udp_send_mssql_port" lineno="54139">
 <summary>
-Do not audit attempts to send UDP traffic on the isakmp port.
+Do not audit attempts to send UDP traffic on the mssql port.
 </summary>
 <param name="domain">
 <summary>
@@ -39922,9 +42239,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_isakmp_port" lineno="30234">
+<interface name="corenet_udp_receive_mssql_port" lineno="54158">
 <summary>
-Receive UDP traffic on the isakmp port.
+Receive UDP traffic on the mssql port.
 </summary>
 <param name="domain">
 <summary>
@@ -39933,9 +42250,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_isakmp_port" lineno="30253">
+<interface name="corenet_dontaudit_udp_receive_mssql_port" lineno="54177">
 <summary>
-Do not audit attempts to receive UDP traffic on the isakmp port.
+Do not audit attempts to receive UDP traffic on the mssql port.
 </summary>
 <param name="domain">
 <summary>
@@ -39944,9 +42261,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_isakmp_port" lineno="30272">
+<interface name="corenet_udp_sendrecv_mssql_port" lineno="54196">
 <summary>
-Send and receive UDP traffic on the isakmp port.
+Send and receive UDP traffic on the mssql port.
 </summary>
 <param name="domain">
 <summary>
@@ -39955,10 +42272,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_isakmp_port" lineno="30289">
+<interface name="corenet_dontaudit_udp_sendrecv_mssql_port" lineno="54213">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the isakmp port.
+UDP traffic on the mssql port.
 </summary>
 <param name="domain">
 <summary>
@@ -39967,9 +42284,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_isakmp_port" lineno="30305">
+<interface name="corenet_tcp_bind_mssql_port" lineno="54229">
 <summary>
-Bind TCP sockets to the isakmp port.
+Bind TCP sockets to the mssql port.
 </summary>
 <param name="domain">
 <summary>
@@ -39978,9 +42295,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_isakmp_port" lineno="30325">
+<interface name="corenet_udp_bind_mssql_port" lineno="54249">
 <summary>
-Bind UDP sockets to the isakmp port.
+Bind UDP sockets to the mssql port.
 </summary>
 <param name="domain">
 <summary>
@@ -39989,9 +42306,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_isakmp_port" lineno="30344">
+<interface name="corenet_tcp_connect_mssql_port" lineno="54268">
 <summary>
-Make a TCP connection to the isakmp port.
+Make a TCP connection to the mssql port.
 </summary>
 <param name="domain">
 <summary>
@@ -39999,9 +42316,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_isakmp_client_packets" lineno="30364">
+<interface name="corenet_send_mssql_client_packets" lineno="54288">
 <summary>
-Send isakmp_client packets.
+Send mssql_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40010,9 +42327,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_isakmp_client_packets" lineno="30383">
+<interface name="corenet_dontaudit_send_mssql_client_packets" lineno="54307">
 <summary>
-Do not audit attempts to send isakmp_client packets.
+Do not audit attempts to send mssql_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40021,9 +42338,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_isakmp_client_packets" lineno="30402">
+<interface name="corenet_receive_mssql_client_packets" lineno="54326">
 <summary>
-Receive isakmp_client packets.
+Receive mssql_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40032,9 +42349,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_isakmp_client_packets" lineno="30421">
+<interface name="corenet_dontaudit_receive_mssql_client_packets" lineno="54345">
 <summary>
-Do not audit attempts to receive isakmp_client packets.
+Do not audit attempts to receive mssql_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40043,9 +42360,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_isakmp_client_packets" lineno="30440">
+<interface name="corenet_sendrecv_mssql_client_packets" lineno="54364">
 <summary>
-Send and receive isakmp_client packets.
+Send and receive mssql_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40054,9 +42371,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_isakmp_client_packets" lineno="30456">
+<interface name="corenet_dontaudit_sendrecv_mssql_client_packets" lineno="54380">
 <summary>
-Do not audit attempts to send and receive isakmp_client packets.
+Do not audit attempts to send and receive mssql_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40065,9 +42382,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_isakmp_client_packets" lineno="30471">
+<interface name="corenet_relabelto_mssql_client_packets" lineno="54395">
 <summary>
-Relabel packets to isakmp_client the packet type.
+Relabel packets to mssql_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -40075,9 +42392,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_isakmp_server_packets" lineno="30491">
+<interface name="corenet_send_mssql_server_packets" lineno="54415">
 <summary>
-Send isakmp_server packets.
+Send mssql_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40086,9 +42403,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_isakmp_server_packets" lineno="30510">
+<interface name="corenet_dontaudit_send_mssql_server_packets" lineno="54434">
 <summary>
-Do not audit attempts to send isakmp_server packets.
+Do not audit attempts to send mssql_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40097,9 +42414,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_isakmp_server_packets" lineno="30529">
+<interface name="corenet_receive_mssql_server_packets" lineno="54453">
 <summary>
-Receive isakmp_server packets.
+Receive mssql_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40108,9 +42425,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_isakmp_server_packets" lineno="30548">
+<interface name="corenet_dontaudit_receive_mssql_server_packets" lineno="54472">
 <summary>
-Do not audit attempts to receive isakmp_server packets.
+Do not audit attempts to receive mssql_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40119,9 +42436,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_isakmp_server_packets" lineno="30567">
+<interface name="corenet_sendrecv_mssql_server_packets" lineno="54491">
 <summary>
-Send and receive isakmp_server packets.
+Send and receive mssql_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40130,9 +42447,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_isakmp_server_packets" lineno="30583">
+<interface name="corenet_dontaudit_sendrecv_mssql_server_packets" lineno="54507">
 <summary>
-Do not audit attempts to send and receive isakmp_server packets.
+Do not audit attempts to send and receive mssql_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40141,9 +42458,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_isakmp_server_packets" lineno="30598">
+<interface name="corenet_relabelto_mssql_server_packets" lineno="54522">
 <summary>
-Relabel packets to isakmp_server the packet type.
+Relabel packets to mssql_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -40151,9 +42468,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_iscsi_port" lineno="30620">
+<interface name="corenet_tcp_sendrecv_ms_streaming_port" lineno="54544">
 <summary>
-Send and receive TCP traffic on the iscsi port.
+Send and receive TCP traffic on the ms_streaming port.
 </summary>
 <param name="domain">
 <summary>
@@ -40162,9 +42479,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_iscsi_port" lineno="30639">
+<interface name="corenet_udp_send_ms_streaming_port" lineno="54563">
 <summary>
-Send UDP traffic on the iscsi port.
+Send UDP traffic on the ms_streaming port.
 </summary>
 <param name="domain">
 <summary>
@@ -40173,9 +42490,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_iscsi_port" lineno="30658">
+<interface name="corenet_dontaudit_udp_send_ms_streaming_port" lineno="54582">
 <summary>
-Do not audit attempts to send UDP traffic on the iscsi port.
+Do not audit attempts to send UDP traffic on the ms_streaming port.
 </summary>
 <param name="domain">
 <summary>
@@ -40184,9 +42501,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_iscsi_port" lineno="30677">
+<interface name="corenet_udp_receive_ms_streaming_port" lineno="54601">
 <summary>
-Receive UDP traffic on the iscsi port.
+Receive UDP traffic on the ms_streaming port.
 </summary>
 <param name="domain">
 <summary>
@@ -40195,9 +42512,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_iscsi_port" lineno="30696">
+<interface name="corenet_dontaudit_udp_receive_ms_streaming_port" lineno="54620">
 <summary>
-Do not audit attempts to receive UDP traffic on the iscsi port.
+Do not audit attempts to receive UDP traffic on the ms_streaming port.
 </summary>
 <param name="domain">
 <summary>
@@ -40206,9 +42523,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_iscsi_port" lineno="30715">
+<interface name="corenet_udp_sendrecv_ms_streaming_port" lineno="54639">
 <summary>
-Send and receive UDP traffic on the iscsi port.
+Send and receive UDP traffic on the ms_streaming port.
 </summary>
 <param name="domain">
 <summary>
@@ -40217,10 +42534,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_iscsi_port" lineno="30732">
+<interface name="corenet_dontaudit_udp_sendrecv_ms_streaming_port" lineno="54656">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the iscsi port.
+UDP traffic on the ms_streaming port.
 </summary>
 <param name="domain">
 <summary>
@@ -40229,9 +42546,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_iscsi_port" lineno="30748">
+<interface name="corenet_tcp_bind_ms_streaming_port" lineno="54672">
 <summary>
-Bind TCP sockets to the iscsi port.
+Bind TCP sockets to the ms_streaming port.
 </summary>
 <param name="domain">
 <summary>
@@ -40240,9 +42557,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_iscsi_port" lineno="30768">
+<interface name="corenet_udp_bind_ms_streaming_port" lineno="54692">
 <summary>
-Bind UDP sockets to the iscsi port.
+Bind UDP sockets to the ms_streaming port.
 </summary>
 <param name="domain">
 <summary>
@@ -40251,9 +42568,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_iscsi_port" lineno="30787">
+<interface name="corenet_tcp_connect_ms_streaming_port" lineno="54711">
 <summary>
-Make a TCP connection to the iscsi port.
+Make a TCP connection to the ms_streaming port.
 </summary>
 <param name="domain">
 <summary>
@@ -40261,9 +42578,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_iscsi_client_packets" lineno="30807">
+<interface name="corenet_send_ms_streaming_client_packets" lineno="54731">
 <summary>
-Send iscsi_client packets.
+Send ms_streaming_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40272,9 +42589,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_iscsi_client_packets" lineno="30826">
+<interface name="corenet_dontaudit_send_ms_streaming_client_packets" lineno="54750">
 <summary>
-Do not audit attempts to send iscsi_client packets.
+Do not audit attempts to send ms_streaming_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40283,9 +42600,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_iscsi_client_packets" lineno="30845">
+<interface name="corenet_receive_ms_streaming_client_packets" lineno="54769">
 <summary>
-Receive iscsi_client packets.
+Receive ms_streaming_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40294,9 +42611,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_iscsi_client_packets" lineno="30864">
+<interface name="corenet_dontaudit_receive_ms_streaming_client_packets" lineno="54788">
 <summary>
-Do not audit attempts to receive iscsi_client packets.
+Do not audit attempts to receive ms_streaming_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40305,9 +42622,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_iscsi_client_packets" lineno="30883">
+<interface name="corenet_sendrecv_ms_streaming_client_packets" lineno="54807">
 <summary>
-Send and receive iscsi_client packets.
+Send and receive ms_streaming_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40316,9 +42633,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_iscsi_client_packets" lineno="30899">
+<interface name="corenet_dontaudit_sendrecv_ms_streaming_client_packets" lineno="54823">
 <summary>
-Do not audit attempts to send and receive iscsi_client packets.
+Do not audit attempts to send and receive ms_streaming_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40327,9 +42644,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_iscsi_client_packets" lineno="30914">
+<interface name="corenet_relabelto_ms_streaming_client_packets" lineno="54838">
 <summary>
-Relabel packets to iscsi_client the packet type.
+Relabel packets to ms_streaming_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -40337,9 +42654,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_iscsi_server_packets" lineno="30934">
+<interface name="corenet_send_ms_streaming_server_packets" lineno="54858">
 <summary>
-Send iscsi_server packets.
+Send ms_streaming_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40348,9 +42665,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_iscsi_server_packets" lineno="30953">
+<interface name="corenet_dontaudit_send_ms_streaming_server_packets" lineno="54877">
 <summary>
-Do not audit attempts to send iscsi_server packets.
+Do not audit attempts to send ms_streaming_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40359,9 +42676,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_iscsi_server_packets" lineno="30972">
+<interface name="corenet_receive_ms_streaming_server_packets" lineno="54896">
 <summary>
-Receive iscsi_server packets.
+Receive ms_streaming_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40370,9 +42687,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_iscsi_server_packets" lineno="30991">
+<interface name="corenet_dontaudit_receive_ms_streaming_server_packets" lineno="54915">
 <summary>
-Do not audit attempts to receive iscsi_server packets.
+Do not audit attempts to receive ms_streaming_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40381,9 +42698,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_iscsi_server_packets" lineno="31010">
+<interface name="corenet_sendrecv_ms_streaming_server_packets" lineno="54934">
 <summary>
-Send and receive iscsi_server packets.
+Send and receive ms_streaming_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40392,9 +42709,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_iscsi_server_packets" lineno="31026">
+<interface name="corenet_dontaudit_sendrecv_ms_streaming_server_packets" lineno="54950">
 <summary>
-Do not audit attempts to send and receive iscsi_server packets.
+Do not audit attempts to send and receive ms_streaming_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40403,9 +42720,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_iscsi_server_packets" lineno="31041">
+<interface name="corenet_relabelto_ms_streaming_server_packets" lineno="54965">
 <summary>
-Relabel packets to iscsi_server the packet type.
+Relabel packets to ms_streaming_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -40413,9 +42730,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_isns_port" lineno="31063">
+<interface name="corenet_tcp_sendrecv_munin_port" lineno="54987">
 <summary>
-Send and receive TCP traffic on the isns port.
+Send and receive TCP traffic on the munin port.
 </summary>
 <param name="domain">
 <summary>
@@ -40424,9 +42741,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_isns_port" lineno="31082">
+<interface name="corenet_udp_send_munin_port" lineno="55006">
 <summary>
-Send UDP traffic on the isns port.
+Send UDP traffic on the munin port.
 </summary>
 <param name="domain">
 <summary>
@@ -40435,9 +42752,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_isns_port" lineno="31101">
+<interface name="corenet_dontaudit_udp_send_munin_port" lineno="55025">
 <summary>
-Do not audit attempts to send UDP traffic on the isns port.
+Do not audit attempts to send UDP traffic on the munin port.
 </summary>
 <param name="domain">
 <summary>
@@ -40446,9 +42763,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_isns_port" lineno="31120">
+<interface name="corenet_udp_receive_munin_port" lineno="55044">
 <summary>
-Receive UDP traffic on the isns port.
+Receive UDP traffic on the munin port.
 </summary>
 <param name="domain">
 <summary>
@@ -40457,9 +42774,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_isns_port" lineno="31139">
+<interface name="corenet_dontaudit_udp_receive_munin_port" lineno="55063">
 <summary>
-Do not audit attempts to receive UDP traffic on the isns port.
+Do not audit attempts to receive UDP traffic on the munin port.
 </summary>
 <param name="domain">
 <summary>
@@ -40468,9 +42785,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_isns_port" lineno="31158">
+<interface name="corenet_udp_sendrecv_munin_port" lineno="55082">
 <summary>
-Send and receive UDP traffic on the isns port.
+Send and receive UDP traffic on the munin port.
 </summary>
 <param name="domain">
 <summary>
@@ -40479,10 +42796,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_isns_port" lineno="31175">
+<interface name="corenet_dontaudit_udp_sendrecv_munin_port" lineno="55099">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the isns port.
+UDP traffic on the munin port.
 </summary>
 <param name="domain">
 <summary>
@@ -40491,9 +42808,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_isns_port" lineno="31191">
+<interface name="corenet_tcp_bind_munin_port" lineno="55115">
 <summary>
-Bind TCP sockets to the isns port.
+Bind TCP sockets to the munin port.
 </summary>
 <param name="domain">
 <summary>
@@ -40502,9 +42819,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_isns_port" lineno="31211">
+<interface name="corenet_udp_bind_munin_port" lineno="55135">
 <summary>
-Bind UDP sockets to the isns port.
+Bind UDP sockets to the munin port.
 </summary>
 <param name="domain">
 <summary>
@@ -40513,9 +42830,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_isns_port" lineno="31230">
+<interface name="corenet_tcp_connect_munin_port" lineno="55154">
 <summary>
-Make a TCP connection to the isns port.
+Make a TCP connection to the munin port.
 </summary>
 <param name="domain">
 <summary>
@@ -40523,9 +42840,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_isns_client_packets" lineno="31250">
+<interface name="corenet_send_munin_client_packets" lineno="55174">
 <summary>
-Send isns_client packets.
+Send munin_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40534,9 +42851,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_isns_client_packets" lineno="31269">
+<interface name="corenet_dontaudit_send_munin_client_packets" lineno="55193">
 <summary>
-Do not audit attempts to send isns_client packets.
+Do not audit attempts to send munin_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40545,9 +42862,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_isns_client_packets" lineno="31288">
+<interface name="corenet_receive_munin_client_packets" lineno="55212">
 <summary>
-Receive isns_client packets.
+Receive munin_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40556,9 +42873,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_isns_client_packets" lineno="31307">
+<interface name="corenet_dontaudit_receive_munin_client_packets" lineno="55231">
 <summary>
-Do not audit attempts to receive isns_client packets.
+Do not audit attempts to receive munin_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40567,9 +42884,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_isns_client_packets" lineno="31326">
+<interface name="corenet_sendrecv_munin_client_packets" lineno="55250">
 <summary>
-Send and receive isns_client packets.
+Send and receive munin_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40578,9 +42895,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_isns_client_packets" lineno="31342">
+<interface name="corenet_dontaudit_sendrecv_munin_client_packets" lineno="55266">
 <summary>
-Do not audit attempts to send and receive isns_client packets.
+Do not audit attempts to send and receive munin_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40589,9 +42906,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_isns_client_packets" lineno="31357">
+<interface name="corenet_relabelto_munin_client_packets" lineno="55281">
 <summary>
-Relabel packets to isns_client the packet type.
+Relabel packets to munin_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -40599,9 +42916,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_isns_server_packets" lineno="31377">
+<interface name="corenet_send_munin_server_packets" lineno="55301">
 <summary>
-Send isns_server packets.
+Send munin_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40610,9 +42927,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_isns_server_packets" lineno="31396">
+<interface name="corenet_dontaudit_send_munin_server_packets" lineno="55320">
 <summary>
-Do not audit attempts to send isns_server packets.
+Do not audit attempts to send munin_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40621,9 +42938,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_isns_server_packets" lineno="31415">
+<interface name="corenet_receive_munin_server_packets" lineno="55339">
 <summary>
-Receive isns_server packets.
+Receive munin_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40632,9 +42949,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_isns_server_packets" lineno="31434">
+<interface name="corenet_dontaudit_receive_munin_server_packets" lineno="55358">
 <summary>
-Do not audit attempts to receive isns_server packets.
+Do not audit attempts to receive munin_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40643,9 +42960,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_isns_server_packets" lineno="31453">
+<interface name="corenet_sendrecv_munin_server_packets" lineno="55377">
 <summary>
-Send and receive isns_server packets.
+Send and receive munin_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40654,9 +42971,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_isns_server_packets" lineno="31469">
+<interface name="corenet_dontaudit_sendrecv_munin_server_packets" lineno="55393">
 <summary>
-Do not audit attempts to send and receive isns_server packets.
+Do not audit attempts to send and receive munin_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40665,9 +42982,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_isns_server_packets" lineno="31484">
+<interface name="corenet_relabelto_munin_server_packets" lineno="55408">
 <summary>
-Relabel packets to isns_server the packet type.
+Relabel packets to munin_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -40675,9 +42992,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_jabber_client_port" lineno="31506">
+<interface name="corenet_tcp_sendrecv_mxi_port" lineno="55430">
 <summary>
-Send and receive TCP traffic on the jabber_client port.
+Send and receive TCP traffic on the mxi port.
 </summary>
 <param name="domain">
 <summary>
@@ -40686,9 +43003,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_jabber_client_port" lineno="31525">
+<interface name="corenet_udp_send_mxi_port" lineno="55449">
 <summary>
-Send UDP traffic on the jabber_client port.
+Send UDP traffic on the mxi port.
 </summary>
 <param name="domain">
 <summary>
@@ -40697,9 +43014,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_jabber_client_port" lineno="31544">
+<interface name="corenet_dontaudit_udp_send_mxi_port" lineno="55468">
 <summary>
-Do not audit attempts to send UDP traffic on the jabber_client port.
+Do not audit attempts to send UDP traffic on the mxi port.
 </summary>
 <param name="domain">
 <summary>
@@ -40708,9 +43025,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_jabber_client_port" lineno="31563">
+<interface name="corenet_udp_receive_mxi_port" lineno="55487">
 <summary>
-Receive UDP traffic on the jabber_client port.
+Receive UDP traffic on the mxi port.
 </summary>
 <param name="domain">
 <summary>
@@ -40719,9 +43036,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_jabber_client_port" lineno="31582">
+<interface name="corenet_dontaudit_udp_receive_mxi_port" lineno="55506">
 <summary>
-Do not audit attempts to receive UDP traffic on the jabber_client port.
+Do not audit attempts to receive UDP traffic on the mxi port.
 </summary>
 <param name="domain">
 <summary>
@@ -40730,9 +43047,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_jabber_client_port" lineno="31601">
+<interface name="corenet_udp_sendrecv_mxi_port" lineno="55525">
 <summary>
-Send and receive UDP traffic on the jabber_client port.
+Send and receive UDP traffic on the mxi port.
 </summary>
 <param name="domain">
 <summary>
@@ -40741,10 +43058,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_jabber_client_port" lineno="31618">
+<interface name="corenet_dontaudit_udp_sendrecv_mxi_port" lineno="55542">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the jabber_client port.
+UDP traffic on the mxi port.
 </summary>
 <param name="domain">
 <summary>
@@ -40753,9 +43070,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_jabber_client_port" lineno="31634">
+<interface name="corenet_tcp_bind_mxi_port" lineno="55558">
 <summary>
-Bind TCP sockets to the jabber_client port.
+Bind TCP sockets to the mxi port.
 </summary>
 <param name="domain">
 <summary>
@@ -40764,9 +43081,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_jabber_client_port" lineno="31654">
+<interface name="corenet_udp_bind_mxi_port" lineno="55578">
 <summary>
-Bind UDP sockets to the jabber_client port.
+Bind UDP sockets to the mxi port.
 </summary>
 <param name="domain">
 <summary>
@@ -40775,9 +43092,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_jabber_client_port" lineno="31673">
+<interface name="corenet_tcp_connect_mxi_port" lineno="55597">
 <summary>
-Make a TCP connection to the jabber_client port.
+Make a TCP connection to the mxi port.
 </summary>
 <param name="domain">
 <summary>
@@ -40785,9 +43102,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_jabber_client_client_packets" lineno="31693">
+<interface name="corenet_send_mxi_client_packets" lineno="55617">
 <summary>
-Send jabber_client_client packets.
+Send mxi_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40796,9 +43113,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_jabber_client_client_packets" lineno="31712">
+<interface name="corenet_dontaudit_send_mxi_client_packets" lineno="55636">
 <summary>
-Do not audit attempts to send jabber_client_client packets.
+Do not audit attempts to send mxi_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40807,9 +43124,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_jabber_client_client_packets" lineno="31731">
+<interface name="corenet_receive_mxi_client_packets" lineno="55655">
 <summary>
-Receive jabber_client_client packets.
+Receive mxi_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40818,9 +43135,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_jabber_client_client_packets" lineno="31750">
+<interface name="corenet_dontaudit_receive_mxi_client_packets" lineno="55674">
 <summary>
-Do not audit attempts to receive jabber_client_client packets.
+Do not audit attempts to receive mxi_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40829,9 +43146,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_jabber_client_client_packets" lineno="31769">
+<interface name="corenet_sendrecv_mxi_client_packets" lineno="55693">
 <summary>
-Send and receive jabber_client_client packets.
+Send and receive mxi_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40840,9 +43157,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_jabber_client_client_packets" lineno="31785">
+<interface name="corenet_dontaudit_sendrecv_mxi_client_packets" lineno="55709">
 <summary>
-Do not audit attempts to send and receive jabber_client_client packets.
+Do not audit attempts to send and receive mxi_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40851,9 +43168,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_jabber_client_client_packets" lineno="31800">
+<interface name="corenet_relabelto_mxi_client_packets" lineno="55724">
 <summary>
-Relabel packets to jabber_client_client the packet type.
+Relabel packets to mxi_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -40861,9 +43178,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_jabber_client_server_packets" lineno="31820">
+<interface name="corenet_send_mxi_server_packets" lineno="55744">
 <summary>
-Send jabber_client_server packets.
+Send mxi_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40872,9 +43189,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_jabber_client_server_packets" lineno="31839">
+<interface name="corenet_dontaudit_send_mxi_server_packets" lineno="55763">
 <summary>
-Do not audit attempts to send jabber_client_server packets.
+Do not audit attempts to send mxi_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40883,9 +43200,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_jabber_client_server_packets" lineno="31858">
+<interface name="corenet_receive_mxi_server_packets" lineno="55782">
 <summary>
-Receive jabber_client_server packets.
+Receive mxi_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40894,9 +43211,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_jabber_client_server_packets" lineno="31877">
+<interface name="corenet_dontaudit_receive_mxi_server_packets" lineno="55801">
 <summary>
-Do not audit attempts to receive jabber_client_server packets.
+Do not audit attempts to receive mxi_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40905,9 +43222,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_jabber_client_server_packets" lineno="31896">
+<interface name="corenet_sendrecv_mxi_server_packets" lineno="55820">
 <summary>
-Send and receive jabber_client_server packets.
+Send and receive mxi_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40916,9 +43233,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_jabber_client_server_packets" lineno="31912">
+<interface name="corenet_dontaudit_sendrecv_mxi_server_packets" lineno="55836">
 <summary>
-Do not audit attempts to send and receive jabber_client_server packets.
+Do not audit attempts to send and receive mxi_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -40927,9 +43244,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_jabber_client_server_packets" lineno="31927">
+<interface name="corenet_relabelto_mxi_server_packets" lineno="55851">
 <summary>
-Relabel packets to jabber_client_server the packet type.
+Relabel packets to mxi_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -40937,9 +43254,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_jabber_interserver_port" lineno="31949">
+<interface name="corenet_tcp_sendrecv_mysqld_port" lineno="55873">
 <summary>
-Send and receive TCP traffic on the jabber_interserver port.
+Send and receive TCP traffic on the mysqld port.
 </summary>
 <param name="domain">
 <summary>
@@ -40948,9 +43265,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_jabber_interserver_port" lineno="31968">
+<interface name="corenet_udp_send_mysqld_port" lineno="55892">
 <summary>
-Send UDP traffic on the jabber_interserver port.
+Send UDP traffic on the mysqld port.
 </summary>
 <param name="domain">
 <summary>
@@ -40959,9 +43276,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_jabber_interserver_port" lineno="31987">
+<interface name="corenet_dontaudit_udp_send_mysqld_port" lineno="55911">
 <summary>
-Do not audit attempts to send UDP traffic on the jabber_interserver port.
+Do not audit attempts to send UDP traffic on the mysqld port.
 </summary>
 <param name="domain">
 <summary>
@@ -40970,9 +43287,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_jabber_interserver_port" lineno="32006">
+<interface name="corenet_udp_receive_mysqld_port" lineno="55930">
 <summary>
-Receive UDP traffic on the jabber_interserver port.
+Receive UDP traffic on the mysqld port.
 </summary>
 <param name="domain">
 <summary>
@@ -40981,9 +43298,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_jabber_interserver_port" lineno="32025">
+<interface name="corenet_dontaudit_udp_receive_mysqld_port" lineno="55949">
 <summary>
-Do not audit attempts to receive UDP traffic on the jabber_interserver port.
+Do not audit attempts to receive UDP traffic on the mysqld port.
 </summary>
 <param name="domain">
 <summary>
@@ -40992,9 +43309,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_jabber_interserver_port" lineno="32044">
+<interface name="corenet_udp_sendrecv_mysqld_port" lineno="55968">
 <summary>
-Send and receive UDP traffic on the jabber_interserver port.
+Send and receive UDP traffic on the mysqld port.
 </summary>
 <param name="domain">
 <summary>
@@ -41003,10 +43320,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_jabber_interserver_port" lineno="32061">
+<interface name="corenet_dontaudit_udp_sendrecv_mysqld_port" lineno="55985">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the jabber_interserver port.
+UDP traffic on the mysqld port.
 </summary>
 <param name="domain">
 <summary>
@@ -41015,9 +43332,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_jabber_interserver_port" lineno="32077">
+<interface name="corenet_tcp_bind_mysqld_port" lineno="56001">
 <summary>
-Bind TCP sockets to the jabber_interserver port.
+Bind TCP sockets to the mysqld port.
 </summary>
 <param name="domain">
 <summary>
@@ -41026,9 +43343,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_jabber_interserver_port" lineno="32097">
+<interface name="corenet_udp_bind_mysqld_port" lineno="56021">
 <summary>
-Bind UDP sockets to the jabber_interserver port.
+Bind UDP sockets to the mysqld port.
 </summary>
 <param name="domain">
 <summary>
@@ -41037,9 +43354,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_jabber_interserver_port" lineno="32116">
+<interface name="corenet_tcp_connect_mysqld_port" lineno="56040">
 <summary>
-Make a TCP connection to the jabber_interserver port.
+Make a TCP connection to the mysqld port.
 </summary>
 <param name="domain">
 <summary>
@@ -41047,9 +43364,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_jabber_interserver_client_packets" lineno="32136">
+<interface name="corenet_send_mysqld_client_packets" lineno="56060">
 <summary>
-Send jabber_interserver_client packets.
+Send mysqld_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41058,9 +43375,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_jabber_interserver_client_packets" lineno="32155">
+<interface name="corenet_dontaudit_send_mysqld_client_packets" lineno="56079">
 <summary>
-Do not audit attempts to send jabber_interserver_client packets.
+Do not audit attempts to send mysqld_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41069,9 +43386,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_jabber_interserver_client_packets" lineno="32174">
+<interface name="corenet_receive_mysqld_client_packets" lineno="56098">
 <summary>
-Receive jabber_interserver_client packets.
+Receive mysqld_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41080,9 +43397,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_jabber_interserver_client_packets" lineno="32193">
+<interface name="corenet_dontaudit_receive_mysqld_client_packets" lineno="56117">
 <summary>
-Do not audit attempts to receive jabber_interserver_client packets.
+Do not audit attempts to receive mysqld_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41091,9 +43408,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_jabber_interserver_client_packets" lineno="32212">
+<interface name="corenet_sendrecv_mysqld_client_packets" lineno="56136">
 <summary>
-Send and receive jabber_interserver_client packets.
+Send and receive mysqld_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41102,9 +43419,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_jabber_interserver_client_packets" lineno="32228">
+<interface name="corenet_dontaudit_sendrecv_mysqld_client_packets" lineno="56152">
 <summary>
-Do not audit attempts to send and receive jabber_interserver_client packets.
+Do not audit attempts to send and receive mysqld_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41113,9 +43430,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_jabber_interserver_client_packets" lineno="32243">
+<interface name="corenet_relabelto_mysqld_client_packets" lineno="56167">
 <summary>
-Relabel packets to jabber_interserver_client the packet type.
+Relabel packets to mysqld_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -41123,9 +43440,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_jabber_interserver_server_packets" lineno="32263">
+<interface name="corenet_send_mysqld_server_packets" lineno="56187">
 <summary>
-Send jabber_interserver_server packets.
+Send mysqld_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41134,9 +43451,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_jabber_interserver_server_packets" lineno="32282">
+<interface name="corenet_dontaudit_send_mysqld_server_packets" lineno="56206">
 <summary>
-Do not audit attempts to send jabber_interserver_server packets.
+Do not audit attempts to send mysqld_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41145,9 +43462,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_jabber_interserver_server_packets" lineno="32301">
+<interface name="corenet_receive_mysqld_server_packets" lineno="56225">
 <summary>
-Receive jabber_interserver_server packets.
+Receive mysqld_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41156,9 +43473,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_jabber_interserver_server_packets" lineno="32320">
+<interface name="corenet_dontaudit_receive_mysqld_server_packets" lineno="56244">
 <summary>
-Do not audit attempts to receive jabber_interserver_server packets.
+Do not audit attempts to receive mysqld_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41167,9 +43484,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_jabber_interserver_server_packets" lineno="32339">
+<interface name="corenet_sendrecv_mysqld_server_packets" lineno="56263">
 <summary>
-Send and receive jabber_interserver_server packets.
+Send and receive mysqld_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41178,9 +43495,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_jabber_interserver_server_packets" lineno="32355">
+<interface name="corenet_dontaudit_sendrecv_mysqld_server_packets" lineno="56279">
 <summary>
-Do not audit attempts to send and receive jabber_interserver_server packets.
+Do not audit attempts to send and receive mysqld_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41189,9 +43506,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_jabber_interserver_server_packets" lineno="32370">
+<interface name="corenet_relabelto_mysqld_server_packets" lineno="56294">
 <summary>
-Relabel packets to jabber_interserver_server the packet type.
+Relabel packets to mysqld_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -41199,9 +43516,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_kerberos_port" lineno="32392">
+<interface name="corenet_tcp_sendrecv_mysqlmanagerd_port" lineno="56316">
 <summary>
-Send and receive TCP traffic on the kerberos port.
+Send and receive TCP traffic on the mysqlmanagerd port.
 </summary>
 <param name="domain">
 <summary>
@@ -41210,9 +43527,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_kerberos_port" lineno="32411">
+<interface name="corenet_udp_send_mysqlmanagerd_port" lineno="56335">
 <summary>
-Send UDP traffic on the kerberos port.
+Send UDP traffic on the mysqlmanagerd port.
 </summary>
 <param name="domain">
 <summary>
@@ -41221,9 +43538,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_kerberos_port" lineno="32430">
+<interface name="corenet_dontaudit_udp_send_mysqlmanagerd_port" lineno="56354">
 <summary>
-Do not audit attempts to send UDP traffic on the kerberos port.
+Do not audit attempts to send UDP traffic on the mysqlmanagerd port.
 </summary>
 <param name="domain">
 <summary>
@@ -41232,9 +43549,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_kerberos_port" lineno="32449">
+<interface name="corenet_udp_receive_mysqlmanagerd_port" lineno="56373">
 <summary>
-Receive UDP traffic on the kerberos port.
+Receive UDP traffic on the mysqlmanagerd port.
 </summary>
 <param name="domain">
 <summary>
@@ -41243,9 +43560,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_kerberos_port" lineno="32468">
+<interface name="corenet_dontaudit_udp_receive_mysqlmanagerd_port" lineno="56392">
 <summary>
-Do not audit attempts to receive UDP traffic on the kerberos port.
+Do not audit attempts to receive UDP traffic on the mysqlmanagerd port.
 </summary>
 <param name="domain">
 <summary>
@@ -41254,9 +43571,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_kerberos_port" lineno="32487">
+<interface name="corenet_udp_sendrecv_mysqlmanagerd_port" lineno="56411">
 <summary>
-Send and receive UDP traffic on the kerberos port.
+Send and receive UDP traffic on the mysqlmanagerd port.
 </summary>
 <param name="domain">
 <summary>
@@ -41265,10 +43582,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_kerberos_port" lineno="32504">
+<interface name="corenet_dontaudit_udp_sendrecv_mysqlmanagerd_port" lineno="56428">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the kerberos port.
+UDP traffic on the mysqlmanagerd port.
 </summary>
 <param name="domain">
 <summary>
@@ -41277,9 +43594,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_kerberos_port" lineno="32520">
+<interface name="corenet_tcp_bind_mysqlmanagerd_port" lineno="56444">
 <summary>
-Bind TCP sockets to the kerberos port.
+Bind TCP sockets to the mysqlmanagerd port.
 </summary>
 <param name="domain">
 <summary>
@@ -41288,9 +43605,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_kerberos_port" lineno="32540">
+<interface name="corenet_udp_bind_mysqlmanagerd_port" lineno="56464">
 <summary>
-Bind UDP sockets to the kerberos port.
+Bind UDP sockets to the mysqlmanagerd port.
 </summary>
 <param name="domain">
 <summary>
@@ -41299,9 +43616,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_kerberos_port" lineno="32559">
+<interface name="corenet_tcp_connect_mysqlmanagerd_port" lineno="56483">
 <summary>
-Make a TCP connection to the kerberos port.
+Make a TCP connection to the mysqlmanagerd port.
 </summary>
 <param name="domain">
 <summary>
@@ -41309,9 +43626,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_kerberos_client_packets" lineno="32579">
+<interface name="corenet_send_mysqlmanagerd_client_packets" lineno="56503">
 <summary>
-Send kerberos_client packets.
+Send mysqlmanagerd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41320,9 +43637,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_kerberos_client_packets" lineno="32598">
+<interface name="corenet_dontaudit_send_mysqlmanagerd_client_packets" lineno="56522">
 <summary>
-Do not audit attempts to send kerberos_client packets.
+Do not audit attempts to send mysqlmanagerd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41331,9 +43648,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_kerberos_client_packets" lineno="32617">
+<interface name="corenet_receive_mysqlmanagerd_client_packets" lineno="56541">
 <summary>
-Receive kerberos_client packets.
+Receive mysqlmanagerd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41342,9 +43659,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_kerberos_client_packets" lineno="32636">
+<interface name="corenet_dontaudit_receive_mysqlmanagerd_client_packets" lineno="56560">
 <summary>
-Do not audit attempts to receive kerberos_client packets.
+Do not audit attempts to receive mysqlmanagerd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41353,9 +43670,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_kerberos_client_packets" lineno="32655">
+<interface name="corenet_sendrecv_mysqlmanagerd_client_packets" lineno="56579">
 <summary>
-Send and receive kerberos_client packets.
+Send and receive mysqlmanagerd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41364,9 +43681,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_kerberos_client_packets" lineno="32671">
+<interface name="corenet_dontaudit_sendrecv_mysqlmanagerd_client_packets" lineno="56595">
 <summary>
-Do not audit attempts to send and receive kerberos_client packets.
+Do not audit attempts to send and receive mysqlmanagerd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41375,9 +43692,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_kerberos_client_packets" lineno="32686">
+<interface name="corenet_relabelto_mysqlmanagerd_client_packets" lineno="56610">
 <summary>
-Relabel packets to kerberos_client the packet type.
+Relabel packets to mysqlmanagerd_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -41385,9 +43702,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_kerberos_server_packets" lineno="32706">
+<interface name="corenet_send_mysqlmanagerd_server_packets" lineno="56630">
 <summary>
-Send kerberos_server packets.
+Send mysqlmanagerd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41396,9 +43713,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_kerberos_server_packets" lineno="32725">
+<interface name="corenet_dontaudit_send_mysqlmanagerd_server_packets" lineno="56649">
 <summary>
-Do not audit attempts to send kerberos_server packets.
+Do not audit attempts to send mysqlmanagerd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41407,9 +43724,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_kerberos_server_packets" lineno="32744">
+<interface name="corenet_receive_mysqlmanagerd_server_packets" lineno="56668">
 <summary>
-Receive kerberos_server packets.
+Receive mysqlmanagerd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41418,9 +43735,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_kerberos_server_packets" lineno="32763">
+<interface name="corenet_dontaudit_receive_mysqlmanagerd_server_packets" lineno="56687">
 <summary>
-Do not audit attempts to receive kerberos_server packets.
+Do not audit attempts to receive mysqlmanagerd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41429,9 +43746,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_kerberos_server_packets" lineno="32782">
+<interface name="corenet_sendrecv_mysqlmanagerd_server_packets" lineno="56706">
 <summary>
-Send and receive kerberos_server packets.
+Send and receive mysqlmanagerd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41440,9 +43757,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_kerberos_server_packets" lineno="32798">
+<interface name="corenet_dontaudit_sendrecv_mysqlmanagerd_server_packets" lineno="56722">
 <summary>
-Do not audit attempts to send and receive kerberos_server packets.
+Do not audit attempts to send and receive mysqlmanagerd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41451,9 +43768,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_kerberos_server_packets" lineno="32813">
+<interface name="corenet_relabelto_mysqlmanagerd_server_packets" lineno="56737">
 <summary>
-Relabel packets to kerberos_server the packet type.
+Relabel packets to mysqlmanagerd_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -41461,9 +43778,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_kerberos_admin_port" lineno="32835">
+<interface name="corenet_tcp_sendrecv_nessus_port" lineno="56759">
 <summary>
-Send and receive TCP traffic on the kerberos_admin port.
+Send and receive TCP traffic on the nessus port.
 </summary>
 <param name="domain">
 <summary>
@@ -41472,9 +43789,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_kerberos_admin_port" lineno="32854">
+<interface name="corenet_udp_send_nessus_port" lineno="56778">
 <summary>
-Send UDP traffic on the kerberos_admin port.
+Send UDP traffic on the nessus port.
 </summary>
 <param name="domain">
 <summary>
@@ -41483,9 +43800,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_kerberos_admin_port" lineno="32873">
+<interface name="corenet_dontaudit_udp_send_nessus_port" lineno="56797">
 <summary>
-Do not audit attempts to send UDP traffic on the kerberos_admin port.
+Do not audit attempts to send UDP traffic on the nessus port.
 </summary>
 <param name="domain">
 <summary>
@@ -41494,9 +43811,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_kerberos_admin_port" lineno="32892">
+<interface name="corenet_udp_receive_nessus_port" lineno="56816">
 <summary>
-Receive UDP traffic on the kerberos_admin port.
+Receive UDP traffic on the nessus port.
 </summary>
 <param name="domain">
 <summary>
@@ -41505,9 +43822,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_kerberos_admin_port" lineno="32911">
+<interface name="corenet_dontaudit_udp_receive_nessus_port" lineno="56835">
 <summary>
-Do not audit attempts to receive UDP traffic on the kerberos_admin port.
+Do not audit attempts to receive UDP traffic on the nessus port.
 </summary>
 <param name="domain">
 <summary>
@@ -41516,9 +43833,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_kerberos_admin_port" lineno="32930">
+<interface name="corenet_udp_sendrecv_nessus_port" lineno="56854">
 <summary>
-Send and receive UDP traffic on the kerberos_admin port.
+Send and receive UDP traffic on the nessus port.
 </summary>
 <param name="domain">
 <summary>
@@ -41527,10 +43844,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_kerberos_admin_port" lineno="32947">
+<interface name="corenet_dontaudit_udp_sendrecv_nessus_port" lineno="56871">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the kerberos_admin port.
+UDP traffic on the nessus port.
 </summary>
 <param name="domain">
 <summary>
@@ -41539,9 +43856,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_kerberos_admin_port" lineno="32963">
+<interface name="corenet_tcp_bind_nessus_port" lineno="56887">
 <summary>
-Bind TCP sockets to the kerberos_admin port.
+Bind TCP sockets to the nessus port.
 </summary>
 <param name="domain">
 <summary>
@@ -41550,9 +43867,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_kerberos_admin_port" lineno="32983">
+<interface name="corenet_udp_bind_nessus_port" lineno="56907">
 <summary>
-Bind UDP sockets to the kerberos_admin port.
+Bind UDP sockets to the nessus port.
 </summary>
 <param name="domain">
 <summary>
@@ -41561,9 +43878,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_kerberos_admin_port" lineno="33002">
+<interface name="corenet_tcp_connect_nessus_port" lineno="56926">
 <summary>
-Make a TCP connection to the kerberos_admin port.
+Make a TCP connection to the nessus port.
 </summary>
 <param name="domain">
 <summary>
@@ -41571,9 +43888,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_kerberos_admin_client_packets" lineno="33022">
+<interface name="corenet_send_nessus_client_packets" lineno="56946">
 <summary>
-Send kerberos_admin_client packets.
+Send nessus_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41582,9 +43899,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_kerberos_admin_client_packets" lineno="33041">
+<interface name="corenet_dontaudit_send_nessus_client_packets" lineno="56965">
 <summary>
-Do not audit attempts to send kerberos_admin_client packets.
+Do not audit attempts to send nessus_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41593,9 +43910,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_kerberos_admin_client_packets" lineno="33060">
+<interface name="corenet_receive_nessus_client_packets" lineno="56984">
 <summary>
-Receive kerberos_admin_client packets.
+Receive nessus_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41604,9 +43921,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_kerberos_admin_client_packets" lineno="33079">
+<interface name="corenet_dontaudit_receive_nessus_client_packets" lineno="57003">
 <summary>
-Do not audit attempts to receive kerberos_admin_client packets.
+Do not audit attempts to receive nessus_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41615,9 +43932,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_kerberos_admin_client_packets" lineno="33098">
+<interface name="corenet_sendrecv_nessus_client_packets" lineno="57022">
 <summary>
-Send and receive kerberos_admin_client packets.
+Send and receive nessus_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41626,9 +43943,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_kerberos_admin_client_packets" lineno="33114">
+<interface name="corenet_dontaudit_sendrecv_nessus_client_packets" lineno="57038">
 <summary>
-Do not audit attempts to send and receive kerberos_admin_client packets.
+Do not audit attempts to send and receive nessus_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41637,9 +43954,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_kerberos_admin_client_packets" lineno="33129">
+<interface name="corenet_relabelto_nessus_client_packets" lineno="57053">
 <summary>
-Relabel packets to kerberos_admin_client the packet type.
+Relabel packets to nessus_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -41647,9 +43964,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_kerberos_admin_server_packets" lineno="33149">
+<interface name="corenet_send_nessus_server_packets" lineno="57073">
 <summary>
-Send kerberos_admin_server packets.
+Send nessus_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41658,9 +43975,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_kerberos_admin_server_packets" lineno="33168">
+<interface name="corenet_dontaudit_send_nessus_server_packets" lineno="57092">
 <summary>
-Do not audit attempts to send kerberos_admin_server packets.
+Do not audit attempts to send nessus_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41669,9 +43986,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_kerberos_admin_server_packets" lineno="33187">
+<interface name="corenet_receive_nessus_server_packets" lineno="57111">
 <summary>
-Receive kerberos_admin_server packets.
+Receive nessus_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41680,9 +43997,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_kerberos_admin_server_packets" lineno="33206">
+<interface name="corenet_dontaudit_receive_nessus_server_packets" lineno="57130">
 <summary>
-Do not audit attempts to receive kerberos_admin_server packets.
+Do not audit attempts to receive nessus_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41691,9 +44008,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_kerberos_admin_server_packets" lineno="33225">
+<interface name="corenet_sendrecv_nessus_server_packets" lineno="57149">
 <summary>
-Send and receive kerberos_admin_server packets.
+Send and receive nessus_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41702,9 +44019,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_kerberos_admin_server_packets" lineno="33241">
+<interface name="corenet_dontaudit_sendrecv_nessus_server_packets" lineno="57165">
 <summary>
-Do not audit attempts to send and receive kerberos_admin_server packets.
+Do not audit attempts to send and receive nessus_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41713,9 +44030,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_kerberos_admin_server_packets" lineno="33256">
+<interface name="corenet_relabelto_nessus_server_packets" lineno="57180">
 <summary>
-Relabel packets to kerberos_admin_server the packet type.
+Relabel packets to nessus_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -41723,9 +44040,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_kerberos_master_port" lineno="33278">
+<interface name="corenet_tcp_sendrecv_netport_port" lineno="57202">
 <summary>
-Send and receive TCP traffic on the kerberos_master port.
+Send and receive TCP traffic on the netport port.
 </summary>
 <param name="domain">
 <summary>
@@ -41734,9 +44051,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_kerberos_master_port" lineno="33297">
+<interface name="corenet_udp_send_netport_port" lineno="57221">
 <summary>
-Send UDP traffic on the kerberos_master port.
+Send UDP traffic on the netport port.
 </summary>
 <param name="domain">
 <summary>
@@ -41745,9 +44062,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_kerberos_master_port" lineno="33316">
+<interface name="corenet_dontaudit_udp_send_netport_port" lineno="57240">
 <summary>
-Do not audit attempts to send UDP traffic on the kerberos_master port.
+Do not audit attempts to send UDP traffic on the netport port.
 </summary>
 <param name="domain">
 <summary>
@@ -41756,9 +44073,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_kerberos_master_port" lineno="33335">
+<interface name="corenet_udp_receive_netport_port" lineno="57259">
 <summary>
-Receive UDP traffic on the kerberos_master port.
+Receive UDP traffic on the netport port.
 </summary>
 <param name="domain">
 <summary>
@@ -41767,9 +44084,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_kerberos_master_port" lineno="33354">
+<interface name="corenet_dontaudit_udp_receive_netport_port" lineno="57278">
 <summary>
-Do not audit attempts to receive UDP traffic on the kerberos_master port.
+Do not audit attempts to receive UDP traffic on the netport port.
 </summary>
 <param name="domain">
 <summary>
@@ -41778,9 +44095,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_kerberos_master_port" lineno="33373">
+<interface name="corenet_udp_sendrecv_netport_port" lineno="57297">
 <summary>
-Send and receive UDP traffic on the kerberos_master port.
+Send and receive UDP traffic on the netport port.
 </summary>
 <param name="domain">
 <summary>
@@ -41789,10 +44106,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_kerberos_master_port" lineno="33390">
+<interface name="corenet_dontaudit_udp_sendrecv_netport_port" lineno="57314">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the kerberos_master port.
+UDP traffic on the netport port.
 </summary>
 <param name="domain">
 <summary>
@@ -41801,9 +44118,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_kerberos_master_port" lineno="33406">
+<interface name="corenet_tcp_bind_netport_port" lineno="57330">
 <summary>
-Bind TCP sockets to the kerberos_master port.
+Bind TCP sockets to the netport port.
 </summary>
 <param name="domain">
 <summary>
@@ -41812,9 +44129,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_kerberos_master_port" lineno="33426">
+<interface name="corenet_udp_bind_netport_port" lineno="57350">
 <summary>
-Bind UDP sockets to the kerberos_master port.
+Bind UDP sockets to the netport port.
 </summary>
 <param name="domain">
 <summary>
@@ -41823,9 +44140,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_kerberos_master_port" lineno="33445">
+<interface name="corenet_tcp_connect_netport_port" lineno="57369">
 <summary>
-Make a TCP connection to the kerberos_master port.
+Make a TCP connection to the netport port.
 </summary>
 <param name="domain">
 <summary>
@@ -41833,9 +44150,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_kerberos_master_client_packets" lineno="33465">
+<interface name="corenet_send_netport_client_packets" lineno="57389">
 <summary>
-Send kerberos_master_client packets.
+Send netport_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41844,9 +44161,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_kerberos_master_client_packets" lineno="33484">
+<interface name="corenet_dontaudit_send_netport_client_packets" lineno="57408">
 <summary>
-Do not audit attempts to send kerberos_master_client packets.
+Do not audit attempts to send netport_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41855,9 +44172,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_kerberos_master_client_packets" lineno="33503">
+<interface name="corenet_receive_netport_client_packets" lineno="57427">
 <summary>
-Receive kerberos_master_client packets.
+Receive netport_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41866,9 +44183,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_kerberos_master_client_packets" lineno="33522">
+<interface name="corenet_dontaudit_receive_netport_client_packets" lineno="57446">
 <summary>
-Do not audit attempts to receive kerberos_master_client packets.
+Do not audit attempts to receive netport_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41877,9 +44194,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_kerberos_master_client_packets" lineno="33541">
+<interface name="corenet_sendrecv_netport_client_packets" lineno="57465">
 <summary>
-Send and receive kerberos_master_client packets.
+Send and receive netport_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41888,9 +44205,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_kerberos_master_client_packets" lineno="33557">
+<interface name="corenet_dontaudit_sendrecv_netport_client_packets" lineno="57481">
 <summary>
-Do not audit attempts to send and receive kerberos_master_client packets.
+Do not audit attempts to send and receive netport_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41899,9 +44216,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_kerberos_master_client_packets" lineno="33572">
+<interface name="corenet_relabelto_netport_client_packets" lineno="57496">
 <summary>
-Relabel packets to kerberos_master_client the packet type.
+Relabel packets to netport_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -41909,9 +44226,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_kerberos_master_server_packets" lineno="33592">
+<interface name="corenet_send_netport_server_packets" lineno="57516">
 <summary>
-Send kerberos_master_server packets.
+Send netport_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41920,9 +44237,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_kerberos_master_server_packets" lineno="33611">
+<interface name="corenet_dontaudit_send_netport_server_packets" lineno="57535">
 <summary>
-Do not audit attempts to send kerberos_master_server packets.
+Do not audit attempts to send netport_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41931,9 +44248,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_kerberos_master_server_packets" lineno="33630">
+<interface name="corenet_receive_netport_server_packets" lineno="57554">
 <summary>
-Receive kerberos_master_server packets.
+Receive netport_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41942,9 +44259,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_kerberos_master_server_packets" lineno="33649">
+<interface name="corenet_dontaudit_receive_netport_server_packets" lineno="57573">
 <summary>
-Do not audit attempts to receive kerberos_master_server packets.
+Do not audit attempts to receive netport_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41953,9 +44270,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_kerberos_master_server_packets" lineno="33668">
+<interface name="corenet_sendrecv_netport_server_packets" lineno="57592">
 <summary>
-Send and receive kerberos_master_server packets.
+Send and receive netport_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41964,9 +44281,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_kerberos_master_server_packets" lineno="33684">
+<interface name="corenet_dontaudit_sendrecv_netport_server_packets" lineno="57608">
 <summary>
-Do not audit attempts to send and receive kerberos_master_server packets.
+Do not audit attempts to send and receive netport_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -41975,9 +44292,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_kerberos_master_server_packets" lineno="33699">
+<interface name="corenet_relabelto_netport_server_packets" lineno="57623">
 <summary>
-Relabel packets to kerberos_master_server the packet type.
+Relabel packets to netport_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -41985,9 +44302,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_kismet_port" lineno="33721">
+<interface name="corenet_tcp_sendrecv_netsupport_port" lineno="57645">
 <summary>
-Send and receive TCP traffic on the kismet port.
+Send and receive TCP traffic on the netsupport port.
 </summary>
 <param name="domain">
 <summary>
@@ -41996,9 +44313,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_kismet_port" lineno="33740">
+<interface name="corenet_udp_send_netsupport_port" lineno="57664">
 <summary>
-Send UDP traffic on the kismet port.
+Send UDP traffic on the netsupport port.
 </summary>
 <param name="domain">
 <summary>
@@ -42007,9 +44324,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_kismet_port" lineno="33759">
+<interface name="corenet_dontaudit_udp_send_netsupport_port" lineno="57683">
 <summary>
-Do not audit attempts to send UDP traffic on the kismet port.
+Do not audit attempts to send UDP traffic on the netsupport port.
 </summary>
 <param name="domain">
 <summary>
@@ -42018,9 +44335,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_kismet_port" lineno="33778">
+<interface name="corenet_udp_receive_netsupport_port" lineno="57702">
 <summary>
-Receive UDP traffic on the kismet port.
+Receive UDP traffic on the netsupport port.
 </summary>
 <param name="domain">
 <summary>
@@ -42029,9 +44346,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_kismet_port" lineno="33797">
+<interface name="corenet_dontaudit_udp_receive_netsupport_port" lineno="57721">
 <summary>
-Do not audit attempts to receive UDP traffic on the kismet port.
+Do not audit attempts to receive UDP traffic on the netsupport port.
 </summary>
 <param name="domain">
 <summary>
@@ -42040,9 +44357,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_kismet_port" lineno="33816">
+<interface name="corenet_udp_sendrecv_netsupport_port" lineno="57740">
 <summary>
-Send and receive UDP traffic on the kismet port.
+Send and receive UDP traffic on the netsupport port.
 </summary>
 <param name="domain">
 <summary>
@@ -42051,10 +44368,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_kismet_port" lineno="33833">
+<interface name="corenet_dontaudit_udp_sendrecv_netsupport_port" lineno="57757">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the kismet port.
+UDP traffic on the netsupport port.
 </summary>
 <param name="domain">
 <summary>
@@ -42063,9 +44380,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_kismet_port" lineno="33849">
+<interface name="corenet_tcp_bind_netsupport_port" lineno="57773">
 <summary>
-Bind TCP sockets to the kismet port.
+Bind TCP sockets to the netsupport port.
 </summary>
 <param name="domain">
 <summary>
@@ -42074,9 +44391,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_kismet_port" lineno="33869">
+<interface name="corenet_udp_bind_netsupport_port" lineno="57793">
 <summary>
-Bind UDP sockets to the kismet port.
+Bind UDP sockets to the netsupport port.
 </summary>
 <param name="domain">
 <summary>
@@ -42085,9 +44402,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_kismet_port" lineno="33888">
+<interface name="corenet_tcp_connect_netsupport_port" lineno="57812">
 <summary>
-Make a TCP connection to the kismet port.
+Make a TCP connection to the netsupport port.
 </summary>
 <param name="domain">
 <summary>
@@ -42095,9 +44412,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_kismet_client_packets" lineno="33908">
+<interface name="corenet_send_netsupport_client_packets" lineno="57832">
 <summary>
-Send kismet_client packets.
+Send netsupport_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42106,9 +44423,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_kismet_client_packets" lineno="33927">
+<interface name="corenet_dontaudit_send_netsupport_client_packets" lineno="57851">
 <summary>
-Do not audit attempts to send kismet_client packets.
+Do not audit attempts to send netsupport_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42117,9 +44434,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_kismet_client_packets" lineno="33946">
+<interface name="corenet_receive_netsupport_client_packets" lineno="57870">
 <summary>
-Receive kismet_client packets.
+Receive netsupport_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42128,9 +44445,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_kismet_client_packets" lineno="33965">
+<interface name="corenet_dontaudit_receive_netsupport_client_packets" lineno="57889">
 <summary>
-Do not audit attempts to receive kismet_client packets.
+Do not audit attempts to receive netsupport_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42139,9 +44456,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_kismet_client_packets" lineno="33984">
+<interface name="corenet_sendrecv_netsupport_client_packets" lineno="57908">
 <summary>
-Send and receive kismet_client packets.
+Send and receive netsupport_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42150,9 +44467,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_kismet_client_packets" lineno="34000">
+<interface name="corenet_dontaudit_sendrecv_netsupport_client_packets" lineno="57924">
 <summary>
-Do not audit attempts to send and receive kismet_client packets.
+Do not audit attempts to send and receive netsupport_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42161,9 +44478,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_kismet_client_packets" lineno="34015">
+<interface name="corenet_relabelto_netsupport_client_packets" lineno="57939">
 <summary>
-Relabel packets to kismet_client the packet type.
+Relabel packets to netsupport_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -42171,9 +44488,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_kismet_server_packets" lineno="34035">
+<interface name="corenet_send_netsupport_server_packets" lineno="57959">
 <summary>
-Send kismet_server packets.
+Send netsupport_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42182,9 +44499,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_kismet_server_packets" lineno="34054">
+<interface name="corenet_dontaudit_send_netsupport_server_packets" lineno="57978">
 <summary>
-Do not audit attempts to send kismet_server packets.
+Do not audit attempts to send netsupport_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42193,9 +44510,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_kismet_server_packets" lineno="34073">
+<interface name="corenet_receive_netsupport_server_packets" lineno="57997">
 <summary>
-Receive kismet_server packets.
+Receive netsupport_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42204,9 +44521,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_kismet_server_packets" lineno="34092">
+<interface name="corenet_dontaudit_receive_netsupport_server_packets" lineno="58016">
 <summary>
-Do not audit attempts to receive kismet_server packets.
+Do not audit attempts to receive netsupport_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42215,9 +44532,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_kismet_server_packets" lineno="34111">
+<interface name="corenet_sendrecv_netsupport_server_packets" lineno="58035">
 <summary>
-Send and receive kismet_server packets.
+Send and receive netsupport_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42226,9 +44543,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_kismet_server_packets" lineno="34127">
+<interface name="corenet_dontaudit_sendrecv_netsupport_server_packets" lineno="58051">
 <summary>
-Do not audit attempts to send and receive kismet_server packets.
+Do not audit attempts to send and receive netsupport_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42237,9 +44554,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_kismet_server_packets" lineno="34142">
+<interface name="corenet_relabelto_netsupport_server_packets" lineno="58066">
 <summary>
-Relabel packets to kismet_server the packet type.
+Relabel packets to netsupport_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -42247,9 +44564,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_kprop_port" lineno="34164">
+<interface name="corenet_tcp_sendrecv_nfs_port" lineno="58088">
 <summary>
-Send and receive TCP traffic on the kprop port.
+Send and receive TCP traffic on the nfs port.
 </summary>
 <param name="domain">
 <summary>
@@ -42258,9 +44575,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_kprop_port" lineno="34183">
+<interface name="corenet_udp_send_nfs_port" lineno="58107">
 <summary>
-Send UDP traffic on the kprop port.
+Send UDP traffic on the nfs port.
 </summary>
 <param name="domain">
 <summary>
@@ -42269,9 +44586,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_kprop_port" lineno="34202">
+<interface name="corenet_dontaudit_udp_send_nfs_port" lineno="58126">
 <summary>
-Do not audit attempts to send UDP traffic on the kprop port.
+Do not audit attempts to send UDP traffic on the nfs port.
 </summary>
 <param name="domain">
 <summary>
@@ -42280,9 +44597,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_kprop_port" lineno="34221">
+<interface name="corenet_udp_receive_nfs_port" lineno="58145">
 <summary>
-Receive UDP traffic on the kprop port.
+Receive UDP traffic on the nfs port.
 </summary>
 <param name="domain">
 <summary>
@@ -42291,9 +44608,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_kprop_port" lineno="34240">
+<interface name="corenet_dontaudit_udp_receive_nfs_port" lineno="58164">
 <summary>
-Do not audit attempts to receive UDP traffic on the kprop port.
+Do not audit attempts to receive UDP traffic on the nfs port.
 </summary>
 <param name="domain">
 <summary>
@@ -42302,9 +44619,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_kprop_port" lineno="34259">
+<interface name="corenet_udp_sendrecv_nfs_port" lineno="58183">
 <summary>
-Send and receive UDP traffic on the kprop port.
+Send and receive UDP traffic on the nfs port.
 </summary>
 <param name="domain">
 <summary>
@@ -42313,10 +44630,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_kprop_port" lineno="34276">
+<interface name="corenet_dontaudit_udp_sendrecv_nfs_port" lineno="58200">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the kprop port.
+UDP traffic on the nfs port.
 </summary>
 <param name="domain">
 <summary>
@@ -42325,9 +44642,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_kprop_port" lineno="34292">
+<interface name="corenet_tcp_bind_nfs_port" lineno="58216">
 <summary>
-Bind TCP sockets to the kprop port.
+Bind TCP sockets to the nfs port.
 </summary>
 <param name="domain">
 <summary>
@@ -42336,9 +44653,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_kprop_port" lineno="34312">
+<interface name="corenet_udp_bind_nfs_port" lineno="58236">
 <summary>
-Bind UDP sockets to the kprop port.
+Bind UDP sockets to the nfs port.
 </summary>
 <param name="domain">
 <summary>
@@ -42347,9 +44664,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_kprop_port" lineno="34331">
+<interface name="corenet_tcp_connect_nfs_port" lineno="58255">
 <summary>
-Make a TCP connection to the kprop port.
+Make a TCP connection to the nfs port.
 </summary>
 <param name="domain">
 <summary>
@@ -42357,9 +44674,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_kprop_client_packets" lineno="34351">
+<interface name="corenet_send_nfs_client_packets" lineno="58275">
 <summary>
-Send kprop_client packets.
+Send nfs_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42368,9 +44685,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_kprop_client_packets" lineno="34370">
+<interface name="corenet_dontaudit_send_nfs_client_packets" lineno="58294">
 <summary>
-Do not audit attempts to send kprop_client packets.
+Do not audit attempts to send nfs_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42379,9 +44696,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_kprop_client_packets" lineno="34389">
+<interface name="corenet_receive_nfs_client_packets" lineno="58313">
 <summary>
-Receive kprop_client packets.
+Receive nfs_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42390,9 +44707,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_kprop_client_packets" lineno="34408">
+<interface name="corenet_dontaudit_receive_nfs_client_packets" lineno="58332">
 <summary>
-Do not audit attempts to receive kprop_client packets.
+Do not audit attempts to receive nfs_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42401,9 +44718,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_kprop_client_packets" lineno="34427">
+<interface name="corenet_sendrecv_nfs_client_packets" lineno="58351">
 <summary>
-Send and receive kprop_client packets.
+Send and receive nfs_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42412,9 +44729,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_kprop_client_packets" lineno="34443">
+<interface name="corenet_dontaudit_sendrecv_nfs_client_packets" lineno="58367">
 <summary>
-Do not audit attempts to send and receive kprop_client packets.
+Do not audit attempts to send and receive nfs_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42423,9 +44740,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_kprop_client_packets" lineno="34458">
+<interface name="corenet_relabelto_nfs_client_packets" lineno="58382">
 <summary>
-Relabel packets to kprop_client the packet type.
+Relabel packets to nfs_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -42433,9 +44750,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_kprop_server_packets" lineno="34478">
+<interface name="corenet_send_nfs_server_packets" lineno="58402">
 <summary>
-Send kprop_server packets.
+Send nfs_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42444,9 +44761,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_kprop_server_packets" lineno="34497">
+<interface name="corenet_dontaudit_send_nfs_server_packets" lineno="58421">
 <summary>
-Do not audit attempts to send kprop_server packets.
+Do not audit attempts to send nfs_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42455,9 +44772,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_kprop_server_packets" lineno="34516">
+<interface name="corenet_receive_nfs_server_packets" lineno="58440">
 <summary>
-Receive kprop_server packets.
+Receive nfs_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42466,9 +44783,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_kprop_server_packets" lineno="34535">
+<interface name="corenet_dontaudit_receive_nfs_server_packets" lineno="58459">
 <summary>
-Do not audit attempts to receive kprop_server packets.
+Do not audit attempts to receive nfs_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42477,9 +44794,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_kprop_server_packets" lineno="34554">
+<interface name="corenet_sendrecv_nfs_server_packets" lineno="58478">
 <summary>
-Send and receive kprop_server packets.
+Send and receive nfs_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42488,9 +44805,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_kprop_server_packets" lineno="34570">
+<interface name="corenet_dontaudit_sendrecv_nfs_server_packets" lineno="58494">
 <summary>
-Do not audit attempts to send and receive kprop_server packets.
+Do not audit attempts to send and receive nfs_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42499,9 +44816,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_kprop_server_packets" lineno="34585">
+<interface name="corenet_relabelto_nfs_server_packets" lineno="58509">
 <summary>
-Relabel packets to kprop_server the packet type.
+Relabel packets to nfs_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -42509,9 +44826,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_ktalkd_port" lineno="34607">
+<interface name="corenet_tcp_sendrecv_nfsrdma_port" lineno="58531">
 <summary>
-Send and receive TCP traffic on the ktalkd port.
+Send and receive TCP traffic on the nfsrdma port.
 </summary>
 <param name="domain">
 <summary>
@@ -42520,9 +44837,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_ktalkd_port" lineno="34626">
+<interface name="corenet_udp_send_nfsrdma_port" lineno="58550">
 <summary>
-Send UDP traffic on the ktalkd port.
+Send UDP traffic on the nfsrdma port.
 </summary>
 <param name="domain">
 <summary>
@@ -42531,9 +44848,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_ktalkd_port" lineno="34645">
+<interface name="corenet_dontaudit_udp_send_nfsrdma_port" lineno="58569">
 <summary>
-Do not audit attempts to send UDP traffic on the ktalkd port.
+Do not audit attempts to send UDP traffic on the nfsrdma port.
 </summary>
 <param name="domain">
 <summary>
@@ -42542,9 +44859,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_ktalkd_port" lineno="34664">
+<interface name="corenet_udp_receive_nfsrdma_port" lineno="58588">
 <summary>
-Receive UDP traffic on the ktalkd port.
+Receive UDP traffic on the nfsrdma port.
 </summary>
 <param name="domain">
 <summary>
@@ -42553,9 +44870,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_ktalkd_port" lineno="34683">
+<interface name="corenet_dontaudit_udp_receive_nfsrdma_port" lineno="58607">
 <summary>
-Do not audit attempts to receive UDP traffic on the ktalkd port.
+Do not audit attempts to receive UDP traffic on the nfsrdma port.
 </summary>
 <param name="domain">
 <summary>
@@ -42564,9 +44881,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_ktalkd_port" lineno="34702">
+<interface name="corenet_udp_sendrecv_nfsrdma_port" lineno="58626">
 <summary>
-Send and receive UDP traffic on the ktalkd port.
+Send and receive UDP traffic on the nfsrdma port.
 </summary>
 <param name="domain">
 <summary>
@@ -42575,10 +44892,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_ktalkd_port" lineno="34719">
+<interface name="corenet_dontaudit_udp_sendrecv_nfsrdma_port" lineno="58643">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the ktalkd port.
+UDP traffic on the nfsrdma port.
 </summary>
 <param name="domain">
 <summary>
@@ -42587,9 +44904,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_ktalkd_port" lineno="34735">
+<interface name="corenet_tcp_bind_nfsrdma_port" lineno="58659">
 <summary>
-Bind TCP sockets to the ktalkd port.
+Bind TCP sockets to the nfsrdma port.
 </summary>
 <param name="domain">
 <summary>
@@ -42598,9 +44915,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_ktalkd_port" lineno="34755">
+<interface name="corenet_udp_bind_nfsrdma_port" lineno="58679">
 <summary>
-Bind UDP sockets to the ktalkd port.
+Bind UDP sockets to the nfsrdma port.
 </summary>
 <param name="domain">
 <summary>
@@ -42609,9 +44926,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_ktalkd_port" lineno="34774">
+<interface name="corenet_tcp_connect_nfsrdma_port" lineno="58698">
 <summary>
-Make a TCP connection to the ktalkd port.
+Make a TCP connection to the nfsrdma port.
 </summary>
 <param name="domain">
 <summary>
@@ -42619,9 +44936,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_ktalkd_client_packets" lineno="34794">
+<interface name="corenet_send_nfsrdma_client_packets" lineno="58718">
 <summary>
-Send ktalkd_client packets.
+Send nfsrdma_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42630,9 +44947,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_ktalkd_client_packets" lineno="34813">
+<interface name="corenet_dontaudit_send_nfsrdma_client_packets" lineno="58737">
 <summary>
-Do not audit attempts to send ktalkd_client packets.
+Do not audit attempts to send nfsrdma_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42641,9 +44958,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_ktalkd_client_packets" lineno="34832">
+<interface name="corenet_receive_nfsrdma_client_packets" lineno="58756">
 <summary>
-Receive ktalkd_client packets.
+Receive nfsrdma_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42652,9 +44969,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_ktalkd_client_packets" lineno="34851">
+<interface name="corenet_dontaudit_receive_nfsrdma_client_packets" lineno="58775">
 <summary>
-Do not audit attempts to receive ktalkd_client packets.
+Do not audit attempts to receive nfsrdma_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42663,9 +44980,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_ktalkd_client_packets" lineno="34870">
+<interface name="corenet_sendrecv_nfsrdma_client_packets" lineno="58794">
 <summary>
-Send and receive ktalkd_client packets.
+Send and receive nfsrdma_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42674,9 +44991,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_ktalkd_client_packets" lineno="34886">
+<interface name="corenet_dontaudit_sendrecv_nfsrdma_client_packets" lineno="58810">
 <summary>
-Do not audit attempts to send and receive ktalkd_client packets.
+Do not audit attempts to send and receive nfsrdma_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42685,9 +45002,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_ktalkd_client_packets" lineno="34901">
+<interface name="corenet_relabelto_nfsrdma_client_packets" lineno="58825">
 <summary>
-Relabel packets to ktalkd_client the packet type.
+Relabel packets to nfsrdma_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -42695,9 +45012,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_ktalkd_server_packets" lineno="34921">
+<interface name="corenet_send_nfsrdma_server_packets" lineno="58845">
 <summary>
-Send ktalkd_server packets.
+Send nfsrdma_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42706,9 +45023,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_ktalkd_server_packets" lineno="34940">
+<interface name="corenet_dontaudit_send_nfsrdma_server_packets" lineno="58864">
 <summary>
-Do not audit attempts to send ktalkd_server packets.
+Do not audit attempts to send nfsrdma_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42717,9 +45034,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_ktalkd_server_packets" lineno="34959">
+<interface name="corenet_receive_nfsrdma_server_packets" lineno="58883">
 <summary>
-Receive ktalkd_server packets.
+Receive nfsrdma_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42728,9 +45045,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_ktalkd_server_packets" lineno="34978">
+<interface name="corenet_dontaudit_receive_nfsrdma_server_packets" lineno="58902">
 <summary>
-Do not audit attempts to receive ktalkd_server packets.
+Do not audit attempts to receive nfsrdma_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42739,9 +45056,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_ktalkd_server_packets" lineno="34997">
+<interface name="corenet_sendrecv_nfsrdma_server_packets" lineno="58921">
 <summary>
-Send and receive ktalkd_server packets.
+Send and receive nfsrdma_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42750,9 +45067,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_ktalkd_server_packets" lineno="35013">
+<interface name="corenet_dontaudit_sendrecv_nfsrdma_server_packets" lineno="58937">
 <summary>
-Do not audit attempts to send and receive ktalkd_server packets.
+Do not audit attempts to send and receive nfsrdma_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42761,9 +45078,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_ktalkd_server_packets" lineno="35028">
+<interface name="corenet_relabelto_nfsrdma_server_packets" lineno="58952">
 <summary>
-Relabel packets to ktalkd_server the packet type.
+Relabel packets to nfsrdma_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -42771,9 +45088,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_ldap_port" lineno="35050">
+<interface name="corenet_tcp_sendrecv_nmbd_port" lineno="58974">
 <summary>
-Send and receive TCP traffic on the ldap port.
+Send and receive TCP traffic on the nmbd port.
 </summary>
 <param name="domain">
 <summary>
@@ -42782,9 +45099,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_ldap_port" lineno="35069">
+<interface name="corenet_udp_send_nmbd_port" lineno="58993">
 <summary>
-Send UDP traffic on the ldap port.
+Send UDP traffic on the nmbd port.
 </summary>
 <param name="domain">
 <summary>
@@ -42793,9 +45110,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_ldap_port" lineno="35088">
+<interface name="corenet_dontaudit_udp_send_nmbd_port" lineno="59012">
 <summary>
-Do not audit attempts to send UDP traffic on the ldap port.
+Do not audit attempts to send UDP traffic on the nmbd port.
 </summary>
 <param name="domain">
 <summary>
@@ -42804,9 +45121,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_ldap_port" lineno="35107">
+<interface name="corenet_udp_receive_nmbd_port" lineno="59031">
 <summary>
-Receive UDP traffic on the ldap port.
+Receive UDP traffic on the nmbd port.
 </summary>
 <param name="domain">
 <summary>
@@ -42815,9 +45132,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_ldap_port" lineno="35126">
+<interface name="corenet_dontaudit_udp_receive_nmbd_port" lineno="59050">
 <summary>
-Do not audit attempts to receive UDP traffic on the ldap port.
+Do not audit attempts to receive UDP traffic on the nmbd port.
 </summary>
 <param name="domain">
 <summary>
@@ -42826,9 +45143,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_ldap_port" lineno="35145">
+<interface name="corenet_udp_sendrecv_nmbd_port" lineno="59069">
 <summary>
-Send and receive UDP traffic on the ldap port.
+Send and receive UDP traffic on the nmbd port.
 </summary>
 <param name="domain">
 <summary>
@@ -42837,10 +45154,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_ldap_port" lineno="35162">
+<interface name="corenet_dontaudit_udp_sendrecv_nmbd_port" lineno="59086">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the ldap port.
+UDP traffic on the nmbd port.
 </summary>
 <param name="domain">
 <summary>
@@ -42849,9 +45166,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_ldap_port" lineno="35178">
+<interface name="corenet_tcp_bind_nmbd_port" lineno="59102">
 <summary>
-Bind TCP sockets to the ldap port.
+Bind TCP sockets to the nmbd port.
 </summary>
 <param name="domain">
 <summary>
@@ -42860,9 +45177,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_ldap_port" lineno="35198">
+<interface name="corenet_udp_bind_nmbd_port" lineno="59122">
 <summary>
-Bind UDP sockets to the ldap port.
+Bind UDP sockets to the nmbd port.
 </summary>
 <param name="domain">
 <summary>
@@ -42871,9 +45188,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_ldap_port" lineno="35217">
+<interface name="corenet_tcp_connect_nmbd_port" lineno="59141">
 <summary>
-Make a TCP connection to the ldap port.
+Make a TCP connection to the nmbd port.
 </summary>
 <param name="domain">
 <summary>
@@ -42881,9 +45198,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_ldap_client_packets" lineno="35237">
+<interface name="corenet_send_nmbd_client_packets" lineno="59161">
 <summary>
-Send ldap_client packets.
+Send nmbd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42892,9 +45209,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_ldap_client_packets" lineno="35256">
+<interface name="corenet_dontaudit_send_nmbd_client_packets" lineno="59180">
 <summary>
-Do not audit attempts to send ldap_client packets.
+Do not audit attempts to send nmbd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42903,9 +45220,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_ldap_client_packets" lineno="35275">
+<interface name="corenet_receive_nmbd_client_packets" lineno="59199">
 <summary>
-Receive ldap_client packets.
+Receive nmbd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42914,9 +45231,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_ldap_client_packets" lineno="35294">
+<interface name="corenet_dontaudit_receive_nmbd_client_packets" lineno="59218">
 <summary>
-Do not audit attempts to receive ldap_client packets.
+Do not audit attempts to receive nmbd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42925,9 +45242,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_ldap_client_packets" lineno="35313">
+<interface name="corenet_sendrecv_nmbd_client_packets" lineno="59237">
 <summary>
-Send and receive ldap_client packets.
+Send and receive nmbd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42936,9 +45253,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_ldap_client_packets" lineno="35329">
+<interface name="corenet_dontaudit_sendrecv_nmbd_client_packets" lineno="59253">
 <summary>
-Do not audit attempts to send and receive ldap_client packets.
+Do not audit attempts to send and receive nmbd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42947,9 +45264,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_ldap_client_packets" lineno="35344">
+<interface name="corenet_relabelto_nmbd_client_packets" lineno="59268">
 <summary>
-Relabel packets to ldap_client the packet type.
+Relabel packets to nmbd_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -42957,9 +45274,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_ldap_server_packets" lineno="35364">
+<interface name="corenet_send_nmbd_server_packets" lineno="59288">
 <summary>
-Send ldap_server packets.
+Send nmbd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42968,9 +45285,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_ldap_server_packets" lineno="35383">
+<interface name="corenet_dontaudit_send_nmbd_server_packets" lineno="59307">
 <summary>
-Do not audit attempts to send ldap_server packets.
+Do not audit attempts to send nmbd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42979,9 +45296,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_ldap_server_packets" lineno="35402">
+<interface name="corenet_receive_nmbd_server_packets" lineno="59326">
 <summary>
-Receive ldap_server packets.
+Receive nmbd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -42990,9 +45307,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_ldap_server_packets" lineno="35421">
+<interface name="corenet_dontaudit_receive_nmbd_server_packets" lineno="59345">
 <summary>
-Do not audit attempts to receive ldap_server packets.
+Do not audit attempts to receive nmbd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43001,9 +45318,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_ldap_server_packets" lineno="35440">
+<interface name="corenet_sendrecv_nmbd_server_packets" lineno="59364">
 <summary>
-Send and receive ldap_server packets.
+Send and receive nmbd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43012,9 +45329,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_ldap_server_packets" lineno="35456">
+<interface name="corenet_dontaudit_sendrecv_nmbd_server_packets" lineno="59380">
 <summary>
-Do not audit attempts to send and receive ldap_server packets.
+Do not audit attempts to send and receive nmbd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43023,9 +45340,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_ldap_server_packets" lineno="35471">
+<interface name="corenet_relabelto_nmbd_server_packets" lineno="59395">
 <summary>
-Relabel packets to ldap_server the packet type.
+Relabel packets to nmbd_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -43033,9 +45350,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_lirc_port" lineno="35493">
+<interface name="corenet_tcp_sendrecv_ntop_port" lineno="59417">
 <summary>
-Send and receive TCP traffic on the lirc port.
+Send and receive TCP traffic on the ntop port.
 </summary>
 <param name="domain">
 <summary>
@@ -43044,9 +45361,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_lirc_port" lineno="35512">
+<interface name="corenet_udp_send_ntop_port" lineno="59436">
 <summary>
-Send UDP traffic on the lirc port.
+Send UDP traffic on the ntop port.
 </summary>
 <param name="domain">
 <summary>
@@ -43055,9 +45372,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_lirc_port" lineno="35531">
+<interface name="corenet_dontaudit_udp_send_ntop_port" lineno="59455">
 <summary>
-Do not audit attempts to send UDP traffic on the lirc port.
+Do not audit attempts to send UDP traffic on the ntop port.
 </summary>
 <param name="domain">
 <summary>
@@ -43066,9 +45383,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_lirc_port" lineno="35550">
+<interface name="corenet_udp_receive_ntop_port" lineno="59474">
 <summary>
-Receive UDP traffic on the lirc port.
+Receive UDP traffic on the ntop port.
 </summary>
 <param name="domain">
 <summary>
@@ -43077,9 +45394,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_lirc_port" lineno="35569">
+<interface name="corenet_dontaudit_udp_receive_ntop_port" lineno="59493">
 <summary>
-Do not audit attempts to receive UDP traffic on the lirc port.
+Do not audit attempts to receive UDP traffic on the ntop port.
 </summary>
 <param name="domain">
 <summary>
@@ -43088,9 +45405,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_lirc_port" lineno="35588">
+<interface name="corenet_udp_sendrecv_ntop_port" lineno="59512">
 <summary>
-Send and receive UDP traffic on the lirc port.
+Send and receive UDP traffic on the ntop port.
 </summary>
 <param name="domain">
 <summary>
@@ -43099,10 +45416,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_lirc_port" lineno="35605">
+<interface name="corenet_dontaudit_udp_sendrecv_ntop_port" lineno="59529">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the lirc port.
+UDP traffic on the ntop port.
 </summary>
 <param name="domain">
 <summary>
@@ -43111,9 +45428,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_lirc_port" lineno="35621">
+<interface name="corenet_tcp_bind_ntop_port" lineno="59545">
 <summary>
-Bind TCP sockets to the lirc port.
+Bind TCP sockets to the ntop port.
 </summary>
 <param name="domain">
 <summary>
@@ -43122,9 +45439,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_lirc_port" lineno="35641">
+<interface name="corenet_udp_bind_ntop_port" lineno="59565">
 <summary>
-Bind UDP sockets to the lirc port.
+Bind UDP sockets to the ntop port.
 </summary>
 <param name="domain">
 <summary>
@@ -43133,9 +45450,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_lirc_port" lineno="35660">
+<interface name="corenet_tcp_connect_ntop_port" lineno="59584">
 <summary>
-Make a TCP connection to the lirc port.
+Make a TCP connection to the ntop port.
 </summary>
 <param name="domain">
 <summary>
@@ -43143,9 +45460,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_lirc_client_packets" lineno="35680">
+<interface name="corenet_send_ntop_client_packets" lineno="59604">
 <summary>
-Send lirc_client packets.
+Send ntop_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43154,9 +45471,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_lirc_client_packets" lineno="35699">
+<interface name="corenet_dontaudit_send_ntop_client_packets" lineno="59623">
 <summary>
-Do not audit attempts to send lirc_client packets.
+Do not audit attempts to send ntop_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43165,9 +45482,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_lirc_client_packets" lineno="35718">
+<interface name="corenet_receive_ntop_client_packets" lineno="59642">
 <summary>
-Receive lirc_client packets.
+Receive ntop_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43176,9 +45493,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_lirc_client_packets" lineno="35737">
+<interface name="corenet_dontaudit_receive_ntop_client_packets" lineno="59661">
 <summary>
-Do not audit attempts to receive lirc_client packets.
+Do not audit attempts to receive ntop_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43187,9 +45504,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_lirc_client_packets" lineno="35756">
+<interface name="corenet_sendrecv_ntop_client_packets" lineno="59680">
 <summary>
-Send and receive lirc_client packets.
+Send and receive ntop_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43198,9 +45515,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_lirc_client_packets" lineno="35772">
+<interface name="corenet_dontaudit_sendrecv_ntop_client_packets" lineno="59696">
 <summary>
-Do not audit attempts to send and receive lirc_client packets.
+Do not audit attempts to send and receive ntop_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43209,9 +45526,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_lirc_client_packets" lineno="35787">
+<interface name="corenet_relabelto_ntop_client_packets" lineno="59711">
 <summary>
-Relabel packets to lirc_client the packet type.
+Relabel packets to ntop_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -43219,9 +45536,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_lirc_server_packets" lineno="35807">
+<interface name="corenet_send_ntop_server_packets" lineno="59731">
 <summary>
-Send lirc_server packets.
+Send ntop_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43230,9 +45547,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_lirc_server_packets" lineno="35826">
+<interface name="corenet_dontaudit_send_ntop_server_packets" lineno="59750">
 <summary>
-Do not audit attempts to send lirc_server packets.
+Do not audit attempts to send ntop_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43241,9 +45558,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_lirc_server_packets" lineno="35845">
+<interface name="corenet_receive_ntop_server_packets" lineno="59769">
 <summary>
-Receive lirc_server packets.
+Receive ntop_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43252,9 +45569,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_lirc_server_packets" lineno="35864">
+<interface name="corenet_dontaudit_receive_ntop_server_packets" lineno="59788">
 <summary>
-Do not audit attempts to receive lirc_server packets.
+Do not audit attempts to receive ntop_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43263,9 +45580,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_lirc_server_packets" lineno="35883">
+<interface name="corenet_sendrecv_ntop_server_packets" lineno="59807">
 <summary>
-Send and receive lirc_server packets.
+Send and receive ntop_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43274,9 +45591,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_lirc_server_packets" lineno="35899">
+<interface name="corenet_dontaudit_sendrecv_ntop_server_packets" lineno="59823">
 <summary>
-Do not audit attempts to send and receive lirc_server packets.
+Do not audit attempts to send and receive ntop_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43285,9 +45602,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_lirc_server_packets" lineno="35914">
+<interface name="corenet_relabelto_ntop_server_packets" lineno="59838">
 <summary>
-Relabel packets to lirc_server the packet type.
+Relabel packets to ntop_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -43295,9 +45612,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_lmtp_port" lineno="35936">
+<interface name="corenet_tcp_sendrecv_ntp_port" lineno="59860">
 <summary>
-Send and receive TCP traffic on the lmtp port.
+Send and receive TCP traffic on the ntp port.
 </summary>
 <param name="domain">
 <summary>
@@ -43306,9 +45623,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_lmtp_port" lineno="35955">
+<interface name="corenet_udp_send_ntp_port" lineno="59879">
 <summary>
-Send UDP traffic on the lmtp port.
+Send UDP traffic on the ntp port.
 </summary>
 <param name="domain">
 <summary>
@@ -43317,9 +45634,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_lmtp_port" lineno="35974">
+<interface name="corenet_dontaudit_udp_send_ntp_port" lineno="59898">
 <summary>
-Do not audit attempts to send UDP traffic on the lmtp port.
+Do not audit attempts to send UDP traffic on the ntp port.
 </summary>
 <param name="domain">
 <summary>
@@ -43328,9 +45645,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_lmtp_port" lineno="35993">
+<interface name="corenet_udp_receive_ntp_port" lineno="59917">
 <summary>
-Receive UDP traffic on the lmtp port.
+Receive UDP traffic on the ntp port.
 </summary>
 <param name="domain">
 <summary>
@@ -43339,9 +45656,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_lmtp_port" lineno="36012">
+<interface name="corenet_dontaudit_udp_receive_ntp_port" lineno="59936">
 <summary>
-Do not audit attempts to receive UDP traffic on the lmtp port.
+Do not audit attempts to receive UDP traffic on the ntp port.
 </summary>
 <param name="domain">
 <summary>
@@ -43350,9 +45667,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_lmtp_port" lineno="36031">
+<interface name="corenet_udp_sendrecv_ntp_port" lineno="59955">
 <summary>
-Send and receive UDP traffic on the lmtp port.
+Send and receive UDP traffic on the ntp port.
 </summary>
 <param name="domain">
 <summary>
@@ -43361,10 +45678,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_lmtp_port" lineno="36048">
+<interface name="corenet_dontaudit_udp_sendrecv_ntp_port" lineno="59972">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the lmtp port.
+UDP traffic on the ntp port.
 </summary>
 <param name="domain">
 <summary>
@@ -43373,9 +45690,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_lmtp_port" lineno="36064">
+<interface name="corenet_tcp_bind_ntp_port" lineno="59988">
 <summary>
-Bind TCP sockets to the lmtp port.
+Bind TCP sockets to the ntp port.
 </summary>
 <param name="domain">
 <summary>
@@ -43384,9 +45701,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_lmtp_port" lineno="36084">
+<interface name="corenet_udp_bind_ntp_port" lineno="60008">
 <summary>
-Bind UDP sockets to the lmtp port.
+Bind UDP sockets to the ntp port.
 </summary>
 <param name="domain">
 <summary>
@@ -43395,9 +45712,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_lmtp_port" lineno="36103">
+<interface name="corenet_tcp_connect_ntp_port" lineno="60027">
 <summary>
-Make a TCP connection to the lmtp port.
+Make a TCP connection to the ntp port.
 </summary>
 <param name="domain">
 <summary>
@@ -43405,9 +45722,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_lmtp_client_packets" lineno="36123">
+<interface name="corenet_send_ntp_client_packets" lineno="60047">
 <summary>
-Send lmtp_client packets.
+Send ntp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43416,9 +45733,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_lmtp_client_packets" lineno="36142">
+<interface name="corenet_dontaudit_send_ntp_client_packets" lineno="60066">
 <summary>
-Do not audit attempts to send lmtp_client packets.
+Do not audit attempts to send ntp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43427,9 +45744,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_lmtp_client_packets" lineno="36161">
+<interface name="corenet_receive_ntp_client_packets" lineno="60085">
 <summary>
-Receive lmtp_client packets.
+Receive ntp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43438,9 +45755,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_lmtp_client_packets" lineno="36180">
+<interface name="corenet_dontaudit_receive_ntp_client_packets" lineno="60104">
 <summary>
-Do not audit attempts to receive lmtp_client packets.
+Do not audit attempts to receive ntp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43449,9 +45766,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_lmtp_client_packets" lineno="36199">
+<interface name="corenet_sendrecv_ntp_client_packets" lineno="60123">
 <summary>
-Send and receive lmtp_client packets.
+Send and receive ntp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43460,9 +45777,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_lmtp_client_packets" lineno="36215">
+<interface name="corenet_dontaudit_sendrecv_ntp_client_packets" lineno="60139">
 <summary>
-Do not audit attempts to send and receive lmtp_client packets.
+Do not audit attempts to send and receive ntp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43471,9 +45788,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_lmtp_client_packets" lineno="36230">
+<interface name="corenet_relabelto_ntp_client_packets" lineno="60154">
 <summary>
-Relabel packets to lmtp_client the packet type.
+Relabel packets to ntp_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -43481,9 +45798,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_lmtp_server_packets" lineno="36250">
+<interface name="corenet_send_ntp_server_packets" lineno="60174">
 <summary>
-Send lmtp_server packets.
+Send ntp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43492,9 +45809,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_lmtp_server_packets" lineno="36269">
+<interface name="corenet_dontaudit_send_ntp_server_packets" lineno="60193">
 <summary>
-Do not audit attempts to send lmtp_server packets.
+Do not audit attempts to send ntp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43503,9 +45820,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_lmtp_server_packets" lineno="36288">
+<interface name="corenet_receive_ntp_server_packets" lineno="60212">
 <summary>
-Receive lmtp_server packets.
+Receive ntp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43514,9 +45831,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_lmtp_server_packets" lineno="36307">
+<interface name="corenet_dontaudit_receive_ntp_server_packets" lineno="60231">
 <summary>
-Do not audit attempts to receive lmtp_server packets.
+Do not audit attempts to receive ntp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43525,9 +45842,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_lmtp_server_packets" lineno="36326">
+<interface name="corenet_sendrecv_ntp_server_packets" lineno="60250">
 <summary>
-Send and receive lmtp_server packets.
+Send and receive ntp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43536,9 +45853,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_lmtp_server_packets" lineno="36342">
+<interface name="corenet_dontaudit_sendrecv_ntp_server_packets" lineno="60266">
 <summary>
-Do not audit attempts to send and receive lmtp_server packets.
+Do not audit attempts to send and receive ntp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43547,9 +45864,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_lmtp_server_packets" lineno="36357">
+<interface name="corenet_relabelto_ntp_server_packets" lineno="60281">
 <summary>
-Relabel packets to lmtp_server the packet type.
+Relabel packets to ntp_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -43557,9 +45874,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_lrrd_port" lineno="36379">
+<interface name="corenet_tcp_sendrecv_oa_system_port" lineno="60303">
 <summary>
-Send and receive TCP traffic on the lrrd port.
+Send and receive TCP traffic on the oa_system port.
 </summary>
 <param name="domain">
 <summary>
@@ -43568,9 +45885,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_lrrd_port" lineno="36398">
+<interface name="corenet_udp_send_oa_system_port" lineno="60322">
 <summary>
-Send UDP traffic on the lrrd port.
+Send UDP traffic on the oa_system port.
 </summary>
 <param name="domain">
 <summary>
@@ -43579,9 +45896,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_lrrd_port" lineno="36417">
+<interface name="corenet_dontaudit_udp_send_oa_system_port" lineno="60341">
 <summary>
-Do not audit attempts to send UDP traffic on the lrrd port.
+Do not audit attempts to send UDP traffic on the oa_system port.
 </summary>
 <param name="domain">
 <summary>
@@ -43590,9 +45907,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_lrrd_port" lineno="36436">
+<interface name="corenet_udp_receive_oa_system_port" lineno="60360">
 <summary>
-Receive UDP traffic on the lrrd port.
+Receive UDP traffic on the oa_system port.
 </summary>
 <param name="domain">
 <summary>
@@ -43601,9 +45918,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_lrrd_port" lineno="36455">
+<interface name="corenet_dontaudit_udp_receive_oa_system_port" lineno="60379">
 <summary>
-Do not audit attempts to receive UDP traffic on the lrrd port.
+Do not audit attempts to receive UDP traffic on the oa_system port.
 </summary>
 <param name="domain">
 <summary>
@@ -43612,9 +45929,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_lrrd_port" lineno="36474">
+<interface name="corenet_udp_sendrecv_oa_system_port" lineno="60398">
 <summary>
-Send and receive UDP traffic on the lrrd port.
+Send and receive UDP traffic on the oa_system port.
 </summary>
 <param name="domain">
 <summary>
@@ -43623,10 +45940,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_lrrd_port" lineno="36491">
+<interface name="corenet_dontaudit_udp_sendrecv_oa_system_port" lineno="60415">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the lrrd port.
+UDP traffic on the oa_system port.
 </summary>
 <param name="domain">
 <summary>
@@ -43635,9 +45952,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_lrrd_port" lineno="36507">
+<interface name="corenet_tcp_bind_oa_system_port" lineno="60431">
 <summary>
-Bind TCP sockets to the lrrd port.
+Bind TCP sockets to the oa_system port.
 </summary>
 <param name="domain">
 <summary>
@@ -43646,9 +45963,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_lrrd_port" lineno="36527">
+<interface name="corenet_udp_bind_oa_system_port" lineno="60451">
 <summary>
-Bind UDP sockets to the lrrd port.
+Bind UDP sockets to the oa_system port.
 </summary>
 <param name="domain">
 <summary>
@@ -43657,9 +45974,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_lrrd_port" lineno="36546">
+<interface name="corenet_tcp_connect_oa_system_port" lineno="60470">
 <summary>
-Make a TCP connection to the lrrd port.
+Make a TCP connection to the oa_system port.
 </summary>
 <param name="domain">
 <summary>
@@ -43667,9 +45984,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_lrrd_client_packets" lineno="36566">
+<interface name="corenet_send_oa_system_client_packets" lineno="60490">
 <summary>
-Send lrrd_client packets.
+Send oa_system_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43678,9 +45995,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_lrrd_client_packets" lineno="36585">
+<interface name="corenet_dontaudit_send_oa_system_client_packets" lineno="60509">
 <summary>
-Do not audit attempts to send lrrd_client packets.
+Do not audit attempts to send oa_system_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43689,9 +46006,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_lrrd_client_packets" lineno="36604">
+<interface name="corenet_receive_oa_system_client_packets" lineno="60528">
 <summary>
-Receive lrrd_client packets.
+Receive oa_system_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43700,9 +46017,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_lrrd_client_packets" lineno="36623">
+<interface name="corenet_dontaudit_receive_oa_system_client_packets" lineno="60547">
 <summary>
-Do not audit attempts to receive lrrd_client packets.
+Do not audit attempts to receive oa_system_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43711,9 +46028,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_lrrd_client_packets" lineno="36642">
+<interface name="corenet_sendrecv_oa_system_client_packets" lineno="60566">
 <summary>
-Send and receive lrrd_client packets.
+Send and receive oa_system_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43722,9 +46039,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_lrrd_client_packets" lineno="36658">
+<interface name="corenet_dontaudit_sendrecv_oa_system_client_packets" lineno="60582">
 <summary>
-Do not audit attempts to send and receive lrrd_client packets.
+Do not audit attempts to send and receive oa_system_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43733,9 +46050,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_lrrd_client_packets" lineno="36673">
+<interface name="corenet_relabelto_oa_system_client_packets" lineno="60597">
 <summary>
-Relabel packets to lrrd_client the packet type.
+Relabel packets to oa_system_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -43743,9 +46060,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_lrrd_server_packets" lineno="36693">
+<interface name="corenet_send_oa_system_server_packets" lineno="60617">
 <summary>
-Send lrrd_server packets.
+Send oa_system_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43754,9 +46071,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_lrrd_server_packets" lineno="36712">
+<interface name="corenet_dontaudit_send_oa_system_server_packets" lineno="60636">
 <summary>
-Do not audit attempts to send lrrd_server packets.
+Do not audit attempts to send oa_system_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43765,9 +46082,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_lrrd_server_packets" lineno="36731">
+<interface name="corenet_receive_oa_system_server_packets" lineno="60655">
 <summary>
-Receive lrrd_server packets.
+Receive oa_system_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43776,9 +46093,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_lrrd_server_packets" lineno="36750">
+<interface name="corenet_dontaudit_receive_oa_system_server_packets" lineno="60674">
 <summary>
-Do not audit attempts to receive lrrd_server packets.
+Do not audit attempts to receive oa_system_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43787,9 +46104,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_lrrd_server_packets" lineno="36769">
+<interface name="corenet_sendrecv_oa_system_server_packets" lineno="60693">
 <summary>
-Send and receive lrrd_server packets.
+Send and receive oa_system_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43798,9 +46115,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_lrrd_server_packets" lineno="36785">
+<interface name="corenet_dontaudit_sendrecv_oa_system_server_packets" lineno="60709">
 <summary>
-Do not audit attempts to send and receive lrrd_server packets.
+Do not audit attempts to send and receive oa_system_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43809,9 +46126,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_lrrd_server_packets" lineno="36800">
+<interface name="corenet_relabelto_oa_system_server_packets" lineno="60724">
 <summary>
-Relabel packets to lrrd_server the packet type.
+Relabel packets to oa_system_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -43819,9 +46136,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_mail_port" lineno="36822">
+<interface name="corenet_tcp_sendrecv_oracledb_port" lineno="60746">
 <summary>
-Send and receive TCP traffic on the mail port.
+Send and receive TCP traffic on the oracledb port.
 </summary>
 <param name="domain">
 <summary>
@@ -43830,9 +46147,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_mail_port" lineno="36841">
+<interface name="corenet_udp_send_oracledb_port" lineno="60765">
 <summary>
-Send UDP traffic on the mail port.
+Send UDP traffic on the oracledb port.
 </summary>
 <param name="domain">
 <summary>
@@ -43841,9 +46158,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_mail_port" lineno="36860">
+<interface name="corenet_dontaudit_udp_send_oracledb_port" lineno="60784">
 <summary>
-Do not audit attempts to send UDP traffic on the mail port.
+Do not audit attempts to send UDP traffic on the oracledb port.
 </summary>
 <param name="domain">
 <summary>
@@ -43852,9 +46169,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_mail_port" lineno="36879">
+<interface name="corenet_udp_receive_oracledb_port" lineno="60803">
 <summary>
-Receive UDP traffic on the mail port.
+Receive UDP traffic on the oracledb port.
 </summary>
 <param name="domain">
 <summary>
@@ -43863,9 +46180,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_mail_port" lineno="36898">
+<interface name="corenet_dontaudit_udp_receive_oracledb_port" lineno="60822">
 <summary>
-Do not audit attempts to receive UDP traffic on the mail port.
+Do not audit attempts to receive UDP traffic on the oracledb port.
 </summary>
 <param name="domain">
 <summary>
@@ -43874,9 +46191,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_mail_port" lineno="36917">
+<interface name="corenet_udp_sendrecv_oracledb_port" lineno="60841">
 <summary>
-Send and receive UDP traffic on the mail port.
+Send and receive UDP traffic on the oracledb port.
 </summary>
 <param name="domain">
 <summary>
@@ -43885,10 +46202,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_mail_port" lineno="36934">
+<interface name="corenet_dontaudit_udp_sendrecv_oracledb_port" lineno="60858">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the mail port.
+UDP traffic on the oracledb port.
 </summary>
 <param name="domain">
 <summary>
@@ -43897,9 +46214,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_mail_port" lineno="36950">
+<interface name="corenet_tcp_bind_oracledb_port" lineno="60874">
 <summary>
-Bind TCP sockets to the mail port.
+Bind TCP sockets to the oracledb port.
 </summary>
 <param name="domain">
 <summary>
@@ -43908,9 +46225,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_mail_port" lineno="36970">
+<interface name="corenet_udp_bind_oracledb_port" lineno="60894">
 <summary>
-Bind UDP sockets to the mail port.
+Bind UDP sockets to the oracledb port.
 </summary>
 <param name="domain">
 <summary>
@@ -43919,9 +46236,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_mail_port" lineno="36989">
+<interface name="corenet_tcp_connect_oracledb_port" lineno="60913">
 <summary>
-Make a TCP connection to the mail port.
+Make a TCP connection to the oracledb port.
 </summary>
 <param name="domain">
 <summary>
@@ -43929,9 +46246,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_mail_client_packets" lineno="37009">
+<interface name="corenet_send_oracledb_client_packets" lineno="60933">
 <summary>
-Send mail_client packets.
+Send oracledb_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43940,9 +46257,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_mail_client_packets" lineno="37028">
+<interface name="corenet_dontaudit_send_oracledb_client_packets" lineno="60952">
 <summary>
-Do not audit attempts to send mail_client packets.
+Do not audit attempts to send oracledb_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43951,9 +46268,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_mail_client_packets" lineno="37047">
+<interface name="corenet_receive_oracledb_client_packets" lineno="60971">
 <summary>
-Receive mail_client packets.
+Receive oracledb_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43962,9 +46279,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_mail_client_packets" lineno="37066">
+<interface name="corenet_dontaudit_receive_oracledb_client_packets" lineno="60990">
 <summary>
-Do not audit attempts to receive mail_client packets.
+Do not audit attempts to receive oracledb_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43973,9 +46290,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_mail_client_packets" lineno="37085">
+<interface name="corenet_sendrecv_oracledb_client_packets" lineno="61009">
 <summary>
-Send and receive mail_client packets.
+Send and receive oracledb_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43984,9 +46301,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_mail_client_packets" lineno="37101">
+<interface name="corenet_dontaudit_sendrecv_oracledb_client_packets" lineno="61025">
 <summary>
-Do not audit attempts to send and receive mail_client packets.
+Do not audit attempts to send and receive oracledb_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -43995,9 +46312,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_mail_client_packets" lineno="37116">
+<interface name="corenet_relabelto_oracledb_client_packets" lineno="61040">
 <summary>
-Relabel packets to mail_client the packet type.
+Relabel packets to oracledb_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -44005,9 +46322,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_mail_server_packets" lineno="37136">
+<interface name="corenet_send_oracledb_server_packets" lineno="61060">
 <summary>
-Send mail_server packets.
+Send oracledb_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -44016,9 +46333,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_mail_server_packets" lineno="37155">
+<interface name="corenet_dontaudit_send_oracledb_server_packets" lineno="61079">
 <summary>
-Do not audit attempts to send mail_server packets.
+Do not audit attempts to send oracledb_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -44027,9 +46344,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_mail_server_packets" lineno="37174">
+<interface name="corenet_receive_oracledb_server_packets" lineno="61098">
 <summary>
-Receive mail_server packets.
+Receive oracledb_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -44038,9 +46355,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_mail_server_packets" lineno="37193">
+<interface name="corenet_dontaudit_receive_oracledb_server_packets" lineno="61117">
 <summary>
-Do not audit attempts to receive mail_server packets.
+Do not audit attempts to receive oracledb_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -44049,9 +46366,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_mail_server_packets" lineno="37212">
+<interface name="corenet_sendrecv_oracledb_server_packets" lineno="61136">
 <summary>
-Send and receive mail_server packets.
+Send and receive oracledb_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -44060,9 +46377,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_mail_server_packets" lineno="37228">
+<interface name="corenet_dontaudit_sendrecv_oracledb_server_packets" lineno="61152">
 <summary>
-Do not audit attempts to send and receive mail_server packets.
+Do not audit attempts to send and receive oracledb_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -44071,9 +46388,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_mail_server_packets" lineno="37243">
+<interface name="corenet_relabelto_oracledb_server_packets" lineno="61167">
 <summary>
-Relabel packets to mail_server the packet type.
+Relabel packets to oracledb_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -44081,9 +46398,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_matahari_port" lineno="37265">
+<interface name="corenet_tcp_sendrecv_ocsp_port" lineno="61189">
 <summary>
-Send and receive TCP traffic on the matahari port.
+Send and receive TCP traffic on the ocsp port.
 </summary>
 <param name="domain">
 <summary>
@@ -44092,9 +46409,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_matahari_port" lineno="37284">
+<interface name="corenet_udp_send_ocsp_port" lineno="61208">
 <summary>
-Send UDP traffic on the matahari port.
+Send UDP traffic on the ocsp port.
 </summary>
 <param name="domain">
 <summary>
@@ -44103,9 +46420,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_matahari_port" lineno="37303">
+<interface name="corenet_dontaudit_udp_send_ocsp_port" lineno="61227">
 <summary>
-Do not audit attempts to send UDP traffic on the matahari port.
+Do not audit attempts to send UDP traffic on the ocsp port.
 </summary>
 <param name="domain">
 <summary>
@@ -44114,9 +46431,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_matahari_port" lineno="37322">
+<interface name="corenet_udp_receive_ocsp_port" lineno="61246">
 <summary>
-Receive UDP traffic on the matahari port.
+Receive UDP traffic on the ocsp port.
 </summary>
 <param name="domain">
 <summary>
@@ -44125,9 +46442,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_matahari_port" lineno="37341">
+<interface name="corenet_dontaudit_udp_receive_ocsp_port" lineno="61265">
 <summary>
-Do not audit attempts to receive UDP traffic on the matahari port.
+Do not audit attempts to receive UDP traffic on the ocsp port.
 </summary>
 <param name="domain">
 <summary>
@@ -44136,9 +46453,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_matahari_port" lineno="37360">
+<interface name="corenet_udp_sendrecv_ocsp_port" lineno="61284">
 <summary>
-Send and receive UDP traffic on the matahari port.
+Send and receive UDP traffic on the ocsp port.
 </summary>
 <param name="domain">
 <summary>
@@ -44147,10 +46464,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_matahari_port" lineno="37377">
+<interface name="corenet_dontaudit_udp_sendrecv_ocsp_port" lineno="61301">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the matahari port.
+UDP traffic on the ocsp port.
 </summary>
 <param name="domain">
 <summary>
@@ -44159,9 +46476,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_matahari_port" lineno="37393">
+<interface name="corenet_tcp_bind_ocsp_port" lineno="61317">
 <summary>
-Bind TCP sockets to the matahari port.
+Bind TCP sockets to the ocsp port.
 </summary>
 <param name="domain">
 <summary>
@@ -44170,9 +46487,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_matahari_port" lineno="37413">
+<interface name="corenet_udp_bind_ocsp_port" lineno="61337">
 <summary>
-Bind UDP sockets to the matahari port.
+Bind UDP sockets to the ocsp port.
 </summary>
 <param name="domain">
 <summary>
@@ -44181,9 +46498,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_matahari_port" lineno="37432">
+<interface name="corenet_tcp_connect_ocsp_port" lineno="61356">
 <summary>
-Make a TCP connection to the matahari port.
+Make a TCP connection to the ocsp port.
 </summary>
 <param name="domain">
 <summary>
@@ -44191,9 +46508,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_matahari_client_packets" lineno="37452">
+<interface name="corenet_send_ocsp_client_packets" lineno="61376">
 <summary>
-Send matahari_client packets.
+Send ocsp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -44202,9 +46519,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_matahari_client_packets" lineno="37471">
+<interface name="corenet_dontaudit_send_ocsp_client_packets" lineno="61395">
 <summary>
-Do not audit attempts to send matahari_client packets.
+Do not audit attempts to send ocsp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -44213,9 +46530,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_matahari_client_packets" lineno="37490">
+<interface name="corenet_receive_ocsp_client_packets" lineno="61414">
 <summary>
-Receive matahari_client packets.
+Receive ocsp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -44224,9 +46541,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_matahari_client_packets" lineno="37509">
+<interface name="corenet_dontaudit_receive_ocsp_client_packets" lineno="61433">
 <summary>
-Do not audit attempts to receive matahari_client packets.
+Do not audit attempts to receive ocsp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -44235,9 +46552,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_matahari_client_packets" lineno="37528">
+<interface name="corenet_sendrecv_ocsp_client_packets" lineno="61452">
 <summary>
-Send and receive matahari_client packets.
+Send and receive ocsp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -44246,9 +46563,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_matahari_client_packets" lineno="37544">
+<interface name="corenet_dontaudit_sendrecv_ocsp_client_packets" lineno="61468">
 <summary>
-Do not audit attempts to send and receive matahari_client packets.
+Do not audit attempts to send and receive ocsp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -44257,9 +46574,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_matahari_client_packets" lineno="37559">
+<interface name="corenet_relabelto_ocsp_client_packets" lineno="61483">
 <summary>
-Relabel packets to matahari_client the packet type.
+Relabel packets to ocsp_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -44267,9 +46584,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_matahari_server_packets" lineno="37579">
+<interface name="corenet_send_ocsp_server_packets" lineno="61503">
 <summary>
-Send matahari_server packets.
+Send ocsp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -44278,9 +46595,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_matahari_server_packets" lineno="37598">
+<interface name="corenet_dontaudit_send_ocsp_server_packets" lineno="61522">
 <summary>
-Do not audit attempts to send matahari_server packets.
+Do not audit attempts to send ocsp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -44289,9 +46606,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_matahari_server_packets" lineno="37617">
+<interface name="corenet_receive_ocsp_server_packets" lineno="61541">
 <summary>
-Receive matahari_server packets.
+Receive ocsp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -44300,9 +46617,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_matahari_server_packets" lineno="37636">
+<interface name="corenet_dontaudit_receive_ocsp_server_packets" lineno="61560">
 <summary>
-Do not audit attempts to receive matahari_server packets.
+Do not audit attempts to receive ocsp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -44311,9 +46628,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_matahari_server_packets" lineno="37655">
+<interface name="corenet_sendrecv_ocsp_server_packets" lineno="61579">
 <summary>
-Send and receive matahari_server packets.
+Send and receive ocsp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -44322,9 +46639,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_matahari_server_packets" lineno="37671">
+<interface name="corenet_dontaudit_sendrecv_ocsp_server_packets" lineno="61595">
 <summary>
-Do not audit attempts to send and receive matahari_server packets.
+Do not audit attempts to send and receive ocsp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -44333,9 +46650,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_matahari_server_packets" lineno="37686">
+<interface name="corenet_relabelto_ocsp_server_packets" lineno="61610">
 <summary>
-Relabel packets to matahari_server the packet type.
+Relabel packets to ocsp_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -44343,9 +46660,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_memcache_port" lineno="37708">
+<interface name="corenet_tcp_sendrecv_openhpid_port" lineno="61632">
 <summary>
-Send and receive TCP traffic on the memcache port.
+Send and receive TCP traffic on the openhpid port.
 </summary>
 <param name="domain">
 <summary>
@@ -44354,9 +46671,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_memcache_port" lineno="37727">
+<interface name="corenet_udp_send_openhpid_port" lineno="61651">
 <summary>
-Send UDP traffic on the memcache port.
+Send UDP traffic on the openhpid port.
 </summary>
 <param name="domain">
 <summary>
@@ -44365,9 +46682,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_memcache_port" lineno="37746">
+<interface name="corenet_dontaudit_udp_send_openhpid_port" lineno="61670">
 <summary>
-Do not audit attempts to send UDP traffic on the memcache port.
+Do not audit attempts to send UDP traffic on the openhpid port.
 </summary>
 <param name="domain">
 <summary>
@@ -44376,9 +46693,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_memcache_port" lineno="37765">
+<interface name="corenet_udp_receive_openhpid_port" lineno="61689">
 <summary>
-Receive UDP traffic on the memcache port.
+Receive UDP traffic on the openhpid port.
 </summary>
 <param name="domain">
 <summary>
@@ -44387,9 +46704,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_memcache_port" lineno="37784">
+<interface name="corenet_dontaudit_udp_receive_openhpid_port" lineno="61708">
 <summary>
-Do not audit attempts to receive UDP traffic on the memcache port.
+Do not audit attempts to receive UDP traffic on the openhpid port.
 </summary>
 <param name="domain">
 <summary>
@@ -44398,9 +46715,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_memcache_port" lineno="37803">
+<interface name="corenet_udp_sendrecv_openhpid_port" lineno="61727">
 <summary>
-Send and receive UDP traffic on the memcache port.
+Send and receive UDP traffic on the openhpid port.
 </summary>
 <param name="domain">
 <summary>
@@ -44409,10 +46726,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_memcache_port" lineno="37820">
+<interface name="corenet_dontaudit_udp_sendrecv_openhpid_port" lineno="61744">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the memcache port.
+UDP traffic on the openhpid port.
 </summary>
 <param name="domain">
 <summary>
@@ -44421,9 +46738,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_memcache_port" lineno="37836">
+<interface name="corenet_tcp_bind_openhpid_port" lineno="61760">
 <summary>
-Bind TCP sockets to the memcache port.
+Bind TCP sockets to the openhpid port.
 </summary>
 <param name="domain">
 <summary>
@@ -44432,9 +46749,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_memcache_port" lineno="37856">
+<interface name="corenet_udp_bind_openhpid_port" lineno="61780">
 <summary>
-Bind UDP sockets to the memcache port.
+Bind UDP sockets to the openhpid port.
 </summary>
 <param name="domain">
 <summary>
@@ -44443,9 +46760,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_memcache_port" lineno="37875">
+<interface name="corenet_tcp_connect_openhpid_port" lineno="61799">
 <summary>
-Make a TCP connection to the memcache port.
+Make a TCP connection to the openhpid port.
 </summary>
 <param name="domain">
 <summary>
@@ -44453,9 +46770,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_memcache_client_packets" lineno="37895">
+<interface name="corenet_send_openhpid_client_packets" lineno="61819">
 <summary>
-Send memcache_client packets.
+Send openhpid_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -44464,9 +46781,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_memcache_client_packets" lineno="37914">
+<interface name="corenet_dontaudit_send_openhpid_client_packets" lineno="61838">
 <summary>
-Do not audit attempts to send memcache_client packets.
+Do not audit attempts to send openhpid_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -44475,9 +46792,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_memcache_client_packets" lineno="37933">
+<interface name="corenet_receive_openhpid_client_packets" lineno="61857">
 <summary>
-Receive memcache_client packets.
+Receive openhpid_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -44486,9 +46803,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_memcache_client_packets" lineno="37952">
+<interface name="corenet_dontaudit_receive_openhpid_client_packets" lineno="61876">
 <summary>
-Do not audit attempts to receive memcache_client packets.
+Do not audit attempts to receive openhpid_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -44497,9 +46814,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_memcache_client_packets" lineno="37971">
+<interface name="corenet_sendrecv_openhpid_client_packets" lineno="61895">
 <summary>
-Send and receive memcache_client packets.
+Send and receive openhpid_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -44508,9 +46825,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_memcache_client_packets" lineno="37987">
+<interface name="corenet_dontaudit_sendrecv_openhpid_client_packets" lineno="61911">
 <summary>
-Do not audit attempts to send and receive memcache_client packets.
+Do not audit attempts to send and receive openhpid_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -44519,9 +46836,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_memcache_client_packets" lineno="38002">
+<interface name="corenet_relabelto_openhpid_client_packets" lineno="61926">
 <summary>
-Relabel packets to memcache_client the packet type.
+Relabel packets to openhpid_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -44529,9 +46846,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_memcache_server_packets" lineno="38022">
+<interface name="corenet_send_openhpid_server_packets" lineno="61946">
 <summary>
-Send memcache_server packets.
+Send openhpid_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -44540,9 +46857,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_memcache_server_packets" lineno="38041">
+<interface name="corenet_dontaudit_send_openhpid_server_packets" lineno="61965">
 <summary>
-Do not audit attempts to send memcache_server packets.
+Do not audit attempts to send openhpid_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -44551,9 +46868,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_memcache_server_packets" lineno="38060">
+<interface name="corenet_receive_openhpid_server_packets" lineno="61984">
 <summary>
-Receive memcache_server packets.
+Receive openhpid_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -44562,9 +46879,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_memcache_server_packets" lineno="38079">
+<interface name="corenet_dontaudit_receive_openhpid_server_packets" lineno="62003">
 <summary>
-Do not audit attempts to receive memcache_server packets.
+Do not audit attempts to receive openhpid_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -44573,9 +46890,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_memcache_server_packets" lineno="38098">
+<interface name="corenet_sendrecv_openhpid_server_packets" lineno="62022">
 <summary>
-Send and receive memcache_server packets.
+Send and receive openhpid_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -44584,9 +46901,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_memcache_server_packets" lineno="38114">
+<interface name="corenet_dontaudit_sendrecv_openhpid_server_packets" lineno="62038">
 <summary>
-Do not audit attempts to send and receive memcache_server packets.
+Do not audit attempts to send and receive openhpid_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -44595,9 +46912,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_memcache_server_packets" lineno="38129">
+<interface name="corenet_relabelto_openhpid_server_packets" lineno="62053">
 <summary>
-Relabel packets to memcache_server the packet type.
+Relabel packets to openhpid_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -44605,9 +46922,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_milter_port" lineno="38151">
+<interface name="corenet_tcp_sendrecv_openvpn_port" lineno="62075">
 <summary>
-Send and receive TCP traffic on the milter port.
+Send and receive TCP traffic on the openvpn port.
 </summary>
 <param name="domain">
 <summary>
@@ -44616,9 +46933,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_milter_port" lineno="38170">
+<interface name="corenet_udp_send_openvpn_port" lineno="62094">
 <summary>
-Send UDP traffic on the milter port.
+Send UDP traffic on the openvpn port.
 </summary>
 <param name="domain">
 <summary>
@@ -44627,9 +46944,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_milter_port" lineno="38189">
+<interface name="corenet_dontaudit_udp_send_openvpn_port" lineno="62113">
 <summary>
-Do not audit attempts to send UDP traffic on the milter port.
+Do not audit attempts to send UDP traffic on the openvpn port.
 </summary>
 <param name="domain">
 <summary>
@@ -44638,9 +46955,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_milter_port" lineno="38208">
+<interface name="corenet_udp_receive_openvpn_port" lineno="62132">
 <summary>
-Receive UDP traffic on the milter port.
+Receive UDP traffic on the openvpn port.
 </summary>
 <param name="domain">
 <summary>
@@ -44649,9 +46966,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_milter_port" lineno="38227">
+<interface name="corenet_dontaudit_udp_receive_openvpn_port" lineno="62151">
 <summary>
-Do not audit attempts to receive UDP traffic on the milter port.
+Do not audit attempts to receive UDP traffic on the openvpn port.
 </summary>
 <param name="domain">
 <summary>
@@ -44660,9 +46977,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_milter_port" lineno="38246">
+<interface name="corenet_udp_sendrecv_openvpn_port" lineno="62170">
 <summary>
-Send and receive UDP traffic on the milter port.
+Send and receive UDP traffic on the openvpn port.
 </summary>
 <param name="domain">
 <summary>
@@ -44671,10 +46988,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_milter_port" lineno="38263">
+<interface name="corenet_dontaudit_udp_sendrecv_openvpn_port" lineno="62187">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the milter port.
+UDP traffic on the openvpn port.
 </summary>
 <param name="domain">
 <summary>
@@ -44683,9 +47000,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_milter_port" lineno="38279">
+<interface name="corenet_tcp_bind_openvpn_port" lineno="62203">
 <summary>
-Bind TCP sockets to the milter port.
+Bind TCP sockets to the openvpn port.
 </summary>
 <param name="domain">
 <summary>
@@ -44694,9 +47011,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_milter_port" lineno="38299">
+<interface name="corenet_udp_bind_openvpn_port" lineno="62223">
 <summary>
-Bind UDP sockets to the milter port.
+Bind UDP sockets to the openvpn port.
 </summary>
 <param name="domain">
 <summary>
@@ -44705,9 +47022,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_milter_port" lineno="38318">
+<interface name="corenet_tcp_connect_openvpn_port" lineno="62242">
 <summary>
-Make a TCP connection to the milter port.
+Make a TCP connection to the openvpn port.
 </summary>
 <param name="domain">
 <summary>
@@ -44715,9 +47032,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_milter_client_packets" lineno="38338">
+<interface name="corenet_send_openvpn_client_packets" lineno="62262">
 <summary>
-Send milter_client packets.
+Send openvpn_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -44726,9 +47043,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_milter_client_packets" lineno="38357">
+<interface name="corenet_dontaudit_send_openvpn_client_packets" lineno="62281">
 <summary>
-Do not audit attempts to send milter_client packets.
+Do not audit attempts to send openvpn_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -44737,9 +47054,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_milter_client_packets" lineno="38376">
+<interface name="corenet_receive_openvpn_client_packets" lineno="62300">
 <summary>
-Receive milter_client packets.
+Receive openvpn_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -44748,9 +47065,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_milter_client_packets" lineno="38395">
+<interface name="corenet_dontaudit_receive_openvpn_client_packets" lineno="62319">
 <summary>
-Do not audit attempts to receive milter_client packets.
+Do not audit attempts to receive openvpn_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -44759,9 +47076,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_milter_client_packets" lineno="38414">
+<interface name="corenet_sendrecv_openvpn_client_packets" lineno="62338">
 <summary>
-Send and receive milter_client packets.
+Send and receive openvpn_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -44770,9 +47087,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_milter_client_packets" lineno="38430">
+<interface name="corenet_dontaudit_sendrecv_openvpn_client_packets" lineno="62354">
 <summary>
-Do not audit attempts to send and receive milter_client packets.
+Do not audit attempts to send and receive openvpn_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -44781,9 +47098,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_milter_client_packets" lineno="38445">
+<interface name="corenet_relabelto_openvpn_client_packets" lineno="62369">
 <summary>
-Relabel packets to milter_client the packet type.
+Relabel packets to openvpn_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -44791,9 +47108,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_milter_server_packets" lineno="38465">
+<interface name="corenet_send_openvpn_server_packets" lineno="62389">
 <summary>
-Send milter_server packets.
+Send openvpn_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -44802,9 +47119,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_milter_server_packets" lineno="38484">
+<interface name="corenet_dontaudit_send_openvpn_server_packets" lineno="62408">
 <summary>
-Do not audit attempts to send milter_server packets.
+Do not audit attempts to send openvpn_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -44813,9 +47130,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_milter_server_packets" lineno="38503">
+<interface name="corenet_receive_openvpn_server_packets" lineno="62427">
 <summary>
-Receive milter_server packets.
+Receive openvpn_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -44824,9 +47141,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_milter_server_packets" lineno="38522">
+<interface name="corenet_dontaudit_receive_openvpn_server_packets" lineno="62446">
 <summary>
-Do not audit attempts to receive milter_server packets.
+Do not audit attempts to receive openvpn_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -44835,9 +47152,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_milter_server_packets" lineno="38541">
+<interface name="corenet_sendrecv_openvpn_server_packets" lineno="62465">
 <summary>
-Send and receive milter_server packets.
+Send and receive openvpn_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -44846,9 +47163,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_milter_server_packets" lineno="38557">
+<interface name="corenet_dontaudit_sendrecv_openvpn_server_packets" lineno="62481">
 <summary>
-Do not audit attempts to send and receive milter_server packets.
+Do not audit attempts to send and receive openvpn_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -44857,9 +47174,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_milter_server_packets" lineno="38572">
+<interface name="corenet_relabelto_openvpn_server_packets" lineno="62496">
 <summary>
-Relabel packets to milter_server the packet type.
+Relabel packets to openvpn_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -44867,9 +47184,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_mmcc_port" lineno="38594">
+<interface name="corenet_tcp_sendrecv_pdps_port" lineno="62518">
 <summary>
-Send and receive TCP traffic on the mmcc port.
+Send and receive TCP traffic on the pdps port.
 </summary>
 <param name="domain">
 <summary>
@@ -44878,9 +47195,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_mmcc_port" lineno="38613">
+<interface name="corenet_udp_send_pdps_port" lineno="62537">
 <summary>
-Send UDP traffic on the mmcc port.
+Send UDP traffic on the pdps port.
 </summary>
 <param name="domain">
 <summary>
@@ -44889,9 +47206,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_mmcc_port" lineno="38632">
+<interface name="corenet_dontaudit_udp_send_pdps_port" lineno="62556">
 <summary>
-Do not audit attempts to send UDP traffic on the mmcc port.
+Do not audit attempts to send UDP traffic on the pdps port.
 </summary>
 <param name="domain">
 <summary>
@@ -44900,9 +47217,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_mmcc_port" lineno="38651">
+<interface name="corenet_udp_receive_pdps_port" lineno="62575">
 <summary>
-Receive UDP traffic on the mmcc port.
+Receive UDP traffic on the pdps port.
 </summary>
 <param name="domain">
 <summary>
@@ -44911,9 +47228,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_mmcc_port" lineno="38670">
+<interface name="corenet_dontaudit_udp_receive_pdps_port" lineno="62594">
 <summary>
-Do not audit attempts to receive UDP traffic on the mmcc port.
+Do not audit attempts to receive UDP traffic on the pdps port.
 </summary>
 <param name="domain">
 <summary>
@@ -44922,9 +47239,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_mmcc_port" lineno="38689">
+<interface name="corenet_udp_sendrecv_pdps_port" lineno="62613">
 <summary>
-Send and receive UDP traffic on the mmcc port.
+Send and receive UDP traffic on the pdps port.
 </summary>
 <param name="domain">
 <summary>
@@ -44933,10 +47250,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_mmcc_port" lineno="38706">
+<interface name="corenet_dontaudit_udp_sendrecv_pdps_port" lineno="62630">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the mmcc port.
+UDP traffic on the pdps port.
 </summary>
 <param name="domain">
 <summary>
@@ -44945,9 +47262,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_mmcc_port" lineno="38722">
+<interface name="corenet_tcp_bind_pdps_port" lineno="62646">
 <summary>
-Bind TCP sockets to the mmcc port.
+Bind TCP sockets to the pdps port.
 </summary>
 <param name="domain">
 <summary>
@@ -44956,9 +47273,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_mmcc_port" lineno="38742">
+<interface name="corenet_udp_bind_pdps_port" lineno="62666">
 <summary>
-Bind UDP sockets to the mmcc port.
+Bind UDP sockets to the pdps port.
 </summary>
 <param name="domain">
 <summary>
@@ -44967,9 +47284,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_mmcc_port" lineno="38761">
+<interface name="corenet_tcp_connect_pdps_port" lineno="62685">
 <summary>
-Make a TCP connection to the mmcc port.
+Make a TCP connection to the pdps port.
 </summary>
 <param name="domain">
 <summary>
@@ -44977,9 +47294,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_mmcc_client_packets" lineno="38781">
+<interface name="corenet_send_pdps_client_packets" lineno="62705">
 <summary>
-Send mmcc_client packets.
+Send pdps_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -44988,9 +47305,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_mmcc_client_packets" lineno="38800">
+<interface name="corenet_dontaudit_send_pdps_client_packets" lineno="62724">
 <summary>
-Do not audit attempts to send mmcc_client packets.
+Do not audit attempts to send pdps_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -44999,9 +47316,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_mmcc_client_packets" lineno="38819">
+<interface name="corenet_receive_pdps_client_packets" lineno="62743">
 <summary>
-Receive mmcc_client packets.
+Receive pdps_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45010,9 +47327,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_mmcc_client_packets" lineno="38838">
+<interface name="corenet_dontaudit_receive_pdps_client_packets" lineno="62762">
 <summary>
-Do not audit attempts to receive mmcc_client packets.
+Do not audit attempts to receive pdps_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45021,9 +47338,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_mmcc_client_packets" lineno="38857">
+<interface name="corenet_sendrecv_pdps_client_packets" lineno="62781">
 <summary>
-Send and receive mmcc_client packets.
+Send and receive pdps_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45032,9 +47349,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_mmcc_client_packets" lineno="38873">
+<interface name="corenet_dontaudit_sendrecv_pdps_client_packets" lineno="62797">
 <summary>
-Do not audit attempts to send and receive mmcc_client packets.
+Do not audit attempts to send and receive pdps_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45043,9 +47360,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_mmcc_client_packets" lineno="38888">
+<interface name="corenet_relabelto_pdps_client_packets" lineno="62812">
 <summary>
-Relabel packets to mmcc_client the packet type.
+Relabel packets to pdps_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -45053,9 +47370,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_mmcc_server_packets" lineno="38908">
+<interface name="corenet_send_pdps_server_packets" lineno="62832">
 <summary>
-Send mmcc_server packets.
+Send pdps_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45064,9 +47381,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_mmcc_server_packets" lineno="38927">
+<interface name="corenet_dontaudit_send_pdps_server_packets" lineno="62851">
 <summary>
-Do not audit attempts to send mmcc_server packets.
+Do not audit attempts to send pdps_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45075,9 +47392,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_mmcc_server_packets" lineno="38946">
+<interface name="corenet_receive_pdps_server_packets" lineno="62870">
 <summary>
-Receive mmcc_server packets.
+Receive pdps_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45086,9 +47403,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_mmcc_server_packets" lineno="38965">
+<interface name="corenet_dontaudit_receive_pdps_server_packets" lineno="62889">
 <summary>
-Do not audit attempts to receive mmcc_server packets.
+Do not audit attempts to receive pdps_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45097,9 +47414,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_mmcc_server_packets" lineno="38984">
+<interface name="corenet_sendrecv_pdps_server_packets" lineno="62908">
 <summary>
-Send and receive mmcc_server packets.
+Send and receive pdps_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45108,9 +47425,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_mmcc_server_packets" lineno="39000">
+<interface name="corenet_dontaudit_sendrecv_pdps_server_packets" lineno="62924">
 <summary>
-Do not audit attempts to send and receive mmcc_server packets.
+Do not audit attempts to send and receive pdps_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45119,9 +47436,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_mmcc_server_packets" lineno="39015">
+<interface name="corenet_relabelto_pdps_server_packets" lineno="62939">
 <summary>
-Relabel packets to mmcc_server the packet type.
+Relabel packets to pdps_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -45129,9 +47446,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_monopd_port" lineno="39037">
+<interface name="corenet_tcp_sendrecv_pegasus_http_port" lineno="62961">
 <summary>
-Send and receive TCP traffic on the monopd port.
+Send and receive TCP traffic on the pegasus_http port.
 </summary>
 <param name="domain">
 <summary>
@@ -45140,9 +47457,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_monopd_port" lineno="39056">
+<interface name="corenet_udp_send_pegasus_http_port" lineno="62980">
 <summary>
-Send UDP traffic on the monopd port.
+Send UDP traffic on the pegasus_http port.
 </summary>
 <param name="domain">
 <summary>
@@ -45151,9 +47468,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_monopd_port" lineno="39075">
+<interface name="corenet_dontaudit_udp_send_pegasus_http_port" lineno="62999">
 <summary>
-Do not audit attempts to send UDP traffic on the monopd port.
+Do not audit attempts to send UDP traffic on the pegasus_http port.
 </summary>
 <param name="domain">
 <summary>
@@ -45162,9 +47479,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_monopd_port" lineno="39094">
+<interface name="corenet_udp_receive_pegasus_http_port" lineno="63018">
 <summary>
-Receive UDP traffic on the monopd port.
+Receive UDP traffic on the pegasus_http port.
 </summary>
 <param name="domain">
 <summary>
@@ -45173,9 +47490,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_monopd_port" lineno="39113">
+<interface name="corenet_dontaudit_udp_receive_pegasus_http_port" lineno="63037">
 <summary>
-Do not audit attempts to receive UDP traffic on the monopd port.
+Do not audit attempts to receive UDP traffic on the pegasus_http port.
 </summary>
 <param name="domain">
 <summary>
@@ -45184,9 +47501,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_monopd_port" lineno="39132">
+<interface name="corenet_udp_sendrecv_pegasus_http_port" lineno="63056">
 <summary>
-Send and receive UDP traffic on the monopd port.
+Send and receive UDP traffic on the pegasus_http port.
 </summary>
 <param name="domain">
 <summary>
@@ -45195,10 +47512,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_monopd_port" lineno="39149">
+<interface name="corenet_dontaudit_udp_sendrecv_pegasus_http_port" lineno="63073">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the monopd port.
+UDP traffic on the pegasus_http port.
 </summary>
 <param name="domain">
 <summary>
@@ -45207,9 +47524,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_monopd_port" lineno="39165">
+<interface name="corenet_tcp_bind_pegasus_http_port" lineno="63089">
 <summary>
-Bind TCP sockets to the monopd port.
+Bind TCP sockets to the pegasus_http port.
 </summary>
 <param name="domain">
 <summary>
@@ -45218,9 +47535,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_monopd_port" lineno="39185">
+<interface name="corenet_udp_bind_pegasus_http_port" lineno="63109">
 <summary>
-Bind UDP sockets to the monopd port.
+Bind UDP sockets to the pegasus_http port.
 </summary>
 <param name="domain">
 <summary>
@@ -45229,9 +47546,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_monopd_port" lineno="39204">
+<interface name="corenet_tcp_connect_pegasus_http_port" lineno="63128">
 <summary>
-Make a TCP connection to the monopd port.
+Make a TCP connection to the pegasus_http port.
 </summary>
 <param name="domain">
 <summary>
@@ -45239,9 +47556,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_monopd_client_packets" lineno="39224">
+<interface name="corenet_send_pegasus_http_client_packets" lineno="63148">
 <summary>
-Send monopd_client packets.
+Send pegasus_http_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45250,9 +47567,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_monopd_client_packets" lineno="39243">
+<interface name="corenet_dontaudit_send_pegasus_http_client_packets" lineno="63167">
 <summary>
-Do not audit attempts to send monopd_client packets.
+Do not audit attempts to send pegasus_http_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45261,9 +47578,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_monopd_client_packets" lineno="39262">
+<interface name="corenet_receive_pegasus_http_client_packets" lineno="63186">
 <summary>
-Receive monopd_client packets.
+Receive pegasus_http_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45272,9 +47589,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_monopd_client_packets" lineno="39281">
+<interface name="corenet_dontaudit_receive_pegasus_http_client_packets" lineno="63205">
 <summary>
-Do not audit attempts to receive monopd_client packets.
+Do not audit attempts to receive pegasus_http_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45283,9 +47600,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_monopd_client_packets" lineno="39300">
+<interface name="corenet_sendrecv_pegasus_http_client_packets" lineno="63224">
 <summary>
-Send and receive monopd_client packets.
+Send and receive pegasus_http_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45294,9 +47611,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_monopd_client_packets" lineno="39316">
+<interface name="corenet_dontaudit_sendrecv_pegasus_http_client_packets" lineno="63240">
 <summary>
-Do not audit attempts to send and receive monopd_client packets.
+Do not audit attempts to send and receive pegasus_http_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45305,9 +47622,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_monopd_client_packets" lineno="39331">
+<interface name="corenet_relabelto_pegasus_http_client_packets" lineno="63255">
 <summary>
-Relabel packets to monopd_client the packet type.
+Relabel packets to pegasus_http_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -45315,9 +47632,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_monopd_server_packets" lineno="39351">
+<interface name="corenet_send_pegasus_http_server_packets" lineno="63275">
 <summary>
-Send monopd_server packets.
+Send pegasus_http_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45326,9 +47643,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_monopd_server_packets" lineno="39370">
+<interface name="corenet_dontaudit_send_pegasus_http_server_packets" lineno="63294">
 <summary>
-Do not audit attempts to send monopd_server packets.
+Do not audit attempts to send pegasus_http_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45337,9 +47654,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_monopd_server_packets" lineno="39389">
+<interface name="corenet_receive_pegasus_http_server_packets" lineno="63313">
 <summary>
-Receive monopd_server packets.
+Receive pegasus_http_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45348,9 +47665,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_monopd_server_packets" lineno="39408">
+<interface name="corenet_dontaudit_receive_pegasus_http_server_packets" lineno="63332">
 <summary>
-Do not audit attempts to receive monopd_server packets.
+Do not audit attempts to receive pegasus_http_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45359,9 +47676,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_monopd_server_packets" lineno="39427">
+<interface name="corenet_sendrecv_pegasus_http_server_packets" lineno="63351">
 <summary>
-Send and receive monopd_server packets.
+Send and receive pegasus_http_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45370,9 +47687,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_monopd_server_packets" lineno="39443">
+<interface name="corenet_dontaudit_sendrecv_pegasus_http_server_packets" lineno="63367">
 <summary>
-Do not audit attempts to send and receive monopd_server packets.
+Do not audit attempts to send and receive pegasus_http_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45381,9 +47698,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_monopd_server_packets" lineno="39458">
+<interface name="corenet_relabelto_pegasus_http_server_packets" lineno="63382">
 <summary>
-Relabel packets to monopd_server the packet type.
+Relabel packets to pegasus_http_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -45391,9 +47708,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_mpd_port" lineno="39480">
+<interface name="corenet_tcp_sendrecv_pegasus_https_port" lineno="63404">
 <summary>
-Send and receive TCP traffic on the mpd port.
+Send and receive TCP traffic on the pegasus_https port.
 </summary>
 <param name="domain">
 <summary>
@@ -45402,9 +47719,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_mpd_port" lineno="39499">
+<interface name="corenet_udp_send_pegasus_https_port" lineno="63423">
 <summary>
-Send UDP traffic on the mpd port.
+Send UDP traffic on the pegasus_https port.
 </summary>
 <param name="domain">
 <summary>
@@ -45413,9 +47730,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_mpd_port" lineno="39518">
+<interface name="corenet_dontaudit_udp_send_pegasus_https_port" lineno="63442">
 <summary>
-Do not audit attempts to send UDP traffic on the mpd port.
+Do not audit attempts to send UDP traffic on the pegasus_https port.
 </summary>
 <param name="domain">
 <summary>
@@ -45424,9 +47741,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_mpd_port" lineno="39537">
+<interface name="corenet_udp_receive_pegasus_https_port" lineno="63461">
 <summary>
-Receive UDP traffic on the mpd port.
+Receive UDP traffic on the pegasus_https port.
 </summary>
 <param name="domain">
 <summary>
@@ -45435,9 +47752,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_mpd_port" lineno="39556">
+<interface name="corenet_dontaudit_udp_receive_pegasus_https_port" lineno="63480">
 <summary>
-Do not audit attempts to receive UDP traffic on the mpd port.
+Do not audit attempts to receive UDP traffic on the pegasus_https port.
 </summary>
 <param name="domain">
 <summary>
@@ -45446,9 +47763,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_mpd_port" lineno="39575">
+<interface name="corenet_udp_sendrecv_pegasus_https_port" lineno="63499">
 <summary>
-Send and receive UDP traffic on the mpd port.
+Send and receive UDP traffic on the pegasus_https port.
 </summary>
 <param name="domain">
 <summary>
@@ -45457,10 +47774,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_mpd_port" lineno="39592">
+<interface name="corenet_dontaudit_udp_sendrecv_pegasus_https_port" lineno="63516">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the mpd port.
+UDP traffic on the pegasus_https port.
 </summary>
 <param name="domain">
 <summary>
@@ -45469,9 +47786,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_mpd_port" lineno="39608">
+<interface name="corenet_tcp_bind_pegasus_https_port" lineno="63532">
 <summary>
-Bind TCP sockets to the mpd port.
+Bind TCP sockets to the pegasus_https port.
 </summary>
 <param name="domain">
 <summary>
@@ -45480,9 +47797,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_mpd_port" lineno="39628">
+<interface name="corenet_udp_bind_pegasus_https_port" lineno="63552">
 <summary>
-Bind UDP sockets to the mpd port.
+Bind UDP sockets to the pegasus_https port.
 </summary>
 <param name="domain">
 <summary>
@@ -45491,9 +47808,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_mpd_port" lineno="39647">
+<interface name="corenet_tcp_connect_pegasus_https_port" lineno="63571">
 <summary>
-Make a TCP connection to the mpd port.
+Make a TCP connection to the pegasus_https port.
 </summary>
 <param name="domain">
 <summary>
@@ -45501,9 +47818,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_mpd_client_packets" lineno="39667">
+<interface name="corenet_send_pegasus_https_client_packets" lineno="63591">
 <summary>
-Send mpd_client packets.
+Send pegasus_https_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45512,9 +47829,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_mpd_client_packets" lineno="39686">
+<interface name="corenet_dontaudit_send_pegasus_https_client_packets" lineno="63610">
 <summary>
-Do not audit attempts to send mpd_client packets.
+Do not audit attempts to send pegasus_https_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45523,9 +47840,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_mpd_client_packets" lineno="39705">
+<interface name="corenet_receive_pegasus_https_client_packets" lineno="63629">
 <summary>
-Receive mpd_client packets.
+Receive pegasus_https_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45534,9 +47851,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_mpd_client_packets" lineno="39724">
+<interface name="corenet_dontaudit_receive_pegasus_https_client_packets" lineno="63648">
 <summary>
-Do not audit attempts to receive mpd_client packets.
+Do not audit attempts to receive pegasus_https_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45545,9 +47862,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_mpd_client_packets" lineno="39743">
+<interface name="corenet_sendrecv_pegasus_https_client_packets" lineno="63667">
 <summary>
-Send and receive mpd_client packets.
+Send and receive pegasus_https_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45556,9 +47873,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_mpd_client_packets" lineno="39759">
+<interface name="corenet_dontaudit_sendrecv_pegasus_https_client_packets" lineno="63683">
 <summary>
-Do not audit attempts to send and receive mpd_client packets.
+Do not audit attempts to send and receive pegasus_https_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45567,9 +47884,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_mpd_client_packets" lineno="39774">
+<interface name="corenet_relabelto_pegasus_https_client_packets" lineno="63698">
 <summary>
-Relabel packets to mpd_client the packet type.
+Relabel packets to pegasus_https_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -45577,9 +47894,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_mpd_server_packets" lineno="39794">
+<interface name="corenet_send_pegasus_https_server_packets" lineno="63718">
 <summary>
-Send mpd_server packets.
+Send pegasus_https_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45588,9 +47905,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_mpd_server_packets" lineno="39813">
+<interface name="corenet_dontaudit_send_pegasus_https_server_packets" lineno="63737">
 <summary>
-Do not audit attempts to send mpd_server packets.
+Do not audit attempts to send pegasus_https_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45599,9 +47916,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_mpd_server_packets" lineno="39832">
+<interface name="corenet_receive_pegasus_https_server_packets" lineno="63756">
 <summary>
-Receive mpd_server packets.
+Receive pegasus_https_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45610,9 +47927,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_mpd_server_packets" lineno="39851">
+<interface name="corenet_dontaudit_receive_pegasus_https_server_packets" lineno="63775">
 <summary>
-Do not audit attempts to receive mpd_server packets.
+Do not audit attempts to receive pegasus_https_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45621,9 +47938,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_mpd_server_packets" lineno="39870">
+<interface name="corenet_sendrecv_pegasus_https_server_packets" lineno="63794">
 <summary>
-Send and receive mpd_server packets.
+Send and receive pegasus_https_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45632,9 +47949,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_mpd_server_packets" lineno="39886">
+<interface name="corenet_dontaudit_sendrecv_pegasus_https_server_packets" lineno="63810">
 <summary>
-Do not audit attempts to send and receive mpd_server packets.
+Do not audit attempts to send and receive pegasus_https_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45643,9 +47960,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_mpd_server_packets" lineno="39901">
+<interface name="corenet_relabelto_pegasus_https_server_packets" lineno="63825">
 <summary>
-Relabel packets to mpd_server the packet type.
+Relabel packets to pegasus_https_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -45653,9 +47970,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_msnp_port" lineno="39923">
+<interface name="corenet_tcp_sendrecv_pgpkeyserver_port" lineno="63847">
 <summary>
-Send and receive TCP traffic on the msnp port.
+Send and receive TCP traffic on the pgpkeyserver port.
 </summary>
 <param name="domain">
 <summary>
@@ -45664,9 +47981,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_msnp_port" lineno="39942">
+<interface name="corenet_udp_send_pgpkeyserver_port" lineno="63866">
 <summary>
-Send UDP traffic on the msnp port.
+Send UDP traffic on the pgpkeyserver port.
 </summary>
 <param name="domain">
 <summary>
@@ -45675,9 +47992,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_msnp_port" lineno="39961">
+<interface name="corenet_dontaudit_udp_send_pgpkeyserver_port" lineno="63885">
 <summary>
-Do not audit attempts to send UDP traffic on the msnp port.
+Do not audit attempts to send UDP traffic on the pgpkeyserver port.
 </summary>
 <param name="domain">
 <summary>
@@ -45686,9 +48003,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_msnp_port" lineno="39980">
+<interface name="corenet_udp_receive_pgpkeyserver_port" lineno="63904">
 <summary>
-Receive UDP traffic on the msnp port.
+Receive UDP traffic on the pgpkeyserver port.
 </summary>
 <param name="domain">
 <summary>
@@ -45697,9 +48014,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_msnp_port" lineno="39999">
+<interface name="corenet_dontaudit_udp_receive_pgpkeyserver_port" lineno="63923">
 <summary>
-Do not audit attempts to receive UDP traffic on the msnp port.
+Do not audit attempts to receive UDP traffic on the pgpkeyserver port.
 </summary>
 <param name="domain">
 <summary>
@@ -45708,9 +48025,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_msnp_port" lineno="40018">
+<interface name="corenet_udp_sendrecv_pgpkeyserver_port" lineno="63942">
 <summary>
-Send and receive UDP traffic on the msnp port.
+Send and receive UDP traffic on the pgpkeyserver port.
 </summary>
 <param name="domain">
 <summary>
@@ -45719,10 +48036,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_msnp_port" lineno="40035">
+<interface name="corenet_dontaudit_udp_sendrecv_pgpkeyserver_port" lineno="63959">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the msnp port.
+UDP traffic on the pgpkeyserver port.
 </summary>
 <param name="domain">
 <summary>
@@ -45731,9 +48048,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_msnp_port" lineno="40051">
+<interface name="corenet_tcp_bind_pgpkeyserver_port" lineno="63975">
 <summary>
-Bind TCP sockets to the msnp port.
+Bind TCP sockets to the pgpkeyserver port.
 </summary>
 <param name="domain">
 <summary>
@@ -45742,9 +48059,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_msnp_port" lineno="40071">
+<interface name="corenet_udp_bind_pgpkeyserver_port" lineno="63995">
 <summary>
-Bind UDP sockets to the msnp port.
+Bind UDP sockets to the pgpkeyserver port.
 </summary>
 <param name="domain">
 <summary>
@@ -45753,9 +48070,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_msnp_port" lineno="40090">
+<interface name="corenet_tcp_connect_pgpkeyserver_port" lineno="64014">
 <summary>
-Make a TCP connection to the msnp port.
+Make a TCP connection to the pgpkeyserver port.
 </summary>
 <param name="domain">
 <summary>
@@ -45763,9 +48080,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_msnp_client_packets" lineno="40110">
+<interface name="corenet_send_pgpkeyserver_client_packets" lineno="64034">
 <summary>
-Send msnp_client packets.
+Send pgpkeyserver_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45774,9 +48091,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_msnp_client_packets" lineno="40129">
+<interface name="corenet_dontaudit_send_pgpkeyserver_client_packets" lineno="64053">
 <summary>
-Do not audit attempts to send msnp_client packets.
+Do not audit attempts to send pgpkeyserver_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45785,9 +48102,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_msnp_client_packets" lineno="40148">
+<interface name="corenet_receive_pgpkeyserver_client_packets" lineno="64072">
 <summary>
-Receive msnp_client packets.
+Receive pgpkeyserver_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45796,9 +48113,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_msnp_client_packets" lineno="40167">
+<interface name="corenet_dontaudit_receive_pgpkeyserver_client_packets" lineno="64091">
 <summary>
-Do not audit attempts to receive msnp_client packets.
+Do not audit attempts to receive pgpkeyserver_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45807,9 +48124,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_msnp_client_packets" lineno="40186">
+<interface name="corenet_sendrecv_pgpkeyserver_client_packets" lineno="64110">
 <summary>
-Send and receive msnp_client packets.
+Send and receive pgpkeyserver_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45818,9 +48135,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_msnp_client_packets" lineno="40202">
+<interface name="corenet_dontaudit_sendrecv_pgpkeyserver_client_packets" lineno="64126">
 <summary>
-Do not audit attempts to send and receive msnp_client packets.
+Do not audit attempts to send and receive pgpkeyserver_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45829,9 +48146,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_msnp_client_packets" lineno="40217">
+<interface name="corenet_relabelto_pgpkeyserver_client_packets" lineno="64141">
 <summary>
-Relabel packets to msnp_client the packet type.
+Relabel packets to pgpkeyserver_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -45839,9 +48156,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_msnp_server_packets" lineno="40237">
+<interface name="corenet_send_pgpkeyserver_server_packets" lineno="64161">
 <summary>
-Send msnp_server packets.
+Send pgpkeyserver_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45850,9 +48167,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_msnp_server_packets" lineno="40256">
+<interface name="corenet_dontaudit_send_pgpkeyserver_server_packets" lineno="64180">
 <summary>
-Do not audit attempts to send msnp_server packets.
+Do not audit attempts to send pgpkeyserver_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45861,9 +48178,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_msnp_server_packets" lineno="40275">
+<interface name="corenet_receive_pgpkeyserver_server_packets" lineno="64199">
 <summary>
-Receive msnp_server packets.
+Receive pgpkeyserver_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45872,9 +48189,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_msnp_server_packets" lineno="40294">
+<interface name="corenet_dontaudit_receive_pgpkeyserver_server_packets" lineno="64218">
 <summary>
-Do not audit attempts to receive msnp_server packets.
+Do not audit attempts to receive pgpkeyserver_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45883,9 +48200,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_msnp_server_packets" lineno="40313">
+<interface name="corenet_sendrecv_pgpkeyserver_server_packets" lineno="64237">
 <summary>
-Send and receive msnp_server packets.
+Send and receive pgpkeyserver_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45894,9 +48211,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_msnp_server_packets" lineno="40329">
+<interface name="corenet_dontaudit_sendrecv_pgpkeyserver_server_packets" lineno="64253">
 <summary>
-Do not audit attempts to send and receive msnp_server packets.
+Do not audit attempts to send and receive pgpkeyserver_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -45905,9 +48222,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_msnp_server_packets" lineno="40344">
+<interface name="corenet_relabelto_pgpkeyserver_server_packets" lineno="64268">
 <summary>
-Relabel packets to msnp_server the packet type.
+Relabel packets to pgpkeyserver_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -45915,9 +48232,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_mssql_port" lineno="40366">
+<interface name="corenet_tcp_sendrecv_pingd_port" lineno="64290">
 <summary>
-Send and receive TCP traffic on the mssql port.
+Send and receive TCP traffic on the pingd port.
 </summary>
 <param name="domain">
 <summary>
@@ -45926,9 +48243,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_mssql_port" lineno="40385">
+<interface name="corenet_udp_send_pingd_port" lineno="64309">
 <summary>
-Send UDP traffic on the mssql port.
+Send UDP traffic on the pingd port.
 </summary>
 <param name="domain">
 <summary>
@@ -45937,9 +48254,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_mssql_port" lineno="40404">
+<interface name="corenet_dontaudit_udp_send_pingd_port" lineno="64328">
 <summary>
-Do not audit attempts to send UDP traffic on the mssql port.
+Do not audit attempts to send UDP traffic on the pingd port.
 </summary>
 <param name="domain">
 <summary>
@@ -45948,9 +48265,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_mssql_port" lineno="40423">
+<interface name="corenet_udp_receive_pingd_port" lineno="64347">
 <summary>
-Receive UDP traffic on the mssql port.
+Receive UDP traffic on the pingd port.
 </summary>
 <param name="domain">
 <summary>
@@ -45959,9 +48276,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_mssql_port" lineno="40442">
+<interface name="corenet_dontaudit_udp_receive_pingd_port" lineno="64366">
 <summary>
-Do not audit attempts to receive UDP traffic on the mssql port.
+Do not audit attempts to receive UDP traffic on the pingd port.
 </summary>
 <param name="domain">
 <summary>
@@ -45970,9 +48287,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_mssql_port" lineno="40461">
+<interface name="corenet_udp_sendrecv_pingd_port" lineno="64385">
 <summary>
-Send and receive UDP traffic on the mssql port.
+Send and receive UDP traffic on the pingd port.
 </summary>
 <param name="domain">
 <summary>
@@ -45981,10 +48298,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_mssql_port" lineno="40478">
+<interface name="corenet_dontaudit_udp_sendrecv_pingd_port" lineno="64402">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the mssql port.
+UDP traffic on the pingd port.
 </summary>
 <param name="domain">
 <summary>
@@ -45993,9 +48310,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_mssql_port" lineno="40494">
+<interface name="corenet_tcp_bind_pingd_port" lineno="64418">
 <summary>
-Bind TCP sockets to the mssql port.
+Bind TCP sockets to the pingd port.
 </summary>
 <param name="domain">
 <summary>
@@ -46004,9 +48321,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_mssql_port" lineno="40514">
+<interface name="corenet_udp_bind_pingd_port" lineno="64438">
 <summary>
-Bind UDP sockets to the mssql port.
+Bind UDP sockets to the pingd port.
 </summary>
 <param name="domain">
 <summary>
@@ -46015,9 +48332,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_mssql_port" lineno="40533">
+<interface name="corenet_tcp_connect_pingd_port" lineno="64457">
 <summary>
-Make a TCP connection to the mssql port.
+Make a TCP connection to the pingd port.
 </summary>
 <param name="domain">
 <summary>
@@ -46025,9 +48342,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_mssql_client_packets" lineno="40553">
+<interface name="corenet_send_pingd_client_packets" lineno="64477">
 <summary>
-Send mssql_client packets.
+Send pingd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46036,9 +48353,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_mssql_client_packets" lineno="40572">
+<interface name="corenet_dontaudit_send_pingd_client_packets" lineno="64496">
 <summary>
-Do not audit attempts to send mssql_client packets.
+Do not audit attempts to send pingd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46047,9 +48364,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_mssql_client_packets" lineno="40591">
+<interface name="corenet_receive_pingd_client_packets" lineno="64515">
 <summary>
-Receive mssql_client packets.
+Receive pingd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46058,9 +48375,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_mssql_client_packets" lineno="40610">
+<interface name="corenet_dontaudit_receive_pingd_client_packets" lineno="64534">
 <summary>
-Do not audit attempts to receive mssql_client packets.
+Do not audit attempts to receive pingd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46069,9 +48386,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_mssql_client_packets" lineno="40629">
+<interface name="corenet_sendrecv_pingd_client_packets" lineno="64553">
 <summary>
-Send and receive mssql_client packets.
+Send and receive pingd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46080,9 +48397,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_mssql_client_packets" lineno="40645">
+<interface name="corenet_dontaudit_sendrecv_pingd_client_packets" lineno="64569">
 <summary>
-Do not audit attempts to send and receive mssql_client packets.
+Do not audit attempts to send and receive pingd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46091,9 +48408,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_mssql_client_packets" lineno="40660">
+<interface name="corenet_relabelto_pingd_client_packets" lineno="64584">
 <summary>
-Relabel packets to mssql_client the packet type.
+Relabel packets to pingd_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -46101,9 +48418,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_mssql_server_packets" lineno="40680">
+<interface name="corenet_send_pingd_server_packets" lineno="64604">
 <summary>
-Send mssql_server packets.
+Send pingd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46112,9 +48429,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_mssql_server_packets" lineno="40699">
+<interface name="corenet_dontaudit_send_pingd_server_packets" lineno="64623">
 <summary>
-Do not audit attempts to send mssql_server packets.
+Do not audit attempts to send pingd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46123,9 +48440,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_mssql_server_packets" lineno="40718">
+<interface name="corenet_receive_pingd_server_packets" lineno="64642">
 <summary>
-Receive mssql_server packets.
+Receive pingd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46134,9 +48451,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_mssql_server_packets" lineno="40737">
+<interface name="corenet_dontaudit_receive_pingd_server_packets" lineno="64661">
 <summary>
-Do not audit attempts to receive mssql_server packets.
+Do not audit attempts to receive pingd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46145,9 +48462,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_mssql_server_packets" lineno="40756">
+<interface name="corenet_sendrecv_pingd_server_packets" lineno="64680">
 <summary>
-Send and receive mssql_server packets.
+Send and receive pingd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46156,9 +48473,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_mssql_server_packets" lineno="40772">
+<interface name="corenet_dontaudit_sendrecv_pingd_server_packets" lineno="64696">
 <summary>
-Do not audit attempts to send and receive mssql_server packets.
+Do not audit attempts to send and receive pingd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46167,9 +48484,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_mssql_server_packets" lineno="40787">
+<interface name="corenet_relabelto_pingd_server_packets" lineno="64711">
 <summary>
-Relabel packets to mssql_server the packet type.
+Relabel packets to pingd_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -46177,9 +48494,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_munin_port" lineno="40809">
+<interface name="corenet_tcp_sendrecv_pktcable_cops_port" lineno="64733">
 <summary>
-Send and receive TCP traffic on the munin port.
+Send and receive TCP traffic on the pktcable_cops port.
 </summary>
 <param name="domain">
 <summary>
@@ -46188,9 +48505,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_munin_port" lineno="40828">
+<interface name="corenet_udp_send_pktcable_cops_port" lineno="64752">
 <summary>
-Send UDP traffic on the munin port.
+Send UDP traffic on the pktcable_cops port.
 </summary>
 <param name="domain">
 <summary>
@@ -46199,9 +48516,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_munin_port" lineno="40847">
+<interface name="corenet_dontaudit_udp_send_pktcable_cops_port" lineno="64771">
 <summary>
-Do not audit attempts to send UDP traffic on the munin port.
+Do not audit attempts to send UDP traffic on the pktcable_cops port.
 </summary>
 <param name="domain">
 <summary>
@@ -46210,9 +48527,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_munin_port" lineno="40866">
+<interface name="corenet_udp_receive_pktcable_cops_port" lineno="64790">
 <summary>
-Receive UDP traffic on the munin port.
+Receive UDP traffic on the pktcable_cops port.
 </summary>
 <param name="domain">
 <summary>
@@ -46221,9 +48538,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_munin_port" lineno="40885">
+<interface name="corenet_dontaudit_udp_receive_pktcable_cops_port" lineno="64809">
 <summary>
-Do not audit attempts to receive UDP traffic on the munin port.
+Do not audit attempts to receive UDP traffic on the pktcable_cops port.
 </summary>
 <param name="domain">
 <summary>
@@ -46232,9 +48549,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_munin_port" lineno="40904">
+<interface name="corenet_udp_sendrecv_pktcable_cops_port" lineno="64828">
 <summary>
-Send and receive UDP traffic on the munin port.
+Send and receive UDP traffic on the pktcable_cops port.
 </summary>
 <param name="domain">
 <summary>
@@ -46243,10 +48560,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_munin_port" lineno="40921">
+<interface name="corenet_dontaudit_udp_sendrecv_pktcable_cops_port" lineno="64845">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the munin port.
+UDP traffic on the pktcable_cops port.
 </summary>
 <param name="domain">
 <summary>
@@ -46255,9 +48572,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_munin_port" lineno="40937">
+<interface name="corenet_tcp_bind_pktcable_cops_port" lineno="64861">
 <summary>
-Bind TCP sockets to the munin port.
+Bind TCP sockets to the pktcable_cops port.
 </summary>
 <param name="domain">
 <summary>
@@ -46266,9 +48583,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_munin_port" lineno="40957">
+<interface name="corenet_udp_bind_pktcable_cops_port" lineno="64881">
 <summary>
-Bind UDP sockets to the munin port.
+Bind UDP sockets to the pktcable_cops port.
 </summary>
 <param name="domain">
 <summary>
@@ -46277,9 +48594,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_munin_port" lineno="40976">
+<interface name="corenet_tcp_connect_pktcable_cops_port" lineno="64900">
 <summary>
-Make a TCP connection to the munin port.
+Make a TCP connection to the pktcable_cops port.
 </summary>
 <param name="domain">
 <summary>
@@ -46287,9 +48604,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_munin_client_packets" lineno="40996">
+<interface name="corenet_send_pktcable_cops_client_packets" lineno="64920">
 <summary>
-Send munin_client packets.
+Send pktcable_cops_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46298,9 +48615,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_munin_client_packets" lineno="41015">
+<interface name="corenet_dontaudit_send_pktcable_cops_client_packets" lineno="64939">
 <summary>
-Do not audit attempts to send munin_client packets.
+Do not audit attempts to send pktcable_cops_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46309,9 +48626,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_munin_client_packets" lineno="41034">
+<interface name="corenet_receive_pktcable_cops_client_packets" lineno="64958">
 <summary>
-Receive munin_client packets.
+Receive pktcable_cops_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46320,9 +48637,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_munin_client_packets" lineno="41053">
+<interface name="corenet_dontaudit_receive_pktcable_cops_client_packets" lineno="64977">
 <summary>
-Do not audit attempts to receive munin_client packets.
+Do not audit attempts to receive pktcable_cops_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46331,9 +48648,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_munin_client_packets" lineno="41072">
+<interface name="corenet_sendrecv_pktcable_cops_client_packets" lineno="64996">
 <summary>
-Send and receive munin_client packets.
+Send and receive pktcable_cops_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46342,9 +48659,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_munin_client_packets" lineno="41088">
+<interface name="corenet_dontaudit_sendrecv_pktcable_cops_client_packets" lineno="65012">
 <summary>
-Do not audit attempts to send and receive munin_client packets.
+Do not audit attempts to send and receive pktcable_cops_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46353,9 +48670,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_munin_client_packets" lineno="41103">
+<interface name="corenet_relabelto_pktcable_cops_client_packets" lineno="65027">
 <summary>
-Relabel packets to munin_client the packet type.
+Relabel packets to pktcable_cops_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -46363,9 +48680,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_munin_server_packets" lineno="41123">
+<interface name="corenet_send_pktcable_cops_server_packets" lineno="65047">
 <summary>
-Send munin_server packets.
+Send pktcable_cops_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46374,9 +48691,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_munin_server_packets" lineno="41142">
+<interface name="corenet_dontaudit_send_pktcable_cops_server_packets" lineno="65066">
 <summary>
-Do not audit attempts to send munin_server packets.
+Do not audit attempts to send pktcable_cops_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46385,9 +48702,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_munin_server_packets" lineno="41161">
+<interface name="corenet_receive_pktcable_cops_server_packets" lineno="65085">
 <summary>
-Receive munin_server packets.
+Receive pktcable_cops_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46396,9 +48713,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_munin_server_packets" lineno="41180">
+<interface name="corenet_dontaudit_receive_pktcable_cops_server_packets" lineno="65104">
 <summary>
-Do not audit attempts to receive munin_server packets.
+Do not audit attempts to receive pktcable_cops_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46407,9 +48724,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_munin_server_packets" lineno="41199">
+<interface name="corenet_sendrecv_pktcable_cops_server_packets" lineno="65123">
 <summary>
-Send and receive munin_server packets.
+Send and receive pktcable_cops_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46418,9 +48735,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_munin_server_packets" lineno="41215">
+<interface name="corenet_dontaudit_sendrecv_pktcable_cops_server_packets" lineno="65139">
 <summary>
-Do not audit attempts to send and receive munin_server packets.
+Do not audit attempts to send and receive pktcable_cops_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46429,9 +48746,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_munin_server_packets" lineno="41230">
+<interface name="corenet_relabelto_pktcable_cops_server_packets" lineno="65154">
 <summary>
-Relabel packets to munin_server the packet type.
+Relabel packets to pktcable_cops_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -46439,9 +48756,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_mysqld_port" lineno="41252">
+<interface name="corenet_tcp_sendrecv_pop_port" lineno="65176">
 <summary>
-Send and receive TCP traffic on the mysqld port.
+Send and receive TCP traffic on the pop port.
 </summary>
 <param name="domain">
 <summary>
@@ -46450,9 +48767,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_mysqld_port" lineno="41271">
+<interface name="corenet_udp_send_pop_port" lineno="65195">
 <summary>
-Send UDP traffic on the mysqld port.
+Send UDP traffic on the pop port.
 </summary>
 <param name="domain">
 <summary>
@@ -46461,9 +48778,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_mysqld_port" lineno="41290">
+<interface name="corenet_dontaudit_udp_send_pop_port" lineno="65214">
 <summary>
-Do not audit attempts to send UDP traffic on the mysqld port.
+Do not audit attempts to send UDP traffic on the pop port.
 </summary>
 <param name="domain">
 <summary>
@@ -46472,9 +48789,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_mysqld_port" lineno="41309">
+<interface name="corenet_udp_receive_pop_port" lineno="65233">
 <summary>
-Receive UDP traffic on the mysqld port.
+Receive UDP traffic on the pop port.
 </summary>
 <param name="domain">
 <summary>
@@ -46483,9 +48800,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_mysqld_port" lineno="41328">
+<interface name="corenet_dontaudit_udp_receive_pop_port" lineno="65252">
 <summary>
-Do not audit attempts to receive UDP traffic on the mysqld port.
+Do not audit attempts to receive UDP traffic on the pop port.
 </summary>
 <param name="domain">
 <summary>
@@ -46494,9 +48811,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_mysqld_port" lineno="41347">
+<interface name="corenet_udp_sendrecv_pop_port" lineno="65271">
 <summary>
-Send and receive UDP traffic on the mysqld port.
+Send and receive UDP traffic on the pop port.
 </summary>
 <param name="domain">
 <summary>
@@ -46505,10 +48822,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_mysqld_port" lineno="41364">
+<interface name="corenet_dontaudit_udp_sendrecv_pop_port" lineno="65288">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the mysqld port.
+UDP traffic on the pop port.
 </summary>
 <param name="domain">
 <summary>
@@ -46517,9 +48834,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_mysqld_port" lineno="41380">
+<interface name="corenet_tcp_bind_pop_port" lineno="65304">
 <summary>
-Bind TCP sockets to the mysqld port.
+Bind TCP sockets to the pop port.
 </summary>
 <param name="domain">
 <summary>
@@ -46528,9 +48845,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_mysqld_port" lineno="41400">
+<interface name="corenet_udp_bind_pop_port" lineno="65324">
 <summary>
-Bind UDP sockets to the mysqld port.
+Bind UDP sockets to the pop port.
 </summary>
 <param name="domain">
 <summary>
@@ -46539,9 +48856,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_mysqld_port" lineno="41419">
+<interface name="corenet_tcp_connect_pop_port" lineno="65343">
 <summary>
-Make a TCP connection to the mysqld port.
+Make a TCP connection to the pop port.
 </summary>
 <param name="domain">
 <summary>
@@ -46549,9 +48866,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_mysqld_client_packets" lineno="41439">
+<interface name="corenet_send_pop_client_packets" lineno="65363">
 <summary>
-Send mysqld_client packets.
+Send pop_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46560,9 +48877,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_mysqld_client_packets" lineno="41458">
+<interface name="corenet_dontaudit_send_pop_client_packets" lineno="65382">
 <summary>
-Do not audit attempts to send mysqld_client packets.
+Do not audit attempts to send pop_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46571,9 +48888,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_mysqld_client_packets" lineno="41477">
+<interface name="corenet_receive_pop_client_packets" lineno="65401">
 <summary>
-Receive mysqld_client packets.
+Receive pop_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46582,9 +48899,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_mysqld_client_packets" lineno="41496">
+<interface name="corenet_dontaudit_receive_pop_client_packets" lineno="65420">
 <summary>
-Do not audit attempts to receive mysqld_client packets.
+Do not audit attempts to receive pop_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46593,9 +48910,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_mysqld_client_packets" lineno="41515">
+<interface name="corenet_sendrecv_pop_client_packets" lineno="65439">
 <summary>
-Send and receive mysqld_client packets.
+Send and receive pop_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46604,9 +48921,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_mysqld_client_packets" lineno="41531">
+<interface name="corenet_dontaudit_sendrecv_pop_client_packets" lineno="65455">
 <summary>
-Do not audit attempts to send and receive mysqld_client packets.
+Do not audit attempts to send and receive pop_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46615,9 +48932,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_mysqld_client_packets" lineno="41546">
+<interface name="corenet_relabelto_pop_client_packets" lineno="65470">
 <summary>
-Relabel packets to mysqld_client the packet type.
+Relabel packets to pop_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -46625,9 +48942,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_mysqld_server_packets" lineno="41566">
+<interface name="corenet_send_pop_server_packets" lineno="65490">
 <summary>
-Send mysqld_server packets.
+Send pop_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46636,9 +48953,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_mysqld_server_packets" lineno="41585">
+<interface name="corenet_dontaudit_send_pop_server_packets" lineno="65509">
 <summary>
-Do not audit attempts to send mysqld_server packets.
+Do not audit attempts to send pop_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46647,9 +48964,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_mysqld_server_packets" lineno="41604">
+<interface name="corenet_receive_pop_server_packets" lineno="65528">
 <summary>
-Receive mysqld_server packets.
+Receive pop_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46658,9 +48975,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_mysqld_server_packets" lineno="41623">
+<interface name="corenet_dontaudit_receive_pop_server_packets" lineno="65547">
 <summary>
-Do not audit attempts to receive mysqld_server packets.
+Do not audit attempts to receive pop_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46669,9 +48986,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_mysqld_server_packets" lineno="41642">
+<interface name="corenet_sendrecv_pop_server_packets" lineno="65566">
 <summary>
-Send and receive mysqld_server packets.
+Send and receive pop_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46680,9 +48997,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_mysqld_server_packets" lineno="41658">
+<interface name="corenet_dontaudit_sendrecv_pop_server_packets" lineno="65582">
 <summary>
-Do not audit attempts to send and receive mysqld_server packets.
+Do not audit attempts to send and receive pop_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46691,9 +49008,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_mysqld_server_packets" lineno="41673">
+<interface name="corenet_relabelto_pop_server_packets" lineno="65597">
 <summary>
-Relabel packets to mysqld_server the packet type.
+Relabel packets to pop_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -46701,9 +49018,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_mysqlmanagerd_port" lineno="41695">
+<interface name="corenet_tcp_sendrecv_portmap_port" lineno="65619">
 <summary>
-Send and receive TCP traffic on the mysqlmanagerd port.
+Send and receive TCP traffic on the portmap port.
 </summary>
 <param name="domain">
 <summary>
@@ -46712,9 +49029,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_mysqlmanagerd_port" lineno="41714">
+<interface name="corenet_udp_send_portmap_port" lineno="65638">
 <summary>
-Send UDP traffic on the mysqlmanagerd port.
+Send UDP traffic on the portmap port.
 </summary>
 <param name="domain">
 <summary>
@@ -46723,9 +49040,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_mysqlmanagerd_port" lineno="41733">
+<interface name="corenet_dontaudit_udp_send_portmap_port" lineno="65657">
 <summary>
-Do not audit attempts to send UDP traffic on the mysqlmanagerd port.
+Do not audit attempts to send UDP traffic on the portmap port.
 </summary>
 <param name="domain">
 <summary>
@@ -46734,9 +49051,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_mysqlmanagerd_port" lineno="41752">
+<interface name="corenet_udp_receive_portmap_port" lineno="65676">
 <summary>
-Receive UDP traffic on the mysqlmanagerd port.
+Receive UDP traffic on the portmap port.
 </summary>
 <param name="domain">
 <summary>
@@ -46745,9 +49062,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_mysqlmanagerd_port" lineno="41771">
+<interface name="corenet_dontaudit_udp_receive_portmap_port" lineno="65695">
 <summary>
-Do not audit attempts to receive UDP traffic on the mysqlmanagerd port.
+Do not audit attempts to receive UDP traffic on the portmap port.
 </summary>
 <param name="domain">
 <summary>
@@ -46756,9 +49073,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_mysqlmanagerd_port" lineno="41790">
+<interface name="corenet_udp_sendrecv_portmap_port" lineno="65714">
 <summary>
-Send and receive UDP traffic on the mysqlmanagerd port.
+Send and receive UDP traffic on the portmap port.
 </summary>
 <param name="domain">
 <summary>
@@ -46767,10 +49084,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_mysqlmanagerd_port" lineno="41807">
+<interface name="corenet_dontaudit_udp_sendrecv_portmap_port" lineno="65731">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the mysqlmanagerd port.
+UDP traffic on the portmap port.
 </summary>
 <param name="domain">
 <summary>
@@ -46779,9 +49096,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_mysqlmanagerd_port" lineno="41823">
+<interface name="corenet_tcp_bind_portmap_port" lineno="65747">
 <summary>
-Bind TCP sockets to the mysqlmanagerd port.
+Bind TCP sockets to the portmap port.
 </summary>
 <param name="domain">
 <summary>
@@ -46790,9 +49107,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_mysqlmanagerd_port" lineno="41843">
+<interface name="corenet_udp_bind_portmap_port" lineno="65767">
 <summary>
-Bind UDP sockets to the mysqlmanagerd port.
+Bind UDP sockets to the portmap port.
 </summary>
 <param name="domain">
 <summary>
@@ -46801,9 +49118,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_mysqlmanagerd_port" lineno="41862">
+<interface name="corenet_tcp_connect_portmap_port" lineno="65786">
 <summary>
-Make a TCP connection to the mysqlmanagerd port.
+Make a TCP connection to the portmap port.
 </summary>
 <param name="domain">
 <summary>
@@ -46811,9 +49128,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_mysqlmanagerd_client_packets" lineno="41882">
+<interface name="corenet_send_portmap_client_packets" lineno="65806">
 <summary>
-Send mysqlmanagerd_client packets.
+Send portmap_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46822,9 +49139,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_mysqlmanagerd_client_packets" lineno="41901">
+<interface name="corenet_dontaudit_send_portmap_client_packets" lineno="65825">
 <summary>
-Do not audit attempts to send mysqlmanagerd_client packets.
+Do not audit attempts to send portmap_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46833,9 +49150,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_mysqlmanagerd_client_packets" lineno="41920">
+<interface name="corenet_receive_portmap_client_packets" lineno="65844">
 <summary>
-Receive mysqlmanagerd_client packets.
+Receive portmap_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46844,9 +49161,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_mysqlmanagerd_client_packets" lineno="41939">
+<interface name="corenet_dontaudit_receive_portmap_client_packets" lineno="65863">
 <summary>
-Do not audit attempts to receive mysqlmanagerd_client packets.
+Do not audit attempts to receive portmap_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46855,9 +49172,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_mysqlmanagerd_client_packets" lineno="41958">
+<interface name="corenet_sendrecv_portmap_client_packets" lineno="65882">
 <summary>
-Send and receive mysqlmanagerd_client packets.
+Send and receive portmap_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46866,9 +49183,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_mysqlmanagerd_client_packets" lineno="41974">
+<interface name="corenet_dontaudit_sendrecv_portmap_client_packets" lineno="65898">
 <summary>
-Do not audit attempts to send and receive mysqlmanagerd_client packets.
+Do not audit attempts to send and receive portmap_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46877,9 +49194,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_mysqlmanagerd_client_packets" lineno="41989">
+<interface name="corenet_relabelto_portmap_client_packets" lineno="65913">
 <summary>
-Relabel packets to mysqlmanagerd_client the packet type.
+Relabel packets to portmap_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -46887,9 +49204,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_mysqlmanagerd_server_packets" lineno="42009">
+<interface name="corenet_send_portmap_server_packets" lineno="65933">
 <summary>
-Send mysqlmanagerd_server packets.
+Send portmap_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46898,9 +49215,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_mysqlmanagerd_server_packets" lineno="42028">
+<interface name="corenet_dontaudit_send_portmap_server_packets" lineno="65952">
 <summary>
-Do not audit attempts to send mysqlmanagerd_server packets.
+Do not audit attempts to send portmap_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46909,9 +49226,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_mysqlmanagerd_server_packets" lineno="42047">
+<interface name="corenet_receive_portmap_server_packets" lineno="65971">
 <summary>
-Receive mysqlmanagerd_server packets.
+Receive portmap_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46920,9 +49237,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_mysqlmanagerd_server_packets" lineno="42066">
+<interface name="corenet_dontaudit_receive_portmap_server_packets" lineno="65990">
 <summary>
-Do not audit attempts to receive mysqlmanagerd_server packets.
+Do not audit attempts to receive portmap_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46931,9 +49248,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_mysqlmanagerd_server_packets" lineno="42085">
+<interface name="corenet_sendrecv_portmap_server_packets" lineno="66009">
 <summary>
-Send and receive mysqlmanagerd_server packets.
+Send and receive portmap_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46942,9 +49259,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_mysqlmanagerd_server_packets" lineno="42101">
+<interface name="corenet_dontaudit_sendrecv_portmap_server_packets" lineno="66025">
 <summary>
-Do not audit attempts to send and receive mysqlmanagerd_server packets.
+Do not audit attempts to send and receive portmap_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -46953,9 +49270,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_mysqlmanagerd_server_packets" lineno="42116">
+<interface name="corenet_relabelto_portmap_server_packets" lineno="66040">
 <summary>
-Relabel packets to mysqlmanagerd_server the packet type.
+Relabel packets to portmap_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -46963,9 +49280,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_nessus_port" lineno="42138">
+<interface name="corenet_tcp_sendrecv_postfix_policyd_port" lineno="66062">
 <summary>
-Send and receive TCP traffic on the nessus port.
+Send and receive TCP traffic on the postfix_policyd port.
 </summary>
 <param name="domain">
 <summary>
@@ -46974,9 +49291,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_nessus_port" lineno="42157">
+<interface name="corenet_udp_send_postfix_policyd_port" lineno="66081">
 <summary>
-Send UDP traffic on the nessus port.
+Send UDP traffic on the postfix_policyd port.
 </summary>
 <param name="domain">
 <summary>
@@ -46985,9 +49302,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_nessus_port" lineno="42176">
+<interface name="corenet_dontaudit_udp_send_postfix_policyd_port" lineno="66100">
 <summary>
-Do not audit attempts to send UDP traffic on the nessus port.
+Do not audit attempts to send UDP traffic on the postfix_policyd port.
 </summary>
 <param name="domain">
 <summary>
@@ -46996,9 +49313,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_nessus_port" lineno="42195">
+<interface name="corenet_udp_receive_postfix_policyd_port" lineno="66119">
 <summary>
-Receive UDP traffic on the nessus port.
+Receive UDP traffic on the postfix_policyd port.
 </summary>
 <param name="domain">
 <summary>
@@ -47007,9 +49324,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_nessus_port" lineno="42214">
+<interface name="corenet_dontaudit_udp_receive_postfix_policyd_port" lineno="66138">
 <summary>
-Do not audit attempts to receive UDP traffic on the nessus port.
+Do not audit attempts to receive UDP traffic on the postfix_policyd port.
 </summary>
 <param name="domain">
 <summary>
@@ -47018,9 +49335,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_nessus_port" lineno="42233">
+<interface name="corenet_udp_sendrecv_postfix_policyd_port" lineno="66157">
 <summary>
-Send and receive UDP traffic on the nessus port.
+Send and receive UDP traffic on the postfix_policyd port.
 </summary>
 <param name="domain">
 <summary>
@@ -47029,10 +49346,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_nessus_port" lineno="42250">
+<interface name="corenet_dontaudit_udp_sendrecv_postfix_policyd_port" lineno="66174">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the nessus port.
+UDP traffic on the postfix_policyd port.
 </summary>
 <param name="domain">
 <summary>
@@ -47041,9 +49358,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_nessus_port" lineno="42266">
+<interface name="corenet_tcp_bind_postfix_policyd_port" lineno="66190">
 <summary>
-Bind TCP sockets to the nessus port.
+Bind TCP sockets to the postfix_policyd port.
 </summary>
 <param name="domain">
 <summary>
@@ -47052,9 +49369,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_nessus_port" lineno="42286">
+<interface name="corenet_udp_bind_postfix_policyd_port" lineno="66210">
 <summary>
-Bind UDP sockets to the nessus port.
+Bind UDP sockets to the postfix_policyd port.
 </summary>
 <param name="domain">
 <summary>
@@ -47063,9 +49380,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_nessus_port" lineno="42305">
+<interface name="corenet_tcp_connect_postfix_policyd_port" lineno="66229">
 <summary>
-Make a TCP connection to the nessus port.
+Make a TCP connection to the postfix_policyd port.
 </summary>
 <param name="domain">
 <summary>
@@ -47073,9 +49390,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_nessus_client_packets" lineno="42325">
+<interface name="corenet_send_postfix_policyd_client_packets" lineno="66249">
 <summary>
-Send nessus_client packets.
+Send postfix_policyd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47084,9 +49401,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_nessus_client_packets" lineno="42344">
+<interface name="corenet_dontaudit_send_postfix_policyd_client_packets" lineno="66268">
 <summary>
-Do not audit attempts to send nessus_client packets.
+Do not audit attempts to send postfix_policyd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47095,9 +49412,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_nessus_client_packets" lineno="42363">
+<interface name="corenet_receive_postfix_policyd_client_packets" lineno="66287">
 <summary>
-Receive nessus_client packets.
+Receive postfix_policyd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47106,9 +49423,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_nessus_client_packets" lineno="42382">
+<interface name="corenet_dontaudit_receive_postfix_policyd_client_packets" lineno="66306">
 <summary>
-Do not audit attempts to receive nessus_client packets.
+Do not audit attempts to receive postfix_policyd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47117,9 +49434,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_nessus_client_packets" lineno="42401">
+<interface name="corenet_sendrecv_postfix_policyd_client_packets" lineno="66325">
 <summary>
-Send and receive nessus_client packets.
+Send and receive postfix_policyd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47128,9 +49445,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_nessus_client_packets" lineno="42417">
+<interface name="corenet_dontaudit_sendrecv_postfix_policyd_client_packets" lineno="66341">
 <summary>
-Do not audit attempts to send and receive nessus_client packets.
+Do not audit attempts to send and receive postfix_policyd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47139,9 +49456,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_nessus_client_packets" lineno="42432">
+<interface name="corenet_relabelto_postfix_policyd_client_packets" lineno="66356">
 <summary>
-Relabel packets to nessus_client the packet type.
+Relabel packets to postfix_policyd_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -47149,9 +49466,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_nessus_server_packets" lineno="42452">
+<interface name="corenet_send_postfix_policyd_server_packets" lineno="66376">
 <summary>
-Send nessus_server packets.
+Send postfix_policyd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47160,9 +49477,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_nessus_server_packets" lineno="42471">
+<interface name="corenet_dontaudit_send_postfix_policyd_server_packets" lineno="66395">
 <summary>
-Do not audit attempts to send nessus_server packets.
+Do not audit attempts to send postfix_policyd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47171,9 +49488,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_nessus_server_packets" lineno="42490">
+<interface name="corenet_receive_postfix_policyd_server_packets" lineno="66414">
 <summary>
-Receive nessus_server packets.
+Receive postfix_policyd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47182,9 +49499,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_nessus_server_packets" lineno="42509">
+<interface name="corenet_dontaudit_receive_postfix_policyd_server_packets" lineno="66433">
 <summary>
-Do not audit attempts to receive nessus_server packets.
+Do not audit attempts to receive postfix_policyd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47193,9 +49510,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_nessus_server_packets" lineno="42528">
+<interface name="corenet_sendrecv_postfix_policyd_server_packets" lineno="66452">
 <summary>
-Send and receive nessus_server packets.
+Send and receive postfix_policyd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47204,9 +49521,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_nessus_server_packets" lineno="42544">
+<interface name="corenet_dontaudit_sendrecv_postfix_policyd_server_packets" lineno="66468">
 <summary>
-Do not audit attempts to send and receive nessus_server packets.
+Do not audit attempts to send and receive postfix_policyd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47215,9 +49532,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_nessus_server_packets" lineno="42559">
+<interface name="corenet_relabelto_postfix_policyd_server_packets" lineno="66483">
 <summary>
-Relabel packets to nessus_server the packet type.
+Relabel packets to postfix_policyd_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -47225,9 +49542,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_netport_port" lineno="42581">
+<interface name="corenet_tcp_sendrecv_postgresql_port" lineno="66505">
 <summary>
-Send and receive TCP traffic on the netport port.
+Send and receive TCP traffic on the postgresql port.
 </summary>
 <param name="domain">
 <summary>
@@ -47236,9 +49553,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_netport_port" lineno="42600">
+<interface name="corenet_udp_send_postgresql_port" lineno="66524">
 <summary>
-Send UDP traffic on the netport port.
+Send UDP traffic on the postgresql port.
 </summary>
 <param name="domain">
 <summary>
@@ -47247,9 +49564,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_netport_port" lineno="42619">
+<interface name="corenet_dontaudit_udp_send_postgresql_port" lineno="66543">
 <summary>
-Do not audit attempts to send UDP traffic on the netport port.
+Do not audit attempts to send UDP traffic on the postgresql port.
 </summary>
 <param name="domain">
 <summary>
@@ -47258,9 +49575,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_netport_port" lineno="42638">
+<interface name="corenet_udp_receive_postgresql_port" lineno="66562">
 <summary>
-Receive UDP traffic on the netport port.
+Receive UDP traffic on the postgresql port.
 </summary>
 <param name="domain">
 <summary>
@@ -47269,9 +49586,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_netport_port" lineno="42657">
+<interface name="corenet_dontaudit_udp_receive_postgresql_port" lineno="66581">
 <summary>
-Do not audit attempts to receive UDP traffic on the netport port.
+Do not audit attempts to receive UDP traffic on the postgresql port.
 </summary>
 <param name="domain">
 <summary>
@@ -47280,9 +49597,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_netport_port" lineno="42676">
+<interface name="corenet_udp_sendrecv_postgresql_port" lineno="66600">
 <summary>
-Send and receive UDP traffic on the netport port.
+Send and receive UDP traffic on the postgresql port.
 </summary>
 <param name="domain">
 <summary>
@@ -47291,10 +49608,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_netport_port" lineno="42693">
+<interface name="corenet_dontaudit_udp_sendrecv_postgresql_port" lineno="66617">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the netport port.
+UDP traffic on the postgresql port.
 </summary>
 <param name="domain">
 <summary>
@@ -47303,9 +49620,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_netport_port" lineno="42709">
+<interface name="corenet_tcp_bind_postgresql_port" lineno="66633">
 <summary>
-Bind TCP sockets to the netport port.
+Bind TCP sockets to the postgresql port.
 </summary>
 <param name="domain">
 <summary>
@@ -47314,9 +49631,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_netport_port" lineno="42729">
+<interface name="corenet_udp_bind_postgresql_port" lineno="66653">
 <summary>
-Bind UDP sockets to the netport port.
+Bind UDP sockets to the postgresql port.
 </summary>
 <param name="domain">
 <summary>
@@ -47325,9 +49642,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_netport_port" lineno="42748">
+<interface name="corenet_tcp_connect_postgresql_port" lineno="66672">
 <summary>
-Make a TCP connection to the netport port.
+Make a TCP connection to the postgresql port.
 </summary>
 <param name="domain">
 <summary>
@@ -47335,9 +49652,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_netport_client_packets" lineno="42768">
+<interface name="corenet_send_postgresql_client_packets" lineno="66692">
 <summary>
-Send netport_client packets.
+Send postgresql_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47346,9 +49663,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_netport_client_packets" lineno="42787">
+<interface name="corenet_dontaudit_send_postgresql_client_packets" lineno="66711">
 <summary>
-Do not audit attempts to send netport_client packets.
+Do not audit attempts to send postgresql_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47357,9 +49674,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_netport_client_packets" lineno="42806">
+<interface name="corenet_receive_postgresql_client_packets" lineno="66730">
 <summary>
-Receive netport_client packets.
+Receive postgresql_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47368,9 +49685,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_netport_client_packets" lineno="42825">
+<interface name="corenet_dontaudit_receive_postgresql_client_packets" lineno="66749">
 <summary>
-Do not audit attempts to receive netport_client packets.
+Do not audit attempts to receive postgresql_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47379,9 +49696,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_netport_client_packets" lineno="42844">
+<interface name="corenet_sendrecv_postgresql_client_packets" lineno="66768">
 <summary>
-Send and receive netport_client packets.
+Send and receive postgresql_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47390,9 +49707,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_netport_client_packets" lineno="42860">
+<interface name="corenet_dontaudit_sendrecv_postgresql_client_packets" lineno="66784">
 <summary>
-Do not audit attempts to send and receive netport_client packets.
+Do not audit attempts to send and receive postgresql_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47401,9 +49718,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_netport_client_packets" lineno="42875">
+<interface name="corenet_relabelto_postgresql_client_packets" lineno="66799">
 <summary>
-Relabel packets to netport_client the packet type.
+Relabel packets to postgresql_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -47411,9 +49728,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_netport_server_packets" lineno="42895">
+<interface name="corenet_send_postgresql_server_packets" lineno="66819">
 <summary>
-Send netport_server packets.
+Send postgresql_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47422,9 +49739,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_netport_server_packets" lineno="42914">
+<interface name="corenet_dontaudit_send_postgresql_server_packets" lineno="66838">
 <summary>
-Do not audit attempts to send netport_server packets.
+Do not audit attempts to send postgresql_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47433,9 +49750,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_netport_server_packets" lineno="42933">
+<interface name="corenet_receive_postgresql_server_packets" lineno="66857">
 <summary>
-Receive netport_server packets.
+Receive postgresql_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47444,9 +49761,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_netport_server_packets" lineno="42952">
+<interface name="corenet_dontaudit_receive_postgresql_server_packets" lineno="66876">
 <summary>
-Do not audit attempts to receive netport_server packets.
+Do not audit attempts to receive postgresql_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47455,9 +49772,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_netport_server_packets" lineno="42971">
+<interface name="corenet_sendrecv_postgresql_server_packets" lineno="66895">
 <summary>
-Send and receive netport_server packets.
+Send and receive postgresql_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47466,9 +49783,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_netport_server_packets" lineno="42987">
+<interface name="corenet_dontaudit_sendrecv_postgresql_server_packets" lineno="66911">
 <summary>
-Do not audit attempts to send and receive netport_server packets.
+Do not audit attempts to send and receive postgresql_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47477,9 +49794,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_netport_server_packets" lineno="43002">
+<interface name="corenet_relabelto_postgresql_server_packets" lineno="66926">
 <summary>
-Relabel packets to netport_server the packet type.
+Relabel packets to postgresql_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -47487,9 +49804,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_netsupport_port" lineno="43024">
+<interface name="corenet_tcp_sendrecv_postgrey_port" lineno="66948">
 <summary>
-Send and receive TCP traffic on the netsupport port.
+Send and receive TCP traffic on the postgrey port.
 </summary>
 <param name="domain">
 <summary>
@@ -47498,9 +49815,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_netsupport_port" lineno="43043">
+<interface name="corenet_udp_send_postgrey_port" lineno="66967">
 <summary>
-Send UDP traffic on the netsupport port.
+Send UDP traffic on the postgrey port.
 </summary>
 <param name="domain">
 <summary>
@@ -47509,9 +49826,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_netsupport_port" lineno="43062">
+<interface name="corenet_dontaudit_udp_send_postgrey_port" lineno="66986">
 <summary>
-Do not audit attempts to send UDP traffic on the netsupport port.
+Do not audit attempts to send UDP traffic on the postgrey port.
 </summary>
 <param name="domain">
 <summary>
@@ -47520,9 +49837,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_netsupport_port" lineno="43081">
+<interface name="corenet_udp_receive_postgrey_port" lineno="67005">
 <summary>
-Receive UDP traffic on the netsupport port.
+Receive UDP traffic on the postgrey port.
 </summary>
 <param name="domain">
 <summary>
@@ -47531,9 +49848,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_netsupport_port" lineno="43100">
+<interface name="corenet_dontaudit_udp_receive_postgrey_port" lineno="67024">
 <summary>
-Do not audit attempts to receive UDP traffic on the netsupport port.
+Do not audit attempts to receive UDP traffic on the postgrey port.
 </summary>
 <param name="domain">
 <summary>
@@ -47542,9 +49859,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_netsupport_port" lineno="43119">
+<interface name="corenet_udp_sendrecv_postgrey_port" lineno="67043">
 <summary>
-Send and receive UDP traffic on the netsupport port.
+Send and receive UDP traffic on the postgrey port.
 </summary>
 <param name="domain">
 <summary>
@@ -47553,10 +49870,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_netsupport_port" lineno="43136">
+<interface name="corenet_dontaudit_udp_sendrecv_postgrey_port" lineno="67060">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the netsupport port.
+UDP traffic on the postgrey port.
 </summary>
 <param name="domain">
 <summary>
@@ -47565,9 +49882,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_netsupport_port" lineno="43152">
+<interface name="corenet_tcp_bind_postgrey_port" lineno="67076">
 <summary>
-Bind TCP sockets to the netsupport port.
+Bind TCP sockets to the postgrey port.
 </summary>
 <param name="domain">
 <summary>
@@ -47576,9 +49893,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_netsupport_port" lineno="43172">
+<interface name="corenet_udp_bind_postgrey_port" lineno="67096">
 <summary>
-Bind UDP sockets to the netsupport port.
+Bind UDP sockets to the postgrey port.
 </summary>
 <param name="domain">
 <summary>
@@ -47587,9 +49904,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_netsupport_port" lineno="43191">
+<interface name="corenet_tcp_connect_postgrey_port" lineno="67115">
 <summary>
-Make a TCP connection to the netsupport port.
+Make a TCP connection to the postgrey port.
 </summary>
 <param name="domain">
 <summary>
@@ -47597,9 +49914,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_netsupport_client_packets" lineno="43211">
+<interface name="corenet_send_postgrey_client_packets" lineno="67135">
 <summary>
-Send netsupport_client packets.
+Send postgrey_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47608,9 +49925,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_netsupport_client_packets" lineno="43230">
+<interface name="corenet_dontaudit_send_postgrey_client_packets" lineno="67154">
 <summary>
-Do not audit attempts to send netsupport_client packets.
+Do not audit attempts to send postgrey_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47619,9 +49936,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_netsupport_client_packets" lineno="43249">
+<interface name="corenet_receive_postgrey_client_packets" lineno="67173">
 <summary>
-Receive netsupport_client packets.
+Receive postgrey_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47630,9 +49947,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_netsupport_client_packets" lineno="43268">
+<interface name="corenet_dontaudit_receive_postgrey_client_packets" lineno="67192">
 <summary>
-Do not audit attempts to receive netsupport_client packets.
+Do not audit attempts to receive postgrey_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47641,9 +49958,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_netsupport_client_packets" lineno="43287">
+<interface name="corenet_sendrecv_postgrey_client_packets" lineno="67211">
 <summary>
-Send and receive netsupport_client packets.
+Send and receive postgrey_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47652,9 +49969,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_netsupport_client_packets" lineno="43303">
+<interface name="corenet_dontaudit_sendrecv_postgrey_client_packets" lineno="67227">
 <summary>
-Do not audit attempts to send and receive netsupport_client packets.
+Do not audit attempts to send and receive postgrey_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47663,9 +49980,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_netsupport_client_packets" lineno="43318">
+<interface name="corenet_relabelto_postgrey_client_packets" lineno="67242">
 <summary>
-Relabel packets to netsupport_client the packet type.
+Relabel packets to postgrey_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -47673,9 +49990,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_netsupport_server_packets" lineno="43338">
+<interface name="corenet_send_postgrey_server_packets" lineno="67262">
 <summary>
-Send netsupport_server packets.
+Send postgrey_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47684,9 +50001,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_netsupport_server_packets" lineno="43357">
+<interface name="corenet_dontaudit_send_postgrey_server_packets" lineno="67281">
 <summary>
-Do not audit attempts to send netsupport_server packets.
+Do not audit attempts to send postgrey_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47695,9 +50012,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_netsupport_server_packets" lineno="43376">
+<interface name="corenet_receive_postgrey_server_packets" lineno="67300">
 <summary>
-Receive netsupport_server packets.
+Receive postgrey_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47706,9 +50023,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_netsupport_server_packets" lineno="43395">
+<interface name="corenet_dontaudit_receive_postgrey_server_packets" lineno="67319">
 <summary>
-Do not audit attempts to receive netsupport_server packets.
+Do not audit attempts to receive postgrey_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47717,9 +50034,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_netsupport_server_packets" lineno="43414">
+<interface name="corenet_sendrecv_postgrey_server_packets" lineno="67338">
 <summary>
-Send and receive netsupport_server packets.
+Send and receive postgrey_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47728,9 +50045,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_netsupport_server_packets" lineno="43430">
+<interface name="corenet_dontaudit_sendrecv_postgrey_server_packets" lineno="67354">
 <summary>
-Do not audit attempts to send and receive netsupport_server packets.
+Do not audit attempts to send and receive postgrey_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47739,9 +50056,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_netsupport_server_packets" lineno="43445">
+<interface name="corenet_relabelto_postgrey_server_packets" lineno="67369">
 <summary>
-Relabel packets to netsupport_server the packet type.
+Relabel packets to postgrey_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -47749,9 +50066,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_nmbd_port" lineno="43467">
+<interface name="corenet_tcp_sendrecv_pptp_port" lineno="67391">
 <summary>
-Send and receive TCP traffic on the nmbd port.
+Send and receive TCP traffic on the pptp port.
 </summary>
 <param name="domain">
 <summary>
@@ -47760,9 +50077,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_nmbd_port" lineno="43486">
+<interface name="corenet_udp_send_pptp_port" lineno="67410">
 <summary>
-Send UDP traffic on the nmbd port.
+Send UDP traffic on the pptp port.
 </summary>
 <param name="domain">
 <summary>
@@ -47771,9 +50088,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_nmbd_port" lineno="43505">
+<interface name="corenet_dontaudit_udp_send_pptp_port" lineno="67429">
 <summary>
-Do not audit attempts to send UDP traffic on the nmbd port.
+Do not audit attempts to send UDP traffic on the pptp port.
 </summary>
 <param name="domain">
 <summary>
@@ -47782,9 +50099,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_nmbd_port" lineno="43524">
+<interface name="corenet_udp_receive_pptp_port" lineno="67448">
 <summary>
-Receive UDP traffic on the nmbd port.
+Receive UDP traffic on the pptp port.
 </summary>
 <param name="domain">
 <summary>
@@ -47793,9 +50110,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_nmbd_port" lineno="43543">
+<interface name="corenet_dontaudit_udp_receive_pptp_port" lineno="67467">
 <summary>
-Do not audit attempts to receive UDP traffic on the nmbd port.
+Do not audit attempts to receive UDP traffic on the pptp port.
 </summary>
 <param name="domain">
 <summary>
@@ -47804,9 +50121,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_nmbd_port" lineno="43562">
+<interface name="corenet_udp_sendrecv_pptp_port" lineno="67486">
 <summary>
-Send and receive UDP traffic on the nmbd port.
+Send and receive UDP traffic on the pptp port.
 </summary>
 <param name="domain">
 <summary>
@@ -47815,10 +50132,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_nmbd_port" lineno="43579">
+<interface name="corenet_dontaudit_udp_sendrecv_pptp_port" lineno="67503">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the nmbd port.
+UDP traffic on the pptp port.
 </summary>
 <param name="domain">
 <summary>
@@ -47827,9 +50144,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_nmbd_port" lineno="43595">
+<interface name="corenet_tcp_bind_pptp_port" lineno="67519">
 <summary>
-Bind TCP sockets to the nmbd port.
+Bind TCP sockets to the pptp port.
 </summary>
 <param name="domain">
 <summary>
@@ -47838,9 +50155,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_nmbd_port" lineno="43615">
+<interface name="corenet_udp_bind_pptp_port" lineno="67539">
 <summary>
-Bind UDP sockets to the nmbd port.
+Bind UDP sockets to the pptp port.
 </summary>
 <param name="domain">
 <summary>
@@ -47849,9 +50166,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_nmbd_port" lineno="43634">
+<interface name="corenet_tcp_connect_pptp_port" lineno="67558">
 <summary>
-Make a TCP connection to the nmbd port.
+Make a TCP connection to the pptp port.
 </summary>
 <param name="domain">
 <summary>
@@ -47859,9 +50176,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_nmbd_client_packets" lineno="43654">
+<interface name="corenet_send_pptp_client_packets" lineno="67578">
 <summary>
-Send nmbd_client packets.
+Send pptp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47870,9 +50187,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_nmbd_client_packets" lineno="43673">
+<interface name="corenet_dontaudit_send_pptp_client_packets" lineno="67597">
 <summary>
-Do not audit attempts to send nmbd_client packets.
+Do not audit attempts to send pptp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47881,9 +50198,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_nmbd_client_packets" lineno="43692">
+<interface name="corenet_receive_pptp_client_packets" lineno="67616">
 <summary>
-Receive nmbd_client packets.
+Receive pptp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47892,9 +50209,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_nmbd_client_packets" lineno="43711">
+<interface name="corenet_dontaudit_receive_pptp_client_packets" lineno="67635">
 <summary>
-Do not audit attempts to receive nmbd_client packets.
+Do not audit attempts to receive pptp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47903,9 +50220,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_nmbd_client_packets" lineno="43730">
+<interface name="corenet_sendrecv_pptp_client_packets" lineno="67654">
 <summary>
-Send and receive nmbd_client packets.
+Send and receive pptp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47914,9 +50231,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_nmbd_client_packets" lineno="43746">
+<interface name="corenet_dontaudit_sendrecv_pptp_client_packets" lineno="67670">
 <summary>
-Do not audit attempts to send and receive nmbd_client packets.
+Do not audit attempts to send and receive pptp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47925,9 +50242,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_nmbd_client_packets" lineno="43761">
+<interface name="corenet_relabelto_pptp_client_packets" lineno="67685">
 <summary>
-Relabel packets to nmbd_client the packet type.
+Relabel packets to pptp_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -47935,9 +50252,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_nmbd_server_packets" lineno="43781">
+<interface name="corenet_send_pptp_server_packets" lineno="67705">
 <summary>
-Send nmbd_server packets.
+Send pptp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47946,9 +50263,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_nmbd_server_packets" lineno="43800">
+<interface name="corenet_dontaudit_send_pptp_server_packets" lineno="67724">
 <summary>
-Do not audit attempts to send nmbd_server packets.
+Do not audit attempts to send pptp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47957,9 +50274,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_nmbd_server_packets" lineno="43819">
+<interface name="corenet_receive_pptp_server_packets" lineno="67743">
 <summary>
-Receive nmbd_server packets.
+Receive pptp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47968,9 +50285,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_nmbd_server_packets" lineno="43838">
+<interface name="corenet_dontaudit_receive_pptp_server_packets" lineno="67762">
 <summary>
-Do not audit attempts to receive nmbd_server packets.
+Do not audit attempts to receive pptp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47979,9 +50296,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_nmbd_server_packets" lineno="43857">
+<interface name="corenet_sendrecv_pptp_server_packets" lineno="67781">
 <summary>
-Send and receive nmbd_server packets.
+Send and receive pptp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -47990,9 +50307,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_nmbd_server_packets" lineno="43873">
+<interface name="corenet_dontaudit_sendrecv_pptp_server_packets" lineno="67797">
 <summary>
-Do not audit attempts to send and receive nmbd_server packets.
+Do not audit attempts to send and receive pptp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -48001,9 +50318,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_nmbd_server_packets" lineno="43888">
+<interface name="corenet_relabelto_pptp_server_packets" lineno="67812">
 <summary>
-Relabel packets to nmbd_server the packet type.
+Relabel packets to pptp_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -48011,9 +50328,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_ntop_port" lineno="43910">
+<interface name="corenet_tcp_sendrecv_prelude_port" lineno="67834">
 <summary>
-Send and receive TCP traffic on the ntop port.
+Send and receive TCP traffic on the prelude port.
 </summary>
 <param name="domain">
 <summary>
@@ -48022,9 +50339,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_ntop_port" lineno="43929">
+<interface name="corenet_udp_send_prelude_port" lineno="67853">
 <summary>
-Send UDP traffic on the ntop port.
+Send UDP traffic on the prelude port.
 </summary>
 <param name="domain">
 <summary>
@@ -48033,9 +50350,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_ntop_port" lineno="43948">
+<interface name="corenet_dontaudit_udp_send_prelude_port" lineno="67872">
 <summary>
-Do not audit attempts to send UDP traffic on the ntop port.
+Do not audit attempts to send UDP traffic on the prelude port.
 </summary>
 <param name="domain">
 <summary>
@@ -48044,9 +50361,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_ntop_port" lineno="43967">
+<interface name="corenet_udp_receive_prelude_port" lineno="67891">
 <summary>
-Receive UDP traffic on the ntop port.
+Receive UDP traffic on the prelude port.
 </summary>
 <param name="domain">
 <summary>
@@ -48055,9 +50372,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_ntop_port" lineno="43986">
+<interface name="corenet_dontaudit_udp_receive_prelude_port" lineno="67910">
 <summary>
-Do not audit attempts to receive UDP traffic on the ntop port.
+Do not audit attempts to receive UDP traffic on the prelude port.
 </summary>
 <param name="domain">
 <summary>
@@ -48066,9 +50383,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_ntop_port" lineno="44005">
+<interface name="corenet_udp_sendrecv_prelude_port" lineno="67929">
 <summary>
-Send and receive UDP traffic on the ntop port.
+Send and receive UDP traffic on the prelude port.
 </summary>
 <param name="domain">
 <summary>
@@ -48077,10 +50394,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_ntop_port" lineno="44022">
+<interface name="corenet_dontaudit_udp_sendrecv_prelude_port" lineno="67946">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the ntop port.
+UDP traffic on the prelude port.
 </summary>
 <param name="domain">
 <summary>
@@ -48089,9 +50406,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_ntop_port" lineno="44038">
+<interface name="corenet_tcp_bind_prelude_port" lineno="67962">
 <summary>
-Bind TCP sockets to the ntop port.
+Bind TCP sockets to the prelude port.
 </summary>
 <param name="domain">
 <summary>
@@ -48100,9 +50417,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_ntop_port" lineno="44058">
+<interface name="corenet_udp_bind_prelude_port" lineno="67982">
 <summary>
-Bind UDP sockets to the ntop port.
+Bind UDP sockets to the prelude port.
 </summary>
 <param name="domain">
 <summary>
@@ -48111,9 +50428,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_ntop_port" lineno="44077">
+<interface name="corenet_tcp_connect_prelude_port" lineno="68001">
 <summary>
-Make a TCP connection to the ntop port.
+Make a TCP connection to the prelude port.
 </summary>
 <param name="domain">
 <summary>
@@ -48121,9 +50438,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_ntop_client_packets" lineno="44097">
+<interface name="corenet_send_prelude_client_packets" lineno="68021">
 <summary>
-Send ntop_client packets.
+Send prelude_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -48132,9 +50449,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_ntop_client_packets" lineno="44116">
+<interface name="corenet_dontaudit_send_prelude_client_packets" lineno="68040">
 <summary>
-Do not audit attempts to send ntop_client packets.
+Do not audit attempts to send prelude_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -48143,9 +50460,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_ntop_client_packets" lineno="44135">
+<interface name="corenet_receive_prelude_client_packets" lineno="68059">
 <summary>
-Receive ntop_client packets.
+Receive prelude_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -48154,9 +50471,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_ntop_client_packets" lineno="44154">
+<interface name="corenet_dontaudit_receive_prelude_client_packets" lineno="68078">
 <summary>
-Do not audit attempts to receive ntop_client packets.
+Do not audit attempts to receive prelude_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -48165,9 +50482,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_ntop_client_packets" lineno="44173">
+<interface name="corenet_sendrecv_prelude_client_packets" lineno="68097">
 <summary>
-Send and receive ntop_client packets.
+Send and receive prelude_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -48176,9 +50493,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_ntop_client_packets" lineno="44189">
+<interface name="corenet_dontaudit_sendrecv_prelude_client_packets" lineno="68113">
 <summary>
-Do not audit attempts to send and receive ntop_client packets.
+Do not audit attempts to send and receive prelude_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -48187,9 +50504,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_ntop_client_packets" lineno="44204">
+<interface name="corenet_relabelto_prelude_client_packets" lineno="68128">
 <summary>
-Relabel packets to ntop_client the packet type.
+Relabel packets to prelude_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -48197,9 +50514,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_ntop_server_packets" lineno="44224">
+<interface name="corenet_send_prelude_server_packets" lineno="68148">
 <summary>
-Send ntop_server packets.
+Send prelude_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -48208,9 +50525,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_ntop_server_packets" lineno="44243">
+<interface name="corenet_dontaudit_send_prelude_server_packets" lineno="68167">
 <summary>
-Do not audit attempts to send ntop_server packets.
+Do not audit attempts to send prelude_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -48219,9 +50536,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_ntop_server_packets" lineno="44262">
+<interface name="corenet_receive_prelude_server_packets" lineno="68186">
 <summary>
-Receive ntop_server packets.
+Receive prelude_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -48230,9 +50547,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_ntop_server_packets" lineno="44281">
+<interface name="corenet_dontaudit_receive_prelude_server_packets" lineno="68205">
 <summary>
-Do not audit attempts to receive ntop_server packets.
+Do not audit attempts to receive prelude_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -48241,9 +50558,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_ntop_server_packets" lineno="44300">
+<interface name="corenet_sendrecv_prelude_server_packets" lineno="68224">
 <summary>
-Send and receive ntop_server packets.
+Send and receive prelude_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -48252,9 +50569,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_ntop_server_packets" lineno="44316">
+<interface name="corenet_dontaudit_sendrecv_prelude_server_packets" lineno="68240">
 <summary>
-Do not audit attempts to send and receive ntop_server packets.
+Do not audit attempts to send and receive prelude_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -48263,9 +50580,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_ntop_server_packets" lineno="44331">
+<interface name="corenet_relabelto_prelude_server_packets" lineno="68255">
 <summary>
-Relabel packets to ntop_server the packet type.
+Relabel packets to prelude_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -48273,9 +50590,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_ntp_port" lineno="44353">
+<interface name="corenet_tcp_sendrecv_presence_port" lineno="68277">
 <summary>
-Send and receive TCP traffic on the ntp port.
+Send and receive TCP traffic on the presence port.
 </summary>
 <param name="domain">
 <summary>
@@ -48284,9 +50601,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_ntp_port" lineno="44372">
+<interface name="corenet_udp_send_presence_port" lineno="68296">
 <summary>
-Send UDP traffic on the ntp port.
+Send UDP traffic on the presence port.
 </summary>
 <param name="domain">
 <summary>
@@ -48295,9 +50612,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_ntp_port" lineno="44391">
+<interface name="corenet_dontaudit_udp_send_presence_port" lineno="68315">
 <summary>
-Do not audit attempts to send UDP traffic on the ntp port.
+Do not audit attempts to send UDP traffic on the presence port.
 </summary>
 <param name="domain">
 <summary>
@@ -48306,9 +50623,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_ntp_port" lineno="44410">
+<interface name="corenet_udp_receive_presence_port" lineno="68334">
 <summary>
-Receive UDP traffic on the ntp port.
+Receive UDP traffic on the presence port.
 </summary>
 <param name="domain">
 <summary>
@@ -48317,9 +50634,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_ntp_port" lineno="44429">
+<interface name="corenet_dontaudit_udp_receive_presence_port" lineno="68353">
 <summary>
-Do not audit attempts to receive UDP traffic on the ntp port.
+Do not audit attempts to receive UDP traffic on the presence port.
 </summary>
 <param name="domain">
 <summary>
@@ -48328,9 +50645,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_ntp_port" lineno="44448">
+<interface name="corenet_udp_sendrecv_presence_port" lineno="68372">
 <summary>
-Send and receive UDP traffic on the ntp port.
+Send and receive UDP traffic on the presence port.
 </summary>
 <param name="domain">
 <summary>
@@ -48339,10 +50656,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_ntp_port" lineno="44465">
+<interface name="corenet_dontaudit_udp_sendrecv_presence_port" lineno="68389">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the ntp port.
+UDP traffic on the presence port.
 </summary>
 <param name="domain">
 <summary>
@@ -48351,9 +50668,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_ntp_port" lineno="44481">
+<interface name="corenet_tcp_bind_presence_port" lineno="68405">
 <summary>
-Bind TCP sockets to the ntp port.
+Bind TCP sockets to the presence port.
 </summary>
 <param name="domain">
 <summary>
@@ -48362,9 +50679,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_ntp_port" lineno="44501">
+<interface name="corenet_udp_bind_presence_port" lineno="68425">
 <summary>
-Bind UDP sockets to the ntp port.
+Bind UDP sockets to the presence port.
 </summary>
 <param name="domain">
 <summary>
@@ -48373,9 +50690,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_ntp_port" lineno="44520">
+<interface name="corenet_tcp_connect_presence_port" lineno="68444">
 <summary>
-Make a TCP connection to the ntp port.
+Make a TCP connection to the presence port.
 </summary>
 <param name="domain">
 <summary>
@@ -48383,9 +50700,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_ntp_client_packets" lineno="44540">
+<interface name="corenet_send_presence_client_packets" lineno="68464">
 <summary>
-Send ntp_client packets.
+Send presence_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -48394,9 +50711,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_ntp_client_packets" lineno="44559">
+<interface name="corenet_dontaudit_send_presence_client_packets" lineno="68483">
 <summary>
-Do not audit attempts to send ntp_client packets.
+Do not audit attempts to send presence_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -48405,9 +50722,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_ntp_client_packets" lineno="44578">
+<interface name="corenet_receive_presence_client_packets" lineno="68502">
 <summary>
-Receive ntp_client packets.
+Receive presence_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -48416,9 +50733,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_ntp_client_packets" lineno="44597">
+<interface name="corenet_dontaudit_receive_presence_client_packets" lineno="68521">
 <summary>
-Do not audit attempts to receive ntp_client packets.
+Do not audit attempts to receive presence_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -48427,9 +50744,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_ntp_client_packets" lineno="44616">
+<interface name="corenet_sendrecv_presence_client_packets" lineno="68540">
 <summary>
-Send and receive ntp_client packets.
+Send and receive presence_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -48438,9 +50755,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_ntp_client_packets" lineno="44632">
+<interface name="corenet_dontaudit_sendrecv_presence_client_packets" lineno="68556">
 <summary>
-Do not audit attempts to send and receive ntp_client packets.
+Do not audit attempts to send and receive presence_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -48449,9 +50766,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_ntp_client_packets" lineno="44647">
+<interface name="corenet_relabelto_presence_client_packets" lineno="68571">
 <summary>
-Relabel packets to ntp_client the packet type.
+Relabel packets to presence_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -48459,9 +50776,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_ntp_server_packets" lineno="44667">
+<interface name="corenet_send_presence_server_packets" lineno="68591">
 <summary>
-Send ntp_server packets.
+Send presence_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -48470,9 +50787,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_ntp_server_packets" lineno="44686">
+<interface name="corenet_dontaudit_send_presence_server_packets" lineno="68610">
 <summary>
-Do not audit attempts to send ntp_server packets.
+Do not audit attempts to send presence_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -48481,9 +50798,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_ntp_server_packets" lineno="44705">
+<interface name="corenet_receive_presence_server_packets" lineno="68629">
 <summary>
-Receive ntp_server packets.
+Receive presence_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -48492,9 +50809,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_ntp_server_packets" lineno="44724">
+<interface name="corenet_dontaudit_receive_presence_server_packets" lineno="68648">
 <summary>
-Do not audit attempts to receive ntp_server packets.
+Do not audit attempts to receive presence_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -48503,9 +50820,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_ntp_server_packets" lineno="44743">
+<interface name="corenet_sendrecv_presence_server_packets" lineno="68667">
 <summary>
-Send and receive ntp_server packets.
+Send and receive presence_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -48514,9 +50831,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_ntp_server_packets" lineno="44759">
+<interface name="corenet_dontaudit_sendrecv_presence_server_packets" lineno="68683">
 <summary>
-Do not audit attempts to send and receive ntp_server packets.
+Do not audit attempts to send and receive presence_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -48525,9 +50842,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_ntp_server_packets" lineno="44774">
+<interface name="corenet_relabelto_presence_server_packets" lineno="68698">
 <summary>
-Relabel packets to ntp_server the packet type.
+Relabel packets to presence_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -48535,9 +50852,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_oracledb_port" lineno="44796">
+<interface name="corenet_tcp_sendrecv_printer_port" lineno="68720">
 <summary>
-Send and receive TCP traffic on the oracledb port.
+Send and receive TCP traffic on the printer port.
 </summary>
 <param name="domain">
 <summary>
@@ -48546,9 +50863,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_oracledb_port" lineno="44815">
+<interface name="corenet_udp_send_printer_port" lineno="68739">
 <summary>
-Send UDP traffic on the oracledb port.
+Send UDP traffic on the printer port.
 </summary>
 <param name="domain">
 <summary>
@@ -48557,9 +50874,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_oracledb_port" lineno="44834">
+<interface name="corenet_dontaudit_udp_send_printer_port" lineno="68758">
 <summary>
-Do not audit attempts to send UDP traffic on the oracledb port.
+Do not audit attempts to send UDP traffic on the printer port.
 </summary>
 <param name="domain">
 <summary>
@@ -48568,9 +50885,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_oracledb_port" lineno="44853">
+<interface name="corenet_udp_receive_printer_port" lineno="68777">
 <summary>
-Receive UDP traffic on the oracledb port.
+Receive UDP traffic on the printer port.
 </summary>
 <param name="domain">
 <summary>
@@ -48579,9 +50896,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_oracledb_port" lineno="44872">
+<interface name="corenet_dontaudit_udp_receive_printer_port" lineno="68796">
 <summary>
-Do not audit attempts to receive UDP traffic on the oracledb port.
+Do not audit attempts to receive UDP traffic on the printer port.
 </summary>
 <param name="domain">
 <summary>
@@ -48590,9 +50907,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_oracledb_port" lineno="44891">
+<interface name="corenet_udp_sendrecv_printer_port" lineno="68815">
 <summary>
-Send and receive UDP traffic on the oracledb port.
+Send and receive UDP traffic on the printer port.
 </summary>
 <param name="domain">
 <summary>
@@ -48601,10 +50918,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_oracledb_port" lineno="44908">
+<interface name="corenet_dontaudit_udp_sendrecv_printer_port" lineno="68832">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the oracledb port.
+UDP traffic on the printer port.
 </summary>
 <param name="domain">
 <summary>
@@ -48613,9 +50930,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_oracledb_port" lineno="44924">
+<interface name="corenet_tcp_bind_printer_port" lineno="68848">
 <summary>
-Bind TCP sockets to the oracledb port.
+Bind TCP sockets to the printer port.
 </summary>
 <param name="domain">
 <summary>
@@ -48624,9 +50941,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_oracledb_port" lineno="44944">
+<interface name="corenet_udp_bind_printer_port" lineno="68868">
 <summary>
-Bind UDP sockets to the oracledb port.
+Bind UDP sockets to the printer port.
 </summary>
 <param name="domain">
 <summary>
@@ -48635,9 +50952,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_oracledb_port" lineno="44963">
+<interface name="corenet_tcp_connect_printer_port" lineno="68887">
 <summary>
-Make a TCP connection to the oracledb port.
+Make a TCP connection to the printer port.
 </summary>
 <param name="domain">
 <summary>
@@ -48645,9 +50962,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_oracledb_client_packets" lineno="44983">
+<interface name="corenet_send_printer_client_packets" lineno="68907">
 <summary>
-Send oracledb_client packets.
+Send printer_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -48656,9 +50973,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_oracledb_client_packets" lineno="45002">
+<interface name="corenet_dontaudit_send_printer_client_packets" lineno="68926">
 <summary>
-Do not audit attempts to send oracledb_client packets.
+Do not audit attempts to send printer_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -48667,9 +50984,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_oracledb_client_packets" lineno="45021">
+<interface name="corenet_receive_printer_client_packets" lineno="68945">
 <summary>
-Receive oracledb_client packets.
+Receive printer_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -48678,9 +50995,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_oracledb_client_packets" lineno="45040">
+<interface name="corenet_dontaudit_receive_printer_client_packets" lineno="68964">
 <summary>
-Do not audit attempts to receive oracledb_client packets.
+Do not audit attempts to receive printer_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -48689,9 +51006,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_oracledb_client_packets" lineno="45059">
+<interface name="corenet_sendrecv_printer_client_packets" lineno="68983">
 <summary>
-Send and receive oracledb_client packets.
+Send and receive printer_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -48700,9 +51017,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_oracledb_client_packets" lineno="45075">
+<interface name="corenet_dontaudit_sendrecv_printer_client_packets" lineno="68999">
 <summary>
-Do not audit attempts to send and receive oracledb_client packets.
+Do not audit attempts to send and receive printer_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -48711,9 +51028,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_oracledb_client_packets" lineno="45090">
+<interface name="corenet_relabelto_printer_client_packets" lineno="69014">
 <summary>
-Relabel packets to oracledb_client the packet type.
+Relabel packets to printer_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -48721,9 +51038,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_oracledb_server_packets" lineno="45110">
+<interface name="corenet_send_printer_server_packets" lineno="69034">
 <summary>
-Send oracledb_server packets.
+Send printer_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -48732,9 +51049,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_oracledb_server_packets" lineno="45129">
+<interface name="corenet_dontaudit_send_printer_server_packets" lineno="69053">
 <summary>
-Do not audit attempts to send oracledb_server packets.
+Do not audit attempts to send printer_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -48743,9 +51060,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_oracledb_server_packets" lineno="45148">
+<interface name="corenet_receive_printer_server_packets" lineno="69072">
 <summary>
-Receive oracledb_server packets.
+Receive printer_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -48754,9 +51071,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_oracledb_server_packets" lineno="45167">
+<interface name="corenet_dontaudit_receive_printer_server_packets" lineno="69091">
 <summary>
-Do not audit attempts to receive oracledb_server packets.
+Do not audit attempts to receive printer_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -48765,9 +51082,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_oracledb_server_packets" lineno="45186">
+<interface name="corenet_sendrecv_printer_server_packets" lineno="69110">
 <summary>
-Send and receive oracledb_server packets.
+Send and receive printer_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -48776,9 +51093,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_oracledb_server_packets" lineno="45202">
+<interface name="corenet_dontaudit_sendrecv_printer_server_packets" lineno="69126">
 <summary>
-Do not audit attempts to send and receive oracledb_server packets.
+Do not audit attempts to send and receive printer_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -48787,9 +51104,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_oracledb_server_packets" lineno="45217">
+<interface name="corenet_relabelto_printer_server_packets" lineno="69141">
 <summary>
-Relabel packets to oracledb_server the packet type.
+Relabel packets to printer_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -48797,9 +51114,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_ocsp_port" lineno="45239">
+<interface name="corenet_tcp_sendrecv_ptal_port" lineno="69163">
 <summary>
-Send and receive TCP traffic on the ocsp port.
+Send and receive TCP traffic on the ptal port.
 </summary>
 <param name="domain">
 <summary>
@@ -48808,9 +51125,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_ocsp_port" lineno="45258">
+<interface name="corenet_udp_send_ptal_port" lineno="69182">
 <summary>
-Send UDP traffic on the ocsp port.
+Send UDP traffic on the ptal port.
 </summary>
 <param name="domain">
 <summary>
@@ -48819,9 +51136,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_ocsp_port" lineno="45277">
+<interface name="corenet_dontaudit_udp_send_ptal_port" lineno="69201">
 <summary>
-Do not audit attempts to send UDP traffic on the ocsp port.
+Do not audit attempts to send UDP traffic on the ptal port.
 </summary>
 <param name="domain">
 <summary>
@@ -48830,9 +51147,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_ocsp_port" lineno="45296">
+<interface name="corenet_udp_receive_ptal_port" lineno="69220">
 <summary>
-Receive UDP traffic on the ocsp port.
+Receive UDP traffic on the ptal port.
 </summary>
 <param name="domain">
 <summary>
@@ -48841,9 +51158,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_ocsp_port" lineno="45315">
+<interface name="corenet_dontaudit_udp_receive_ptal_port" lineno="69239">
 <summary>
-Do not audit attempts to receive UDP traffic on the ocsp port.
+Do not audit attempts to receive UDP traffic on the ptal port.
 </summary>
 <param name="domain">
 <summary>
@@ -48852,9 +51169,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_ocsp_port" lineno="45334">
+<interface name="corenet_udp_sendrecv_ptal_port" lineno="69258">
 <summary>
-Send and receive UDP traffic on the ocsp port.
+Send and receive UDP traffic on the ptal port.
 </summary>
 <param name="domain">
 <summary>
@@ -48863,10 +51180,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_ocsp_port" lineno="45351">
+<interface name="corenet_dontaudit_udp_sendrecv_ptal_port" lineno="69275">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the ocsp port.
+UDP traffic on the ptal port.
 </summary>
 <param name="domain">
 <summary>
@@ -48875,9 +51192,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_ocsp_port" lineno="45367">
+<interface name="corenet_tcp_bind_ptal_port" lineno="69291">
 <summary>
-Bind TCP sockets to the ocsp port.
+Bind TCP sockets to the ptal port.
 </summary>
 <param name="domain">
 <summary>
@@ -48886,9 +51203,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_ocsp_port" lineno="45387">
+<interface name="corenet_udp_bind_ptal_port" lineno="69311">
 <summary>
-Bind UDP sockets to the ocsp port.
+Bind UDP sockets to the ptal port.
 </summary>
 <param name="domain">
 <summary>
@@ -48897,9 +51214,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_ocsp_port" lineno="45406">
+<interface name="corenet_tcp_connect_ptal_port" lineno="69330">
 <summary>
-Make a TCP connection to the ocsp port.
+Make a TCP connection to the ptal port.
 </summary>
 <param name="domain">
 <summary>
@@ -48907,9 +51224,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_ocsp_client_packets" lineno="45426">
+<interface name="corenet_send_ptal_client_packets" lineno="69350">
 <summary>
-Send ocsp_client packets.
+Send ptal_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -48918,9 +51235,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_ocsp_client_packets" lineno="45445">
+<interface name="corenet_dontaudit_send_ptal_client_packets" lineno="69369">
 <summary>
-Do not audit attempts to send ocsp_client packets.
+Do not audit attempts to send ptal_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -48929,9 +51246,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_ocsp_client_packets" lineno="45464">
+<interface name="corenet_receive_ptal_client_packets" lineno="69388">
 <summary>
-Receive ocsp_client packets.
+Receive ptal_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -48940,9 +51257,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_ocsp_client_packets" lineno="45483">
+<interface name="corenet_dontaudit_receive_ptal_client_packets" lineno="69407">
 <summary>
-Do not audit attempts to receive ocsp_client packets.
+Do not audit attempts to receive ptal_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -48951,9 +51268,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_ocsp_client_packets" lineno="45502">
+<interface name="corenet_sendrecv_ptal_client_packets" lineno="69426">
 <summary>
-Send and receive ocsp_client packets.
+Send and receive ptal_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -48962,9 +51279,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_ocsp_client_packets" lineno="45518">
+<interface name="corenet_dontaudit_sendrecv_ptal_client_packets" lineno="69442">
 <summary>
-Do not audit attempts to send and receive ocsp_client packets.
+Do not audit attempts to send and receive ptal_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -48973,9 +51290,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_ocsp_client_packets" lineno="45533">
+<interface name="corenet_relabelto_ptal_client_packets" lineno="69457">
 <summary>
-Relabel packets to ocsp_client the packet type.
+Relabel packets to ptal_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -48983,9 +51300,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_ocsp_server_packets" lineno="45553">
+<interface name="corenet_send_ptal_server_packets" lineno="69477">
 <summary>
-Send ocsp_server packets.
+Send ptal_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -48994,9 +51311,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_ocsp_server_packets" lineno="45572">
+<interface name="corenet_dontaudit_send_ptal_server_packets" lineno="69496">
 <summary>
-Do not audit attempts to send ocsp_server packets.
+Do not audit attempts to send ptal_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49005,9 +51322,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_ocsp_server_packets" lineno="45591">
+<interface name="corenet_receive_ptal_server_packets" lineno="69515">
 <summary>
-Receive ocsp_server packets.
+Receive ptal_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49016,9 +51333,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_ocsp_server_packets" lineno="45610">
+<interface name="corenet_dontaudit_receive_ptal_server_packets" lineno="69534">
 <summary>
-Do not audit attempts to receive ocsp_server packets.
+Do not audit attempts to receive ptal_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49027,9 +51344,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_ocsp_server_packets" lineno="45629">
+<interface name="corenet_sendrecv_ptal_server_packets" lineno="69553">
 <summary>
-Send and receive ocsp_server packets.
+Send and receive ptal_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49038,9 +51355,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_ocsp_server_packets" lineno="45645">
+<interface name="corenet_dontaudit_sendrecv_ptal_server_packets" lineno="69569">
 <summary>
-Do not audit attempts to send and receive ocsp_server packets.
+Do not audit attempts to send and receive ptal_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49049,9 +51366,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_ocsp_server_packets" lineno="45660">
+<interface name="corenet_relabelto_ptal_server_packets" lineno="69584">
 <summary>
-Relabel packets to ocsp_server the packet type.
+Relabel packets to ptal_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -49059,9 +51376,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_openvpn_port" lineno="45682">
+<interface name="corenet_tcp_sendrecv_pulseaudio_port" lineno="69606">
 <summary>
-Send and receive TCP traffic on the openvpn port.
+Send and receive TCP traffic on the pulseaudio port.
 </summary>
 <param name="domain">
 <summary>
@@ -49070,9 +51387,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_openvpn_port" lineno="45701">
+<interface name="corenet_udp_send_pulseaudio_port" lineno="69625">
 <summary>
-Send UDP traffic on the openvpn port.
+Send UDP traffic on the pulseaudio port.
 </summary>
 <param name="domain">
 <summary>
@@ -49081,9 +51398,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_openvpn_port" lineno="45720">
+<interface name="corenet_dontaudit_udp_send_pulseaudio_port" lineno="69644">
 <summary>
-Do not audit attempts to send UDP traffic on the openvpn port.
+Do not audit attempts to send UDP traffic on the pulseaudio port.
 </summary>
 <param name="domain">
 <summary>
@@ -49092,9 +51409,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_openvpn_port" lineno="45739">
+<interface name="corenet_udp_receive_pulseaudio_port" lineno="69663">
 <summary>
-Receive UDP traffic on the openvpn port.
+Receive UDP traffic on the pulseaudio port.
 </summary>
 <param name="domain">
 <summary>
@@ -49103,9 +51420,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_openvpn_port" lineno="45758">
+<interface name="corenet_dontaudit_udp_receive_pulseaudio_port" lineno="69682">
 <summary>
-Do not audit attempts to receive UDP traffic on the openvpn port.
+Do not audit attempts to receive UDP traffic on the pulseaudio port.
 </summary>
 <param name="domain">
 <summary>
@@ -49114,9 +51431,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_openvpn_port" lineno="45777">
+<interface name="corenet_udp_sendrecv_pulseaudio_port" lineno="69701">
 <summary>
-Send and receive UDP traffic on the openvpn port.
+Send and receive UDP traffic on the pulseaudio port.
 </summary>
 <param name="domain">
 <summary>
@@ -49125,10 +51442,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_openvpn_port" lineno="45794">
+<interface name="corenet_dontaudit_udp_sendrecv_pulseaudio_port" lineno="69718">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the openvpn port.
+UDP traffic on the pulseaudio port.
 </summary>
 <param name="domain">
 <summary>
@@ -49137,9 +51454,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_openvpn_port" lineno="45810">
+<interface name="corenet_tcp_bind_pulseaudio_port" lineno="69734">
 <summary>
-Bind TCP sockets to the openvpn port.
+Bind TCP sockets to the pulseaudio port.
 </summary>
 <param name="domain">
 <summary>
@@ -49148,9 +51465,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_openvpn_port" lineno="45830">
+<interface name="corenet_udp_bind_pulseaudio_port" lineno="69754">
 <summary>
-Bind UDP sockets to the openvpn port.
+Bind UDP sockets to the pulseaudio port.
 </summary>
 <param name="domain">
 <summary>
@@ -49159,9 +51476,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_openvpn_port" lineno="45849">
+<interface name="corenet_tcp_connect_pulseaudio_port" lineno="69773">
 <summary>
-Make a TCP connection to the openvpn port.
+Make a TCP connection to the pulseaudio port.
 </summary>
 <param name="domain">
 <summary>
@@ -49169,9 +51486,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_openvpn_client_packets" lineno="45869">
+<interface name="corenet_send_pulseaudio_client_packets" lineno="69793">
 <summary>
-Send openvpn_client packets.
+Send pulseaudio_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49180,9 +51497,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_openvpn_client_packets" lineno="45888">
+<interface name="corenet_dontaudit_send_pulseaudio_client_packets" lineno="69812">
 <summary>
-Do not audit attempts to send openvpn_client packets.
+Do not audit attempts to send pulseaudio_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49191,9 +51508,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_openvpn_client_packets" lineno="45907">
+<interface name="corenet_receive_pulseaudio_client_packets" lineno="69831">
 <summary>
-Receive openvpn_client packets.
+Receive pulseaudio_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49202,9 +51519,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_openvpn_client_packets" lineno="45926">
+<interface name="corenet_dontaudit_receive_pulseaudio_client_packets" lineno="69850">
 <summary>
-Do not audit attempts to receive openvpn_client packets.
+Do not audit attempts to receive pulseaudio_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49213,9 +51530,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_openvpn_client_packets" lineno="45945">
+<interface name="corenet_sendrecv_pulseaudio_client_packets" lineno="69869">
 <summary>
-Send and receive openvpn_client packets.
+Send and receive pulseaudio_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49224,9 +51541,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_openvpn_client_packets" lineno="45961">
+<interface name="corenet_dontaudit_sendrecv_pulseaudio_client_packets" lineno="69885">
 <summary>
-Do not audit attempts to send and receive openvpn_client packets.
+Do not audit attempts to send and receive pulseaudio_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49235,9 +51552,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_openvpn_client_packets" lineno="45976">
+<interface name="corenet_relabelto_pulseaudio_client_packets" lineno="69900">
 <summary>
-Relabel packets to openvpn_client the packet type.
+Relabel packets to pulseaudio_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -49245,9 +51562,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_openvpn_server_packets" lineno="45996">
+<interface name="corenet_send_pulseaudio_server_packets" lineno="69920">
 <summary>
-Send openvpn_server packets.
+Send pulseaudio_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49256,9 +51573,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_openvpn_server_packets" lineno="46015">
+<interface name="corenet_dontaudit_send_pulseaudio_server_packets" lineno="69939">
 <summary>
-Do not audit attempts to send openvpn_server packets.
+Do not audit attempts to send pulseaudio_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49267,9 +51584,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_openvpn_server_packets" lineno="46034">
+<interface name="corenet_receive_pulseaudio_server_packets" lineno="69958">
 <summary>
-Receive openvpn_server packets.
+Receive pulseaudio_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49278,9 +51595,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_openvpn_server_packets" lineno="46053">
+<interface name="corenet_dontaudit_receive_pulseaudio_server_packets" lineno="69977">
 <summary>
-Do not audit attempts to receive openvpn_server packets.
+Do not audit attempts to receive pulseaudio_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49289,9 +51606,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_openvpn_server_packets" lineno="46072">
+<interface name="corenet_sendrecv_pulseaudio_server_packets" lineno="69996">
 <summary>
-Send and receive openvpn_server packets.
+Send and receive pulseaudio_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49300,9 +51617,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_openvpn_server_packets" lineno="46088">
+<interface name="corenet_dontaudit_sendrecv_pulseaudio_server_packets" lineno="70012">
 <summary>
-Do not audit attempts to send and receive openvpn_server packets.
+Do not audit attempts to send and receive pulseaudio_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49311,9 +51628,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_openvpn_server_packets" lineno="46103">
+<interface name="corenet_relabelto_pulseaudio_server_packets" lineno="70027">
 <summary>
-Relabel packets to openvpn_server the packet type.
+Relabel packets to pulseaudio_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -49321,9 +51638,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_pegasus_http_port" lineno="46125">
+<interface name="corenet_tcp_sendrecv_puppet_port" lineno="70049">
 <summary>
-Send and receive TCP traffic on the pegasus_http port.
+Send and receive TCP traffic on the puppet port.
 </summary>
 <param name="domain">
 <summary>
@@ -49332,9 +51649,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_pegasus_http_port" lineno="46144">
+<interface name="corenet_udp_send_puppet_port" lineno="70068">
 <summary>
-Send UDP traffic on the pegasus_http port.
+Send UDP traffic on the puppet port.
 </summary>
 <param name="domain">
 <summary>
@@ -49343,9 +51660,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_pegasus_http_port" lineno="46163">
+<interface name="corenet_dontaudit_udp_send_puppet_port" lineno="70087">
 <summary>
-Do not audit attempts to send UDP traffic on the pegasus_http port.
+Do not audit attempts to send UDP traffic on the puppet port.
 </summary>
 <param name="domain">
 <summary>
@@ -49354,9 +51671,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_pegasus_http_port" lineno="46182">
+<interface name="corenet_udp_receive_puppet_port" lineno="70106">
 <summary>
-Receive UDP traffic on the pegasus_http port.
+Receive UDP traffic on the puppet port.
 </summary>
 <param name="domain">
 <summary>
@@ -49365,9 +51682,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_pegasus_http_port" lineno="46201">
+<interface name="corenet_dontaudit_udp_receive_puppet_port" lineno="70125">
 <summary>
-Do not audit attempts to receive UDP traffic on the pegasus_http port.
+Do not audit attempts to receive UDP traffic on the puppet port.
 </summary>
 <param name="domain">
 <summary>
@@ -49376,9 +51693,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_pegasus_http_port" lineno="46220">
+<interface name="corenet_udp_sendrecv_puppet_port" lineno="70144">
 <summary>
-Send and receive UDP traffic on the pegasus_http port.
+Send and receive UDP traffic on the puppet port.
 </summary>
 <param name="domain">
 <summary>
@@ -49387,10 +51704,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_pegasus_http_port" lineno="46237">
+<interface name="corenet_dontaudit_udp_sendrecv_puppet_port" lineno="70161">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the pegasus_http port.
+UDP traffic on the puppet port.
 </summary>
 <param name="domain">
 <summary>
@@ -49399,9 +51716,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_pegasus_http_port" lineno="46253">
+<interface name="corenet_tcp_bind_puppet_port" lineno="70177">
 <summary>
-Bind TCP sockets to the pegasus_http port.
+Bind TCP sockets to the puppet port.
 </summary>
 <param name="domain">
 <summary>
@@ -49410,9 +51727,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_pegasus_http_port" lineno="46273">
+<interface name="corenet_udp_bind_puppet_port" lineno="70197">
 <summary>
-Bind UDP sockets to the pegasus_http port.
+Bind UDP sockets to the puppet port.
 </summary>
 <param name="domain">
 <summary>
@@ -49421,9 +51738,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_pegasus_http_port" lineno="46292">
+<interface name="corenet_tcp_connect_puppet_port" lineno="70216">
 <summary>
-Make a TCP connection to the pegasus_http port.
+Make a TCP connection to the puppet port.
 </summary>
 <param name="domain">
 <summary>
@@ -49431,9 +51748,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_pegasus_http_client_packets" lineno="46312">
+<interface name="corenet_send_puppet_client_packets" lineno="70236">
 <summary>
-Send pegasus_http_client packets.
+Send puppet_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49442,9 +51759,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_pegasus_http_client_packets" lineno="46331">
+<interface name="corenet_dontaudit_send_puppet_client_packets" lineno="70255">
 <summary>
-Do not audit attempts to send pegasus_http_client packets.
+Do not audit attempts to send puppet_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49453,9 +51770,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_pegasus_http_client_packets" lineno="46350">
+<interface name="corenet_receive_puppet_client_packets" lineno="70274">
 <summary>
-Receive pegasus_http_client packets.
+Receive puppet_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49464,9 +51781,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_pegasus_http_client_packets" lineno="46369">
+<interface name="corenet_dontaudit_receive_puppet_client_packets" lineno="70293">
 <summary>
-Do not audit attempts to receive pegasus_http_client packets.
+Do not audit attempts to receive puppet_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49475,9 +51792,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_pegasus_http_client_packets" lineno="46388">
+<interface name="corenet_sendrecv_puppet_client_packets" lineno="70312">
 <summary>
-Send and receive pegasus_http_client packets.
+Send and receive puppet_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49486,9 +51803,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_pegasus_http_client_packets" lineno="46404">
+<interface name="corenet_dontaudit_sendrecv_puppet_client_packets" lineno="70328">
 <summary>
-Do not audit attempts to send and receive pegasus_http_client packets.
+Do not audit attempts to send and receive puppet_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49497,9 +51814,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_pegasus_http_client_packets" lineno="46419">
+<interface name="corenet_relabelto_puppet_client_packets" lineno="70343">
 <summary>
-Relabel packets to pegasus_http_client the packet type.
+Relabel packets to puppet_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -49507,9 +51824,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_pegasus_http_server_packets" lineno="46439">
+<interface name="corenet_send_puppet_server_packets" lineno="70363">
 <summary>
-Send pegasus_http_server packets.
+Send puppet_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49518,9 +51835,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_pegasus_http_server_packets" lineno="46458">
+<interface name="corenet_dontaudit_send_puppet_server_packets" lineno="70382">
 <summary>
-Do not audit attempts to send pegasus_http_server packets.
+Do not audit attempts to send puppet_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49529,9 +51846,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_pegasus_http_server_packets" lineno="46477">
+<interface name="corenet_receive_puppet_server_packets" lineno="70401">
 <summary>
-Receive pegasus_http_server packets.
+Receive puppet_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49540,9 +51857,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_pegasus_http_server_packets" lineno="46496">
+<interface name="corenet_dontaudit_receive_puppet_server_packets" lineno="70420">
 <summary>
-Do not audit attempts to receive pegasus_http_server packets.
+Do not audit attempts to receive puppet_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49551,9 +51868,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_pegasus_http_server_packets" lineno="46515">
+<interface name="corenet_sendrecv_puppet_server_packets" lineno="70439">
 <summary>
-Send and receive pegasus_http_server packets.
+Send and receive puppet_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49562,9 +51879,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_pegasus_http_server_packets" lineno="46531">
+<interface name="corenet_dontaudit_sendrecv_puppet_server_packets" lineno="70455">
 <summary>
-Do not audit attempts to send and receive pegasus_http_server packets.
+Do not audit attempts to send and receive puppet_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49573,9 +51890,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_pegasus_http_server_packets" lineno="46546">
+<interface name="corenet_relabelto_puppet_server_packets" lineno="70470">
 <summary>
-Relabel packets to pegasus_http_server the packet type.
+Relabel packets to puppet_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -49583,9 +51900,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_pegasus_https_port" lineno="46568">
+<interface name="corenet_tcp_sendrecv_puppetclient_port" lineno="70492">
 <summary>
-Send and receive TCP traffic on the pegasus_https port.
+Send and receive TCP traffic on the puppetclient port.
 </summary>
 <param name="domain">
 <summary>
@@ -49594,9 +51911,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_pegasus_https_port" lineno="46587">
+<interface name="corenet_udp_send_puppetclient_port" lineno="70511">
 <summary>
-Send UDP traffic on the pegasus_https port.
+Send UDP traffic on the puppetclient port.
 </summary>
 <param name="domain">
 <summary>
@@ -49605,9 +51922,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_pegasus_https_port" lineno="46606">
+<interface name="corenet_dontaudit_udp_send_puppetclient_port" lineno="70530">
 <summary>
-Do not audit attempts to send UDP traffic on the pegasus_https port.
+Do not audit attempts to send UDP traffic on the puppetclient port.
 </summary>
 <param name="domain">
 <summary>
@@ -49616,9 +51933,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_pegasus_https_port" lineno="46625">
+<interface name="corenet_udp_receive_puppetclient_port" lineno="70549">
 <summary>
-Receive UDP traffic on the pegasus_https port.
+Receive UDP traffic on the puppetclient port.
 </summary>
 <param name="domain">
 <summary>
@@ -49627,9 +51944,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_pegasus_https_port" lineno="46644">
+<interface name="corenet_dontaudit_udp_receive_puppetclient_port" lineno="70568">
 <summary>
-Do not audit attempts to receive UDP traffic on the pegasus_https port.
+Do not audit attempts to receive UDP traffic on the puppetclient port.
 </summary>
 <param name="domain">
 <summary>
@@ -49638,9 +51955,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_pegasus_https_port" lineno="46663">
+<interface name="corenet_udp_sendrecv_puppetclient_port" lineno="70587">
 <summary>
-Send and receive UDP traffic on the pegasus_https port.
+Send and receive UDP traffic on the puppetclient port.
 </summary>
 <param name="domain">
 <summary>
@@ -49649,10 +51966,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_pegasus_https_port" lineno="46680">
+<interface name="corenet_dontaudit_udp_sendrecv_puppetclient_port" lineno="70604">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the pegasus_https port.
+UDP traffic on the puppetclient port.
 </summary>
 <param name="domain">
 <summary>
@@ -49661,9 +51978,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_pegasus_https_port" lineno="46696">
+<interface name="corenet_tcp_bind_puppetclient_port" lineno="70620">
 <summary>
-Bind TCP sockets to the pegasus_https port.
+Bind TCP sockets to the puppetclient port.
 </summary>
 <param name="domain">
 <summary>
@@ -49672,9 +51989,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_pegasus_https_port" lineno="46716">
+<interface name="corenet_udp_bind_puppetclient_port" lineno="70640">
 <summary>
-Bind UDP sockets to the pegasus_https port.
+Bind UDP sockets to the puppetclient port.
 </summary>
 <param name="domain">
 <summary>
@@ -49683,9 +52000,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_pegasus_https_port" lineno="46735">
+<interface name="corenet_tcp_connect_puppetclient_port" lineno="70659">
 <summary>
-Make a TCP connection to the pegasus_https port.
+Make a TCP connection to the puppetclient port.
 </summary>
 <param name="domain">
 <summary>
@@ -49693,9 +52010,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_pegasus_https_client_packets" lineno="46755">
+<interface name="corenet_send_puppetclient_client_packets" lineno="70679">
 <summary>
-Send pegasus_https_client packets.
+Send puppetclient_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49704,9 +52021,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_pegasus_https_client_packets" lineno="46774">
+<interface name="corenet_dontaudit_send_puppetclient_client_packets" lineno="70698">
 <summary>
-Do not audit attempts to send pegasus_https_client packets.
+Do not audit attempts to send puppetclient_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49715,9 +52032,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_pegasus_https_client_packets" lineno="46793">
+<interface name="corenet_receive_puppetclient_client_packets" lineno="70717">
 <summary>
-Receive pegasus_https_client packets.
+Receive puppetclient_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49726,9 +52043,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_pegasus_https_client_packets" lineno="46812">
+<interface name="corenet_dontaudit_receive_puppetclient_client_packets" lineno="70736">
 <summary>
-Do not audit attempts to receive pegasus_https_client packets.
+Do not audit attempts to receive puppetclient_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49737,9 +52054,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_pegasus_https_client_packets" lineno="46831">
+<interface name="corenet_sendrecv_puppetclient_client_packets" lineno="70755">
 <summary>
-Send and receive pegasus_https_client packets.
+Send and receive puppetclient_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49748,9 +52065,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_pegasus_https_client_packets" lineno="46847">
+<interface name="corenet_dontaudit_sendrecv_puppetclient_client_packets" lineno="70771">
 <summary>
-Do not audit attempts to send and receive pegasus_https_client packets.
+Do not audit attempts to send and receive puppetclient_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49759,9 +52076,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_pegasus_https_client_packets" lineno="46862">
+<interface name="corenet_relabelto_puppetclient_client_packets" lineno="70786">
 <summary>
-Relabel packets to pegasus_https_client the packet type.
+Relabel packets to puppetclient_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -49769,9 +52086,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_pegasus_https_server_packets" lineno="46882">
+<interface name="corenet_send_puppetclient_server_packets" lineno="70806">
 <summary>
-Send pegasus_https_server packets.
+Send puppetclient_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49780,9 +52097,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_pegasus_https_server_packets" lineno="46901">
+<interface name="corenet_dontaudit_send_puppetclient_server_packets" lineno="70825">
 <summary>
-Do not audit attempts to send pegasus_https_server packets.
+Do not audit attempts to send puppetclient_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49791,9 +52108,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_pegasus_https_server_packets" lineno="46920">
+<interface name="corenet_receive_puppetclient_server_packets" lineno="70844">
 <summary>
-Receive pegasus_https_server packets.
+Receive puppetclient_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49802,9 +52119,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_pegasus_https_server_packets" lineno="46939">
+<interface name="corenet_dontaudit_receive_puppetclient_server_packets" lineno="70863">
 <summary>
-Do not audit attempts to receive pegasus_https_server packets.
+Do not audit attempts to receive puppetclient_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49813,9 +52130,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_pegasus_https_server_packets" lineno="46958">
+<interface name="corenet_sendrecv_puppetclient_server_packets" lineno="70882">
 <summary>
-Send and receive pegasus_https_server packets.
+Send and receive puppetclient_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49824,9 +52141,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_pegasus_https_server_packets" lineno="46974">
+<interface name="corenet_dontaudit_sendrecv_puppetclient_server_packets" lineno="70898">
 <summary>
-Do not audit attempts to send and receive pegasus_https_server packets.
+Do not audit attempts to send and receive puppetclient_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49835,9 +52152,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_pegasus_https_server_packets" lineno="46989">
+<interface name="corenet_relabelto_puppetclient_server_packets" lineno="70913">
 <summary>
-Relabel packets to pegasus_https_server the packet type.
+Relabel packets to puppetclient_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -49845,9 +52162,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_pgpkeyserver_port" lineno="47011">
+<interface name="corenet_tcp_sendrecv_pxe_port" lineno="70935">
 <summary>
-Send and receive TCP traffic on the pgpkeyserver port.
+Send and receive TCP traffic on the pxe port.
 </summary>
 <param name="domain">
 <summary>
@@ -49856,9 +52173,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_pgpkeyserver_port" lineno="47030">
+<interface name="corenet_udp_send_pxe_port" lineno="70954">
 <summary>
-Send UDP traffic on the pgpkeyserver port.
+Send UDP traffic on the pxe port.
 </summary>
 <param name="domain">
 <summary>
@@ -49867,9 +52184,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_pgpkeyserver_port" lineno="47049">
+<interface name="corenet_dontaudit_udp_send_pxe_port" lineno="70973">
 <summary>
-Do not audit attempts to send UDP traffic on the pgpkeyserver port.
+Do not audit attempts to send UDP traffic on the pxe port.
 </summary>
 <param name="domain">
 <summary>
@@ -49878,9 +52195,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_pgpkeyserver_port" lineno="47068">
+<interface name="corenet_udp_receive_pxe_port" lineno="70992">
 <summary>
-Receive UDP traffic on the pgpkeyserver port.
+Receive UDP traffic on the pxe port.
 </summary>
 <param name="domain">
 <summary>
@@ -49889,9 +52206,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_pgpkeyserver_port" lineno="47087">
+<interface name="corenet_dontaudit_udp_receive_pxe_port" lineno="71011">
 <summary>
-Do not audit attempts to receive UDP traffic on the pgpkeyserver port.
+Do not audit attempts to receive UDP traffic on the pxe port.
 </summary>
 <param name="domain">
 <summary>
@@ -49900,9 +52217,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_pgpkeyserver_port" lineno="47106">
+<interface name="corenet_udp_sendrecv_pxe_port" lineno="71030">
 <summary>
-Send and receive UDP traffic on the pgpkeyserver port.
+Send and receive UDP traffic on the pxe port.
 </summary>
 <param name="domain">
 <summary>
@@ -49911,10 +52228,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_pgpkeyserver_port" lineno="47123">
+<interface name="corenet_dontaudit_udp_sendrecv_pxe_port" lineno="71047">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the pgpkeyserver port.
+UDP traffic on the pxe port.
 </summary>
 <param name="domain">
 <summary>
@@ -49923,9 +52240,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_pgpkeyserver_port" lineno="47139">
+<interface name="corenet_tcp_bind_pxe_port" lineno="71063">
 <summary>
-Bind TCP sockets to the pgpkeyserver port.
+Bind TCP sockets to the pxe port.
 </summary>
 <param name="domain">
 <summary>
@@ -49934,9 +52251,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_pgpkeyserver_port" lineno="47159">
+<interface name="corenet_udp_bind_pxe_port" lineno="71083">
 <summary>
-Bind UDP sockets to the pgpkeyserver port.
+Bind UDP sockets to the pxe port.
 </summary>
 <param name="domain">
 <summary>
@@ -49945,9 +52262,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_pgpkeyserver_port" lineno="47178">
+<interface name="corenet_tcp_connect_pxe_port" lineno="71102">
 <summary>
-Make a TCP connection to the pgpkeyserver port.
+Make a TCP connection to the pxe port.
 </summary>
 <param name="domain">
 <summary>
@@ -49955,9 +52272,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_pgpkeyserver_client_packets" lineno="47198">
+<interface name="corenet_send_pxe_client_packets" lineno="71122">
 <summary>
-Send pgpkeyserver_client packets.
+Send pxe_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49966,9 +52283,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_pgpkeyserver_client_packets" lineno="47217">
+<interface name="corenet_dontaudit_send_pxe_client_packets" lineno="71141">
 <summary>
-Do not audit attempts to send pgpkeyserver_client packets.
+Do not audit attempts to send pxe_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49977,9 +52294,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_pgpkeyserver_client_packets" lineno="47236">
+<interface name="corenet_receive_pxe_client_packets" lineno="71160">
 <summary>
-Receive pgpkeyserver_client packets.
+Receive pxe_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49988,9 +52305,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_pgpkeyserver_client_packets" lineno="47255">
+<interface name="corenet_dontaudit_receive_pxe_client_packets" lineno="71179">
 <summary>
-Do not audit attempts to receive pgpkeyserver_client packets.
+Do not audit attempts to receive pxe_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -49999,9 +52316,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_pgpkeyserver_client_packets" lineno="47274">
+<interface name="corenet_sendrecv_pxe_client_packets" lineno="71198">
 <summary>
-Send and receive pgpkeyserver_client packets.
+Send and receive pxe_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -50010,9 +52327,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_pgpkeyserver_client_packets" lineno="47290">
+<interface name="corenet_dontaudit_sendrecv_pxe_client_packets" lineno="71214">
 <summary>
-Do not audit attempts to send and receive pgpkeyserver_client packets.
+Do not audit attempts to send and receive pxe_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -50021,9 +52338,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_pgpkeyserver_client_packets" lineno="47305">
+<interface name="corenet_relabelto_pxe_client_packets" lineno="71229">
 <summary>
-Relabel packets to pgpkeyserver_client the packet type.
+Relabel packets to pxe_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -50031,9 +52348,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_pgpkeyserver_server_packets" lineno="47325">
+<interface name="corenet_send_pxe_server_packets" lineno="71249">
 <summary>
-Send pgpkeyserver_server packets.
+Send pxe_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -50042,9 +52359,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_pgpkeyserver_server_packets" lineno="47344">
+<interface name="corenet_dontaudit_send_pxe_server_packets" lineno="71268">
 <summary>
-Do not audit attempts to send pgpkeyserver_server packets.
+Do not audit attempts to send pxe_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -50053,9 +52370,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_pgpkeyserver_server_packets" lineno="47363">
+<interface name="corenet_receive_pxe_server_packets" lineno="71287">
 <summary>
-Receive pgpkeyserver_server packets.
+Receive pxe_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -50064,9 +52381,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_pgpkeyserver_server_packets" lineno="47382">
+<interface name="corenet_dontaudit_receive_pxe_server_packets" lineno="71306">
 <summary>
-Do not audit attempts to receive pgpkeyserver_server packets.
+Do not audit attempts to receive pxe_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -50075,9 +52392,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_pgpkeyserver_server_packets" lineno="47401">
+<interface name="corenet_sendrecv_pxe_server_packets" lineno="71325">
 <summary>
-Send and receive pgpkeyserver_server packets.
+Send and receive pxe_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -50086,9 +52403,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_pgpkeyserver_server_packets" lineno="47417">
+<interface name="corenet_dontaudit_sendrecv_pxe_server_packets" lineno="71341">
 <summary>
-Do not audit attempts to send and receive pgpkeyserver_server packets.
+Do not audit attempts to send and receive pxe_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -50097,9 +52414,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_pgpkeyserver_server_packets" lineno="47432">
+<interface name="corenet_relabelto_pxe_server_packets" lineno="71356">
 <summary>
-Relabel packets to pgpkeyserver_server the packet type.
+Relabel packets to pxe_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -50107,9 +52424,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_pingd_port" lineno="47454">
+<interface name="corenet_tcp_sendrecv_pyzor_port" lineno="71378">
 <summary>
-Send and receive TCP traffic on the pingd port.
+Send and receive TCP traffic on the pyzor port.
 </summary>
 <param name="domain">
 <summary>
@@ -50118,9 +52435,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_pingd_port" lineno="47473">
+<interface name="corenet_udp_send_pyzor_port" lineno="71397">
 <summary>
-Send UDP traffic on the pingd port.
+Send UDP traffic on the pyzor port.
 </summary>
 <param name="domain">
 <summary>
@@ -50129,9 +52446,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_pingd_port" lineno="47492">
+<interface name="corenet_dontaudit_udp_send_pyzor_port" lineno="71416">
 <summary>
-Do not audit attempts to send UDP traffic on the pingd port.
+Do not audit attempts to send UDP traffic on the pyzor port.
 </summary>
 <param name="domain">
 <summary>
@@ -50140,9 +52457,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_pingd_port" lineno="47511">
+<interface name="corenet_udp_receive_pyzor_port" lineno="71435">
 <summary>
-Receive UDP traffic on the pingd port.
+Receive UDP traffic on the pyzor port.
 </summary>
 <param name="domain">
 <summary>
@@ -50151,9 +52468,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_pingd_port" lineno="47530">
+<interface name="corenet_dontaudit_udp_receive_pyzor_port" lineno="71454">
 <summary>
-Do not audit attempts to receive UDP traffic on the pingd port.
+Do not audit attempts to receive UDP traffic on the pyzor port.
 </summary>
 <param name="domain">
 <summary>
@@ -50162,9 +52479,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_pingd_port" lineno="47549">
+<interface name="corenet_udp_sendrecv_pyzor_port" lineno="71473">
 <summary>
-Send and receive UDP traffic on the pingd port.
+Send and receive UDP traffic on the pyzor port.
 </summary>
 <param name="domain">
 <summary>
@@ -50173,10 +52490,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_pingd_port" lineno="47566">
+<interface name="corenet_dontaudit_udp_sendrecv_pyzor_port" lineno="71490">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the pingd port.
+UDP traffic on the pyzor port.
 </summary>
 <param name="domain">
 <summary>
@@ -50185,9 +52502,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_pingd_port" lineno="47582">
+<interface name="corenet_tcp_bind_pyzor_port" lineno="71506">
 <summary>
-Bind TCP sockets to the pingd port.
+Bind TCP sockets to the pyzor port.
 </summary>
 <param name="domain">
 <summary>
@@ -50196,9 +52513,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_pingd_port" lineno="47602">
+<interface name="corenet_udp_bind_pyzor_port" lineno="71526">
 <summary>
-Bind UDP sockets to the pingd port.
+Bind UDP sockets to the pyzor port.
 </summary>
 <param name="domain">
 <summary>
@@ -50207,9 +52524,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_pingd_port" lineno="47621">
+<interface name="corenet_tcp_connect_pyzor_port" lineno="71545">
 <summary>
-Make a TCP connection to the pingd port.
+Make a TCP connection to the pyzor port.
 </summary>
 <param name="domain">
 <summary>
@@ -50217,9 +52534,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_pingd_client_packets" lineno="47641">
+<interface name="corenet_send_pyzor_client_packets" lineno="71565">
 <summary>
-Send pingd_client packets.
+Send pyzor_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -50228,9 +52545,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_pingd_client_packets" lineno="47660">
+<interface name="corenet_dontaudit_send_pyzor_client_packets" lineno="71584">
 <summary>
-Do not audit attempts to send pingd_client packets.
+Do not audit attempts to send pyzor_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -50239,9 +52556,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_pingd_client_packets" lineno="47679">
+<interface name="corenet_receive_pyzor_client_packets" lineno="71603">
 <summary>
-Receive pingd_client packets.
+Receive pyzor_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -50250,9 +52567,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_pingd_client_packets" lineno="47698">
+<interface name="corenet_dontaudit_receive_pyzor_client_packets" lineno="71622">
 <summary>
-Do not audit attempts to receive pingd_client packets.
+Do not audit attempts to receive pyzor_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -50261,9 +52578,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_pingd_client_packets" lineno="47717">
+<interface name="corenet_sendrecv_pyzor_client_packets" lineno="71641">
 <summary>
-Send and receive pingd_client packets.
+Send and receive pyzor_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -50272,9 +52589,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_pingd_client_packets" lineno="47733">
+<interface name="corenet_dontaudit_sendrecv_pyzor_client_packets" lineno="71657">
 <summary>
-Do not audit attempts to send and receive pingd_client packets.
+Do not audit attempts to send and receive pyzor_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -50283,9 +52600,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_pingd_client_packets" lineno="47748">
+<interface name="corenet_relabelto_pyzor_client_packets" lineno="71672">
 <summary>
-Relabel packets to pingd_client the packet type.
+Relabel packets to pyzor_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -50293,9 +52610,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_pingd_server_packets" lineno="47768">
+<interface name="corenet_send_pyzor_server_packets" lineno="71692">
 <summary>
-Send pingd_server packets.
+Send pyzor_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -50304,9 +52621,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_pingd_server_packets" lineno="47787">
+<interface name="corenet_dontaudit_send_pyzor_server_packets" lineno="71711">
 <summary>
-Do not audit attempts to send pingd_server packets.
+Do not audit attempts to send pyzor_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -50315,9 +52632,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_pingd_server_packets" lineno="47806">
+<interface name="corenet_receive_pyzor_server_packets" lineno="71730">
 <summary>
-Receive pingd_server packets.
+Receive pyzor_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -50326,9 +52643,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_pingd_server_packets" lineno="47825">
+<interface name="corenet_dontaudit_receive_pyzor_server_packets" lineno="71749">
 <summary>
-Do not audit attempts to receive pingd_server packets.
+Do not audit attempts to receive pyzor_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -50337,9 +52654,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_pingd_server_packets" lineno="47844">
+<interface name="corenet_sendrecv_pyzor_server_packets" lineno="71768">
 <summary>
-Send and receive pingd_server packets.
+Send and receive pyzor_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -50348,9 +52665,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_pingd_server_packets" lineno="47860">
+<interface name="corenet_dontaudit_sendrecv_pyzor_server_packets" lineno="71784">
 <summary>
-Do not audit attempts to send and receive pingd_server packets.
+Do not audit attempts to send and receive pyzor_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -50359,9 +52676,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_pingd_server_packets" lineno="47875">
+<interface name="corenet_relabelto_pyzor_server_packets" lineno="71799">
 <summary>
-Relabel packets to pingd_server the packet type.
+Relabel packets to pyzor_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -50369,9 +52686,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_pop_port" lineno="47897">
+<interface name="corenet_tcp_sendrecv_radacct_port" lineno="71821">
 <summary>
-Send and receive TCP traffic on the pop port.
+Send and receive TCP traffic on the radacct port.
 </summary>
 <param name="domain">
 <summary>
@@ -50380,9 +52697,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_pop_port" lineno="47916">
+<interface name="corenet_udp_send_radacct_port" lineno="71840">
 <summary>
-Send UDP traffic on the pop port.
+Send UDP traffic on the radacct port.
 </summary>
 <param name="domain">
 <summary>
@@ -50391,9 +52708,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_pop_port" lineno="47935">
+<interface name="corenet_dontaudit_udp_send_radacct_port" lineno="71859">
 <summary>
-Do not audit attempts to send UDP traffic on the pop port.
+Do not audit attempts to send UDP traffic on the radacct port.
 </summary>
 <param name="domain">
 <summary>
@@ -50402,9 +52719,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_pop_port" lineno="47954">
+<interface name="corenet_udp_receive_radacct_port" lineno="71878">
 <summary>
-Receive UDP traffic on the pop port.
+Receive UDP traffic on the radacct port.
 </summary>
 <param name="domain">
 <summary>
@@ -50413,9 +52730,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_pop_port" lineno="47973">
+<interface name="corenet_dontaudit_udp_receive_radacct_port" lineno="71897">
 <summary>
-Do not audit attempts to receive UDP traffic on the pop port.
+Do not audit attempts to receive UDP traffic on the radacct port.
 </summary>
 <param name="domain">
 <summary>
@@ -50424,9 +52741,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_pop_port" lineno="47992">
+<interface name="corenet_udp_sendrecv_radacct_port" lineno="71916">
 <summary>
-Send and receive UDP traffic on the pop port.
+Send and receive UDP traffic on the radacct port.
 </summary>
 <param name="domain">
 <summary>
@@ -50435,10 +52752,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_pop_port" lineno="48009">
+<interface name="corenet_dontaudit_udp_sendrecv_radacct_port" lineno="71933">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the pop port.
+UDP traffic on the radacct port.
 </summary>
 <param name="domain">
 <summary>
@@ -50447,9 +52764,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_pop_port" lineno="48025">
+<interface name="corenet_tcp_bind_radacct_port" lineno="71949">
 <summary>
-Bind TCP sockets to the pop port.
+Bind TCP sockets to the radacct port.
 </summary>
 <param name="domain">
 <summary>
@@ -50458,9 +52775,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_pop_port" lineno="48045">
+<interface name="corenet_udp_bind_radacct_port" lineno="71969">
 <summary>
-Bind UDP sockets to the pop port.
+Bind UDP sockets to the radacct port.
 </summary>
 <param name="domain">
 <summary>
@@ -50469,9 +52786,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_pop_port" lineno="48064">
+<interface name="corenet_tcp_connect_radacct_port" lineno="71988">
 <summary>
-Make a TCP connection to the pop port.
+Make a TCP connection to the radacct port.
 </summary>
 <param name="domain">
 <summary>
@@ -50479,9 +52796,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_pop_client_packets" lineno="48084">
+<interface name="corenet_send_radacct_client_packets" lineno="72008">
 <summary>
-Send pop_client packets.
+Send radacct_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -50490,9 +52807,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_pop_client_packets" lineno="48103">
+<interface name="corenet_dontaudit_send_radacct_client_packets" lineno="72027">
 <summary>
-Do not audit attempts to send pop_client packets.
+Do not audit attempts to send radacct_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -50501,9 +52818,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_pop_client_packets" lineno="48122">
+<interface name="corenet_receive_radacct_client_packets" lineno="72046">
 <summary>
-Receive pop_client packets.
+Receive radacct_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -50512,9 +52829,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_pop_client_packets" lineno="48141">
+<interface name="corenet_dontaudit_receive_radacct_client_packets" lineno="72065">
 <summary>
-Do not audit attempts to receive pop_client packets.
+Do not audit attempts to receive radacct_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -50523,9 +52840,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_pop_client_packets" lineno="48160">
+<interface name="corenet_sendrecv_radacct_client_packets" lineno="72084">
 <summary>
-Send and receive pop_client packets.
+Send and receive radacct_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -50534,9 +52851,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_pop_client_packets" lineno="48176">
+<interface name="corenet_dontaudit_sendrecv_radacct_client_packets" lineno="72100">
 <summary>
-Do not audit attempts to send and receive pop_client packets.
+Do not audit attempts to send and receive radacct_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -50545,9 +52862,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_pop_client_packets" lineno="48191">
+<interface name="corenet_relabelto_radacct_client_packets" lineno="72115">
 <summary>
-Relabel packets to pop_client the packet type.
+Relabel packets to radacct_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -50555,9 +52872,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_pop_server_packets" lineno="48211">
+<interface name="corenet_send_radacct_server_packets" lineno="72135">
 <summary>
-Send pop_server packets.
+Send radacct_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -50566,9 +52883,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_pop_server_packets" lineno="48230">
+<interface name="corenet_dontaudit_send_radacct_server_packets" lineno="72154">
 <summary>
-Do not audit attempts to send pop_server packets.
+Do not audit attempts to send radacct_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -50577,9 +52894,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_pop_server_packets" lineno="48249">
+<interface name="corenet_receive_radacct_server_packets" lineno="72173">
 <summary>
-Receive pop_server packets.
+Receive radacct_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -50588,9 +52905,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_pop_server_packets" lineno="48268">
+<interface name="corenet_dontaudit_receive_radacct_server_packets" lineno="72192">
 <summary>
-Do not audit attempts to receive pop_server packets.
+Do not audit attempts to receive radacct_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -50599,9 +52916,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_pop_server_packets" lineno="48287">
+<interface name="corenet_sendrecv_radacct_server_packets" lineno="72211">
 <summary>
-Send and receive pop_server packets.
+Send and receive radacct_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -50610,9 +52927,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_pop_server_packets" lineno="48303">
+<interface name="corenet_dontaudit_sendrecv_radacct_server_packets" lineno="72227">
 <summary>
-Do not audit attempts to send and receive pop_server packets.
+Do not audit attempts to send and receive radacct_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -50621,9 +52938,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_pop_server_packets" lineno="48318">
+<interface name="corenet_relabelto_radacct_server_packets" lineno="72242">
 <summary>
-Relabel packets to pop_server the packet type.
+Relabel packets to radacct_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -50631,9 +52948,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_portmap_port" lineno="48340">
+<interface name="corenet_tcp_sendrecv_radius_port" lineno="72264">
 <summary>
-Send and receive TCP traffic on the portmap port.
+Send and receive TCP traffic on the radius port.
 </summary>
 <param name="domain">
 <summary>
@@ -50642,9 +52959,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_portmap_port" lineno="48359">
+<interface name="corenet_udp_send_radius_port" lineno="72283">
 <summary>
-Send UDP traffic on the portmap port.
+Send UDP traffic on the radius port.
 </summary>
 <param name="domain">
 <summary>
@@ -50653,9 +52970,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_portmap_port" lineno="48378">
+<interface name="corenet_dontaudit_udp_send_radius_port" lineno="72302">
 <summary>
-Do not audit attempts to send UDP traffic on the portmap port.
+Do not audit attempts to send UDP traffic on the radius port.
 </summary>
 <param name="domain">
 <summary>
@@ -50664,9 +52981,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_portmap_port" lineno="48397">
+<interface name="corenet_udp_receive_radius_port" lineno="72321">
 <summary>
-Receive UDP traffic on the portmap port.
+Receive UDP traffic on the radius port.
 </summary>
 <param name="domain">
 <summary>
@@ -50675,9 +52992,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_portmap_port" lineno="48416">
+<interface name="corenet_dontaudit_udp_receive_radius_port" lineno="72340">
 <summary>
-Do not audit attempts to receive UDP traffic on the portmap port.
+Do not audit attempts to receive UDP traffic on the radius port.
 </summary>
 <param name="domain">
 <summary>
@@ -50686,9 +53003,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_portmap_port" lineno="48435">
+<interface name="corenet_udp_sendrecv_radius_port" lineno="72359">
 <summary>
-Send and receive UDP traffic on the portmap port.
+Send and receive UDP traffic on the radius port.
 </summary>
 <param name="domain">
 <summary>
@@ -50697,10 +53014,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_portmap_port" lineno="48452">
+<interface name="corenet_dontaudit_udp_sendrecv_radius_port" lineno="72376">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the portmap port.
+UDP traffic on the radius port.
 </summary>
 <param name="domain">
 <summary>
@@ -50709,9 +53026,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_portmap_port" lineno="48468">
+<interface name="corenet_tcp_bind_radius_port" lineno="72392">
 <summary>
-Bind TCP sockets to the portmap port.
+Bind TCP sockets to the radius port.
 </summary>
 <param name="domain">
 <summary>
@@ -50720,9 +53037,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_portmap_port" lineno="48488">
+<interface name="corenet_udp_bind_radius_port" lineno="72412">
 <summary>
-Bind UDP sockets to the portmap port.
+Bind UDP sockets to the radius port.
 </summary>
 <param name="domain">
 <summary>
@@ -50731,9 +53048,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_portmap_port" lineno="48507">
+<interface name="corenet_tcp_connect_radius_port" lineno="72431">
 <summary>
-Make a TCP connection to the portmap port.
+Make a TCP connection to the radius port.
 </summary>
 <param name="domain">
 <summary>
@@ -50741,9 +53058,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_portmap_client_packets" lineno="48527">
+<interface name="corenet_send_radius_client_packets" lineno="72451">
 <summary>
-Send portmap_client packets.
+Send radius_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -50752,9 +53069,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_portmap_client_packets" lineno="48546">
+<interface name="corenet_dontaudit_send_radius_client_packets" lineno="72470">
 <summary>
-Do not audit attempts to send portmap_client packets.
+Do not audit attempts to send radius_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -50763,9 +53080,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_portmap_client_packets" lineno="48565">
+<interface name="corenet_receive_radius_client_packets" lineno="72489">
 <summary>
-Receive portmap_client packets.
+Receive radius_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -50774,9 +53091,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_portmap_client_packets" lineno="48584">
+<interface name="corenet_dontaudit_receive_radius_client_packets" lineno="72508">
 <summary>
-Do not audit attempts to receive portmap_client packets.
+Do not audit attempts to receive radius_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -50785,9 +53102,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_portmap_client_packets" lineno="48603">
+<interface name="corenet_sendrecv_radius_client_packets" lineno="72527">
 <summary>
-Send and receive portmap_client packets.
+Send and receive radius_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -50796,9 +53113,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_portmap_client_packets" lineno="48619">
+<interface name="corenet_dontaudit_sendrecv_radius_client_packets" lineno="72543">
 <summary>
-Do not audit attempts to send and receive portmap_client packets.
+Do not audit attempts to send and receive radius_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -50807,9 +53124,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_portmap_client_packets" lineno="48634">
+<interface name="corenet_relabelto_radius_client_packets" lineno="72558">
 <summary>
-Relabel packets to portmap_client the packet type.
+Relabel packets to radius_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -50817,9 +53134,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_portmap_server_packets" lineno="48654">
+<interface name="corenet_send_radius_server_packets" lineno="72578">
 <summary>
-Send portmap_server packets.
+Send radius_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -50828,9 +53145,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_portmap_server_packets" lineno="48673">
+<interface name="corenet_dontaudit_send_radius_server_packets" lineno="72597">
 <summary>
-Do not audit attempts to send portmap_server packets.
+Do not audit attempts to send radius_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -50839,9 +53156,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_portmap_server_packets" lineno="48692">
+<interface name="corenet_receive_radius_server_packets" lineno="72616">
 <summary>
-Receive portmap_server packets.
+Receive radius_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -50850,9 +53167,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_portmap_server_packets" lineno="48711">
+<interface name="corenet_dontaudit_receive_radius_server_packets" lineno="72635">
 <summary>
-Do not audit attempts to receive portmap_server packets.
+Do not audit attempts to receive radius_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -50861,9 +53178,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_portmap_server_packets" lineno="48730">
+<interface name="corenet_sendrecv_radius_server_packets" lineno="72654">
 <summary>
-Send and receive portmap_server packets.
+Send and receive radius_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -50872,9 +53189,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_portmap_server_packets" lineno="48746">
+<interface name="corenet_dontaudit_sendrecv_radius_server_packets" lineno="72670">
 <summary>
-Do not audit attempts to send and receive portmap_server packets.
+Do not audit attempts to send and receive radius_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -50883,9 +53200,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_portmap_server_packets" lineno="48761">
+<interface name="corenet_relabelto_radius_server_packets" lineno="72685">
 <summary>
-Relabel packets to portmap_server the packet type.
+Relabel packets to radius_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -50893,9 +53210,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_postfix_policyd_port" lineno="48783">
+<interface name="corenet_tcp_sendrecv_radsec_port" lineno="72707">
 <summary>
-Send and receive TCP traffic on the postfix_policyd port.
+Send and receive TCP traffic on the radsec port.
 </summary>
 <param name="domain">
 <summary>
@@ -50904,9 +53221,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_postfix_policyd_port" lineno="48802">
+<interface name="corenet_udp_send_radsec_port" lineno="72726">
 <summary>
-Send UDP traffic on the postfix_policyd port.
+Send UDP traffic on the radsec port.
 </summary>
 <param name="domain">
 <summary>
@@ -50915,9 +53232,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_postfix_policyd_port" lineno="48821">
+<interface name="corenet_dontaudit_udp_send_radsec_port" lineno="72745">
 <summary>
-Do not audit attempts to send UDP traffic on the postfix_policyd port.
+Do not audit attempts to send UDP traffic on the radsec port.
 </summary>
 <param name="domain">
 <summary>
@@ -50926,9 +53243,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_postfix_policyd_port" lineno="48840">
+<interface name="corenet_udp_receive_radsec_port" lineno="72764">
 <summary>
-Receive UDP traffic on the postfix_policyd port.
+Receive UDP traffic on the radsec port.
 </summary>
 <param name="domain">
 <summary>
@@ -50937,9 +53254,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_postfix_policyd_port" lineno="48859">
+<interface name="corenet_dontaudit_udp_receive_radsec_port" lineno="72783">
 <summary>
-Do not audit attempts to receive UDP traffic on the postfix_policyd port.
+Do not audit attempts to receive UDP traffic on the radsec port.
 </summary>
 <param name="domain">
 <summary>
@@ -50948,9 +53265,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_postfix_policyd_port" lineno="48878">
+<interface name="corenet_udp_sendrecv_radsec_port" lineno="72802">
 <summary>
-Send and receive UDP traffic on the postfix_policyd port.
+Send and receive UDP traffic on the radsec port.
 </summary>
 <param name="domain">
 <summary>
@@ -50959,10 +53276,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_postfix_policyd_port" lineno="48895">
+<interface name="corenet_dontaudit_udp_sendrecv_radsec_port" lineno="72819">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the postfix_policyd port.
+UDP traffic on the radsec port.
 </summary>
 <param name="domain">
 <summary>
@@ -50971,9 +53288,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_postfix_policyd_port" lineno="48911">
+<interface name="corenet_tcp_bind_radsec_port" lineno="72835">
 <summary>
-Bind TCP sockets to the postfix_policyd port.
+Bind TCP sockets to the radsec port.
 </summary>
 <param name="domain">
 <summary>
@@ -50982,9 +53299,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_postfix_policyd_port" lineno="48931">
+<interface name="corenet_udp_bind_radsec_port" lineno="72855">
 <summary>
-Bind UDP sockets to the postfix_policyd port.
+Bind UDP sockets to the radsec port.
 </summary>
 <param name="domain">
 <summary>
@@ -50993,9 +53310,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_postfix_policyd_port" lineno="48950">
+<interface name="corenet_tcp_connect_radsec_port" lineno="72874">
 <summary>
-Make a TCP connection to the postfix_policyd port.
+Make a TCP connection to the radsec port.
 </summary>
 <param name="domain">
 <summary>
@@ -51003,9 +53320,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_postfix_policyd_client_packets" lineno="48970">
+<interface name="corenet_send_radsec_client_packets" lineno="72894">
 <summary>
-Send postfix_policyd_client packets.
+Send radsec_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51014,9 +53331,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_postfix_policyd_client_packets" lineno="48989">
+<interface name="corenet_dontaudit_send_radsec_client_packets" lineno="72913">
 <summary>
-Do not audit attempts to send postfix_policyd_client packets.
+Do not audit attempts to send radsec_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51025,9 +53342,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_postfix_policyd_client_packets" lineno="49008">
+<interface name="corenet_receive_radsec_client_packets" lineno="72932">
 <summary>
-Receive postfix_policyd_client packets.
+Receive radsec_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51036,9 +53353,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_postfix_policyd_client_packets" lineno="49027">
+<interface name="corenet_dontaudit_receive_radsec_client_packets" lineno="72951">
 <summary>
-Do not audit attempts to receive postfix_policyd_client packets.
+Do not audit attempts to receive radsec_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51047,9 +53364,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_postfix_policyd_client_packets" lineno="49046">
+<interface name="corenet_sendrecv_radsec_client_packets" lineno="72970">
 <summary>
-Send and receive postfix_policyd_client packets.
+Send and receive radsec_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51058,9 +53375,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_postfix_policyd_client_packets" lineno="49062">
+<interface name="corenet_dontaudit_sendrecv_radsec_client_packets" lineno="72986">
 <summary>
-Do not audit attempts to send and receive postfix_policyd_client packets.
+Do not audit attempts to send and receive radsec_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51069,9 +53386,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_postfix_policyd_client_packets" lineno="49077">
+<interface name="corenet_relabelto_radsec_client_packets" lineno="73001">
 <summary>
-Relabel packets to postfix_policyd_client the packet type.
+Relabel packets to radsec_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -51079,9 +53396,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_postfix_policyd_server_packets" lineno="49097">
+<interface name="corenet_send_radsec_server_packets" lineno="73021">
 <summary>
-Send postfix_policyd_server packets.
+Send radsec_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51090,9 +53407,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_postfix_policyd_server_packets" lineno="49116">
+<interface name="corenet_dontaudit_send_radsec_server_packets" lineno="73040">
 <summary>
-Do not audit attempts to send postfix_policyd_server packets.
+Do not audit attempts to send radsec_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51101,9 +53418,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_postfix_policyd_server_packets" lineno="49135">
+<interface name="corenet_receive_radsec_server_packets" lineno="73059">
 <summary>
-Receive postfix_policyd_server packets.
+Receive radsec_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51112,9 +53429,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_postfix_policyd_server_packets" lineno="49154">
+<interface name="corenet_dontaudit_receive_radsec_server_packets" lineno="73078">
 <summary>
-Do not audit attempts to receive postfix_policyd_server packets.
+Do not audit attempts to receive radsec_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51123,9 +53440,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_postfix_policyd_server_packets" lineno="49173">
+<interface name="corenet_sendrecv_radsec_server_packets" lineno="73097">
 <summary>
-Send and receive postfix_policyd_server packets.
+Send and receive radsec_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51134,9 +53451,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_postfix_policyd_server_packets" lineno="49189">
+<interface name="corenet_dontaudit_sendrecv_radsec_server_packets" lineno="73113">
 <summary>
-Do not audit attempts to send and receive postfix_policyd_server packets.
+Do not audit attempts to send and receive radsec_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51145,9 +53462,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_postfix_policyd_server_packets" lineno="49204">
+<interface name="corenet_relabelto_radsec_server_packets" lineno="73128">
 <summary>
-Relabel packets to postfix_policyd_server the packet type.
+Relabel packets to radsec_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -51155,9 +53472,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_postgresql_port" lineno="49226">
+<interface name="corenet_tcp_sendrecv_razor_port" lineno="73150">
 <summary>
-Send and receive TCP traffic on the postgresql port.
+Send and receive TCP traffic on the razor port.
 </summary>
 <param name="domain">
 <summary>
@@ -51166,9 +53483,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_postgresql_port" lineno="49245">
+<interface name="corenet_udp_send_razor_port" lineno="73169">
 <summary>
-Send UDP traffic on the postgresql port.
+Send UDP traffic on the razor port.
 </summary>
 <param name="domain">
 <summary>
@@ -51177,9 +53494,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_postgresql_port" lineno="49264">
+<interface name="corenet_dontaudit_udp_send_razor_port" lineno="73188">
 <summary>
-Do not audit attempts to send UDP traffic on the postgresql port.
+Do not audit attempts to send UDP traffic on the razor port.
 </summary>
 <param name="domain">
 <summary>
@@ -51188,9 +53505,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_postgresql_port" lineno="49283">
+<interface name="corenet_udp_receive_razor_port" lineno="73207">
 <summary>
-Receive UDP traffic on the postgresql port.
+Receive UDP traffic on the razor port.
 </summary>
 <param name="domain">
 <summary>
@@ -51199,9 +53516,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_postgresql_port" lineno="49302">
+<interface name="corenet_dontaudit_udp_receive_razor_port" lineno="73226">
 <summary>
-Do not audit attempts to receive UDP traffic on the postgresql port.
+Do not audit attempts to receive UDP traffic on the razor port.
 </summary>
 <param name="domain">
 <summary>
@@ -51210,9 +53527,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_postgresql_port" lineno="49321">
+<interface name="corenet_udp_sendrecv_razor_port" lineno="73245">
 <summary>
-Send and receive UDP traffic on the postgresql port.
+Send and receive UDP traffic on the razor port.
 </summary>
 <param name="domain">
 <summary>
@@ -51221,10 +53538,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_postgresql_port" lineno="49338">
+<interface name="corenet_dontaudit_udp_sendrecv_razor_port" lineno="73262">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the postgresql port.
+UDP traffic on the razor port.
 </summary>
 <param name="domain">
 <summary>
@@ -51233,9 +53550,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_postgresql_port" lineno="49354">
+<interface name="corenet_tcp_bind_razor_port" lineno="73278">
 <summary>
-Bind TCP sockets to the postgresql port.
+Bind TCP sockets to the razor port.
 </summary>
 <param name="domain">
 <summary>
@@ -51244,9 +53561,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_postgresql_port" lineno="49374">
+<interface name="corenet_udp_bind_razor_port" lineno="73298">
 <summary>
-Bind UDP sockets to the postgresql port.
+Bind UDP sockets to the razor port.
 </summary>
 <param name="domain">
 <summary>
@@ -51255,9 +53572,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_postgresql_port" lineno="49393">
+<interface name="corenet_tcp_connect_razor_port" lineno="73317">
 <summary>
-Make a TCP connection to the postgresql port.
+Make a TCP connection to the razor port.
 </summary>
 <param name="domain">
 <summary>
@@ -51265,9 +53582,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_postgresql_client_packets" lineno="49413">
+<interface name="corenet_send_razor_client_packets" lineno="73337">
 <summary>
-Send postgresql_client packets.
+Send razor_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51276,9 +53593,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_postgresql_client_packets" lineno="49432">
+<interface name="corenet_dontaudit_send_razor_client_packets" lineno="73356">
 <summary>
-Do not audit attempts to send postgresql_client packets.
+Do not audit attempts to send razor_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51287,9 +53604,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_postgresql_client_packets" lineno="49451">
+<interface name="corenet_receive_razor_client_packets" lineno="73375">
 <summary>
-Receive postgresql_client packets.
+Receive razor_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51298,9 +53615,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_postgresql_client_packets" lineno="49470">
+<interface name="corenet_dontaudit_receive_razor_client_packets" lineno="73394">
 <summary>
-Do not audit attempts to receive postgresql_client packets.
+Do not audit attempts to receive razor_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51309,9 +53626,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_postgresql_client_packets" lineno="49489">
+<interface name="corenet_sendrecv_razor_client_packets" lineno="73413">
 <summary>
-Send and receive postgresql_client packets.
+Send and receive razor_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51320,9 +53637,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_postgresql_client_packets" lineno="49505">
+<interface name="corenet_dontaudit_sendrecv_razor_client_packets" lineno="73429">
 <summary>
-Do not audit attempts to send and receive postgresql_client packets.
+Do not audit attempts to send and receive razor_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51331,9 +53648,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_postgresql_client_packets" lineno="49520">
+<interface name="corenet_relabelto_razor_client_packets" lineno="73444">
 <summary>
-Relabel packets to postgresql_client the packet type.
+Relabel packets to razor_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -51341,9 +53658,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_postgresql_server_packets" lineno="49540">
+<interface name="corenet_send_razor_server_packets" lineno="73464">
 <summary>
-Send postgresql_server packets.
+Send razor_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51352,9 +53669,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_postgresql_server_packets" lineno="49559">
+<interface name="corenet_dontaudit_send_razor_server_packets" lineno="73483">
 <summary>
-Do not audit attempts to send postgresql_server packets.
+Do not audit attempts to send razor_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51363,9 +53680,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_postgresql_server_packets" lineno="49578">
+<interface name="corenet_receive_razor_server_packets" lineno="73502">
 <summary>
-Receive postgresql_server packets.
+Receive razor_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51374,9 +53691,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_postgresql_server_packets" lineno="49597">
+<interface name="corenet_dontaudit_receive_razor_server_packets" lineno="73521">
 <summary>
-Do not audit attempts to receive postgresql_server packets.
+Do not audit attempts to receive razor_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51385,9 +53702,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_postgresql_server_packets" lineno="49616">
+<interface name="corenet_sendrecv_razor_server_packets" lineno="73540">
 <summary>
-Send and receive postgresql_server packets.
+Send and receive razor_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51396,9 +53713,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_postgresql_server_packets" lineno="49632">
+<interface name="corenet_dontaudit_sendrecv_razor_server_packets" lineno="73556">
 <summary>
-Do not audit attempts to send and receive postgresql_server packets.
+Do not audit attempts to send and receive razor_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51407,9 +53724,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_postgresql_server_packets" lineno="49647">
+<interface name="corenet_relabelto_razor_server_packets" lineno="73571">
 <summary>
-Relabel packets to postgresql_server the packet type.
+Relabel packets to razor_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -51417,9 +53734,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_postgrey_port" lineno="49669">
+<interface name="corenet_tcp_sendrecv_redis_port" lineno="73593">
 <summary>
-Send and receive TCP traffic on the postgrey port.
+Send and receive TCP traffic on the redis port.
 </summary>
 <param name="domain">
 <summary>
@@ -51428,9 +53745,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_postgrey_port" lineno="49688">
+<interface name="corenet_udp_send_redis_port" lineno="73612">
 <summary>
-Send UDP traffic on the postgrey port.
+Send UDP traffic on the redis port.
 </summary>
 <param name="domain">
 <summary>
@@ -51439,9 +53756,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_postgrey_port" lineno="49707">
+<interface name="corenet_dontaudit_udp_send_redis_port" lineno="73631">
 <summary>
-Do not audit attempts to send UDP traffic on the postgrey port.
+Do not audit attempts to send UDP traffic on the redis port.
 </summary>
 <param name="domain">
 <summary>
@@ -51450,9 +53767,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_postgrey_port" lineno="49726">
+<interface name="corenet_udp_receive_redis_port" lineno="73650">
 <summary>
-Receive UDP traffic on the postgrey port.
+Receive UDP traffic on the redis port.
 </summary>
 <param name="domain">
 <summary>
@@ -51461,9 +53778,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_postgrey_port" lineno="49745">
+<interface name="corenet_dontaudit_udp_receive_redis_port" lineno="73669">
 <summary>
-Do not audit attempts to receive UDP traffic on the postgrey port.
+Do not audit attempts to receive UDP traffic on the redis port.
 </summary>
 <param name="domain">
 <summary>
@@ -51472,9 +53789,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_postgrey_port" lineno="49764">
+<interface name="corenet_udp_sendrecv_redis_port" lineno="73688">
 <summary>
-Send and receive UDP traffic on the postgrey port.
+Send and receive UDP traffic on the redis port.
 </summary>
 <param name="domain">
 <summary>
@@ -51483,10 +53800,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_postgrey_port" lineno="49781">
+<interface name="corenet_dontaudit_udp_sendrecv_redis_port" lineno="73705">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the postgrey port.
+UDP traffic on the redis port.
 </summary>
 <param name="domain">
 <summary>
@@ -51495,9 +53812,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_postgrey_port" lineno="49797">
+<interface name="corenet_tcp_bind_redis_port" lineno="73721">
 <summary>
-Bind TCP sockets to the postgrey port.
+Bind TCP sockets to the redis port.
 </summary>
 <param name="domain">
 <summary>
@@ -51506,9 +53823,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_postgrey_port" lineno="49817">
+<interface name="corenet_udp_bind_redis_port" lineno="73741">
 <summary>
-Bind UDP sockets to the postgrey port.
+Bind UDP sockets to the redis port.
 </summary>
 <param name="domain">
 <summary>
@@ -51517,9 +53834,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_postgrey_port" lineno="49836">
+<interface name="corenet_tcp_connect_redis_port" lineno="73760">
 <summary>
-Make a TCP connection to the postgrey port.
+Make a TCP connection to the redis port.
 </summary>
 <param name="domain">
 <summary>
@@ -51527,9 +53844,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_postgrey_client_packets" lineno="49856">
+<interface name="corenet_send_redis_client_packets" lineno="73780">
 <summary>
-Send postgrey_client packets.
+Send redis_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51538,9 +53855,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_postgrey_client_packets" lineno="49875">
+<interface name="corenet_dontaudit_send_redis_client_packets" lineno="73799">
 <summary>
-Do not audit attempts to send postgrey_client packets.
+Do not audit attempts to send redis_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51549,9 +53866,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_postgrey_client_packets" lineno="49894">
+<interface name="corenet_receive_redis_client_packets" lineno="73818">
 <summary>
-Receive postgrey_client packets.
+Receive redis_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51560,9 +53877,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_postgrey_client_packets" lineno="49913">
+<interface name="corenet_dontaudit_receive_redis_client_packets" lineno="73837">
 <summary>
-Do not audit attempts to receive postgrey_client packets.
+Do not audit attempts to receive redis_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51571,9 +53888,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_postgrey_client_packets" lineno="49932">
+<interface name="corenet_sendrecv_redis_client_packets" lineno="73856">
 <summary>
-Send and receive postgrey_client packets.
+Send and receive redis_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51582,9 +53899,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_postgrey_client_packets" lineno="49948">
+<interface name="corenet_dontaudit_sendrecv_redis_client_packets" lineno="73872">
 <summary>
-Do not audit attempts to send and receive postgrey_client packets.
+Do not audit attempts to send and receive redis_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51593,9 +53910,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_postgrey_client_packets" lineno="49963">
+<interface name="corenet_relabelto_redis_client_packets" lineno="73887">
 <summary>
-Relabel packets to postgrey_client the packet type.
+Relabel packets to redis_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -51603,9 +53920,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_postgrey_server_packets" lineno="49983">
+<interface name="corenet_send_redis_server_packets" lineno="73907">
 <summary>
-Send postgrey_server packets.
+Send redis_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51614,9 +53931,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_postgrey_server_packets" lineno="50002">
+<interface name="corenet_dontaudit_send_redis_server_packets" lineno="73926">
 <summary>
-Do not audit attempts to send postgrey_server packets.
+Do not audit attempts to send redis_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51625,9 +53942,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_postgrey_server_packets" lineno="50021">
+<interface name="corenet_receive_redis_server_packets" lineno="73945">
 <summary>
-Receive postgrey_server packets.
+Receive redis_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51636,9 +53953,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_postgrey_server_packets" lineno="50040">
+<interface name="corenet_dontaudit_receive_redis_server_packets" lineno="73964">
 <summary>
-Do not audit attempts to receive postgrey_server packets.
+Do not audit attempts to receive redis_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51647,9 +53964,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_postgrey_server_packets" lineno="50059">
+<interface name="corenet_sendrecv_redis_server_packets" lineno="73983">
 <summary>
-Send and receive postgrey_server packets.
+Send and receive redis_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51658,9 +53975,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_postgrey_server_packets" lineno="50075">
+<interface name="corenet_dontaudit_sendrecv_redis_server_packets" lineno="73999">
 <summary>
-Do not audit attempts to send and receive postgrey_server packets.
+Do not audit attempts to send and receive redis_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51669,9 +53986,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_postgrey_server_packets" lineno="50090">
+<interface name="corenet_relabelto_redis_server_packets" lineno="74014">
 <summary>
-Relabel packets to postgrey_server the packet type.
+Relabel packets to redis_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -51679,9 +53996,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_prelude_port" lineno="50112">
+<interface name="corenet_tcp_sendrecv_repository_port" lineno="74036">
 <summary>
-Send and receive TCP traffic on the prelude port.
+Send and receive TCP traffic on the repository port.
 </summary>
 <param name="domain">
 <summary>
@@ -51690,9 +54007,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_prelude_port" lineno="50131">
+<interface name="corenet_udp_send_repository_port" lineno="74055">
 <summary>
-Send UDP traffic on the prelude port.
+Send UDP traffic on the repository port.
 </summary>
 <param name="domain">
 <summary>
@@ -51701,9 +54018,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_prelude_port" lineno="50150">
+<interface name="corenet_dontaudit_udp_send_repository_port" lineno="74074">
 <summary>
-Do not audit attempts to send UDP traffic on the prelude port.
+Do not audit attempts to send UDP traffic on the repository port.
 </summary>
 <param name="domain">
 <summary>
@@ -51712,9 +54029,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_prelude_port" lineno="50169">
+<interface name="corenet_udp_receive_repository_port" lineno="74093">
 <summary>
-Receive UDP traffic on the prelude port.
+Receive UDP traffic on the repository port.
 </summary>
 <param name="domain">
 <summary>
@@ -51723,9 +54040,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_prelude_port" lineno="50188">
+<interface name="corenet_dontaudit_udp_receive_repository_port" lineno="74112">
 <summary>
-Do not audit attempts to receive UDP traffic on the prelude port.
+Do not audit attempts to receive UDP traffic on the repository port.
 </summary>
 <param name="domain">
 <summary>
@@ -51734,9 +54051,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_prelude_port" lineno="50207">
+<interface name="corenet_udp_sendrecv_repository_port" lineno="74131">
 <summary>
-Send and receive UDP traffic on the prelude port.
+Send and receive UDP traffic on the repository port.
 </summary>
 <param name="domain">
 <summary>
@@ -51745,10 +54062,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_prelude_port" lineno="50224">
+<interface name="corenet_dontaudit_udp_sendrecv_repository_port" lineno="74148">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the prelude port.
+UDP traffic on the repository port.
 </summary>
 <param name="domain">
 <summary>
@@ -51757,9 +54074,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_prelude_port" lineno="50240">
+<interface name="corenet_tcp_bind_repository_port" lineno="74164">
 <summary>
-Bind TCP sockets to the prelude port.
+Bind TCP sockets to the repository port.
 </summary>
 <param name="domain">
 <summary>
@@ -51768,9 +54085,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_prelude_port" lineno="50260">
+<interface name="corenet_udp_bind_repository_port" lineno="74184">
 <summary>
-Bind UDP sockets to the prelude port.
+Bind UDP sockets to the repository port.
 </summary>
 <param name="domain">
 <summary>
@@ -51779,9 +54096,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_prelude_port" lineno="50279">
+<interface name="corenet_tcp_connect_repository_port" lineno="74203">
 <summary>
-Make a TCP connection to the prelude port.
+Make a TCP connection to the repository port.
 </summary>
 <param name="domain">
 <summary>
@@ -51789,9 +54106,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_prelude_client_packets" lineno="50299">
+<interface name="corenet_send_repository_client_packets" lineno="74223">
 <summary>
-Send prelude_client packets.
+Send repository_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51800,9 +54117,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_prelude_client_packets" lineno="50318">
+<interface name="corenet_dontaudit_send_repository_client_packets" lineno="74242">
 <summary>
-Do not audit attempts to send prelude_client packets.
+Do not audit attempts to send repository_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51811,9 +54128,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_prelude_client_packets" lineno="50337">
+<interface name="corenet_receive_repository_client_packets" lineno="74261">
 <summary>
-Receive prelude_client packets.
+Receive repository_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51822,9 +54139,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_prelude_client_packets" lineno="50356">
+<interface name="corenet_dontaudit_receive_repository_client_packets" lineno="74280">
 <summary>
-Do not audit attempts to receive prelude_client packets.
+Do not audit attempts to receive repository_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51833,9 +54150,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_prelude_client_packets" lineno="50375">
+<interface name="corenet_sendrecv_repository_client_packets" lineno="74299">
 <summary>
-Send and receive prelude_client packets.
+Send and receive repository_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51844,9 +54161,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_prelude_client_packets" lineno="50391">
+<interface name="corenet_dontaudit_sendrecv_repository_client_packets" lineno="74315">
 <summary>
-Do not audit attempts to send and receive prelude_client packets.
+Do not audit attempts to send and receive repository_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51855,9 +54172,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_prelude_client_packets" lineno="50406">
+<interface name="corenet_relabelto_repository_client_packets" lineno="74330">
 <summary>
-Relabel packets to prelude_client the packet type.
+Relabel packets to repository_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -51865,9 +54182,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_prelude_server_packets" lineno="50426">
+<interface name="corenet_send_repository_server_packets" lineno="74350">
 <summary>
-Send prelude_server packets.
+Send repository_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51876,9 +54193,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_prelude_server_packets" lineno="50445">
+<interface name="corenet_dontaudit_send_repository_server_packets" lineno="74369">
 <summary>
-Do not audit attempts to send prelude_server packets.
+Do not audit attempts to send repository_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51887,9 +54204,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_prelude_server_packets" lineno="50464">
+<interface name="corenet_receive_repository_server_packets" lineno="74388">
 <summary>
-Receive prelude_server packets.
+Receive repository_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51898,9 +54215,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_prelude_server_packets" lineno="50483">
+<interface name="corenet_dontaudit_receive_repository_server_packets" lineno="74407">
 <summary>
-Do not audit attempts to receive prelude_server packets.
+Do not audit attempts to receive repository_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51909,9 +54226,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_prelude_server_packets" lineno="50502">
+<interface name="corenet_sendrecv_repository_server_packets" lineno="74426">
 <summary>
-Send and receive prelude_server packets.
+Send and receive repository_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51920,9 +54237,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_prelude_server_packets" lineno="50518">
+<interface name="corenet_dontaudit_sendrecv_repository_server_packets" lineno="74442">
 <summary>
-Do not audit attempts to send and receive prelude_server packets.
+Do not audit attempts to send and receive repository_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -51931,9 +54248,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_prelude_server_packets" lineno="50533">
+<interface name="corenet_relabelto_repository_server_packets" lineno="74457">
 <summary>
-Relabel packets to prelude_server the packet type.
+Relabel packets to repository_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -51941,9 +54258,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_presence_port" lineno="50555">
+<interface name="corenet_tcp_sendrecv_ricci_port" lineno="74479">
 <summary>
-Send and receive TCP traffic on the presence port.
+Send and receive TCP traffic on the ricci port.
 </summary>
 <param name="domain">
 <summary>
@@ -51952,9 +54269,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_presence_port" lineno="50574">
+<interface name="corenet_udp_send_ricci_port" lineno="74498">
 <summary>
-Send UDP traffic on the presence port.
+Send UDP traffic on the ricci port.
 </summary>
 <param name="domain">
 <summary>
@@ -51963,9 +54280,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_presence_port" lineno="50593">
+<interface name="corenet_dontaudit_udp_send_ricci_port" lineno="74517">
 <summary>
-Do not audit attempts to send UDP traffic on the presence port.
+Do not audit attempts to send UDP traffic on the ricci port.
 </summary>
 <param name="domain">
 <summary>
@@ -51974,9 +54291,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_presence_port" lineno="50612">
+<interface name="corenet_udp_receive_ricci_port" lineno="74536">
 <summary>
-Receive UDP traffic on the presence port.
+Receive UDP traffic on the ricci port.
 </summary>
 <param name="domain">
 <summary>
@@ -51985,9 +54302,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_presence_port" lineno="50631">
+<interface name="corenet_dontaudit_udp_receive_ricci_port" lineno="74555">
 <summary>
-Do not audit attempts to receive UDP traffic on the presence port.
+Do not audit attempts to receive UDP traffic on the ricci port.
 </summary>
 <param name="domain">
 <summary>
@@ -51996,9 +54313,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_presence_port" lineno="50650">
+<interface name="corenet_udp_sendrecv_ricci_port" lineno="74574">
 <summary>
-Send and receive UDP traffic on the presence port.
+Send and receive UDP traffic on the ricci port.
 </summary>
 <param name="domain">
 <summary>
@@ -52007,10 +54324,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_presence_port" lineno="50667">
+<interface name="corenet_dontaudit_udp_sendrecv_ricci_port" lineno="74591">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the presence port.
+UDP traffic on the ricci port.
 </summary>
 <param name="domain">
 <summary>
@@ -52019,9 +54336,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_presence_port" lineno="50683">
+<interface name="corenet_tcp_bind_ricci_port" lineno="74607">
 <summary>
-Bind TCP sockets to the presence port.
+Bind TCP sockets to the ricci port.
 </summary>
 <param name="domain">
 <summary>
@@ -52030,9 +54347,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_presence_port" lineno="50703">
+<interface name="corenet_udp_bind_ricci_port" lineno="74627">
 <summary>
-Bind UDP sockets to the presence port.
+Bind UDP sockets to the ricci port.
 </summary>
 <param name="domain">
 <summary>
@@ -52041,9 +54358,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_presence_port" lineno="50722">
+<interface name="corenet_tcp_connect_ricci_port" lineno="74646">
 <summary>
-Make a TCP connection to the presence port.
+Make a TCP connection to the ricci port.
 </summary>
 <param name="domain">
 <summary>
@@ -52051,9 +54368,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_presence_client_packets" lineno="50742">
+<interface name="corenet_send_ricci_client_packets" lineno="74666">
 <summary>
-Send presence_client packets.
+Send ricci_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52062,9 +54379,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_presence_client_packets" lineno="50761">
+<interface name="corenet_dontaudit_send_ricci_client_packets" lineno="74685">
 <summary>
-Do not audit attempts to send presence_client packets.
+Do not audit attempts to send ricci_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52073,9 +54390,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_presence_client_packets" lineno="50780">
+<interface name="corenet_receive_ricci_client_packets" lineno="74704">
 <summary>
-Receive presence_client packets.
+Receive ricci_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52084,9 +54401,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_presence_client_packets" lineno="50799">
+<interface name="corenet_dontaudit_receive_ricci_client_packets" lineno="74723">
 <summary>
-Do not audit attempts to receive presence_client packets.
+Do not audit attempts to receive ricci_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52095,9 +54412,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_presence_client_packets" lineno="50818">
+<interface name="corenet_sendrecv_ricci_client_packets" lineno="74742">
 <summary>
-Send and receive presence_client packets.
+Send and receive ricci_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52106,9 +54423,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_presence_client_packets" lineno="50834">
+<interface name="corenet_dontaudit_sendrecv_ricci_client_packets" lineno="74758">
 <summary>
-Do not audit attempts to send and receive presence_client packets.
+Do not audit attempts to send and receive ricci_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52117,9 +54434,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_presence_client_packets" lineno="50849">
+<interface name="corenet_relabelto_ricci_client_packets" lineno="74773">
 <summary>
-Relabel packets to presence_client the packet type.
+Relabel packets to ricci_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -52127,9 +54444,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_presence_server_packets" lineno="50869">
+<interface name="corenet_send_ricci_server_packets" lineno="74793">
 <summary>
-Send presence_server packets.
+Send ricci_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52138,9 +54455,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_presence_server_packets" lineno="50888">
+<interface name="corenet_dontaudit_send_ricci_server_packets" lineno="74812">
 <summary>
-Do not audit attempts to send presence_server packets.
+Do not audit attempts to send ricci_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52149,9 +54466,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_presence_server_packets" lineno="50907">
+<interface name="corenet_receive_ricci_server_packets" lineno="74831">
 <summary>
-Receive presence_server packets.
+Receive ricci_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52160,9 +54477,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_presence_server_packets" lineno="50926">
+<interface name="corenet_dontaudit_receive_ricci_server_packets" lineno="74850">
 <summary>
-Do not audit attempts to receive presence_server packets.
+Do not audit attempts to receive ricci_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52171,9 +54488,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_presence_server_packets" lineno="50945">
+<interface name="corenet_sendrecv_ricci_server_packets" lineno="74869">
 <summary>
-Send and receive presence_server packets.
+Send and receive ricci_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52182,9 +54499,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_presence_server_packets" lineno="50961">
+<interface name="corenet_dontaudit_sendrecv_ricci_server_packets" lineno="74885">
 <summary>
-Do not audit attempts to send and receive presence_server packets.
+Do not audit attempts to send and receive ricci_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52193,9 +54510,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_presence_server_packets" lineno="50976">
+<interface name="corenet_relabelto_ricci_server_packets" lineno="74900">
 <summary>
-Relabel packets to presence_server the packet type.
+Relabel packets to ricci_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -52203,9 +54520,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_printer_port" lineno="50998">
+<interface name="corenet_tcp_sendrecv_ricci_modcluster_port" lineno="74922">
 <summary>
-Send and receive TCP traffic on the printer port.
+Send and receive TCP traffic on the ricci_modcluster port.
 </summary>
 <param name="domain">
 <summary>
@@ -52214,9 +54531,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_printer_port" lineno="51017">
+<interface name="corenet_udp_send_ricci_modcluster_port" lineno="74941">
 <summary>
-Send UDP traffic on the printer port.
+Send UDP traffic on the ricci_modcluster port.
 </summary>
 <param name="domain">
 <summary>
@@ -52225,9 +54542,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_printer_port" lineno="51036">
+<interface name="corenet_dontaudit_udp_send_ricci_modcluster_port" lineno="74960">
 <summary>
-Do not audit attempts to send UDP traffic on the printer port.
+Do not audit attempts to send UDP traffic on the ricci_modcluster port.
 </summary>
 <param name="domain">
 <summary>
@@ -52236,9 +54553,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_printer_port" lineno="51055">
+<interface name="corenet_udp_receive_ricci_modcluster_port" lineno="74979">
 <summary>
-Receive UDP traffic on the printer port.
+Receive UDP traffic on the ricci_modcluster port.
 </summary>
 <param name="domain">
 <summary>
@@ -52247,9 +54564,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_printer_port" lineno="51074">
+<interface name="corenet_dontaudit_udp_receive_ricci_modcluster_port" lineno="74998">
 <summary>
-Do not audit attempts to receive UDP traffic on the printer port.
+Do not audit attempts to receive UDP traffic on the ricci_modcluster port.
 </summary>
 <param name="domain">
 <summary>
@@ -52258,9 +54575,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_printer_port" lineno="51093">
+<interface name="corenet_udp_sendrecv_ricci_modcluster_port" lineno="75017">
 <summary>
-Send and receive UDP traffic on the printer port.
+Send and receive UDP traffic on the ricci_modcluster port.
 </summary>
 <param name="domain">
 <summary>
@@ -52269,10 +54586,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_printer_port" lineno="51110">
+<interface name="corenet_dontaudit_udp_sendrecv_ricci_modcluster_port" lineno="75034">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the printer port.
+UDP traffic on the ricci_modcluster port.
 </summary>
 <param name="domain">
 <summary>
@@ -52281,9 +54598,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_printer_port" lineno="51126">
+<interface name="corenet_tcp_bind_ricci_modcluster_port" lineno="75050">
 <summary>
-Bind TCP sockets to the printer port.
+Bind TCP sockets to the ricci_modcluster port.
 </summary>
 <param name="domain">
 <summary>
@@ -52292,9 +54609,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_printer_port" lineno="51146">
+<interface name="corenet_udp_bind_ricci_modcluster_port" lineno="75070">
 <summary>
-Bind UDP sockets to the printer port.
+Bind UDP sockets to the ricci_modcluster port.
 </summary>
 <param name="domain">
 <summary>
@@ -52303,9 +54620,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_printer_port" lineno="51165">
+<interface name="corenet_tcp_connect_ricci_modcluster_port" lineno="75089">
 <summary>
-Make a TCP connection to the printer port.
+Make a TCP connection to the ricci_modcluster port.
 </summary>
 <param name="domain">
 <summary>
@@ -52313,9 +54630,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_printer_client_packets" lineno="51185">
+<interface name="corenet_send_ricci_modcluster_client_packets" lineno="75109">
 <summary>
-Send printer_client packets.
+Send ricci_modcluster_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52324,9 +54641,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_printer_client_packets" lineno="51204">
+<interface name="corenet_dontaudit_send_ricci_modcluster_client_packets" lineno="75128">
 <summary>
-Do not audit attempts to send printer_client packets.
+Do not audit attempts to send ricci_modcluster_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52335,9 +54652,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_printer_client_packets" lineno="51223">
+<interface name="corenet_receive_ricci_modcluster_client_packets" lineno="75147">
 <summary>
-Receive printer_client packets.
+Receive ricci_modcluster_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52346,9 +54663,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_printer_client_packets" lineno="51242">
+<interface name="corenet_dontaudit_receive_ricci_modcluster_client_packets" lineno="75166">
 <summary>
-Do not audit attempts to receive printer_client packets.
+Do not audit attempts to receive ricci_modcluster_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52357,9 +54674,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_printer_client_packets" lineno="51261">
+<interface name="corenet_sendrecv_ricci_modcluster_client_packets" lineno="75185">
 <summary>
-Send and receive printer_client packets.
+Send and receive ricci_modcluster_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52368,9 +54685,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_printer_client_packets" lineno="51277">
+<interface name="corenet_dontaudit_sendrecv_ricci_modcluster_client_packets" lineno="75201">
 <summary>
-Do not audit attempts to send and receive printer_client packets.
+Do not audit attempts to send and receive ricci_modcluster_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52379,9 +54696,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_printer_client_packets" lineno="51292">
+<interface name="corenet_relabelto_ricci_modcluster_client_packets" lineno="75216">
 <summary>
-Relabel packets to printer_client the packet type.
+Relabel packets to ricci_modcluster_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -52389,9 +54706,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_printer_server_packets" lineno="51312">
+<interface name="corenet_send_ricci_modcluster_server_packets" lineno="75236">
 <summary>
-Send printer_server packets.
+Send ricci_modcluster_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52400,9 +54717,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_printer_server_packets" lineno="51331">
+<interface name="corenet_dontaudit_send_ricci_modcluster_server_packets" lineno="75255">
 <summary>
-Do not audit attempts to send printer_server packets.
+Do not audit attempts to send ricci_modcluster_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52411,9 +54728,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_printer_server_packets" lineno="51350">
+<interface name="corenet_receive_ricci_modcluster_server_packets" lineno="75274">
 <summary>
-Receive printer_server packets.
+Receive ricci_modcluster_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52422,9 +54739,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_printer_server_packets" lineno="51369">
+<interface name="corenet_dontaudit_receive_ricci_modcluster_server_packets" lineno="75293">
 <summary>
-Do not audit attempts to receive printer_server packets.
+Do not audit attempts to receive ricci_modcluster_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52433,9 +54750,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_printer_server_packets" lineno="51388">
+<interface name="corenet_sendrecv_ricci_modcluster_server_packets" lineno="75312">
 <summary>
-Send and receive printer_server packets.
+Send and receive ricci_modcluster_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52444,9 +54761,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_printer_server_packets" lineno="51404">
+<interface name="corenet_dontaudit_sendrecv_ricci_modcluster_server_packets" lineno="75328">
 <summary>
-Do not audit attempts to send and receive printer_server packets.
+Do not audit attempts to send and receive ricci_modcluster_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52455,9 +54772,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_printer_server_packets" lineno="51419">
+<interface name="corenet_relabelto_ricci_modcluster_server_packets" lineno="75343">
 <summary>
-Relabel packets to printer_server the packet type.
+Relabel packets to ricci_modcluster_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -52465,9 +54782,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_ptal_port" lineno="51441">
+<interface name="corenet_tcp_sendrecv_rlogind_port" lineno="75365">
 <summary>
-Send and receive TCP traffic on the ptal port.
+Send and receive TCP traffic on the rlogind port.
 </summary>
 <param name="domain">
 <summary>
@@ -52476,9 +54793,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_ptal_port" lineno="51460">
+<interface name="corenet_udp_send_rlogind_port" lineno="75384">
 <summary>
-Send UDP traffic on the ptal port.
+Send UDP traffic on the rlogind port.
 </summary>
 <param name="domain">
 <summary>
@@ -52487,9 +54804,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_ptal_port" lineno="51479">
+<interface name="corenet_dontaudit_udp_send_rlogind_port" lineno="75403">
 <summary>
-Do not audit attempts to send UDP traffic on the ptal port.
+Do not audit attempts to send UDP traffic on the rlogind port.
 </summary>
 <param name="domain">
 <summary>
@@ -52498,9 +54815,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_ptal_port" lineno="51498">
+<interface name="corenet_udp_receive_rlogind_port" lineno="75422">
 <summary>
-Receive UDP traffic on the ptal port.
+Receive UDP traffic on the rlogind port.
 </summary>
 <param name="domain">
 <summary>
@@ -52509,9 +54826,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_ptal_port" lineno="51517">
+<interface name="corenet_dontaudit_udp_receive_rlogind_port" lineno="75441">
 <summary>
-Do not audit attempts to receive UDP traffic on the ptal port.
+Do not audit attempts to receive UDP traffic on the rlogind port.
 </summary>
 <param name="domain">
 <summary>
@@ -52520,9 +54837,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_ptal_port" lineno="51536">
+<interface name="corenet_udp_sendrecv_rlogind_port" lineno="75460">
 <summary>
-Send and receive UDP traffic on the ptal port.
+Send and receive UDP traffic on the rlogind port.
 </summary>
 <param name="domain">
 <summary>
@@ -52531,10 +54848,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_ptal_port" lineno="51553">
+<interface name="corenet_dontaudit_udp_sendrecv_rlogind_port" lineno="75477">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the ptal port.
+UDP traffic on the rlogind port.
 </summary>
 <param name="domain">
 <summary>
@@ -52543,9 +54860,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_ptal_port" lineno="51569">
+<interface name="corenet_tcp_bind_rlogind_port" lineno="75493">
 <summary>
-Bind TCP sockets to the ptal port.
+Bind TCP sockets to the rlogind port.
 </summary>
 <param name="domain">
 <summary>
@@ -52554,9 +54871,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_ptal_port" lineno="51589">
+<interface name="corenet_udp_bind_rlogind_port" lineno="75513">
 <summary>
-Bind UDP sockets to the ptal port.
+Bind UDP sockets to the rlogind port.
 </summary>
 <param name="domain">
 <summary>
@@ -52565,9 +54882,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_ptal_port" lineno="51608">
+<interface name="corenet_tcp_connect_rlogind_port" lineno="75532">
 <summary>
-Make a TCP connection to the ptal port.
+Make a TCP connection to the rlogind port.
 </summary>
 <param name="domain">
 <summary>
@@ -52575,9 +54892,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_ptal_client_packets" lineno="51628">
+<interface name="corenet_send_rlogind_client_packets" lineno="75552">
 <summary>
-Send ptal_client packets.
+Send rlogind_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52586,9 +54903,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_ptal_client_packets" lineno="51647">
+<interface name="corenet_dontaudit_send_rlogind_client_packets" lineno="75571">
 <summary>
-Do not audit attempts to send ptal_client packets.
+Do not audit attempts to send rlogind_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52597,9 +54914,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_ptal_client_packets" lineno="51666">
+<interface name="corenet_receive_rlogind_client_packets" lineno="75590">
 <summary>
-Receive ptal_client packets.
+Receive rlogind_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52608,9 +54925,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_ptal_client_packets" lineno="51685">
+<interface name="corenet_dontaudit_receive_rlogind_client_packets" lineno="75609">
 <summary>
-Do not audit attempts to receive ptal_client packets.
+Do not audit attempts to receive rlogind_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52619,9 +54936,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_ptal_client_packets" lineno="51704">
+<interface name="corenet_sendrecv_rlogind_client_packets" lineno="75628">
 <summary>
-Send and receive ptal_client packets.
+Send and receive rlogind_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52630,9 +54947,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_ptal_client_packets" lineno="51720">
+<interface name="corenet_dontaudit_sendrecv_rlogind_client_packets" lineno="75644">
 <summary>
-Do not audit attempts to send and receive ptal_client packets.
+Do not audit attempts to send and receive rlogind_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52641,9 +54958,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_ptal_client_packets" lineno="51735">
+<interface name="corenet_relabelto_rlogind_client_packets" lineno="75659">
 <summary>
-Relabel packets to ptal_client the packet type.
+Relabel packets to rlogind_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -52651,9 +54968,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_ptal_server_packets" lineno="51755">
+<interface name="corenet_send_rlogind_server_packets" lineno="75679">
 <summary>
-Send ptal_server packets.
+Send rlogind_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52662,9 +54979,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_ptal_server_packets" lineno="51774">
+<interface name="corenet_dontaudit_send_rlogind_server_packets" lineno="75698">
 <summary>
-Do not audit attempts to send ptal_server packets.
+Do not audit attempts to send rlogind_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52673,9 +54990,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_ptal_server_packets" lineno="51793">
+<interface name="corenet_receive_rlogind_server_packets" lineno="75717">
 <summary>
-Receive ptal_server packets.
+Receive rlogind_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52684,9 +55001,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_ptal_server_packets" lineno="51812">
+<interface name="corenet_dontaudit_receive_rlogind_server_packets" lineno="75736">
 <summary>
-Do not audit attempts to receive ptal_server packets.
+Do not audit attempts to receive rlogind_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52695,9 +55012,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_ptal_server_packets" lineno="51831">
+<interface name="corenet_sendrecv_rlogind_server_packets" lineno="75755">
 <summary>
-Send and receive ptal_server packets.
+Send and receive rlogind_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52706,9 +55023,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_ptal_server_packets" lineno="51847">
+<interface name="corenet_dontaudit_sendrecv_rlogind_server_packets" lineno="75771">
 <summary>
-Do not audit attempts to send and receive ptal_server packets.
+Do not audit attempts to send and receive rlogind_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52717,9 +55034,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_ptal_server_packets" lineno="51862">
+<interface name="corenet_relabelto_rlogind_server_packets" lineno="75786">
 <summary>
-Relabel packets to ptal_server the packet type.
+Relabel packets to rlogind_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -52727,9 +55044,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_pulseaudio_port" lineno="51884">
+<interface name="corenet_tcp_sendrecv_rndc_port" lineno="75808">
 <summary>
-Send and receive TCP traffic on the pulseaudio port.
+Send and receive TCP traffic on the rndc port.
 </summary>
 <param name="domain">
 <summary>
@@ -52738,9 +55055,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_pulseaudio_port" lineno="51903">
+<interface name="corenet_udp_send_rndc_port" lineno="75827">
 <summary>
-Send UDP traffic on the pulseaudio port.
+Send UDP traffic on the rndc port.
 </summary>
 <param name="domain">
 <summary>
@@ -52749,9 +55066,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_pulseaudio_port" lineno="51922">
+<interface name="corenet_dontaudit_udp_send_rndc_port" lineno="75846">
 <summary>
-Do not audit attempts to send UDP traffic on the pulseaudio port.
+Do not audit attempts to send UDP traffic on the rndc port.
 </summary>
 <param name="domain">
 <summary>
@@ -52760,9 +55077,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_pulseaudio_port" lineno="51941">
+<interface name="corenet_udp_receive_rndc_port" lineno="75865">
 <summary>
-Receive UDP traffic on the pulseaudio port.
+Receive UDP traffic on the rndc port.
 </summary>
 <param name="domain">
 <summary>
@@ -52771,9 +55088,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_pulseaudio_port" lineno="51960">
+<interface name="corenet_dontaudit_udp_receive_rndc_port" lineno="75884">
 <summary>
-Do not audit attempts to receive UDP traffic on the pulseaudio port.
+Do not audit attempts to receive UDP traffic on the rndc port.
 </summary>
 <param name="domain">
 <summary>
@@ -52782,9 +55099,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_pulseaudio_port" lineno="51979">
+<interface name="corenet_udp_sendrecv_rndc_port" lineno="75903">
 <summary>
-Send and receive UDP traffic on the pulseaudio port.
+Send and receive UDP traffic on the rndc port.
 </summary>
 <param name="domain">
 <summary>
@@ -52793,10 +55110,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_pulseaudio_port" lineno="51996">
+<interface name="corenet_dontaudit_udp_sendrecv_rndc_port" lineno="75920">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the pulseaudio port.
+UDP traffic on the rndc port.
 </summary>
 <param name="domain">
 <summary>
@@ -52805,9 +55122,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_pulseaudio_port" lineno="52012">
+<interface name="corenet_tcp_bind_rndc_port" lineno="75936">
 <summary>
-Bind TCP sockets to the pulseaudio port.
+Bind TCP sockets to the rndc port.
 </summary>
 <param name="domain">
 <summary>
@@ -52816,9 +55133,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_pulseaudio_port" lineno="52032">
+<interface name="corenet_udp_bind_rndc_port" lineno="75956">
 <summary>
-Bind UDP sockets to the pulseaudio port.
+Bind UDP sockets to the rndc port.
 </summary>
 <param name="domain">
 <summary>
@@ -52827,9 +55144,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_pulseaudio_port" lineno="52051">
+<interface name="corenet_tcp_connect_rndc_port" lineno="75975">
 <summary>
-Make a TCP connection to the pulseaudio port.
+Make a TCP connection to the rndc port.
 </summary>
 <param name="domain">
 <summary>
@@ -52837,9 +55154,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_pulseaudio_client_packets" lineno="52071">
+<interface name="corenet_send_rndc_client_packets" lineno="75995">
 <summary>
-Send pulseaudio_client packets.
+Send rndc_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52848,9 +55165,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_pulseaudio_client_packets" lineno="52090">
+<interface name="corenet_dontaudit_send_rndc_client_packets" lineno="76014">
 <summary>
-Do not audit attempts to send pulseaudio_client packets.
+Do not audit attempts to send rndc_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52859,9 +55176,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_pulseaudio_client_packets" lineno="52109">
+<interface name="corenet_receive_rndc_client_packets" lineno="76033">
 <summary>
-Receive pulseaudio_client packets.
+Receive rndc_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52870,9 +55187,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_pulseaudio_client_packets" lineno="52128">
+<interface name="corenet_dontaudit_receive_rndc_client_packets" lineno="76052">
 <summary>
-Do not audit attempts to receive pulseaudio_client packets.
+Do not audit attempts to receive rndc_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52881,9 +55198,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_pulseaudio_client_packets" lineno="52147">
+<interface name="corenet_sendrecv_rndc_client_packets" lineno="76071">
 <summary>
-Send and receive pulseaudio_client packets.
+Send and receive rndc_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52892,9 +55209,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_pulseaudio_client_packets" lineno="52163">
+<interface name="corenet_dontaudit_sendrecv_rndc_client_packets" lineno="76087">
 <summary>
-Do not audit attempts to send and receive pulseaudio_client packets.
+Do not audit attempts to send and receive rndc_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52903,9 +55220,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_pulseaudio_client_packets" lineno="52178">
+<interface name="corenet_relabelto_rndc_client_packets" lineno="76102">
 <summary>
-Relabel packets to pulseaudio_client the packet type.
+Relabel packets to rndc_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -52913,9 +55230,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_pulseaudio_server_packets" lineno="52198">
+<interface name="corenet_send_rndc_server_packets" lineno="76122">
 <summary>
-Send pulseaudio_server packets.
+Send rndc_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52924,9 +55241,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_pulseaudio_server_packets" lineno="52217">
+<interface name="corenet_dontaudit_send_rndc_server_packets" lineno="76141">
 <summary>
-Do not audit attempts to send pulseaudio_server packets.
+Do not audit attempts to send rndc_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52935,9 +55252,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_pulseaudio_server_packets" lineno="52236">
+<interface name="corenet_receive_rndc_server_packets" lineno="76160">
 <summary>
-Receive pulseaudio_server packets.
+Receive rndc_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52946,9 +55263,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_pulseaudio_server_packets" lineno="52255">
+<interface name="corenet_dontaudit_receive_rndc_server_packets" lineno="76179">
 <summary>
-Do not audit attempts to receive pulseaudio_server packets.
+Do not audit attempts to receive rndc_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52957,9 +55274,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_pulseaudio_server_packets" lineno="52274">
+<interface name="corenet_sendrecv_rndc_server_packets" lineno="76198">
 <summary>
-Send and receive pulseaudio_server packets.
+Send and receive rndc_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52968,9 +55285,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_pulseaudio_server_packets" lineno="52290">
+<interface name="corenet_dontaudit_sendrecv_rndc_server_packets" lineno="76214">
 <summary>
-Do not audit attempts to send and receive pulseaudio_server packets.
+Do not audit attempts to send and receive rndc_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -52979,9 +55296,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_pulseaudio_server_packets" lineno="52305">
+<interface name="corenet_relabelto_rndc_server_packets" lineno="76229">
 <summary>
-Relabel packets to pulseaudio_server the packet type.
+Relabel packets to rndc_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -52989,9 +55306,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_puppet_port" lineno="52327">
+<interface name="corenet_tcp_sendrecv_router_port" lineno="76251">
 <summary>
-Send and receive TCP traffic on the puppet port.
+Send and receive TCP traffic on the router port.
 </summary>
 <param name="domain">
 <summary>
@@ -53000,9 +55317,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_puppet_port" lineno="52346">
+<interface name="corenet_udp_send_router_port" lineno="76270">
 <summary>
-Send UDP traffic on the puppet port.
+Send UDP traffic on the router port.
 </summary>
 <param name="domain">
 <summary>
@@ -53011,9 +55328,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_puppet_port" lineno="52365">
+<interface name="corenet_dontaudit_udp_send_router_port" lineno="76289">
 <summary>
-Do not audit attempts to send UDP traffic on the puppet port.
+Do not audit attempts to send UDP traffic on the router port.
 </summary>
 <param name="domain">
 <summary>
@@ -53022,9 +55339,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_puppet_port" lineno="52384">
+<interface name="corenet_udp_receive_router_port" lineno="76308">
 <summary>
-Receive UDP traffic on the puppet port.
+Receive UDP traffic on the router port.
 </summary>
 <param name="domain">
 <summary>
@@ -53033,9 +55350,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_puppet_port" lineno="52403">
+<interface name="corenet_dontaudit_udp_receive_router_port" lineno="76327">
 <summary>
-Do not audit attempts to receive UDP traffic on the puppet port.
+Do not audit attempts to receive UDP traffic on the router port.
 </summary>
 <param name="domain">
 <summary>
@@ -53044,9 +55361,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_puppet_port" lineno="52422">
+<interface name="corenet_udp_sendrecv_router_port" lineno="76346">
 <summary>
-Send and receive UDP traffic on the puppet port.
+Send and receive UDP traffic on the router port.
 </summary>
 <param name="domain">
 <summary>
@@ -53055,10 +55372,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_puppet_port" lineno="52439">
+<interface name="corenet_dontaudit_udp_sendrecv_router_port" lineno="76363">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the puppet port.
+UDP traffic on the router port.
 </summary>
 <param name="domain">
 <summary>
@@ -53067,9 +55384,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_puppet_port" lineno="52455">
+<interface name="corenet_tcp_bind_router_port" lineno="76379">
 <summary>
-Bind TCP sockets to the puppet port.
+Bind TCP sockets to the router port.
 </summary>
 <param name="domain">
 <summary>
@@ -53078,9 +55395,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_puppet_port" lineno="52475">
+<interface name="corenet_udp_bind_router_port" lineno="76399">
 <summary>
-Bind UDP sockets to the puppet port.
+Bind UDP sockets to the router port.
 </summary>
 <param name="domain">
 <summary>
@@ -53089,9 +55406,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_puppet_port" lineno="52494">
+<interface name="corenet_tcp_connect_router_port" lineno="76418">
 <summary>
-Make a TCP connection to the puppet port.
+Make a TCP connection to the router port.
 </summary>
 <param name="domain">
 <summary>
@@ -53099,9 +55416,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_puppet_client_packets" lineno="52514">
+<interface name="corenet_send_router_client_packets" lineno="76438">
 <summary>
-Send puppet_client packets.
+Send router_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53110,9 +55427,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_puppet_client_packets" lineno="52533">
+<interface name="corenet_dontaudit_send_router_client_packets" lineno="76457">
 <summary>
-Do not audit attempts to send puppet_client packets.
+Do not audit attempts to send router_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53121,9 +55438,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_puppet_client_packets" lineno="52552">
+<interface name="corenet_receive_router_client_packets" lineno="76476">
 <summary>
-Receive puppet_client packets.
+Receive router_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53132,9 +55449,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_puppet_client_packets" lineno="52571">
+<interface name="corenet_dontaudit_receive_router_client_packets" lineno="76495">
 <summary>
-Do not audit attempts to receive puppet_client packets.
+Do not audit attempts to receive router_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53143,9 +55460,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_puppet_client_packets" lineno="52590">
+<interface name="corenet_sendrecv_router_client_packets" lineno="76514">
 <summary>
-Send and receive puppet_client packets.
+Send and receive router_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53154,9 +55471,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_puppet_client_packets" lineno="52606">
+<interface name="corenet_dontaudit_sendrecv_router_client_packets" lineno="76530">
 <summary>
-Do not audit attempts to send and receive puppet_client packets.
+Do not audit attempts to send and receive router_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53165,9 +55482,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_puppet_client_packets" lineno="52621">
+<interface name="corenet_relabelto_router_client_packets" lineno="76545">
 <summary>
-Relabel packets to puppet_client the packet type.
+Relabel packets to router_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -53175,9 +55492,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_puppet_server_packets" lineno="52641">
+<interface name="corenet_send_router_server_packets" lineno="76565">
 <summary>
-Send puppet_server packets.
+Send router_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53186,9 +55503,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_puppet_server_packets" lineno="52660">
+<interface name="corenet_dontaudit_send_router_server_packets" lineno="76584">
 <summary>
-Do not audit attempts to send puppet_server packets.
+Do not audit attempts to send router_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53197,9 +55514,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_puppet_server_packets" lineno="52679">
+<interface name="corenet_receive_router_server_packets" lineno="76603">
 <summary>
-Receive puppet_server packets.
+Receive router_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53208,9 +55525,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_puppet_server_packets" lineno="52698">
+<interface name="corenet_dontaudit_receive_router_server_packets" lineno="76622">
 <summary>
-Do not audit attempts to receive puppet_server packets.
+Do not audit attempts to receive router_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53219,9 +55536,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_puppet_server_packets" lineno="52717">
+<interface name="corenet_sendrecv_router_server_packets" lineno="76641">
 <summary>
-Send and receive puppet_server packets.
+Send and receive router_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53230,9 +55547,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_puppet_server_packets" lineno="52733">
+<interface name="corenet_dontaudit_sendrecv_router_server_packets" lineno="76657">
 <summary>
-Do not audit attempts to send and receive puppet_server packets.
+Do not audit attempts to send and receive router_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53241,9 +55558,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_puppet_server_packets" lineno="52748">
+<interface name="corenet_relabelto_router_server_packets" lineno="76672">
 <summary>
-Relabel packets to puppet_server the packet type.
+Relabel packets to router_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -53251,9 +55568,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_pxe_port" lineno="52770">
+<interface name="corenet_tcp_sendrecv_rsh_port" lineno="76694">
 <summary>
-Send and receive TCP traffic on the pxe port.
+Send and receive TCP traffic on the rsh port.
 </summary>
 <param name="domain">
 <summary>
@@ -53262,9 +55579,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_pxe_port" lineno="52789">
+<interface name="corenet_udp_send_rsh_port" lineno="76713">
 <summary>
-Send UDP traffic on the pxe port.
+Send UDP traffic on the rsh port.
 </summary>
 <param name="domain">
 <summary>
@@ -53273,9 +55590,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_pxe_port" lineno="52808">
+<interface name="corenet_dontaudit_udp_send_rsh_port" lineno="76732">
 <summary>
-Do not audit attempts to send UDP traffic on the pxe port.
+Do not audit attempts to send UDP traffic on the rsh port.
 </summary>
 <param name="domain">
 <summary>
@@ -53284,9 +55601,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_pxe_port" lineno="52827">
+<interface name="corenet_udp_receive_rsh_port" lineno="76751">
 <summary>
-Receive UDP traffic on the pxe port.
+Receive UDP traffic on the rsh port.
 </summary>
 <param name="domain">
 <summary>
@@ -53295,9 +55612,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_pxe_port" lineno="52846">
+<interface name="corenet_dontaudit_udp_receive_rsh_port" lineno="76770">
 <summary>
-Do not audit attempts to receive UDP traffic on the pxe port.
+Do not audit attempts to receive UDP traffic on the rsh port.
 </summary>
 <param name="domain">
 <summary>
@@ -53306,9 +55623,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_pxe_port" lineno="52865">
+<interface name="corenet_udp_sendrecv_rsh_port" lineno="76789">
 <summary>
-Send and receive UDP traffic on the pxe port.
+Send and receive UDP traffic on the rsh port.
 </summary>
 <param name="domain">
 <summary>
@@ -53317,10 +55634,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_pxe_port" lineno="52882">
+<interface name="corenet_dontaudit_udp_sendrecv_rsh_port" lineno="76806">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the pxe port.
+UDP traffic on the rsh port.
 </summary>
 <param name="domain">
 <summary>
@@ -53329,9 +55646,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_pxe_port" lineno="52898">
+<interface name="corenet_tcp_bind_rsh_port" lineno="76822">
 <summary>
-Bind TCP sockets to the pxe port.
+Bind TCP sockets to the rsh port.
 </summary>
 <param name="domain">
 <summary>
@@ -53340,9 +55657,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_pxe_port" lineno="52918">
+<interface name="corenet_udp_bind_rsh_port" lineno="76842">
 <summary>
-Bind UDP sockets to the pxe port.
+Bind UDP sockets to the rsh port.
 </summary>
 <param name="domain">
 <summary>
@@ -53351,9 +55668,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_pxe_port" lineno="52937">
+<interface name="corenet_tcp_connect_rsh_port" lineno="76861">
 <summary>
-Make a TCP connection to the pxe port.
+Make a TCP connection to the rsh port.
 </summary>
 <param name="domain">
 <summary>
@@ -53361,9 +55678,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_pxe_client_packets" lineno="52957">
+<interface name="corenet_send_rsh_client_packets" lineno="76881">
 <summary>
-Send pxe_client packets.
+Send rsh_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53372,9 +55689,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_pxe_client_packets" lineno="52976">
+<interface name="corenet_dontaudit_send_rsh_client_packets" lineno="76900">
 <summary>
-Do not audit attempts to send pxe_client packets.
+Do not audit attempts to send rsh_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53383,9 +55700,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_pxe_client_packets" lineno="52995">
+<interface name="corenet_receive_rsh_client_packets" lineno="76919">
 <summary>
-Receive pxe_client packets.
+Receive rsh_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53394,9 +55711,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_pxe_client_packets" lineno="53014">
+<interface name="corenet_dontaudit_receive_rsh_client_packets" lineno="76938">
 <summary>
-Do not audit attempts to receive pxe_client packets.
+Do not audit attempts to receive rsh_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53405,9 +55722,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_pxe_client_packets" lineno="53033">
+<interface name="corenet_sendrecv_rsh_client_packets" lineno="76957">
 <summary>
-Send and receive pxe_client packets.
+Send and receive rsh_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53416,9 +55733,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_pxe_client_packets" lineno="53049">
+<interface name="corenet_dontaudit_sendrecv_rsh_client_packets" lineno="76973">
 <summary>
-Do not audit attempts to send and receive pxe_client packets.
+Do not audit attempts to send and receive rsh_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53427,9 +55744,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_pxe_client_packets" lineno="53064">
+<interface name="corenet_relabelto_rsh_client_packets" lineno="76988">
 <summary>
-Relabel packets to pxe_client the packet type.
+Relabel packets to rsh_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -53437,9 +55754,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_pxe_server_packets" lineno="53084">
+<interface name="corenet_send_rsh_server_packets" lineno="77008">
 <summary>
-Send pxe_server packets.
+Send rsh_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53448,9 +55765,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_pxe_server_packets" lineno="53103">
+<interface name="corenet_dontaudit_send_rsh_server_packets" lineno="77027">
 <summary>
-Do not audit attempts to send pxe_server packets.
+Do not audit attempts to send rsh_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53459,9 +55776,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_pxe_server_packets" lineno="53122">
+<interface name="corenet_receive_rsh_server_packets" lineno="77046">
 <summary>
-Receive pxe_server packets.
+Receive rsh_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53470,9 +55787,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_pxe_server_packets" lineno="53141">
+<interface name="corenet_dontaudit_receive_rsh_server_packets" lineno="77065">
 <summary>
-Do not audit attempts to receive pxe_server packets.
+Do not audit attempts to receive rsh_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53481,9 +55798,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_pxe_server_packets" lineno="53160">
+<interface name="corenet_sendrecv_rsh_server_packets" lineno="77084">
 <summary>
-Send and receive pxe_server packets.
+Send and receive rsh_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53492,9 +55809,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_pxe_server_packets" lineno="53176">
+<interface name="corenet_dontaudit_sendrecv_rsh_server_packets" lineno="77100">
 <summary>
-Do not audit attempts to send and receive pxe_server packets.
+Do not audit attempts to send and receive rsh_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53503,9 +55820,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_pxe_server_packets" lineno="53191">
+<interface name="corenet_relabelto_rsh_server_packets" lineno="77115">
 <summary>
-Relabel packets to pxe_server the packet type.
+Relabel packets to rsh_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -53513,9 +55830,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_pyzor_port" lineno="53213">
+<interface name="corenet_tcp_sendrecv_rsync_port" lineno="77137">
 <summary>
-Send and receive TCP traffic on the pyzor port.
+Send and receive TCP traffic on the rsync port.
 </summary>
 <param name="domain">
 <summary>
@@ -53524,9 +55841,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_pyzor_port" lineno="53232">
+<interface name="corenet_udp_send_rsync_port" lineno="77156">
 <summary>
-Send UDP traffic on the pyzor port.
+Send UDP traffic on the rsync port.
 </summary>
 <param name="domain">
 <summary>
@@ -53535,9 +55852,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_pyzor_port" lineno="53251">
+<interface name="corenet_dontaudit_udp_send_rsync_port" lineno="77175">
 <summary>
-Do not audit attempts to send UDP traffic on the pyzor port.
+Do not audit attempts to send UDP traffic on the rsync port.
 </summary>
 <param name="domain">
 <summary>
@@ -53546,9 +55863,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_pyzor_port" lineno="53270">
+<interface name="corenet_udp_receive_rsync_port" lineno="77194">
 <summary>
-Receive UDP traffic on the pyzor port.
+Receive UDP traffic on the rsync port.
 </summary>
 <param name="domain">
 <summary>
@@ -53557,9 +55874,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_pyzor_port" lineno="53289">
+<interface name="corenet_dontaudit_udp_receive_rsync_port" lineno="77213">
 <summary>
-Do not audit attempts to receive UDP traffic on the pyzor port.
+Do not audit attempts to receive UDP traffic on the rsync port.
 </summary>
 <param name="domain">
 <summary>
@@ -53568,9 +55885,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_pyzor_port" lineno="53308">
+<interface name="corenet_udp_sendrecv_rsync_port" lineno="77232">
 <summary>
-Send and receive UDP traffic on the pyzor port.
+Send and receive UDP traffic on the rsync port.
 </summary>
 <param name="domain">
 <summary>
@@ -53579,10 +55896,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_pyzor_port" lineno="53325">
+<interface name="corenet_dontaudit_udp_sendrecv_rsync_port" lineno="77249">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the pyzor port.
+UDP traffic on the rsync port.
 </summary>
 <param name="domain">
 <summary>
@@ -53591,9 +55908,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_pyzor_port" lineno="53341">
+<interface name="corenet_tcp_bind_rsync_port" lineno="77265">
 <summary>
-Bind TCP sockets to the pyzor port.
+Bind TCP sockets to the rsync port.
 </summary>
 <param name="domain">
 <summary>
@@ -53602,9 +55919,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_pyzor_port" lineno="53361">
+<interface name="corenet_udp_bind_rsync_port" lineno="77285">
 <summary>
-Bind UDP sockets to the pyzor port.
+Bind UDP sockets to the rsync port.
 </summary>
 <param name="domain">
 <summary>
@@ -53613,9 +55930,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_pyzor_port" lineno="53380">
+<interface name="corenet_tcp_connect_rsync_port" lineno="77304">
 <summary>
-Make a TCP connection to the pyzor port.
+Make a TCP connection to the rsync port.
 </summary>
 <param name="domain">
 <summary>
@@ -53623,9 +55940,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_pyzor_client_packets" lineno="53400">
+<interface name="corenet_send_rsync_client_packets" lineno="77324">
 <summary>
-Send pyzor_client packets.
+Send rsync_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53634,9 +55951,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_pyzor_client_packets" lineno="53419">
+<interface name="corenet_dontaudit_send_rsync_client_packets" lineno="77343">
 <summary>
-Do not audit attempts to send pyzor_client packets.
+Do not audit attempts to send rsync_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53645,9 +55962,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_pyzor_client_packets" lineno="53438">
+<interface name="corenet_receive_rsync_client_packets" lineno="77362">
 <summary>
-Receive pyzor_client packets.
+Receive rsync_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53656,9 +55973,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_pyzor_client_packets" lineno="53457">
+<interface name="corenet_dontaudit_receive_rsync_client_packets" lineno="77381">
 <summary>
-Do not audit attempts to receive pyzor_client packets.
+Do not audit attempts to receive rsync_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53667,9 +55984,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_pyzor_client_packets" lineno="53476">
+<interface name="corenet_sendrecv_rsync_client_packets" lineno="77400">
 <summary>
-Send and receive pyzor_client packets.
+Send and receive rsync_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53678,9 +55995,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_pyzor_client_packets" lineno="53492">
+<interface name="corenet_dontaudit_sendrecv_rsync_client_packets" lineno="77416">
 <summary>
-Do not audit attempts to send and receive pyzor_client packets.
+Do not audit attempts to send and receive rsync_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53689,9 +56006,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_pyzor_client_packets" lineno="53507">
+<interface name="corenet_relabelto_rsync_client_packets" lineno="77431">
 <summary>
-Relabel packets to pyzor_client the packet type.
+Relabel packets to rsync_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -53699,9 +56016,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_pyzor_server_packets" lineno="53527">
+<interface name="corenet_send_rsync_server_packets" lineno="77451">
 <summary>
-Send pyzor_server packets.
+Send rsync_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53710,9 +56027,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_pyzor_server_packets" lineno="53546">
+<interface name="corenet_dontaudit_send_rsync_server_packets" lineno="77470">
 <summary>
-Do not audit attempts to send pyzor_server packets.
+Do not audit attempts to send rsync_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53721,9 +56038,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_pyzor_server_packets" lineno="53565">
+<interface name="corenet_receive_rsync_server_packets" lineno="77489">
 <summary>
-Receive pyzor_server packets.
+Receive rsync_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53732,9 +56049,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_pyzor_server_packets" lineno="53584">
+<interface name="corenet_dontaudit_receive_rsync_server_packets" lineno="77508">
 <summary>
-Do not audit attempts to receive pyzor_server packets.
+Do not audit attempts to receive rsync_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53743,9 +56060,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_pyzor_server_packets" lineno="53603">
+<interface name="corenet_sendrecv_rsync_server_packets" lineno="77527">
 <summary>
-Send and receive pyzor_server packets.
+Send and receive rsync_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53754,9 +56071,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_pyzor_server_packets" lineno="53619">
+<interface name="corenet_dontaudit_sendrecv_rsync_server_packets" lineno="77543">
 <summary>
-Do not audit attempts to send and receive pyzor_server packets.
+Do not audit attempts to send and receive rsync_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53765,9 +56082,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_pyzor_server_packets" lineno="53634">
+<interface name="corenet_relabelto_rsync_server_packets" lineno="77558">
 <summary>
-Relabel packets to pyzor_server the packet type.
+Relabel packets to rsync_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -53775,9 +56092,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_radacct_port" lineno="53656">
+<interface name="corenet_tcp_sendrecv_rtorrent_port" lineno="77580">
 <summary>
-Send and receive TCP traffic on the radacct port.
+Send and receive TCP traffic on the rtorrent port.
 </summary>
 <param name="domain">
 <summary>
@@ -53786,9 +56103,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_radacct_port" lineno="53675">
+<interface name="corenet_udp_send_rtorrent_port" lineno="77599">
 <summary>
-Send UDP traffic on the radacct port.
+Send UDP traffic on the rtorrent port.
 </summary>
 <param name="domain">
 <summary>
@@ -53797,9 +56114,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_radacct_port" lineno="53694">
+<interface name="corenet_dontaudit_udp_send_rtorrent_port" lineno="77618">
 <summary>
-Do not audit attempts to send UDP traffic on the radacct port.
+Do not audit attempts to send UDP traffic on the rtorrent port.
 </summary>
 <param name="domain">
 <summary>
@@ -53808,9 +56125,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_radacct_port" lineno="53713">
+<interface name="corenet_udp_receive_rtorrent_port" lineno="77637">
 <summary>
-Receive UDP traffic on the radacct port.
+Receive UDP traffic on the rtorrent port.
 </summary>
 <param name="domain">
 <summary>
@@ -53819,9 +56136,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_radacct_port" lineno="53732">
+<interface name="corenet_dontaudit_udp_receive_rtorrent_port" lineno="77656">
 <summary>
-Do not audit attempts to receive UDP traffic on the radacct port.
+Do not audit attempts to receive UDP traffic on the rtorrent port.
 </summary>
 <param name="domain">
 <summary>
@@ -53830,9 +56147,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_radacct_port" lineno="53751">
+<interface name="corenet_udp_sendrecv_rtorrent_port" lineno="77675">
 <summary>
-Send and receive UDP traffic on the radacct port.
+Send and receive UDP traffic on the rtorrent port.
 </summary>
 <param name="domain">
 <summary>
@@ -53841,10 +56158,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_radacct_port" lineno="53768">
+<interface name="corenet_dontaudit_udp_sendrecv_rtorrent_port" lineno="77692">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the radacct port.
+UDP traffic on the rtorrent port.
 </summary>
 <param name="domain">
 <summary>
@@ -53853,9 +56170,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_radacct_port" lineno="53784">
+<interface name="corenet_tcp_bind_rtorrent_port" lineno="77708">
 <summary>
-Bind TCP sockets to the radacct port.
+Bind TCP sockets to the rtorrent port.
 </summary>
 <param name="domain">
 <summary>
@@ -53864,9 +56181,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_radacct_port" lineno="53804">
+<interface name="corenet_udp_bind_rtorrent_port" lineno="77728">
 <summary>
-Bind UDP sockets to the radacct port.
+Bind UDP sockets to the rtorrent port.
 </summary>
 <param name="domain">
 <summary>
@@ -53875,9 +56192,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_radacct_port" lineno="53823">
+<interface name="corenet_tcp_connect_rtorrent_port" lineno="77747">
 <summary>
-Make a TCP connection to the radacct port.
+Make a TCP connection to the rtorrent port.
 </summary>
 <param name="domain">
 <summary>
@@ -53885,9 +56202,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_radacct_client_packets" lineno="53843">
+<interface name="corenet_send_rtorrent_client_packets" lineno="77767">
 <summary>
-Send radacct_client packets.
+Send rtorrent_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53896,9 +56213,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_radacct_client_packets" lineno="53862">
+<interface name="corenet_dontaudit_send_rtorrent_client_packets" lineno="77786">
 <summary>
-Do not audit attempts to send radacct_client packets.
+Do not audit attempts to send rtorrent_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53907,9 +56224,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_radacct_client_packets" lineno="53881">
+<interface name="corenet_receive_rtorrent_client_packets" lineno="77805">
 <summary>
-Receive radacct_client packets.
+Receive rtorrent_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53918,9 +56235,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_radacct_client_packets" lineno="53900">
+<interface name="corenet_dontaudit_receive_rtorrent_client_packets" lineno="77824">
 <summary>
-Do not audit attempts to receive radacct_client packets.
+Do not audit attempts to receive rtorrent_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53929,9 +56246,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_radacct_client_packets" lineno="53919">
+<interface name="corenet_sendrecv_rtorrent_client_packets" lineno="77843">
 <summary>
-Send and receive radacct_client packets.
+Send and receive rtorrent_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53940,9 +56257,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_radacct_client_packets" lineno="53935">
+<interface name="corenet_dontaudit_sendrecv_rtorrent_client_packets" lineno="77859">
 <summary>
-Do not audit attempts to send and receive radacct_client packets.
+Do not audit attempts to send and receive rtorrent_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53951,9 +56268,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_radacct_client_packets" lineno="53950">
+<interface name="corenet_relabelto_rtorrent_client_packets" lineno="77874">
 <summary>
-Relabel packets to radacct_client the packet type.
+Relabel packets to rtorrent_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -53961,9 +56278,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_radacct_server_packets" lineno="53970">
+<interface name="corenet_send_rtorrent_server_packets" lineno="77894">
 <summary>
-Send radacct_server packets.
+Send rtorrent_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53972,9 +56289,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_radacct_server_packets" lineno="53989">
+<interface name="corenet_dontaudit_send_rtorrent_server_packets" lineno="77913">
 <summary>
-Do not audit attempts to send radacct_server packets.
+Do not audit attempts to send rtorrent_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53983,9 +56300,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_radacct_server_packets" lineno="54008">
+<interface name="corenet_receive_rtorrent_server_packets" lineno="77932">
 <summary>
-Receive radacct_server packets.
+Receive rtorrent_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -53994,9 +56311,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_radacct_server_packets" lineno="54027">
+<interface name="corenet_dontaudit_receive_rtorrent_server_packets" lineno="77951">
 <summary>
-Do not audit attempts to receive radacct_server packets.
+Do not audit attempts to receive rtorrent_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54005,9 +56322,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_radacct_server_packets" lineno="54046">
+<interface name="corenet_sendrecv_rtorrent_server_packets" lineno="77970">
 <summary>
-Send and receive radacct_server packets.
+Send and receive rtorrent_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54016,9 +56333,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_radacct_server_packets" lineno="54062">
+<interface name="corenet_dontaudit_sendrecv_rtorrent_server_packets" lineno="77986">
 <summary>
-Do not audit attempts to send and receive radacct_server packets.
+Do not audit attempts to send and receive rtorrent_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54027,9 +56344,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_radacct_server_packets" lineno="54077">
+<interface name="corenet_relabelto_rtorrent_server_packets" lineno="78001">
 <summary>
-Relabel packets to radacct_server the packet type.
+Relabel packets to rtorrent_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -54037,9 +56354,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_radius_port" lineno="54099">
+<interface name="corenet_tcp_sendrecv_rtsp_port" lineno="78023">
 <summary>
-Send and receive TCP traffic on the radius port.
+Send and receive TCP traffic on the rtsp port.
 </summary>
 <param name="domain">
 <summary>
@@ -54048,9 +56365,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_radius_port" lineno="54118">
+<interface name="corenet_udp_send_rtsp_port" lineno="78042">
 <summary>
-Send UDP traffic on the radius port.
+Send UDP traffic on the rtsp port.
 </summary>
 <param name="domain">
 <summary>
@@ -54059,9 +56376,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_radius_port" lineno="54137">
+<interface name="corenet_dontaudit_udp_send_rtsp_port" lineno="78061">
 <summary>
-Do not audit attempts to send UDP traffic on the radius port.
+Do not audit attempts to send UDP traffic on the rtsp port.
 </summary>
 <param name="domain">
 <summary>
@@ -54070,9 +56387,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_radius_port" lineno="54156">
+<interface name="corenet_udp_receive_rtsp_port" lineno="78080">
 <summary>
-Receive UDP traffic on the radius port.
+Receive UDP traffic on the rtsp port.
 </summary>
 <param name="domain">
 <summary>
@@ -54081,9 +56398,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_radius_port" lineno="54175">
+<interface name="corenet_dontaudit_udp_receive_rtsp_port" lineno="78099">
 <summary>
-Do not audit attempts to receive UDP traffic on the radius port.
+Do not audit attempts to receive UDP traffic on the rtsp port.
 </summary>
 <param name="domain">
 <summary>
@@ -54092,9 +56409,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_radius_port" lineno="54194">
+<interface name="corenet_udp_sendrecv_rtsp_port" lineno="78118">
 <summary>
-Send and receive UDP traffic on the radius port.
+Send and receive UDP traffic on the rtsp port.
 </summary>
 <param name="domain">
 <summary>
@@ -54103,10 +56420,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_radius_port" lineno="54211">
+<interface name="corenet_dontaudit_udp_sendrecv_rtsp_port" lineno="78135">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the radius port.
+UDP traffic on the rtsp port.
 </summary>
 <param name="domain">
 <summary>
@@ -54115,9 +56432,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_radius_port" lineno="54227">
+<interface name="corenet_tcp_bind_rtsp_port" lineno="78151">
 <summary>
-Bind TCP sockets to the radius port.
+Bind TCP sockets to the rtsp port.
 </summary>
 <param name="domain">
 <summary>
@@ -54126,9 +56443,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_radius_port" lineno="54247">
+<interface name="corenet_udp_bind_rtsp_port" lineno="78171">
 <summary>
-Bind UDP sockets to the radius port.
+Bind UDP sockets to the rtsp port.
 </summary>
 <param name="domain">
 <summary>
@@ -54137,9 +56454,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_radius_port" lineno="54266">
+<interface name="corenet_tcp_connect_rtsp_port" lineno="78190">
 <summary>
-Make a TCP connection to the radius port.
+Make a TCP connection to the rtsp port.
 </summary>
 <param name="domain">
 <summary>
@@ -54147,9 +56464,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_radius_client_packets" lineno="54286">
+<interface name="corenet_send_rtsp_client_packets" lineno="78210">
 <summary>
-Send radius_client packets.
+Send rtsp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54158,9 +56475,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_radius_client_packets" lineno="54305">
+<interface name="corenet_dontaudit_send_rtsp_client_packets" lineno="78229">
 <summary>
-Do not audit attempts to send radius_client packets.
+Do not audit attempts to send rtsp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54169,9 +56486,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_radius_client_packets" lineno="54324">
+<interface name="corenet_receive_rtsp_client_packets" lineno="78248">
 <summary>
-Receive radius_client packets.
+Receive rtsp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54180,9 +56497,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_radius_client_packets" lineno="54343">
+<interface name="corenet_dontaudit_receive_rtsp_client_packets" lineno="78267">
 <summary>
-Do not audit attempts to receive radius_client packets.
+Do not audit attempts to receive rtsp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54191,9 +56508,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_radius_client_packets" lineno="54362">
+<interface name="corenet_sendrecv_rtsp_client_packets" lineno="78286">
 <summary>
-Send and receive radius_client packets.
+Send and receive rtsp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54202,9 +56519,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_radius_client_packets" lineno="54378">
+<interface name="corenet_dontaudit_sendrecv_rtsp_client_packets" lineno="78302">
 <summary>
-Do not audit attempts to send and receive radius_client packets.
+Do not audit attempts to send and receive rtsp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54213,9 +56530,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_radius_client_packets" lineno="54393">
+<interface name="corenet_relabelto_rtsp_client_packets" lineno="78317">
 <summary>
-Relabel packets to radius_client the packet type.
+Relabel packets to rtsp_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -54223,9 +56540,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_radius_server_packets" lineno="54413">
+<interface name="corenet_send_rtsp_server_packets" lineno="78337">
 <summary>
-Send radius_server packets.
+Send rtsp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54234,9 +56551,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_radius_server_packets" lineno="54432">
+<interface name="corenet_dontaudit_send_rtsp_server_packets" lineno="78356">
 <summary>
-Do not audit attempts to send radius_server packets.
+Do not audit attempts to send rtsp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54245,9 +56562,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_radius_server_packets" lineno="54451">
+<interface name="corenet_receive_rtsp_server_packets" lineno="78375">
 <summary>
-Receive radius_server packets.
+Receive rtsp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54256,9 +56573,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_radius_server_packets" lineno="54470">
+<interface name="corenet_dontaudit_receive_rtsp_server_packets" lineno="78394">
 <summary>
-Do not audit attempts to receive radius_server packets.
+Do not audit attempts to receive rtsp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54267,9 +56584,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_radius_server_packets" lineno="54489">
+<interface name="corenet_sendrecv_rtsp_server_packets" lineno="78413">
 <summary>
-Send and receive radius_server packets.
+Send and receive rtsp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54278,9 +56595,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_radius_server_packets" lineno="54505">
+<interface name="corenet_dontaudit_sendrecv_rtsp_server_packets" lineno="78429">
 <summary>
-Do not audit attempts to send and receive radius_server packets.
+Do not audit attempts to send and receive rtsp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54289,9 +56606,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_radius_server_packets" lineno="54520">
+<interface name="corenet_relabelto_rtsp_server_packets" lineno="78444">
 <summary>
-Relabel packets to radius_server the packet type.
+Relabel packets to rtsp_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -54299,9 +56616,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_radsec_port" lineno="54542">
+<interface name="corenet_tcp_sendrecv_rwho_port" lineno="78466">
 <summary>
-Send and receive TCP traffic on the radsec port.
+Send and receive TCP traffic on the rwho port.
 </summary>
 <param name="domain">
 <summary>
@@ -54310,9 +56627,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_radsec_port" lineno="54561">
+<interface name="corenet_udp_send_rwho_port" lineno="78485">
 <summary>
-Send UDP traffic on the radsec port.
+Send UDP traffic on the rwho port.
 </summary>
 <param name="domain">
 <summary>
@@ -54321,9 +56638,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_radsec_port" lineno="54580">
+<interface name="corenet_dontaudit_udp_send_rwho_port" lineno="78504">
 <summary>
-Do not audit attempts to send UDP traffic on the radsec port.
+Do not audit attempts to send UDP traffic on the rwho port.
 </summary>
 <param name="domain">
 <summary>
@@ -54332,9 +56649,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_radsec_port" lineno="54599">
+<interface name="corenet_udp_receive_rwho_port" lineno="78523">
 <summary>
-Receive UDP traffic on the radsec port.
+Receive UDP traffic on the rwho port.
 </summary>
 <param name="domain">
 <summary>
@@ -54343,9 +56660,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_radsec_port" lineno="54618">
+<interface name="corenet_dontaudit_udp_receive_rwho_port" lineno="78542">
 <summary>
-Do not audit attempts to receive UDP traffic on the radsec port.
+Do not audit attempts to receive UDP traffic on the rwho port.
 </summary>
 <param name="domain">
 <summary>
@@ -54354,9 +56671,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_radsec_port" lineno="54637">
+<interface name="corenet_udp_sendrecv_rwho_port" lineno="78561">
 <summary>
-Send and receive UDP traffic on the radsec port.
+Send and receive UDP traffic on the rwho port.
 </summary>
 <param name="domain">
 <summary>
@@ -54365,10 +56682,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_radsec_port" lineno="54654">
+<interface name="corenet_dontaudit_udp_sendrecv_rwho_port" lineno="78578">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the radsec port.
+UDP traffic on the rwho port.
 </summary>
 <param name="domain">
 <summary>
@@ -54377,9 +56694,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_radsec_port" lineno="54670">
+<interface name="corenet_tcp_bind_rwho_port" lineno="78594">
 <summary>
-Bind TCP sockets to the radsec port.
+Bind TCP sockets to the rwho port.
 </summary>
 <param name="domain">
 <summary>
@@ -54388,9 +56705,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_radsec_port" lineno="54690">
+<interface name="corenet_udp_bind_rwho_port" lineno="78614">
 <summary>
-Bind UDP sockets to the radsec port.
+Bind UDP sockets to the rwho port.
 </summary>
 <param name="domain">
 <summary>
@@ -54399,9 +56716,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_radsec_port" lineno="54709">
+<interface name="corenet_tcp_connect_rwho_port" lineno="78633">
 <summary>
-Make a TCP connection to the radsec port.
+Make a TCP connection to the rwho port.
 </summary>
 <param name="domain">
 <summary>
@@ -54409,9 +56726,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_radsec_client_packets" lineno="54729">
+<interface name="corenet_send_rwho_client_packets" lineno="78653">
 <summary>
-Send radsec_client packets.
+Send rwho_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54420,9 +56737,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_radsec_client_packets" lineno="54748">
+<interface name="corenet_dontaudit_send_rwho_client_packets" lineno="78672">
 <summary>
-Do not audit attempts to send radsec_client packets.
+Do not audit attempts to send rwho_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54431,9 +56748,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_radsec_client_packets" lineno="54767">
+<interface name="corenet_receive_rwho_client_packets" lineno="78691">
 <summary>
-Receive radsec_client packets.
+Receive rwho_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54442,9 +56759,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_radsec_client_packets" lineno="54786">
+<interface name="corenet_dontaudit_receive_rwho_client_packets" lineno="78710">
 <summary>
-Do not audit attempts to receive radsec_client packets.
+Do not audit attempts to receive rwho_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54453,9 +56770,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_radsec_client_packets" lineno="54805">
+<interface name="corenet_sendrecv_rwho_client_packets" lineno="78729">
 <summary>
-Send and receive radsec_client packets.
+Send and receive rwho_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54464,9 +56781,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_radsec_client_packets" lineno="54821">
+<interface name="corenet_dontaudit_sendrecv_rwho_client_packets" lineno="78745">
 <summary>
-Do not audit attempts to send and receive radsec_client packets.
+Do not audit attempts to send and receive rwho_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54475,9 +56792,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_radsec_client_packets" lineno="54836">
+<interface name="corenet_relabelto_rwho_client_packets" lineno="78760">
 <summary>
-Relabel packets to radsec_client the packet type.
+Relabel packets to rwho_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -54485,9 +56802,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_radsec_server_packets" lineno="54856">
+<interface name="corenet_send_rwho_server_packets" lineno="78780">
 <summary>
-Send radsec_server packets.
+Send rwho_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54496,9 +56813,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_radsec_server_packets" lineno="54875">
+<interface name="corenet_dontaudit_send_rwho_server_packets" lineno="78799">
 <summary>
-Do not audit attempts to send radsec_server packets.
+Do not audit attempts to send rwho_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54507,9 +56824,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_radsec_server_packets" lineno="54894">
+<interface name="corenet_receive_rwho_server_packets" lineno="78818">
 <summary>
-Receive radsec_server packets.
+Receive rwho_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54518,9 +56835,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_radsec_server_packets" lineno="54913">
+<interface name="corenet_dontaudit_receive_rwho_server_packets" lineno="78837">
 <summary>
-Do not audit attempts to receive radsec_server packets.
+Do not audit attempts to receive rwho_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54529,9 +56846,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_radsec_server_packets" lineno="54932">
+<interface name="corenet_sendrecv_rwho_server_packets" lineno="78856">
 <summary>
-Send and receive radsec_server packets.
+Send and receive rwho_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54540,9 +56857,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_radsec_server_packets" lineno="54948">
+<interface name="corenet_dontaudit_sendrecv_rwho_server_packets" lineno="78872">
 <summary>
-Do not audit attempts to send and receive radsec_server packets.
+Do not audit attempts to send and receive rwho_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54551,9 +56868,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_radsec_server_packets" lineno="54963">
+<interface name="corenet_relabelto_rwho_server_packets" lineno="78887">
 <summary>
-Relabel packets to radsec_server the packet type.
+Relabel packets to rwho_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -54561,9 +56878,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_razor_port" lineno="54985">
+<interface name="corenet_tcp_sendrecv_salt_port" lineno="78909">
 <summary>
-Send and receive TCP traffic on the razor port.
+Send and receive TCP traffic on the salt port.
 </summary>
 <param name="domain">
 <summary>
@@ -54572,9 +56889,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_razor_port" lineno="55004">
+<interface name="corenet_udp_send_salt_port" lineno="78928">
 <summary>
-Send UDP traffic on the razor port.
+Send UDP traffic on the salt port.
 </summary>
 <param name="domain">
 <summary>
@@ -54583,9 +56900,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_razor_port" lineno="55023">
+<interface name="corenet_dontaudit_udp_send_salt_port" lineno="78947">
 <summary>
-Do not audit attempts to send UDP traffic on the razor port.
+Do not audit attempts to send UDP traffic on the salt port.
 </summary>
 <param name="domain">
 <summary>
@@ -54594,9 +56911,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_razor_port" lineno="55042">
+<interface name="corenet_udp_receive_salt_port" lineno="78966">
 <summary>
-Receive UDP traffic on the razor port.
+Receive UDP traffic on the salt port.
 </summary>
 <param name="domain">
 <summary>
@@ -54605,9 +56922,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_razor_port" lineno="55061">
+<interface name="corenet_dontaudit_udp_receive_salt_port" lineno="78985">
 <summary>
-Do not audit attempts to receive UDP traffic on the razor port.
+Do not audit attempts to receive UDP traffic on the salt port.
 </summary>
 <param name="domain">
 <summary>
@@ -54616,9 +56933,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_razor_port" lineno="55080">
+<interface name="corenet_udp_sendrecv_salt_port" lineno="79004">
 <summary>
-Send and receive UDP traffic on the razor port.
+Send and receive UDP traffic on the salt port.
 </summary>
 <param name="domain">
 <summary>
@@ -54627,10 +56944,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_razor_port" lineno="55097">
+<interface name="corenet_dontaudit_udp_sendrecv_salt_port" lineno="79021">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the razor port.
+UDP traffic on the salt port.
 </summary>
 <param name="domain">
 <summary>
@@ -54639,9 +56956,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_razor_port" lineno="55113">
+<interface name="corenet_tcp_bind_salt_port" lineno="79037">
 <summary>
-Bind TCP sockets to the razor port.
+Bind TCP sockets to the salt port.
 </summary>
 <param name="domain">
 <summary>
@@ -54650,9 +56967,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_razor_port" lineno="55133">
+<interface name="corenet_udp_bind_salt_port" lineno="79057">
 <summary>
-Bind UDP sockets to the razor port.
+Bind UDP sockets to the salt port.
 </summary>
 <param name="domain">
 <summary>
@@ -54661,9 +56978,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_razor_port" lineno="55152">
+<interface name="corenet_tcp_connect_salt_port" lineno="79076">
 <summary>
-Make a TCP connection to the razor port.
+Make a TCP connection to the salt port.
 </summary>
 <param name="domain">
 <summary>
@@ -54671,9 +56988,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_razor_client_packets" lineno="55172">
+<interface name="corenet_send_salt_client_packets" lineno="79096">
 <summary>
-Send razor_client packets.
+Send salt_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54682,9 +56999,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_razor_client_packets" lineno="55191">
+<interface name="corenet_dontaudit_send_salt_client_packets" lineno="79115">
 <summary>
-Do not audit attempts to send razor_client packets.
+Do not audit attempts to send salt_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54693,9 +57010,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_razor_client_packets" lineno="55210">
+<interface name="corenet_receive_salt_client_packets" lineno="79134">
 <summary>
-Receive razor_client packets.
+Receive salt_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54704,9 +57021,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_razor_client_packets" lineno="55229">
+<interface name="corenet_dontaudit_receive_salt_client_packets" lineno="79153">
 <summary>
-Do not audit attempts to receive razor_client packets.
+Do not audit attempts to receive salt_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54715,9 +57032,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_razor_client_packets" lineno="55248">
+<interface name="corenet_sendrecv_salt_client_packets" lineno="79172">
 <summary>
-Send and receive razor_client packets.
+Send and receive salt_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54726,9 +57043,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_razor_client_packets" lineno="55264">
+<interface name="corenet_dontaudit_sendrecv_salt_client_packets" lineno="79188">
 <summary>
-Do not audit attempts to send and receive razor_client packets.
+Do not audit attempts to send and receive salt_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54737,9 +57054,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_razor_client_packets" lineno="55279">
+<interface name="corenet_relabelto_salt_client_packets" lineno="79203">
 <summary>
-Relabel packets to razor_client the packet type.
+Relabel packets to salt_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -54747,9 +57064,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_razor_server_packets" lineno="55299">
+<interface name="corenet_send_salt_server_packets" lineno="79223">
 <summary>
-Send razor_server packets.
+Send salt_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54758,9 +57075,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_razor_server_packets" lineno="55318">
+<interface name="corenet_dontaudit_send_salt_server_packets" lineno="79242">
 <summary>
-Do not audit attempts to send razor_server packets.
+Do not audit attempts to send salt_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54769,9 +57086,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_razor_server_packets" lineno="55337">
+<interface name="corenet_receive_salt_server_packets" lineno="79261">
 <summary>
-Receive razor_server packets.
+Receive salt_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54780,9 +57097,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_razor_server_packets" lineno="55356">
+<interface name="corenet_dontaudit_receive_salt_server_packets" lineno="79280">
 <summary>
-Do not audit attempts to receive razor_server packets.
+Do not audit attempts to receive salt_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54791,9 +57108,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_razor_server_packets" lineno="55375">
+<interface name="corenet_sendrecv_salt_server_packets" lineno="79299">
 <summary>
-Send and receive razor_server packets.
+Send and receive salt_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54802,9 +57119,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_razor_server_packets" lineno="55391">
+<interface name="corenet_dontaudit_sendrecv_salt_server_packets" lineno="79315">
 <summary>
-Do not audit attempts to send and receive razor_server packets.
+Do not audit attempts to send and receive salt_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54813,9 +57130,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_razor_server_packets" lineno="55406">
+<interface name="corenet_relabelto_salt_server_packets" lineno="79330">
 <summary>
-Relabel packets to razor_server the packet type.
+Relabel packets to salt_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -54823,9 +57140,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_repository_port" lineno="55428">
+<interface name="corenet_tcp_sendrecv_sap_port" lineno="79352">
 <summary>
-Send and receive TCP traffic on the repository port.
+Send and receive TCP traffic on the sap port.
 </summary>
 <param name="domain">
 <summary>
@@ -54834,9 +57151,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_repository_port" lineno="55447">
+<interface name="corenet_udp_send_sap_port" lineno="79371">
 <summary>
-Send UDP traffic on the repository port.
+Send UDP traffic on the sap port.
 </summary>
 <param name="domain">
 <summary>
@@ -54845,9 +57162,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_repository_port" lineno="55466">
+<interface name="corenet_dontaudit_udp_send_sap_port" lineno="79390">
 <summary>
-Do not audit attempts to send UDP traffic on the repository port.
+Do not audit attempts to send UDP traffic on the sap port.
 </summary>
 <param name="domain">
 <summary>
@@ -54856,9 +57173,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_repository_port" lineno="55485">
+<interface name="corenet_udp_receive_sap_port" lineno="79409">
 <summary>
-Receive UDP traffic on the repository port.
+Receive UDP traffic on the sap port.
 </summary>
 <param name="domain">
 <summary>
@@ -54867,9 +57184,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_repository_port" lineno="55504">
+<interface name="corenet_dontaudit_udp_receive_sap_port" lineno="79428">
 <summary>
-Do not audit attempts to receive UDP traffic on the repository port.
+Do not audit attempts to receive UDP traffic on the sap port.
 </summary>
 <param name="domain">
 <summary>
@@ -54878,9 +57195,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_repository_port" lineno="55523">
+<interface name="corenet_udp_sendrecv_sap_port" lineno="79447">
 <summary>
-Send and receive UDP traffic on the repository port.
+Send and receive UDP traffic on the sap port.
 </summary>
 <param name="domain">
 <summary>
@@ -54889,10 +57206,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_repository_port" lineno="55540">
+<interface name="corenet_dontaudit_udp_sendrecv_sap_port" lineno="79464">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the repository port.
+UDP traffic on the sap port.
 </summary>
 <param name="domain">
 <summary>
@@ -54901,9 +57218,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_repository_port" lineno="55556">
+<interface name="corenet_tcp_bind_sap_port" lineno="79480">
 <summary>
-Bind TCP sockets to the repository port.
+Bind TCP sockets to the sap port.
 </summary>
 <param name="domain">
 <summary>
@@ -54912,9 +57229,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_repository_port" lineno="55576">
+<interface name="corenet_udp_bind_sap_port" lineno="79500">
 <summary>
-Bind UDP sockets to the repository port.
+Bind UDP sockets to the sap port.
 </summary>
 <param name="domain">
 <summary>
@@ -54923,9 +57240,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_repository_port" lineno="55595">
+<interface name="corenet_tcp_connect_sap_port" lineno="79519">
 <summary>
-Make a TCP connection to the repository port.
+Make a TCP connection to the sap port.
 </summary>
 <param name="domain">
 <summary>
@@ -54933,9 +57250,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_repository_client_packets" lineno="55615">
+<interface name="corenet_send_sap_client_packets" lineno="79539">
 <summary>
-Send repository_client packets.
+Send sap_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54944,9 +57261,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_repository_client_packets" lineno="55634">
+<interface name="corenet_dontaudit_send_sap_client_packets" lineno="79558">
 <summary>
-Do not audit attempts to send repository_client packets.
+Do not audit attempts to send sap_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54955,9 +57272,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_repository_client_packets" lineno="55653">
+<interface name="corenet_receive_sap_client_packets" lineno="79577">
 <summary>
-Receive repository_client packets.
+Receive sap_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54966,9 +57283,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_repository_client_packets" lineno="55672">
+<interface name="corenet_dontaudit_receive_sap_client_packets" lineno="79596">
 <summary>
-Do not audit attempts to receive repository_client packets.
+Do not audit attempts to receive sap_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54977,9 +57294,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_repository_client_packets" lineno="55691">
+<interface name="corenet_sendrecv_sap_client_packets" lineno="79615">
 <summary>
-Send and receive repository_client packets.
+Send and receive sap_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54988,9 +57305,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_repository_client_packets" lineno="55707">
+<interface name="corenet_dontaudit_sendrecv_sap_client_packets" lineno="79631">
 <summary>
-Do not audit attempts to send and receive repository_client packets.
+Do not audit attempts to send and receive sap_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -54999,9 +57316,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_repository_client_packets" lineno="55722">
+<interface name="corenet_relabelto_sap_client_packets" lineno="79646">
 <summary>
-Relabel packets to repository_client the packet type.
+Relabel packets to sap_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -55009,9 +57326,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_repository_server_packets" lineno="55742">
+<interface name="corenet_send_sap_server_packets" lineno="79666">
 <summary>
-Send repository_server packets.
+Send sap_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -55020,9 +57337,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_repository_server_packets" lineno="55761">
+<interface name="corenet_dontaudit_send_sap_server_packets" lineno="79685">
 <summary>
-Do not audit attempts to send repository_server packets.
+Do not audit attempts to send sap_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -55031,9 +57348,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_repository_server_packets" lineno="55780">
+<interface name="corenet_receive_sap_server_packets" lineno="79704">
 <summary>
-Receive repository_server packets.
+Receive sap_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -55042,9 +57359,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_repository_server_packets" lineno="55799">
+<interface name="corenet_dontaudit_receive_sap_server_packets" lineno="79723">
 <summary>
-Do not audit attempts to receive repository_server packets.
+Do not audit attempts to receive sap_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -55053,9 +57370,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_repository_server_packets" lineno="55818">
+<interface name="corenet_sendrecv_sap_server_packets" lineno="79742">
 <summary>
-Send and receive repository_server packets.
+Send and receive sap_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -55064,9 +57381,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_repository_server_packets" lineno="55834">
+<interface name="corenet_dontaudit_sendrecv_sap_server_packets" lineno="79758">
 <summary>
-Do not audit attempts to send and receive repository_server packets.
+Do not audit attempts to send and receive sap_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -55075,9 +57392,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_repository_server_packets" lineno="55849">
+<interface name="corenet_relabelto_sap_server_packets" lineno="79773">
 <summary>
-Relabel packets to repository_server the packet type.
+Relabel packets to sap_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -55085,9 +57402,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_ricci_port" lineno="55871">
+<interface name="corenet_tcp_sendrecv_servistaitsm_port" lineno="79795">
 <summary>
-Send and receive TCP traffic on the ricci port.
+Send and receive TCP traffic on the servistaitsm port.
 </summary>
 <param name="domain">
 <summary>
@@ -55096,9 +57413,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_ricci_port" lineno="55890">
+<interface name="corenet_udp_send_servistaitsm_port" lineno="79814">
 <summary>
-Send UDP traffic on the ricci port.
+Send UDP traffic on the servistaitsm port.
 </summary>
 <param name="domain">
 <summary>
@@ -55107,9 +57424,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_ricci_port" lineno="55909">
+<interface name="corenet_dontaudit_udp_send_servistaitsm_port" lineno="79833">
 <summary>
-Do not audit attempts to send UDP traffic on the ricci port.
+Do not audit attempts to send UDP traffic on the servistaitsm port.
 </summary>
 <param name="domain">
 <summary>
@@ -55118,9 +57435,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_ricci_port" lineno="55928">
+<interface name="corenet_udp_receive_servistaitsm_port" lineno="79852">
 <summary>
-Receive UDP traffic on the ricci port.
+Receive UDP traffic on the servistaitsm port.
 </summary>
 <param name="domain">
 <summary>
@@ -55129,9 +57446,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_ricci_port" lineno="55947">
+<interface name="corenet_dontaudit_udp_receive_servistaitsm_port" lineno="79871">
 <summary>
-Do not audit attempts to receive UDP traffic on the ricci port.
+Do not audit attempts to receive UDP traffic on the servistaitsm port.
 </summary>
 <param name="domain">
 <summary>
@@ -55140,9 +57457,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_ricci_port" lineno="55966">
+<interface name="corenet_udp_sendrecv_servistaitsm_port" lineno="79890">
 <summary>
-Send and receive UDP traffic on the ricci port.
+Send and receive UDP traffic on the servistaitsm port.
 </summary>
 <param name="domain">
 <summary>
@@ -55151,10 +57468,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_ricci_port" lineno="55983">
+<interface name="corenet_dontaudit_udp_sendrecv_servistaitsm_port" lineno="79907">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the ricci port.
+UDP traffic on the servistaitsm port.
 </summary>
 <param name="domain">
 <summary>
@@ -55163,9 +57480,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_ricci_port" lineno="55999">
+<interface name="corenet_tcp_bind_servistaitsm_port" lineno="79923">
 <summary>
-Bind TCP sockets to the ricci port.
+Bind TCP sockets to the servistaitsm port.
 </summary>
 <param name="domain">
 <summary>
@@ -55174,9 +57491,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_ricci_port" lineno="56019">
+<interface name="corenet_udp_bind_servistaitsm_port" lineno="79943">
 <summary>
-Bind UDP sockets to the ricci port.
+Bind UDP sockets to the servistaitsm port.
 </summary>
 <param name="domain">
 <summary>
@@ -55185,9 +57502,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_ricci_port" lineno="56038">
+<interface name="corenet_tcp_connect_servistaitsm_port" lineno="79962">
 <summary>
-Make a TCP connection to the ricci port.
+Make a TCP connection to the servistaitsm port.
 </summary>
 <param name="domain">
 <summary>
@@ -55195,9 +57512,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_ricci_client_packets" lineno="56058">
+<interface name="corenet_send_servistaitsm_client_packets" lineno="79982">
 <summary>
-Send ricci_client packets.
+Send servistaitsm_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -55206,9 +57523,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_ricci_client_packets" lineno="56077">
+<interface name="corenet_dontaudit_send_servistaitsm_client_packets" lineno="80001">
 <summary>
-Do not audit attempts to send ricci_client packets.
+Do not audit attempts to send servistaitsm_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -55217,9 +57534,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_ricci_client_packets" lineno="56096">
+<interface name="corenet_receive_servistaitsm_client_packets" lineno="80020">
 <summary>
-Receive ricci_client packets.
+Receive servistaitsm_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -55228,9 +57545,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_ricci_client_packets" lineno="56115">
+<interface name="corenet_dontaudit_receive_servistaitsm_client_packets" lineno="80039">
 <summary>
-Do not audit attempts to receive ricci_client packets.
+Do not audit attempts to receive servistaitsm_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -55239,9 +57556,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_ricci_client_packets" lineno="56134">
+<interface name="corenet_sendrecv_servistaitsm_client_packets" lineno="80058">
 <summary>
-Send and receive ricci_client packets.
+Send and receive servistaitsm_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -55250,9 +57567,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_ricci_client_packets" lineno="56150">
+<interface name="corenet_dontaudit_sendrecv_servistaitsm_client_packets" lineno="80074">
 <summary>
-Do not audit attempts to send and receive ricci_client packets.
+Do not audit attempts to send and receive servistaitsm_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -55261,9 +57578,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_ricci_client_packets" lineno="56165">
+<interface name="corenet_relabelto_servistaitsm_client_packets" lineno="80089">
 <summary>
-Relabel packets to ricci_client the packet type.
+Relabel packets to servistaitsm_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -55271,9 +57588,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_ricci_server_packets" lineno="56185">
+<interface name="corenet_send_servistaitsm_server_packets" lineno="80109">
 <summary>
-Send ricci_server packets.
+Send servistaitsm_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -55282,9 +57599,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_ricci_server_packets" lineno="56204">
+<interface name="corenet_dontaudit_send_servistaitsm_server_packets" lineno="80128">
 <summary>
-Do not audit attempts to send ricci_server packets.
+Do not audit attempts to send servistaitsm_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -55293,9 +57610,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_ricci_server_packets" lineno="56223">
+<interface name="corenet_receive_servistaitsm_server_packets" lineno="80147">
 <summary>
-Receive ricci_server packets.
+Receive servistaitsm_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -55304,9 +57621,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_ricci_server_packets" lineno="56242">
+<interface name="corenet_dontaudit_receive_servistaitsm_server_packets" lineno="80166">
 <summary>
-Do not audit attempts to receive ricci_server packets.
+Do not audit attempts to receive servistaitsm_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -55315,9 +57632,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_ricci_server_packets" lineno="56261">
+<interface name="corenet_sendrecv_servistaitsm_server_packets" lineno="80185">
 <summary>
-Send and receive ricci_server packets.
+Send and receive servistaitsm_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -55326,9 +57643,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_ricci_server_packets" lineno="56277">
+<interface name="corenet_dontaudit_sendrecv_servistaitsm_server_packets" lineno="80201">
 <summary>
-Do not audit attempts to send and receive ricci_server packets.
+Do not audit attempts to send and receive servistaitsm_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -55337,9 +57654,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_ricci_server_packets" lineno="56292">
+<interface name="corenet_relabelto_servistaitsm_server_packets" lineno="80216">
 <summary>
-Relabel packets to ricci_server the packet type.
+Relabel packets to servistaitsm_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -55347,9 +57664,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_ricci_modcluster_port" lineno="56314">
+<interface name="corenet_tcp_sendrecv_sieve_port" lineno="80238">
 <summary>
-Send and receive TCP traffic on the ricci_modcluster port.
+Send and receive TCP traffic on the sieve port.
 </summary>
 <param name="domain">
 <summary>
@@ -55358,9 +57675,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_ricci_modcluster_port" lineno="56333">
+<interface name="corenet_udp_send_sieve_port" lineno="80257">
 <summary>
-Send UDP traffic on the ricci_modcluster port.
+Send UDP traffic on the sieve port.
 </summary>
 <param name="domain">
 <summary>
@@ -55369,9 +57686,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_ricci_modcluster_port" lineno="56352">
+<interface name="corenet_dontaudit_udp_send_sieve_port" lineno="80276">
 <summary>
-Do not audit attempts to send UDP traffic on the ricci_modcluster port.
+Do not audit attempts to send UDP traffic on the sieve port.
 </summary>
 <param name="domain">
 <summary>
@@ -55380,9 +57697,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_ricci_modcluster_port" lineno="56371">
+<interface name="corenet_udp_receive_sieve_port" lineno="80295">
 <summary>
-Receive UDP traffic on the ricci_modcluster port.
+Receive UDP traffic on the sieve port.
 </summary>
 <param name="domain">
 <summary>
@@ -55391,9 +57708,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_ricci_modcluster_port" lineno="56390">
+<interface name="corenet_dontaudit_udp_receive_sieve_port" lineno="80314">
 <summary>
-Do not audit attempts to receive UDP traffic on the ricci_modcluster port.
+Do not audit attempts to receive UDP traffic on the sieve port.
 </summary>
 <param name="domain">
 <summary>
@@ -55402,9 +57719,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_ricci_modcluster_port" lineno="56409">
+<interface name="corenet_udp_sendrecv_sieve_port" lineno="80333">
 <summary>
-Send and receive UDP traffic on the ricci_modcluster port.
+Send and receive UDP traffic on the sieve port.
 </summary>
 <param name="domain">
 <summary>
@@ -55413,10 +57730,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_ricci_modcluster_port" lineno="56426">
+<interface name="corenet_dontaudit_udp_sendrecv_sieve_port" lineno="80350">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the ricci_modcluster port.
+UDP traffic on the sieve port.
 </summary>
 <param name="domain">
 <summary>
@@ -55425,9 +57742,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_ricci_modcluster_port" lineno="56442">
+<interface name="corenet_tcp_bind_sieve_port" lineno="80366">
 <summary>
-Bind TCP sockets to the ricci_modcluster port.
+Bind TCP sockets to the sieve port.
 </summary>
 <param name="domain">
 <summary>
@@ -55436,9 +57753,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_ricci_modcluster_port" lineno="56462">
+<interface name="corenet_udp_bind_sieve_port" lineno="80386">
 <summary>
-Bind UDP sockets to the ricci_modcluster port.
+Bind UDP sockets to the sieve port.
 </summary>
 <param name="domain">
 <summary>
@@ -55447,9 +57764,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_ricci_modcluster_port" lineno="56481">
+<interface name="corenet_tcp_connect_sieve_port" lineno="80405">
 <summary>
-Make a TCP connection to the ricci_modcluster port.
+Make a TCP connection to the sieve port.
 </summary>
 <param name="domain">
 <summary>
@@ -55457,9 +57774,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_ricci_modcluster_client_packets" lineno="56501">
+<interface name="corenet_send_sieve_client_packets" lineno="80425">
 <summary>
-Send ricci_modcluster_client packets.
+Send sieve_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -55468,9 +57785,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_ricci_modcluster_client_packets" lineno="56520">
+<interface name="corenet_dontaudit_send_sieve_client_packets" lineno="80444">
 <summary>
-Do not audit attempts to send ricci_modcluster_client packets.
+Do not audit attempts to send sieve_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -55479,9 +57796,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_ricci_modcluster_client_packets" lineno="56539">
+<interface name="corenet_receive_sieve_client_packets" lineno="80463">
 <summary>
-Receive ricci_modcluster_client packets.
+Receive sieve_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -55490,9 +57807,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_ricci_modcluster_client_packets" lineno="56558">
+<interface name="corenet_dontaudit_receive_sieve_client_packets" lineno="80482">
 <summary>
-Do not audit attempts to receive ricci_modcluster_client packets.
+Do not audit attempts to receive sieve_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -55501,9 +57818,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_ricci_modcluster_client_packets" lineno="56577">
+<interface name="corenet_sendrecv_sieve_client_packets" lineno="80501">
 <summary>
-Send and receive ricci_modcluster_client packets.
+Send and receive sieve_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -55512,9 +57829,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_ricci_modcluster_client_packets" lineno="56593">
+<interface name="corenet_dontaudit_sendrecv_sieve_client_packets" lineno="80517">
 <summary>
-Do not audit attempts to send and receive ricci_modcluster_client packets.
+Do not audit attempts to send and receive sieve_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -55523,9 +57840,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_ricci_modcluster_client_packets" lineno="56608">
+<interface name="corenet_relabelto_sieve_client_packets" lineno="80532">
 <summary>
-Relabel packets to ricci_modcluster_client the packet type.
+Relabel packets to sieve_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -55533,9 +57850,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_ricci_modcluster_server_packets" lineno="56628">
+<interface name="corenet_send_sieve_server_packets" lineno="80552">
 <summary>
-Send ricci_modcluster_server packets.
+Send sieve_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -55544,9 +57861,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_ricci_modcluster_server_packets" lineno="56647">
+<interface name="corenet_dontaudit_send_sieve_server_packets" lineno="80571">
 <summary>
-Do not audit attempts to send ricci_modcluster_server packets.
+Do not audit attempts to send sieve_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -55555,9 +57872,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_ricci_modcluster_server_packets" lineno="56666">
+<interface name="corenet_receive_sieve_server_packets" lineno="80590">
 <summary>
-Receive ricci_modcluster_server packets.
+Receive sieve_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -55566,9 +57883,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_ricci_modcluster_server_packets" lineno="56685">
+<interface name="corenet_dontaudit_receive_sieve_server_packets" lineno="80609">
 <summary>
-Do not audit attempts to receive ricci_modcluster_server packets.
+Do not audit attempts to receive sieve_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -55577,9 +57894,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_ricci_modcluster_server_packets" lineno="56704">
+<interface name="corenet_sendrecv_sieve_server_packets" lineno="80628">
 <summary>
-Send and receive ricci_modcluster_server packets.
+Send and receive sieve_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -55588,9 +57905,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_ricci_modcluster_server_packets" lineno="56720">
+<interface name="corenet_dontaudit_sendrecv_sieve_server_packets" lineno="80644">
 <summary>
-Do not audit attempts to send and receive ricci_modcluster_server packets.
+Do not audit attempts to send and receive sieve_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -55599,9 +57916,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_ricci_modcluster_server_packets" lineno="56735">
+<interface name="corenet_relabelto_sieve_server_packets" lineno="80659">
 <summary>
-Relabel packets to ricci_modcluster_server the packet type.
+Relabel packets to sieve_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -55609,9 +57926,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_rlogind_port" lineno="56757">
+<interface name="corenet_tcp_sendrecv_sip_port" lineno="80681">
 <summary>
-Send and receive TCP traffic on the rlogind port.
+Send and receive TCP traffic on the sip port.
 </summary>
 <param name="domain">
 <summary>
@@ -55620,9 +57937,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_rlogind_port" lineno="56776">
+<interface name="corenet_udp_send_sip_port" lineno="80700">
 <summary>
-Send UDP traffic on the rlogind port.
+Send UDP traffic on the sip port.
 </summary>
 <param name="domain">
 <summary>
@@ -55631,9 +57948,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_rlogind_port" lineno="56795">
+<interface name="corenet_dontaudit_udp_send_sip_port" lineno="80719">
 <summary>
-Do not audit attempts to send UDP traffic on the rlogind port.
+Do not audit attempts to send UDP traffic on the sip port.
 </summary>
 <param name="domain">
 <summary>
@@ -55642,9 +57959,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_rlogind_port" lineno="56814">
+<interface name="corenet_udp_receive_sip_port" lineno="80738">
 <summary>
-Receive UDP traffic on the rlogind port.
+Receive UDP traffic on the sip port.
 </summary>
 <param name="domain">
 <summary>
@@ -55653,9 +57970,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_rlogind_port" lineno="56833">
+<interface name="corenet_dontaudit_udp_receive_sip_port" lineno="80757">
 <summary>
-Do not audit attempts to receive UDP traffic on the rlogind port.
+Do not audit attempts to receive UDP traffic on the sip port.
 </summary>
 <param name="domain">
 <summary>
@@ -55664,9 +57981,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_rlogind_port" lineno="56852">
+<interface name="corenet_udp_sendrecv_sip_port" lineno="80776">
 <summary>
-Send and receive UDP traffic on the rlogind port.
+Send and receive UDP traffic on the sip port.
 </summary>
 <param name="domain">
 <summary>
@@ -55675,10 +57992,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_rlogind_port" lineno="56869">
+<interface name="corenet_dontaudit_udp_sendrecv_sip_port" lineno="80793">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the rlogind port.
+UDP traffic on the sip port.
 </summary>
 <param name="domain">
 <summary>
@@ -55687,9 +58004,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_rlogind_port" lineno="56885">
+<interface name="corenet_tcp_bind_sip_port" lineno="80809">
 <summary>
-Bind TCP sockets to the rlogind port.
+Bind TCP sockets to the sip port.
 </summary>
 <param name="domain">
 <summary>
@@ -55698,9 +58015,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_rlogind_port" lineno="56905">
+<interface name="corenet_udp_bind_sip_port" lineno="80829">
 <summary>
-Bind UDP sockets to the rlogind port.
+Bind UDP sockets to the sip port.
 </summary>
 <param name="domain">
 <summary>
@@ -55709,9 +58026,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_rlogind_port" lineno="56924">
+<interface name="corenet_tcp_connect_sip_port" lineno="80848">
 <summary>
-Make a TCP connection to the rlogind port.
+Make a TCP connection to the sip port.
 </summary>
 <param name="domain">
 <summary>
@@ -55719,9 +58036,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_rlogind_client_packets" lineno="56944">
+<interface name="corenet_send_sip_client_packets" lineno="80868">
 <summary>
-Send rlogind_client packets.
+Send sip_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -55730,9 +58047,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_rlogind_client_packets" lineno="56963">
+<interface name="corenet_dontaudit_send_sip_client_packets" lineno="80887">
 <summary>
-Do not audit attempts to send rlogind_client packets.
+Do not audit attempts to send sip_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -55741,9 +58058,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_rlogind_client_packets" lineno="56982">
+<interface name="corenet_receive_sip_client_packets" lineno="80906">
 <summary>
-Receive rlogind_client packets.
+Receive sip_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -55752,9 +58069,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_rlogind_client_packets" lineno="57001">
+<interface name="corenet_dontaudit_receive_sip_client_packets" lineno="80925">
 <summary>
-Do not audit attempts to receive rlogind_client packets.
+Do not audit attempts to receive sip_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -55763,9 +58080,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_rlogind_client_packets" lineno="57020">
+<interface name="corenet_sendrecv_sip_client_packets" lineno="80944">
 <summary>
-Send and receive rlogind_client packets.
+Send and receive sip_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -55774,9 +58091,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_rlogind_client_packets" lineno="57036">
+<interface name="corenet_dontaudit_sendrecv_sip_client_packets" lineno="80960">
 <summary>
-Do not audit attempts to send and receive rlogind_client packets.
+Do not audit attempts to send and receive sip_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -55785,9 +58102,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_rlogind_client_packets" lineno="57051">
+<interface name="corenet_relabelto_sip_client_packets" lineno="80975">
 <summary>
-Relabel packets to rlogind_client the packet type.
+Relabel packets to sip_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -55795,9 +58112,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_rlogind_server_packets" lineno="57071">
+<interface name="corenet_send_sip_server_packets" lineno="80995">
 <summary>
-Send rlogind_server packets.
+Send sip_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -55806,9 +58123,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_rlogind_server_packets" lineno="57090">
+<interface name="corenet_dontaudit_send_sip_server_packets" lineno="81014">
 <summary>
-Do not audit attempts to send rlogind_server packets.
+Do not audit attempts to send sip_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -55817,9 +58134,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_rlogind_server_packets" lineno="57109">
+<interface name="corenet_receive_sip_server_packets" lineno="81033">
 <summary>
-Receive rlogind_server packets.
+Receive sip_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -55828,9 +58145,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_rlogind_server_packets" lineno="57128">
+<interface name="corenet_dontaudit_receive_sip_server_packets" lineno="81052">
 <summary>
-Do not audit attempts to receive rlogind_server packets.
+Do not audit attempts to receive sip_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -55839,9 +58156,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_rlogind_server_packets" lineno="57147">
+<interface name="corenet_sendrecv_sip_server_packets" lineno="81071">
 <summary>
-Send and receive rlogind_server packets.
+Send and receive sip_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -55850,9 +58167,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_rlogind_server_packets" lineno="57163">
+<interface name="corenet_dontaudit_sendrecv_sip_server_packets" lineno="81087">
 <summary>
-Do not audit attempts to send and receive rlogind_server packets.
+Do not audit attempts to send and receive sip_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -55861,9 +58178,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_rlogind_server_packets" lineno="57178">
+<interface name="corenet_relabelto_sip_server_packets" lineno="81102">
 <summary>
-Relabel packets to rlogind_server the packet type.
+Relabel packets to sip_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -55871,9 +58188,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_rndc_port" lineno="57200">
+<interface name="corenet_tcp_sendrecv_sixxsconfig_port" lineno="81124">
 <summary>
-Send and receive TCP traffic on the rndc port.
+Send and receive TCP traffic on the sixxsconfig port.
 </summary>
 <param name="domain">
 <summary>
@@ -55882,9 +58199,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_rndc_port" lineno="57219">
+<interface name="corenet_udp_send_sixxsconfig_port" lineno="81143">
 <summary>
-Send UDP traffic on the rndc port.
+Send UDP traffic on the sixxsconfig port.
 </summary>
 <param name="domain">
 <summary>
@@ -55893,9 +58210,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_rndc_port" lineno="57238">
+<interface name="corenet_dontaudit_udp_send_sixxsconfig_port" lineno="81162">
 <summary>
-Do not audit attempts to send UDP traffic on the rndc port.
+Do not audit attempts to send UDP traffic on the sixxsconfig port.
 </summary>
 <param name="domain">
 <summary>
@@ -55904,9 +58221,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_rndc_port" lineno="57257">
+<interface name="corenet_udp_receive_sixxsconfig_port" lineno="81181">
 <summary>
-Receive UDP traffic on the rndc port.
+Receive UDP traffic on the sixxsconfig port.
 </summary>
 <param name="domain">
 <summary>
@@ -55915,9 +58232,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_rndc_port" lineno="57276">
+<interface name="corenet_dontaudit_udp_receive_sixxsconfig_port" lineno="81200">
 <summary>
-Do not audit attempts to receive UDP traffic on the rndc port.
+Do not audit attempts to receive UDP traffic on the sixxsconfig port.
 </summary>
 <param name="domain">
 <summary>
@@ -55926,9 +58243,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_rndc_port" lineno="57295">
+<interface name="corenet_udp_sendrecv_sixxsconfig_port" lineno="81219">
 <summary>
-Send and receive UDP traffic on the rndc port.
+Send and receive UDP traffic on the sixxsconfig port.
 </summary>
 <param name="domain">
 <summary>
@@ -55937,10 +58254,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_rndc_port" lineno="57312">
+<interface name="corenet_dontaudit_udp_sendrecv_sixxsconfig_port" lineno="81236">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the rndc port.
+UDP traffic on the sixxsconfig port.
 </summary>
 <param name="domain">
 <summary>
@@ -55949,9 +58266,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_rndc_port" lineno="57328">
+<interface name="corenet_tcp_bind_sixxsconfig_port" lineno="81252">
 <summary>
-Bind TCP sockets to the rndc port.
+Bind TCP sockets to the sixxsconfig port.
 </summary>
 <param name="domain">
 <summary>
@@ -55960,9 +58277,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_rndc_port" lineno="57348">
+<interface name="corenet_udp_bind_sixxsconfig_port" lineno="81272">
 <summary>
-Bind UDP sockets to the rndc port.
+Bind UDP sockets to the sixxsconfig port.
 </summary>
 <param name="domain">
 <summary>
@@ -55971,9 +58288,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_rndc_port" lineno="57367">
+<interface name="corenet_tcp_connect_sixxsconfig_port" lineno="81291">
 <summary>
-Make a TCP connection to the rndc port.
+Make a TCP connection to the sixxsconfig port.
 </summary>
 <param name="domain">
 <summary>
@@ -55981,9 +58298,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_rndc_client_packets" lineno="57387">
+<interface name="corenet_send_sixxsconfig_client_packets" lineno="81311">
 <summary>
-Send rndc_client packets.
+Send sixxsconfig_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -55992,9 +58309,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_rndc_client_packets" lineno="57406">
+<interface name="corenet_dontaudit_send_sixxsconfig_client_packets" lineno="81330">
 <summary>
-Do not audit attempts to send rndc_client packets.
+Do not audit attempts to send sixxsconfig_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56003,9 +58320,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_rndc_client_packets" lineno="57425">
+<interface name="corenet_receive_sixxsconfig_client_packets" lineno="81349">
 <summary>
-Receive rndc_client packets.
+Receive sixxsconfig_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56014,9 +58331,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_rndc_client_packets" lineno="57444">
+<interface name="corenet_dontaudit_receive_sixxsconfig_client_packets" lineno="81368">
 <summary>
-Do not audit attempts to receive rndc_client packets.
+Do not audit attempts to receive sixxsconfig_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56025,9 +58342,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_rndc_client_packets" lineno="57463">
+<interface name="corenet_sendrecv_sixxsconfig_client_packets" lineno="81387">
 <summary>
-Send and receive rndc_client packets.
+Send and receive sixxsconfig_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56036,9 +58353,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_rndc_client_packets" lineno="57479">
+<interface name="corenet_dontaudit_sendrecv_sixxsconfig_client_packets" lineno="81403">
 <summary>
-Do not audit attempts to send and receive rndc_client packets.
+Do not audit attempts to send and receive sixxsconfig_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56047,9 +58364,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_rndc_client_packets" lineno="57494">
+<interface name="corenet_relabelto_sixxsconfig_client_packets" lineno="81418">
 <summary>
-Relabel packets to rndc_client the packet type.
+Relabel packets to sixxsconfig_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -56057,9 +58374,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_rndc_server_packets" lineno="57514">
+<interface name="corenet_send_sixxsconfig_server_packets" lineno="81438">
 <summary>
-Send rndc_server packets.
+Send sixxsconfig_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56068,9 +58385,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_rndc_server_packets" lineno="57533">
+<interface name="corenet_dontaudit_send_sixxsconfig_server_packets" lineno="81457">
 <summary>
-Do not audit attempts to send rndc_server packets.
+Do not audit attempts to send sixxsconfig_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56079,9 +58396,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_rndc_server_packets" lineno="57552">
+<interface name="corenet_receive_sixxsconfig_server_packets" lineno="81476">
 <summary>
-Receive rndc_server packets.
+Receive sixxsconfig_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56090,9 +58407,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_rndc_server_packets" lineno="57571">
+<interface name="corenet_dontaudit_receive_sixxsconfig_server_packets" lineno="81495">
 <summary>
-Do not audit attempts to receive rndc_server packets.
+Do not audit attempts to receive sixxsconfig_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56101,9 +58418,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_rndc_server_packets" lineno="57590">
+<interface name="corenet_sendrecv_sixxsconfig_server_packets" lineno="81514">
 <summary>
-Send and receive rndc_server packets.
+Send and receive sixxsconfig_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56112,9 +58429,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_rndc_server_packets" lineno="57606">
+<interface name="corenet_dontaudit_sendrecv_sixxsconfig_server_packets" lineno="81530">
 <summary>
-Do not audit attempts to send and receive rndc_server packets.
+Do not audit attempts to send and receive sixxsconfig_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56123,9 +58440,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_rndc_server_packets" lineno="57621">
+<interface name="corenet_relabelto_sixxsconfig_server_packets" lineno="81545">
 <summary>
-Relabel packets to rndc_server the packet type.
+Relabel packets to sixxsconfig_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -56133,9 +58450,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_router_port" lineno="57643">
+<interface name="corenet_tcp_sendrecv_smbd_port" lineno="81567">
 <summary>
-Send and receive TCP traffic on the router port.
+Send and receive TCP traffic on the smbd port.
 </summary>
 <param name="domain">
 <summary>
@@ -56144,9 +58461,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_router_port" lineno="57662">
+<interface name="corenet_udp_send_smbd_port" lineno="81586">
 <summary>
-Send UDP traffic on the router port.
+Send UDP traffic on the smbd port.
 </summary>
 <param name="domain">
 <summary>
@@ -56155,9 +58472,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_router_port" lineno="57681">
+<interface name="corenet_dontaudit_udp_send_smbd_port" lineno="81605">
 <summary>
-Do not audit attempts to send UDP traffic on the router port.
+Do not audit attempts to send UDP traffic on the smbd port.
 </summary>
 <param name="domain">
 <summary>
@@ -56166,9 +58483,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_router_port" lineno="57700">
+<interface name="corenet_udp_receive_smbd_port" lineno="81624">
 <summary>
-Receive UDP traffic on the router port.
+Receive UDP traffic on the smbd port.
 </summary>
 <param name="domain">
 <summary>
@@ -56177,9 +58494,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_router_port" lineno="57719">
+<interface name="corenet_dontaudit_udp_receive_smbd_port" lineno="81643">
 <summary>
-Do not audit attempts to receive UDP traffic on the router port.
+Do not audit attempts to receive UDP traffic on the smbd port.
 </summary>
 <param name="domain">
 <summary>
@@ -56188,9 +58505,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_router_port" lineno="57738">
+<interface name="corenet_udp_sendrecv_smbd_port" lineno="81662">
 <summary>
-Send and receive UDP traffic on the router port.
+Send and receive UDP traffic on the smbd port.
 </summary>
 <param name="domain">
 <summary>
@@ -56199,10 +58516,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_router_port" lineno="57755">
+<interface name="corenet_dontaudit_udp_sendrecv_smbd_port" lineno="81679">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the router port.
+UDP traffic on the smbd port.
 </summary>
 <param name="domain">
 <summary>
@@ -56211,9 +58528,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_router_port" lineno="57771">
+<interface name="corenet_tcp_bind_smbd_port" lineno="81695">
 <summary>
-Bind TCP sockets to the router port.
+Bind TCP sockets to the smbd port.
 </summary>
 <param name="domain">
 <summary>
@@ -56222,9 +58539,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_router_port" lineno="57791">
+<interface name="corenet_udp_bind_smbd_port" lineno="81715">
 <summary>
-Bind UDP sockets to the router port.
+Bind UDP sockets to the smbd port.
 </summary>
 <param name="domain">
 <summary>
@@ -56233,9 +58550,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_router_port" lineno="57810">
+<interface name="corenet_tcp_connect_smbd_port" lineno="81734">
 <summary>
-Make a TCP connection to the router port.
+Make a TCP connection to the smbd port.
 </summary>
 <param name="domain">
 <summary>
@@ -56243,9 +58560,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_router_client_packets" lineno="57830">
+<interface name="corenet_send_smbd_client_packets" lineno="81754">
 <summary>
-Send router_client packets.
+Send smbd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56254,9 +58571,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_router_client_packets" lineno="57849">
+<interface name="corenet_dontaudit_send_smbd_client_packets" lineno="81773">
 <summary>
-Do not audit attempts to send router_client packets.
+Do not audit attempts to send smbd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56265,9 +58582,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_router_client_packets" lineno="57868">
+<interface name="corenet_receive_smbd_client_packets" lineno="81792">
 <summary>
-Receive router_client packets.
+Receive smbd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56276,9 +58593,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_router_client_packets" lineno="57887">
+<interface name="corenet_dontaudit_receive_smbd_client_packets" lineno="81811">
 <summary>
-Do not audit attempts to receive router_client packets.
+Do not audit attempts to receive smbd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56287,9 +58604,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_router_client_packets" lineno="57906">
+<interface name="corenet_sendrecv_smbd_client_packets" lineno="81830">
 <summary>
-Send and receive router_client packets.
+Send and receive smbd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56298,9 +58615,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_router_client_packets" lineno="57922">
+<interface name="corenet_dontaudit_sendrecv_smbd_client_packets" lineno="81846">
 <summary>
-Do not audit attempts to send and receive router_client packets.
+Do not audit attempts to send and receive smbd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56309,9 +58626,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_router_client_packets" lineno="57937">
+<interface name="corenet_relabelto_smbd_client_packets" lineno="81861">
 <summary>
-Relabel packets to router_client the packet type.
+Relabel packets to smbd_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -56319,9 +58636,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_router_server_packets" lineno="57957">
+<interface name="corenet_send_smbd_server_packets" lineno="81881">
 <summary>
-Send router_server packets.
+Send smbd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56330,9 +58647,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_router_server_packets" lineno="57976">
+<interface name="corenet_dontaudit_send_smbd_server_packets" lineno="81900">
 <summary>
-Do not audit attempts to send router_server packets.
+Do not audit attempts to send smbd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56341,9 +58658,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_router_server_packets" lineno="57995">
+<interface name="corenet_receive_smbd_server_packets" lineno="81919">
 <summary>
-Receive router_server packets.
+Receive smbd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56352,9 +58669,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_router_server_packets" lineno="58014">
+<interface name="corenet_dontaudit_receive_smbd_server_packets" lineno="81938">
 <summary>
-Do not audit attempts to receive router_server packets.
+Do not audit attempts to receive smbd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56363,9 +58680,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_router_server_packets" lineno="58033">
+<interface name="corenet_sendrecv_smbd_server_packets" lineno="81957">
 <summary>
-Send and receive router_server packets.
+Send and receive smbd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56374,9 +58691,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_router_server_packets" lineno="58049">
+<interface name="corenet_dontaudit_sendrecv_smbd_server_packets" lineno="81973">
 <summary>
-Do not audit attempts to send and receive router_server packets.
+Do not audit attempts to send and receive smbd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56385,9 +58702,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_router_server_packets" lineno="58064">
+<interface name="corenet_relabelto_smbd_server_packets" lineno="81988">
 <summary>
-Relabel packets to router_server the packet type.
+Relabel packets to smbd_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -56395,9 +58712,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_rsh_port" lineno="58086">
+<interface name="corenet_tcp_sendrecv_smtp_port" lineno="82010">
 <summary>
-Send and receive TCP traffic on the rsh port.
+Send and receive TCP traffic on the smtp port.
 </summary>
 <param name="domain">
 <summary>
@@ -56406,9 +58723,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_rsh_port" lineno="58105">
+<interface name="corenet_udp_send_smtp_port" lineno="82029">
 <summary>
-Send UDP traffic on the rsh port.
+Send UDP traffic on the smtp port.
 </summary>
 <param name="domain">
 <summary>
@@ -56417,9 +58734,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_rsh_port" lineno="58124">
+<interface name="corenet_dontaudit_udp_send_smtp_port" lineno="82048">
 <summary>
-Do not audit attempts to send UDP traffic on the rsh port.
+Do not audit attempts to send UDP traffic on the smtp port.
 </summary>
 <param name="domain">
 <summary>
@@ -56428,9 +58745,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_rsh_port" lineno="58143">
+<interface name="corenet_udp_receive_smtp_port" lineno="82067">
 <summary>
-Receive UDP traffic on the rsh port.
+Receive UDP traffic on the smtp port.
 </summary>
 <param name="domain">
 <summary>
@@ -56439,9 +58756,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_rsh_port" lineno="58162">
+<interface name="corenet_dontaudit_udp_receive_smtp_port" lineno="82086">
 <summary>
-Do not audit attempts to receive UDP traffic on the rsh port.
+Do not audit attempts to receive UDP traffic on the smtp port.
 </summary>
 <param name="domain">
 <summary>
@@ -56450,9 +58767,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_rsh_port" lineno="58181">
+<interface name="corenet_udp_sendrecv_smtp_port" lineno="82105">
 <summary>
-Send and receive UDP traffic on the rsh port.
+Send and receive UDP traffic on the smtp port.
 </summary>
 <param name="domain">
 <summary>
@@ -56461,10 +58778,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_rsh_port" lineno="58198">
+<interface name="corenet_dontaudit_udp_sendrecv_smtp_port" lineno="82122">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the rsh port.
+UDP traffic on the smtp port.
 </summary>
 <param name="domain">
 <summary>
@@ -56473,9 +58790,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_rsh_port" lineno="58214">
+<interface name="corenet_tcp_bind_smtp_port" lineno="82138">
 <summary>
-Bind TCP sockets to the rsh port.
+Bind TCP sockets to the smtp port.
 </summary>
 <param name="domain">
 <summary>
@@ -56484,9 +58801,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_rsh_port" lineno="58234">
+<interface name="corenet_udp_bind_smtp_port" lineno="82158">
 <summary>
-Bind UDP sockets to the rsh port.
+Bind UDP sockets to the smtp port.
 </summary>
 <param name="domain">
 <summary>
@@ -56495,9 +58812,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_rsh_port" lineno="58253">
+<interface name="corenet_tcp_connect_smtp_port" lineno="82177">
 <summary>
-Make a TCP connection to the rsh port.
+Make a TCP connection to the smtp port.
 </summary>
 <param name="domain">
 <summary>
@@ -56505,9 +58822,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_rsh_client_packets" lineno="58273">
+<interface name="corenet_send_smtp_client_packets" lineno="82197">
 <summary>
-Send rsh_client packets.
+Send smtp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56516,9 +58833,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_rsh_client_packets" lineno="58292">
+<interface name="corenet_dontaudit_send_smtp_client_packets" lineno="82216">
 <summary>
-Do not audit attempts to send rsh_client packets.
+Do not audit attempts to send smtp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56527,9 +58844,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_rsh_client_packets" lineno="58311">
+<interface name="corenet_receive_smtp_client_packets" lineno="82235">
 <summary>
-Receive rsh_client packets.
+Receive smtp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56538,9 +58855,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_rsh_client_packets" lineno="58330">
+<interface name="corenet_dontaudit_receive_smtp_client_packets" lineno="82254">
 <summary>
-Do not audit attempts to receive rsh_client packets.
+Do not audit attempts to receive smtp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56549,9 +58866,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_rsh_client_packets" lineno="58349">
+<interface name="corenet_sendrecv_smtp_client_packets" lineno="82273">
 <summary>
-Send and receive rsh_client packets.
+Send and receive smtp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56560,9 +58877,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_rsh_client_packets" lineno="58365">
+<interface name="corenet_dontaudit_sendrecv_smtp_client_packets" lineno="82289">
 <summary>
-Do not audit attempts to send and receive rsh_client packets.
+Do not audit attempts to send and receive smtp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56571,9 +58888,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_rsh_client_packets" lineno="58380">
+<interface name="corenet_relabelto_smtp_client_packets" lineno="82304">
 <summary>
-Relabel packets to rsh_client the packet type.
+Relabel packets to smtp_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -56581,9 +58898,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_rsh_server_packets" lineno="58400">
+<interface name="corenet_send_smtp_server_packets" lineno="82324">
 <summary>
-Send rsh_server packets.
+Send smtp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56592,9 +58909,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_rsh_server_packets" lineno="58419">
+<interface name="corenet_dontaudit_send_smtp_server_packets" lineno="82343">
 <summary>
-Do not audit attempts to send rsh_server packets.
+Do not audit attempts to send smtp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56603,9 +58920,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_rsh_server_packets" lineno="58438">
+<interface name="corenet_receive_smtp_server_packets" lineno="82362">
 <summary>
-Receive rsh_server packets.
+Receive smtp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56614,9 +58931,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_rsh_server_packets" lineno="58457">
+<interface name="corenet_dontaudit_receive_smtp_server_packets" lineno="82381">
 <summary>
-Do not audit attempts to receive rsh_server packets.
+Do not audit attempts to receive smtp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56625,9 +58942,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_rsh_server_packets" lineno="58476">
+<interface name="corenet_sendrecv_smtp_server_packets" lineno="82400">
 <summary>
-Send and receive rsh_server packets.
+Send and receive smtp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56636,9 +58953,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_rsh_server_packets" lineno="58492">
+<interface name="corenet_dontaudit_sendrecv_smtp_server_packets" lineno="82416">
 <summary>
-Do not audit attempts to send and receive rsh_server packets.
+Do not audit attempts to send and receive smtp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56647,9 +58964,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_rsh_server_packets" lineno="58507">
+<interface name="corenet_relabelto_smtp_server_packets" lineno="82431">
 <summary>
-Relabel packets to rsh_server the packet type.
+Relabel packets to smtp_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -56657,9 +58974,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_rsync_port" lineno="58529">
+<interface name="corenet_tcp_sendrecv_snmp_port" lineno="82453">
 <summary>
-Send and receive TCP traffic on the rsync port.
+Send and receive TCP traffic on the snmp port.
 </summary>
 <param name="domain">
 <summary>
@@ -56668,9 +58985,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_rsync_port" lineno="58548">
+<interface name="corenet_udp_send_snmp_port" lineno="82472">
 <summary>
-Send UDP traffic on the rsync port.
+Send UDP traffic on the snmp port.
 </summary>
 <param name="domain">
 <summary>
@@ -56679,9 +58996,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_rsync_port" lineno="58567">
+<interface name="corenet_dontaudit_udp_send_snmp_port" lineno="82491">
 <summary>
-Do not audit attempts to send UDP traffic on the rsync port.
+Do not audit attempts to send UDP traffic on the snmp port.
 </summary>
 <param name="domain">
 <summary>
@@ -56690,9 +59007,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_rsync_port" lineno="58586">
+<interface name="corenet_udp_receive_snmp_port" lineno="82510">
 <summary>
-Receive UDP traffic on the rsync port.
+Receive UDP traffic on the snmp port.
 </summary>
 <param name="domain">
 <summary>
@@ -56701,9 +59018,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_rsync_port" lineno="58605">
+<interface name="corenet_dontaudit_udp_receive_snmp_port" lineno="82529">
 <summary>
-Do not audit attempts to receive UDP traffic on the rsync port.
+Do not audit attempts to receive UDP traffic on the snmp port.
 </summary>
 <param name="domain">
 <summary>
@@ -56712,9 +59029,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_rsync_port" lineno="58624">
+<interface name="corenet_udp_sendrecv_snmp_port" lineno="82548">
 <summary>
-Send and receive UDP traffic on the rsync port.
+Send and receive UDP traffic on the snmp port.
 </summary>
 <param name="domain">
 <summary>
@@ -56723,10 +59040,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_rsync_port" lineno="58641">
+<interface name="corenet_dontaudit_udp_sendrecv_snmp_port" lineno="82565">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the rsync port.
+UDP traffic on the snmp port.
 </summary>
 <param name="domain">
 <summary>
@@ -56735,9 +59052,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_rsync_port" lineno="58657">
+<interface name="corenet_tcp_bind_snmp_port" lineno="82581">
 <summary>
-Bind TCP sockets to the rsync port.
+Bind TCP sockets to the snmp port.
 </summary>
 <param name="domain">
 <summary>
@@ -56746,9 +59063,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_rsync_port" lineno="58677">
+<interface name="corenet_udp_bind_snmp_port" lineno="82601">
 <summary>
-Bind UDP sockets to the rsync port.
+Bind UDP sockets to the snmp port.
 </summary>
 <param name="domain">
 <summary>
@@ -56757,9 +59074,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_rsync_port" lineno="58696">
+<interface name="corenet_tcp_connect_snmp_port" lineno="82620">
 <summary>
-Make a TCP connection to the rsync port.
+Make a TCP connection to the snmp port.
 </summary>
 <param name="domain">
 <summary>
@@ -56767,9 +59084,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_rsync_client_packets" lineno="58716">
+<interface name="corenet_send_snmp_client_packets" lineno="82640">
 <summary>
-Send rsync_client packets.
+Send snmp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56778,9 +59095,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_rsync_client_packets" lineno="58735">
+<interface name="corenet_dontaudit_send_snmp_client_packets" lineno="82659">
 <summary>
-Do not audit attempts to send rsync_client packets.
+Do not audit attempts to send snmp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56789,9 +59106,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_rsync_client_packets" lineno="58754">
+<interface name="corenet_receive_snmp_client_packets" lineno="82678">
 <summary>
-Receive rsync_client packets.
+Receive snmp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56800,9 +59117,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_rsync_client_packets" lineno="58773">
+<interface name="corenet_dontaudit_receive_snmp_client_packets" lineno="82697">
 <summary>
-Do not audit attempts to receive rsync_client packets.
+Do not audit attempts to receive snmp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56811,9 +59128,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_rsync_client_packets" lineno="58792">
+<interface name="corenet_sendrecv_snmp_client_packets" lineno="82716">
 <summary>
-Send and receive rsync_client packets.
+Send and receive snmp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56822,9 +59139,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_rsync_client_packets" lineno="58808">
+<interface name="corenet_dontaudit_sendrecv_snmp_client_packets" lineno="82732">
 <summary>
-Do not audit attempts to send and receive rsync_client packets.
+Do not audit attempts to send and receive snmp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56833,9 +59150,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_rsync_client_packets" lineno="58823">
+<interface name="corenet_relabelto_snmp_client_packets" lineno="82747">
 <summary>
-Relabel packets to rsync_client the packet type.
+Relabel packets to snmp_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -56843,9 +59160,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_rsync_server_packets" lineno="58843">
+<interface name="corenet_send_snmp_server_packets" lineno="82767">
 <summary>
-Send rsync_server packets.
+Send snmp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56854,9 +59171,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_rsync_server_packets" lineno="58862">
+<interface name="corenet_dontaudit_send_snmp_server_packets" lineno="82786">
 <summary>
-Do not audit attempts to send rsync_server packets.
+Do not audit attempts to send snmp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56865,9 +59182,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_rsync_server_packets" lineno="58881">
+<interface name="corenet_receive_snmp_server_packets" lineno="82805">
 <summary>
-Receive rsync_server packets.
+Receive snmp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56876,9 +59193,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_rsync_server_packets" lineno="58900">
+<interface name="corenet_dontaudit_receive_snmp_server_packets" lineno="82824">
 <summary>
-Do not audit attempts to receive rsync_server packets.
+Do not audit attempts to receive snmp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56887,9 +59204,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_rsync_server_packets" lineno="58919">
+<interface name="corenet_sendrecv_snmp_server_packets" lineno="82843">
 <summary>
-Send and receive rsync_server packets.
+Send and receive snmp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56898,9 +59215,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_rsync_server_packets" lineno="58935">
+<interface name="corenet_dontaudit_sendrecv_snmp_server_packets" lineno="82859">
 <summary>
-Do not audit attempts to send and receive rsync_server packets.
+Do not audit attempts to send and receive snmp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -56909,9 +59226,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_rsync_server_packets" lineno="58950">
+<interface name="corenet_relabelto_snmp_server_packets" lineno="82874">
 <summary>
-Relabel packets to rsync_server the packet type.
+Relabel packets to snmp_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -56919,9 +59236,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_rwho_port" lineno="58972">
+<interface name="corenet_tcp_sendrecv_socks_port" lineno="82896">
 <summary>
-Send and receive TCP traffic on the rwho port.
+Send and receive TCP traffic on the socks port.
 </summary>
 <param name="domain">
 <summary>
@@ -56930,9 +59247,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_rwho_port" lineno="58991">
+<interface name="corenet_udp_send_socks_port" lineno="82915">
 <summary>
-Send UDP traffic on the rwho port.
+Send UDP traffic on the socks port.
 </summary>
 <param name="domain">
 <summary>
@@ -56941,9 +59258,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_rwho_port" lineno="59010">
+<interface name="corenet_dontaudit_udp_send_socks_port" lineno="82934">
 <summary>
-Do not audit attempts to send UDP traffic on the rwho port.
+Do not audit attempts to send UDP traffic on the socks port.
 </summary>
 <param name="domain">
 <summary>
@@ -56952,9 +59269,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_rwho_port" lineno="59029">
+<interface name="corenet_udp_receive_socks_port" lineno="82953">
 <summary>
-Receive UDP traffic on the rwho port.
+Receive UDP traffic on the socks port.
 </summary>
 <param name="domain">
 <summary>
@@ -56963,9 +59280,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_rwho_port" lineno="59048">
+<interface name="corenet_dontaudit_udp_receive_socks_port" lineno="82972">
 <summary>
-Do not audit attempts to receive UDP traffic on the rwho port.
+Do not audit attempts to receive UDP traffic on the socks port.
 </summary>
 <param name="domain">
 <summary>
@@ -56974,9 +59291,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_rwho_port" lineno="59067">
+<interface name="corenet_udp_sendrecv_socks_port" lineno="82991">
 <summary>
-Send and receive UDP traffic on the rwho port.
+Send and receive UDP traffic on the socks port.
 </summary>
 <param name="domain">
 <summary>
@@ -56985,10 +59302,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_rwho_port" lineno="59084">
+<interface name="corenet_dontaudit_udp_sendrecv_socks_port" lineno="83008">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the rwho port.
+UDP traffic on the socks port.
 </summary>
 <param name="domain">
 <summary>
@@ -56997,9 +59314,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_rwho_port" lineno="59100">
+<interface name="corenet_tcp_bind_socks_port" lineno="83024">
 <summary>
-Bind TCP sockets to the rwho port.
+Bind TCP sockets to the socks port.
 </summary>
 <param name="domain">
 <summary>
@@ -57008,9 +59325,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_rwho_port" lineno="59120">
+<interface name="corenet_udp_bind_socks_port" lineno="83044">
 <summary>
-Bind UDP sockets to the rwho port.
+Bind UDP sockets to the socks port.
 </summary>
 <param name="domain">
 <summary>
@@ -57019,9 +59336,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_rwho_port" lineno="59139">
+<interface name="corenet_tcp_connect_socks_port" lineno="83063">
 <summary>
-Make a TCP connection to the rwho port.
+Make a TCP connection to the socks port.
 </summary>
 <param name="domain">
 <summary>
@@ -57029,9 +59346,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_rwho_client_packets" lineno="59159">
+<interface name="corenet_send_socks_client_packets" lineno="83083">
 <summary>
-Send rwho_client packets.
+Send socks_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57040,9 +59357,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_rwho_client_packets" lineno="59178">
+<interface name="corenet_dontaudit_send_socks_client_packets" lineno="83102">
 <summary>
-Do not audit attempts to send rwho_client packets.
+Do not audit attempts to send socks_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57051,9 +59368,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_rwho_client_packets" lineno="59197">
+<interface name="corenet_receive_socks_client_packets" lineno="83121">
 <summary>
-Receive rwho_client packets.
+Receive socks_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57062,9 +59379,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_rwho_client_packets" lineno="59216">
+<interface name="corenet_dontaudit_receive_socks_client_packets" lineno="83140">
 <summary>
-Do not audit attempts to receive rwho_client packets.
+Do not audit attempts to receive socks_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57073,9 +59390,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_rwho_client_packets" lineno="59235">
+<interface name="corenet_sendrecv_socks_client_packets" lineno="83159">
 <summary>
-Send and receive rwho_client packets.
+Send and receive socks_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57084,9 +59401,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_rwho_client_packets" lineno="59251">
+<interface name="corenet_dontaudit_sendrecv_socks_client_packets" lineno="83175">
 <summary>
-Do not audit attempts to send and receive rwho_client packets.
+Do not audit attempts to send and receive socks_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57095,9 +59412,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_rwho_client_packets" lineno="59266">
+<interface name="corenet_relabelto_socks_client_packets" lineno="83190">
 <summary>
-Relabel packets to rwho_client the packet type.
+Relabel packets to socks_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -57105,9 +59422,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_rwho_server_packets" lineno="59286">
+<interface name="corenet_send_socks_server_packets" lineno="83210">
 <summary>
-Send rwho_server packets.
+Send socks_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57116,9 +59433,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_rwho_server_packets" lineno="59305">
+<interface name="corenet_dontaudit_send_socks_server_packets" lineno="83229">
 <summary>
-Do not audit attempts to send rwho_server packets.
+Do not audit attempts to send socks_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57127,9 +59444,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_rwho_server_packets" lineno="59324">
+<interface name="corenet_receive_socks_server_packets" lineno="83248">
 <summary>
-Receive rwho_server packets.
+Receive socks_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57138,9 +59455,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_rwho_server_packets" lineno="59343">
+<interface name="corenet_dontaudit_receive_socks_server_packets" lineno="83267">
 <summary>
-Do not audit attempts to receive rwho_server packets.
+Do not audit attempts to receive socks_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57149,9 +59466,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_rwho_server_packets" lineno="59362">
+<interface name="corenet_sendrecv_socks_server_packets" lineno="83286">
 <summary>
-Send and receive rwho_server packets.
+Send and receive socks_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57160,9 +59477,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_rwho_server_packets" lineno="59378">
+<interface name="corenet_dontaudit_sendrecv_socks_server_packets" lineno="83302">
 <summary>
-Do not audit attempts to send and receive rwho_server packets.
+Do not audit attempts to send and receive socks_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57171,9 +59488,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_rwho_server_packets" lineno="59393">
+<interface name="corenet_relabelto_socks_server_packets" lineno="83317">
 <summary>
-Relabel packets to rwho_server the packet type.
+Relabel packets to socks_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -57181,9 +59498,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_sap_port" lineno="59415">
+<interface name="corenet_tcp_sendrecv_soundd_port" lineno="83339">
 <summary>
-Send and receive TCP traffic on the sap port.
+Send and receive TCP traffic on the soundd port.
 </summary>
 <param name="domain">
 <summary>
@@ -57192,9 +59509,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_sap_port" lineno="59434">
+<interface name="corenet_udp_send_soundd_port" lineno="83358">
 <summary>
-Send UDP traffic on the sap port.
+Send UDP traffic on the soundd port.
 </summary>
 <param name="domain">
 <summary>
@@ -57203,9 +59520,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_sap_port" lineno="59453">
+<interface name="corenet_dontaudit_udp_send_soundd_port" lineno="83377">
 <summary>
-Do not audit attempts to send UDP traffic on the sap port.
+Do not audit attempts to send UDP traffic on the soundd port.
 </summary>
 <param name="domain">
 <summary>
@@ -57214,9 +59531,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_sap_port" lineno="59472">
+<interface name="corenet_udp_receive_soundd_port" lineno="83396">
 <summary>
-Receive UDP traffic on the sap port.
+Receive UDP traffic on the soundd port.
 </summary>
 <param name="domain">
 <summary>
@@ -57225,9 +59542,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_sap_port" lineno="59491">
+<interface name="corenet_dontaudit_udp_receive_soundd_port" lineno="83415">
 <summary>
-Do not audit attempts to receive UDP traffic on the sap port.
+Do not audit attempts to receive UDP traffic on the soundd port.
 </summary>
 <param name="domain">
 <summary>
@@ -57236,9 +59553,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_sap_port" lineno="59510">
+<interface name="corenet_udp_sendrecv_soundd_port" lineno="83434">
 <summary>
-Send and receive UDP traffic on the sap port.
+Send and receive UDP traffic on the soundd port.
 </summary>
 <param name="domain">
 <summary>
@@ -57247,10 +59564,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_sap_port" lineno="59527">
+<interface name="corenet_dontaudit_udp_sendrecv_soundd_port" lineno="83451">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the sap port.
+UDP traffic on the soundd port.
 </summary>
 <param name="domain">
 <summary>
@@ -57259,9 +59576,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_sap_port" lineno="59543">
+<interface name="corenet_tcp_bind_soundd_port" lineno="83467">
 <summary>
-Bind TCP sockets to the sap port.
+Bind TCP sockets to the soundd port.
 </summary>
 <param name="domain">
 <summary>
@@ -57270,9 +59587,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_sap_port" lineno="59563">
+<interface name="corenet_udp_bind_soundd_port" lineno="83487">
 <summary>
-Bind UDP sockets to the sap port.
+Bind UDP sockets to the soundd port.
 </summary>
 <param name="domain">
 <summary>
@@ -57281,9 +59598,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_sap_port" lineno="59582">
+<interface name="corenet_tcp_connect_soundd_port" lineno="83506">
 <summary>
-Make a TCP connection to the sap port.
+Make a TCP connection to the soundd port.
 </summary>
 <param name="domain">
 <summary>
@@ -57291,9 +59608,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_sap_client_packets" lineno="59602">
+<interface name="corenet_send_soundd_client_packets" lineno="83526">
 <summary>
-Send sap_client packets.
+Send soundd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57302,9 +59619,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_sap_client_packets" lineno="59621">
+<interface name="corenet_dontaudit_send_soundd_client_packets" lineno="83545">
 <summary>
-Do not audit attempts to send sap_client packets.
+Do not audit attempts to send soundd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57313,9 +59630,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_sap_client_packets" lineno="59640">
+<interface name="corenet_receive_soundd_client_packets" lineno="83564">
 <summary>
-Receive sap_client packets.
+Receive soundd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57324,9 +59641,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_sap_client_packets" lineno="59659">
+<interface name="corenet_dontaudit_receive_soundd_client_packets" lineno="83583">
 <summary>
-Do not audit attempts to receive sap_client packets.
+Do not audit attempts to receive soundd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57335,9 +59652,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_sap_client_packets" lineno="59678">
+<interface name="corenet_sendrecv_soundd_client_packets" lineno="83602">
 <summary>
-Send and receive sap_client packets.
+Send and receive soundd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57346,9 +59663,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_sap_client_packets" lineno="59694">
+<interface name="corenet_dontaudit_sendrecv_soundd_client_packets" lineno="83618">
 <summary>
-Do not audit attempts to send and receive sap_client packets.
+Do not audit attempts to send and receive soundd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57357,9 +59674,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_sap_client_packets" lineno="59709">
+<interface name="corenet_relabelto_soundd_client_packets" lineno="83633">
 <summary>
-Relabel packets to sap_client the packet type.
+Relabel packets to soundd_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -57367,9 +59684,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_sap_server_packets" lineno="59729">
+<interface name="corenet_send_soundd_server_packets" lineno="83653">
 <summary>
-Send sap_server packets.
+Send soundd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57378,9 +59695,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_sap_server_packets" lineno="59748">
+<interface name="corenet_dontaudit_send_soundd_server_packets" lineno="83672">
 <summary>
-Do not audit attempts to send sap_server packets.
+Do not audit attempts to send soundd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57389,9 +59706,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_sap_server_packets" lineno="59767">
+<interface name="corenet_receive_soundd_server_packets" lineno="83691">
 <summary>
-Receive sap_server packets.
+Receive soundd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57400,9 +59717,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_sap_server_packets" lineno="59786">
+<interface name="corenet_dontaudit_receive_soundd_server_packets" lineno="83710">
 <summary>
-Do not audit attempts to receive sap_server packets.
+Do not audit attempts to receive soundd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57411,9 +59728,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_sap_server_packets" lineno="59805">
+<interface name="corenet_sendrecv_soundd_server_packets" lineno="83729">
 <summary>
-Send and receive sap_server packets.
+Send and receive soundd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57422,9 +59739,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_sap_server_packets" lineno="59821">
+<interface name="corenet_dontaudit_sendrecv_soundd_server_packets" lineno="83745">
 <summary>
-Do not audit attempts to send and receive sap_server packets.
+Do not audit attempts to send and receive soundd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57433,9 +59750,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_sap_server_packets" lineno="59836">
+<interface name="corenet_relabelto_soundd_server_packets" lineno="83760">
 <summary>
-Relabel packets to sap_server the packet type.
+Relabel packets to soundd_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -57443,9 +59760,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_sieve_port" lineno="59858">
+<interface name="corenet_tcp_sendrecv_spamd_port" lineno="83782">
 <summary>
-Send and receive TCP traffic on the sieve port.
+Send and receive TCP traffic on the spamd port.
 </summary>
 <param name="domain">
 <summary>
@@ -57454,9 +59771,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_sieve_port" lineno="59877">
+<interface name="corenet_udp_send_spamd_port" lineno="83801">
 <summary>
-Send UDP traffic on the sieve port.
+Send UDP traffic on the spamd port.
 </summary>
 <param name="domain">
 <summary>
@@ -57465,9 +59782,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_sieve_port" lineno="59896">
+<interface name="corenet_dontaudit_udp_send_spamd_port" lineno="83820">
 <summary>
-Do not audit attempts to send UDP traffic on the sieve port.
+Do not audit attempts to send UDP traffic on the spamd port.
 </summary>
 <param name="domain">
 <summary>
@@ -57476,9 +59793,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_sieve_port" lineno="59915">
+<interface name="corenet_udp_receive_spamd_port" lineno="83839">
 <summary>
-Receive UDP traffic on the sieve port.
+Receive UDP traffic on the spamd port.
 </summary>
 <param name="domain">
 <summary>
@@ -57487,9 +59804,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_sieve_port" lineno="59934">
+<interface name="corenet_dontaudit_udp_receive_spamd_port" lineno="83858">
 <summary>
-Do not audit attempts to receive UDP traffic on the sieve port.
+Do not audit attempts to receive UDP traffic on the spamd port.
 </summary>
 <param name="domain">
 <summary>
@@ -57498,9 +59815,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_sieve_port" lineno="59953">
+<interface name="corenet_udp_sendrecv_spamd_port" lineno="83877">
 <summary>
-Send and receive UDP traffic on the sieve port.
+Send and receive UDP traffic on the spamd port.
 </summary>
 <param name="domain">
 <summary>
@@ -57509,10 +59826,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_sieve_port" lineno="59970">
+<interface name="corenet_dontaudit_udp_sendrecv_spamd_port" lineno="83894">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the sieve port.
+UDP traffic on the spamd port.
 </summary>
 <param name="domain">
 <summary>
@@ -57521,9 +59838,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_sieve_port" lineno="59986">
+<interface name="corenet_tcp_bind_spamd_port" lineno="83910">
 <summary>
-Bind TCP sockets to the sieve port.
+Bind TCP sockets to the spamd port.
 </summary>
 <param name="domain">
 <summary>
@@ -57532,9 +59849,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_sieve_port" lineno="60006">
+<interface name="corenet_udp_bind_spamd_port" lineno="83930">
 <summary>
-Bind UDP sockets to the sieve port.
+Bind UDP sockets to the spamd port.
 </summary>
 <param name="domain">
 <summary>
@@ -57543,9 +59860,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_sieve_port" lineno="60025">
+<interface name="corenet_tcp_connect_spamd_port" lineno="83949">
 <summary>
-Make a TCP connection to the sieve port.
+Make a TCP connection to the spamd port.
 </summary>
 <param name="domain">
 <summary>
@@ -57553,9 +59870,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_sieve_client_packets" lineno="60045">
+<interface name="corenet_send_spamd_client_packets" lineno="83969">
 <summary>
-Send sieve_client packets.
+Send spamd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57564,9 +59881,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_sieve_client_packets" lineno="60064">
+<interface name="corenet_dontaudit_send_spamd_client_packets" lineno="83988">
 <summary>
-Do not audit attempts to send sieve_client packets.
+Do not audit attempts to send spamd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57575,9 +59892,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_sieve_client_packets" lineno="60083">
+<interface name="corenet_receive_spamd_client_packets" lineno="84007">
 <summary>
-Receive sieve_client packets.
+Receive spamd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57586,9 +59903,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_sieve_client_packets" lineno="60102">
+<interface name="corenet_dontaudit_receive_spamd_client_packets" lineno="84026">
 <summary>
-Do not audit attempts to receive sieve_client packets.
+Do not audit attempts to receive spamd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57597,9 +59914,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_sieve_client_packets" lineno="60121">
+<interface name="corenet_sendrecv_spamd_client_packets" lineno="84045">
 <summary>
-Send and receive sieve_client packets.
+Send and receive spamd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57608,9 +59925,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_sieve_client_packets" lineno="60137">
+<interface name="corenet_dontaudit_sendrecv_spamd_client_packets" lineno="84061">
 <summary>
-Do not audit attempts to send and receive sieve_client packets.
+Do not audit attempts to send and receive spamd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57619,9 +59936,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_sieve_client_packets" lineno="60152">
+<interface name="corenet_relabelto_spamd_client_packets" lineno="84076">
 <summary>
-Relabel packets to sieve_client the packet type.
+Relabel packets to spamd_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -57629,9 +59946,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_sieve_server_packets" lineno="60172">
+<interface name="corenet_send_spamd_server_packets" lineno="84096">
 <summary>
-Send sieve_server packets.
+Send spamd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57640,9 +59957,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_sieve_server_packets" lineno="60191">
+<interface name="corenet_dontaudit_send_spamd_server_packets" lineno="84115">
 <summary>
-Do not audit attempts to send sieve_server packets.
+Do not audit attempts to send spamd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57651,9 +59968,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_sieve_server_packets" lineno="60210">
+<interface name="corenet_receive_spamd_server_packets" lineno="84134">
 <summary>
-Receive sieve_server packets.
+Receive spamd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57662,9 +59979,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_sieve_server_packets" lineno="60229">
+<interface name="corenet_dontaudit_receive_spamd_server_packets" lineno="84153">
 <summary>
-Do not audit attempts to receive sieve_server packets.
+Do not audit attempts to receive spamd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57673,9 +59990,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_sieve_server_packets" lineno="60248">
+<interface name="corenet_sendrecv_spamd_server_packets" lineno="84172">
 <summary>
-Send and receive sieve_server packets.
+Send and receive spamd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57684,9 +60001,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_sieve_server_packets" lineno="60264">
+<interface name="corenet_dontaudit_sendrecv_spamd_server_packets" lineno="84188">
 <summary>
-Do not audit attempts to send and receive sieve_server packets.
+Do not audit attempts to send and receive spamd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57695,9 +60012,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_sieve_server_packets" lineno="60279">
+<interface name="corenet_relabelto_spamd_server_packets" lineno="84203">
 <summary>
-Relabel packets to sieve_server the packet type.
+Relabel packets to spamd_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -57705,9 +60022,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_sip_port" lineno="60301">
+<interface name="corenet_tcp_sendrecv_speech_port" lineno="84225">
 <summary>
-Send and receive TCP traffic on the sip port.
+Send and receive TCP traffic on the speech port.
 </summary>
 <param name="domain">
 <summary>
@@ -57716,9 +60033,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_sip_port" lineno="60320">
+<interface name="corenet_udp_send_speech_port" lineno="84244">
 <summary>
-Send UDP traffic on the sip port.
+Send UDP traffic on the speech port.
 </summary>
 <param name="domain">
 <summary>
@@ -57727,9 +60044,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_sip_port" lineno="60339">
+<interface name="corenet_dontaudit_udp_send_speech_port" lineno="84263">
 <summary>
-Do not audit attempts to send UDP traffic on the sip port.
+Do not audit attempts to send UDP traffic on the speech port.
 </summary>
 <param name="domain">
 <summary>
@@ -57738,9 +60055,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_sip_port" lineno="60358">
+<interface name="corenet_udp_receive_speech_port" lineno="84282">
 <summary>
-Receive UDP traffic on the sip port.
+Receive UDP traffic on the speech port.
 </summary>
 <param name="domain">
 <summary>
@@ -57749,9 +60066,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_sip_port" lineno="60377">
+<interface name="corenet_dontaudit_udp_receive_speech_port" lineno="84301">
 <summary>
-Do not audit attempts to receive UDP traffic on the sip port.
+Do not audit attempts to receive UDP traffic on the speech port.
 </summary>
 <param name="domain">
 <summary>
@@ -57760,9 +60077,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_sip_port" lineno="60396">
+<interface name="corenet_udp_sendrecv_speech_port" lineno="84320">
 <summary>
-Send and receive UDP traffic on the sip port.
+Send and receive UDP traffic on the speech port.
 </summary>
 <param name="domain">
 <summary>
@@ -57771,10 +60088,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_sip_port" lineno="60413">
+<interface name="corenet_dontaudit_udp_sendrecv_speech_port" lineno="84337">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the sip port.
+UDP traffic on the speech port.
 </summary>
 <param name="domain">
 <summary>
@@ -57783,9 +60100,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_sip_port" lineno="60429">
+<interface name="corenet_tcp_bind_speech_port" lineno="84353">
 <summary>
-Bind TCP sockets to the sip port.
+Bind TCP sockets to the speech port.
 </summary>
 <param name="domain">
 <summary>
@@ -57794,9 +60111,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_sip_port" lineno="60449">
+<interface name="corenet_udp_bind_speech_port" lineno="84373">
 <summary>
-Bind UDP sockets to the sip port.
+Bind UDP sockets to the speech port.
 </summary>
 <param name="domain">
 <summary>
@@ -57805,9 +60122,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_sip_port" lineno="60468">
+<interface name="corenet_tcp_connect_speech_port" lineno="84392">
 <summary>
-Make a TCP connection to the sip port.
+Make a TCP connection to the speech port.
 </summary>
 <param name="domain">
 <summary>
@@ -57815,9 +60132,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_sip_client_packets" lineno="60488">
+<interface name="corenet_send_speech_client_packets" lineno="84412">
 <summary>
-Send sip_client packets.
+Send speech_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57826,9 +60143,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_sip_client_packets" lineno="60507">
+<interface name="corenet_dontaudit_send_speech_client_packets" lineno="84431">
 <summary>
-Do not audit attempts to send sip_client packets.
+Do not audit attempts to send speech_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57837,9 +60154,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_sip_client_packets" lineno="60526">
+<interface name="corenet_receive_speech_client_packets" lineno="84450">
 <summary>
-Receive sip_client packets.
+Receive speech_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57848,9 +60165,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_sip_client_packets" lineno="60545">
+<interface name="corenet_dontaudit_receive_speech_client_packets" lineno="84469">
 <summary>
-Do not audit attempts to receive sip_client packets.
+Do not audit attempts to receive speech_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57859,9 +60176,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_sip_client_packets" lineno="60564">
+<interface name="corenet_sendrecv_speech_client_packets" lineno="84488">
 <summary>
-Send and receive sip_client packets.
+Send and receive speech_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57870,9 +60187,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_sip_client_packets" lineno="60580">
+<interface name="corenet_dontaudit_sendrecv_speech_client_packets" lineno="84504">
 <summary>
-Do not audit attempts to send and receive sip_client packets.
+Do not audit attempts to send and receive speech_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57881,9 +60198,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_sip_client_packets" lineno="60595">
+<interface name="corenet_relabelto_speech_client_packets" lineno="84519">
 <summary>
-Relabel packets to sip_client the packet type.
+Relabel packets to speech_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -57891,9 +60208,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_sip_server_packets" lineno="60615">
+<interface name="corenet_send_speech_server_packets" lineno="84539">
 <summary>
-Send sip_server packets.
+Send speech_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57902,9 +60219,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_sip_server_packets" lineno="60634">
+<interface name="corenet_dontaudit_send_speech_server_packets" lineno="84558">
 <summary>
-Do not audit attempts to send sip_server packets.
+Do not audit attempts to send speech_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57913,9 +60230,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_sip_server_packets" lineno="60653">
+<interface name="corenet_receive_speech_server_packets" lineno="84577">
 <summary>
-Receive sip_server packets.
+Receive speech_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57924,9 +60241,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_sip_server_packets" lineno="60672">
+<interface name="corenet_dontaudit_receive_speech_server_packets" lineno="84596">
 <summary>
-Do not audit attempts to receive sip_server packets.
+Do not audit attempts to receive speech_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57935,9 +60252,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_sip_server_packets" lineno="60691">
+<interface name="corenet_sendrecv_speech_server_packets" lineno="84615">
 <summary>
-Send and receive sip_server packets.
+Send and receive speech_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57946,9 +60263,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_sip_server_packets" lineno="60707">
+<interface name="corenet_dontaudit_sendrecv_speech_server_packets" lineno="84631">
 <summary>
-Do not audit attempts to send and receive sip_server packets.
+Do not audit attempts to send and receive speech_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -57957,9 +60274,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_sip_server_packets" lineno="60722">
+<interface name="corenet_relabelto_speech_server_packets" lineno="84646">
 <summary>
-Relabel packets to sip_server the packet type.
+Relabel packets to speech_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -57967,9 +60284,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_sixxsconfig_port" lineno="60744">
+<interface name="corenet_tcp_sendrecv_squid_port" lineno="84668">
 <summary>
-Send and receive TCP traffic on the sixxsconfig port.
+Send and receive TCP traffic on the squid port.
 </summary>
 <param name="domain">
 <summary>
@@ -57978,9 +60295,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_sixxsconfig_port" lineno="60763">
+<interface name="corenet_udp_send_squid_port" lineno="84687">
 <summary>
-Send UDP traffic on the sixxsconfig port.
+Send UDP traffic on the squid port.
 </summary>
 <param name="domain">
 <summary>
@@ -57989,9 +60306,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_sixxsconfig_port" lineno="60782">
+<interface name="corenet_dontaudit_udp_send_squid_port" lineno="84706">
 <summary>
-Do not audit attempts to send UDP traffic on the sixxsconfig port.
+Do not audit attempts to send UDP traffic on the squid port.
 </summary>
 <param name="domain">
 <summary>
@@ -58000,9 +60317,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_sixxsconfig_port" lineno="60801">
+<interface name="corenet_udp_receive_squid_port" lineno="84725">
 <summary>
-Receive UDP traffic on the sixxsconfig port.
+Receive UDP traffic on the squid port.
 </summary>
 <param name="domain">
 <summary>
@@ -58011,9 +60328,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_sixxsconfig_port" lineno="60820">
+<interface name="corenet_dontaudit_udp_receive_squid_port" lineno="84744">
 <summary>
-Do not audit attempts to receive UDP traffic on the sixxsconfig port.
+Do not audit attempts to receive UDP traffic on the squid port.
 </summary>
 <param name="domain">
 <summary>
@@ -58022,9 +60339,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_sixxsconfig_port" lineno="60839">
+<interface name="corenet_udp_sendrecv_squid_port" lineno="84763">
 <summary>
-Send and receive UDP traffic on the sixxsconfig port.
+Send and receive UDP traffic on the squid port.
 </summary>
 <param name="domain">
 <summary>
@@ -58033,10 +60350,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_sixxsconfig_port" lineno="60856">
+<interface name="corenet_dontaudit_udp_sendrecv_squid_port" lineno="84780">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the sixxsconfig port.
+UDP traffic on the squid port.
 </summary>
 <param name="domain">
 <summary>
@@ -58045,9 +60362,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_sixxsconfig_port" lineno="60872">
+<interface name="corenet_tcp_bind_squid_port" lineno="84796">
 <summary>
-Bind TCP sockets to the sixxsconfig port.
+Bind TCP sockets to the squid port.
 </summary>
 <param name="domain">
 <summary>
@@ -58056,9 +60373,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_sixxsconfig_port" lineno="60892">
+<interface name="corenet_udp_bind_squid_port" lineno="84816">
 <summary>
-Bind UDP sockets to the sixxsconfig port.
+Bind UDP sockets to the squid port.
 </summary>
 <param name="domain">
 <summary>
@@ -58067,9 +60384,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_sixxsconfig_port" lineno="60911">
+<interface name="corenet_tcp_connect_squid_port" lineno="84835">
 <summary>
-Make a TCP connection to the sixxsconfig port.
+Make a TCP connection to the squid port.
 </summary>
 <param name="domain">
 <summary>
@@ -58077,9 +60394,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_sixxsconfig_client_packets" lineno="60931">
+<interface name="corenet_send_squid_client_packets" lineno="84855">
 <summary>
-Send sixxsconfig_client packets.
+Send squid_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58088,9 +60405,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_sixxsconfig_client_packets" lineno="60950">
+<interface name="corenet_dontaudit_send_squid_client_packets" lineno="84874">
 <summary>
-Do not audit attempts to send sixxsconfig_client packets.
+Do not audit attempts to send squid_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58099,9 +60416,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_sixxsconfig_client_packets" lineno="60969">
+<interface name="corenet_receive_squid_client_packets" lineno="84893">
 <summary>
-Receive sixxsconfig_client packets.
+Receive squid_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58110,9 +60427,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_sixxsconfig_client_packets" lineno="60988">
+<interface name="corenet_dontaudit_receive_squid_client_packets" lineno="84912">
 <summary>
-Do not audit attempts to receive sixxsconfig_client packets.
+Do not audit attempts to receive squid_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58121,9 +60438,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_sixxsconfig_client_packets" lineno="61007">
+<interface name="corenet_sendrecv_squid_client_packets" lineno="84931">
 <summary>
-Send and receive sixxsconfig_client packets.
+Send and receive squid_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58132,9 +60449,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_sixxsconfig_client_packets" lineno="61023">
+<interface name="corenet_dontaudit_sendrecv_squid_client_packets" lineno="84947">
 <summary>
-Do not audit attempts to send and receive sixxsconfig_client packets.
+Do not audit attempts to send and receive squid_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58143,9 +60460,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_sixxsconfig_client_packets" lineno="61038">
+<interface name="corenet_relabelto_squid_client_packets" lineno="84962">
 <summary>
-Relabel packets to sixxsconfig_client the packet type.
+Relabel packets to squid_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -58153,9 +60470,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_sixxsconfig_server_packets" lineno="61058">
+<interface name="corenet_send_squid_server_packets" lineno="84982">
 <summary>
-Send sixxsconfig_server packets.
+Send squid_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58164,9 +60481,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_sixxsconfig_server_packets" lineno="61077">
+<interface name="corenet_dontaudit_send_squid_server_packets" lineno="85001">
 <summary>
-Do not audit attempts to send sixxsconfig_server packets.
+Do not audit attempts to send squid_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58175,9 +60492,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_sixxsconfig_server_packets" lineno="61096">
+<interface name="corenet_receive_squid_server_packets" lineno="85020">
 <summary>
-Receive sixxsconfig_server packets.
+Receive squid_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58186,9 +60503,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_sixxsconfig_server_packets" lineno="61115">
+<interface name="corenet_dontaudit_receive_squid_server_packets" lineno="85039">
 <summary>
-Do not audit attempts to receive sixxsconfig_server packets.
+Do not audit attempts to receive squid_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58197,9 +60514,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_sixxsconfig_server_packets" lineno="61134">
+<interface name="corenet_sendrecv_squid_server_packets" lineno="85058">
 <summary>
-Send and receive sixxsconfig_server packets.
+Send and receive squid_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58208,9 +60525,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_sixxsconfig_server_packets" lineno="61150">
+<interface name="corenet_dontaudit_sendrecv_squid_server_packets" lineno="85074">
 <summary>
-Do not audit attempts to send and receive sixxsconfig_server packets.
+Do not audit attempts to send and receive squid_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58219,9 +60536,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_sixxsconfig_server_packets" lineno="61165">
+<interface name="corenet_relabelto_squid_server_packets" lineno="85089">
 <summary>
-Relabel packets to sixxsconfig_server the packet type.
+Relabel packets to squid_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -58229,9 +60546,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_smbd_port" lineno="61187">
+<interface name="corenet_tcp_sendrecv_ssdp_port" lineno="85111">
 <summary>
-Send and receive TCP traffic on the smbd port.
+Send and receive TCP traffic on the ssdp port.
 </summary>
 <param name="domain">
 <summary>
@@ -58240,9 +60557,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_smbd_port" lineno="61206">
+<interface name="corenet_udp_send_ssdp_port" lineno="85130">
 <summary>
-Send UDP traffic on the smbd port.
+Send UDP traffic on the ssdp port.
 </summary>
 <param name="domain">
 <summary>
@@ -58251,9 +60568,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_smbd_port" lineno="61225">
+<interface name="corenet_dontaudit_udp_send_ssdp_port" lineno="85149">
 <summary>
-Do not audit attempts to send UDP traffic on the smbd port.
+Do not audit attempts to send UDP traffic on the ssdp port.
 </summary>
 <param name="domain">
 <summary>
@@ -58262,9 +60579,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_smbd_port" lineno="61244">
+<interface name="corenet_udp_receive_ssdp_port" lineno="85168">
 <summary>
-Receive UDP traffic on the smbd port.
+Receive UDP traffic on the ssdp port.
 </summary>
 <param name="domain">
 <summary>
@@ -58273,9 +60590,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_smbd_port" lineno="61263">
+<interface name="corenet_dontaudit_udp_receive_ssdp_port" lineno="85187">
 <summary>
-Do not audit attempts to receive UDP traffic on the smbd port.
+Do not audit attempts to receive UDP traffic on the ssdp port.
 </summary>
 <param name="domain">
 <summary>
@@ -58284,9 +60601,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_smbd_port" lineno="61282">
+<interface name="corenet_udp_sendrecv_ssdp_port" lineno="85206">
 <summary>
-Send and receive UDP traffic on the smbd port.
+Send and receive UDP traffic on the ssdp port.
 </summary>
 <param name="domain">
 <summary>
@@ -58295,10 +60612,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_smbd_port" lineno="61299">
+<interface name="corenet_dontaudit_udp_sendrecv_ssdp_port" lineno="85223">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the smbd port.
+UDP traffic on the ssdp port.
 </summary>
 <param name="domain">
 <summary>
@@ -58307,9 +60624,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_smbd_port" lineno="61315">
+<interface name="corenet_tcp_bind_ssdp_port" lineno="85239">
 <summary>
-Bind TCP sockets to the smbd port.
+Bind TCP sockets to the ssdp port.
 </summary>
 <param name="domain">
 <summary>
@@ -58318,9 +60635,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_smbd_port" lineno="61335">
+<interface name="corenet_udp_bind_ssdp_port" lineno="85259">
 <summary>
-Bind UDP sockets to the smbd port.
+Bind UDP sockets to the ssdp port.
 </summary>
 <param name="domain">
 <summary>
@@ -58329,9 +60646,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_smbd_port" lineno="61354">
+<interface name="corenet_tcp_connect_ssdp_port" lineno="85278">
 <summary>
-Make a TCP connection to the smbd port.
+Make a TCP connection to the ssdp port.
 </summary>
 <param name="domain">
 <summary>
@@ -58339,9 +60656,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_smbd_client_packets" lineno="61374">
+<interface name="corenet_send_ssdp_client_packets" lineno="85298">
 <summary>
-Send smbd_client packets.
+Send ssdp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58350,9 +60667,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_smbd_client_packets" lineno="61393">
+<interface name="corenet_dontaudit_send_ssdp_client_packets" lineno="85317">
 <summary>
-Do not audit attempts to send smbd_client packets.
+Do not audit attempts to send ssdp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58361,9 +60678,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_smbd_client_packets" lineno="61412">
+<interface name="corenet_receive_ssdp_client_packets" lineno="85336">
 <summary>
-Receive smbd_client packets.
+Receive ssdp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58372,9 +60689,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_smbd_client_packets" lineno="61431">
+<interface name="corenet_dontaudit_receive_ssdp_client_packets" lineno="85355">
 <summary>
-Do not audit attempts to receive smbd_client packets.
+Do not audit attempts to receive ssdp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58383,9 +60700,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_smbd_client_packets" lineno="61450">
+<interface name="corenet_sendrecv_ssdp_client_packets" lineno="85374">
 <summary>
-Send and receive smbd_client packets.
+Send and receive ssdp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58394,9 +60711,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_smbd_client_packets" lineno="61466">
+<interface name="corenet_dontaudit_sendrecv_ssdp_client_packets" lineno="85390">
 <summary>
-Do not audit attempts to send and receive smbd_client packets.
+Do not audit attempts to send and receive ssdp_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58405,9 +60722,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_smbd_client_packets" lineno="61481">
+<interface name="corenet_relabelto_ssdp_client_packets" lineno="85405">
 <summary>
-Relabel packets to smbd_client the packet type.
+Relabel packets to ssdp_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -58415,9 +60732,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_smbd_server_packets" lineno="61501">
+<interface name="corenet_send_ssdp_server_packets" lineno="85425">
 <summary>
-Send smbd_server packets.
+Send ssdp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58426,9 +60743,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_smbd_server_packets" lineno="61520">
+<interface name="corenet_dontaudit_send_ssdp_server_packets" lineno="85444">
 <summary>
-Do not audit attempts to send smbd_server packets.
+Do not audit attempts to send ssdp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58437,9 +60754,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_smbd_server_packets" lineno="61539">
+<interface name="corenet_receive_ssdp_server_packets" lineno="85463">
 <summary>
-Receive smbd_server packets.
+Receive ssdp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58448,9 +60765,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_smbd_server_packets" lineno="61558">
+<interface name="corenet_dontaudit_receive_ssdp_server_packets" lineno="85482">
 <summary>
-Do not audit attempts to receive smbd_server packets.
+Do not audit attempts to receive ssdp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58459,9 +60776,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_smbd_server_packets" lineno="61577">
+<interface name="corenet_sendrecv_ssdp_server_packets" lineno="85501">
 <summary>
-Send and receive smbd_server packets.
+Send and receive ssdp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58470,9 +60787,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_smbd_server_packets" lineno="61593">
+<interface name="corenet_dontaudit_sendrecv_ssdp_server_packets" lineno="85517">
 <summary>
-Do not audit attempts to send and receive smbd_server packets.
+Do not audit attempts to send and receive ssdp_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58481,9 +60798,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_smbd_server_packets" lineno="61608">
+<interface name="corenet_relabelto_ssdp_server_packets" lineno="85532">
 <summary>
-Relabel packets to smbd_server the packet type.
+Relabel packets to ssdp_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -58491,9 +60808,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_smtp_port" lineno="61630">
+<interface name="corenet_tcp_sendrecv_ssh_port" lineno="85554">
 <summary>
-Send and receive TCP traffic on the smtp port.
+Send and receive TCP traffic on the ssh port.
 </summary>
 <param name="domain">
 <summary>
@@ -58502,9 +60819,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_smtp_port" lineno="61649">
+<interface name="corenet_udp_send_ssh_port" lineno="85573">
 <summary>
-Send UDP traffic on the smtp port.
+Send UDP traffic on the ssh port.
 </summary>
 <param name="domain">
 <summary>
@@ -58513,9 +60830,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_smtp_port" lineno="61668">
+<interface name="corenet_dontaudit_udp_send_ssh_port" lineno="85592">
 <summary>
-Do not audit attempts to send UDP traffic on the smtp port.
+Do not audit attempts to send UDP traffic on the ssh port.
 </summary>
 <param name="domain">
 <summary>
@@ -58524,9 +60841,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_smtp_port" lineno="61687">
+<interface name="corenet_udp_receive_ssh_port" lineno="85611">
 <summary>
-Receive UDP traffic on the smtp port.
+Receive UDP traffic on the ssh port.
 </summary>
 <param name="domain">
 <summary>
@@ -58535,9 +60852,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_smtp_port" lineno="61706">
+<interface name="corenet_dontaudit_udp_receive_ssh_port" lineno="85630">
 <summary>
-Do not audit attempts to receive UDP traffic on the smtp port.
+Do not audit attempts to receive UDP traffic on the ssh port.
 </summary>
 <param name="domain">
 <summary>
@@ -58546,9 +60863,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_smtp_port" lineno="61725">
+<interface name="corenet_udp_sendrecv_ssh_port" lineno="85649">
 <summary>
-Send and receive UDP traffic on the smtp port.
+Send and receive UDP traffic on the ssh port.
 </summary>
 <param name="domain">
 <summary>
@@ -58557,10 +60874,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_smtp_port" lineno="61742">
+<interface name="corenet_dontaudit_udp_sendrecv_ssh_port" lineno="85666">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the smtp port.
+UDP traffic on the ssh port.
 </summary>
 <param name="domain">
 <summary>
@@ -58569,9 +60886,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_smtp_port" lineno="61758">
+<interface name="corenet_tcp_bind_ssh_port" lineno="85682">
 <summary>
-Bind TCP sockets to the smtp port.
+Bind TCP sockets to the ssh port.
 </summary>
 <param name="domain">
 <summary>
@@ -58580,9 +60897,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_smtp_port" lineno="61778">
+<interface name="corenet_udp_bind_ssh_port" lineno="85702">
 <summary>
-Bind UDP sockets to the smtp port.
+Bind UDP sockets to the ssh port.
 </summary>
 <param name="domain">
 <summary>
@@ -58591,9 +60908,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_smtp_port" lineno="61797">
+<interface name="corenet_tcp_connect_ssh_port" lineno="85721">
 <summary>
-Make a TCP connection to the smtp port.
+Make a TCP connection to the ssh port.
 </summary>
 <param name="domain">
 <summary>
@@ -58601,9 +60918,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_smtp_client_packets" lineno="61817">
+<interface name="corenet_send_ssh_client_packets" lineno="85741">
 <summary>
-Send smtp_client packets.
+Send ssh_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58612,9 +60929,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_smtp_client_packets" lineno="61836">
+<interface name="corenet_dontaudit_send_ssh_client_packets" lineno="85760">
 <summary>
-Do not audit attempts to send smtp_client packets.
+Do not audit attempts to send ssh_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58623,9 +60940,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_smtp_client_packets" lineno="61855">
+<interface name="corenet_receive_ssh_client_packets" lineno="85779">
 <summary>
-Receive smtp_client packets.
+Receive ssh_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58634,9 +60951,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_smtp_client_packets" lineno="61874">
+<interface name="corenet_dontaudit_receive_ssh_client_packets" lineno="85798">
 <summary>
-Do not audit attempts to receive smtp_client packets.
+Do not audit attempts to receive ssh_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58645,9 +60962,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_smtp_client_packets" lineno="61893">
+<interface name="corenet_sendrecv_ssh_client_packets" lineno="85817">
 <summary>
-Send and receive smtp_client packets.
+Send and receive ssh_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58656,9 +60973,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_smtp_client_packets" lineno="61909">
+<interface name="corenet_dontaudit_sendrecv_ssh_client_packets" lineno="85833">
 <summary>
-Do not audit attempts to send and receive smtp_client packets.
+Do not audit attempts to send and receive ssh_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58667,9 +60984,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_smtp_client_packets" lineno="61924">
+<interface name="corenet_relabelto_ssh_client_packets" lineno="85848">
 <summary>
-Relabel packets to smtp_client the packet type.
+Relabel packets to ssh_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -58677,9 +60994,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_smtp_server_packets" lineno="61944">
+<interface name="corenet_send_ssh_server_packets" lineno="85868">
 <summary>
-Send smtp_server packets.
+Send ssh_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58688,9 +61005,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_smtp_server_packets" lineno="61963">
+<interface name="corenet_dontaudit_send_ssh_server_packets" lineno="85887">
 <summary>
-Do not audit attempts to send smtp_server packets.
+Do not audit attempts to send ssh_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58699,9 +61016,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_smtp_server_packets" lineno="61982">
+<interface name="corenet_receive_ssh_server_packets" lineno="85906">
 <summary>
-Receive smtp_server packets.
+Receive ssh_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58710,9 +61027,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_smtp_server_packets" lineno="62001">
+<interface name="corenet_dontaudit_receive_ssh_server_packets" lineno="85925">
 <summary>
-Do not audit attempts to receive smtp_server packets.
+Do not audit attempts to receive ssh_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58721,9 +61038,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_smtp_server_packets" lineno="62020">
+<interface name="corenet_sendrecv_ssh_server_packets" lineno="85944">
 <summary>
-Send and receive smtp_server packets.
+Send and receive ssh_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58732,9 +61049,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_smtp_server_packets" lineno="62036">
+<interface name="corenet_dontaudit_sendrecv_ssh_server_packets" lineno="85960">
 <summary>
-Do not audit attempts to send and receive smtp_server packets.
+Do not audit attempts to send and receive ssh_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58743,9 +61060,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_smtp_server_packets" lineno="62051">
+<interface name="corenet_relabelto_ssh_server_packets" lineno="85975">
 <summary>
-Relabel packets to smtp_server the packet type.
+Relabel packets to ssh_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -58753,9 +61070,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_snmp_port" lineno="62073">
+<interface name="corenet_tcp_sendrecv_stunnel_port" lineno="85997">
 <summary>
-Send and receive TCP traffic on the snmp port.
+Send and receive TCP traffic on the stunnel port.
 </summary>
 <param name="domain">
 <summary>
@@ -58764,9 +61081,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_snmp_port" lineno="62092">
+<interface name="corenet_udp_send_stunnel_port" lineno="86016">
 <summary>
-Send UDP traffic on the snmp port.
+Send UDP traffic on the stunnel port.
 </summary>
 <param name="domain">
 <summary>
@@ -58775,9 +61092,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_snmp_port" lineno="62111">
+<interface name="corenet_dontaudit_udp_send_stunnel_port" lineno="86035">
 <summary>
-Do not audit attempts to send UDP traffic on the snmp port.
+Do not audit attempts to send UDP traffic on the stunnel port.
 </summary>
 <param name="domain">
 <summary>
@@ -58786,9 +61103,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_snmp_port" lineno="62130">
+<interface name="corenet_udp_receive_stunnel_port" lineno="86054">
 <summary>
-Receive UDP traffic on the snmp port.
+Receive UDP traffic on the stunnel port.
 </summary>
 <param name="domain">
 <summary>
@@ -58797,9 +61114,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_snmp_port" lineno="62149">
+<interface name="corenet_dontaudit_udp_receive_stunnel_port" lineno="86073">
 <summary>
-Do not audit attempts to receive UDP traffic on the snmp port.
+Do not audit attempts to receive UDP traffic on the stunnel port.
 </summary>
 <param name="domain">
 <summary>
@@ -58808,9 +61125,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_snmp_port" lineno="62168">
+<interface name="corenet_udp_sendrecv_stunnel_port" lineno="86092">
 <summary>
-Send and receive UDP traffic on the snmp port.
+Send and receive UDP traffic on the stunnel port.
 </summary>
 <param name="domain">
 <summary>
@@ -58819,10 +61136,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_snmp_port" lineno="62185">
+<interface name="corenet_dontaudit_udp_sendrecv_stunnel_port" lineno="86109">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the snmp port.
+UDP traffic on the stunnel port.
 </summary>
 <param name="domain">
 <summary>
@@ -58831,9 +61148,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_snmp_port" lineno="62201">
+<interface name="corenet_tcp_bind_stunnel_port" lineno="86125">
 <summary>
-Bind TCP sockets to the snmp port.
+Bind TCP sockets to the stunnel port.
 </summary>
 <param name="domain">
 <summary>
@@ -58842,9 +61159,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_snmp_port" lineno="62221">
+<interface name="corenet_udp_bind_stunnel_port" lineno="86145">
 <summary>
-Bind UDP sockets to the snmp port.
+Bind UDP sockets to the stunnel port.
 </summary>
 <param name="domain">
 <summary>
@@ -58853,9 +61170,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_snmp_port" lineno="62240">
+<interface name="corenet_tcp_connect_stunnel_port" lineno="86164">
 <summary>
-Make a TCP connection to the snmp port.
+Make a TCP connection to the stunnel port.
 </summary>
 <param name="domain">
 <summary>
@@ -58863,9 +61180,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_snmp_client_packets" lineno="62260">
+<interface name="corenet_send_stunnel_client_packets" lineno="86184">
 <summary>
-Send snmp_client packets.
+Send stunnel_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58874,9 +61191,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_snmp_client_packets" lineno="62279">
+<interface name="corenet_dontaudit_send_stunnel_client_packets" lineno="86203">
 <summary>
-Do not audit attempts to send snmp_client packets.
+Do not audit attempts to send stunnel_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58885,9 +61202,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_snmp_client_packets" lineno="62298">
+<interface name="corenet_receive_stunnel_client_packets" lineno="86222">
 <summary>
-Receive snmp_client packets.
+Receive stunnel_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58896,9 +61213,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_snmp_client_packets" lineno="62317">
+<interface name="corenet_dontaudit_receive_stunnel_client_packets" lineno="86241">
 <summary>
-Do not audit attempts to receive snmp_client packets.
+Do not audit attempts to receive stunnel_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58907,9 +61224,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_snmp_client_packets" lineno="62336">
+<interface name="corenet_sendrecv_stunnel_client_packets" lineno="86260">
 <summary>
-Send and receive snmp_client packets.
+Send and receive stunnel_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58918,9 +61235,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_snmp_client_packets" lineno="62352">
+<interface name="corenet_dontaudit_sendrecv_stunnel_client_packets" lineno="86276">
 <summary>
-Do not audit attempts to send and receive snmp_client packets.
+Do not audit attempts to send and receive stunnel_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58929,9 +61246,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_snmp_client_packets" lineno="62367">
+<interface name="corenet_relabelto_stunnel_client_packets" lineno="86291">
 <summary>
-Relabel packets to snmp_client the packet type.
+Relabel packets to stunnel_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -58939,9 +61256,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_snmp_server_packets" lineno="62387">
+<interface name="corenet_send_stunnel_server_packets" lineno="86311">
 <summary>
-Send snmp_server packets.
+Send stunnel_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58950,9 +61267,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_snmp_server_packets" lineno="62406">
+<interface name="corenet_dontaudit_send_stunnel_server_packets" lineno="86330">
 <summary>
-Do not audit attempts to send snmp_server packets.
+Do not audit attempts to send stunnel_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58961,9 +61278,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_snmp_server_packets" lineno="62425">
+<interface name="corenet_receive_stunnel_server_packets" lineno="86349">
 <summary>
-Receive snmp_server packets.
+Receive stunnel_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58972,9 +61289,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_snmp_server_packets" lineno="62444">
+<interface name="corenet_dontaudit_receive_stunnel_server_packets" lineno="86368">
 <summary>
-Do not audit attempts to receive snmp_server packets.
+Do not audit attempts to receive stunnel_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58983,9 +61300,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_snmp_server_packets" lineno="62463">
+<interface name="corenet_sendrecv_stunnel_server_packets" lineno="86387">
 <summary>
-Send and receive snmp_server packets.
+Send and receive stunnel_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -58994,9 +61311,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_snmp_server_packets" lineno="62479">
+<interface name="corenet_dontaudit_sendrecv_stunnel_server_packets" lineno="86403">
 <summary>
-Do not audit attempts to send and receive snmp_server packets.
+Do not audit attempts to send and receive stunnel_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -59005,9 +61322,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_snmp_server_packets" lineno="62494">
+<interface name="corenet_relabelto_stunnel_server_packets" lineno="86418">
 <summary>
-Relabel packets to snmp_server the packet type.
+Relabel packets to stunnel_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -59015,9 +61332,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_socks_port" lineno="62516">
+<interface name="corenet_tcp_sendrecv_svn_port" lineno="86440">
 <summary>
-Send and receive TCP traffic on the socks port.
+Send and receive TCP traffic on the svn port.
 </summary>
 <param name="domain">
 <summary>
@@ -59026,9 +61343,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_socks_port" lineno="62535">
+<interface name="corenet_udp_send_svn_port" lineno="86459">
 <summary>
-Send UDP traffic on the socks port.
+Send UDP traffic on the svn port.
 </summary>
 <param name="domain">
 <summary>
@@ -59037,9 +61354,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_socks_port" lineno="62554">
+<interface name="corenet_dontaudit_udp_send_svn_port" lineno="86478">
 <summary>
-Do not audit attempts to send UDP traffic on the socks port.
+Do not audit attempts to send UDP traffic on the svn port.
 </summary>
 <param name="domain">
 <summary>
@@ -59048,9 +61365,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_socks_port" lineno="62573">
+<interface name="corenet_udp_receive_svn_port" lineno="86497">
 <summary>
-Receive UDP traffic on the socks port.
+Receive UDP traffic on the svn port.
 </summary>
 <param name="domain">
 <summary>
@@ -59059,9 +61376,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_socks_port" lineno="62592">
+<interface name="corenet_dontaudit_udp_receive_svn_port" lineno="86516">
 <summary>
-Do not audit attempts to receive UDP traffic on the socks port.
+Do not audit attempts to receive UDP traffic on the svn port.
 </summary>
 <param name="domain">
 <summary>
@@ -59070,9 +61387,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_socks_port" lineno="62611">
+<interface name="corenet_udp_sendrecv_svn_port" lineno="86535">
 <summary>
-Send and receive UDP traffic on the socks port.
+Send and receive UDP traffic on the svn port.
 </summary>
 <param name="domain">
 <summary>
@@ -59081,10 +61398,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_socks_port" lineno="62628">
+<interface name="corenet_dontaudit_udp_sendrecv_svn_port" lineno="86552">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the socks port.
+UDP traffic on the svn port.
 </summary>
 <param name="domain">
 <summary>
@@ -59093,9 +61410,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_socks_port" lineno="62644">
+<interface name="corenet_tcp_bind_svn_port" lineno="86568">
 <summary>
-Bind TCP sockets to the socks port.
+Bind TCP sockets to the svn port.
 </summary>
 <param name="domain">
 <summary>
@@ -59104,9 +61421,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_socks_port" lineno="62664">
+<interface name="corenet_udp_bind_svn_port" lineno="86588">
 <summary>
-Bind UDP sockets to the socks port.
+Bind UDP sockets to the svn port.
 </summary>
 <param name="domain">
 <summary>
@@ -59115,9 +61432,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_socks_port" lineno="62683">
+<interface name="corenet_tcp_connect_svn_port" lineno="86607">
 <summary>
-Make a TCP connection to the socks port.
+Make a TCP connection to the svn port.
 </summary>
 <param name="domain">
 <summary>
@@ -59125,9 +61442,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_socks_client_packets" lineno="62703">
+<interface name="corenet_send_svn_client_packets" lineno="86627">
 <summary>
-Send socks_client packets.
+Send svn_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -59136,9 +61453,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_socks_client_packets" lineno="62722">
+<interface name="corenet_dontaudit_send_svn_client_packets" lineno="86646">
 <summary>
-Do not audit attempts to send socks_client packets.
+Do not audit attempts to send svn_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -59147,9 +61464,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_socks_client_packets" lineno="62741">
+<interface name="corenet_receive_svn_client_packets" lineno="86665">
 <summary>
-Receive socks_client packets.
+Receive svn_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -59158,9 +61475,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_socks_client_packets" lineno="62760">
+<interface name="corenet_dontaudit_receive_svn_client_packets" lineno="86684">
 <summary>
-Do not audit attempts to receive socks_client packets.
+Do not audit attempts to receive svn_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -59169,9 +61486,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_socks_client_packets" lineno="62779">
+<interface name="corenet_sendrecv_svn_client_packets" lineno="86703">
 <summary>
-Send and receive socks_client packets.
+Send and receive svn_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -59180,9 +61497,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_socks_client_packets" lineno="62795">
+<interface name="corenet_dontaudit_sendrecv_svn_client_packets" lineno="86719">
 <summary>
-Do not audit attempts to send and receive socks_client packets.
+Do not audit attempts to send and receive svn_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -59191,9 +61508,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_socks_client_packets" lineno="62810">
+<interface name="corenet_relabelto_svn_client_packets" lineno="86734">
 <summary>
-Relabel packets to socks_client the packet type.
+Relabel packets to svn_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -59201,9 +61518,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_socks_server_packets" lineno="62830">
+<interface name="corenet_send_svn_server_packets" lineno="86754">
 <summary>
-Send socks_server packets.
+Send svn_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -59212,9 +61529,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_socks_server_packets" lineno="62849">
+<interface name="corenet_dontaudit_send_svn_server_packets" lineno="86773">
 <summary>
-Do not audit attempts to send socks_server packets.
+Do not audit attempts to send svn_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -59223,9 +61540,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_socks_server_packets" lineno="62868">
+<interface name="corenet_receive_svn_server_packets" lineno="86792">
 <summary>
-Receive socks_server packets.
+Receive svn_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -59234,9 +61551,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_socks_server_packets" lineno="62887">
+<interface name="corenet_dontaudit_receive_svn_server_packets" lineno="86811">
 <summary>
-Do not audit attempts to receive socks_server packets.
+Do not audit attempts to receive svn_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -59245,9 +61562,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_socks_server_packets" lineno="62906">
+<interface name="corenet_sendrecv_svn_server_packets" lineno="86830">
 <summary>
-Send and receive socks_server packets.
+Send and receive svn_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -59256,9 +61573,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_socks_server_packets" lineno="62922">
+<interface name="corenet_dontaudit_sendrecv_svn_server_packets" lineno="86846">
 <summary>
-Do not audit attempts to send and receive socks_server packets.
+Do not audit attempts to send and receive svn_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -59267,9 +61584,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_socks_server_packets" lineno="62937">
+<interface name="corenet_relabelto_svn_server_packets" lineno="86861">
 <summary>
-Relabel packets to socks_server the packet type.
+Relabel packets to svn_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -59277,9 +61594,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_soundd_port" lineno="62959">
+<interface name="corenet_tcp_sendrecv_svrloc_port" lineno="86883">
 <summary>
-Send and receive TCP traffic on the soundd port.
+Send and receive TCP traffic on the svrloc port.
 </summary>
 <param name="domain">
 <summary>
@@ -59288,9 +61605,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_soundd_port" lineno="62978">
+<interface name="corenet_udp_send_svrloc_port" lineno="86902">
 <summary>
-Send UDP traffic on the soundd port.
+Send UDP traffic on the svrloc port.
 </summary>
 <param name="domain">
 <summary>
@@ -59299,9 +61616,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_soundd_port" lineno="62997">
+<interface name="corenet_dontaudit_udp_send_svrloc_port" lineno="86921">
 <summary>
-Do not audit attempts to send UDP traffic on the soundd port.
+Do not audit attempts to send UDP traffic on the svrloc port.
 </summary>
 <param name="domain">
 <summary>
@@ -59310,9 +61627,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_soundd_port" lineno="63016">
+<interface name="corenet_udp_receive_svrloc_port" lineno="86940">
 <summary>
-Receive UDP traffic on the soundd port.
+Receive UDP traffic on the svrloc port.
 </summary>
 <param name="domain">
 <summary>
@@ -59321,9 +61638,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_soundd_port" lineno="63035">
+<interface name="corenet_dontaudit_udp_receive_svrloc_port" lineno="86959">
 <summary>
-Do not audit attempts to receive UDP traffic on the soundd port.
+Do not audit attempts to receive UDP traffic on the svrloc port.
 </summary>
 <param name="domain">
 <summary>
@@ -59332,9 +61649,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_soundd_port" lineno="63054">
+<interface name="corenet_udp_sendrecv_svrloc_port" lineno="86978">
 <summary>
-Send and receive UDP traffic on the soundd port.
+Send and receive UDP traffic on the svrloc port.
 </summary>
 <param name="domain">
 <summary>
@@ -59343,10 +61660,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_soundd_port" lineno="63071">
+<interface name="corenet_dontaudit_udp_sendrecv_svrloc_port" lineno="86995">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the soundd port.
+UDP traffic on the svrloc port.
 </summary>
 <param name="domain">
 <summary>
@@ -59355,9 +61672,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_soundd_port" lineno="63087">
+<interface name="corenet_tcp_bind_svrloc_port" lineno="87011">
 <summary>
-Bind TCP sockets to the soundd port.
+Bind TCP sockets to the svrloc port.
 </summary>
 <param name="domain">
 <summary>
@@ -59366,9 +61683,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_soundd_port" lineno="63107">
+<interface name="corenet_udp_bind_svrloc_port" lineno="87031">
 <summary>
-Bind UDP sockets to the soundd port.
+Bind UDP sockets to the svrloc port.
 </summary>
 <param name="domain">
 <summary>
@@ -59377,9 +61694,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_soundd_port" lineno="63126">
+<interface name="corenet_tcp_connect_svrloc_port" lineno="87050">
 <summary>
-Make a TCP connection to the soundd port.
+Make a TCP connection to the svrloc port.
 </summary>
 <param name="domain">
 <summary>
@@ -59387,9 +61704,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_soundd_client_packets" lineno="63146">
+<interface name="corenet_send_svrloc_client_packets" lineno="87070">
 <summary>
-Send soundd_client packets.
+Send svrloc_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -59398,9 +61715,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_soundd_client_packets" lineno="63165">
+<interface name="corenet_dontaudit_send_svrloc_client_packets" lineno="87089">
 <summary>
-Do not audit attempts to send soundd_client packets.
+Do not audit attempts to send svrloc_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -59409,9 +61726,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_soundd_client_packets" lineno="63184">
+<interface name="corenet_receive_svrloc_client_packets" lineno="87108">
 <summary>
-Receive soundd_client packets.
+Receive svrloc_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -59420,9 +61737,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_soundd_client_packets" lineno="63203">
+<interface name="corenet_dontaudit_receive_svrloc_client_packets" lineno="87127">
 <summary>
-Do not audit attempts to receive soundd_client packets.
+Do not audit attempts to receive svrloc_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -59431,9 +61748,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_soundd_client_packets" lineno="63222">
+<interface name="corenet_sendrecv_svrloc_client_packets" lineno="87146">
 <summary>
-Send and receive soundd_client packets.
+Send and receive svrloc_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -59442,9 +61759,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_soundd_client_packets" lineno="63238">
+<interface name="corenet_dontaudit_sendrecv_svrloc_client_packets" lineno="87162">
 <summary>
-Do not audit attempts to send and receive soundd_client packets.
+Do not audit attempts to send and receive svrloc_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -59453,9 +61770,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_soundd_client_packets" lineno="63253">
+<interface name="corenet_relabelto_svrloc_client_packets" lineno="87177">
 <summary>
-Relabel packets to soundd_client the packet type.
+Relabel packets to svrloc_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -59463,9 +61780,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_soundd_server_packets" lineno="63273">
+<interface name="corenet_send_svrloc_server_packets" lineno="87197">
 <summary>
-Send soundd_server packets.
+Send svrloc_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -59474,9 +61791,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_soundd_server_packets" lineno="63292">
+<interface name="corenet_dontaudit_send_svrloc_server_packets" lineno="87216">
 <summary>
-Do not audit attempts to send soundd_server packets.
+Do not audit attempts to send svrloc_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -59485,9 +61802,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_soundd_server_packets" lineno="63311">
+<interface name="corenet_receive_svrloc_server_packets" lineno="87235">
 <summary>
-Receive soundd_server packets.
+Receive svrloc_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -59496,9 +61813,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_soundd_server_packets" lineno="63330">
+<interface name="corenet_dontaudit_receive_svrloc_server_packets" lineno="87254">
 <summary>
-Do not audit attempts to receive soundd_server packets.
+Do not audit attempts to receive svrloc_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -59507,9 +61824,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_soundd_server_packets" lineno="63349">
+<interface name="corenet_sendrecv_svrloc_server_packets" lineno="87273">
 <summary>
-Send and receive soundd_server packets.
+Send and receive svrloc_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -59518,9 +61835,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_soundd_server_packets" lineno="63365">
+<interface name="corenet_dontaudit_sendrecv_svrloc_server_packets" lineno="87289">
 <summary>
-Do not audit attempts to send and receive soundd_server packets.
+Do not audit attempts to send and receive svrloc_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -59529,9 +61846,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_soundd_server_packets" lineno="63380">
+<interface name="corenet_relabelto_svrloc_server_packets" lineno="87304">
 <summary>
-Relabel packets to soundd_server the packet type.
+Relabel packets to svrloc_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -59539,9 +61856,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_spamd_port" lineno="63402">
+<interface name="corenet_tcp_sendrecv_swat_port" lineno="87326">
 <summary>
-Send and receive TCP traffic on the spamd port.
+Send and receive TCP traffic on the swat port.
 </summary>
 <param name="domain">
 <summary>
@@ -59550,9 +61867,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_spamd_port" lineno="63421">
+<interface name="corenet_udp_send_swat_port" lineno="87345">
 <summary>
-Send UDP traffic on the spamd port.
+Send UDP traffic on the swat port.
 </summary>
 <param name="domain">
 <summary>
@@ -59561,9 +61878,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_spamd_port" lineno="63440">
+<interface name="corenet_dontaudit_udp_send_swat_port" lineno="87364">
 <summary>
-Do not audit attempts to send UDP traffic on the spamd port.
+Do not audit attempts to send UDP traffic on the swat port.
 </summary>
 <param name="domain">
 <summary>
@@ -59572,9 +61889,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_spamd_port" lineno="63459">
+<interface name="corenet_udp_receive_swat_port" lineno="87383">
 <summary>
-Receive UDP traffic on the spamd port.
+Receive UDP traffic on the swat port.
 </summary>
 <param name="domain">
 <summary>
@@ -59583,9 +61900,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_spamd_port" lineno="63478">
+<interface name="corenet_dontaudit_udp_receive_swat_port" lineno="87402">
 <summary>
-Do not audit attempts to receive UDP traffic on the spamd port.
+Do not audit attempts to receive UDP traffic on the swat port.
 </summary>
 <param name="domain">
 <summary>
@@ -59594,9 +61911,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_spamd_port" lineno="63497">
+<interface name="corenet_udp_sendrecv_swat_port" lineno="87421">
 <summary>
-Send and receive UDP traffic on the spamd port.
+Send and receive UDP traffic on the swat port.
 </summary>
 <param name="domain">
 <summary>
@@ -59605,10 +61922,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_spamd_port" lineno="63514">
+<interface name="corenet_dontaudit_udp_sendrecv_swat_port" lineno="87438">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the spamd port.
+UDP traffic on the swat port.
 </summary>
 <param name="domain">
 <summary>
@@ -59617,9 +61934,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_spamd_port" lineno="63530">
+<interface name="corenet_tcp_bind_swat_port" lineno="87454">
 <summary>
-Bind TCP sockets to the spamd port.
+Bind TCP sockets to the swat port.
 </summary>
 <param name="domain">
 <summary>
@@ -59628,9 +61945,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_spamd_port" lineno="63550">
+<interface name="corenet_udp_bind_swat_port" lineno="87474">
 <summary>
-Bind UDP sockets to the spamd port.
+Bind UDP sockets to the swat port.
 </summary>
 <param name="domain">
 <summary>
@@ -59639,9 +61956,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_spamd_port" lineno="63569">
+<interface name="corenet_tcp_connect_swat_port" lineno="87493">
 <summary>
-Make a TCP connection to the spamd port.
+Make a TCP connection to the swat port.
 </summary>
 <param name="domain">
 <summary>
@@ -59649,9 +61966,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_spamd_client_packets" lineno="63589">
+<interface name="corenet_send_swat_client_packets" lineno="87513">
 <summary>
-Send spamd_client packets.
+Send swat_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -59660,9 +61977,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_spamd_client_packets" lineno="63608">
+<interface name="corenet_dontaudit_send_swat_client_packets" lineno="87532">
 <summary>
-Do not audit attempts to send spamd_client packets.
+Do not audit attempts to send swat_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -59671,9 +61988,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_spamd_client_packets" lineno="63627">
+<interface name="corenet_receive_swat_client_packets" lineno="87551">
 <summary>
-Receive spamd_client packets.
+Receive swat_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -59682,9 +61999,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_spamd_client_packets" lineno="63646">
+<interface name="corenet_dontaudit_receive_swat_client_packets" lineno="87570">
 <summary>
-Do not audit attempts to receive spamd_client packets.
+Do not audit attempts to receive swat_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -59693,9 +62010,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_spamd_client_packets" lineno="63665">
+<interface name="corenet_sendrecv_swat_client_packets" lineno="87589">
 <summary>
-Send and receive spamd_client packets.
+Send and receive swat_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -59704,9 +62021,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_spamd_client_packets" lineno="63681">
+<interface name="corenet_dontaudit_sendrecv_swat_client_packets" lineno="87605">
 <summary>
-Do not audit attempts to send and receive spamd_client packets.
+Do not audit attempts to send and receive swat_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -59715,9 +62032,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_spamd_client_packets" lineno="63696">
+<interface name="corenet_relabelto_swat_client_packets" lineno="87620">
 <summary>
-Relabel packets to spamd_client the packet type.
+Relabel packets to swat_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -59725,9 +62042,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_spamd_server_packets" lineno="63716">
+<interface name="corenet_send_swat_server_packets" lineno="87640">
 <summary>
-Send spamd_server packets.
+Send swat_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -59736,9 +62053,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_spamd_server_packets" lineno="63735">
+<interface name="corenet_dontaudit_send_swat_server_packets" lineno="87659">
 <summary>
-Do not audit attempts to send spamd_server packets.
+Do not audit attempts to send swat_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -59747,9 +62064,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_spamd_server_packets" lineno="63754">
+<interface name="corenet_receive_swat_server_packets" lineno="87678">
 <summary>
-Receive spamd_server packets.
+Receive swat_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -59758,9 +62075,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_spamd_server_packets" lineno="63773">
+<interface name="corenet_dontaudit_receive_swat_server_packets" lineno="87697">
 <summary>
-Do not audit attempts to receive spamd_server packets.
+Do not audit attempts to receive swat_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -59769,9 +62086,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_spamd_server_packets" lineno="63792">
+<interface name="corenet_sendrecv_swat_server_packets" lineno="87716">
 <summary>
-Send and receive spamd_server packets.
+Send and receive swat_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -59780,9 +62097,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_spamd_server_packets" lineno="63808">
+<interface name="corenet_dontaudit_sendrecv_swat_server_packets" lineno="87732">
 <summary>
-Do not audit attempts to send and receive spamd_server packets.
+Do not audit attempts to send and receive swat_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -59791,9 +62108,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_spamd_server_packets" lineno="63823">
+<interface name="corenet_relabelto_swat_server_packets" lineno="87747">
 <summary>
-Relabel packets to spamd_server the packet type.
+Relabel packets to swat_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -59801,9 +62118,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_speech_port" lineno="63845">
+<interface name="corenet_tcp_sendrecv_syncthing_port" lineno="87769">
 <summary>
-Send and receive TCP traffic on the speech port.
+Send and receive TCP traffic on the syncthing port.
 </summary>
 <param name="domain">
 <summary>
@@ -59812,9 +62129,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_speech_port" lineno="63864">
+<interface name="corenet_udp_send_syncthing_port" lineno="87788">
 <summary>
-Send UDP traffic on the speech port.
+Send UDP traffic on the syncthing port.
 </summary>
 <param name="domain">
 <summary>
@@ -59823,9 +62140,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_speech_port" lineno="63883">
+<interface name="corenet_dontaudit_udp_send_syncthing_port" lineno="87807">
 <summary>
-Do not audit attempts to send UDP traffic on the speech port.
+Do not audit attempts to send UDP traffic on the syncthing port.
 </summary>
 <param name="domain">
 <summary>
@@ -59834,9 +62151,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_speech_port" lineno="63902">
+<interface name="corenet_udp_receive_syncthing_port" lineno="87826">
 <summary>
-Receive UDP traffic on the speech port.
+Receive UDP traffic on the syncthing port.
 </summary>
 <param name="domain">
 <summary>
@@ -59845,9 +62162,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_speech_port" lineno="63921">
+<interface name="corenet_dontaudit_udp_receive_syncthing_port" lineno="87845">
 <summary>
-Do not audit attempts to receive UDP traffic on the speech port.
+Do not audit attempts to receive UDP traffic on the syncthing port.
 </summary>
 <param name="domain">
 <summary>
@@ -59856,9 +62173,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_speech_port" lineno="63940">
+<interface name="corenet_udp_sendrecv_syncthing_port" lineno="87864">
 <summary>
-Send and receive UDP traffic on the speech port.
+Send and receive UDP traffic on the syncthing port.
 </summary>
 <param name="domain">
 <summary>
@@ -59867,10 +62184,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_speech_port" lineno="63957">
+<interface name="corenet_dontaudit_udp_sendrecv_syncthing_port" lineno="87881">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the speech port.
+UDP traffic on the syncthing port.
 </summary>
 <param name="domain">
 <summary>
@@ -59879,9 +62196,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_speech_port" lineno="63973">
+<interface name="corenet_tcp_bind_syncthing_port" lineno="87897">
 <summary>
-Bind TCP sockets to the speech port.
+Bind TCP sockets to the syncthing port.
 </summary>
 <param name="domain">
 <summary>
@@ -59890,9 +62207,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_speech_port" lineno="63993">
+<interface name="corenet_udp_bind_syncthing_port" lineno="87917">
 <summary>
-Bind UDP sockets to the speech port.
+Bind UDP sockets to the syncthing port.
 </summary>
 <param name="domain">
 <summary>
@@ -59901,9 +62218,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_speech_port" lineno="64012">
+<interface name="corenet_tcp_connect_syncthing_port" lineno="87936">
 <summary>
-Make a TCP connection to the speech port.
+Make a TCP connection to the syncthing port.
 </summary>
 <param name="domain">
 <summary>
@@ -59911,9 +62228,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_speech_client_packets" lineno="64032">
+<interface name="corenet_send_syncthing_client_packets" lineno="87956">
 <summary>
-Send speech_client packets.
+Send syncthing_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -59922,9 +62239,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_speech_client_packets" lineno="64051">
+<interface name="corenet_dontaudit_send_syncthing_client_packets" lineno="87975">
 <summary>
-Do not audit attempts to send speech_client packets.
+Do not audit attempts to send syncthing_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -59933,9 +62250,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_speech_client_packets" lineno="64070">
+<interface name="corenet_receive_syncthing_client_packets" lineno="87994">
 <summary>
-Receive speech_client packets.
+Receive syncthing_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -59944,9 +62261,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_speech_client_packets" lineno="64089">
+<interface name="corenet_dontaudit_receive_syncthing_client_packets" lineno="88013">
 <summary>
-Do not audit attempts to receive speech_client packets.
+Do not audit attempts to receive syncthing_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -59955,9 +62272,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_speech_client_packets" lineno="64108">
+<interface name="corenet_sendrecv_syncthing_client_packets" lineno="88032">
 <summary>
-Send and receive speech_client packets.
+Send and receive syncthing_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -59966,9 +62283,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_speech_client_packets" lineno="64124">
+<interface name="corenet_dontaudit_sendrecv_syncthing_client_packets" lineno="88048">
 <summary>
-Do not audit attempts to send and receive speech_client packets.
+Do not audit attempts to send and receive syncthing_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -59977,9 +62294,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_speech_client_packets" lineno="64139">
+<interface name="corenet_relabelto_syncthing_client_packets" lineno="88063">
 <summary>
-Relabel packets to speech_client the packet type.
+Relabel packets to syncthing_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -59987,9 +62304,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_speech_server_packets" lineno="64159">
+<interface name="corenet_send_syncthing_server_packets" lineno="88083">
 <summary>
-Send speech_server packets.
+Send syncthing_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -59998,9 +62315,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_speech_server_packets" lineno="64178">
+<interface name="corenet_dontaudit_send_syncthing_server_packets" lineno="88102">
 <summary>
-Do not audit attempts to send speech_server packets.
+Do not audit attempts to send syncthing_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -60009,9 +62326,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_speech_server_packets" lineno="64197">
+<interface name="corenet_receive_syncthing_server_packets" lineno="88121">
 <summary>
-Receive speech_server packets.
+Receive syncthing_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -60020,9 +62337,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_speech_server_packets" lineno="64216">
+<interface name="corenet_dontaudit_receive_syncthing_server_packets" lineno="88140">
 <summary>
-Do not audit attempts to receive speech_server packets.
+Do not audit attempts to receive syncthing_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -60031,9 +62348,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_speech_server_packets" lineno="64235">
+<interface name="corenet_sendrecv_syncthing_server_packets" lineno="88159">
 <summary>
-Send and receive speech_server packets.
+Send and receive syncthing_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -60042,9 +62359,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_speech_server_packets" lineno="64251">
+<interface name="corenet_dontaudit_sendrecv_syncthing_server_packets" lineno="88175">
 <summary>
-Do not audit attempts to send and receive speech_server packets.
+Do not audit attempts to send and receive syncthing_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -60053,9 +62370,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_speech_server_packets" lineno="64266">
+<interface name="corenet_relabelto_syncthing_server_packets" lineno="88190">
 <summary>
-Relabel packets to speech_server the packet type.
+Relabel packets to syncthing_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -60063,9 +62380,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_squid_port" lineno="64288">
+<interface name="corenet_tcp_sendrecv_syncthing_admin_port" lineno="88212">
 <summary>
-Send and receive TCP traffic on the squid port.
+Send and receive TCP traffic on the syncthing_admin port.
 </summary>
 <param name="domain">
 <summary>
@@ -60074,9 +62391,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_squid_port" lineno="64307">
+<interface name="corenet_udp_send_syncthing_admin_port" lineno="88231">
 <summary>
-Send UDP traffic on the squid port.
+Send UDP traffic on the syncthing_admin port.
 </summary>
 <param name="domain">
 <summary>
@@ -60085,9 +62402,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_squid_port" lineno="64326">
+<interface name="corenet_dontaudit_udp_send_syncthing_admin_port" lineno="88250">
 <summary>
-Do not audit attempts to send UDP traffic on the squid port.
+Do not audit attempts to send UDP traffic on the syncthing_admin port.
 </summary>
 <param name="domain">
 <summary>
@@ -60096,9 +62413,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_squid_port" lineno="64345">
+<interface name="corenet_udp_receive_syncthing_admin_port" lineno="88269">
 <summary>
-Receive UDP traffic on the squid port.
+Receive UDP traffic on the syncthing_admin port.
 </summary>
 <param name="domain">
 <summary>
@@ -60107,9 +62424,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_squid_port" lineno="64364">
+<interface name="corenet_dontaudit_udp_receive_syncthing_admin_port" lineno="88288">
 <summary>
-Do not audit attempts to receive UDP traffic on the squid port.
+Do not audit attempts to receive UDP traffic on the syncthing_admin port.
 </summary>
 <param name="domain">
 <summary>
@@ -60118,9 +62435,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_squid_port" lineno="64383">
+<interface name="corenet_udp_sendrecv_syncthing_admin_port" lineno="88307">
 <summary>
-Send and receive UDP traffic on the squid port.
+Send and receive UDP traffic on the syncthing_admin port.
 </summary>
 <param name="domain">
 <summary>
@@ -60129,10 +62446,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_squid_port" lineno="64400">
+<interface name="corenet_dontaudit_udp_sendrecv_syncthing_admin_port" lineno="88324">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the squid port.
+UDP traffic on the syncthing_admin port.
 </summary>
 <param name="domain">
 <summary>
@@ -60141,9 +62458,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_squid_port" lineno="64416">
+<interface name="corenet_tcp_bind_syncthing_admin_port" lineno="88340">
 <summary>
-Bind TCP sockets to the squid port.
+Bind TCP sockets to the syncthing_admin port.
 </summary>
 <param name="domain">
 <summary>
@@ -60152,9 +62469,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_squid_port" lineno="64436">
+<interface name="corenet_udp_bind_syncthing_admin_port" lineno="88360">
 <summary>
-Bind UDP sockets to the squid port.
+Bind UDP sockets to the syncthing_admin port.
 </summary>
 <param name="domain">
 <summary>
@@ -60163,9 +62480,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_squid_port" lineno="64455">
+<interface name="corenet_tcp_connect_syncthing_admin_port" lineno="88379">
 <summary>
-Make a TCP connection to the squid port.
+Make a TCP connection to the syncthing_admin port.
 </summary>
 <param name="domain">
 <summary>
@@ -60173,9 +62490,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_squid_client_packets" lineno="64475">
+<interface name="corenet_send_syncthing_admin_client_packets" lineno="88399">
 <summary>
-Send squid_client packets.
+Send syncthing_admin_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -60184,9 +62501,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_squid_client_packets" lineno="64494">
+<interface name="corenet_dontaudit_send_syncthing_admin_client_packets" lineno="88418">
 <summary>
-Do not audit attempts to send squid_client packets.
+Do not audit attempts to send syncthing_admin_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -60195,9 +62512,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_squid_client_packets" lineno="64513">
+<interface name="corenet_receive_syncthing_admin_client_packets" lineno="88437">
 <summary>
-Receive squid_client packets.
+Receive syncthing_admin_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -60206,9 +62523,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_squid_client_packets" lineno="64532">
+<interface name="corenet_dontaudit_receive_syncthing_admin_client_packets" lineno="88456">
 <summary>
-Do not audit attempts to receive squid_client packets.
+Do not audit attempts to receive syncthing_admin_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -60217,9 +62534,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_squid_client_packets" lineno="64551">
+<interface name="corenet_sendrecv_syncthing_admin_client_packets" lineno="88475">
 <summary>
-Send and receive squid_client packets.
+Send and receive syncthing_admin_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -60228,9 +62545,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_squid_client_packets" lineno="64567">
+<interface name="corenet_dontaudit_sendrecv_syncthing_admin_client_packets" lineno="88491">
 <summary>
-Do not audit attempts to send and receive squid_client packets.
+Do not audit attempts to send and receive syncthing_admin_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -60239,9 +62556,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_squid_client_packets" lineno="64582">
+<interface name="corenet_relabelto_syncthing_admin_client_packets" lineno="88506">
 <summary>
-Relabel packets to squid_client the packet type.
+Relabel packets to syncthing_admin_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -60249,9 +62566,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_squid_server_packets" lineno="64602">
+<interface name="corenet_send_syncthing_admin_server_packets" lineno="88526">
 <summary>
-Send squid_server packets.
+Send syncthing_admin_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -60260,9 +62577,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_squid_server_packets" lineno="64621">
+<interface name="corenet_dontaudit_send_syncthing_admin_server_packets" lineno="88545">
 <summary>
-Do not audit attempts to send squid_server packets.
+Do not audit attempts to send syncthing_admin_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -60271,9 +62588,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_squid_server_packets" lineno="64640">
+<interface name="corenet_receive_syncthing_admin_server_packets" lineno="88564">
 <summary>
-Receive squid_server packets.
+Receive syncthing_admin_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -60282,9 +62599,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_squid_server_packets" lineno="64659">
+<interface name="corenet_dontaudit_receive_syncthing_admin_server_packets" lineno="88583">
 <summary>
-Do not audit attempts to receive squid_server packets.
+Do not audit attempts to receive syncthing_admin_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -60293,9 +62610,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_squid_server_packets" lineno="64678">
+<interface name="corenet_sendrecv_syncthing_admin_server_packets" lineno="88602">
 <summary>
-Send and receive squid_server packets.
+Send and receive syncthing_admin_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -60304,9 +62621,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_squid_server_packets" lineno="64694">
+<interface name="corenet_dontaudit_sendrecv_syncthing_admin_server_packets" lineno="88618">
 <summary>
-Do not audit attempts to send and receive squid_server packets.
+Do not audit attempts to send and receive syncthing_admin_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -60315,9 +62632,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_squid_server_packets" lineno="64709">
+<interface name="corenet_relabelto_syncthing_admin_server_packets" lineno="88633">
 <summary>
-Relabel packets to squid_server the packet type.
+Relabel packets to syncthing_admin_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -60325,9 +62642,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_ssh_port" lineno="64731">
+<interface name="corenet_tcp_sendrecv_syncthing_discovery_port" lineno="88655">
 <summary>
-Send and receive TCP traffic on the ssh port.
+Send and receive TCP traffic on the syncthing_discovery port.
 </summary>
 <param name="domain">
 <summary>
@@ -60336,9 +62653,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_ssh_port" lineno="64750">
+<interface name="corenet_udp_send_syncthing_discovery_port" lineno="88674">
 <summary>
-Send UDP traffic on the ssh port.
+Send UDP traffic on the syncthing_discovery port.
 </summary>
 <param name="domain">
 <summary>
@@ -60347,9 +62664,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_ssh_port" lineno="64769">
+<interface name="corenet_dontaudit_udp_send_syncthing_discovery_port" lineno="88693">
 <summary>
-Do not audit attempts to send UDP traffic on the ssh port.
+Do not audit attempts to send UDP traffic on the syncthing_discovery port.
 </summary>
 <param name="domain">
 <summary>
@@ -60358,9 +62675,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_ssh_port" lineno="64788">
+<interface name="corenet_udp_receive_syncthing_discovery_port" lineno="88712">
 <summary>
-Receive UDP traffic on the ssh port.
+Receive UDP traffic on the syncthing_discovery port.
 </summary>
 <param name="domain">
 <summary>
@@ -60369,9 +62686,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_ssh_port" lineno="64807">
+<interface name="corenet_dontaudit_udp_receive_syncthing_discovery_port" lineno="88731">
 <summary>
-Do not audit attempts to receive UDP traffic on the ssh port.
+Do not audit attempts to receive UDP traffic on the syncthing_discovery port.
 </summary>
 <param name="domain">
 <summary>
@@ -60380,9 +62697,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_ssh_port" lineno="64826">
+<interface name="corenet_udp_sendrecv_syncthing_discovery_port" lineno="88750">
 <summary>
-Send and receive UDP traffic on the ssh port.
+Send and receive UDP traffic on the syncthing_discovery port.
 </summary>
 <param name="domain">
 <summary>
@@ -60391,10 +62708,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_ssh_port" lineno="64843">
+<interface name="corenet_dontaudit_udp_sendrecv_syncthing_discovery_port" lineno="88767">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the ssh port.
+UDP traffic on the syncthing_discovery port.
 </summary>
 <param name="domain">
 <summary>
@@ -60403,9 +62720,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_ssh_port" lineno="64859">
+<interface name="corenet_tcp_bind_syncthing_discovery_port" lineno="88783">
 <summary>
-Bind TCP sockets to the ssh port.
+Bind TCP sockets to the syncthing_discovery port.
 </summary>
 <param name="domain">
 <summary>
@@ -60414,9 +62731,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_ssh_port" lineno="64879">
+<interface name="corenet_udp_bind_syncthing_discovery_port" lineno="88803">
 <summary>
-Bind UDP sockets to the ssh port.
+Bind UDP sockets to the syncthing_discovery port.
 </summary>
 <param name="domain">
 <summary>
@@ -60425,9 +62742,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_ssh_port" lineno="64898">
+<interface name="corenet_tcp_connect_syncthing_discovery_port" lineno="88822">
 <summary>
-Make a TCP connection to the ssh port.
+Make a TCP connection to the syncthing_discovery port.
 </summary>
 <param name="domain">
 <summary>
@@ -60435,9 +62752,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_ssh_client_packets" lineno="64918">
+<interface name="corenet_send_syncthing_discovery_client_packets" lineno="88842">
 <summary>
-Send ssh_client packets.
+Send syncthing_discovery_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -60446,9 +62763,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_ssh_client_packets" lineno="64937">
+<interface name="corenet_dontaudit_send_syncthing_discovery_client_packets" lineno="88861">
 <summary>
-Do not audit attempts to send ssh_client packets.
+Do not audit attempts to send syncthing_discovery_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -60457,9 +62774,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_ssh_client_packets" lineno="64956">
+<interface name="corenet_receive_syncthing_discovery_client_packets" lineno="88880">
 <summary>
-Receive ssh_client packets.
+Receive syncthing_discovery_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -60468,9 +62785,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_ssh_client_packets" lineno="64975">
+<interface name="corenet_dontaudit_receive_syncthing_discovery_client_packets" lineno="88899">
 <summary>
-Do not audit attempts to receive ssh_client packets.
+Do not audit attempts to receive syncthing_discovery_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -60479,9 +62796,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_ssh_client_packets" lineno="64994">
+<interface name="corenet_sendrecv_syncthing_discovery_client_packets" lineno="88918">
 <summary>
-Send and receive ssh_client packets.
+Send and receive syncthing_discovery_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -60490,9 +62807,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_ssh_client_packets" lineno="65010">
+<interface name="corenet_dontaudit_sendrecv_syncthing_discovery_client_packets" lineno="88934">
 <summary>
-Do not audit attempts to send and receive ssh_client packets.
+Do not audit attempts to send and receive syncthing_discovery_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -60501,9 +62818,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_ssh_client_packets" lineno="65025">
+<interface name="corenet_relabelto_syncthing_discovery_client_packets" lineno="88949">
 <summary>
-Relabel packets to ssh_client the packet type.
+Relabel packets to syncthing_discovery_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -60511,9 +62828,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_ssh_server_packets" lineno="65045">
+<interface name="corenet_send_syncthing_discovery_server_packets" lineno="88969">
 <summary>
-Send ssh_server packets.
+Send syncthing_discovery_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -60522,9 +62839,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_ssh_server_packets" lineno="65064">
+<interface name="corenet_dontaudit_send_syncthing_discovery_server_packets" lineno="88988">
 <summary>
-Do not audit attempts to send ssh_server packets.
+Do not audit attempts to send syncthing_discovery_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -60533,9 +62850,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_ssh_server_packets" lineno="65083">
+<interface name="corenet_receive_syncthing_discovery_server_packets" lineno="89007">
 <summary>
-Receive ssh_server packets.
+Receive syncthing_discovery_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -60544,9 +62861,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_ssh_server_packets" lineno="65102">
+<interface name="corenet_dontaudit_receive_syncthing_discovery_server_packets" lineno="89026">
 <summary>
-Do not audit attempts to receive ssh_server packets.
+Do not audit attempts to receive syncthing_discovery_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -60555,9 +62872,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_ssh_server_packets" lineno="65121">
+<interface name="corenet_sendrecv_syncthing_discovery_server_packets" lineno="89045">
 <summary>
-Send and receive ssh_server packets.
+Send and receive syncthing_discovery_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -60566,9 +62883,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_ssh_server_packets" lineno="65137">
+<interface name="corenet_dontaudit_sendrecv_syncthing_discovery_server_packets" lineno="89061">
 <summary>
-Do not audit attempts to send and receive ssh_server packets.
+Do not audit attempts to send and receive syncthing_discovery_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -60577,9 +62894,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_ssh_server_packets" lineno="65152">
+<interface name="corenet_relabelto_syncthing_discovery_server_packets" lineno="89076">
 <summary>
-Relabel packets to ssh_server the packet type.
+Relabel packets to syncthing_discovery_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -60587,9 +62904,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_stunnel_port" lineno="65174">
+<interface name="corenet_tcp_sendrecv_sype_transport_port" lineno="89098">
 <summary>
-Send and receive TCP traffic on the stunnel port.
+Send and receive TCP traffic on the sype_transport port.
 </summary>
 <param name="domain">
 <summary>
@@ -60598,9 +62915,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_stunnel_port" lineno="65193">
+<interface name="corenet_udp_send_sype_transport_port" lineno="89117">
 <summary>
-Send UDP traffic on the stunnel port.
+Send UDP traffic on the sype_transport port.
 </summary>
 <param name="domain">
 <summary>
@@ -60609,9 +62926,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_stunnel_port" lineno="65212">
+<interface name="corenet_dontaudit_udp_send_sype_transport_port" lineno="89136">
 <summary>
-Do not audit attempts to send UDP traffic on the stunnel port.
+Do not audit attempts to send UDP traffic on the sype_transport port.
 </summary>
 <param name="domain">
 <summary>
@@ -60620,9 +62937,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_stunnel_port" lineno="65231">
+<interface name="corenet_udp_receive_sype_transport_port" lineno="89155">
 <summary>
-Receive UDP traffic on the stunnel port.
+Receive UDP traffic on the sype_transport port.
 </summary>
 <param name="domain">
 <summary>
@@ -60631,9 +62948,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_stunnel_port" lineno="65250">
+<interface name="corenet_dontaudit_udp_receive_sype_transport_port" lineno="89174">
 <summary>
-Do not audit attempts to receive UDP traffic on the stunnel port.
+Do not audit attempts to receive UDP traffic on the sype_transport port.
 </summary>
 <param name="domain">
 <summary>
@@ -60642,9 +62959,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_stunnel_port" lineno="65269">
+<interface name="corenet_udp_sendrecv_sype_transport_port" lineno="89193">
 <summary>
-Send and receive UDP traffic on the stunnel port.
+Send and receive UDP traffic on the sype_transport port.
 </summary>
 <param name="domain">
 <summary>
@@ -60653,10 +62970,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_stunnel_port" lineno="65286">
+<interface name="corenet_dontaudit_udp_sendrecv_sype_transport_port" lineno="89210">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the stunnel port.
+UDP traffic on the sype_transport port.
 </summary>
 <param name="domain">
 <summary>
@@ -60665,9 +62982,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_stunnel_port" lineno="65302">
+<interface name="corenet_tcp_bind_sype_transport_port" lineno="89226">
 <summary>
-Bind TCP sockets to the stunnel port.
+Bind TCP sockets to the sype_transport port.
 </summary>
 <param name="domain">
 <summary>
@@ -60676,9 +62993,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_stunnel_port" lineno="65322">
+<interface name="corenet_udp_bind_sype_transport_port" lineno="89246">
 <summary>
-Bind UDP sockets to the stunnel port.
+Bind UDP sockets to the sype_transport port.
 </summary>
 <param name="domain">
 <summary>
@@ -60687,9 +63004,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_stunnel_port" lineno="65341">
+<interface name="corenet_tcp_connect_sype_transport_port" lineno="89265">
 <summary>
-Make a TCP connection to the stunnel port.
+Make a TCP connection to the sype_transport port.
 </summary>
 <param name="domain">
 <summary>
@@ -60697,9 +63014,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_stunnel_client_packets" lineno="65361">
+<interface name="corenet_send_sype_transport_client_packets" lineno="89285">
 <summary>
-Send stunnel_client packets.
+Send sype_transport_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -60708,9 +63025,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_stunnel_client_packets" lineno="65380">
+<interface name="corenet_dontaudit_send_sype_transport_client_packets" lineno="89304">
 <summary>
-Do not audit attempts to send stunnel_client packets.
+Do not audit attempts to send sype_transport_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -60719,9 +63036,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_stunnel_client_packets" lineno="65399">
+<interface name="corenet_receive_sype_transport_client_packets" lineno="89323">
 <summary>
-Receive stunnel_client packets.
+Receive sype_transport_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -60730,9 +63047,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_stunnel_client_packets" lineno="65418">
+<interface name="corenet_dontaudit_receive_sype_transport_client_packets" lineno="89342">
 <summary>
-Do not audit attempts to receive stunnel_client packets.
+Do not audit attempts to receive sype_transport_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -60741,9 +63058,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_stunnel_client_packets" lineno="65437">
+<interface name="corenet_sendrecv_sype_transport_client_packets" lineno="89361">
 <summary>
-Send and receive stunnel_client packets.
+Send and receive sype_transport_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -60752,9 +63069,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_stunnel_client_packets" lineno="65453">
+<interface name="corenet_dontaudit_sendrecv_sype_transport_client_packets" lineno="89377">
 <summary>
-Do not audit attempts to send and receive stunnel_client packets.
+Do not audit attempts to send and receive sype_transport_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -60763,9 +63080,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_stunnel_client_packets" lineno="65468">
+<interface name="corenet_relabelto_sype_transport_client_packets" lineno="89392">
 <summary>
-Relabel packets to stunnel_client the packet type.
+Relabel packets to sype_transport_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -60773,9 +63090,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_stunnel_server_packets" lineno="65488">
+<interface name="corenet_send_sype_transport_server_packets" lineno="89412">
 <summary>
-Send stunnel_server packets.
+Send sype_transport_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -60784,9 +63101,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_stunnel_server_packets" lineno="65507">
+<interface name="corenet_dontaudit_send_sype_transport_server_packets" lineno="89431">
 <summary>
-Do not audit attempts to send stunnel_server packets.
+Do not audit attempts to send sype_transport_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -60795,9 +63112,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_stunnel_server_packets" lineno="65526">
+<interface name="corenet_receive_sype_transport_server_packets" lineno="89450">
 <summary>
-Receive stunnel_server packets.
+Receive sype_transport_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -60806,9 +63123,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_stunnel_server_packets" lineno="65545">
+<interface name="corenet_dontaudit_receive_sype_transport_server_packets" lineno="89469">
 <summary>
-Do not audit attempts to receive stunnel_server packets.
+Do not audit attempts to receive sype_transport_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -60817,9 +63134,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_stunnel_server_packets" lineno="65564">
+<interface name="corenet_sendrecv_sype_transport_server_packets" lineno="89488">
 <summary>
-Send and receive stunnel_server packets.
+Send and receive sype_transport_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -60828,9 +63145,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_stunnel_server_packets" lineno="65580">
+<interface name="corenet_dontaudit_sendrecv_sype_transport_server_packets" lineno="89504">
 <summary>
-Do not audit attempts to send and receive stunnel_server packets.
+Do not audit attempts to send and receive sype_transport_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -60839,9 +63156,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_stunnel_server_packets" lineno="65595">
+<interface name="corenet_relabelto_sype_transport_server_packets" lineno="89519">
 <summary>
-Relabel packets to stunnel_server the packet type.
+Relabel packets to sype_transport_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -60849,9 +63166,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_swat_port" lineno="65617">
+<interface name="corenet_tcp_sendrecv_syslogd_port" lineno="89541">
 <summary>
-Send and receive TCP traffic on the swat port.
+Send and receive TCP traffic on the syslogd port.
 </summary>
 <param name="domain">
 <summary>
@@ -60860,9 +63177,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_swat_port" lineno="65636">
+<interface name="corenet_udp_send_syslogd_port" lineno="89560">
 <summary>
-Send UDP traffic on the swat port.
+Send UDP traffic on the syslogd port.
 </summary>
 <param name="domain">
 <summary>
@@ -60871,9 +63188,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_swat_port" lineno="65655">
+<interface name="corenet_dontaudit_udp_send_syslogd_port" lineno="89579">
 <summary>
-Do not audit attempts to send UDP traffic on the swat port.
+Do not audit attempts to send UDP traffic on the syslogd port.
 </summary>
 <param name="domain">
 <summary>
@@ -60882,9 +63199,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_swat_port" lineno="65674">
+<interface name="corenet_udp_receive_syslogd_port" lineno="89598">
 <summary>
-Receive UDP traffic on the swat port.
+Receive UDP traffic on the syslogd port.
 </summary>
 <param name="domain">
 <summary>
@@ -60893,9 +63210,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_swat_port" lineno="65693">
+<interface name="corenet_dontaudit_udp_receive_syslogd_port" lineno="89617">
 <summary>
-Do not audit attempts to receive UDP traffic on the swat port.
+Do not audit attempts to receive UDP traffic on the syslogd port.
 </summary>
 <param name="domain">
 <summary>
@@ -60904,9 +63221,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_swat_port" lineno="65712">
+<interface name="corenet_udp_sendrecv_syslogd_port" lineno="89636">
 <summary>
-Send and receive UDP traffic on the swat port.
+Send and receive UDP traffic on the syslogd port.
 </summary>
 <param name="domain">
 <summary>
@@ -60915,10 +63232,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_swat_port" lineno="65729">
+<interface name="corenet_dontaudit_udp_sendrecv_syslogd_port" lineno="89653">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the swat port.
+UDP traffic on the syslogd port.
 </summary>
 <param name="domain">
 <summary>
@@ -60927,9 +63244,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_swat_port" lineno="65745">
+<interface name="corenet_tcp_bind_syslogd_port" lineno="89669">
 <summary>
-Bind TCP sockets to the swat port.
+Bind TCP sockets to the syslogd port.
 </summary>
 <param name="domain">
 <summary>
@@ -60938,9 +63255,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_swat_port" lineno="65765">
+<interface name="corenet_udp_bind_syslogd_port" lineno="89689">
 <summary>
-Bind UDP sockets to the swat port.
+Bind UDP sockets to the syslogd port.
 </summary>
 <param name="domain">
 <summary>
@@ -60949,9 +63266,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_swat_port" lineno="65784">
+<interface name="corenet_tcp_connect_syslogd_port" lineno="89708">
 <summary>
-Make a TCP connection to the swat port.
+Make a TCP connection to the syslogd port.
 </summary>
 <param name="domain">
 <summary>
@@ -60959,9 +63276,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_swat_client_packets" lineno="65804">
+<interface name="corenet_send_syslogd_client_packets" lineno="89728">
 <summary>
-Send swat_client packets.
+Send syslogd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -60970,9 +63287,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_swat_client_packets" lineno="65823">
+<interface name="corenet_dontaudit_send_syslogd_client_packets" lineno="89747">
 <summary>
-Do not audit attempts to send swat_client packets.
+Do not audit attempts to send syslogd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -60981,9 +63298,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_swat_client_packets" lineno="65842">
+<interface name="corenet_receive_syslogd_client_packets" lineno="89766">
 <summary>
-Receive swat_client packets.
+Receive syslogd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -60992,9 +63309,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_swat_client_packets" lineno="65861">
+<interface name="corenet_dontaudit_receive_syslogd_client_packets" lineno="89785">
 <summary>
-Do not audit attempts to receive swat_client packets.
+Do not audit attempts to receive syslogd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -61003,9 +63320,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_swat_client_packets" lineno="65880">
+<interface name="corenet_sendrecv_syslogd_client_packets" lineno="89804">
 <summary>
-Send and receive swat_client packets.
+Send and receive syslogd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -61014,9 +63331,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_swat_client_packets" lineno="65896">
+<interface name="corenet_dontaudit_sendrecv_syslogd_client_packets" lineno="89820">
 <summary>
-Do not audit attempts to send and receive swat_client packets.
+Do not audit attempts to send and receive syslogd_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -61025,9 +63342,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_swat_client_packets" lineno="65911">
+<interface name="corenet_relabelto_syslogd_client_packets" lineno="89835">
 <summary>
-Relabel packets to swat_client the packet type.
+Relabel packets to syslogd_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -61035,9 +63352,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_swat_server_packets" lineno="65931">
+<interface name="corenet_send_syslogd_server_packets" lineno="89855">
 <summary>
-Send swat_server packets.
+Send syslogd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -61046,9 +63363,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_swat_server_packets" lineno="65950">
+<interface name="corenet_dontaudit_send_syslogd_server_packets" lineno="89874">
 <summary>
-Do not audit attempts to send swat_server packets.
+Do not audit attempts to send syslogd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -61057,9 +63374,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_swat_server_packets" lineno="65969">
+<interface name="corenet_receive_syslogd_server_packets" lineno="89893">
 <summary>
-Receive swat_server packets.
+Receive syslogd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -61068,9 +63385,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_swat_server_packets" lineno="65988">
+<interface name="corenet_dontaudit_receive_syslogd_server_packets" lineno="89912">
 <summary>
-Do not audit attempts to receive swat_server packets.
+Do not audit attempts to receive syslogd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -61079,9 +63396,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_swat_server_packets" lineno="66007">
+<interface name="corenet_sendrecv_syslogd_server_packets" lineno="89931">
 <summary>
-Send and receive swat_server packets.
+Send and receive syslogd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -61090,9 +63407,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_swat_server_packets" lineno="66023">
+<interface name="corenet_dontaudit_sendrecv_syslogd_server_packets" lineno="89947">
 <summary>
-Do not audit attempts to send and receive swat_server packets.
+Do not audit attempts to send and receive syslogd_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -61101,9 +63418,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_swat_server_packets" lineno="66038">
+<interface name="corenet_relabelto_syslogd_server_packets" lineno="89962">
 <summary>
-Relabel packets to swat_server the packet type.
+Relabel packets to syslogd_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -61111,9 +63428,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_syslogd_port" lineno="66060">
+<interface name="corenet_tcp_sendrecv_syslog_tls_port" lineno="89984">
 <summary>
-Send and receive TCP traffic on the syslogd port.
+Send and receive TCP traffic on the syslog_tls port.
 </summary>
 <param name="domain">
 <summary>
@@ -61122,9 +63439,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_syslogd_port" lineno="66079">
+<interface name="corenet_udp_send_syslog_tls_port" lineno="90003">
 <summary>
-Send UDP traffic on the syslogd port.
+Send UDP traffic on the syslog_tls port.
 </summary>
 <param name="domain">
 <summary>
@@ -61133,9 +63450,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_syslogd_port" lineno="66098">
+<interface name="corenet_dontaudit_udp_send_syslog_tls_port" lineno="90022">
 <summary>
-Do not audit attempts to send UDP traffic on the syslogd port.
+Do not audit attempts to send UDP traffic on the syslog_tls port.
 </summary>
 <param name="domain">
 <summary>
@@ -61144,9 +63461,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_syslogd_port" lineno="66117">
+<interface name="corenet_udp_receive_syslog_tls_port" lineno="90041">
 <summary>
-Receive UDP traffic on the syslogd port.
+Receive UDP traffic on the syslog_tls port.
 </summary>
 <param name="domain">
 <summary>
@@ -61155,9 +63472,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_syslogd_port" lineno="66136">
+<interface name="corenet_dontaudit_udp_receive_syslog_tls_port" lineno="90060">
 <summary>
-Do not audit attempts to receive UDP traffic on the syslogd port.
+Do not audit attempts to receive UDP traffic on the syslog_tls port.
 </summary>
 <param name="domain">
 <summary>
@@ -61166,9 +63483,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_syslogd_port" lineno="66155">
+<interface name="corenet_udp_sendrecv_syslog_tls_port" lineno="90079">
 <summary>
-Send and receive UDP traffic on the syslogd port.
+Send and receive UDP traffic on the syslog_tls port.
 </summary>
 <param name="domain">
 <summary>
@@ -61177,10 +63494,10 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_syslogd_port" lineno="66172">
+<interface name="corenet_dontaudit_udp_sendrecv_syslog_tls_port" lineno="90096">
 <summary>
 Do not audit attempts to send and receive
-UDP traffic on the syslogd port.
+UDP traffic on the syslog_tls port.
 </summary>
 <param name="domain">
 <summary>
@@ -61189,9 +63506,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_syslogd_port" lineno="66188">
+<interface name="corenet_tcp_bind_syslog_tls_port" lineno="90112">
 <summary>
-Bind TCP sockets to the syslogd port.
+Bind TCP sockets to the syslog_tls port.
 </summary>
 <param name="domain">
 <summary>
@@ -61200,9 +63517,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_syslogd_port" lineno="66208">
+<interface name="corenet_udp_bind_syslog_tls_port" lineno="90132">
 <summary>
-Bind UDP sockets to the syslogd port.
+Bind UDP sockets to the syslog_tls port.
 </summary>
 <param name="domain">
 <summary>
@@ -61211,9 +63528,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_syslogd_port" lineno="66227">
+<interface name="corenet_tcp_connect_syslog_tls_port" lineno="90151">
 <summary>
-Make a TCP connection to the syslogd port.
+Make a TCP connection to the syslog_tls port.
 </summary>
 <param name="domain">
 <summary>
@@ -61221,9 +63538,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_syslogd_client_packets" lineno="66247">
+<interface name="corenet_send_syslog_tls_client_packets" lineno="90171">
 <summary>
-Send syslogd_client packets.
+Send syslog_tls_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -61232,9 +63549,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_syslogd_client_packets" lineno="66266">
+<interface name="corenet_dontaudit_send_syslog_tls_client_packets" lineno="90190">
 <summary>
-Do not audit attempts to send syslogd_client packets.
+Do not audit attempts to send syslog_tls_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -61243,9 +63560,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_syslogd_client_packets" lineno="66285">
+<interface name="corenet_receive_syslog_tls_client_packets" lineno="90209">
 <summary>
-Receive syslogd_client packets.
+Receive syslog_tls_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -61254,9 +63571,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_syslogd_client_packets" lineno="66304">
+<interface name="corenet_dontaudit_receive_syslog_tls_client_packets" lineno="90228">
 <summary>
-Do not audit attempts to receive syslogd_client packets.
+Do not audit attempts to receive syslog_tls_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -61265,9 +63582,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_syslogd_client_packets" lineno="66323">
+<interface name="corenet_sendrecv_syslog_tls_client_packets" lineno="90247">
 <summary>
-Send and receive syslogd_client packets.
+Send and receive syslog_tls_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -61276,9 +63593,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_syslogd_client_packets" lineno="66339">
+<interface name="corenet_dontaudit_sendrecv_syslog_tls_client_packets" lineno="90263">
 <summary>
-Do not audit attempts to send and receive syslogd_client packets.
+Do not audit attempts to send and receive syslog_tls_client packets.
 </summary>
 <param name="domain">
 <summary>
@@ -61287,9 +63604,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_syslogd_client_packets" lineno="66354">
+<interface name="corenet_relabelto_syslog_tls_client_packets" lineno="90278">
 <summary>
-Relabel packets to syslogd_client the packet type.
+Relabel packets to syslog_tls_client the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -61297,9 +63614,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_syslogd_server_packets" lineno="66374">
+<interface name="corenet_send_syslog_tls_server_packets" lineno="90298">
 <summary>
-Send syslogd_server packets.
+Send syslog_tls_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -61308,9 +63625,9 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_syslogd_server_packets" lineno="66393">
+<interface name="corenet_dontaudit_send_syslog_tls_server_packets" lineno="90317">
 <summary>
-Do not audit attempts to send syslogd_server packets.
+Do not audit attempts to send syslog_tls_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -61319,9 +63636,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_syslogd_server_packets" lineno="66412">
+<interface name="corenet_receive_syslog_tls_server_packets" lineno="90336">
 <summary>
-Receive syslogd_server packets.
+Receive syslog_tls_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -61330,9 +63647,9 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_syslogd_server_packets" lineno="66431">
+<interface name="corenet_dontaudit_receive_syslog_tls_server_packets" lineno="90355">
 <summary>
-Do not audit attempts to receive syslogd_server packets.
+Do not audit attempts to receive syslog_tls_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -61341,9 +63658,9 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_syslogd_server_packets" lineno="66450">
+<interface name="corenet_sendrecv_syslog_tls_server_packets" lineno="90374">
 <summary>
-Send and receive syslogd_server packets.
+Send and receive syslog_tls_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -61352,9 +63669,9 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_syslogd_server_packets" lineno="66466">
+<interface name="corenet_dontaudit_sendrecv_syslog_tls_server_packets" lineno="90390">
 <summary>
-Do not audit attempts to send and receive syslogd_server packets.
+Do not audit attempts to send and receive syslog_tls_server packets.
 </summary>
 <param name="domain">
 <summary>
@@ -61363,9 +63680,9 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_syslogd_server_packets" lineno="66481">
+<interface name="corenet_relabelto_syslog_tls_server_packets" lineno="90405">
 <summary>
-Relabel packets to syslogd_server the packet type.
+Relabel packets to syslog_tls_server the packet type.
 </summary>
 <param name="domain">
 <summary>
@@ -61373,7 +63690,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_tcs_port" lineno="66503">
+<interface name="corenet_tcp_sendrecv_tcs_port" lineno="90427">
 <summary>
 Send and receive TCP traffic on the tcs port.
 </summary>
@@ -61384,7 +63701,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_tcs_port" lineno="66522">
+<interface name="corenet_udp_send_tcs_port" lineno="90446">
 <summary>
 Send UDP traffic on the tcs port.
 </summary>
@@ -61395,7 +63712,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_tcs_port" lineno="66541">
+<interface name="corenet_dontaudit_udp_send_tcs_port" lineno="90465">
 <summary>
 Do not audit attempts to send UDP traffic on the tcs port.
 </summary>
@@ -61406,7 +63723,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_tcs_port" lineno="66560">
+<interface name="corenet_udp_receive_tcs_port" lineno="90484">
 <summary>
 Receive UDP traffic on the tcs port.
 </summary>
@@ -61417,7 +63734,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_tcs_port" lineno="66579">
+<interface name="corenet_dontaudit_udp_receive_tcs_port" lineno="90503">
 <summary>
 Do not audit attempts to receive UDP traffic on the tcs port.
 </summary>
@@ -61428,7 +63745,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_tcs_port" lineno="66598">
+<interface name="corenet_udp_sendrecv_tcs_port" lineno="90522">
 <summary>
 Send and receive UDP traffic on the tcs port.
 </summary>
@@ -61439,7 +63756,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_tcs_port" lineno="66615">
+<interface name="corenet_dontaudit_udp_sendrecv_tcs_port" lineno="90539">
 <summary>
 Do not audit attempts to send and receive
 UDP traffic on the tcs port.
@@ -61451,7 +63768,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_tcs_port" lineno="66631">
+<interface name="corenet_tcp_bind_tcs_port" lineno="90555">
 <summary>
 Bind TCP sockets to the tcs port.
 </summary>
@@ -61462,7 +63779,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_tcs_port" lineno="66651">
+<interface name="corenet_udp_bind_tcs_port" lineno="90575">
 <summary>
 Bind UDP sockets to the tcs port.
 </summary>
@@ -61473,7 +63790,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_tcs_port" lineno="66670">
+<interface name="corenet_tcp_connect_tcs_port" lineno="90594">
 <summary>
 Make a TCP connection to the tcs port.
 </summary>
@@ -61483,7 +63800,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_tcs_client_packets" lineno="66690">
+<interface name="corenet_send_tcs_client_packets" lineno="90614">
 <summary>
 Send tcs_client packets.
 </summary>
@@ -61494,7 +63811,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_tcs_client_packets" lineno="66709">
+<interface name="corenet_dontaudit_send_tcs_client_packets" lineno="90633">
 <summary>
 Do not audit attempts to send tcs_client packets.
 </summary>
@@ -61505,7 +63822,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_tcs_client_packets" lineno="66728">
+<interface name="corenet_receive_tcs_client_packets" lineno="90652">
 <summary>
 Receive tcs_client packets.
 </summary>
@@ -61516,7 +63833,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_tcs_client_packets" lineno="66747">
+<interface name="corenet_dontaudit_receive_tcs_client_packets" lineno="90671">
 <summary>
 Do not audit attempts to receive tcs_client packets.
 </summary>
@@ -61527,7 +63844,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_tcs_client_packets" lineno="66766">
+<interface name="corenet_sendrecv_tcs_client_packets" lineno="90690">
 <summary>
 Send and receive tcs_client packets.
 </summary>
@@ -61538,7 +63855,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_tcs_client_packets" lineno="66782">
+<interface name="corenet_dontaudit_sendrecv_tcs_client_packets" lineno="90706">
 <summary>
 Do not audit attempts to send and receive tcs_client packets.
 </summary>
@@ -61549,7 +63866,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_tcs_client_packets" lineno="66797">
+<interface name="corenet_relabelto_tcs_client_packets" lineno="90721">
 <summary>
 Relabel packets to tcs_client the packet type.
 </summary>
@@ -61559,7 +63876,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_tcs_server_packets" lineno="66817">
+<interface name="corenet_send_tcs_server_packets" lineno="90741">
 <summary>
 Send tcs_server packets.
 </summary>
@@ -61570,7 +63887,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_tcs_server_packets" lineno="66836">
+<interface name="corenet_dontaudit_send_tcs_server_packets" lineno="90760">
 <summary>
 Do not audit attempts to send tcs_server packets.
 </summary>
@@ -61581,7 +63898,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_tcs_server_packets" lineno="66855">
+<interface name="corenet_receive_tcs_server_packets" lineno="90779">
 <summary>
 Receive tcs_server packets.
 </summary>
@@ -61592,7 +63909,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_tcs_server_packets" lineno="66874">
+<interface name="corenet_dontaudit_receive_tcs_server_packets" lineno="90798">
 <summary>
 Do not audit attempts to receive tcs_server packets.
 </summary>
@@ -61603,7 +63920,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_tcs_server_packets" lineno="66893">
+<interface name="corenet_sendrecv_tcs_server_packets" lineno="90817">
 <summary>
 Send and receive tcs_server packets.
 </summary>
@@ -61614,7 +63931,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_tcs_server_packets" lineno="66909">
+<interface name="corenet_dontaudit_sendrecv_tcs_server_packets" lineno="90833">
 <summary>
 Do not audit attempts to send and receive tcs_server packets.
 </summary>
@@ -61625,7 +63942,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_tcs_server_packets" lineno="66924">
+<interface name="corenet_relabelto_tcs_server_packets" lineno="90848">
 <summary>
 Relabel packets to tcs_server the packet type.
 </summary>
@@ -61635,7 +63952,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_telnetd_port" lineno="66946">
+<interface name="corenet_tcp_sendrecv_telnetd_port" lineno="90870">
 <summary>
 Send and receive TCP traffic on the telnetd port.
 </summary>
@@ -61646,7 +63963,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_telnetd_port" lineno="66965">
+<interface name="corenet_udp_send_telnetd_port" lineno="90889">
 <summary>
 Send UDP traffic on the telnetd port.
 </summary>
@@ -61657,7 +63974,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_telnetd_port" lineno="66984">
+<interface name="corenet_dontaudit_udp_send_telnetd_port" lineno="90908">
 <summary>
 Do not audit attempts to send UDP traffic on the telnetd port.
 </summary>
@@ -61668,7 +63985,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_telnetd_port" lineno="67003">
+<interface name="corenet_udp_receive_telnetd_port" lineno="90927">
 <summary>
 Receive UDP traffic on the telnetd port.
 </summary>
@@ -61679,7 +63996,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_telnetd_port" lineno="67022">
+<interface name="corenet_dontaudit_udp_receive_telnetd_port" lineno="90946">
 <summary>
 Do not audit attempts to receive UDP traffic on the telnetd port.
 </summary>
@@ -61690,7 +64007,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_telnetd_port" lineno="67041">
+<interface name="corenet_udp_sendrecv_telnetd_port" lineno="90965">
 <summary>
 Send and receive UDP traffic on the telnetd port.
 </summary>
@@ -61701,7 +64018,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_telnetd_port" lineno="67058">
+<interface name="corenet_dontaudit_udp_sendrecv_telnetd_port" lineno="90982">
 <summary>
 Do not audit attempts to send and receive
 UDP traffic on the telnetd port.
@@ -61713,7 +64030,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_telnetd_port" lineno="67074">
+<interface name="corenet_tcp_bind_telnetd_port" lineno="90998">
 <summary>
 Bind TCP sockets to the telnetd port.
 </summary>
@@ -61724,7 +64041,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_telnetd_port" lineno="67094">
+<interface name="corenet_udp_bind_telnetd_port" lineno="91018">
 <summary>
 Bind UDP sockets to the telnetd port.
 </summary>
@@ -61735,7 +64052,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_telnetd_port" lineno="67113">
+<interface name="corenet_tcp_connect_telnetd_port" lineno="91037">
 <summary>
 Make a TCP connection to the telnetd port.
 </summary>
@@ -61745,7 +64062,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_telnetd_client_packets" lineno="67133">
+<interface name="corenet_send_telnetd_client_packets" lineno="91057">
 <summary>
 Send telnetd_client packets.
 </summary>
@@ -61756,7 +64073,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_telnetd_client_packets" lineno="67152">
+<interface name="corenet_dontaudit_send_telnetd_client_packets" lineno="91076">
 <summary>
 Do not audit attempts to send telnetd_client packets.
 </summary>
@@ -61767,7 +64084,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_telnetd_client_packets" lineno="67171">
+<interface name="corenet_receive_telnetd_client_packets" lineno="91095">
 <summary>
 Receive telnetd_client packets.
 </summary>
@@ -61778,7 +64095,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_telnetd_client_packets" lineno="67190">
+<interface name="corenet_dontaudit_receive_telnetd_client_packets" lineno="91114">
 <summary>
 Do not audit attempts to receive telnetd_client packets.
 </summary>
@@ -61789,7 +64106,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_telnetd_client_packets" lineno="67209">
+<interface name="corenet_sendrecv_telnetd_client_packets" lineno="91133">
 <summary>
 Send and receive telnetd_client packets.
 </summary>
@@ -61800,7 +64117,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_telnetd_client_packets" lineno="67225">
+<interface name="corenet_dontaudit_sendrecv_telnetd_client_packets" lineno="91149">
 <summary>
 Do not audit attempts to send and receive telnetd_client packets.
 </summary>
@@ -61811,7 +64128,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_telnetd_client_packets" lineno="67240">
+<interface name="corenet_relabelto_telnetd_client_packets" lineno="91164">
 <summary>
 Relabel packets to telnetd_client the packet type.
 </summary>
@@ -61821,7 +64138,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_telnetd_server_packets" lineno="67260">
+<interface name="corenet_send_telnetd_server_packets" lineno="91184">
 <summary>
 Send telnetd_server packets.
 </summary>
@@ -61832,7 +64149,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_telnetd_server_packets" lineno="67279">
+<interface name="corenet_dontaudit_send_telnetd_server_packets" lineno="91203">
 <summary>
 Do not audit attempts to send telnetd_server packets.
 </summary>
@@ -61843,7 +64160,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_telnetd_server_packets" lineno="67298">
+<interface name="corenet_receive_telnetd_server_packets" lineno="91222">
 <summary>
 Receive telnetd_server packets.
 </summary>
@@ -61854,7 +64171,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_telnetd_server_packets" lineno="67317">
+<interface name="corenet_dontaudit_receive_telnetd_server_packets" lineno="91241">
 <summary>
 Do not audit attempts to receive telnetd_server packets.
 </summary>
@@ -61865,7 +64182,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_telnetd_server_packets" lineno="67336">
+<interface name="corenet_sendrecv_telnetd_server_packets" lineno="91260">
 <summary>
 Send and receive telnetd_server packets.
 </summary>
@@ -61876,7 +64193,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_telnetd_server_packets" lineno="67352">
+<interface name="corenet_dontaudit_sendrecv_telnetd_server_packets" lineno="91276">
 <summary>
 Do not audit attempts to send and receive telnetd_server packets.
 </summary>
@@ -61887,7 +64204,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_telnetd_server_packets" lineno="67367">
+<interface name="corenet_relabelto_telnetd_server_packets" lineno="91291">
 <summary>
 Relabel packets to telnetd_server the packet type.
 </summary>
@@ -61897,7 +64214,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_tftp_port" lineno="67389">
+<interface name="corenet_tcp_sendrecv_tftp_port" lineno="91313">
 <summary>
 Send and receive TCP traffic on the tftp port.
 </summary>
@@ -61908,7 +64225,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_tftp_port" lineno="67408">
+<interface name="corenet_udp_send_tftp_port" lineno="91332">
 <summary>
 Send UDP traffic on the tftp port.
 </summary>
@@ -61919,7 +64236,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_tftp_port" lineno="67427">
+<interface name="corenet_dontaudit_udp_send_tftp_port" lineno="91351">
 <summary>
 Do not audit attempts to send UDP traffic on the tftp port.
 </summary>
@@ -61930,7 +64247,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_tftp_port" lineno="67446">
+<interface name="corenet_udp_receive_tftp_port" lineno="91370">
 <summary>
 Receive UDP traffic on the tftp port.
 </summary>
@@ -61941,7 +64258,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_tftp_port" lineno="67465">
+<interface name="corenet_dontaudit_udp_receive_tftp_port" lineno="91389">
 <summary>
 Do not audit attempts to receive UDP traffic on the tftp port.
 </summary>
@@ -61952,7 +64269,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_tftp_port" lineno="67484">
+<interface name="corenet_udp_sendrecv_tftp_port" lineno="91408">
 <summary>
 Send and receive UDP traffic on the tftp port.
 </summary>
@@ -61963,7 +64280,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_tftp_port" lineno="67501">
+<interface name="corenet_dontaudit_udp_sendrecv_tftp_port" lineno="91425">
 <summary>
 Do not audit attempts to send and receive
 UDP traffic on the tftp port.
@@ -61975,7 +64292,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_tftp_port" lineno="67517">
+<interface name="corenet_tcp_bind_tftp_port" lineno="91441">
 <summary>
 Bind TCP sockets to the tftp port.
 </summary>
@@ -61986,7 +64303,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_tftp_port" lineno="67537">
+<interface name="corenet_udp_bind_tftp_port" lineno="91461">
 <summary>
 Bind UDP sockets to the tftp port.
 </summary>
@@ -61997,7 +64314,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_tftp_port" lineno="67556">
+<interface name="corenet_tcp_connect_tftp_port" lineno="91480">
 <summary>
 Make a TCP connection to the tftp port.
 </summary>
@@ -62007,7 +64324,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_tftp_client_packets" lineno="67576">
+<interface name="corenet_send_tftp_client_packets" lineno="91500">
 <summary>
 Send tftp_client packets.
 </summary>
@@ -62018,7 +64335,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_tftp_client_packets" lineno="67595">
+<interface name="corenet_dontaudit_send_tftp_client_packets" lineno="91519">
 <summary>
 Do not audit attempts to send tftp_client packets.
 </summary>
@@ -62029,7 +64346,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_tftp_client_packets" lineno="67614">
+<interface name="corenet_receive_tftp_client_packets" lineno="91538">
 <summary>
 Receive tftp_client packets.
 </summary>
@@ -62040,7 +64357,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_tftp_client_packets" lineno="67633">
+<interface name="corenet_dontaudit_receive_tftp_client_packets" lineno="91557">
 <summary>
 Do not audit attempts to receive tftp_client packets.
 </summary>
@@ -62051,7 +64368,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_tftp_client_packets" lineno="67652">
+<interface name="corenet_sendrecv_tftp_client_packets" lineno="91576">
 <summary>
 Send and receive tftp_client packets.
 </summary>
@@ -62062,7 +64379,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_tftp_client_packets" lineno="67668">
+<interface name="corenet_dontaudit_sendrecv_tftp_client_packets" lineno="91592">
 <summary>
 Do not audit attempts to send and receive tftp_client packets.
 </summary>
@@ -62073,7 +64390,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_tftp_client_packets" lineno="67683">
+<interface name="corenet_relabelto_tftp_client_packets" lineno="91607">
 <summary>
 Relabel packets to tftp_client the packet type.
 </summary>
@@ -62083,7 +64400,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_tftp_server_packets" lineno="67703">
+<interface name="corenet_send_tftp_server_packets" lineno="91627">
 <summary>
 Send tftp_server packets.
 </summary>
@@ -62094,7 +64411,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_tftp_server_packets" lineno="67722">
+<interface name="corenet_dontaudit_send_tftp_server_packets" lineno="91646">
 <summary>
 Do not audit attempts to send tftp_server packets.
 </summary>
@@ -62105,7 +64422,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_tftp_server_packets" lineno="67741">
+<interface name="corenet_receive_tftp_server_packets" lineno="91665">
 <summary>
 Receive tftp_server packets.
 </summary>
@@ -62116,7 +64433,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_tftp_server_packets" lineno="67760">
+<interface name="corenet_dontaudit_receive_tftp_server_packets" lineno="91684">
 <summary>
 Do not audit attempts to receive tftp_server packets.
 </summary>
@@ -62127,7 +64444,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_tftp_server_packets" lineno="67779">
+<interface name="corenet_sendrecv_tftp_server_packets" lineno="91703">
 <summary>
 Send and receive tftp_server packets.
 </summary>
@@ -62138,7 +64455,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_tftp_server_packets" lineno="67795">
+<interface name="corenet_dontaudit_sendrecv_tftp_server_packets" lineno="91719">
 <summary>
 Do not audit attempts to send and receive tftp_server packets.
 </summary>
@@ -62149,7 +64466,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_tftp_server_packets" lineno="67810">
+<interface name="corenet_relabelto_tftp_server_packets" lineno="91734">
 <summary>
 Relabel packets to tftp_server the packet type.
 </summary>
@@ -62159,7 +64476,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_tor_port" lineno="67832">
+<interface name="corenet_tcp_sendrecv_tor_port" lineno="91756">
 <summary>
 Send and receive TCP traffic on the tor port.
 </summary>
@@ -62170,7 +64487,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_tor_port" lineno="67851">
+<interface name="corenet_udp_send_tor_port" lineno="91775">
 <summary>
 Send UDP traffic on the tor port.
 </summary>
@@ -62181,7 +64498,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_tor_port" lineno="67870">
+<interface name="corenet_dontaudit_udp_send_tor_port" lineno="91794">
 <summary>
 Do not audit attempts to send UDP traffic on the tor port.
 </summary>
@@ -62192,7 +64509,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_tor_port" lineno="67889">
+<interface name="corenet_udp_receive_tor_port" lineno="91813">
 <summary>
 Receive UDP traffic on the tor port.
 </summary>
@@ -62203,7 +64520,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_tor_port" lineno="67908">
+<interface name="corenet_dontaudit_udp_receive_tor_port" lineno="91832">
 <summary>
 Do not audit attempts to receive UDP traffic on the tor port.
 </summary>
@@ -62214,7 +64531,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_tor_port" lineno="67927">
+<interface name="corenet_udp_sendrecv_tor_port" lineno="91851">
 <summary>
 Send and receive UDP traffic on the tor port.
 </summary>
@@ -62225,7 +64542,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_tor_port" lineno="67944">
+<interface name="corenet_dontaudit_udp_sendrecv_tor_port" lineno="91868">
 <summary>
 Do not audit attempts to send and receive
 UDP traffic on the tor port.
@@ -62237,7 +64554,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_tor_port" lineno="67960">
+<interface name="corenet_tcp_bind_tor_port" lineno="91884">
 <summary>
 Bind TCP sockets to the tor port.
 </summary>
@@ -62248,7 +64565,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_tor_port" lineno="67980">
+<interface name="corenet_udp_bind_tor_port" lineno="91904">
 <summary>
 Bind UDP sockets to the tor port.
 </summary>
@@ -62259,7 +64576,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_tor_port" lineno="67999">
+<interface name="corenet_tcp_connect_tor_port" lineno="91923">
 <summary>
 Make a TCP connection to the tor port.
 </summary>
@@ -62269,7 +64586,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_tor_client_packets" lineno="68019">
+<interface name="corenet_send_tor_client_packets" lineno="91943">
 <summary>
 Send tor_client packets.
 </summary>
@@ -62280,7 +64597,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_tor_client_packets" lineno="68038">
+<interface name="corenet_dontaudit_send_tor_client_packets" lineno="91962">
 <summary>
 Do not audit attempts to send tor_client packets.
 </summary>
@@ -62291,7 +64608,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_tor_client_packets" lineno="68057">
+<interface name="corenet_receive_tor_client_packets" lineno="91981">
 <summary>
 Receive tor_client packets.
 </summary>
@@ -62302,7 +64619,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_tor_client_packets" lineno="68076">
+<interface name="corenet_dontaudit_receive_tor_client_packets" lineno="92000">
 <summary>
 Do not audit attempts to receive tor_client packets.
 </summary>
@@ -62313,7 +64630,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_tor_client_packets" lineno="68095">
+<interface name="corenet_sendrecv_tor_client_packets" lineno="92019">
 <summary>
 Send and receive tor_client packets.
 </summary>
@@ -62324,7 +64641,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_tor_client_packets" lineno="68111">
+<interface name="corenet_dontaudit_sendrecv_tor_client_packets" lineno="92035">
 <summary>
 Do not audit attempts to send and receive tor_client packets.
 </summary>
@@ -62335,7 +64652,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_tor_client_packets" lineno="68126">
+<interface name="corenet_relabelto_tor_client_packets" lineno="92050">
 <summary>
 Relabel packets to tor_client the packet type.
 </summary>
@@ -62345,7 +64662,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_tor_server_packets" lineno="68146">
+<interface name="corenet_send_tor_server_packets" lineno="92070">
 <summary>
 Send tor_server packets.
 </summary>
@@ -62356,7 +64673,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_tor_server_packets" lineno="68165">
+<interface name="corenet_dontaudit_send_tor_server_packets" lineno="92089">
 <summary>
 Do not audit attempts to send tor_server packets.
 </summary>
@@ -62367,7 +64684,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_tor_server_packets" lineno="68184">
+<interface name="corenet_receive_tor_server_packets" lineno="92108">
 <summary>
 Receive tor_server packets.
 </summary>
@@ -62378,7 +64695,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_tor_server_packets" lineno="68203">
+<interface name="corenet_dontaudit_receive_tor_server_packets" lineno="92127">
 <summary>
 Do not audit attempts to receive tor_server packets.
 </summary>
@@ -62389,7 +64706,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_tor_server_packets" lineno="68222">
+<interface name="corenet_sendrecv_tor_server_packets" lineno="92146">
 <summary>
 Send and receive tor_server packets.
 </summary>
@@ -62400,7 +64717,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_tor_server_packets" lineno="68238">
+<interface name="corenet_dontaudit_sendrecv_tor_server_packets" lineno="92162">
 <summary>
 Do not audit attempts to send and receive tor_server packets.
 </summary>
@@ -62411,7 +64728,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_tor_server_packets" lineno="68253">
+<interface name="corenet_relabelto_tor_server_packets" lineno="92177">
 <summary>
 Relabel packets to tor_server the packet type.
 </summary>
@@ -62421,7 +64738,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_traceroute_port" lineno="68275">
+<interface name="corenet_tcp_sendrecv_traceroute_port" lineno="92199">
 <summary>
 Send and receive TCP traffic on the traceroute port.
 </summary>
@@ -62432,7 +64749,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_traceroute_port" lineno="68294">
+<interface name="corenet_udp_send_traceroute_port" lineno="92218">
 <summary>
 Send UDP traffic on the traceroute port.
 </summary>
@@ -62443,7 +64760,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_traceroute_port" lineno="68313">
+<interface name="corenet_dontaudit_udp_send_traceroute_port" lineno="92237">
 <summary>
 Do not audit attempts to send UDP traffic on the traceroute port.
 </summary>
@@ -62454,7 +64771,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_traceroute_port" lineno="68332">
+<interface name="corenet_udp_receive_traceroute_port" lineno="92256">
 <summary>
 Receive UDP traffic on the traceroute port.
 </summary>
@@ -62465,7 +64782,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_traceroute_port" lineno="68351">
+<interface name="corenet_dontaudit_udp_receive_traceroute_port" lineno="92275">
 <summary>
 Do not audit attempts to receive UDP traffic on the traceroute port.
 </summary>
@@ -62476,7 +64793,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_traceroute_port" lineno="68370">
+<interface name="corenet_udp_sendrecv_traceroute_port" lineno="92294">
 <summary>
 Send and receive UDP traffic on the traceroute port.
 </summary>
@@ -62487,7 +64804,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_traceroute_port" lineno="68387">
+<interface name="corenet_dontaudit_udp_sendrecv_traceroute_port" lineno="92311">
 <summary>
 Do not audit attempts to send and receive
 UDP traffic on the traceroute port.
@@ -62499,7 +64816,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_traceroute_port" lineno="68403">
+<interface name="corenet_tcp_bind_traceroute_port" lineno="92327">
 <summary>
 Bind TCP sockets to the traceroute port.
 </summary>
@@ -62510,7 +64827,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_traceroute_port" lineno="68423">
+<interface name="corenet_udp_bind_traceroute_port" lineno="92347">
 <summary>
 Bind UDP sockets to the traceroute port.
 </summary>
@@ -62521,7 +64838,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_traceroute_port" lineno="68442">
+<interface name="corenet_tcp_connect_traceroute_port" lineno="92366">
 <summary>
 Make a TCP connection to the traceroute port.
 </summary>
@@ -62531,7 +64848,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_traceroute_client_packets" lineno="68462">
+<interface name="corenet_send_traceroute_client_packets" lineno="92386">
 <summary>
 Send traceroute_client packets.
 </summary>
@@ -62542,7 +64859,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_traceroute_client_packets" lineno="68481">
+<interface name="corenet_dontaudit_send_traceroute_client_packets" lineno="92405">
 <summary>
 Do not audit attempts to send traceroute_client packets.
 </summary>
@@ -62553,7 +64870,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_traceroute_client_packets" lineno="68500">
+<interface name="corenet_receive_traceroute_client_packets" lineno="92424">
 <summary>
 Receive traceroute_client packets.
 </summary>
@@ -62564,7 +64881,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_traceroute_client_packets" lineno="68519">
+<interface name="corenet_dontaudit_receive_traceroute_client_packets" lineno="92443">
 <summary>
 Do not audit attempts to receive traceroute_client packets.
 </summary>
@@ -62575,7 +64892,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_traceroute_client_packets" lineno="68538">
+<interface name="corenet_sendrecv_traceroute_client_packets" lineno="92462">
 <summary>
 Send and receive traceroute_client packets.
 </summary>
@@ -62586,7 +64903,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_traceroute_client_packets" lineno="68554">
+<interface name="corenet_dontaudit_sendrecv_traceroute_client_packets" lineno="92478">
 <summary>
 Do not audit attempts to send and receive traceroute_client packets.
 </summary>
@@ -62597,7 +64914,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_traceroute_client_packets" lineno="68569">
+<interface name="corenet_relabelto_traceroute_client_packets" lineno="92493">
 <summary>
 Relabel packets to traceroute_client the packet type.
 </summary>
@@ -62607,7 +64924,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_traceroute_server_packets" lineno="68589">
+<interface name="corenet_send_traceroute_server_packets" lineno="92513">
 <summary>
 Send traceroute_server packets.
 </summary>
@@ -62618,7 +64935,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_traceroute_server_packets" lineno="68608">
+<interface name="corenet_dontaudit_send_traceroute_server_packets" lineno="92532">
 <summary>
 Do not audit attempts to send traceroute_server packets.
 </summary>
@@ -62629,7 +64946,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_traceroute_server_packets" lineno="68627">
+<interface name="corenet_receive_traceroute_server_packets" lineno="92551">
 <summary>
 Receive traceroute_server packets.
 </summary>
@@ -62640,7 +64957,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_traceroute_server_packets" lineno="68646">
+<interface name="corenet_dontaudit_receive_traceroute_server_packets" lineno="92570">
 <summary>
 Do not audit attempts to receive traceroute_server packets.
 </summary>
@@ -62651,7 +64968,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_traceroute_server_packets" lineno="68665">
+<interface name="corenet_sendrecv_traceroute_server_packets" lineno="92589">
 <summary>
 Send and receive traceroute_server packets.
 </summary>
@@ -62662,7 +64979,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_traceroute_server_packets" lineno="68681">
+<interface name="corenet_dontaudit_sendrecv_traceroute_server_packets" lineno="92605">
 <summary>
 Do not audit attempts to send and receive traceroute_server packets.
 </summary>
@@ -62673,7 +64990,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_traceroute_server_packets" lineno="68696">
+<interface name="corenet_relabelto_traceroute_server_packets" lineno="92620">
 <summary>
 Relabel packets to traceroute_server the packet type.
 </summary>
@@ -62683,7 +65000,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_transproxy_port" lineno="68718">
+<interface name="corenet_tcp_sendrecv_transproxy_port" lineno="92642">
 <summary>
 Send and receive TCP traffic on the transproxy port.
 </summary>
@@ -62694,7 +65011,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_transproxy_port" lineno="68737">
+<interface name="corenet_udp_send_transproxy_port" lineno="92661">
 <summary>
 Send UDP traffic on the transproxy port.
 </summary>
@@ -62705,7 +65022,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_transproxy_port" lineno="68756">
+<interface name="corenet_dontaudit_udp_send_transproxy_port" lineno="92680">
 <summary>
 Do not audit attempts to send UDP traffic on the transproxy port.
 </summary>
@@ -62716,7 +65033,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_transproxy_port" lineno="68775">
+<interface name="corenet_udp_receive_transproxy_port" lineno="92699">
 <summary>
 Receive UDP traffic on the transproxy port.
 </summary>
@@ -62727,7 +65044,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_transproxy_port" lineno="68794">
+<interface name="corenet_dontaudit_udp_receive_transproxy_port" lineno="92718">
 <summary>
 Do not audit attempts to receive UDP traffic on the transproxy port.
 </summary>
@@ -62738,7 +65055,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_transproxy_port" lineno="68813">
+<interface name="corenet_udp_sendrecv_transproxy_port" lineno="92737">
 <summary>
 Send and receive UDP traffic on the transproxy port.
 </summary>
@@ -62749,7 +65066,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_transproxy_port" lineno="68830">
+<interface name="corenet_dontaudit_udp_sendrecv_transproxy_port" lineno="92754">
 <summary>
 Do not audit attempts to send and receive
 UDP traffic on the transproxy port.
@@ -62761,7 +65078,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_transproxy_port" lineno="68846">
+<interface name="corenet_tcp_bind_transproxy_port" lineno="92770">
 <summary>
 Bind TCP sockets to the transproxy port.
 </summary>
@@ -62772,7 +65089,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_transproxy_port" lineno="68866">
+<interface name="corenet_udp_bind_transproxy_port" lineno="92790">
 <summary>
 Bind UDP sockets to the transproxy port.
 </summary>
@@ -62783,7 +65100,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_transproxy_port" lineno="68885">
+<interface name="corenet_tcp_connect_transproxy_port" lineno="92809">
 <summary>
 Make a TCP connection to the transproxy port.
 </summary>
@@ -62793,7 +65110,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_transproxy_client_packets" lineno="68905">
+<interface name="corenet_send_transproxy_client_packets" lineno="92829">
 <summary>
 Send transproxy_client packets.
 </summary>
@@ -62804,7 +65121,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_transproxy_client_packets" lineno="68924">
+<interface name="corenet_dontaudit_send_transproxy_client_packets" lineno="92848">
 <summary>
 Do not audit attempts to send transproxy_client packets.
 </summary>
@@ -62815,7 +65132,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_transproxy_client_packets" lineno="68943">
+<interface name="corenet_receive_transproxy_client_packets" lineno="92867">
 <summary>
 Receive transproxy_client packets.
 </summary>
@@ -62826,7 +65143,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_transproxy_client_packets" lineno="68962">
+<interface name="corenet_dontaudit_receive_transproxy_client_packets" lineno="92886">
 <summary>
 Do not audit attempts to receive transproxy_client packets.
 </summary>
@@ -62837,7 +65154,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_transproxy_client_packets" lineno="68981">
+<interface name="corenet_sendrecv_transproxy_client_packets" lineno="92905">
 <summary>
 Send and receive transproxy_client packets.
 </summary>
@@ -62848,7 +65165,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_transproxy_client_packets" lineno="68997">
+<interface name="corenet_dontaudit_sendrecv_transproxy_client_packets" lineno="92921">
 <summary>
 Do not audit attempts to send and receive transproxy_client packets.
 </summary>
@@ -62859,7 +65176,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_transproxy_client_packets" lineno="69012">
+<interface name="corenet_relabelto_transproxy_client_packets" lineno="92936">
 <summary>
 Relabel packets to transproxy_client the packet type.
 </summary>
@@ -62869,7 +65186,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_transproxy_server_packets" lineno="69032">
+<interface name="corenet_send_transproxy_server_packets" lineno="92956">
 <summary>
 Send transproxy_server packets.
 </summary>
@@ -62880,7 +65197,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_transproxy_server_packets" lineno="69051">
+<interface name="corenet_dontaudit_send_transproxy_server_packets" lineno="92975">
 <summary>
 Do not audit attempts to send transproxy_server packets.
 </summary>
@@ -62891,7 +65208,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_transproxy_server_packets" lineno="69070">
+<interface name="corenet_receive_transproxy_server_packets" lineno="92994">
 <summary>
 Receive transproxy_server packets.
 </summary>
@@ -62902,7 +65219,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_transproxy_server_packets" lineno="69089">
+<interface name="corenet_dontaudit_receive_transproxy_server_packets" lineno="93013">
 <summary>
 Do not audit attempts to receive transproxy_server packets.
 </summary>
@@ -62913,7 +65230,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_transproxy_server_packets" lineno="69108">
+<interface name="corenet_sendrecv_transproxy_server_packets" lineno="93032">
 <summary>
 Send and receive transproxy_server packets.
 </summary>
@@ -62924,7 +65241,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_transproxy_server_packets" lineno="69124">
+<interface name="corenet_dontaudit_sendrecv_transproxy_server_packets" lineno="93048">
 <summary>
 Do not audit attempts to send and receive transproxy_server packets.
 </summary>
@@ -62935,7 +65252,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_transproxy_server_packets" lineno="69139">
+<interface name="corenet_relabelto_transproxy_server_packets" lineno="93063">
 <summary>
 Relabel packets to transproxy_server the packet type.
 </summary>
@@ -62945,7 +65262,531 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_ups_port" lineno="69161">
+<interface name="corenet_tcp_sendrecv_trisoap_port" lineno="93085">
+<summary>
+Send and receive TCP traffic on the trisoap port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_trisoap_port" lineno="93104">
+<summary>
+Send UDP traffic on the trisoap port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_trisoap_port" lineno="93123">
+<summary>
+Do not audit attempts to send UDP traffic on the trisoap port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_trisoap_port" lineno="93142">
+<summary>
+Receive UDP traffic on the trisoap port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_trisoap_port" lineno="93161">
+<summary>
+Do not audit attempts to receive UDP traffic on the trisoap port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_trisoap_port" lineno="93180">
+<summary>
+Send and receive UDP traffic on the trisoap port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_trisoap_port" lineno="93197">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the trisoap port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_trisoap_port" lineno="93213">
+<summary>
+Bind TCP sockets to the trisoap port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_trisoap_port" lineno="93233">
+<summary>
+Bind UDP sockets to the trisoap port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_trisoap_port" lineno="93252">
+<summary>
+Make a TCP connection to the trisoap port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_trisoap_client_packets" lineno="93272">
+<summary>
+Send trisoap_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_trisoap_client_packets" lineno="93291">
+<summary>
+Do not audit attempts to send trisoap_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_trisoap_client_packets" lineno="93310">
+<summary>
+Receive trisoap_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_trisoap_client_packets" lineno="93329">
+<summary>
+Do not audit attempts to receive trisoap_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_trisoap_client_packets" lineno="93348">
+<summary>
+Send and receive trisoap_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_trisoap_client_packets" lineno="93364">
+<summary>
+Do not audit attempts to send and receive trisoap_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_trisoap_client_packets" lineno="93379">
+<summary>
+Relabel packets to trisoap_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_trisoap_server_packets" lineno="93399">
+<summary>
+Send trisoap_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_trisoap_server_packets" lineno="93418">
+<summary>
+Do not audit attempts to send trisoap_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_trisoap_server_packets" lineno="93437">
+<summary>
+Receive trisoap_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_trisoap_server_packets" lineno="93456">
+<summary>
+Do not audit attempts to receive trisoap_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_trisoap_server_packets" lineno="93475">
+<summary>
+Send and receive trisoap_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_trisoap_server_packets" lineno="93491">
+<summary>
+Do not audit attempts to send and receive trisoap_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_trisoap_server_packets" lineno="93506">
+<summary>
+Relabel packets to trisoap_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_trivnet1_port" lineno="93528">
+<summary>
+Send and receive TCP traffic on the trivnet1 port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_trivnet1_port" lineno="93547">
+<summary>
+Send UDP traffic on the trivnet1 port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_trivnet1_port" lineno="93566">
+<summary>
+Do not audit attempts to send UDP traffic on the trivnet1 port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_trivnet1_port" lineno="93585">
+<summary>
+Receive UDP traffic on the trivnet1 port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_trivnet1_port" lineno="93604">
+<summary>
+Do not audit attempts to receive UDP traffic on the trivnet1 port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_trivnet1_port" lineno="93623">
+<summary>
+Send and receive UDP traffic on the trivnet1 port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_trivnet1_port" lineno="93640">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the trivnet1 port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_trivnet1_port" lineno="93656">
+<summary>
+Bind TCP sockets to the trivnet1 port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_trivnet1_port" lineno="93676">
+<summary>
+Bind UDP sockets to the trivnet1 port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_trivnet1_port" lineno="93695">
+<summary>
+Make a TCP connection to the trivnet1 port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_trivnet1_client_packets" lineno="93715">
+<summary>
+Send trivnet1_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_trivnet1_client_packets" lineno="93734">
+<summary>
+Do not audit attempts to send trivnet1_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_trivnet1_client_packets" lineno="93753">
+<summary>
+Receive trivnet1_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_trivnet1_client_packets" lineno="93772">
+<summary>
+Do not audit attempts to receive trivnet1_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_trivnet1_client_packets" lineno="93791">
+<summary>
+Send and receive trivnet1_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_trivnet1_client_packets" lineno="93807">
+<summary>
+Do not audit attempts to send and receive trivnet1_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_trivnet1_client_packets" lineno="93822">
+<summary>
+Relabel packets to trivnet1_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_trivnet1_server_packets" lineno="93842">
+<summary>
+Send trivnet1_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_trivnet1_server_packets" lineno="93861">
+<summary>
+Do not audit attempts to send trivnet1_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_trivnet1_server_packets" lineno="93880">
+<summary>
+Receive trivnet1_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_trivnet1_server_packets" lineno="93899">
+<summary>
+Do not audit attempts to receive trivnet1_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_trivnet1_server_packets" lineno="93918">
+<summary>
+Send and receive trivnet1_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_trivnet1_server_packets" lineno="93934">
+<summary>
+Do not audit attempts to send and receive trivnet1_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_trivnet1_server_packets" lineno="93949">
+<summary>
+Relabel packets to trivnet1_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_ups_port" lineno="93971">
 <summary>
 Send and receive TCP traffic on the ups port.
 </summary>
@@ -62956,7 +65797,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_ups_port" lineno="69180">
+<interface name="corenet_udp_send_ups_port" lineno="93990">
 <summary>
 Send UDP traffic on the ups port.
 </summary>
@@ -62967,7 +65808,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_ups_port" lineno="69199">
+<interface name="corenet_dontaudit_udp_send_ups_port" lineno="94009">
 <summary>
 Do not audit attempts to send UDP traffic on the ups port.
 </summary>
@@ -62978,7 +65819,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_ups_port" lineno="69218">
+<interface name="corenet_udp_receive_ups_port" lineno="94028">
 <summary>
 Receive UDP traffic on the ups port.
 </summary>
@@ -62989,7 +65830,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_ups_port" lineno="69237">
+<interface name="corenet_dontaudit_udp_receive_ups_port" lineno="94047">
 <summary>
 Do not audit attempts to receive UDP traffic on the ups port.
 </summary>
@@ -63000,7 +65841,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_ups_port" lineno="69256">
+<interface name="corenet_udp_sendrecv_ups_port" lineno="94066">
 <summary>
 Send and receive UDP traffic on the ups port.
 </summary>
@@ -63011,7 +65852,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_ups_port" lineno="69273">
+<interface name="corenet_dontaudit_udp_sendrecv_ups_port" lineno="94083">
 <summary>
 Do not audit attempts to send and receive
 UDP traffic on the ups port.
@@ -63023,7 +65864,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_ups_port" lineno="69289">
+<interface name="corenet_tcp_bind_ups_port" lineno="94099">
 <summary>
 Bind TCP sockets to the ups port.
 </summary>
@@ -63034,7 +65875,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_ups_port" lineno="69309">
+<interface name="corenet_udp_bind_ups_port" lineno="94119">
 <summary>
 Bind UDP sockets to the ups port.
 </summary>
@@ -63045,7 +65886,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_ups_port" lineno="69328">
+<interface name="corenet_tcp_connect_ups_port" lineno="94138">
 <summary>
 Make a TCP connection to the ups port.
 </summary>
@@ -63055,7 +65896,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_ups_client_packets" lineno="69348">
+<interface name="corenet_send_ups_client_packets" lineno="94158">
 <summary>
 Send ups_client packets.
 </summary>
@@ -63066,7 +65907,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_ups_client_packets" lineno="69367">
+<interface name="corenet_dontaudit_send_ups_client_packets" lineno="94177">
 <summary>
 Do not audit attempts to send ups_client packets.
 </summary>
@@ -63077,7 +65918,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_ups_client_packets" lineno="69386">
+<interface name="corenet_receive_ups_client_packets" lineno="94196">
 <summary>
 Receive ups_client packets.
 </summary>
@@ -63088,7 +65929,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_ups_client_packets" lineno="69405">
+<interface name="corenet_dontaudit_receive_ups_client_packets" lineno="94215">
 <summary>
 Do not audit attempts to receive ups_client packets.
 </summary>
@@ -63099,7 +65940,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_ups_client_packets" lineno="69424">
+<interface name="corenet_sendrecv_ups_client_packets" lineno="94234">
 <summary>
 Send and receive ups_client packets.
 </summary>
@@ -63110,7 +65951,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_ups_client_packets" lineno="69440">
+<interface name="corenet_dontaudit_sendrecv_ups_client_packets" lineno="94250">
 <summary>
 Do not audit attempts to send and receive ups_client packets.
 </summary>
@@ -63121,7 +65962,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_ups_client_packets" lineno="69455">
+<interface name="corenet_relabelto_ups_client_packets" lineno="94265">
 <summary>
 Relabel packets to ups_client the packet type.
 </summary>
@@ -63131,7 +65972,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_ups_server_packets" lineno="69475">
+<interface name="corenet_send_ups_server_packets" lineno="94285">
 <summary>
 Send ups_server packets.
 </summary>
@@ -63142,7 +65983,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_ups_server_packets" lineno="69494">
+<interface name="corenet_dontaudit_send_ups_server_packets" lineno="94304">
 <summary>
 Do not audit attempts to send ups_server packets.
 </summary>
@@ -63153,7 +65994,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_ups_server_packets" lineno="69513">
+<interface name="corenet_receive_ups_server_packets" lineno="94323">
 <summary>
 Receive ups_server packets.
 </summary>
@@ -63164,7 +66005,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_ups_server_packets" lineno="69532">
+<interface name="corenet_dontaudit_receive_ups_server_packets" lineno="94342">
 <summary>
 Do not audit attempts to receive ups_server packets.
 </summary>
@@ -63175,7 +66016,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_ups_server_packets" lineno="69551">
+<interface name="corenet_sendrecv_ups_server_packets" lineno="94361">
 <summary>
 Send and receive ups_server packets.
 </summary>
@@ -63186,7 +66027,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_ups_server_packets" lineno="69567">
+<interface name="corenet_dontaudit_sendrecv_ups_server_packets" lineno="94377">
 <summary>
 Do not audit attempts to send and receive ups_server packets.
 </summary>
@@ -63197,7 +66038,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_ups_server_packets" lineno="69582">
+<interface name="corenet_relabelto_ups_server_packets" lineno="94392">
 <summary>
 Relabel packets to ups_server the packet type.
 </summary>
@@ -63207,7 +66048,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_utcpserver_port" lineno="69604">
+<interface name="corenet_tcp_sendrecv_utcpserver_port" lineno="94414">
 <summary>
 Send and receive TCP traffic on the utcpserver port.
 </summary>
@@ -63218,7 +66059,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_utcpserver_port" lineno="69623">
+<interface name="corenet_udp_send_utcpserver_port" lineno="94433">
 <summary>
 Send UDP traffic on the utcpserver port.
 </summary>
@@ -63229,7 +66070,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_utcpserver_port" lineno="69642">
+<interface name="corenet_dontaudit_udp_send_utcpserver_port" lineno="94452">
 <summary>
 Do not audit attempts to send UDP traffic on the utcpserver port.
 </summary>
@@ -63240,7 +66081,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_utcpserver_port" lineno="69661">
+<interface name="corenet_udp_receive_utcpserver_port" lineno="94471">
 <summary>
 Receive UDP traffic on the utcpserver port.
 </summary>
@@ -63251,7 +66092,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_utcpserver_port" lineno="69680">
+<interface name="corenet_dontaudit_udp_receive_utcpserver_port" lineno="94490">
 <summary>
 Do not audit attempts to receive UDP traffic on the utcpserver port.
 </summary>
@@ -63262,7 +66103,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_utcpserver_port" lineno="69699">
+<interface name="corenet_udp_sendrecv_utcpserver_port" lineno="94509">
 <summary>
 Send and receive UDP traffic on the utcpserver port.
 </summary>
@@ -63273,7 +66114,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_utcpserver_port" lineno="69716">
+<interface name="corenet_dontaudit_udp_sendrecv_utcpserver_port" lineno="94526">
 <summary>
 Do not audit attempts to send and receive
 UDP traffic on the utcpserver port.
@@ -63285,7 +66126,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_utcpserver_port" lineno="69732">
+<interface name="corenet_tcp_bind_utcpserver_port" lineno="94542">
 <summary>
 Bind TCP sockets to the utcpserver port.
 </summary>
@@ -63296,7 +66137,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_utcpserver_port" lineno="69752">
+<interface name="corenet_udp_bind_utcpserver_port" lineno="94562">
 <summary>
 Bind UDP sockets to the utcpserver port.
 </summary>
@@ -63307,7 +66148,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_utcpserver_port" lineno="69771">
+<interface name="corenet_tcp_connect_utcpserver_port" lineno="94581">
 <summary>
 Make a TCP connection to the utcpserver port.
 </summary>
@@ -63317,7 +66158,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_utcpserver_client_packets" lineno="69791">
+<interface name="corenet_send_utcpserver_client_packets" lineno="94601">
 <summary>
 Send utcpserver_client packets.
 </summary>
@@ -63328,7 +66169,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_utcpserver_client_packets" lineno="69810">
+<interface name="corenet_dontaudit_send_utcpserver_client_packets" lineno="94620">
 <summary>
 Do not audit attempts to send utcpserver_client packets.
 </summary>
@@ -63339,7 +66180,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_utcpserver_client_packets" lineno="69829">
+<interface name="corenet_receive_utcpserver_client_packets" lineno="94639">
 <summary>
 Receive utcpserver_client packets.
 </summary>
@@ -63350,7 +66191,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_utcpserver_client_packets" lineno="69848">
+<interface name="corenet_dontaudit_receive_utcpserver_client_packets" lineno="94658">
 <summary>
 Do not audit attempts to receive utcpserver_client packets.
 </summary>
@@ -63361,7 +66202,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_utcpserver_client_packets" lineno="69867">
+<interface name="corenet_sendrecv_utcpserver_client_packets" lineno="94677">
 <summary>
 Send and receive utcpserver_client packets.
 </summary>
@@ -63372,7 +66213,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_utcpserver_client_packets" lineno="69883">
+<interface name="corenet_dontaudit_sendrecv_utcpserver_client_packets" lineno="94693">
 <summary>
 Do not audit attempts to send and receive utcpserver_client packets.
 </summary>
@@ -63383,7 +66224,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_utcpserver_client_packets" lineno="69898">
+<interface name="corenet_relabelto_utcpserver_client_packets" lineno="94708">
 <summary>
 Relabel packets to utcpserver_client the packet type.
 </summary>
@@ -63393,7 +66234,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_utcpserver_server_packets" lineno="69918">
+<interface name="corenet_send_utcpserver_server_packets" lineno="94728">
 <summary>
 Send utcpserver_server packets.
 </summary>
@@ -63404,7 +66245,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_utcpserver_server_packets" lineno="69937">
+<interface name="corenet_dontaudit_send_utcpserver_server_packets" lineno="94747">
 <summary>
 Do not audit attempts to send utcpserver_server packets.
 </summary>
@@ -63415,7 +66256,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_utcpserver_server_packets" lineno="69956">
+<interface name="corenet_receive_utcpserver_server_packets" lineno="94766">
 <summary>
 Receive utcpserver_server packets.
 </summary>
@@ -63426,7 +66267,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_utcpserver_server_packets" lineno="69975">
+<interface name="corenet_dontaudit_receive_utcpserver_server_packets" lineno="94785">
 <summary>
 Do not audit attempts to receive utcpserver_server packets.
 </summary>
@@ -63437,7 +66278,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_utcpserver_server_packets" lineno="69994">
+<interface name="corenet_sendrecv_utcpserver_server_packets" lineno="94804">
 <summary>
 Send and receive utcpserver_server packets.
 </summary>
@@ -63448,7 +66289,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_utcpserver_server_packets" lineno="70010">
+<interface name="corenet_dontaudit_sendrecv_utcpserver_server_packets" lineno="94820">
 <summary>
 Do not audit attempts to send and receive utcpserver_server packets.
 </summary>
@@ -63459,7 +66300,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_utcpserver_server_packets" lineno="70025">
+<interface name="corenet_relabelto_utcpserver_server_packets" lineno="94835">
 <summary>
 Relabel packets to utcpserver_server the packet type.
 </summary>
@@ -63469,7 +66310,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_uucpd_port" lineno="70047">
+<interface name="corenet_tcp_sendrecv_uucpd_port" lineno="94857">
 <summary>
 Send and receive TCP traffic on the uucpd port.
 </summary>
@@ -63480,7 +66321,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_uucpd_port" lineno="70066">
+<interface name="corenet_udp_send_uucpd_port" lineno="94876">
 <summary>
 Send UDP traffic on the uucpd port.
 </summary>
@@ -63491,7 +66332,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_uucpd_port" lineno="70085">
+<interface name="corenet_dontaudit_udp_send_uucpd_port" lineno="94895">
 <summary>
 Do not audit attempts to send UDP traffic on the uucpd port.
 </summary>
@@ -63502,7 +66343,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_uucpd_port" lineno="70104">
+<interface name="corenet_udp_receive_uucpd_port" lineno="94914">
 <summary>
 Receive UDP traffic on the uucpd port.
 </summary>
@@ -63513,7 +66354,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_uucpd_port" lineno="70123">
+<interface name="corenet_dontaudit_udp_receive_uucpd_port" lineno="94933">
 <summary>
 Do not audit attempts to receive UDP traffic on the uucpd port.
 </summary>
@@ -63524,7 +66365,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_uucpd_port" lineno="70142">
+<interface name="corenet_udp_sendrecv_uucpd_port" lineno="94952">
 <summary>
 Send and receive UDP traffic on the uucpd port.
 </summary>
@@ -63535,7 +66376,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_uucpd_port" lineno="70159">
+<interface name="corenet_dontaudit_udp_sendrecv_uucpd_port" lineno="94969">
 <summary>
 Do not audit attempts to send and receive
 UDP traffic on the uucpd port.
@@ -63547,7 +66388,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_uucpd_port" lineno="70175">
+<interface name="corenet_tcp_bind_uucpd_port" lineno="94985">
 <summary>
 Bind TCP sockets to the uucpd port.
 </summary>
@@ -63558,7 +66399,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_uucpd_port" lineno="70195">
+<interface name="corenet_udp_bind_uucpd_port" lineno="95005">
 <summary>
 Bind UDP sockets to the uucpd port.
 </summary>
@@ -63569,7 +66410,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_uucpd_port" lineno="70214">
+<interface name="corenet_tcp_connect_uucpd_port" lineno="95024">
 <summary>
 Make a TCP connection to the uucpd port.
 </summary>
@@ -63579,7 +66420,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_uucpd_client_packets" lineno="70234">
+<interface name="corenet_send_uucpd_client_packets" lineno="95044">
 <summary>
 Send uucpd_client packets.
 </summary>
@@ -63590,7 +66431,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_uucpd_client_packets" lineno="70253">
+<interface name="corenet_dontaudit_send_uucpd_client_packets" lineno="95063">
 <summary>
 Do not audit attempts to send uucpd_client packets.
 </summary>
@@ -63601,7 +66442,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_uucpd_client_packets" lineno="70272">
+<interface name="corenet_receive_uucpd_client_packets" lineno="95082">
 <summary>
 Receive uucpd_client packets.
 </summary>
@@ -63612,7 +66453,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_uucpd_client_packets" lineno="70291">
+<interface name="corenet_dontaudit_receive_uucpd_client_packets" lineno="95101">
 <summary>
 Do not audit attempts to receive uucpd_client packets.
 </summary>
@@ -63623,7 +66464,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_uucpd_client_packets" lineno="70310">
+<interface name="corenet_sendrecv_uucpd_client_packets" lineno="95120">
 <summary>
 Send and receive uucpd_client packets.
 </summary>
@@ -63634,7 +66475,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_uucpd_client_packets" lineno="70326">
+<interface name="corenet_dontaudit_sendrecv_uucpd_client_packets" lineno="95136">
 <summary>
 Do not audit attempts to send and receive uucpd_client packets.
 </summary>
@@ -63645,7 +66486,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_uucpd_client_packets" lineno="70341">
+<interface name="corenet_relabelto_uucpd_client_packets" lineno="95151">
 <summary>
 Relabel packets to uucpd_client the packet type.
 </summary>
@@ -63655,7 +66496,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_uucpd_server_packets" lineno="70361">
+<interface name="corenet_send_uucpd_server_packets" lineno="95171">
 <summary>
 Send uucpd_server packets.
 </summary>
@@ -63666,7 +66507,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_uucpd_server_packets" lineno="70380">
+<interface name="corenet_dontaudit_send_uucpd_server_packets" lineno="95190">
 <summary>
 Do not audit attempts to send uucpd_server packets.
 </summary>
@@ -63677,7 +66518,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_uucpd_server_packets" lineno="70399">
+<interface name="corenet_receive_uucpd_server_packets" lineno="95209">
 <summary>
 Receive uucpd_server packets.
 </summary>
@@ -63688,7 +66529,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_uucpd_server_packets" lineno="70418">
+<interface name="corenet_dontaudit_receive_uucpd_server_packets" lineno="95228">
 <summary>
 Do not audit attempts to receive uucpd_server packets.
 </summary>
@@ -63699,7 +66540,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_uucpd_server_packets" lineno="70437">
+<interface name="corenet_sendrecv_uucpd_server_packets" lineno="95247">
 <summary>
 Send and receive uucpd_server packets.
 </summary>
@@ -63710,7 +66551,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_uucpd_server_packets" lineno="70453">
+<interface name="corenet_dontaudit_sendrecv_uucpd_server_packets" lineno="95263">
 <summary>
 Do not audit attempts to send and receive uucpd_server packets.
 </summary>
@@ -63721,7 +66562,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_uucpd_server_packets" lineno="70468">
+<interface name="corenet_relabelto_uucpd_server_packets" lineno="95278">
 <summary>
 Relabel packets to uucpd_server the packet type.
 </summary>
@@ -63731,7 +66572,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_varnishd_port" lineno="70490">
+<interface name="corenet_tcp_sendrecv_varnishd_port" lineno="95300">
 <summary>
 Send and receive TCP traffic on the varnishd port.
 </summary>
@@ -63742,7 +66583,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_varnishd_port" lineno="70509">
+<interface name="corenet_udp_send_varnishd_port" lineno="95319">
 <summary>
 Send UDP traffic on the varnishd port.
 </summary>
@@ -63753,7 +66594,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_varnishd_port" lineno="70528">
+<interface name="corenet_dontaudit_udp_send_varnishd_port" lineno="95338">
 <summary>
 Do not audit attempts to send UDP traffic on the varnishd port.
 </summary>
@@ -63764,7 +66605,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_varnishd_port" lineno="70547">
+<interface name="corenet_udp_receive_varnishd_port" lineno="95357">
 <summary>
 Receive UDP traffic on the varnishd port.
 </summary>
@@ -63775,7 +66616,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_varnishd_port" lineno="70566">
+<interface name="corenet_dontaudit_udp_receive_varnishd_port" lineno="95376">
 <summary>
 Do not audit attempts to receive UDP traffic on the varnishd port.
 </summary>
@@ -63786,7 +66627,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_varnishd_port" lineno="70585">
+<interface name="corenet_udp_sendrecv_varnishd_port" lineno="95395">
 <summary>
 Send and receive UDP traffic on the varnishd port.
 </summary>
@@ -63797,7 +66638,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_varnishd_port" lineno="70602">
+<interface name="corenet_dontaudit_udp_sendrecv_varnishd_port" lineno="95412">
 <summary>
 Do not audit attempts to send and receive
 UDP traffic on the varnishd port.
@@ -63809,7 +66650,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_varnishd_port" lineno="70618">
+<interface name="corenet_tcp_bind_varnishd_port" lineno="95428">
 <summary>
 Bind TCP sockets to the varnishd port.
 </summary>
@@ -63820,7 +66661,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_varnishd_port" lineno="70638">
+<interface name="corenet_udp_bind_varnishd_port" lineno="95448">
 <summary>
 Bind UDP sockets to the varnishd port.
 </summary>
@@ -63831,7 +66672,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_varnishd_port" lineno="70657">
+<interface name="corenet_tcp_connect_varnishd_port" lineno="95467">
 <summary>
 Make a TCP connection to the varnishd port.
 </summary>
@@ -63841,7 +66682,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_varnishd_client_packets" lineno="70677">
+<interface name="corenet_send_varnishd_client_packets" lineno="95487">
 <summary>
 Send varnishd_client packets.
 </summary>
@@ -63852,7 +66693,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_varnishd_client_packets" lineno="70696">
+<interface name="corenet_dontaudit_send_varnishd_client_packets" lineno="95506">
 <summary>
 Do not audit attempts to send varnishd_client packets.
 </summary>
@@ -63863,7 +66704,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_varnishd_client_packets" lineno="70715">
+<interface name="corenet_receive_varnishd_client_packets" lineno="95525">
 <summary>
 Receive varnishd_client packets.
 </summary>
@@ -63874,7 +66715,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_varnishd_client_packets" lineno="70734">
+<interface name="corenet_dontaudit_receive_varnishd_client_packets" lineno="95544">
 <summary>
 Do not audit attempts to receive varnishd_client packets.
 </summary>
@@ -63885,7 +66726,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_varnishd_client_packets" lineno="70753">
+<interface name="corenet_sendrecv_varnishd_client_packets" lineno="95563">
 <summary>
 Send and receive varnishd_client packets.
 </summary>
@@ -63896,7 +66737,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_varnishd_client_packets" lineno="70769">
+<interface name="corenet_dontaudit_sendrecv_varnishd_client_packets" lineno="95579">
 <summary>
 Do not audit attempts to send and receive varnishd_client packets.
 </summary>
@@ -63907,7 +66748,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_varnishd_client_packets" lineno="70784">
+<interface name="corenet_relabelto_varnishd_client_packets" lineno="95594">
 <summary>
 Relabel packets to varnishd_client the packet type.
 </summary>
@@ -63917,7 +66758,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_varnishd_server_packets" lineno="70804">
+<interface name="corenet_send_varnishd_server_packets" lineno="95614">
 <summary>
 Send varnishd_server packets.
 </summary>
@@ -63928,7 +66769,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_varnishd_server_packets" lineno="70823">
+<interface name="corenet_dontaudit_send_varnishd_server_packets" lineno="95633">
 <summary>
 Do not audit attempts to send varnishd_server packets.
 </summary>
@@ -63939,7 +66780,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_varnishd_server_packets" lineno="70842">
+<interface name="corenet_receive_varnishd_server_packets" lineno="95652">
 <summary>
 Receive varnishd_server packets.
 </summary>
@@ -63950,7 +66791,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_varnishd_server_packets" lineno="70861">
+<interface name="corenet_dontaudit_receive_varnishd_server_packets" lineno="95671">
 <summary>
 Do not audit attempts to receive varnishd_server packets.
 </summary>
@@ -63961,7 +66802,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_varnishd_server_packets" lineno="70880">
+<interface name="corenet_sendrecv_varnishd_server_packets" lineno="95690">
 <summary>
 Send and receive varnishd_server packets.
 </summary>
@@ -63972,7 +66813,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_varnishd_server_packets" lineno="70896">
+<interface name="corenet_dontaudit_sendrecv_varnishd_server_packets" lineno="95706">
 <summary>
 Do not audit attempts to send and receive varnishd_server packets.
 </summary>
@@ -63983,7 +66824,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_varnishd_server_packets" lineno="70911">
+<interface name="corenet_relabelto_varnishd_server_packets" lineno="95721">
 <summary>
 Relabel packets to varnishd_server the packet type.
 </summary>
@@ -63993,7 +66834,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_virt_port" lineno="70933">
+<interface name="corenet_tcp_sendrecv_virt_port" lineno="95743">
 <summary>
 Send and receive TCP traffic on the virt port.
 </summary>
@@ -64004,7 +66845,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_virt_port" lineno="70952">
+<interface name="corenet_udp_send_virt_port" lineno="95762">
 <summary>
 Send UDP traffic on the virt port.
 </summary>
@@ -64015,7 +66856,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_virt_port" lineno="70971">
+<interface name="corenet_dontaudit_udp_send_virt_port" lineno="95781">
 <summary>
 Do not audit attempts to send UDP traffic on the virt port.
 </summary>
@@ -64026,7 +66867,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_virt_port" lineno="70990">
+<interface name="corenet_udp_receive_virt_port" lineno="95800">
 <summary>
 Receive UDP traffic on the virt port.
 </summary>
@@ -64037,7 +66878,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_virt_port" lineno="71009">
+<interface name="corenet_dontaudit_udp_receive_virt_port" lineno="95819">
 <summary>
 Do not audit attempts to receive UDP traffic on the virt port.
 </summary>
@@ -64048,7 +66889,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_virt_port" lineno="71028">
+<interface name="corenet_udp_sendrecv_virt_port" lineno="95838">
 <summary>
 Send and receive UDP traffic on the virt port.
 </summary>
@@ -64059,7 +66900,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_virt_port" lineno="71045">
+<interface name="corenet_dontaudit_udp_sendrecv_virt_port" lineno="95855">
 <summary>
 Do not audit attempts to send and receive
 UDP traffic on the virt port.
@@ -64071,7 +66912,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_virt_port" lineno="71061">
+<interface name="corenet_tcp_bind_virt_port" lineno="95871">
 <summary>
 Bind TCP sockets to the virt port.
 </summary>
@@ -64082,7 +66923,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_virt_port" lineno="71081">
+<interface name="corenet_udp_bind_virt_port" lineno="95891">
 <summary>
 Bind UDP sockets to the virt port.
 </summary>
@@ -64093,7 +66934,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_virt_port" lineno="71100">
+<interface name="corenet_tcp_connect_virt_port" lineno="95910">
 <summary>
 Make a TCP connection to the virt port.
 </summary>
@@ -64103,7 +66944,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_virt_client_packets" lineno="71120">
+<interface name="corenet_send_virt_client_packets" lineno="95930">
 <summary>
 Send virt_client packets.
 </summary>
@@ -64114,7 +66955,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_virt_client_packets" lineno="71139">
+<interface name="corenet_dontaudit_send_virt_client_packets" lineno="95949">
 <summary>
 Do not audit attempts to send virt_client packets.
 </summary>
@@ -64125,7 +66966,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_virt_client_packets" lineno="71158">
+<interface name="corenet_receive_virt_client_packets" lineno="95968">
 <summary>
 Receive virt_client packets.
 </summary>
@@ -64136,7 +66977,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_virt_client_packets" lineno="71177">
+<interface name="corenet_dontaudit_receive_virt_client_packets" lineno="95987">
 <summary>
 Do not audit attempts to receive virt_client packets.
 </summary>
@@ -64147,7 +66988,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_virt_client_packets" lineno="71196">
+<interface name="corenet_sendrecv_virt_client_packets" lineno="96006">
 <summary>
 Send and receive virt_client packets.
 </summary>
@@ -64158,7 +66999,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_virt_client_packets" lineno="71212">
+<interface name="corenet_dontaudit_sendrecv_virt_client_packets" lineno="96022">
 <summary>
 Do not audit attempts to send and receive virt_client packets.
 </summary>
@@ -64169,7 +67010,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_virt_client_packets" lineno="71227">
+<interface name="corenet_relabelto_virt_client_packets" lineno="96037">
 <summary>
 Relabel packets to virt_client the packet type.
 </summary>
@@ -64179,7 +67020,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_virt_server_packets" lineno="71247">
+<interface name="corenet_send_virt_server_packets" lineno="96057">
 <summary>
 Send virt_server packets.
 </summary>
@@ -64190,7 +67031,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_virt_server_packets" lineno="71266">
+<interface name="corenet_dontaudit_send_virt_server_packets" lineno="96076">
 <summary>
 Do not audit attempts to send virt_server packets.
 </summary>
@@ -64201,7 +67042,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_virt_server_packets" lineno="71285">
+<interface name="corenet_receive_virt_server_packets" lineno="96095">
 <summary>
 Receive virt_server packets.
 </summary>
@@ -64212,7 +67053,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_virt_server_packets" lineno="71304">
+<interface name="corenet_dontaudit_receive_virt_server_packets" lineno="96114">
 <summary>
 Do not audit attempts to receive virt_server packets.
 </summary>
@@ -64223,7 +67064,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_virt_server_packets" lineno="71323">
+<interface name="corenet_sendrecv_virt_server_packets" lineno="96133">
 <summary>
 Send and receive virt_server packets.
 </summary>
@@ -64234,7 +67075,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_virt_server_packets" lineno="71339">
+<interface name="corenet_dontaudit_sendrecv_virt_server_packets" lineno="96149">
 <summary>
 Do not audit attempts to send and receive virt_server packets.
 </summary>
@@ -64245,7 +67086,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_virt_server_packets" lineno="71354">
+<interface name="corenet_relabelto_virt_server_packets" lineno="96164">
 <summary>
 Relabel packets to virt_server the packet type.
 </summary>
@@ -64255,7 +67096,269 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_virt_migration_port" lineno="71376">
+<interface name="corenet_tcp_sendrecv_virtual_places_port" lineno="96186">
+<summary>
+Send and receive TCP traffic on the virtual_places port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_virtual_places_port" lineno="96205">
+<summary>
+Send UDP traffic on the virtual_places port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_virtual_places_port" lineno="96224">
+<summary>
+Do not audit attempts to send UDP traffic on the virtual_places port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_virtual_places_port" lineno="96243">
+<summary>
+Receive UDP traffic on the virtual_places port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_virtual_places_port" lineno="96262">
+<summary>
+Do not audit attempts to receive UDP traffic on the virtual_places port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_virtual_places_port" lineno="96281">
+<summary>
+Send and receive UDP traffic on the virtual_places port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_virtual_places_port" lineno="96298">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the virtual_places port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_virtual_places_port" lineno="96314">
+<summary>
+Bind TCP sockets to the virtual_places port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_virtual_places_port" lineno="96334">
+<summary>
+Bind UDP sockets to the virtual_places port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_virtual_places_port" lineno="96353">
+<summary>
+Make a TCP connection to the virtual_places port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_virtual_places_client_packets" lineno="96373">
+<summary>
+Send virtual_places_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_virtual_places_client_packets" lineno="96392">
+<summary>
+Do not audit attempts to send virtual_places_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_virtual_places_client_packets" lineno="96411">
+<summary>
+Receive virtual_places_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_virtual_places_client_packets" lineno="96430">
+<summary>
+Do not audit attempts to receive virtual_places_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_virtual_places_client_packets" lineno="96449">
+<summary>
+Send and receive virtual_places_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_virtual_places_client_packets" lineno="96465">
+<summary>
+Do not audit attempts to send and receive virtual_places_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_virtual_places_client_packets" lineno="96480">
+<summary>
+Relabel packets to virtual_places_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_virtual_places_server_packets" lineno="96500">
+<summary>
+Send virtual_places_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_virtual_places_server_packets" lineno="96519">
+<summary>
+Do not audit attempts to send virtual_places_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_virtual_places_server_packets" lineno="96538">
+<summary>
+Receive virtual_places_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_virtual_places_server_packets" lineno="96557">
+<summary>
+Do not audit attempts to receive virtual_places_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_virtual_places_server_packets" lineno="96576">
+<summary>
+Send and receive virtual_places_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_virtual_places_server_packets" lineno="96592">
+<summary>
+Do not audit attempts to send and receive virtual_places_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_virtual_places_server_packets" lineno="96607">
+<summary>
+Relabel packets to virtual_places_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_virt_migration_port" lineno="96629">
 <summary>
 Send and receive TCP traffic on the virt_migration port.
 </summary>
@@ -64266,7 +67369,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_virt_migration_port" lineno="71395">
+<interface name="corenet_udp_send_virt_migration_port" lineno="96648">
 <summary>
 Send UDP traffic on the virt_migration port.
 </summary>
@@ -64277,7 +67380,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_virt_migration_port" lineno="71414">
+<interface name="corenet_dontaudit_udp_send_virt_migration_port" lineno="96667">
 <summary>
 Do not audit attempts to send UDP traffic on the virt_migration port.
 </summary>
@@ -64288,7 +67391,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_virt_migration_port" lineno="71433">
+<interface name="corenet_udp_receive_virt_migration_port" lineno="96686">
 <summary>
 Receive UDP traffic on the virt_migration port.
 </summary>
@@ -64299,7 +67402,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_virt_migration_port" lineno="71452">
+<interface name="corenet_dontaudit_udp_receive_virt_migration_port" lineno="96705">
 <summary>
 Do not audit attempts to receive UDP traffic on the virt_migration port.
 </summary>
@@ -64310,7 +67413,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_virt_migration_port" lineno="71471">
+<interface name="corenet_udp_sendrecv_virt_migration_port" lineno="96724">
 <summary>
 Send and receive UDP traffic on the virt_migration port.
 </summary>
@@ -64321,7 +67424,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_virt_migration_port" lineno="71488">
+<interface name="corenet_dontaudit_udp_sendrecv_virt_migration_port" lineno="96741">
 <summary>
 Do not audit attempts to send and receive
 UDP traffic on the virt_migration port.
@@ -64333,7 +67436,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_virt_migration_port" lineno="71504">
+<interface name="corenet_tcp_bind_virt_migration_port" lineno="96757">
 <summary>
 Bind TCP sockets to the virt_migration port.
 </summary>
@@ -64344,7 +67447,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_virt_migration_port" lineno="71524">
+<interface name="corenet_udp_bind_virt_migration_port" lineno="96777">
 <summary>
 Bind UDP sockets to the virt_migration port.
 </summary>
@@ -64355,7 +67458,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_virt_migration_port" lineno="71543">
+<interface name="corenet_tcp_connect_virt_migration_port" lineno="96796">
 <summary>
 Make a TCP connection to the virt_migration port.
 </summary>
@@ -64365,7 +67468,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_virt_migration_client_packets" lineno="71563">
+<interface name="corenet_send_virt_migration_client_packets" lineno="96816">
 <summary>
 Send virt_migration_client packets.
 </summary>
@@ -64376,7 +67479,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_virt_migration_client_packets" lineno="71582">
+<interface name="corenet_dontaudit_send_virt_migration_client_packets" lineno="96835">
 <summary>
 Do not audit attempts to send virt_migration_client packets.
 </summary>
@@ -64387,7 +67490,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_virt_migration_client_packets" lineno="71601">
+<interface name="corenet_receive_virt_migration_client_packets" lineno="96854">
 <summary>
 Receive virt_migration_client packets.
 </summary>
@@ -64398,7 +67501,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_virt_migration_client_packets" lineno="71620">
+<interface name="corenet_dontaudit_receive_virt_migration_client_packets" lineno="96873">
 <summary>
 Do not audit attempts to receive virt_migration_client packets.
 </summary>
@@ -64409,7 +67512,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_virt_migration_client_packets" lineno="71639">
+<interface name="corenet_sendrecv_virt_migration_client_packets" lineno="96892">
 <summary>
 Send and receive virt_migration_client packets.
 </summary>
@@ -64420,7 +67523,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_virt_migration_client_packets" lineno="71655">
+<interface name="corenet_dontaudit_sendrecv_virt_migration_client_packets" lineno="96908">
 <summary>
 Do not audit attempts to send and receive virt_migration_client packets.
 </summary>
@@ -64431,7 +67534,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_virt_migration_client_packets" lineno="71670">
+<interface name="corenet_relabelto_virt_migration_client_packets" lineno="96923">
 <summary>
 Relabel packets to virt_migration_client the packet type.
 </summary>
@@ -64441,7 +67544,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_virt_migration_server_packets" lineno="71690">
+<interface name="corenet_send_virt_migration_server_packets" lineno="96943">
 <summary>
 Send virt_migration_server packets.
 </summary>
@@ -64452,7 +67555,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_virt_migration_server_packets" lineno="71709">
+<interface name="corenet_dontaudit_send_virt_migration_server_packets" lineno="96962">
 <summary>
 Do not audit attempts to send virt_migration_server packets.
 </summary>
@@ -64463,7 +67566,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_virt_migration_server_packets" lineno="71728">
+<interface name="corenet_receive_virt_migration_server_packets" lineno="96981">
 <summary>
 Receive virt_migration_server packets.
 </summary>
@@ -64474,7 +67577,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_virt_migration_server_packets" lineno="71747">
+<interface name="corenet_dontaudit_receive_virt_migration_server_packets" lineno="97000">
 <summary>
 Do not audit attempts to receive virt_migration_server packets.
 </summary>
@@ -64485,7 +67588,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_virt_migration_server_packets" lineno="71766">
+<interface name="corenet_sendrecv_virt_migration_server_packets" lineno="97019">
 <summary>
 Send and receive virt_migration_server packets.
 </summary>
@@ -64496,7 +67599,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_virt_migration_server_packets" lineno="71782">
+<interface name="corenet_dontaudit_sendrecv_virt_migration_server_packets" lineno="97035">
 <summary>
 Do not audit attempts to send and receive virt_migration_server packets.
 </summary>
@@ -64507,7 +67610,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_virt_migration_server_packets" lineno="71797">
+<interface name="corenet_relabelto_virt_migration_server_packets" lineno="97050">
 <summary>
 Relabel packets to virt_migration_server the packet type.
 </summary>
@@ -64517,7 +67620,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_vnc_port" lineno="71819">
+<interface name="corenet_tcp_sendrecv_vnc_port" lineno="97072">
 <summary>
 Send and receive TCP traffic on the vnc port.
 </summary>
@@ -64528,7 +67631,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_vnc_port" lineno="71838">
+<interface name="corenet_udp_send_vnc_port" lineno="97091">
 <summary>
 Send UDP traffic on the vnc port.
 </summary>
@@ -64539,7 +67642,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_vnc_port" lineno="71857">
+<interface name="corenet_dontaudit_udp_send_vnc_port" lineno="97110">
 <summary>
 Do not audit attempts to send UDP traffic on the vnc port.
 </summary>
@@ -64550,7 +67653,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_vnc_port" lineno="71876">
+<interface name="corenet_udp_receive_vnc_port" lineno="97129">
 <summary>
 Receive UDP traffic on the vnc port.
 </summary>
@@ -64561,7 +67664,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_vnc_port" lineno="71895">
+<interface name="corenet_dontaudit_udp_receive_vnc_port" lineno="97148">
 <summary>
 Do not audit attempts to receive UDP traffic on the vnc port.
 </summary>
@@ -64572,7 +67675,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_vnc_port" lineno="71914">
+<interface name="corenet_udp_sendrecv_vnc_port" lineno="97167">
 <summary>
 Send and receive UDP traffic on the vnc port.
 </summary>
@@ -64583,7 +67686,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_vnc_port" lineno="71931">
+<interface name="corenet_dontaudit_udp_sendrecv_vnc_port" lineno="97184">
 <summary>
 Do not audit attempts to send and receive
 UDP traffic on the vnc port.
@@ -64595,7 +67698,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_vnc_port" lineno="71947">
+<interface name="corenet_tcp_bind_vnc_port" lineno="97200">
 <summary>
 Bind TCP sockets to the vnc port.
 </summary>
@@ -64606,7 +67709,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_vnc_port" lineno="71967">
+<interface name="corenet_udp_bind_vnc_port" lineno="97220">
 <summary>
 Bind UDP sockets to the vnc port.
 </summary>
@@ -64617,7 +67720,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_vnc_port" lineno="71986">
+<interface name="corenet_tcp_connect_vnc_port" lineno="97239">
 <summary>
 Make a TCP connection to the vnc port.
 </summary>
@@ -64627,7 +67730,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_vnc_client_packets" lineno="72006">
+<interface name="corenet_send_vnc_client_packets" lineno="97259">
 <summary>
 Send vnc_client packets.
 </summary>
@@ -64638,7 +67741,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_vnc_client_packets" lineno="72025">
+<interface name="corenet_dontaudit_send_vnc_client_packets" lineno="97278">
 <summary>
 Do not audit attempts to send vnc_client packets.
 </summary>
@@ -64649,7 +67752,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_vnc_client_packets" lineno="72044">
+<interface name="corenet_receive_vnc_client_packets" lineno="97297">
 <summary>
 Receive vnc_client packets.
 </summary>
@@ -64660,7 +67763,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_vnc_client_packets" lineno="72063">
+<interface name="corenet_dontaudit_receive_vnc_client_packets" lineno="97316">
 <summary>
 Do not audit attempts to receive vnc_client packets.
 </summary>
@@ -64671,7 +67774,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_vnc_client_packets" lineno="72082">
+<interface name="corenet_sendrecv_vnc_client_packets" lineno="97335">
 <summary>
 Send and receive vnc_client packets.
 </summary>
@@ -64682,7 +67785,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_vnc_client_packets" lineno="72098">
+<interface name="corenet_dontaudit_sendrecv_vnc_client_packets" lineno="97351">
 <summary>
 Do not audit attempts to send and receive vnc_client packets.
 </summary>
@@ -64693,7 +67796,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_vnc_client_packets" lineno="72113">
+<interface name="corenet_relabelto_vnc_client_packets" lineno="97366">
 <summary>
 Relabel packets to vnc_client the packet type.
 </summary>
@@ -64703,7 +67806,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_vnc_server_packets" lineno="72133">
+<interface name="corenet_send_vnc_server_packets" lineno="97386">
 <summary>
 Send vnc_server packets.
 </summary>
@@ -64714,7 +67817,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_vnc_server_packets" lineno="72152">
+<interface name="corenet_dontaudit_send_vnc_server_packets" lineno="97405">
 <summary>
 Do not audit attempts to send vnc_server packets.
 </summary>
@@ -64725,7 +67828,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_vnc_server_packets" lineno="72171">
+<interface name="corenet_receive_vnc_server_packets" lineno="97424">
 <summary>
 Receive vnc_server packets.
 </summary>
@@ -64736,7 +67839,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_vnc_server_packets" lineno="72190">
+<interface name="corenet_dontaudit_receive_vnc_server_packets" lineno="97443">
 <summary>
 Do not audit attempts to receive vnc_server packets.
 </summary>
@@ -64747,7 +67850,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_vnc_server_packets" lineno="72209">
+<interface name="corenet_sendrecv_vnc_server_packets" lineno="97462">
 <summary>
 Send and receive vnc_server packets.
 </summary>
@@ -64758,7 +67861,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_vnc_server_packets" lineno="72225">
+<interface name="corenet_dontaudit_sendrecv_vnc_server_packets" lineno="97478">
 <summary>
 Do not audit attempts to send and receive vnc_server packets.
 </summary>
@@ -64769,7 +67872,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_vnc_server_packets" lineno="72240">
+<interface name="corenet_relabelto_vnc_server_packets" lineno="97493">
 <summary>
 Relabel packets to vnc_server the packet type.
 </summary>
@@ -64779,7 +67882,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_wccp_port" lineno="72262">
+<interface name="corenet_tcp_sendrecv_wccp_port" lineno="97515">
 <summary>
 Send and receive TCP traffic on the wccp port.
 </summary>
@@ -64790,7 +67893,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_wccp_port" lineno="72281">
+<interface name="corenet_udp_send_wccp_port" lineno="97534">
 <summary>
 Send UDP traffic on the wccp port.
 </summary>
@@ -64801,7 +67904,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_wccp_port" lineno="72300">
+<interface name="corenet_dontaudit_udp_send_wccp_port" lineno="97553">
 <summary>
 Do not audit attempts to send UDP traffic on the wccp port.
 </summary>
@@ -64812,7 +67915,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_wccp_port" lineno="72319">
+<interface name="corenet_udp_receive_wccp_port" lineno="97572">
 <summary>
 Receive UDP traffic on the wccp port.
 </summary>
@@ -64823,7 +67926,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_wccp_port" lineno="72338">
+<interface name="corenet_dontaudit_udp_receive_wccp_port" lineno="97591">
 <summary>
 Do not audit attempts to receive UDP traffic on the wccp port.
 </summary>
@@ -64834,7 +67937,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_wccp_port" lineno="72357">
+<interface name="corenet_udp_sendrecv_wccp_port" lineno="97610">
 <summary>
 Send and receive UDP traffic on the wccp port.
 </summary>
@@ -64845,7 +67948,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_wccp_port" lineno="72374">
+<interface name="corenet_dontaudit_udp_sendrecv_wccp_port" lineno="97627">
 <summary>
 Do not audit attempts to send and receive
 UDP traffic on the wccp port.
@@ -64857,7 +67960,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_wccp_port" lineno="72390">
+<interface name="corenet_tcp_bind_wccp_port" lineno="97643">
 <summary>
 Bind TCP sockets to the wccp port.
 </summary>
@@ -64868,7 +67971,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_wccp_port" lineno="72410">
+<interface name="corenet_udp_bind_wccp_port" lineno="97663">
 <summary>
 Bind UDP sockets to the wccp port.
 </summary>
@@ -64879,7 +67982,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_wccp_port" lineno="72429">
+<interface name="corenet_tcp_connect_wccp_port" lineno="97682">
 <summary>
 Make a TCP connection to the wccp port.
 </summary>
@@ -64889,7 +67992,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_wccp_client_packets" lineno="72449">
+<interface name="corenet_send_wccp_client_packets" lineno="97702">
 <summary>
 Send wccp_client packets.
 </summary>
@@ -64900,7 +68003,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_wccp_client_packets" lineno="72468">
+<interface name="corenet_dontaudit_send_wccp_client_packets" lineno="97721">
 <summary>
 Do not audit attempts to send wccp_client packets.
 </summary>
@@ -64911,7 +68014,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_wccp_client_packets" lineno="72487">
+<interface name="corenet_receive_wccp_client_packets" lineno="97740">
 <summary>
 Receive wccp_client packets.
 </summary>
@@ -64922,7 +68025,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_wccp_client_packets" lineno="72506">
+<interface name="corenet_dontaudit_receive_wccp_client_packets" lineno="97759">
 <summary>
 Do not audit attempts to receive wccp_client packets.
 </summary>
@@ -64933,7 +68036,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_wccp_client_packets" lineno="72525">
+<interface name="corenet_sendrecv_wccp_client_packets" lineno="97778">
 <summary>
 Send and receive wccp_client packets.
 </summary>
@@ -64944,7 +68047,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_wccp_client_packets" lineno="72541">
+<interface name="corenet_dontaudit_sendrecv_wccp_client_packets" lineno="97794">
 <summary>
 Do not audit attempts to send and receive wccp_client packets.
 </summary>
@@ -64955,7 +68058,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_wccp_client_packets" lineno="72556">
+<interface name="corenet_relabelto_wccp_client_packets" lineno="97809">
 <summary>
 Relabel packets to wccp_client the packet type.
 </summary>
@@ -64965,7 +68068,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_wccp_server_packets" lineno="72576">
+<interface name="corenet_send_wccp_server_packets" lineno="97829">
 <summary>
 Send wccp_server packets.
 </summary>
@@ -64976,7 +68079,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_wccp_server_packets" lineno="72595">
+<interface name="corenet_dontaudit_send_wccp_server_packets" lineno="97848">
 <summary>
 Do not audit attempts to send wccp_server packets.
 </summary>
@@ -64987,7 +68090,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_wccp_server_packets" lineno="72614">
+<interface name="corenet_receive_wccp_server_packets" lineno="97867">
 <summary>
 Receive wccp_server packets.
 </summary>
@@ -64998,7 +68101,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_wccp_server_packets" lineno="72633">
+<interface name="corenet_dontaudit_receive_wccp_server_packets" lineno="97886">
 <summary>
 Do not audit attempts to receive wccp_server packets.
 </summary>
@@ -65009,7 +68112,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_wccp_server_packets" lineno="72652">
+<interface name="corenet_sendrecv_wccp_server_packets" lineno="97905">
 <summary>
 Send and receive wccp_server packets.
 </summary>
@@ -65020,7 +68123,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_wccp_server_packets" lineno="72668">
+<interface name="corenet_dontaudit_sendrecv_wccp_server_packets" lineno="97921">
 <summary>
 Do not audit attempts to send and receive wccp_server packets.
 </summary>
@@ -65031,7 +68134,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_wccp_server_packets" lineno="72683">
+<interface name="corenet_relabelto_wccp_server_packets" lineno="97936">
 <summary>
 Relabel packets to wccp_server the packet type.
 </summary>
@@ -65041,7 +68144,269 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_whois_port" lineno="72705">
+<interface name="corenet_tcp_sendrecv_websm_port" lineno="97958">
+<summary>
+Send and receive TCP traffic on the websm port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_websm_port" lineno="97977">
+<summary>
+Send UDP traffic on the websm port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_websm_port" lineno="97996">
+<summary>
+Do not audit attempts to send UDP traffic on the websm port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_websm_port" lineno="98015">
+<summary>
+Receive UDP traffic on the websm port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_websm_port" lineno="98034">
+<summary>
+Do not audit attempts to receive UDP traffic on the websm port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_websm_port" lineno="98053">
+<summary>
+Send and receive UDP traffic on the websm port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_websm_port" lineno="98070">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the websm port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_websm_port" lineno="98086">
+<summary>
+Bind TCP sockets to the websm port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_websm_port" lineno="98106">
+<summary>
+Bind UDP sockets to the websm port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_websm_port" lineno="98125">
+<summary>
+Make a TCP connection to the websm port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_websm_client_packets" lineno="98145">
+<summary>
+Send websm_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_websm_client_packets" lineno="98164">
+<summary>
+Do not audit attempts to send websm_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_websm_client_packets" lineno="98183">
+<summary>
+Receive websm_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_websm_client_packets" lineno="98202">
+<summary>
+Do not audit attempts to receive websm_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_websm_client_packets" lineno="98221">
+<summary>
+Send and receive websm_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_websm_client_packets" lineno="98237">
+<summary>
+Do not audit attempts to send and receive websm_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_websm_client_packets" lineno="98252">
+<summary>
+Relabel packets to websm_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_websm_server_packets" lineno="98272">
+<summary>
+Send websm_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_websm_server_packets" lineno="98291">
+<summary>
+Do not audit attempts to send websm_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_websm_server_packets" lineno="98310">
+<summary>
+Receive websm_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_websm_server_packets" lineno="98329">
+<summary>
+Do not audit attempts to receive websm_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_websm_server_packets" lineno="98348">
+<summary>
+Send and receive websm_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_websm_server_packets" lineno="98364">
+<summary>
+Do not audit attempts to send and receive websm_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_websm_server_packets" lineno="98379">
+<summary>
+Relabel packets to websm_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_whois_port" lineno="98401">
 <summary>
 Send and receive TCP traffic on the whois port.
 </summary>
@@ -65052,7 +68417,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_whois_port" lineno="72724">
+<interface name="corenet_udp_send_whois_port" lineno="98420">
 <summary>
 Send UDP traffic on the whois port.
 </summary>
@@ -65063,7 +68428,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_whois_port" lineno="72743">
+<interface name="corenet_dontaudit_udp_send_whois_port" lineno="98439">
 <summary>
 Do not audit attempts to send UDP traffic on the whois port.
 </summary>
@@ -65074,7 +68439,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_whois_port" lineno="72762">
+<interface name="corenet_udp_receive_whois_port" lineno="98458">
 <summary>
 Receive UDP traffic on the whois port.
 </summary>
@@ -65085,7 +68450,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_whois_port" lineno="72781">
+<interface name="corenet_dontaudit_udp_receive_whois_port" lineno="98477">
 <summary>
 Do not audit attempts to receive UDP traffic on the whois port.
 </summary>
@@ -65096,7 +68461,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_whois_port" lineno="72800">
+<interface name="corenet_udp_sendrecv_whois_port" lineno="98496">
 <summary>
 Send and receive UDP traffic on the whois port.
 </summary>
@@ -65107,7 +68472,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_whois_port" lineno="72817">
+<interface name="corenet_dontaudit_udp_sendrecv_whois_port" lineno="98513">
 <summary>
 Do not audit attempts to send and receive
 UDP traffic on the whois port.
@@ -65119,7 +68484,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_whois_port" lineno="72833">
+<interface name="corenet_tcp_bind_whois_port" lineno="98529">
 <summary>
 Bind TCP sockets to the whois port.
 </summary>
@@ -65130,7 +68495,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_whois_port" lineno="72853">
+<interface name="corenet_udp_bind_whois_port" lineno="98549">
 <summary>
 Bind UDP sockets to the whois port.
 </summary>
@@ -65141,7 +68506,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_whois_port" lineno="72872">
+<interface name="corenet_tcp_connect_whois_port" lineno="98568">
 <summary>
 Make a TCP connection to the whois port.
 </summary>
@@ -65151,7 +68516,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_whois_client_packets" lineno="72892">
+<interface name="corenet_send_whois_client_packets" lineno="98588">
 <summary>
 Send whois_client packets.
 </summary>
@@ -65162,7 +68527,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_whois_client_packets" lineno="72911">
+<interface name="corenet_dontaudit_send_whois_client_packets" lineno="98607">
 <summary>
 Do not audit attempts to send whois_client packets.
 </summary>
@@ -65173,7 +68538,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_whois_client_packets" lineno="72930">
+<interface name="corenet_receive_whois_client_packets" lineno="98626">
 <summary>
 Receive whois_client packets.
 </summary>
@@ -65184,7 +68549,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_whois_client_packets" lineno="72949">
+<interface name="corenet_dontaudit_receive_whois_client_packets" lineno="98645">
 <summary>
 Do not audit attempts to receive whois_client packets.
 </summary>
@@ -65195,7 +68560,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_whois_client_packets" lineno="72968">
+<interface name="corenet_sendrecv_whois_client_packets" lineno="98664">
 <summary>
 Send and receive whois_client packets.
 </summary>
@@ -65206,7 +68571,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_whois_client_packets" lineno="72984">
+<interface name="corenet_dontaudit_sendrecv_whois_client_packets" lineno="98680">
 <summary>
 Do not audit attempts to send and receive whois_client packets.
 </summary>
@@ -65217,7 +68582,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_whois_client_packets" lineno="72999">
+<interface name="corenet_relabelto_whois_client_packets" lineno="98695">
 <summary>
 Relabel packets to whois_client the packet type.
 </summary>
@@ -65227,7 +68592,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_whois_server_packets" lineno="73019">
+<interface name="corenet_send_whois_server_packets" lineno="98715">
 <summary>
 Send whois_server packets.
 </summary>
@@ -65238,7 +68603,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_whois_server_packets" lineno="73038">
+<interface name="corenet_dontaudit_send_whois_server_packets" lineno="98734">
 <summary>
 Do not audit attempts to send whois_server packets.
 </summary>
@@ -65249,7 +68614,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_whois_server_packets" lineno="73057">
+<interface name="corenet_receive_whois_server_packets" lineno="98753">
 <summary>
 Receive whois_server packets.
 </summary>
@@ -65260,7 +68625,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_whois_server_packets" lineno="73076">
+<interface name="corenet_dontaudit_receive_whois_server_packets" lineno="98772">
 <summary>
 Do not audit attempts to receive whois_server packets.
 </summary>
@@ -65271,7 +68636,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_whois_server_packets" lineno="73095">
+<interface name="corenet_sendrecv_whois_server_packets" lineno="98791">
 <summary>
 Send and receive whois_server packets.
 </summary>
@@ -65282,7 +68647,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_whois_server_packets" lineno="73111">
+<interface name="corenet_dontaudit_sendrecv_whois_server_packets" lineno="98807">
 <summary>
 Do not audit attempts to send and receive whois_server packets.
 </summary>
@@ -65293,7 +68658,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_whois_server_packets" lineno="73126">
+<interface name="corenet_relabelto_whois_server_packets" lineno="98822">
 <summary>
 Relabel packets to whois_server the packet type.
 </summary>
@@ -65303,7 +68668,793 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_xdmcp_port" lineno="73148">
+<interface name="corenet_tcp_sendrecv_winshadow_port" lineno="98844">
+<summary>
+Send and receive TCP traffic on the winshadow port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_winshadow_port" lineno="98863">
+<summary>
+Send UDP traffic on the winshadow port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_winshadow_port" lineno="98882">
+<summary>
+Do not audit attempts to send UDP traffic on the winshadow port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_winshadow_port" lineno="98901">
+<summary>
+Receive UDP traffic on the winshadow port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_winshadow_port" lineno="98920">
+<summary>
+Do not audit attempts to receive UDP traffic on the winshadow port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_winshadow_port" lineno="98939">
+<summary>
+Send and receive UDP traffic on the winshadow port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_winshadow_port" lineno="98956">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the winshadow port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_winshadow_port" lineno="98972">
+<summary>
+Bind TCP sockets to the winshadow port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_winshadow_port" lineno="98992">
+<summary>
+Bind UDP sockets to the winshadow port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_winshadow_port" lineno="99011">
+<summary>
+Make a TCP connection to the winshadow port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_winshadow_client_packets" lineno="99031">
+<summary>
+Send winshadow_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_winshadow_client_packets" lineno="99050">
+<summary>
+Do not audit attempts to send winshadow_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_winshadow_client_packets" lineno="99069">
+<summary>
+Receive winshadow_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_winshadow_client_packets" lineno="99088">
+<summary>
+Do not audit attempts to receive winshadow_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_winshadow_client_packets" lineno="99107">
+<summary>
+Send and receive winshadow_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_winshadow_client_packets" lineno="99123">
+<summary>
+Do not audit attempts to send and receive winshadow_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_winshadow_client_packets" lineno="99138">
+<summary>
+Relabel packets to winshadow_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_winshadow_server_packets" lineno="99158">
+<summary>
+Send winshadow_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_winshadow_server_packets" lineno="99177">
+<summary>
+Do not audit attempts to send winshadow_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_winshadow_server_packets" lineno="99196">
+<summary>
+Receive winshadow_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_winshadow_server_packets" lineno="99215">
+<summary>
+Do not audit attempts to receive winshadow_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_winshadow_server_packets" lineno="99234">
+<summary>
+Send and receive winshadow_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_winshadow_server_packets" lineno="99250">
+<summary>
+Do not audit attempts to send and receive winshadow_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_winshadow_server_packets" lineno="99265">
+<summary>
+Relabel packets to winshadow_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_wsdapi_port" lineno="99287">
+<summary>
+Send and receive TCP traffic on the wsdapi port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_wsdapi_port" lineno="99306">
+<summary>
+Send UDP traffic on the wsdapi port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_wsdapi_port" lineno="99325">
+<summary>
+Do not audit attempts to send UDP traffic on the wsdapi port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_wsdapi_port" lineno="99344">
+<summary>
+Receive UDP traffic on the wsdapi port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_wsdapi_port" lineno="99363">
+<summary>
+Do not audit attempts to receive UDP traffic on the wsdapi port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_wsdapi_port" lineno="99382">
+<summary>
+Send and receive UDP traffic on the wsdapi port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_wsdapi_port" lineno="99399">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the wsdapi port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_wsdapi_port" lineno="99415">
+<summary>
+Bind TCP sockets to the wsdapi port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_wsdapi_port" lineno="99435">
+<summary>
+Bind UDP sockets to the wsdapi port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_wsdapi_port" lineno="99454">
+<summary>
+Make a TCP connection to the wsdapi port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_wsdapi_client_packets" lineno="99474">
+<summary>
+Send wsdapi_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_wsdapi_client_packets" lineno="99493">
+<summary>
+Do not audit attempts to send wsdapi_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_wsdapi_client_packets" lineno="99512">
+<summary>
+Receive wsdapi_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_wsdapi_client_packets" lineno="99531">
+<summary>
+Do not audit attempts to receive wsdapi_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_wsdapi_client_packets" lineno="99550">
+<summary>
+Send and receive wsdapi_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_wsdapi_client_packets" lineno="99566">
+<summary>
+Do not audit attempts to send and receive wsdapi_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_wsdapi_client_packets" lineno="99581">
+<summary>
+Relabel packets to wsdapi_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_wsdapi_server_packets" lineno="99601">
+<summary>
+Send wsdapi_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_wsdapi_server_packets" lineno="99620">
+<summary>
+Do not audit attempts to send wsdapi_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_wsdapi_server_packets" lineno="99639">
+<summary>
+Receive wsdapi_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_wsdapi_server_packets" lineno="99658">
+<summary>
+Do not audit attempts to receive wsdapi_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_wsdapi_server_packets" lineno="99677">
+<summary>
+Send and receive wsdapi_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_wsdapi_server_packets" lineno="99693">
+<summary>
+Do not audit attempts to send and receive wsdapi_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_wsdapi_server_packets" lineno="99708">
+<summary>
+Relabel packets to wsdapi_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_wsicopy_port" lineno="99730">
+<summary>
+Send and receive TCP traffic on the wsicopy port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_wsicopy_port" lineno="99749">
+<summary>
+Send UDP traffic on the wsicopy port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_wsicopy_port" lineno="99768">
+<summary>
+Do not audit attempts to send UDP traffic on the wsicopy port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_wsicopy_port" lineno="99787">
+<summary>
+Receive UDP traffic on the wsicopy port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_wsicopy_port" lineno="99806">
+<summary>
+Do not audit attempts to receive UDP traffic on the wsicopy port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_wsicopy_port" lineno="99825">
+<summary>
+Send and receive UDP traffic on the wsicopy port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_wsicopy_port" lineno="99842">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the wsicopy port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_wsicopy_port" lineno="99858">
+<summary>
+Bind TCP sockets to the wsicopy port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_wsicopy_port" lineno="99878">
+<summary>
+Bind UDP sockets to the wsicopy port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_wsicopy_port" lineno="99897">
+<summary>
+Make a TCP connection to the wsicopy port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_wsicopy_client_packets" lineno="99917">
+<summary>
+Send wsicopy_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_wsicopy_client_packets" lineno="99936">
+<summary>
+Do not audit attempts to send wsicopy_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_wsicopy_client_packets" lineno="99955">
+<summary>
+Receive wsicopy_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_wsicopy_client_packets" lineno="99974">
+<summary>
+Do not audit attempts to receive wsicopy_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_wsicopy_client_packets" lineno="99993">
+<summary>
+Send and receive wsicopy_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_wsicopy_client_packets" lineno="100009">
+<summary>
+Do not audit attempts to send and receive wsicopy_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_wsicopy_client_packets" lineno="100024">
+<summary>
+Relabel packets to wsicopy_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_wsicopy_server_packets" lineno="100044">
+<summary>
+Send wsicopy_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_wsicopy_server_packets" lineno="100063">
+<summary>
+Do not audit attempts to send wsicopy_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_wsicopy_server_packets" lineno="100082">
+<summary>
+Receive wsicopy_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_wsicopy_server_packets" lineno="100101">
+<summary>
+Do not audit attempts to receive wsicopy_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_wsicopy_server_packets" lineno="100120">
+<summary>
+Send and receive wsicopy_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_wsicopy_server_packets" lineno="100136">
+<summary>
+Do not audit attempts to send and receive wsicopy_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_wsicopy_server_packets" lineno="100151">
+<summary>
+Relabel packets to wsicopy_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_xdmcp_port" lineno="100173">
 <summary>
 Send and receive TCP traffic on the xdmcp port.
 </summary>
@@ -65314,7 +69465,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_xdmcp_port" lineno="73167">
+<interface name="corenet_udp_send_xdmcp_port" lineno="100192">
 <summary>
 Send UDP traffic on the xdmcp port.
 </summary>
@@ -65325,7 +69476,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_xdmcp_port" lineno="73186">
+<interface name="corenet_dontaudit_udp_send_xdmcp_port" lineno="100211">
 <summary>
 Do not audit attempts to send UDP traffic on the xdmcp port.
 </summary>
@@ -65336,7 +69487,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_xdmcp_port" lineno="73205">
+<interface name="corenet_udp_receive_xdmcp_port" lineno="100230">
 <summary>
 Receive UDP traffic on the xdmcp port.
 </summary>
@@ -65347,7 +69498,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_xdmcp_port" lineno="73224">
+<interface name="corenet_dontaudit_udp_receive_xdmcp_port" lineno="100249">
 <summary>
 Do not audit attempts to receive UDP traffic on the xdmcp port.
 </summary>
@@ -65358,7 +69509,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_xdmcp_port" lineno="73243">
+<interface name="corenet_udp_sendrecv_xdmcp_port" lineno="100268">
 <summary>
 Send and receive UDP traffic on the xdmcp port.
 </summary>
@@ -65369,7 +69520,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_xdmcp_port" lineno="73260">
+<interface name="corenet_dontaudit_udp_sendrecv_xdmcp_port" lineno="100285">
 <summary>
 Do not audit attempts to send and receive
 UDP traffic on the xdmcp port.
@@ -65381,7 +69532,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_xdmcp_port" lineno="73276">
+<interface name="corenet_tcp_bind_xdmcp_port" lineno="100301">
 <summary>
 Bind TCP sockets to the xdmcp port.
 </summary>
@@ -65392,7 +69543,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_xdmcp_port" lineno="73296">
+<interface name="corenet_udp_bind_xdmcp_port" lineno="100321">
 <summary>
 Bind UDP sockets to the xdmcp port.
 </summary>
@@ -65403,7 +69554,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_xdmcp_port" lineno="73315">
+<interface name="corenet_tcp_connect_xdmcp_port" lineno="100340">
 <summary>
 Make a TCP connection to the xdmcp port.
 </summary>
@@ -65413,7 +69564,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_xdmcp_client_packets" lineno="73335">
+<interface name="corenet_send_xdmcp_client_packets" lineno="100360">
 <summary>
 Send xdmcp_client packets.
 </summary>
@@ -65424,7 +69575,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_xdmcp_client_packets" lineno="73354">
+<interface name="corenet_dontaudit_send_xdmcp_client_packets" lineno="100379">
 <summary>
 Do not audit attempts to send xdmcp_client packets.
 </summary>
@@ -65435,7 +69586,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_xdmcp_client_packets" lineno="73373">
+<interface name="corenet_receive_xdmcp_client_packets" lineno="100398">
 <summary>
 Receive xdmcp_client packets.
 </summary>
@@ -65446,7 +69597,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_xdmcp_client_packets" lineno="73392">
+<interface name="corenet_dontaudit_receive_xdmcp_client_packets" lineno="100417">
 <summary>
 Do not audit attempts to receive xdmcp_client packets.
 </summary>
@@ -65457,7 +69608,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_xdmcp_client_packets" lineno="73411">
+<interface name="corenet_sendrecv_xdmcp_client_packets" lineno="100436">
 <summary>
 Send and receive xdmcp_client packets.
 </summary>
@@ -65468,7 +69619,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_xdmcp_client_packets" lineno="73427">
+<interface name="corenet_dontaudit_sendrecv_xdmcp_client_packets" lineno="100452">
 <summary>
 Do not audit attempts to send and receive xdmcp_client packets.
 </summary>
@@ -65479,7 +69630,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_xdmcp_client_packets" lineno="73442">
+<interface name="corenet_relabelto_xdmcp_client_packets" lineno="100467">
 <summary>
 Relabel packets to xdmcp_client the packet type.
 </summary>
@@ -65489,7 +69640,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_xdmcp_server_packets" lineno="73462">
+<interface name="corenet_send_xdmcp_server_packets" lineno="100487">
 <summary>
 Send xdmcp_server packets.
 </summary>
@@ -65500,7 +69651,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_xdmcp_server_packets" lineno="73481">
+<interface name="corenet_dontaudit_send_xdmcp_server_packets" lineno="100506">
 <summary>
 Do not audit attempts to send xdmcp_server packets.
 </summary>
@@ -65511,7 +69662,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_xdmcp_server_packets" lineno="73500">
+<interface name="corenet_receive_xdmcp_server_packets" lineno="100525">
 <summary>
 Receive xdmcp_server packets.
 </summary>
@@ -65522,7 +69673,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_xdmcp_server_packets" lineno="73519">
+<interface name="corenet_dontaudit_receive_xdmcp_server_packets" lineno="100544">
 <summary>
 Do not audit attempts to receive xdmcp_server packets.
 </summary>
@@ -65533,7 +69684,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_xdmcp_server_packets" lineno="73538">
+<interface name="corenet_sendrecv_xdmcp_server_packets" lineno="100563">
 <summary>
 Send and receive xdmcp_server packets.
 </summary>
@@ -65544,7 +69695,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_xdmcp_server_packets" lineno="73554">
+<interface name="corenet_dontaudit_sendrecv_xdmcp_server_packets" lineno="100579">
 <summary>
 Do not audit attempts to send and receive xdmcp_server packets.
 </summary>
@@ -65555,7 +69706,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_xdmcp_server_packets" lineno="73569">
+<interface name="corenet_relabelto_xdmcp_server_packets" lineno="100594">
 <summary>
 Relabel packets to xdmcp_server the packet type.
 </summary>
@@ -65565,7 +69716,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_xen_port" lineno="73591">
+<interface name="corenet_tcp_sendrecv_xen_port" lineno="100616">
 <summary>
 Send and receive TCP traffic on the xen port.
 </summary>
@@ -65576,7 +69727,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_xen_port" lineno="73610">
+<interface name="corenet_udp_send_xen_port" lineno="100635">
 <summary>
 Send UDP traffic on the xen port.
 </summary>
@@ -65587,7 +69738,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_xen_port" lineno="73629">
+<interface name="corenet_dontaudit_udp_send_xen_port" lineno="100654">
 <summary>
 Do not audit attempts to send UDP traffic on the xen port.
 </summary>
@@ -65598,7 +69749,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_xen_port" lineno="73648">
+<interface name="corenet_udp_receive_xen_port" lineno="100673">
 <summary>
 Receive UDP traffic on the xen port.
 </summary>
@@ -65609,7 +69760,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_xen_port" lineno="73667">
+<interface name="corenet_dontaudit_udp_receive_xen_port" lineno="100692">
 <summary>
 Do not audit attempts to receive UDP traffic on the xen port.
 </summary>
@@ -65620,7 +69771,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_xen_port" lineno="73686">
+<interface name="corenet_udp_sendrecv_xen_port" lineno="100711">
 <summary>
 Send and receive UDP traffic on the xen port.
 </summary>
@@ -65631,7 +69782,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_xen_port" lineno="73703">
+<interface name="corenet_dontaudit_udp_sendrecv_xen_port" lineno="100728">
 <summary>
 Do not audit attempts to send and receive
 UDP traffic on the xen port.
@@ -65643,7 +69794,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_xen_port" lineno="73719">
+<interface name="corenet_tcp_bind_xen_port" lineno="100744">
 <summary>
 Bind TCP sockets to the xen port.
 </summary>
@@ -65654,7 +69805,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_xen_port" lineno="73739">
+<interface name="corenet_udp_bind_xen_port" lineno="100764">
 <summary>
 Bind UDP sockets to the xen port.
 </summary>
@@ -65665,7 +69816,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_xen_port" lineno="73758">
+<interface name="corenet_tcp_connect_xen_port" lineno="100783">
 <summary>
 Make a TCP connection to the xen port.
 </summary>
@@ -65675,7 +69826,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_xen_client_packets" lineno="73778">
+<interface name="corenet_send_xen_client_packets" lineno="100803">
 <summary>
 Send xen_client packets.
 </summary>
@@ -65686,7 +69837,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_xen_client_packets" lineno="73797">
+<interface name="corenet_dontaudit_send_xen_client_packets" lineno="100822">
 <summary>
 Do not audit attempts to send xen_client packets.
 </summary>
@@ -65697,7 +69848,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_xen_client_packets" lineno="73816">
+<interface name="corenet_receive_xen_client_packets" lineno="100841">
 <summary>
 Receive xen_client packets.
 </summary>
@@ -65708,7 +69859,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_xen_client_packets" lineno="73835">
+<interface name="corenet_dontaudit_receive_xen_client_packets" lineno="100860">
 <summary>
 Do not audit attempts to receive xen_client packets.
 </summary>
@@ -65719,7 +69870,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_xen_client_packets" lineno="73854">
+<interface name="corenet_sendrecv_xen_client_packets" lineno="100879">
 <summary>
 Send and receive xen_client packets.
 </summary>
@@ -65730,7 +69881,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_xen_client_packets" lineno="73870">
+<interface name="corenet_dontaudit_sendrecv_xen_client_packets" lineno="100895">
 <summary>
 Do not audit attempts to send and receive xen_client packets.
 </summary>
@@ -65741,7 +69892,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_xen_client_packets" lineno="73885">
+<interface name="corenet_relabelto_xen_client_packets" lineno="100910">
 <summary>
 Relabel packets to xen_client the packet type.
 </summary>
@@ -65751,7 +69902,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_xen_server_packets" lineno="73905">
+<interface name="corenet_send_xen_server_packets" lineno="100930">
 <summary>
 Send xen_server packets.
 </summary>
@@ -65762,7 +69913,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_xen_server_packets" lineno="73924">
+<interface name="corenet_dontaudit_send_xen_server_packets" lineno="100949">
 <summary>
 Do not audit attempts to send xen_server packets.
 </summary>
@@ -65773,7 +69924,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_xen_server_packets" lineno="73943">
+<interface name="corenet_receive_xen_server_packets" lineno="100968">
 <summary>
 Receive xen_server packets.
 </summary>
@@ -65784,7 +69935,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_xen_server_packets" lineno="73962">
+<interface name="corenet_dontaudit_receive_xen_server_packets" lineno="100987">
 <summary>
 Do not audit attempts to receive xen_server packets.
 </summary>
@@ -65795,7 +69946,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_xen_server_packets" lineno="73981">
+<interface name="corenet_sendrecv_xen_server_packets" lineno="101006">
 <summary>
 Send and receive xen_server packets.
 </summary>
@@ -65806,7 +69957,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_xen_server_packets" lineno="73997">
+<interface name="corenet_dontaudit_sendrecv_xen_server_packets" lineno="101022">
 <summary>
 Do not audit attempts to send and receive xen_server packets.
 </summary>
@@ -65817,7 +69968,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_xen_server_packets" lineno="74012">
+<interface name="corenet_relabelto_xen_server_packets" lineno="101037">
 <summary>
 Relabel packets to xen_server the packet type.
 </summary>
@@ -65827,7 +69978,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_xfs_port" lineno="74034">
+<interface name="corenet_tcp_sendrecv_xfs_port" lineno="101059">
 <summary>
 Send and receive TCP traffic on the xfs port.
 </summary>
@@ -65838,7 +69989,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_xfs_port" lineno="74053">
+<interface name="corenet_udp_send_xfs_port" lineno="101078">
 <summary>
 Send UDP traffic on the xfs port.
 </summary>
@@ -65849,7 +70000,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_xfs_port" lineno="74072">
+<interface name="corenet_dontaudit_udp_send_xfs_port" lineno="101097">
 <summary>
 Do not audit attempts to send UDP traffic on the xfs port.
 </summary>
@@ -65860,7 +70011,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_xfs_port" lineno="74091">
+<interface name="corenet_udp_receive_xfs_port" lineno="101116">
 <summary>
 Receive UDP traffic on the xfs port.
 </summary>
@@ -65871,7 +70022,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_xfs_port" lineno="74110">
+<interface name="corenet_dontaudit_udp_receive_xfs_port" lineno="101135">
 <summary>
 Do not audit attempts to receive UDP traffic on the xfs port.
 </summary>
@@ -65882,7 +70033,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_xfs_port" lineno="74129">
+<interface name="corenet_udp_sendrecv_xfs_port" lineno="101154">
 <summary>
 Send and receive UDP traffic on the xfs port.
 </summary>
@@ -65893,7 +70044,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_xfs_port" lineno="74146">
+<interface name="corenet_dontaudit_udp_sendrecv_xfs_port" lineno="101171">
 <summary>
 Do not audit attempts to send and receive
 UDP traffic on the xfs port.
@@ -65905,7 +70056,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_xfs_port" lineno="74162">
+<interface name="corenet_tcp_bind_xfs_port" lineno="101187">
 <summary>
 Bind TCP sockets to the xfs port.
 </summary>
@@ -65916,7 +70067,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_xfs_port" lineno="74182">
+<interface name="corenet_udp_bind_xfs_port" lineno="101207">
 <summary>
 Bind UDP sockets to the xfs port.
 </summary>
@@ -65927,7 +70078,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_xfs_port" lineno="74201">
+<interface name="corenet_tcp_connect_xfs_port" lineno="101226">
 <summary>
 Make a TCP connection to the xfs port.
 </summary>
@@ -65937,7 +70088,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_xfs_client_packets" lineno="74221">
+<interface name="corenet_send_xfs_client_packets" lineno="101246">
 <summary>
 Send xfs_client packets.
 </summary>
@@ -65948,7 +70099,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_xfs_client_packets" lineno="74240">
+<interface name="corenet_dontaudit_send_xfs_client_packets" lineno="101265">
 <summary>
 Do not audit attempts to send xfs_client packets.
 </summary>
@@ -65959,7 +70110,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_xfs_client_packets" lineno="74259">
+<interface name="corenet_receive_xfs_client_packets" lineno="101284">
 <summary>
 Receive xfs_client packets.
 </summary>
@@ -65970,7 +70121,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_xfs_client_packets" lineno="74278">
+<interface name="corenet_dontaudit_receive_xfs_client_packets" lineno="101303">
 <summary>
 Do not audit attempts to receive xfs_client packets.
 </summary>
@@ -65981,7 +70132,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_xfs_client_packets" lineno="74297">
+<interface name="corenet_sendrecv_xfs_client_packets" lineno="101322">
 <summary>
 Send and receive xfs_client packets.
 </summary>
@@ -65992,7 +70143,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_xfs_client_packets" lineno="74313">
+<interface name="corenet_dontaudit_sendrecv_xfs_client_packets" lineno="101338">
 <summary>
 Do not audit attempts to send and receive xfs_client packets.
 </summary>
@@ -66003,7 +70154,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_xfs_client_packets" lineno="74328">
+<interface name="corenet_relabelto_xfs_client_packets" lineno="101353">
 <summary>
 Relabel packets to xfs_client the packet type.
 </summary>
@@ -66013,7 +70164,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_xfs_server_packets" lineno="74348">
+<interface name="corenet_send_xfs_server_packets" lineno="101373">
 <summary>
 Send xfs_server packets.
 </summary>
@@ -66024,7 +70175,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_xfs_server_packets" lineno="74367">
+<interface name="corenet_dontaudit_send_xfs_server_packets" lineno="101392">
 <summary>
 Do not audit attempts to send xfs_server packets.
 </summary>
@@ -66035,7 +70186,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_xfs_server_packets" lineno="74386">
+<interface name="corenet_receive_xfs_server_packets" lineno="101411">
 <summary>
 Receive xfs_server packets.
 </summary>
@@ -66046,7 +70197,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_xfs_server_packets" lineno="74405">
+<interface name="corenet_dontaudit_receive_xfs_server_packets" lineno="101430">
 <summary>
 Do not audit attempts to receive xfs_server packets.
 </summary>
@@ -66057,7 +70208,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_xfs_server_packets" lineno="74424">
+<interface name="corenet_sendrecv_xfs_server_packets" lineno="101449">
 <summary>
 Send and receive xfs_server packets.
 </summary>
@@ -66068,7 +70219,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_xfs_server_packets" lineno="74440">
+<interface name="corenet_dontaudit_sendrecv_xfs_server_packets" lineno="101465">
 <summary>
 Do not audit attempts to send and receive xfs_server packets.
 </summary>
@@ -66079,7 +70230,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_xfs_server_packets" lineno="74455">
+<interface name="corenet_relabelto_xfs_server_packets" lineno="101480">
 <summary>
 Relabel packets to xfs_server the packet type.
 </summary>
@@ -66089,7 +70240,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_xserver_port" lineno="74477">
+<interface name="corenet_tcp_sendrecv_xserver_port" lineno="101502">
 <summary>
 Send and receive TCP traffic on the xserver port.
 </summary>
@@ -66100,7 +70251,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_xserver_port" lineno="74496">
+<interface name="corenet_udp_send_xserver_port" lineno="101521">
 <summary>
 Send UDP traffic on the xserver port.
 </summary>
@@ -66111,7 +70262,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_xserver_port" lineno="74515">
+<interface name="corenet_dontaudit_udp_send_xserver_port" lineno="101540">
 <summary>
 Do not audit attempts to send UDP traffic on the xserver port.
 </summary>
@@ -66122,7 +70273,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_xserver_port" lineno="74534">
+<interface name="corenet_udp_receive_xserver_port" lineno="101559">
 <summary>
 Receive UDP traffic on the xserver port.
 </summary>
@@ -66133,7 +70284,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_xserver_port" lineno="74553">
+<interface name="corenet_dontaudit_udp_receive_xserver_port" lineno="101578">
 <summary>
 Do not audit attempts to receive UDP traffic on the xserver port.
 </summary>
@@ -66144,7 +70295,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_xserver_port" lineno="74572">
+<interface name="corenet_udp_sendrecv_xserver_port" lineno="101597">
 <summary>
 Send and receive UDP traffic on the xserver port.
 </summary>
@@ -66155,7 +70306,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_xserver_port" lineno="74589">
+<interface name="corenet_dontaudit_udp_sendrecv_xserver_port" lineno="101614">
 <summary>
 Do not audit attempts to send and receive
 UDP traffic on the xserver port.
@@ -66167,7 +70318,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_xserver_port" lineno="74605">
+<interface name="corenet_tcp_bind_xserver_port" lineno="101630">
 <summary>
 Bind TCP sockets to the xserver port.
 </summary>
@@ -66178,7 +70329,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_xserver_port" lineno="74625">
+<interface name="corenet_udp_bind_xserver_port" lineno="101650">
 <summary>
 Bind UDP sockets to the xserver port.
 </summary>
@@ -66189,7 +70340,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_xserver_port" lineno="74644">
+<interface name="corenet_tcp_connect_xserver_port" lineno="101669">
 <summary>
 Make a TCP connection to the xserver port.
 </summary>
@@ -66199,7 +70350,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_xserver_client_packets" lineno="74664">
+<interface name="corenet_send_xserver_client_packets" lineno="101689">
 <summary>
 Send xserver_client packets.
 </summary>
@@ -66210,7 +70361,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_xserver_client_packets" lineno="74683">
+<interface name="corenet_dontaudit_send_xserver_client_packets" lineno="101708">
 <summary>
 Do not audit attempts to send xserver_client packets.
 </summary>
@@ -66221,7 +70372,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_xserver_client_packets" lineno="74702">
+<interface name="corenet_receive_xserver_client_packets" lineno="101727">
 <summary>
 Receive xserver_client packets.
 </summary>
@@ -66232,7 +70383,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_xserver_client_packets" lineno="74721">
+<interface name="corenet_dontaudit_receive_xserver_client_packets" lineno="101746">
 <summary>
 Do not audit attempts to receive xserver_client packets.
 </summary>
@@ -66243,7 +70394,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_xserver_client_packets" lineno="74740">
+<interface name="corenet_sendrecv_xserver_client_packets" lineno="101765">
 <summary>
 Send and receive xserver_client packets.
 </summary>
@@ -66254,7 +70405,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_xserver_client_packets" lineno="74756">
+<interface name="corenet_dontaudit_sendrecv_xserver_client_packets" lineno="101781">
 <summary>
 Do not audit attempts to send and receive xserver_client packets.
 </summary>
@@ -66265,7 +70416,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_xserver_client_packets" lineno="74771">
+<interface name="corenet_relabelto_xserver_client_packets" lineno="101796">
 <summary>
 Relabel packets to xserver_client the packet type.
 </summary>
@@ -66275,7 +70426,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_xserver_server_packets" lineno="74791">
+<interface name="corenet_send_xserver_server_packets" lineno="101816">
 <summary>
 Send xserver_server packets.
 </summary>
@@ -66286,7 +70437,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_xserver_server_packets" lineno="74810">
+<interface name="corenet_dontaudit_send_xserver_server_packets" lineno="101835">
 <summary>
 Do not audit attempts to send xserver_server packets.
 </summary>
@@ -66297,7 +70448,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_xserver_server_packets" lineno="74829">
+<interface name="corenet_receive_xserver_server_packets" lineno="101854">
 <summary>
 Receive xserver_server packets.
 </summary>
@@ -66308,7 +70459,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_xserver_server_packets" lineno="74848">
+<interface name="corenet_dontaudit_receive_xserver_server_packets" lineno="101873">
 <summary>
 Do not audit attempts to receive xserver_server packets.
 </summary>
@@ -66319,7 +70470,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_xserver_server_packets" lineno="74867">
+<interface name="corenet_sendrecv_xserver_server_packets" lineno="101892">
 <summary>
 Send and receive xserver_server packets.
 </summary>
@@ -66330,7 +70481,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_xserver_server_packets" lineno="74883">
+<interface name="corenet_dontaudit_sendrecv_xserver_server_packets" lineno="101908">
 <summary>
 Do not audit attempts to send and receive xserver_server packets.
 </summary>
@@ -66341,7 +70492,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_xserver_server_packets" lineno="74898">
+<interface name="corenet_relabelto_xserver_server_packets" lineno="101923">
 <summary>
 Relabel packets to xserver_server the packet type.
 </summary>
@@ -66351,7 +70502,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_zarafa_port" lineno="74920">
+<interface name="corenet_tcp_sendrecv_zarafa_port" lineno="101945">
 <summary>
 Send and receive TCP traffic on the zarafa port.
 </summary>
@@ -66362,7 +70513,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_zarafa_port" lineno="74939">
+<interface name="corenet_udp_send_zarafa_port" lineno="101964">
 <summary>
 Send UDP traffic on the zarafa port.
 </summary>
@@ -66373,7 +70524,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_zarafa_port" lineno="74958">
+<interface name="corenet_dontaudit_udp_send_zarafa_port" lineno="101983">
 <summary>
 Do not audit attempts to send UDP traffic on the zarafa port.
 </summary>
@@ -66384,7 +70535,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_zarafa_port" lineno="74977">
+<interface name="corenet_udp_receive_zarafa_port" lineno="102002">
 <summary>
 Receive UDP traffic on the zarafa port.
 </summary>
@@ -66395,7 +70546,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_zarafa_port" lineno="74996">
+<interface name="corenet_dontaudit_udp_receive_zarafa_port" lineno="102021">
 <summary>
 Do not audit attempts to receive UDP traffic on the zarafa port.
 </summary>
@@ -66406,7 +70557,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_zarafa_port" lineno="75015">
+<interface name="corenet_udp_sendrecv_zarafa_port" lineno="102040">
 <summary>
 Send and receive UDP traffic on the zarafa port.
 </summary>
@@ -66417,7 +70568,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_zarafa_port" lineno="75032">
+<interface name="corenet_dontaudit_udp_sendrecv_zarafa_port" lineno="102057">
 <summary>
 Do not audit attempts to send and receive
 UDP traffic on the zarafa port.
@@ -66429,7 +70580,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_zarafa_port" lineno="75048">
+<interface name="corenet_tcp_bind_zarafa_port" lineno="102073">
 <summary>
 Bind TCP sockets to the zarafa port.
 </summary>
@@ -66440,7 +70591,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_zarafa_port" lineno="75068">
+<interface name="corenet_udp_bind_zarafa_port" lineno="102093">
 <summary>
 Bind UDP sockets to the zarafa port.
 </summary>
@@ -66451,7 +70602,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_zarafa_port" lineno="75087">
+<interface name="corenet_tcp_connect_zarafa_port" lineno="102112">
 <summary>
 Make a TCP connection to the zarafa port.
 </summary>
@@ -66461,7 +70612,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_zarafa_client_packets" lineno="75107">
+<interface name="corenet_send_zarafa_client_packets" lineno="102132">
 <summary>
 Send zarafa_client packets.
 </summary>
@@ -66472,7 +70623,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_zarafa_client_packets" lineno="75126">
+<interface name="corenet_dontaudit_send_zarafa_client_packets" lineno="102151">
 <summary>
 Do not audit attempts to send zarafa_client packets.
 </summary>
@@ -66483,7 +70634,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_zarafa_client_packets" lineno="75145">
+<interface name="corenet_receive_zarafa_client_packets" lineno="102170">
 <summary>
 Receive zarafa_client packets.
 </summary>
@@ -66494,7 +70645,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_zarafa_client_packets" lineno="75164">
+<interface name="corenet_dontaudit_receive_zarafa_client_packets" lineno="102189">
 <summary>
 Do not audit attempts to receive zarafa_client packets.
 </summary>
@@ -66505,7 +70656,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_zarafa_client_packets" lineno="75183">
+<interface name="corenet_sendrecv_zarafa_client_packets" lineno="102208">
 <summary>
 Send and receive zarafa_client packets.
 </summary>
@@ -66516,7 +70667,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_zarafa_client_packets" lineno="75199">
+<interface name="corenet_dontaudit_sendrecv_zarafa_client_packets" lineno="102224">
 <summary>
 Do not audit attempts to send and receive zarafa_client packets.
 </summary>
@@ -66527,7 +70678,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_zarafa_client_packets" lineno="75214">
+<interface name="corenet_relabelto_zarafa_client_packets" lineno="102239">
 <summary>
 Relabel packets to zarafa_client the packet type.
 </summary>
@@ -66537,7 +70688,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_zarafa_server_packets" lineno="75234">
+<interface name="corenet_send_zarafa_server_packets" lineno="102259">
 <summary>
 Send zarafa_server packets.
 </summary>
@@ -66548,7 +70699,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_zarafa_server_packets" lineno="75253">
+<interface name="corenet_dontaudit_send_zarafa_server_packets" lineno="102278">
 <summary>
 Do not audit attempts to send zarafa_server packets.
 </summary>
@@ -66559,7 +70710,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_zarafa_server_packets" lineno="75272">
+<interface name="corenet_receive_zarafa_server_packets" lineno="102297">
 <summary>
 Receive zarafa_server packets.
 </summary>
@@ -66570,7 +70721,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_zarafa_server_packets" lineno="75291">
+<interface name="corenet_dontaudit_receive_zarafa_server_packets" lineno="102316">
 <summary>
 Do not audit attempts to receive zarafa_server packets.
 </summary>
@@ -66581,7 +70732,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_zarafa_server_packets" lineno="75310">
+<interface name="corenet_sendrecv_zarafa_server_packets" lineno="102335">
 <summary>
 Send and receive zarafa_server packets.
 </summary>
@@ -66592,7 +70743,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_zarafa_server_packets" lineno="75326">
+<interface name="corenet_dontaudit_sendrecv_zarafa_server_packets" lineno="102351">
 <summary>
 Do not audit attempts to send and receive zarafa_server packets.
 </summary>
@@ -66603,7 +70754,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_zarafa_server_packets" lineno="75341">
+<interface name="corenet_relabelto_zarafa_server_packets" lineno="102366">
 <summary>
 Relabel packets to zarafa_server the packet type.
 </summary>
@@ -66613,7 +70764,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_zabbix_port" lineno="75363">
+<interface name="corenet_tcp_sendrecv_zabbix_port" lineno="102388">
 <summary>
 Send and receive TCP traffic on the zabbix port.
 </summary>
@@ -66624,7 +70775,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_zabbix_port" lineno="75382">
+<interface name="corenet_udp_send_zabbix_port" lineno="102407">
 <summary>
 Send UDP traffic on the zabbix port.
 </summary>
@@ -66635,7 +70786,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_zabbix_port" lineno="75401">
+<interface name="corenet_dontaudit_udp_send_zabbix_port" lineno="102426">
 <summary>
 Do not audit attempts to send UDP traffic on the zabbix port.
 </summary>
@@ -66646,7 +70797,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_zabbix_port" lineno="75420">
+<interface name="corenet_udp_receive_zabbix_port" lineno="102445">
 <summary>
 Receive UDP traffic on the zabbix port.
 </summary>
@@ -66657,7 +70808,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_zabbix_port" lineno="75439">
+<interface name="corenet_dontaudit_udp_receive_zabbix_port" lineno="102464">
 <summary>
 Do not audit attempts to receive UDP traffic on the zabbix port.
 </summary>
@@ -66668,7 +70819,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_zabbix_port" lineno="75458">
+<interface name="corenet_udp_sendrecv_zabbix_port" lineno="102483">
 <summary>
 Send and receive UDP traffic on the zabbix port.
 </summary>
@@ -66679,7 +70830,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_zabbix_port" lineno="75475">
+<interface name="corenet_dontaudit_udp_sendrecv_zabbix_port" lineno="102500">
 <summary>
 Do not audit attempts to send and receive
 UDP traffic on the zabbix port.
@@ -66691,7 +70842,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_zabbix_port" lineno="75491">
+<interface name="corenet_tcp_bind_zabbix_port" lineno="102516">
 <summary>
 Bind TCP sockets to the zabbix port.
 </summary>
@@ -66702,7 +70853,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_zabbix_port" lineno="75511">
+<interface name="corenet_udp_bind_zabbix_port" lineno="102536">
 <summary>
 Bind UDP sockets to the zabbix port.
 </summary>
@@ -66713,7 +70864,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_zabbix_port" lineno="75530">
+<interface name="corenet_tcp_connect_zabbix_port" lineno="102555">
 <summary>
 Make a TCP connection to the zabbix port.
 </summary>
@@ -66723,7 +70874,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_zabbix_client_packets" lineno="75550">
+<interface name="corenet_send_zabbix_client_packets" lineno="102575">
 <summary>
 Send zabbix_client packets.
 </summary>
@@ -66734,7 +70885,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_zabbix_client_packets" lineno="75569">
+<interface name="corenet_dontaudit_send_zabbix_client_packets" lineno="102594">
 <summary>
 Do not audit attempts to send zabbix_client packets.
 </summary>
@@ -66745,7 +70896,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_zabbix_client_packets" lineno="75588">
+<interface name="corenet_receive_zabbix_client_packets" lineno="102613">
 <summary>
 Receive zabbix_client packets.
 </summary>
@@ -66756,7 +70907,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_zabbix_client_packets" lineno="75607">
+<interface name="corenet_dontaudit_receive_zabbix_client_packets" lineno="102632">
 <summary>
 Do not audit attempts to receive zabbix_client packets.
 </summary>
@@ -66767,7 +70918,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_zabbix_client_packets" lineno="75626">
+<interface name="corenet_sendrecv_zabbix_client_packets" lineno="102651">
 <summary>
 Send and receive zabbix_client packets.
 </summary>
@@ -66778,7 +70929,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_zabbix_client_packets" lineno="75642">
+<interface name="corenet_dontaudit_sendrecv_zabbix_client_packets" lineno="102667">
 <summary>
 Do not audit attempts to send and receive zabbix_client packets.
 </summary>
@@ -66789,7 +70940,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_zabbix_client_packets" lineno="75657">
+<interface name="corenet_relabelto_zabbix_client_packets" lineno="102682">
 <summary>
 Relabel packets to zabbix_client the packet type.
 </summary>
@@ -66799,7 +70950,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_zabbix_server_packets" lineno="75677">
+<interface name="corenet_send_zabbix_server_packets" lineno="102702">
 <summary>
 Send zabbix_server packets.
 </summary>
@@ -66810,7 +70961,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_zabbix_server_packets" lineno="75696">
+<interface name="corenet_dontaudit_send_zabbix_server_packets" lineno="102721">
 <summary>
 Do not audit attempts to send zabbix_server packets.
 </summary>
@@ -66821,7 +70972,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_zabbix_server_packets" lineno="75715">
+<interface name="corenet_receive_zabbix_server_packets" lineno="102740">
 <summary>
 Receive zabbix_server packets.
 </summary>
@@ -66832,7 +70983,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_zabbix_server_packets" lineno="75734">
+<interface name="corenet_dontaudit_receive_zabbix_server_packets" lineno="102759">
 <summary>
 Do not audit attempts to receive zabbix_server packets.
 </summary>
@@ -66843,7 +70994,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_zabbix_server_packets" lineno="75753">
+<interface name="corenet_sendrecv_zabbix_server_packets" lineno="102778">
 <summary>
 Send and receive zabbix_server packets.
 </summary>
@@ -66854,7 +71005,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_zabbix_server_packets" lineno="75769">
+<interface name="corenet_dontaudit_sendrecv_zabbix_server_packets" lineno="102794">
 <summary>
 Do not audit attempts to send and receive zabbix_server packets.
 </summary>
@@ -66865,7 +71016,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_zabbix_server_packets" lineno="75784">
+<interface name="corenet_relabelto_zabbix_server_packets" lineno="102809">
 <summary>
 Relabel packets to zabbix_server the packet type.
 </summary>
@@ -66875,7 +71026,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_zabbix_agent_port" lineno="75806">
+<interface name="corenet_tcp_sendrecv_zabbix_agent_port" lineno="102831">
 <summary>
 Send and receive TCP traffic on the zabbix_agent port.
 </summary>
@@ -66886,7 +71037,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_zabbix_agent_port" lineno="75825">
+<interface name="corenet_udp_send_zabbix_agent_port" lineno="102850">
 <summary>
 Send UDP traffic on the zabbix_agent port.
 </summary>
@@ -66897,7 +71048,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_zabbix_agent_port" lineno="75844">
+<interface name="corenet_dontaudit_udp_send_zabbix_agent_port" lineno="102869">
 <summary>
 Do not audit attempts to send UDP traffic on the zabbix_agent port.
 </summary>
@@ -66908,7 +71059,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_zabbix_agent_port" lineno="75863">
+<interface name="corenet_udp_receive_zabbix_agent_port" lineno="102888">
 <summary>
 Receive UDP traffic on the zabbix_agent port.
 </summary>
@@ -66919,7 +71070,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_zabbix_agent_port" lineno="75882">
+<interface name="corenet_dontaudit_udp_receive_zabbix_agent_port" lineno="102907">
 <summary>
 Do not audit attempts to receive UDP traffic on the zabbix_agent port.
 </summary>
@@ -66930,7 +71081,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_zabbix_agent_port" lineno="75901">
+<interface name="corenet_udp_sendrecv_zabbix_agent_port" lineno="102926">
 <summary>
 Send and receive UDP traffic on the zabbix_agent port.
 </summary>
@@ -66941,7 +71092,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_zabbix_agent_port" lineno="75918">
+<interface name="corenet_dontaudit_udp_sendrecv_zabbix_agent_port" lineno="102943">
 <summary>
 Do not audit attempts to send and receive
 UDP traffic on the zabbix_agent port.
@@ -66953,7 +71104,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_zabbix_agent_port" lineno="75934">
+<interface name="corenet_tcp_bind_zabbix_agent_port" lineno="102959">
 <summary>
 Bind TCP sockets to the zabbix_agent port.
 </summary>
@@ -66964,7 +71115,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_zabbix_agent_port" lineno="75954">
+<interface name="corenet_udp_bind_zabbix_agent_port" lineno="102979">
 <summary>
 Bind UDP sockets to the zabbix_agent port.
 </summary>
@@ -66975,7 +71126,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_zabbix_agent_port" lineno="75973">
+<interface name="corenet_tcp_connect_zabbix_agent_port" lineno="102998">
 <summary>
 Make a TCP connection to the zabbix_agent port.
 </summary>
@@ -66985,7 +71136,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_zabbix_agent_client_packets" lineno="75993">
+<interface name="corenet_send_zabbix_agent_client_packets" lineno="103018">
 <summary>
 Send zabbix_agent_client packets.
 </summary>
@@ -66996,7 +71147,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_zabbix_agent_client_packets" lineno="76012">
+<interface name="corenet_dontaudit_send_zabbix_agent_client_packets" lineno="103037">
 <summary>
 Do not audit attempts to send zabbix_agent_client packets.
 </summary>
@@ -67007,7 +71158,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_zabbix_agent_client_packets" lineno="76031">
+<interface name="corenet_receive_zabbix_agent_client_packets" lineno="103056">
 <summary>
 Receive zabbix_agent_client packets.
 </summary>
@@ -67018,7 +71169,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_zabbix_agent_client_packets" lineno="76050">
+<interface name="corenet_dontaudit_receive_zabbix_agent_client_packets" lineno="103075">
 <summary>
 Do not audit attempts to receive zabbix_agent_client packets.
 </summary>
@@ -67029,7 +71180,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_zabbix_agent_client_packets" lineno="76069">
+<interface name="corenet_sendrecv_zabbix_agent_client_packets" lineno="103094">
 <summary>
 Send and receive zabbix_agent_client packets.
 </summary>
@@ -67040,7 +71191,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_zabbix_agent_client_packets" lineno="76085">
+<interface name="corenet_dontaudit_sendrecv_zabbix_agent_client_packets" lineno="103110">
 <summary>
 Do not audit attempts to send and receive zabbix_agent_client packets.
 </summary>
@@ -67051,7 +71202,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_zabbix_agent_client_packets" lineno="76100">
+<interface name="corenet_relabelto_zabbix_agent_client_packets" lineno="103125">
 <summary>
 Relabel packets to zabbix_agent_client the packet type.
 </summary>
@@ -67061,7 +71212,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_zabbix_agent_server_packets" lineno="76120">
+<interface name="corenet_send_zabbix_agent_server_packets" lineno="103145">
 <summary>
 Send zabbix_agent_server packets.
 </summary>
@@ -67072,7 +71223,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_zabbix_agent_server_packets" lineno="76139">
+<interface name="corenet_dontaudit_send_zabbix_agent_server_packets" lineno="103164">
 <summary>
 Do not audit attempts to send zabbix_agent_server packets.
 </summary>
@@ -67083,7 +71234,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_zabbix_agent_server_packets" lineno="76158">
+<interface name="corenet_receive_zabbix_agent_server_packets" lineno="103183">
 <summary>
 Receive zabbix_agent_server packets.
 </summary>
@@ -67094,7 +71245,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_zabbix_agent_server_packets" lineno="76177">
+<interface name="corenet_dontaudit_receive_zabbix_agent_server_packets" lineno="103202">
 <summary>
 Do not audit attempts to receive zabbix_agent_server packets.
 </summary>
@@ -67105,7 +71256,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_zabbix_agent_server_packets" lineno="76196">
+<interface name="corenet_sendrecv_zabbix_agent_server_packets" lineno="103221">
 <summary>
 Send and receive zabbix_agent_server packets.
 </summary>
@@ -67116,7 +71267,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_zabbix_agent_server_packets" lineno="76212">
+<interface name="corenet_dontaudit_sendrecv_zabbix_agent_server_packets" lineno="103237">
 <summary>
 Do not audit attempts to send and receive zabbix_agent_server packets.
 </summary>
@@ -67127,7 +71278,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_zabbix_agent_server_packets" lineno="76227">
+<interface name="corenet_relabelto_zabbix_agent_server_packets" lineno="103252">
 <summary>
 Relabel packets to zabbix_agent_server the packet type.
 </summary>
@@ -67137,7 +71288,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_zookeeper_client_port" lineno="76249">
+<interface name="corenet_tcp_sendrecv_zookeeper_client_port" lineno="103274">
 <summary>
 Send and receive TCP traffic on the zookeeper_client port.
 </summary>
@@ -67148,7 +71299,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_zookeeper_client_port" lineno="76268">
+<interface name="corenet_udp_send_zookeeper_client_port" lineno="103293">
 <summary>
 Send UDP traffic on the zookeeper_client port.
 </summary>
@@ -67159,7 +71310,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_zookeeper_client_port" lineno="76287">
+<interface name="corenet_dontaudit_udp_send_zookeeper_client_port" lineno="103312">
 <summary>
 Do not audit attempts to send UDP traffic on the zookeeper_client port.
 </summary>
@@ -67170,7 +71321,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_zookeeper_client_port" lineno="76306">
+<interface name="corenet_udp_receive_zookeeper_client_port" lineno="103331">
 <summary>
 Receive UDP traffic on the zookeeper_client port.
 </summary>
@@ -67181,7 +71332,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_zookeeper_client_port" lineno="76325">
+<interface name="corenet_dontaudit_udp_receive_zookeeper_client_port" lineno="103350">
 <summary>
 Do not audit attempts to receive UDP traffic on the zookeeper_client port.
 </summary>
@@ -67192,7 +71343,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_zookeeper_client_port" lineno="76344">
+<interface name="corenet_udp_sendrecv_zookeeper_client_port" lineno="103369">
 <summary>
 Send and receive UDP traffic on the zookeeper_client port.
 </summary>
@@ -67203,7 +71354,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_zookeeper_client_port" lineno="76361">
+<interface name="corenet_dontaudit_udp_sendrecv_zookeeper_client_port" lineno="103386">
 <summary>
 Do not audit attempts to send and receive
 UDP traffic on the zookeeper_client port.
@@ -67215,7 +71366,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_zookeeper_client_port" lineno="76377">
+<interface name="corenet_tcp_bind_zookeeper_client_port" lineno="103402">
 <summary>
 Bind TCP sockets to the zookeeper_client port.
 </summary>
@@ -67226,7 +71377,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_zookeeper_client_port" lineno="76397">
+<interface name="corenet_udp_bind_zookeeper_client_port" lineno="103422">
 <summary>
 Bind UDP sockets to the zookeeper_client port.
 </summary>
@@ -67237,7 +71388,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_zookeeper_client_port" lineno="76416">
+<interface name="corenet_tcp_connect_zookeeper_client_port" lineno="103441">
 <summary>
 Make a TCP connection to the zookeeper_client port.
 </summary>
@@ -67247,7 +71398,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_zookeeper_client_client_packets" lineno="76436">
+<interface name="corenet_send_zookeeper_client_client_packets" lineno="103461">
 <summary>
 Send zookeeper_client_client packets.
 </summary>
@@ -67258,7 +71409,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_zookeeper_client_client_packets" lineno="76455">
+<interface name="corenet_dontaudit_send_zookeeper_client_client_packets" lineno="103480">
 <summary>
 Do not audit attempts to send zookeeper_client_client packets.
 </summary>
@@ -67269,7 +71420,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_zookeeper_client_client_packets" lineno="76474">
+<interface name="corenet_receive_zookeeper_client_client_packets" lineno="103499">
 <summary>
 Receive zookeeper_client_client packets.
 </summary>
@@ -67280,7 +71431,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_zookeeper_client_client_packets" lineno="76493">
+<interface name="corenet_dontaudit_receive_zookeeper_client_client_packets" lineno="103518">
 <summary>
 Do not audit attempts to receive zookeeper_client_client packets.
 </summary>
@@ -67291,7 +71442,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_zookeeper_client_client_packets" lineno="76512">
+<interface name="corenet_sendrecv_zookeeper_client_client_packets" lineno="103537">
 <summary>
 Send and receive zookeeper_client_client packets.
 </summary>
@@ -67302,7 +71453,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_zookeeper_client_client_packets" lineno="76528">
+<interface name="corenet_dontaudit_sendrecv_zookeeper_client_client_packets" lineno="103553">
 <summary>
 Do not audit attempts to send and receive zookeeper_client_client packets.
 </summary>
@@ -67313,7 +71464,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_zookeeper_client_client_packets" lineno="76543">
+<interface name="corenet_relabelto_zookeeper_client_client_packets" lineno="103568">
 <summary>
 Relabel packets to zookeeper_client_client the packet type.
 </summary>
@@ -67323,7 +71474,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_zookeeper_client_server_packets" lineno="76563">
+<interface name="corenet_send_zookeeper_client_server_packets" lineno="103588">
 <summary>
 Send zookeeper_client_server packets.
 </summary>
@@ -67334,7 +71485,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_zookeeper_client_server_packets" lineno="76582">
+<interface name="corenet_dontaudit_send_zookeeper_client_server_packets" lineno="103607">
 <summary>
 Do not audit attempts to send zookeeper_client_server packets.
 </summary>
@@ -67345,7 +71496,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_zookeeper_client_server_packets" lineno="76601">
+<interface name="corenet_receive_zookeeper_client_server_packets" lineno="103626">
 <summary>
 Receive zookeeper_client_server packets.
 </summary>
@@ -67356,7 +71507,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_zookeeper_client_server_packets" lineno="76620">
+<interface name="corenet_dontaudit_receive_zookeeper_client_server_packets" lineno="103645">
 <summary>
 Do not audit attempts to receive zookeeper_client_server packets.
 </summary>
@@ -67367,7 +71518,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_zookeeper_client_server_packets" lineno="76639">
+<interface name="corenet_sendrecv_zookeeper_client_server_packets" lineno="103664">
 <summary>
 Send and receive zookeeper_client_server packets.
 </summary>
@@ -67378,7 +71529,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_zookeeper_client_server_packets" lineno="76655">
+<interface name="corenet_dontaudit_sendrecv_zookeeper_client_server_packets" lineno="103680">
 <summary>
 Do not audit attempts to send and receive zookeeper_client_server packets.
 </summary>
@@ -67389,7 +71540,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_zookeeper_client_server_packets" lineno="76670">
+<interface name="corenet_relabelto_zookeeper_client_server_packets" lineno="103695">
 <summary>
 Relabel packets to zookeeper_client_server the packet type.
 </summary>
@@ -67399,7 +71550,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_zookeeper_election_port" lineno="76692">
+<interface name="corenet_tcp_sendrecv_zookeeper_election_port" lineno="103717">
 <summary>
 Send and receive TCP traffic on the zookeeper_election port.
 </summary>
@@ -67410,7 +71561,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_zookeeper_election_port" lineno="76711">
+<interface name="corenet_udp_send_zookeeper_election_port" lineno="103736">
 <summary>
 Send UDP traffic on the zookeeper_election port.
 </summary>
@@ -67421,7 +71572,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_zookeeper_election_port" lineno="76730">
+<interface name="corenet_dontaudit_udp_send_zookeeper_election_port" lineno="103755">
 <summary>
 Do not audit attempts to send UDP traffic on the zookeeper_election port.
 </summary>
@@ -67432,7 +71583,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_zookeeper_election_port" lineno="76749">
+<interface name="corenet_udp_receive_zookeeper_election_port" lineno="103774">
 <summary>
 Receive UDP traffic on the zookeeper_election port.
 </summary>
@@ -67443,7 +71594,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_zookeeper_election_port" lineno="76768">
+<interface name="corenet_dontaudit_udp_receive_zookeeper_election_port" lineno="103793">
 <summary>
 Do not audit attempts to receive UDP traffic on the zookeeper_election port.
 </summary>
@@ -67454,7 +71605,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_zookeeper_election_port" lineno="76787">
+<interface name="corenet_udp_sendrecv_zookeeper_election_port" lineno="103812">
 <summary>
 Send and receive UDP traffic on the zookeeper_election port.
 </summary>
@@ -67465,7 +71616,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_zookeeper_election_port" lineno="76804">
+<interface name="corenet_dontaudit_udp_sendrecv_zookeeper_election_port" lineno="103829">
 <summary>
 Do not audit attempts to send and receive
 UDP traffic on the zookeeper_election port.
@@ -67477,7 +71628,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_zookeeper_election_port" lineno="76820">
+<interface name="corenet_tcp_bind_zookeeper_election_port" lineno="103845">
 <summary>
 Bind TCP sockets to the zookeeper_election port.
 </summary>
@@ -67488,7 +71639,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_zookeeper_election_port" lineno="76840">
+<interface name="corenet_udp_bind_zookeeper_election_port" lineno="103865">
 <summary>
 Bind UDP sockets to the zookeeper_election port.
 </summary>
@@ -67499,7 +71650,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_zookeeper_election_port" lineno="76859">
+<interface name="corenet_tcp_connect_zookeeper_election_port" lineno="103884">
 <summary>
 Make a TCP connection to the zookeeper_election port.
 </summary>
@@ -67509,7 +71660,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_zookeeper_election_client_packets" lineno="76879">
+<interface name="corenet_send_zookeeper_election_client_packets" lineno="103904">
 <summary>
 Send zookeeper_election_client packets.
 </summary>
@@ -67520,7 +71671,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_zookeeper_election_client_packets" lineno="76898">
+<interface name="corenet_dontaudit_send_zookeeper_election_client_packets" lineno="103923">
 <summary>
 Do not audit attempts to send zookeeper_election_client packets.
 </summary>
@@ -67531,7 +71682,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_zookeeper_election_client_packets" lineno="76917">
+<interface name="corenet_receive_zookeeper_election_client_packets" lineno="103942">
 <summary>
 Receive zookeeper_election_client packets.
 </summary>
@@ -67542,7 +71693,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_zookeeper_election_client_packets" lineno="76936">
+<interface name="corenet_dontaudit_receive_zookeeper_election_client_packets" lineno="103961">
 <summary>
 Do not audit attempts to receive zookeeper_election_client packets.
 </summary>
@@ -67553,7 +71704,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_zookeeper_election_client_packets" lineno="76955">
+<interface name="corenet_sendrecv_zookeeper_election_client_packets" lineno="103980">
 <summary>
 Send and receive zookeeper_election_client packets.
 </summary>
@@ -67564,7 +71715,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_zookeeper_election_client_packets" lineno="76971">
+<interface name="corenet_dontaudit_sendrecv_zookeeper_election_client_packets" lineno="103996">
 <summary>
 Do not audit attempts to send and receive zookeeper_election_client packets.
 </summary>
@@ -67575,7 +71726,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_zookeeper_election_client_packets" lineno="76986">
+<interface name="corenet_relabelto_zookeeper_election_client_packets" lineno="104011">
 <summary>
 Relabel packets to zookeeper_election_client the packet type.
 </summary>
@@ -67585,7 +71736,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_zookeeper_election_server_packets" lineno="77006">
+<interface name="corenet_send_zookeeper_election_server_packets" lineno="104031">
 <summary>
 Send zookeeper_election_server packets.
 </summary>
@@ -67596,7 +71747,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_zookeeper_election_server_packets" lineno="77025">
+<interface name="corenet_dontaudit_send_zookeeper_election_server_packets" lineno="104050">
 <summary>
 Do not audit attempts to send zookeeper_election_server packets.
 </summary>
@@ -67607,7 +71758,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_zookeeper_election_server_packets" lineno="77044">
+<interface name="corenet_receive_zookeeper_election_server_packets" lineno="104069">
 <summary>
 Receive zookeeper_election_server packets.
 </summary>
@@ -67618,7 +71769,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_zookeeper_election_server_packets" lineno="77063">
+<interface name="corenet_dontaudit_receive_zookeeper_election_server_packets" lineno="104088">
 <summary>
 Do not audit attempts to receive zookeeper_election_server packets.
 </summary>
@@ -67629,7 +71780,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_zookeeper_election_server_packets" lineno="77082">
+<interface name="corenet_sendrecv_zookeeper_election_server_packets" lineno="104107">
 <summary>
 Send and receive zookeeper_election_server packets.
 </summary>
@@ -67640,7 +71791,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_zookeeper_election_server_packets" lineno="77098">
+<interface name="corenet_dontaudit_sendrecv_zookeeper_election_server_packets" lineno="104123">
 <summary>
 Do not audit attempts to send and receive zookeeper_election_server packets.
 </summary>
@@ -67651,7 +71802,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_zookeeper_election_server_packets" lineno="77113">
+<interface name="corenet_relabelto_zookeeper_election_server_packets" lineno="104138">
 <summary>
 Relabel packets to zookeeper_election_server the packet type.
 </summary>
@@ -67661,7 +71812,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_zookeeper_leader_port" lineno="77135">
+<interface name="corenet_tcp_sendrecv_zookeeper_leader_port" lineno="104160">
 <summary>
 Send and receive TCP traffic on the zookeeper_leader port.
 </summary>
@@ -67672,7 +71823,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_zookeeper_leader_port" lineno="77154">
+<interface name="corenet_udp_send_zookeeper_leader_port" lineno="104179">
 <summary>
 Send UDP traffic on the zookeeper_leader port.
 </summary>
@@ -67683,7 +71834,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_zookeeper_leader_port" lineno="77173">
+<interface name="corenet_dontaudit_udp_send_zookeeper_leader_port" lineno="104198">
 <summary>
 Do not audit attempts to send UDP traffic on the zookeeper_leader port.
 </summary>
@@ -67694,7 +71845,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_zookeeper_leader_port" lineno="77192">
+<interface name="corenet_udp_receive_zookeeper_leader_port" lineno="104217">
 <summary>
 Receive UDP traffic on the zookeeper_leader port.
 </summary>
@@ -67705,7 +71856,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_zookeeper_leader_port" lineno="77211">
+<interface name="corenet_dontaudit_udp_receive_zookeeper_leader_port" lineno="104236">
 <summary>
 Do not audit attempts to receive UDP traffic on the zookeeper_leader port.
 </summary>
@@ -67716,7 +71867,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_zookeeper_leader_port" lineno="77230">
+<interface name="corenet_udp_sendrecv_zookeeper_leader_port" lineno="104255">
 <summary>
 Send and receive UDP traffic on the zookeeper_leader port.
 </summary>
@@ -67727,7 +71878,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_zookeeper_leader_port" lineno="77247">
+<interface name="corenet_dontaudit_udp_sendrecv_zookeeper_leader_port" lineno="104272">
 <summary>
 Do not audit attempts to send and receive
 UDP traffic on the zookeeper_leader port.
@@ -67739,7 +71890,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_zookeeper_leader_port" lineno="77263">
+<interface name="corenet_tcp_bind_zookeeper_leader_port" lineno="104288">
 <summary>
 Bind TCP sockets to the zookeeper_leader port.
 </summary>
@@ -67750,7 +71901,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_zookeeper_leader_port" lineno="77283">
+<interface name="corenet_udp_bind_zookeeper_leader_port" lineno="104308">
 <summary>
 Bind UDP sockets to the zookeeper_leader port.
 </summary>
@@ -67761,7 +71912,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_zookeeper_leader_port" lineno="77302">
+<interface name="corenet_tcp_connect_zookeeper_leader_port" lineno="104327">
 <summary>
 Make a TCP connection to the zookeeper_leader port.
 </summary>
@@ -67771,7 +71922,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_zookeeper_leader_client_packets" lineno="77322">
+<interface name="corenet_send_zookeeper_leader_client_packets" lineno="104347">
 <summary>
 Send zookeeper_leader_client packets.
 </summary>
@@ -67782,7 +71933,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_zookeeper_leader_client_packets" lineno="77341">
+<interface name="corenet_dontaudit_send_zookeeper_leader_client_packets" lineno="104366">
 <summary>
 Do not audit attempts to send zookeeper_leader_client packets.
 </summary>
@@ -67793,7 +71944,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_zookeeper_leader_client_packets" lineno="77360">
+<interface name="corenet_receive_zookeeper_leader_client_packets" lineno="104385">
 <summary>
 Receive zookeeper_leader_client packets.
 </summary>
@@ -67804,7 +71955,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_zookeeper_leader_client_packets" lineno="77379">
+<interface name="corenet_dontaudit_receive_zookeeper_leader_client_packets" lineno="104404">
 <summary>
 Do not audit attempts to receive zookeeper_leader_client packets.
 </summary>
@@ -67815,7 +71966,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_zookeeper_leader_client_packets" lineno="77398">
+<interface name="corenet_sendrecv_zookeeper_leader_client_packets" lineno="104423">
 <summary>
 Send and receive zookeeper_leader_client packets.
 </summary>
@@ -67826,7 +71977,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_zookeeper_leader_client_packets" lineno="77414">
+<interface name="corenet_dontaudit_sendrecv_zookeeper_leader_client_packets" lineno="104439">
 <summary>
 Do not audit attempts to send and receive zookeeper_leader_client packets.
 </summary>
@@ -67837,7 +71988,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_zookeeper_leader_client_packets" lineno="77429">
+<interface name="corenet_relabelto_zookeeper_leader_client_packets" lineno="104454">
 <summary>
 Relabel packets to zookeeper_leader_client the packet type.
 </summary>
@@ -67847,7 +71998,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_zookeeper_leader_server_packets" lineno="77449">
+<interface name="corenet_send_zookeeper_leader_server_packets" lineno="104474">
 <summary>
 Send zookeeper_leader_server packets.
 </summary>
@@ -67858,7 +72009,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_zookeeper_leader_server_packets" lineno="77468">
+<interface name="corenet_dontaudit_send_zookeeper_leader_server_packets" lineno="104493">
 <summary>
 Do not audit attempts to send zookeeper_leader_server packets.
 </summary>
@@ -67869,7 +72020,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_zookeeper_leader_server_packets" lineno="77487">
+<interface name="corenet_receive_zookeeper_leader_server_packets" lineno="104512">
 <summary>
 Receive zookeeper_leader_server packets.
 </summary>
@@ -67880,7 +72031,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_zookeeper_leader_server_packets" lineno="77506">
+<interface name="corenet_dontaudit_receive_zookeeper_leader_server_packets" lineno="104531">
 <summary>
 Do not audit attempts to receive zookeeper_leader_server packets.
 </summary>
@@ -67891,7 +72042,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_zookeeper_leader_server_packets" lineno="77525">
+<interface name="corenet_sendrecv_zookeeper_leader_server_packets" lineno="104550">
 <summary>
 Send and receive zookeeper_leader_server packets.
 </summary>
@@ -67902,7 +72053,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_zookeeper_leader_server_packets" lineno="77541">
+<interface name="corenet_dontaudit_sendrecv_zookeeper_leader_server_packets" lineno="104566">
 <summary>
 Do not audit attempts to send and receive zookeeper_leader_server packets.
 </summary>
@@ -67913,7 +72064,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_zookeeper_leader_server_packets" lineno="77556">
+<interface name="corenet_relabelto_zookeeper_leader_server_packets" lineno="104581">
 <summary>
 Relabel packets to zookeeper_leader_server the packet type.
 </summary>
@@ -67923,7 +72074,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_zebra_port" lineno="77578">
+<interface name="corenet_tcp_sendrecv_zebra_port" lineno="104603">
 <summary>
 Send and receive TCP traffic on the zebra port.
 </summary>
@@ -67934,7 +72085,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_zebra_port" lineno="77597">
+<interface name="corenet_udp_send_zebra_port" lineno="104622">
 <summary>
 Send UDP traffic on the zebra port.
 </summary>
@@ -67945,7 +72096,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_zebra_port" lineno="77616">
+<interface name="corenet_dontaudit_udp_send_zebra_port" lineno="104641">
 <summary>
 Do not audit attempts to send UDP traffic on the zebra port.
 </summary>
@@ -67956,7 +72107,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_zebra_port" lineno="77635">
+<interface name="corenet_udp_receive_zebra_port" lineno="104660">
 <summary>
 Receive UDP traffic on the zebra port.
 </summary>
@@ -67967,7 +72118,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_zebra_port" lineno="77654">
+<interface name="corenet_dontaudit_udp_receive_zebra_port" lineno="104679">
 <summary>
 Do not audit attempts to receive UDP traffic on the zebra port.
 </summary>
@@ -67978,7 +72129,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_zebra_port" lineno="77673">
+<interface name="corenet_udp_sendrecv_zebra_port" lineno="104698">
 <summary>
 Send and receive UDP traffic on the zebra port.
 </summary>
@@ -67989,7 +72140,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_zebra_port" lineno="77690">
+<interface name="corenet_dontaudit_udp_sendrecv_zebra_port" lineno="104715">
 <summary>
 Do not audit attempts to send and receive
 UDP traffic on the zebra port.
@@ -68001,7 +72152,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_zebra_port" lineno="77706">
+<interface name="corenet_tcp_bind_zebra_port" lineno="104731">
 <summary>
 Bind TCP sockets to the zebra port.
 </summary>
@@ -68012,7 +72163,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_zebra_port" lineno="77726">
+<interface name="corenet_udp_bind_zebra_port" lineno="104751">
 <summary>
 Bind UDP sockets to the zebra port.
 </summary>
@@ -68023,7 +72174,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_zebra_port" lineno="77745">
+<interface name="corenet_tcp_connect_zebra_port" lineno="104770">
 <summary>
 Make a TCP connection to the zebra port.
 </summary>
@@ -68033,7 +72184,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_zebra_client_packets" lineno="77765">
+<interface name="corenet_send_zebra_client_packets" lineno="104790">
 <summary>
 Send zebra_client packets.
 </summary>
@@ -68044,7 +72195,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_zebra_client_packets" lineno="77784">
+<interface name="corenet_dontaudit_send_zebra_client_packets" lineno="104809">
 <summary>
 Do not audit attempts to send zebra_client packets.
 </summary>
@@ -68055,7 +72206,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_zebra_client_packets" lineno="77803">
+<interface name="corenet_receive_zebra_client_packets" lineno="104828">
 <summary>
 Receive zebra_client packets.
 </summary>
@@ -68066,7 +72217,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_zebra_client_packets" lineno="77822">
+<interface name="corenet_dontaudit_receive_zebra_client_packets" lineno="104847">
 <summary>
 Do not audit attempts to receive zebra_client packets.
 </summary>
@@ -68077,7 +72228,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_zebra_client_packets" lineno="77841">
+<interface name="corenet_sendrecv_zebra_client_packets" lineno="104866">
 <summary>
 Send and receive zebra_client packets.
 </summary>
@@ -68088,7 +72239,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_zebra_client_packets" lineno="77857">
+<interface name="corenet_dontaudit_sendrecv_zebra_client_packets" lineno="104882">
 <summary>
 Do not audit attempts to send and receive zebra_client packets.
 </summary>
@@ -68099,7 +72250,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_zebra_client_packets" lineno="77872">
+<interface name="corenet_relabelto_zebra_client_packets" lineno="104897">
 <summary>
 Relabel packets to zebra_client the packet type.
 </summary>
@@ -68109,7 +72260,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_zebra_server_packets" lineno="77892">
+<interface name="corenet_send_zebra_server_packets" lineno="104917">
 <summary>
 Send zebra_server packets.
 </summary>
@@ -68120,7 +72271,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_zebra_server_packets" lineno="77911">
+<interface name="corenet_dontaudit_send_zebra_server_packets" lineno="104936">
 <summary>
 Do not audit attempts to send zebra_server packets.
 </summary>
@@ -68131,7 +72282,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_zebra_server_packets" lineno="77930">
+<interface name="corenet_receive_zebra_server_packets" lineno="104955">
 <summary>
 Receive zebra_server packets.
 </summary>
@@ -68142,7 +72293,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_zebra_server_packets" lineno="77949">
+<interface name="corenet_dontaudit_receive_zebra_server_packets" lineno="104974">
 <summary>
 Do not audit attempts to receive zebra_server packets.
 </summary>
@@ -68153,7 +72304,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_zebra_server_packets" lineno="77968">
+<interface name="corenet_sendrecv_zebra_server_packets" lineno="104993">
 <summary>
 Send and receive zebra_server packets.
 </summary>
@@ -68164,7 +72315,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_zebra_server_packets" lineno="77984">
+<interface name="corenet_dontaudit_sendrecv_zebra_server_packets" lineno="105009">
 <summary>
 Do not audit attempts to send and receive zebra_server packets.
 </summary>
@@ -68175,7 +72326,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_zebra_server_packets" lineno="77999">
+<interface name="corenet_relabelto_zebra_server_packets" lineno="105024">
 <summary>
 Relabel packets to zebra_server the packet type.
 </summary>
@@ -68185,7 +72336,269 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_zope_port" lineno="78021">
+<interface name="corenet_tcp_sendrecv_zented_port" lineno="105046">
+<summary>
+Send and receive TCP traffic on the zented port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_udp_send_zented_port" lineno="105065">
+<summary>
+Send UDP traffic on the zented port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_send_zented_port" lineno="105084">
+<summary>
+Do not audit attempts to send UDP traffic on the zented port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_receive_zented_port" lineno="105103">
+<summary>
+Receive UDP traffic on the zented port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_receive_zented_port" lineno="105122">
+<summary>
+Do not audit attempts to receive UDP traffic on the zented port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_sendrecv_zented_port" lineno="105141">
+<summary>
+Send and receive UDP traffic on the zented port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_udp_sendrecv_zented_port" lineno="105158">
+<summary>
+Do not audit attempts to send and receive
+UDP traffic on the zented port.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_bind_zented_port" lineno="105174">
+<summary>
+Bind TCP sockets to the zented port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_udp_bind_zented_port" lineno="105194">
+<summary>
+Bind UDP sockets to the zented port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_tcp_connect_zented_port" lineno="105213">
+<summary>
+Make a TCP connection to the zented port.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_zented_client_packets" lineno="105233">
+<summary>
+Send zented_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_zented_client_packets" lineno="105252">
+<summary>
+Do not audit attempts to send zented_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_zented_client_packets" lineno="105271">
+<summary>
+Receive zented_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_zented_client_packets" lineno="105290">
+<summary>
+Do not audit attempts to receive zented_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_zented_client_packets" lineno="105309">
+<summary>
+Send and receive zented_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_zented_client_packets" lineno="105325">
+<summary>
+Do not audit attempts to send and receive zented_client packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_zented_client_packets" lineno="105340">
+<summary>
+Relabel packets to zented_client the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_send_zented_server_packets" lineno="105360">
+<summary>
+Send zented_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_send_zented_server_packets" lineno="105379">
+<summary>
+Do not audit attempts to send zented_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_receive_zented_server_packets" lineno="105398">
+<summary>
+Receive zented_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_receive_zented_server_packets" lineno="105417">
+<summary>
+Do not audit attempts to receive zented_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_sendrecv_zented_server_packets" lineno="105436">
+<summary>
+Send and receive zented_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="corenet_dontaudit_sendrecv_zented_server_packets" lineno="105452">
+<summary>
+Do not audit attempts to send and receive zented_server packets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="corenet_relabelto_zented_server_packets" lineno="105467">
+<summary>
+Relabel packets to zented_server the packet type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corenet_tcp_sendrecv_zope_port" lineno="105489">
 <summary>
 Send and receive TCP traffic on the zope port.
 </summary>
@@ -68196,7 +72609,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_zope_port" lineno="78040">
+<interface name="corenet_udp_send_zope_port" lineno="105508">
 <summary>
 Send UDP traffic on the zope port.
 </summary>
@@ -68207,7 +72620,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_send_zope_port" lineno="78059">
+<interface name="corenet_dontaudit_udp_send_zope_port" lineno="105527">
 <summary>
 Do not audit attempts to send UDP traffic on the zope port.
 </summary>
@@ -68218,7 +72631,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_receive_zope_port" lineno="78078">
+<interface name="corenet_udp_receive_zope_port" lineno="105546">
 <summary>
 Receive UDP traffic on the zope port.
 </summary>
@@ -68229,7 +72642,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_receive_zope_port" lineno="78097">
+<interface name="corenet_dontaudit_udp_receive_zope_port" lineno="105565">
 <summary>
 Do not audit attempts to receive UDP traffic on the zope port.
 </summary>
@@ -68240,7 +72653,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_sendrecv_zope_port" lineno="78116">
+<interface name="corenet_udp_sendrecv_zope_port" lineno="105584">
 <summary>
 Send and receive UDP traffic on the zope port.
 </summary>
@@ -68251,7 +72664,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_udp_sendrecv_zope_port" lineno="78133">
+<interface name="corenet_dontaudit_udp_sendrecv_zope_port" lineno="105601">
 <summary>
 Do not audit attempts to send and receive
 UDP traffic on the zope port.
@@ -68263,7 +72676,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_bind_zope_port" lineno="78149">
+<interface name="corenet_tcp_bind_zope_port" lineno="105617">
 <summary>
 Bind TCP sockets to the zope port.
 </summary>
@@ -68274,7 +72687,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_udp_bind_zope_port" lineno="78169">
+<interface name="corenet_udp_bind_zope_port" lineno="105637">
 <summary>
 Bind UDP sockets to the zope port.
 </summary>
@@ -68285,7 +72698,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_tcp_connect_zope_port" lineno="78188">
+<interface name="corenet_tcp_connect_zope_port" lineno="105656">
 <summary>
 Make a TCP connection to the zope port.
 </summary>
@@ -68295,7 +72708,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_zope_client_packets" lineno="78208">
+<interface name="corenet_send_zope_client_packets" lineno="105676">
 <summary>
 Send zope_client packets.
 </summary>
@@ -68306,7 +72719,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_zope_client_packets" lineno="78227">
+<interface name="corenet_dontaudit_send_zope_client_packets" lineno="105695">
 <summary>
 Do not audit attempts to send zope_client packets.
 </summary>
@@ -68317,7 +72730,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_zope_client_packets" lineno="78246">
+<interface name="corenet_receive_zope_client_packets" lineno="105714">
 <summary>
 Receive zope_client packets.
 </summary>
@@ -68328,7 +72741,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_zope_client_packets" lineno="78265">
+<interface name="corenet_dontaudit_receive_zope_client_packets" lineno="105733">
 <summary>
 Do not audit attempts to receive zope_client packets.
 </summary>
@@ -68339,7 +72752,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_zope_client_packets" lineno="78284">
+<interface name="corenet_sendrecv_zope_client_packets" lineno="105752">
 <summary>
 Send and receive zope_client packets.
 </summary>
@@ -68350,7 +72763,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_zope_client_packets" lineno="78300">
+<interface name="corenet_dontaudit_sendrecv_zope_client_packets" lineno="105768">
 <summary>
 Do not audit attempts to send and receive zope_client packets.
 </summary>
@@ -68361,7 +72774,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_zope_client_packets" lineno="78315">
+<interface name="corenet_relabelto_zope_client_packets" lineno="105783">
 <summary>
 Relabel packets to zope_client the packet type.
 </summary>
@@ -68371,7 +72784,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_send_zope_server_packets" lineno="78335">
+<interface name="corenet_send_zope_server_packets" lineno="105803">
 <summary>
 Send zope_server packets.
 </summary>
@@ -68382,7 +72795,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_send_zope_server_packets" lineno="78354">
+<interface name="corenet_dontaudit_send_zope_server_packets" lineno="105822">
 <summary>
 Do not audit attempts to send zope_server packets.
 </summary>
@@ -68393,7 +72806,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_receive_zope_server_packets" lineno="78373">
+<interface name="corenet_receive_zope_server_packets" lineno="105841">
 <summary>
 Receive zope_server packets.
 </summary>
@@ -68404,7 +72817,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_receive_zope_server_packets" lineno="78392">
+<interface name="corenet_dontaudit_receive_zope_server_packets" lineno="105860">
 <summary>
 Do not audit attempts to receive zope_server packets.
 </summary>
@@ -68415,7 +72828,7 @@ Domain allowed access.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_sendrecv_zope_server_packets" lineno="78411">
+<interface name="corenet_sendrecv_zope_server_packets" lineno="105879">
 <summary>
 Send and receive zope_server packets.
 </summary>
@@ -68426,7 +72839,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_dontaudit_sendrecv_zope_server_packets" lineno="78427">
+<interface name="corenet_dontaudit_sendrecv_zope_server_packets" lineno="105895">
 <summary>
 Do not audit attempts to send and receive zope_server packets.
 </summary>
@@ -68437,7 +72850,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="corenet_relabelto_zope_server_packets" lineno="78442">
+<interface name="corenet_relabelto_zope_server_packets" lineno="105910">
 <summary>
 Relabel packets to zope_server the packet type.
 </summary>
@@ -68447,7 +72860,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="corenet_tcp_sendrecv_lo_if" lineno="78465">
+<interface name="corenet_tcp_sendrecv_lo_if" lineno="105933">
 <summary>
 Send and receive TCP network traffic on the lo interface.
 </summary>
@@ -68458,7 +72871,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_udp_send_lo_if" lineno="78484">
+<interface name="corenet_udp_send_lo_if" lineno="105952">
 <summary>
 Send UDP network traffic on the lo interface.
 </summary>
@@ -68469,7 +72882,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_udp_receive_lo_if" lineno="78503">
+<interface name="corenet_udp_receive_lo_if" lineno="105971">
 <summary>
 Receive UDP network traffic on the lo interface.
 </summary>
@@ -68480,7 +72893,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_udp_sendrecv_lo_if" lineno="78522">
+<interface name="corenet_udp_sendrecv_lo_if" lineno="105990">
 <summary>
 Send and receive UDP network traffic on the lo interface.
 </summary>
@@ -68491,7 +72904,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="corenet_raw_send_lo_if" lineno="78538">
+<interface name="corenet_raw_send_lo_if" lineno="106006">
 <summary>
 Send raw IP packets on the lo interface.
 </summary>
@@ -68502,7 +72915,7 @@ Domain allowed access.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="corenet_raw_receive_lo_if" lineno="78557">
+<interface name="corenet_raw_receive_lo_if" lineno="106025">
 <summary>
 Receive raw IP packets on the lo interface.
 </summary>
@@ -68513,7 +72926,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="corenet_raw_sendrecv_lo_if" lineno="78576">
+<interface name="corenet_raw_sendrecv_lo_if" lineno="106044">
 <summary>
 Send and receive raw IP packets on the lo interface.
 </summary>
@@ -68631,7 +73044,18 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="dev_list_all_dev_nodes" lineno="165">
+<interface name="dev_relabel_all_dev_files" lineno="166">
+<summary>
+Allow full relabeling (to and from) of all device files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="dev_list_all_dev_nodes" lineno="184">
 <summary>
 List all of the device nodes in a device directory.
 </summary>
@@ -68641,7 +73065,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_setattr_generic_dirs" lineno="184">
+<interface name="dev_setattr_generic_dirs" lineno="203">
 <summary>
 Set the attributes of /dev directories.
 </summary>
@@ -68651,7 +73075,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_dontaudit_list_all_dev_nodes" lineno="202">
+<interface name="dev_dontaudit_list_all_dev_nodes" lineno="221">
 <summary>
 Dontaudit attempts to list all device nodes.
 </summary>
@@ -68661,7 +73085,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dev_add_entry_generic_dirs" lineno="220">
+<interface name="dev_add_entry_generic_dirs" lineno="239">
 <summary>
 Add entries to directories in /dev.
 </summary>
@@ -68671,9 +73095,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_remove_entry_generic_dirs" lineno="238">
+<interface name="dev_remove_entry_generic_dirs" lineno="257">
 <summary>
-Add entries to directories in /dev.
+Remove entries from directories in /dev.
 </summary>
 <param name="domain">
 <summary>
@@ -68681,7 +73105,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_create_generic_dirs" lineno="256">
+<interface name="dev_create_generic_dirs" lineno="275">
 <summary>
 Create a directory in the device directory.
 </summary>
@@ -68691,7 +73115,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_delete_generic_dirs" lineno="275">
+<interface name="dev_delete_generic_dirs" lineno="294">
 <summary>
 Delete a directory in the device directory.
 </summary>
@@ -68701,7 +73125,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_manage_generic_dirs" lineno="293">
+<interface name="dev_manage_generic_dirs" lineno="312">
 <summary>
 Manage of directories in /dev.
 </summary>
@@ -68711,7 +73135,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_relabel_generic_dev_dirs" lineno="311">
+<interface name="dev_relabel_generic_dev_dirs" lineno="330">
 <summary>
 Allow full relabeling (to and from) of directories in /dev.
 </summary>
@@ -68721,7 +73145,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_dontaudit_getattr_generic_files" lineno="329">
+<interface name="dev_dontaudit_getattr_generic_files" lineno="348">
 <summary>
 dontaudit getattr generic files in /dev.
 </summary>
@@ -68731,7 +73155,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dev_read_generic_files" lineno="347">
+<interface name="dev_read_generic_files" lineno="366">
 <summary>
 Read generic files in /dev.
 </summary>
@@ -68741,7 +73165,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dev_rw_generic_files" lineno="365">
+<interface name="dev_rw_generic_files" lineno="384">
 <summary>
 Read and write generic files in /dev.
 </summary>
@@ -68751,7 +73175,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_delete_generic_files" lineno="383">
+<interface name="dev_delete_generic_files" lineno="402">
 <summary>
 Delete generic files in /dev.
 </summary>
@@ -68761,7 +73185,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_manage_generic_files" lineno="401">
+<interface name="dev_manage_generic_files" lineno="420">
 <summary>
 Create a file in the device directory.
 </summary>
@@ -68771,7 +73195,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_dontaudit_getattr_generic_pipes" lineno="419">
+<interface name="dev_dontaudit_getattr_generic_pipes" lineno="438">
 <summary>
 Dontaudit getattr on generic pipes.
 </summary>
@@ -68781,7 +73205,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dev_write_generic_sockets" lineno="437">
+<interface name="dev_write_generic_sockets" lineno="456">
 <summary>
 Write generic socket files in /dev.
 </summary>
@@ -68791,7 +73215,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dev_getattr_generic_blk_files" lineno="455">
+<interface name="dev_getattr_generic_blk_files" lineno="474">
 <summary>
 Allow getattr on generic block devices.
 </summary>
@@ -68801,7 +73225,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_dontaudit_getattr_generic_blk_files" lineno="473">
+<interface name="dev_dontaudit_getattr_generic_blk_files" lineno="492">
 <summary>
 Dontaudit getattr on generic block devices.
 </summary>
@@ -68811,7 +73235,18 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dev_dontaudit_setattr_generic_blk_files" lineno="491">
+<interface name="dev_setattr_generic_blk_files" lineno="511">
+<summary>
+Set the attributes on generic
+block devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_setattr_generic_blk_files" lineno="529">
 <summary>
 Dontaudit setattr on generic block devices.
 </summary>
@@ -68821,7 +73256,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dev_create_generic_blk_files" lineno="509">
+<interface name="dev_create_generic_blk_files" lineno="547">
 <summary>
 Create generic block device files.
 </summary>
@@ -68831,7 +73266,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_delete_generic_blk_files" lineno="527">
+<interface name="dev_delete_generic_blk_files" lineno="565">
 <summary>
 Delete generic block device files.
 </summary>
@@ -68841,7 +73276,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_getattr_generic_chr_files" lineno="545">
+<interface name="dev_getattr_generic_chr_files" lineno="583">
 <summary>
 Allow getattr for generic character device files.
 </summary>
@@ -68851,7 +73286,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_dontaudit_getattr_generic_chr_files" lineno="563">
+<interface name="dev_dontaudit_getattr_generic_chr_files" lineno="601">
 <summary>
 Dontaudit getattr for generic character device files.
 </summary>
@@ -68861,7 +73296,18 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dev_dontaudit_setattr_generic_chr_files" lineno="581">
+<interface name="dev_setattr_generic_chr_files" lineno="620">
+<summary>
+Set the attributes for generic
+character device files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_setattr_generic_chr_files" lineno="638">
 <summary>
 Dontaudit setattr for generic character device files.
 </summary>
@@ -68871,7 +73317,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dev_read_generic_chr_files" lineno="599">
+<interface name="dev_read_generic_chr_files" lineno="656">
 <summary>
 Read generic character device files.
 </summary>
@@ -68881,7 +73327,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_rw_generic_chr_files" lineno="617">
+<interface name="dev_rw_generic_chr_files" lineno="674">
 <summary>
 Read and write generic character device files.
 </summary>
@@ -68891,7 +73337,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_rw_generic_blk_files" lineno="635">
+<interface name="dev_rw_generic_blk_files" lineno="692">
 <summary>
 Read and write generic block device files.
 </summary>
@@ -68901,7 +73347,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_dontaudit_rw_generic_chr_files" lineno="653">
+<interface name="dev_dontaudit_rw_generic_chr_files" lineno="710">
 <summary>
 Dontaudit attempts to read/write generic character device files.
 </summary>
@@ -68911,7 +73357,7 @@ Domain to dontaudit access.
 </summary>
 </param>
 </interface>
-<interface name="dev_create_generic_chr_files" lineno="671">
+<interface name="dev_create_generic_chr_files" lineno="728">
 <summary>
 Create generic character device files.
 </summary>
@@ -68921,7 +73367,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_delete_generic_chr_files" lineno="689">
+<interface name="dev_delete_generic_chr_files" lineno="746">
 <summary>
 Delete generic character device files.
 </summary>
@@ -68931,7 +73377,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_relabelfrom_generic_chr_files" lineno="707">
+<interface name="dev_relabelfrom_generic_chr_files" lineno="764">
 <summary>
 Relabel from generic character device files.
 </summary>
@@ -68941,7 +73387,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_dontaudit_setattr_generic_symlinks" lineno="726">
+<interface name="dev_dontaudit_setattr_generic_symlinks" lineno="783">
 <summary>
 Do not audit attempts to set the attributes
 of symbolic links in device directories (/dev).
@@ -68952,7 +73398,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dev_read_generic_symlinks" lineno="744">
+<interface name="dev_read_generic_symlinks" lineno="801">
 <summary>
 Read symbolic links in device directories.
 </summary>
@@ -68962,7 +73408,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_create_generic_symlinks" lineno="762">
+<interface name="dev_create_generic_symlinks" lineno="819">
 <summary>
 Create symbolic links in device directories.
 </summary>
@@ -68972,7 +73418,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_delete_generic_symlinks" lineno="780">
+<interface name="dev_delete_generic_symlinks" lineno="837">
 <summary>
 Delete symbolic links in device directories.
 </summary>
@@ -68982,7 +73428,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_manage_generic_symlinks" lineno="798">
+<interface name="dev_manage_generic_symlinks" lineno="855">
 <summary>
 Create, delete, read, and write symbolic links in device directories.
 </summary>
@@ -68992,7 +73438,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_relabel_generic_symlinks" lineno="816">
+<interface name="dev_relabel_generic_symlinks" lineno="873">
 <summary>
 Relabel symbolic links in device directories.
 </summary>
@@ -69002,7 +73448,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_manage_all_dev_nodes" lineno="834">
+<interface name="dev_write_generic_sock_files" lineno="891">
+<summary>
+Write generic sock files in /dev.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_manage_all_dev_nodes" lineno="909">
 <summary>
 Create, delete, read, and write device nodes in device directories.
 </summary>
@@ -69012,7 +73468,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_dontaudit_rw_generic_dev_nodes" lineno="870">
+<interface name="dev_dontaudit_rw_generic_dev_nodes" lineno="945">
 <summary>
 Dontaudit getattr for generic device files.
 </summary>
@@ -69022,7 +73478,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dev_manage_generic_blk_files" lineno="888">
+<interface name="dev_manage_generic_blk_files" lineno="963">
 <summary>
 Create, delete, read, and write block device files.
 </summary>
@@ -69032,7 +73488,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_manage_generic_chr_files" lineno="906">
+<interface name="dev_manage_generic_chr_files" lineno="981">
 <summary>
 Create, delete, read, and write character device files.
 </summary>
@@ -69042,7 +73498,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_filetrans" lineno="941">
+<interface name="dev_filetrans" lineno="1016">
 <summary>
 Create, read, and write device nodes. The node
 will be transitioned to the type provided.
@@ -69069,7 +73525,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="dev_tmpfs_filetrans_dev" lineno="976">
+<interface name="dev_tmpfs_filetrans_dev" lineno="1051">
 <summary>
 Create, read, and write device nodes. The node
 will be transitioned to the type provided.  This is
@@ -69093,7 +73549,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="dev_getattr_all_blk_files" lineno="995">
+<interface name="dev_getattr_all_blk_files" lineno="1070">
 <summary>
 Getattr on all block file device nodes.
 </summary>
@@ -69104,7 +73560,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="dev_dontaudit_getattr_all_blk_files" lineno="1014">
+<interface name="dev_dontaudit_getattr_all_blk_files" lineno="1089">
 <summary>
 Dontaudit getattr on all block file device nodes.
 </summary>
@@ -69114,7 +73570,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dev_getattr_all_chr_files" lineno="1034">
+<interface name="dev_getattr_all_chr_files" lineno="1109">
 <summary>
 Getattr on all character file device nodes.
 </summary>
@@ -69125,7 +73581,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="dev_dontaudit_getattr_all_chr_files" lineno="1052">
+<interface name="dev_dontaudit_getattr_all_chr_files" lineno="1127">
 <summary>
 Dontaudit getattr on all character file device nodes.
 </summary>
@@ -69135,7 +73591,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dev_setattr_all_blk_files" lineno="1072">
+<interface name="dev_setattr_all_blk_files" lineno="1147">
 <summary>
 Setattr on all block file device nodes.
 </summary>
@@ -69146,7 +73602,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="dev_setattr_all_chr_files" lineno="1091">
+<interface name="dev_setattr_all_chr_files" lineno="1166">
 <summary>
 Setattr on all character file device nodes.
 </summary>
@@ -69157,7 +73613,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="dev_dontaudit_read_all_blk_files" lineno="1109">
+<interface name="dev_dontaudit_read_all_blk_files" lineno="1184">
 <summary>
 Dontaudit read on all block file device nodes.
 </summary>
@@ -69167,7 +73623,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dev_dontaudit_write_all_blk_files" lineno="1127">
+<interface name="dev_dontaudit_write_all_blk_files" lineno="1202">
 <summary>
 Dontaudit write on all block file device nodes.
 </summary>
@@ -69177,7 +73633,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dev_dontaudit_read_all_chr_files" lineno="1145">
+<interface name="dev_dontaudit_read_all_chr_files" lineno="1220">
 <summary>
 Dontaudit read on all character file device nodes.
 </summary>
@@ -69187,7 +73643,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dev_dontaudit_write_all_chr_files" lineno="1163">
+<interface name="dev_dontaudit_write_all_chr_files" lineno="1238">
 <summary>
 Dontaudit write on all character file device nodes.
 </summary>
@@ -69197,7 +73653,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dev_create_all_blk_files" lineno="1181">
+<interface name="dev_create_all_blk_files" lineno="1256">
 <summary>
 Create all block device files.
 </summary>
@@ -69207,7 +73663,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_create_all_chr_files" lineno="1199">
+<interface name="dev_create_all_chr_files" lineno="1274">
 <summary>
 Create all character device files.
 </summary>
@@ -69217,7 +73673,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_delete_all_blk_files" lineno="1217">
+<interface name="dev_delete_all_blk_files" lineno="1292">
 <summary>
 Delete all block device files.
 </summary>
@@ -69227,7 +73683,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_delete_all_chr_files" lineno="1235">
+<interface name="dev_delete_all_chr_files" lineno="1310">
 <summary>
 Delete all character device files.
 </summary>
@@ -69237,7 +73693,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_rename_all_blk_files" lineno="1253">
+<interface name="dev_rename_all_blk_files" lineno="1328">
 <summary>
 Rename all block device files.
 </summary>
@@ -69247,7 +73703,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_rename_all_chr_files" lineno="1271">
+<interface name="dev_rename_all_chr_files" lineno="1346">
 <summary>
 Rename all character device files.
 </summary>
@@ -69257,7 +73713,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_manage_all_blk_files" lineno="1289">
+<interface name="dev_manage_all_blk_files" lineno="1364">
 <summary>
 Read, write, create, and delete all block device files.
 </summary>
@@ -69267,7 +73723,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_manage_all_chr_files" lineno="1313">
+<interface name="dev_manage_all_chr_files" lineno="1388">
 <summary>
 Read, write, create, and delete all character device files.
 </summary>
@@ -69277,9 +73733,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_getattr_agp_dev" lineno="1333">
+<interface name="dev_getattr_acpi_bios_dev" lineno="1408">
 <summary>
-Getattr the agp devices.
+Get the attributes of the apm bios device node.
 </summary>
 <param name="domain">
 <summary>
@@ -69287,19 +73743,20 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_rw_agp" lineno="1351">
+<interface name="dev_dontaudit_getattr_acpi_bios_dev" lineno="1427">
 <summary>
-Read and write the agp devices.
+Do not audit attempts to get the attributes of
+the apm bios device node.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dev_getattr_apm_bios_dev" lineno="1369">
+<interface name="dev_setattr_acpi_bios_dev" lineno="1445">
 <summary>
-Get the attributes of the apm bios device node.
+Set the attributes of the apm bios device node.
 </summary>
 <param name="domain">
 <summary>
@@ -69307,9 +73764,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_dontaudit_getattr_apm_bios_dev" lineno="1388">
+<interface name="dev_dontaudit_setattr_acpi_bios_dev" lineno="1464">
 <summary>
-Do not audit attempts to get the attributes of
+Do not audit attempts to set the attributes of
 the apm bios device node.
 </summary>
 <param name="domain">
@@ -69318,9 +73775,9 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dev_setattr_apm_bios_dev" lineno="1406">
+<interface name="dev_rw_acpi_bios" lineno="1482">
 <summary>
-Set the attributes of the apm bios device node.
+Read and write the apm bios.
 </summary>
 <param name="domain">
 <summary>
@@ -69328,20 +73785,19 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_dontaudit_setattr_apm_bios_dev" lineno="1425">
+<interface name="dev_getattr_agp_dev" lineno="1500">
 <summary>
-Do not audit attempts to set the attributes of
-the apm bios device node.
+Getattr the agp devices.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_rw_apm_bios" lineno="1443">
+<interface name="dev_rw_agp" lineno="1518">
 <summary>
-Read and write the apm bios.
+Read and write the agp devices.
 </summary>
 <param name="domain">
 <summary>
@@ -69349,7 +73805,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_getattr_autofs_dev" lineno="1461">
+<interface name="dev_getattr_autofs_dev" lineno="1537">
 <summary>
 Get the attributes of the autofs device node.
 </summary>
@@ -69359,7 +73815,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_dontaudit_getattr_autofs_dev" lineno="1480">
+<interface name="dev_dontaudit_getattr_autofs_dev" lineno="1556">
 <summary>
 Do not audit attempts to get the attributes of
 the autofs device node.
@@ -69370,7 +73826,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dev_setattr_autofs_dev" lineno="1498">
+<interface name="dev_setattr_autofs_dev" lineno="1574">
 <summary>
 Set the attributes of the autofs device node.
 </summary>
@@ -69380,7 +73836,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_dontaudit_setattr_autofs_dev" lineno="1517">
+<interface name="dev_dontaudit_setattr_autofs_dev" lineno="1593">
 <summary>
 Do not audit attempts to set the attributes of
 the autofs device node.
@@ -69391,7 +73847,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dev_rw_autofs" lineno="1535">
+<interface name="dev_rw_autofs" lineno="1611">
 <summary>
 Read and write the autofs device.
 </summary>
@@ -69401,7 +73857,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_relabel_autofs_dev" lineno="1553">
+<interface name="dev_relabel_autofs_dev" lineno="1629">
 <summary>
 Relabel the autofs device node.
 </summary>
@@ -69411,7 +73867,18 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_rw_cardmgr" lineno="1571">
+<interface name="dev_rw_cachefiles" lineno="1648">
+<summary>
+Read and write cachefiles character
+device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_rw_cardmgr" lineno="1666">
 <summary>
 Read and write the PCMCIA card manager device.
 </summary>
@@ -69421,7 +73888,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_dontaudit_rw_cardmgr" lineno="1590">
+<interface name="dev_dontaudit_rw_cardmgr" lineno="1685">
 <summary>
 Do not audit attempts to read and
 write the PCMCIA card manager device.
@@ -69432,7 +73899,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dev_create_cardmgr_dev" lineno="1610">
+<interface name="dev_create_cardmgr_dev" lineno="1705">
 <summary>
 Create, read, write, and delete
 the PCMCIA card manager device
@@ -69444,7 +73911,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_manage_cardmgr_dev" lineno="1630">
+<interface name="dev_manage_cardmgr_dev" lineno="1725">
 <summary>
 Create, read, write, and delete
 the PCMCIA card manager device.
@@ -69455,7 +73922,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_filetrans_cardmgr" lineno="1656">
+<interface name="dev_filetrans_cardmgr" lineno="1751">
 <summary>
 Automatic type transition to the type
 for PCMCIA card manager device nodes when
@@ -69472,7 +73939,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="dev_getattr_cpu_dev" lineno="1675">
+<interface name="dev_getattr_cpu_dev" lineno="1770">
 <summary>
 Get the attributes of the CPU
 microcode and id interfaces.
@@ -69483,7 +73950,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_setattr_cpu_dev" lineno="1694">
+<interface name="dev_setattr_cpu_dev" lineno="1789">
 <summary>
 Set the attributes of the CPU
 microcode and id interfaces.
@@ -69494,7 +73961,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_read_cpuid" lineno="1712">
+<interface name="dev_read_cpuid" lineno="1807">
 <summary>
 Read the CPU identity.
 </summary>
@@ -69504,7 +73971,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_rw_cpu_microcode" lineno="1731">
+<interface name="dev_rw_cpu_microcode" lineno="1826">
 <summary>
 Read and write the the CPU microcode device. This
 is required to load CPU microcode.
@@ -69515,7 +73982,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_read_crash" lineno="1749">
+<interface name="dev_read_crash" lineno="1844">
 <summary>
 Read the kernel crash device
 </summary>
@@ -69525,7 +73992,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_rw_crypto" lineno="1767">
+<interface name="dev_rw_crypto" lineno="1862">
 <summary>
 Read and write the the hardware SSL accelerator.
 </summary>
@@ -69535,7 +74002,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_setattr_dlm_control" lineno="1785">
+<interface name="dev_setattr_dlm_control" lineno="1880">
 <summary>
 Set the attributes of the dlm control devices.
 </summary>
@@ -69545,7 +74012,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_rw_dlm_control" lineno="1803">
+<interface name="dev_rw_dlm_control" lineno="1898">
 <summary>
 Read and write the the dlm control device
 </summary>
@@ -69555,7 +74022,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_getattr_dri_dev" lineno="1821">
+<interface name="dev_getattr_dri_dev" lineno="1916">
 <summary>
 getattr the dri devices.
 </summary>
@@ -69565,7 +74032,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_setattr_dri_dev" lineno="1839">
+<interface name="dev_setattr_dri_dev" lineno="1934">
 <summary>
 Setattr the dri devices.
 </summary>
@@ -69575,7 +74042,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_rw_dri" lineno="1857">
+<interface name="dev_rw_dri" lineno="1952">
 <summary>
 Read and write the dri devices.
 </summary>
@@ -69585,7 +74052,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_dontaudit_rw_dri" lineno="1875">
+<interface name="dev_dontaudit_rw_dri" lineno="1971">
 <summary>
 Dontaudit read and write on the dri devices.
 </summary>
@@ -69595,7 +74062,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dev_manage_dri_dev" lineno="1893">
+<interface name="dev_manage_dri_dev" lineno="1989">
 <summary>
 Create, read, write, and delete the dri devices.
 </summary>
@@ -69605,7 +74072,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_filetrans_dri" lineno="1917">
+<interface name="dev_filetrans_dri" lineno="2014">
 <summary>
 Automatic type transition to the type
 for DRI device nodes when created in /dev.
@@ -69621,7 +74088,23 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="dev_getattr_input_dev" lineno="1935">
+<interface name="dev_filetrans_input_dev" lineno="2038">
+<summary>
+Automatic type transition to the type
+for event device nodes when created in /dev.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="dev_getattr_input_dev" lineno="2056">
 <summary>
 Get the attributes of the event devices.
 </summary>
@@ -69631,7 +74114,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_setattr_input_dev" lineno="1954">
+<interface name="dev_setattr_input_dev" lineno="2075">
 <summary>
 Set the attributes of the event devices.
 </summary>
@@ -69641,7 +74124,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_read_input" lineno="1973">
+<interface name="dev_read_input" lineno="2094">
 <summary>
 Read input event devices (/dev/input).
 </summary>
@@ -69651,9 +74134,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_rw_input_dev" lineno="1991">
+<interface name="dev_rw_input_dev" lineno="2112">
 <summary>
-Read input event devices (/dev/input).
+Read and write input event devices (/dev/input).
 </summary>
 <param name="domain">
 <summary>
@@ -69661,7 +74144,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_getattr_framebuffer_dev" lineno="2009">
+<interface name="dev_manage_input_dev" lineno="2130">
+<summary>
+Create, read, write, and delete input event devices (/dev/input).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_getattr_framebuffer_dev" lineno="2148">
 <summary>
 Get the attributes of the framebuffer device node.
 </summary>
@@ -69671,7 +74164,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_setattr_framebuffer_dev" lineno="2027">
+<interface name="dev_setattr_framebuffer_dev" lineno="2166">
 <summary>
 Set the attributes of the framebuffer device node.
 </summary>
@@ -69681,7 +74174,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_dontaudit_setattr_framebuffer_dev" lineno="2046">
+<interface name="dev_dontaudit_setattr_framebuffer_dev" lineno="2185">
 <summary>
 Dot not audit attempts to set the attributes
 of the framebuffer device node.
@@ -69692,7 +74185,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dev_read_framebuffer" lineno="2064">
+<interface name="dev_read_framebuffer" lineno="2203">
 <summary>
 Read the framebuffer.
 </summary>
@@ -69702,7 +74195,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_dontaudit_read_framebuffer" lineno="2082">
+<interface name="dev_dontaudit_read_framebuffer" lineno="2221">
 <summary>
 Do not audit attempts to read the framebuffer.
 </summary>
@@ -69712,7 +74205,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dev_write_framebuffer" lineno="2100">
+<interface name="dev_write_framebuffer" lineno="2239">
 <summary>
 Write the framebuffer.
 </summary>
@@ -69722,7 +74215,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_rw_framebuffer" lineno="2118">
+<interface name="dev_rw_framebuffer" lineno="2257">
 <summary>
 Read and write the framebuffer.
 </summary>
@@ -69732,7 +74225,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_read_kmsg" lineno="2136">
+<interface name="dev_read_kmsg" lineno="2275">
 <summary>
 Read the kernel messages
 </summary>
@@ -69742,7 +74235,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_dontaudit_read_kmsg" lineno="2154">
+<interface name="dev_dontaudit_read_kmsg" lineno="2293">
 <summary>
 Do not audit attempts to read the kernel messages
 </summary>
@@ -69752,7 +74245,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dev_write_kmsg" lineno="2172">
+<interface name="dev_write_kmsg" lineno="2311">
 <summary>
 Write to the kernel messages device
 </summary>
@@ -69762,7 +74255,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_getattr_ksm_dev" lineno="2190">
+<interface name="dev_rw_kmsg" lineno="2329">
+<summary>
+Read and write to the kernel messages device
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_getattr_ksm_dev" lineno="2347">
 <summary>
 Get the attributes of the ksm devices.
 </summary>
@@ -69772,7 +74275,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_setattr_ksm_dev" lineno="2208">
+<interface name="dev_setattr_ksm_dev" lineno="2365">
 <summary>
 Set the attributes of the ksm devices.
 </summary>
@@ -69782,7 +74285,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_read_ksm" lineno="2226">
+<interface name="dev_read_ksm" lineno="2383">
 <summary>
 Read the ksm devices.
 </summary>
@@ -69792,7 +74295,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_rw_ksm" lineno="2244">
+<interface name="dev_rw_ksm" lineno="2401">
 <summary>
 Read and write to ksm devices.
 </summary>
@@ -69802,7 +74305,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_getattr_kvm_dev" lineno="2262">
+<interface name="dev_getattr_kvm_dev" lineno="2419">
 <summary>
 Get the attributes of the kvm devices.
 </summary>
@@ -69812,7 +74315,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_setattr_kvm_dev" lineno="2280">
+<interface name="dev_setattr_kvm_dev" lineno="2437">
 <summary>
 Set the attributes of the kvm devices.
 </summary>
@@ -69822,7 +74325,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_read_kvm" lineno="2298">
+<interface name="dev_read_kvm" lineno="2455">
 <summary>
 Read the kvm devices.
 </summary>
@@ -69832,7 +74335,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_rw_kvm" lineno="2316">
+<interface name="dev_rw_kvm" lineno="2473">
 <summary>
 Read and write to kvm devices.
 </summary>
@@ -69842,7 +74345,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_read_lirc" lineno="2334">
+<interface name="dev_read_lirc" lineno="2491">
 <summary>
 Read the lirc device.
 </summary>
@@ -69852,7 +74355,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_rw_lirc" lineno="2352">
+<interface name="dev_rw_lirc" lineno="2509">
 <summary>
 Read and write the lirc device.
 </summary>
@@ -69862,7 +74365,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_filetrans_lirc" lineno="2376">
+<interface name="dev_filetrans_lirc" lineno="2533">
 <summary>
 Automatic type transition to the type
 for lirc device nodes when created in /dev.
@@ -69878,7 +74381,17 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="dev_getattr_lvm_control" lineno="2394">
+<interface name="dev_rw_loop_control" lineno="2551">
+<summary>
+Read and write the loop-control device.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_getattr_lvm_control" lineno="2569">
 <summary>
 Get the attributes of the lvm comtrol device.
 </summary>
@@ -69888,7 +74401,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_read_lvm_control" lineno="2412">
+<interface name="dev_read_lvm_control" lineno="2587">
 <summary>
 Read the lvm comtrol device.
 </summary>
@@ -69898,7 +74411,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_rw_lvm_control" lineno="2430">
+<interface name="dev_rw_lvm_control" lineno="2605">
 <summary>
 Read and write the lvm control device.
 </summary>
@@ -69908,7 +74421,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_dontaudit_rw_lvm_control" lineno="2448">
+<interface name="dev_dontaudit_rw_lvm_control" lineno="2623">
 <summary>
 Do not audit attempts to read and write lvm control device.
 </summary>
@@ -69918,7 +74431,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dev_delete_lvm_control_dev" lineno="2466">
+<interface name="dev_delete_lvm_control_dev" lineno="2641">
 <summary>
 Delete the lvm control device.
 </summary>
@@ -69928,7 +74441,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_dontaudit_getattr_memory_dev" lineno="2484">
+<interface name="dev_dontaudit_getattr_memory_dev" lineno="2659">
 <summary>
 dontaudit getattr raw memory devices (e.g. /dev/mem).
 </summary>
@@ -69938,7 +74451,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dev_read_raw_memory" lineno="2502">
+<interface name="dev_read_raw_memory" lineno="2677">
 <summary>
 Read raw memory devices (e.g. /dev/mem).
 </summary>
@@ -69948,7 +74461,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_dontaudit_read_raw_memory" lineno="2525">
+<interface name="dev_dontaudit_read_raw_memory" lineno="2700">
 <summary>
 Do not audit attempts to read raw memory devices
 (e.g. /dev/mem).
@@ -69959,7 +74472,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dev_write_raw_memory" lineno="2543">
+<interface name="dev_write_raw_memory" lineno="2718">
 <summary>
 Write raw memory devices (e.g. /dev/mem).
 </summary>
@@ -69969,7 +74482,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_rx_raw_memory" lineno="2565">
+<interface name="dev_rx_raw_memory" lineno="2740">
 <summary>
 Read and execute raw memory devices (e.g. /dev/mem).
 </summary>
@@ -69979,7 +74492,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_wx_raw_memory" lineno="2584">
+<interface name="dev_wx_raw_memory" lineno="2759">
 <summary>
 Write and execute raw memory devices (e.g. /dev/mem).
 </summary>
@@ -69989,7 +74502,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_getattr_misc_dev" lineno="2603">
+<interface name="dev_getattr_misc_dev" lineno="2778">
 <summary>
 Get the attributes of miscellaneous devices.
 </summary>
@@ -69999,7 +74512,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_dontaudit_getattr_misc_dev" lineno="2622">
+<interface name="dev_dontaudit_getattr_misc_dev" lineno="2797">
 <summary>
 Do not audit attempts to get the attributes
 of miscellaneous devices.
@@ -70010,7 +74523,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dev_setattr_misc_dev" lineno="2640">
+<interface name="dev_setattr_misc_dev" lineno="2815">
 <summary>
 Set the attributes of miscellaneous devices.
 </summary>
@@ -70020,7 +74533,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_dontaudit_setattr_misc_dev" lineno="2659">
+<interface name="dev_dontaudit_setattr_misc_dev" lineno="2834">
 <summary>
 Do not audit attempts to set the attributes
 of miscellaneous devices.
@@ -70031,7 +74544,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dev_read_misc" lineno="2677">
+<interface name="dev_read_misc" lineno="2852">
 <summary>
 Read miscellaneous devices.
 </summary>
@@ -70041,7 +74554,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_write_misc" lineno="2695">
+<interface name="dev_write_misc" lineno="2870">
 <summary>
 Write miscellaneous devices.
 </summary>
@@ -70051,7 +74564,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_dontaudit_rw_misc" lineno="2713">
+<interface name="dev_dontaudit_rw_misc" lineno="2888">
 <summary>
 Do not audit attempts to read and write miscellaneous devices.
 </summary>
@@ -70061,7 +74574,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_getattr_modem_dev" lineno="2731">
+<interface name="dev_getattr_modem_dev" lineno="2906">
 <summary>
 Get the attributes of the modem devices.
 </summary>
@@ -70071,7 +74584,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_setattr_modem_dev" lineno="2749">
+<interface name="dev_setattr_modem_dev" lineno="2924">
 <summary>
 Set the attributes of the modem devices.
 </summary>
@@ -70081,7 +74594,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_read_modem" lineno="2767">
+<interface name="dev_read_modem" lineno="2942">
 <summary>
 Read the modem devices.
 </summary>
@@ -70091,7 +74604,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_rw_modem" lineno="2785">
+<interface name="dev_rw_modem" lineno="2960">
 <summary>
 Read and write to modem devices.
 </summary>
@@ -70101,7 +74614,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_getattr_mouse_dev" lineno="2803">
+<interface name="dev_getattr_mouse_dev" lineno="2978">
 <summary>
 Get the attributes of the mouse devices.
 </summary>
@@ -70111,7 +74624,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_setattr_mouse_dev" lineno="2821">
+<interface name="dev_setattr_mouse_dev" lineno="2996">
 <summary>
 Set the attributes of the mouse devices.
 </summary>
@@ -70121,7 +74634,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_read_mouse" lineno="2839">
+<interface name="dev_read_mouse" lineno="3014">
 <summary>
 Read the mouse devices.
 </summary>
@@ -70131,7 +74644,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_rw_mouse" lineno="2857">
+<interface name="dev_rw_mouse" lineno="3032">
 <summary>
 Read and write to mouse devices.
 </summary>
@@ -70141,7 +74654,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_getattr_mtrr_dev" lineno="2876">
+<interface name="dev_getattr_mtrr_dev" lineno="3051">
 <summary>
 Get the attributes of the memory type range
 registers (MTRR) device.
@@ -70152,55 +74665,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_read_mtrr" lineno="2909">
-<summary>
-Read the memory type range
-registers (MTRR).  (Deprecated)
-</summary>
-<desc>
-<p>
-Read the memory type range
-registers (MTRR).  This interface has
-been deprecated, dev_rw_mtrr() should be
-used instead.
-</p>
-<p>
-The MTRR device ioctls can be used for
-reading and writing; thus, read access to the
-device cannot be separated from write access.
-</p>
-</desc>
-<param name="domain">
-<summary>
-Domain allowed access.
-</summary>
-</param>
-</interface>
-<interface name="dev_write_mtrr" lineno="2938">
-<summary>
-Write the memory type range
-registers (MTRR).  (Deprecated)
-</summary>
-<desc>
-<p>
-Write the memory type range
-registers (MTRR).  This interface has
-been deprecated, dev_rw_mtrr() should be
-used instead.
-</p>
-<p>
-The MTRR device ioctls can be used for
-reading and writing; thus, write access to the
-device cannot be separated from read access.
-</p>
-</desc>
-<param name="domain">
-<summary>
-Domain allowed access.
-</summary>
-</param>
-</interface>
-<interface name="dev_dontaudit_write_mtrr" lineno="2954">
+<interface name="dev_dontaudit_write_mtrr" lineno="3071">
 <summary>
 Do not audit attempts to write the memory type
 range registers (MTRR).
@@ -70211,7 +74676,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dev_rw_mtrr" lineno="2973">
+<interface name="dev_rw_mtrr" lineno="3090">
 <summary>
 Read and write the memory type range registers (MTRR).
 </summary>
@@ -70221,7 +74686,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_getattr_netcontrol_dev" lineno="2992">
+<interface name="dev_getattr_netcontrol_dev" lineno="3109">
 <summary>
 Get the attributes of the network control device
 </summary>
@@ -70231,7 +74696,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_read_netcontrol" lineno="3010">
+<interface name="dev_read_netcontrol" lineno="3127">
 <summary>
 Read the network control identity.
 </summary>
@@ -70241,7 +74706,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_rw_netcontrol" lineno="3028">
+<interface name="dev_rw_netcontrol" lineno="3145">
 <summary>
 Read and write the the network control device.
 </summary>
@@ -70251,7 +74716,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_getattr_null_dev" lineno="3046">
+<interface name="dev_getattr_null_dev" lineno="3163">
 <summary>
 Get the attributes of the null device nodes.
 </summary>
@@ -70261,7 +74726,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_setattr_null_dev" lineno="3064">
+<interface name="dev_setattr_null_dev" lineno="3181">
 <summary>
 Set the attributes of the null device nodes.
 </summary>
@@ -70271,7 +74736,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_delete_null" lineno="3082">
+<interface name="dev_delete_null" lineno="3199">
 <summary>
 Delete the null device (/dev/null).
 </summary>
@@ -70281,7 +74746,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_rw_null" lineno="3100">
+<interface name="dev_rw_null" lineno="3217">
 <summary>
 Read and write to the null device (/dev/null).
 </summary>
@@ -70291,7 +74756,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_create_null_dev" lineno="3118">
+<interface name="dev_create_null_dev" lineno="3235">
 <summary>
 Create the null device (/dev/null).
 </summary>
@@ -70301,7 +74766,18 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_dontaudit_getattr_nvram_dev" lineno="3137">
+<interface name="dev_manage_null_service" lineno="3254">
+<summary>
+Manage services with script type null_device_t for when
+/lib/systemd/system/something.service is a link to /dev/null
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_getattr_nvram_dev" lineno="3274">
 <summary>
 Do not audit attempts to get the attributes
 of the BIOS non-volatile RAM device.
@@ -70312,7 +74788,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dev_rw_nvram" lineno="3155">
+<interface name="dev_rw_nvram" lineno="3292">
 <summary>
 Read and write BIOS non-volatile RAM.
 </summary>
@@ -70322,7 +74798,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_getattr_printer_dev" lineno="3173">
+<interface name="dev_getattr_printer_dev" lineno="3310">
 <summary>
 Get the attributes of the printer device nodes.
 </summary>
@@ -70332,7 +74808,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_setattr_printer_dev" lineno="3191">
+<interface name="dev_setattr_printer_dev" lineno="3328">
 <summary>
 Set the attributes of the printer device nodes.
 </summary>
@@ -70342,7 +74818,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_append_printer" lineno="3210">
+<interface name="dev_append_printer" lineno="3347">
 <summary>
 Append the printer device.
 </summary>
@@ -70352,7 +74828,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_rw_printer" lineno="3228">
+<interface name="dev_rw_printer" lineno="3365">
 <summary>
 Read and write the printer device.
 </summary>
@@ -70362,17 +74838,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_read_printk" lineno="3246">
+<interface name="dev_read_printk" lineno="3383">
 <summary>
 Read printk devices (e.g., /dev/kmsg /dev/mcelog)
 </summary>
-<param name="domain">
+<param name="domain" unused="true">
 <summary>
 Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_getattr_qemu_dev" lineno="3265">
+<interface name="dev_getattr_qemu_dev" lineno="3398">
 <summary>
 Get the attributes of the QEMU
 microcode and id interfaces.
@@ -70383,7 +74859,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_setattr_qemu_dev" lineno="3284">
+<interface name="dev_setattr_qemu_dev" lineno="3417">
 <summary>
 Set the attributes of the QEMU
 microcode and id interfaces.
@@ -70394,7 +74870,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_read_qemu" lineno="3302">
+<interface name="dev_read_qemu" lineno="3435">
 <summary>
 Read the QEMU device
 </summary>
@@ -70404,7 +74880,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_rw_qemu" lineno="3320">
+<interface name="dev_rw_qemu" lineno="3453">
 <summary>
 Read and write the the QEMU device.
 </summary>
@@ -70414,7 +74890,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_read_rand" lineno="3354">
+<interface name="dev_read_rand" lineno="3487">
 <summary>
 Read from random number generator
 devices (e.g., /dev/random).
@@ -70440,7 +74916,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="dev_dontaudit_read_rand" lineno="3373">
+<interface name="dev_dontaudit_read_rand" lineno="3506">
 <summary>
 Do not audit attempts to read from random
 number generator devices (e.g., /dev/random)
@@ -70451,7 +74927,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dev_dontaudit_append_rand" lineno="3392">
+<interface name="dev_dontaudit_append_rand" lineno="3525">
 <summary>
 Do not audit attempts to append to random
 number generator devices (e.g., /dev/random)
@@ -70462,7 +74938,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dev_write_rand" lineno="3412">
+<interface name="dev_write_rand" lineno="3545">
 <summary>
 Write to the random device (e.g., /dev/random). This adds
 entropy used to generate the random data read from the
@@ -70474,7 +74950,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_read_realtime_clock" lineno="3430">
+<interface name="dev_read_realtime_clock" lineno="3563">
 <summary>
 Read the realtime clock (/dev/rtc).
 </summary>
@@ -70484,7 +74960,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_write_realtime_clock" lineno="3448">
+<interface name="dev_write_realtime_clock" lineno="3581">
 <summary>
 Set the realtime clock (/dev/rtc).
 </summary>
@@ -70494,7 +74970,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_rw_realtime_clock" lineno="3468">
+<interface name="dev_rw_realtime_clock" lineno="3601">
 <summary>
 Read and set the realtime clock (/dev/rtc).
 </summary>
@@ -70504,7 +74980,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_getattr_scanner_dev" lineno="3483">
+<interface name="dev_getattr_scanner_dev" lineno="3616">
 <summary>
 Get the attributes of the scanner device.
 </summary>
@@ -70514,7 +74990,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_dontaudit_getattr_scanner_dev" lineno="3502">
+<interface name="dev_dontaudit_getattr_scanner_dev" lineno="3635">
 <summary>
 Do not audit attempts to get the attributes of
 the scanner device.
@@ -70525,7 +75001,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dev_setattr_scanner_dev" lineno="3520">
+<interface name="dev_setattr_scanner_dev" lineno="3653">
 <summary>
 Set the attributes of the scanner device.
 </summary>
@@ -70535,7 +75011,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_dontaudit_setattr_scanner_dev" lineno="3539">
+<interface name="dev_dontaudit_setattr_scanner_dev" lineno="3672">
 <summary>
 Do not audit attempts to set the attributes of
 the scanner device.
@@ -70546,7 +75022,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dev_rw_scanner" lineno="3557">
+<interface name="dev_rw_scanner" lineno="3690">
 <summary>
 Read and write the scanner device.
 </summary>
@@ -70556,7 +75032,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_getattr_sound_dev" lineno="3575">
+<interface name="dev_getattr_sound_dev" lineno="3708">
 <summary>
 Get the attributes of the sound devices.
 </summary>
@@ -70566,7 +75042,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_setattr_sound_dev" lineno="3593">
+<interface name="dev_setattr_sound_dev" lineno="3726">
 <summary>
 Set the attributes of the sound devices.
 </summary>
@@ -70576,7 +75052,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_read_sound" lineno="3611">
+<interface name="dev_read_sound" lineno="3744">
 <summary>
 Read the sound devices.
 </summary>
@@ -70586,7 +75062,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_write_sound" lineno="3629">
+<interface name="dev_write_sound" lineno="3763">
 <summary>
 Write the sound devices.
 </summary>
@@ -70596,7 +75072,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_read_sound_mixer" lineno="3647">
+<interface name="dev_read_sound_mixer" lineno="3782">
 <summary>
 Read the sound mixer devices.
 </summary>
@@ -70606,7 +75082,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_write_sound_mixer" lineno="3665">
+<interface name="dev_write_sound_mixer" lineno="3801">
 <summary>
 Write the sound mixer devices.
 </summary>
@@ -70616,7 +75092,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_getattr_power_mgmt_dev" lineno="3683">
+<interface name="dev_getattr_power_mgmt_dev" lineno="3820">
 <summary>
 Get the attributes of the the power management device.
 </summary>
@@ -70626,7 +75102,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_setattr_power_mgmt_dev" lineno="3701">
+<interface name="dev_setattr_power_mgmt_dev" lineno="3838">
 <summary>
 Set the attributes of the the power management device.
 </summary>
@@ -70636,7 +75112,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_rw_power_management" lineno="3719">
+<interface name="dev_rw_power_management" lineno="3856">
 <summary>
 Read and write the the power management device.
 </summary>
@@ -70646,7 +75122,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_getattr_smartcard_dev" lineno="3737">
+<interface name="dev_getattr_smartcard_dev" lineno="3874">
 <summary>
 Getattr on smartcard devices
 </summary>
@@ -70656,7 +75132,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_dontaudit_getattr_smartcard_dev" lineno="3756">
+<interface name="dev_dontaudit_getattr_smartcard_dev" lineno="3893">
 <summary>
 dontaudit getattr on smartcard devices
 </summary>
@@ -70666,7 +75142,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dev_rw_smartcard" lineno="3775">
+<interface name="dev_rw_smartcard" lineno="3912">
 <summary>
 Read and write smartcard devices.
 </summary>
@@ -70676,7 +75152,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_manage_smartcard" lineno="3793">
+<interface name="dev_manage_smartcard" lineno="3930">
 <summary>
 Create, read, write, and delete smartcard devices.
 </summary>
@@ -70686,7 +75162,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_associate_sysfs" lineno="3811">
+<interface name="dev_mounton_sysfs" lineno="3948">
+<summary>
+Mount a filesystem on sysfs.
+</summary>
+<param name="domain">
+<summary>
+Domain allow access.
+</summary>
+</param>
+</interface>
+<interface name="dev_associate_sysfs" lineno="3966">
 <summary>
 Associate a file to a sysfs filesystem.
 </summary>
@@ -70696,7 +75182,7 @@ The type of the file to be associated to sysfs.
 </summary>
 </param>
 </interface>
-<interface name="dev_getattr_sysfs_dirs" lineno="3829">
+<interface name="dev_getattr_sysfs_dirs" lineno="3984">
 <summary>
 Get the attributes of sysfs directories.
 </summary>
@@ -70706,7 +75192,57 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_search_sysfs" lineno="3847">
+<interface name="dev_getattr_sysfs" lineno="4002">
+<summary>
+Get the attributes of sysfs filesystem
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_mount_sysfs" lineno="4020">
+<summary>
+mount a sysfs filesystem
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_getattr_sysfs" lineno="4038">
+<summary>
+Do not audit getting the attributes of sysfs filesystem
+</summary>
+<param name="domain">
+<summary>
+Domain to dontaudit access from
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_read_sysfs" lineno="4056">
+<summary>
+Dont audit attempts to read hardware state information
+</summary>
+<param name="domain">
+<summary>
+Domain for which the attempts do not need to be audited
+</summary>
+</param>
+</interface>
+<interface name="dev_mounton_sysfs_dirs" lineno="4076">
+<summary>
+mounton sysfs directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_search_sysfs" lineno="4094">
 <summary>
 Search the sysfs directories.
 </summary>
@@ -70716,7 +75252,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_dontaudit_search_sysfs" lineno="3865">
+<interface name="dev_dontaudit_search_sysfs" lineno="4112">
 <summary>
 Do not audit attempts to search sysfs.
 </summary>
@@ -70726,7 +75262,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dev_list_sysfs" lineno="3883">
+<interface name="dev_list_sysfs" lineno="4130">
 <summary>
 List the contents of the sysfs directories.
 </summary>
@@ -70736,7 +75272,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_write_sysfs_dirs" lineno="3902">
+<interface name="dev_write_sysfs_dirs" lineno="4149">
 <summary>
 Write in a sysfs directories.
 </summary>
@@ -70746,7 +75282,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_dontaudit_write_sysfs_dirs" lineno="3920">
+<interface name="dev_dontaudit_write_sysfs_dirs" lineno="4167">
 <summary>
 Do not audit attempts to write in a sysfs directory.
 </summary>
@@ -70756,7 +75292,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dev_manage_sysfs_dirs" lineno="3939">
+<interface name="dev_manage_sysfs_dirs" lineno="4186">
 <summary>
 Create, read, write, and delete sysfs
 directories.
@@ -70767,7 +75303,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_read_sysfs" lineno="3966">
+<interface name="dev_read_sysfs" lineno="4213">
 <summary>
 Read hardware state information.
 </summary>
@@ -70786,7 +75322,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="dev_rw_sysfs" lineno="3987">
+<interface name="dev_rw_sysfs" lineno="4234">
 <summary>
 Allow caller to modify hardware state information.
 </summary>
@@ -70796,7 +75332,37 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_rw_tpm" lineno="4008">
+<interface name="dev_create_sysfs_files" lineno="4255">
+<summary>
+Add a sysfs file
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_relabel_sysfs_dirs" lineno="4273">
+<summary>
+Relabel hardware state directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_relabel_all_sysfs" lineno="4291">
+<summary>
+Relabel from/to all sysfs types.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_rw_tpm" lineno="4311">
 <summary>
 Read and write the TPM device.
 </summary>
@@ -70806,7 +75372,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_read_urand" lineno="4049">
+<interface name="dev_read_urand" lineno="4352">
 <summary>
 Read from pseudo random number generator devices (e.g., /dev/urandom).
 </summary>
@@ -70839,7 +75405,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="dev_dontaudit_read_urand" lineno="4068">
+<interface name="dev_dontaudit_read_urand" lineno="4371">
 <summary>
 Do not audit attempts to read from pseudo
 random devices (e.g., /dev/urandom)
@@ -70850,7 +75416,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dev_write_urand" lineno="4087">
+<interface name="dev_write_urand" lineno="4390">
 <summary>
 Write to the pseudo random device (e.g., /dev/urandom). This
 sets the random number generator seed.
@@ -70861,7 +75427,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_getattr_generic_usb_dev" lineno="4105">
+<interface name="dev_getattr_generic_usb_dev" lineno="4408">
 <summary>
 Getattr generic the USB devices.
 </summary>
@@ -70871,7 +75437,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_setattr_generic_usb_dev" lineno="4123">
+<interface name="dev_setattr_generic_usb_dev" lineno="4426">
 <summary>
 Setattr generic the USB devices.
 </summary>
@@ -70881,7 +75447,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_read_generic_usb_dev" lineno="4141">
+<interface name="dev_read_generic_usb_dev" lineno="4444">
 <summary>
 Read generic the USB devices.
 </summary>
@@ -70891,7 +75457,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_rw_generic_usb_dev" lineno="4159">
+<interface name="dev_rw_generic_usb_dev" lineno="4462">
 <summary>
 Read and write generic the USB devices.
 </summary>
@@ -70901,7 +75467,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_read_usbmon_dev" lineno="4177">
+<interface name="dev_relabel_generic_usb_dev" lineno="4480">
+<summary>
+Relabel generic the USB devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_read_usbmon_dev" lineno="4498">
 <summary>
 Read USB monitor devices.
 </summary>
@@ -70911,7 +75487,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_write_usbmon_dev" lineno="4195">
+<interface name="dev_write_usbmon_dev" lineno="4516">
 <summary>
 Write USB monitor devices.
 </summary>
@@ -70921,7 +75497,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_mount_usbfs" lineno="4213">
+<interface name="dev_mount_usbfs" lineno="4534">
 <summary>
 Mount a usbfs filesystem.
 </summary>
@@ -70931,7 +75507,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_associate_usbfs" lineno="4231">
+<interface name="dev_associate_usbfs" lineno="4552">
 <summary>
 Associate a file to a usbfs filesystem.
 </summary>
@@ -70941,7 +75517,7 @@ The type of the file to be associated to usbfs.
 </summary>
 </param>
 </interface>
-<interface name="dev_getattr_usbfs_dirs" lineno="4249">
+<interface name="dev_getattr_usbfs_dirs" lineno="4570">
 <summary>
 Get the attributes of a directory in the usb filesystem.
 </summary>
@@ -70951,7 +75527,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_dontaudit_getattr_usbfs_dirs" lineno="4268">
+<interface name="dev_dontaudit_getattr_usbfs_dirs" lineno="4589">
 <summary>
 Do not audit attempts to get the attributes
 of a directory in the usb filesystem.
@@ -70962,7 +75538,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dev_search_usbfs" lineno="4286">
+<interface name="dev_search_usbfs" lineno="4607">
 <summary>
 Search the directory containing USB hardware information.
 </summary>
@@ -70972,7 +75548,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_list_usbfs" lineno="4304">
+<interface name="dev_list_usbfs" lineno="4625">
 <summary>
 Allow caller to get a list of usb hardware.
 </summary>
@@ -70982,7 +75558,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_setattr_usbfs_files" lineno="4325">
+<interface name="dev_setattr_usbfs_files" lineno="4646">
 <summary>
 Set the attributes of usbfs filesystem.
 </summary>
@@ -70992,7 +75568,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_read_usbfs" lineno="4345">
+<interface name="dev_read_usbfs" lineno="4666">
 <summary>
 Read USB hardware information using
 the usbfs filesystem interface.
@@ -71003,7 +75579,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_rw_usbfs" lineno="4365">
+<interface name="dev_rw_usbfs" lineno="4686">
 <summary>
 Allow caller to modify usb hardware configuration files.
 </summary>
@@ -71013,7 +75589,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_getattr_video_dev" lineno="4385">
+<interface name="dev_getattr_video_dev" lineno="4706">
 <summary>
 Get the attributes of video4linux devices.
 </summary>
@@ -71023,7 +75599,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_rw_userio_dev" lineno="4403">
+<interface name="dev_rw_userio_dev" lineno="4724">
 <summary>
 Read and write userio device.
 </summary>
@@ -71033,7 +75609,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_dontaudit_getattr_video_dev" lineno="4422">
+<interface name="dev_dontaudit_getattr_video_dev" lineno="4743">
 <summary>
 Do not audit attempts to get the attributes
 of video4linux device nodes.
@@ -71044,7 +75620,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dev_setattr_video_dev" lineno="4440">
+<interface name="dev_setattr_video_dev" lineno="4761">
 <summary>
 Set the attributes of video4linux device nodes.
 </summary>
@@ -71054,7 +75630,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_dontaudit_setattr_video_dev" lineno="4459">
+<interface name="dev_dontaudit_setattr_video_dev" lineno="4780">
 <summary>
 Do not audit attempts to set the attributes
 of video4linux device nodes.
@@ -71065,7 +75641,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="dev_read_video_dev" lineno="4477">
+<interface name="dev_read_video_dev" lineno="4798">
 <summary>
 Read the video4linux devices.
 </summary>
@@ -71075,7 +75651,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_write_video_dev" lineno="4495">
+<interface name="dev_write_video_dev" lineno="4816">
 <summary>
 Write the video4linux devices.
 </summary>
@@ -71085,9 +75661,29 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_rw_vhost" lineno="4513">
+<interface name="dev_rw_vfio_dev" lineno="4834">
+<summary>
+Read and write vfio devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_relabelfrom_vfio_dev" lineno="4852">
+<summary>
+Relabel vfio devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_rw_vhost" lineno="4870">
 <summary>
-Allow read/write the vhost net device
+Allow read/write the vhost devices
 </summary>
 <param name="domain">
 <summary>
@@ -71095,7 +75691,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_rw_vmware" lineno="4531">
+<interface name="dev_rw_vmware" lineno="4888">
 <summary>
 Read and write VMWare devices.
 </summary>
@@ -71105,7 +75701,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_rwx_vmware" lineno="4549">
+<interface name="dev_rwx_vmware" lineno="4906">
 <summary>
 Read, write, and mmap VMWare devices.
 </summary>
@@ -71115,7 +75711,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_read_watchdog" lineno="4568">
+<interface name="dev_read_watchdog" lineno="4925">
 <summary>
 Read from watchdog devices.
 </summary>
@@ -71125,7 +75721,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_write_watchdog" lineno="4586">
+<interface name="dev_write_watchdog" lineno="4943">
 <summary>
 Write to watchdog devices.
 </summary>
@@ -71135,7 +75731,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_rw_wireless" lineno="4604">
+<interface name="dev_rw_wireless" lineno="4961">
 <summary>
 Read and write the the wireless device.
 </summary>
@@ -71145,7 +75741,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_rw_xen" lineno="4622">
+<interface name="dev_manage_wireless" lineno="4979">
+<summary>
+manage the wireless device.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_rw_xen" lineno="4997">
 <summary>
 Read and write Xen devices.
 </summary>
@@ -71155,7 +75761,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_manage_xen" lineno="4640">
+<interface name="dev_manage_xen" lineno="5016">
 <summary>
 Create, read, write, and delete Xen devices.
 </summary>
@@ -71165,7 +75771,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_filetrans_xen" lineno="4664">
+<interface name="dev_filetrans_xen" lineno="5040">
 <summary>
 Automatic type transition to the type
 for xen device nodes when created in /dev.
@@ -71181,7 +75787,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="dev_getattr_xserver_misc_dev" lineno="4682">
+<interface name="dev_getattr_xserver_misc_dev" lineno="5058">
 <summary>
 Get the attributes of X server miscellaneous devices.
 </summary>
@@ -71191,7 +75797,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_setattr_xserver_misc_dev" lineno="4700">
+<interface name="dev_setattr_xserver_misc_dev" lineno="5076">
 <summary>
 Set the attributes of X server miscellaneous devices.
 </summary>
@@ -71201,7 +75807,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_rw_xserver_misc" lineno="4718">
+<interface name="dev_rw_xserver_misc" lineno="5094">
 <summary>
 Read and write X server miscellaneous devices.
 </summary>
@@ -71211,7 +75817,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_rw_zero" lineno="4736">
+<interface name="dev_map_xserver_misc" lineno="5112">
+<summary>
+Map X server miscellaneous devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_rw_zero" lineno="5130">
 <summary>
 Read and write to the zero device (/dev/zero).
 </summary>
@@ -71221,7 +75837,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_rwx_zero" lineno="4754">
+<interface name="dev_rwx_zero" lineno="5148">
 <summary>
 Read, write, and execute the zero device (/dev/zero).
 </summary>
@@ -71231,7 +75847,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_execmod_zero" lineno="4773">
+<interface name="dev_execmod_zero" lineno="5167">
 <summary>
 Execmod the zero device (/dev/zero).
 </summary>
@@ -71241,7 +75857,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_create_zero_dev" lineno="4792">
+<interface name="dev_create_zero_dev" lineno="5186">
 <summary>
 Create the zero device (/dev/zero).
 </summary>
@@ -71251,7 +75867,22 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="dev_unconfined" lineno="4810">
+<interface name="dev_read_cpu_online" lineno="5209">
+<summary>
+Read cpu online hardware state information
+</summary>
+<desc>
+<p>
+Allow the specified domain to read /sys/devices/system/cpu/online
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_unconfined" lineno="5229">
 <summary>
 Unconfined access to devices.
 </summary>
@@ -71261,6 +75892,26 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
+<interface name="dev_relabel_cpu_online" lineno="5249">
+<summary>
+Relabel cpu online hardware state information.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dev_dontaudit_read_usbmon_dev" lineno="5268">
+<summary>
+Dont audit attempts to read usbmon devices
+</summary>
+<param name="domain">
+<summary>
+Domain for which the attempts do not need to be audited
+</summary>
+</param>
+</interface>
 </module>
 <module name="domain" filename="policy/modules/kernel/domain.if">
 <summary>Core policy for domains.</summary>
@@ -71969,7 +76620,7 @@ Domain allowed access.
 <interface name="domain_dontaudit_getattr_all_stream_sockets" lineno="1166">
 <summary>
 Do not audit attempts to get the attributes
-of all domains unix datagram sockets.
+of all domains unix stream sockets.
 </summary>
 <param name="domain">
 <summary>
@@ -72135,7 +76786,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="domain_mmap_low_uncond" lineno="1461">
+<interface name="domain_mmap_low_uncond" lineno="1460">
 <summary>
 Ability to mmap a low area of the address
 space unconditionally, as configured
@@ -72149,7 +76800,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="domain_all_recvfrom_all_domains" lineno="1483">
+<interface name="domain_all_recvfrom_all_domains" lineno="1482">
 <summary>
 Allow specified type to receive labeled
 networking packets from all domains, over
@@ -72161,7 +76812,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="domain_unconfined_signal" lineno="1501">
+<interface name="domain_unconfined_signal" lineno="1500">
 <summary>
 Send generic signals to the unconfined domain.
 </summary>
@@ -72171,7 +76822,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="domain_unconfined" lineno="1519">
+<interface name="domain_unconfined" lineno="1518">
 <summary>
 Unconfined access to domains.
 </summary>
@@ -72181,6 +76832,16 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
+<interface name="domain_dontaudit_getsched_all_domains" lineno="1546">
+<summary>
+Do not audit getting the scheduler information of all domains.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
 <tunable name="mmap_low_allowed" dftval="false">
 <desc>
 <p>
@@ -72573,7 +77234,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_getattr_all_files" lineno="574">
+<interface name="files_relabel_non_security_dirs" lineno="574">
+<summary>
+Relabel from/to non-security directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_getattr_all_files" lineno="592">
 <summary>
 Get the attributes of all files.
 </summary>
@@ -72583,7 +77254,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_getattr_all_files" lineno="594">
+<interface name="files_dontaudit_getattr_all_files" lineno="612">
 <summary>
 Do not audit attempts to get the attributes
 of all files.
@@ -72594,7 +77265,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_getattr_non_security_files" lineno="613">
+<interface name="files_dontaudit_getattr_non_security_files" lineno="631">
 <summary>
 Do not audit attempts to get the attributes
 of non security files.
@@ -72605,7 +77276,29 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_read_all_files" lineno="631">
+<interface name="files_manage_non_security_files" lineno="650">
+<summary>
+Create, read, write, and delete all non-security files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="files_relabel_non_security_files" lineno="669">
+<summary>
+Relabel from/to all non-security files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="files_read_all_files" lineno="687">
 <summary>
 Read all files.
 </summary>
@@ -72615,7 +77308,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_execmod_all_files" lineno="662">
+<interface name="files_execmod_all_files" lineno="718">
 <summary>
 Allow shared library text relocations in all files.
 </summary>
@@ -72633,7 +77326,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_non_security_files" lineno="681">
+<interface name="files_read_non_security_files" lineno="737">
 <summary>
 Read all non-security files.
 </summary>
@@ -72644,7 +77337,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_read_all_dirs_except" lineno="707">
+<interface name="files_read_all_dirs_except" lineno="763">
 <summary>
 Read all directories on the filesystem, except
 the listed exceptions.
@@ -72661,7 +77354,7 @@ must be negated by the caller.
 </summary>
 </param>
 </interface>
-<interface name="files_read_all_files_except" lineno="732">
+<interface name="files_read_all_files_except" lineno="788">
 <summary>
 Read all files on the filesystem, except
 the listed exceptions.
@@ -72678,7 +77371,7 @@ must be negated by the caller.
 </summary>
 </param>
 </interface>
-<interface name="files_read_all_symlinks_except" lineno="757">
+<interface name="files_read_all_symlinks_except" lineno="813">
 <summary>
 Read all symbolic links on the filesystem, except
 the listed exceptions.
@@ -72695,7 +77388,7 @@ must be negated by the caller.
 </summary>
 </param>
 </interface>
-<interface name="files_getattr_all_symlinks" lineno="775">
+<interface name="files_getattr_all_symlinks" lineno="831">
 <summary>
 Get the attributes of all symbolic links.
 </summary>
@@ -72705,7 +77398,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_getattr_all_symlinks" lineno="794">
+<interface name="files_dontaudit_getattr_all_symlinks" lineno="850">
 <summary>
 Do not audit attempts to get the attributes
 of all symbolic links.
@@ -72716,7 +77409,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_read_all_symlinks" lineno="812">
+<interface name="files_dontaudit_read_all_symlinks" lineno="868">
 <summary>
 Do not audit attempts to read all symbolic links.
 </summary>
@@ -72726,7 +77419,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_getattr_non_security_symlinks" lineno="831">
+<interface name="files_dontaudit_getattr_non_security_symlinks" lineno="887">
 <summary>
 Do not audit attempts to get the attributes
 of non security symbolic links.
@@ -72737,7 +77430,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_getattr_non_security_blk_files" lineno="850">
+<interface name="files_dontaudit_getattr_non_security_blk_files" lineno="906">
 <summary>
 Do not audit attempts to get the attributes
 of non security block devices.
@@ -72748,7 +77441,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_getattr_non_security_chr_files" lineno="869">
+<interface name="files_dontaudit_getattr_non_security_chr_files" lineno="925">
 <summary>
 Do not audit attempts to get the attributes
 of non security character devices.
@@ -72759,7 +77452,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_read_all_symlinks" lineno="888">
+<interface name="files_read_all_symlinks" lineno="944">
 <summary>
 Read all symbolic links.
 </summary>
@@ -72770,7 +77463,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_getattr_all_pipes" lineno="907">
+<interface name="files_getattr_all_pipes" lineno="963">
 <summary>
 Get the attributes of all named pipes.
 </summary>
@@ -72780,7 +77473,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_getattr_all_pipes" lineno="927">
+<interface name="files_dontaudit_getattr_all_pipes" lineno="983">
 <summary>
 Do not audit attempts to get the attributes
 of all named pipes.
@@ -72791,7 +77484,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_getattr_non_security_pipes" lineno="946">
+<interface name="files_dontaudit_getattr_non_security_pipes" lineno="1002">
 <summary>
 Do not audit attempts to get the attributes
 of non security named pipes.
@@ -72802,7 +77495,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_getattr_all_sockets" lineno="964">
+<interface name="files_getattr_all_sockets" lineno="1020">
 <summary>
 Get the attributes of all named sockets.
 </summary>
@@ -72812,7 +77505,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_getattr_all_sockets" lineno="984">
+<interface name="files_dontaudit_getattr_all_sockets" lineno="1040">
 <summary>
 Do not audit attempts to get the attributes
 of all named sockets.
@@ -72823,7 +77516,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_getattr_non_security_sockets" lineno="1003">
+<interface name="files_dontaudit_getattr_non_security_sockets" lineno="1059">
 <summary>
 Do not audit attempts to get the attributes
 of non security named sockets.
@@ -72834,7 +77527,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_read_all_blk_files" lineno="1021">
+<interface name="files_read_all_blk_files" lineno="1077">
 <summary>
 Read all block nodes with file types.
 </summary>
@@ -72844,7 +77537,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_all_chr_files" lineno="1039">
+<interface name="files_read_all_chr_files" lineno="1095">
 <summary>
 Read all character nodes with file types.
 </summary>
@@ -72854,7 +77547,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_relabel_all_files" lineno="1065">
+<interface name="files_relabel_all_files" lineno="1121">
 <summary>
 Relabel all files on the filesystem, except
 the listed exceptions.
@@ -72872,7 +77565,7 @@ must be negated by the caller.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_rw_all_files" lineno="1103">
+<interface name="files_rw_all_files" lineno="1159">
 <summary>
 rw all files on the filesystem, except
 the listed exceptions.
@@ -72890,7 +77583,7 @@ must be negated by the caller.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_manage_all_files" lineno="1129">
+<interface name="files_manage_all_files" lineno="1185">
 <summary>
 Manage all files on the filesystem, except
 the listed exceptions.
@@ -72908,7 +77601,7 @@ must be negated by the caller.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_search_all" lineno="1156">
+<interface name="files_search_all" lineno="1212">
 <summary>
 Search the contents of all directories on
 extended attribute filesystems.
@@ -72919,7 +77612,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_list_all" lineno="1175">
+<interface name="files_list_all" lineno="1231">
 <summary>
 List the contents of all directories on
 extended attribute filesystems.
@@ -72930,7 +77623,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_search_all_dirs" lineno="1195">
+<interface name="files_create_all_files_as" lineno="1249">
+<summary>
+Create all files as is.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_search_all_dirs" lineno="1269">
 <summary>
 Do not audit attempts to search the
 contents of any directories on extended
@@ -72942,7 +77645,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_getattr_all_file_type_fs" lineno="1218">
+<interface name="files_getattr_all_file_type_fs" lineno="1292">
 <summary>
 Get the attributes of all filesystems
 with the type of a file.
@@ -72953,7 +77656,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_relabelto_all_file_type_fs" lineno="1236">
+<interface name="files_relabelto_all_file_type_fs" lineno="1310">
 <summary>
 Relabel a filesystem to the type of a file.
 </summary>
@@ -72963,9 +77666,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_relabel_all_file_type_fs" lineno="1254">
+<interface name="files_relabel_all_file_type_fs" lineno="1328">
 <summary>
-Relabel a filesystem to the type of a file.
+Relabel a filesystem to and from the type of a file.
 </summary>
 <param name="domain">
 <summary>
@@ -72973,7 +77676,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_mount_all_file_type_fs" lineno="1272">
+<interface name="files_mount_all_file_type_fs" lineno="1346">
 <summary>
 Mount all filesystems with the type of a file.
 </summary>
@@ -72983,7 +77686,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_unmount_all_file_type_fs" lineno="1290">
+<interface name="files_unmount_all_file_type_fs" lineno="1364">
 <summary>
 Unmount all filesystems with the type of a file.
 </summary>
@@ -72993,7 +77696,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_list_non_auth_dirs" lineno="1309">
+<interface name="files_list_non_auth_dirs" lineno="1383">
 <summary>
 Read all non-authentication related
 directories.
@@ -73004,7 +77707,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_non_auth_files" lineno="1328">
+<interface name="files_read_non_auth_files" lineno="1402">
 <summary>
 Read all non-authentication related
 files.
@@ -73015,7 +77718,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_non_auth_symlinks" lineno="1347">
+<interface name="files_read_non_auth_symlinks" lineno="1421">
 <summary>
 Read all non-authentication related
 symbolic links.
@@ -73026,7 +77729,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_rw_non_auth_files" lineno="1365">
+<interface name="files_rw_non_auth_files" lineno="1439">
 <summary>
 rw non-authentication related files.
 </summary>
@@ -73036,7 +77739,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_non_auth_files" lineno="1385">
+<interface name="files_manage_non_auth_files" lineno="1459">
 <summary>
 Manage non-authentication related
 files.
@@ -73048,7 +77751,19 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_relabel_non_auth_files" lineno="1413">
+<interface name="files_map_non_auth_files" lineno="1487">
+<summary>
+Mmap non-authentication related
+files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="files_relabel_non_auth_files" lineno="1507">
 <summary>
 Relabel all non-authentication related
 files.
@@ -73060,7 +77775,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_manage_config_dirs" lineno="1444">
+<interface name="files_manage_config_dirs" lineno="1540">
 <summary>
 Manage all configuration directories on filesystem
 </summary>
@@ -73071,7 +77786,7 @@ Domain allowed access.
 </param>
 
 </interface>
-<interface name="files_relabel_config_dirs" lineno="1463">
+<interface name="files_relabel_config_dirs" lineno="1559">
 <summary>
 Relabel configuration directories
 </summary>
@@ -73082,7 +77797,7 @@ Domain allowed access.
 </param>
 
 </interface>
-<interface name="files_read_config_files" lineno="1481">
+<interface name="files_read_config_files" lineno="1577">
 <summary>
 Read config files in /etc.
 </summary>
@@ -73092,7 +77807,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_config_files" lineno="1502">
+<interface name="files_manage_config_files" lineno="1598">
 <summary>
 Manage all configuration files on filesystem
 </summary>
@@ -73103,7 +77818,7 @@ Domain allowed access.
 </param>
 
 </interface>
-<interface name="files_relabel_config_files" lineno="1521">
+<interface name="files_relabel_config_files" lineno="1617">
 <summary>
 Relabel configuration files
 </summary>
@@ -73114,7 +77829,7 @@ Domain allowed access.
 </param>
 
 </interface>
-<interface name="files_mounton_all_mountpoints" lineno="1539">
+<interface name="files_mounton_all_mountpoints" lineno="1635">
 <summary>
 Mount a filesystem on all mount points.
 </summary>
@@ -73124,7 +77839,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_getattr_all_mountpoints" lineno="1558">
+<interface name="files_getattr_all_mountpoints" lineno="1654">
 <summary>
 Get the attributes of all mount points.
 </summary>
@@ -73134,7 +77849,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_setattr_all_mountpoints" lineno="1576">
+<interface name="files_setattr_all_mountpoints" lineno="1672">
 <summary>
 Set the attributes of all mount points.
 </summary>
@@ -73144,7 +77859,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_setattr_all_mountpoints" lineno="1594">
+<interface name="files_dontaudit_setattr_all_mountpoints" lineno="1690">
 <summary>
 Do not audit attempts to set the attributes on all mount points.
 </summary>
@@ -73154,7 +77869,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_search_all_mountpoints" lineno="1612">
+<interface name="files_search_all_mountpoints" lineno="1708">
 <summary>
 Search all mount points.
 </summary>
@@ -73164,7 +77879,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_search_all_mountpoints" lineno="1630">
+<interface name="files_dontaudit_search_all_mountpoints" lineno="1726">
 <summary>
 Do not audit searching of all mount points.
 </summary>
@@ -73174,7 +77889,17 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_list_all_mountpoints" lineno="1648">
+<interface name="files_list_all_mountpoints" lineno="1744">
+<summary>
+List all mount points.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_list_all_mountpoints" lineno="1762">
 <summary>
 Do not audit listing of all mount points.
 </summary>
@@ -73184,7 +77909,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_write_all_mountpoints" lineno="1666">
+<interface name="files_dontaudit_write_all_mountpoints" lineno="1780">
 <summary>
 Do not audit attempts to write to mount points.
 </summary>
@@ -73194,7 +77919,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_list_root" lineno="1684">
+<interface name="files_list_root" lineno="1798">
 <summary>
 List the contents of the root directory.
 </summary>
@@ -73204,7 +77929,18 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_write_root_dirs" lineno="1703">
+<interface name="files_delete_root_symlinks" lineno="1818">
+<summary>
+Delete symbolic links in the
+root directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_write_root_dirs" lineno="1836">
 <summary>
 Do not audit attempts to write to / dirs.
 </summary>
@@ -73214,7 +77950,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_rw_root_dir" lineno="1722">
+<interface name="files_dontaudit_rw_root_dir" lineno="1855">
 <summary>
 Do not audit attempts to write
 files in the root directory.
@@ -73225,7 +77961,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_root_filetrans" lineno="1756">
+<interface name="files_root_filetrans" lineno="1889">
 <summary>
 Create an object in the root directory, with a private
 type using a type transition.
@@ -73251,7 +77987,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_read_root_files" lineno="1775">
+<interface name="files_dontaudit_read_root_files" lineno="1908">
 <summary>
 Do not audit attempts to read files in
 the root directory.
@@ -73262,7 +77998,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_rw_root_files" lineno="1794">
+<interface name="files_dontaudit_rw_root_files" lineno="1927">
 <summary>
 Do not audit attempts to read or write
 files in the root directory.
@@ -73273,7 +78009,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_rw_root_chr_files" lineno="1813">
+<interface name="files_dontaudit_rw_root_chr_files" lineno="1946">
 <summary>
 Do not audit attempts to read or write
 character device nodes in the root directory.
@@ -73284,7 +78020,18 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_delete_root_files" lineno="1831">
+<interface name="files_delete_root_chr_files" lineno="1965">
+<summary>
+Delete character device nodes in
+the root directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_delete_root_files" lineno="1983">
 <summary>
 Delete files in the root directory.
 </summary>
@@ -73294,7 +78041,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_delete_root_dir_entry" lineno="1849">
+<interface name="files_exec_root_files" lineno="2001">
+<summary>
+Execute files in the root directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_delete_root_dir_entry" lineno="2019">
 <summary>
 Remove entries from the root directory.
 </summary>
@@ -73304,7 +78061,48 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_unmount_rootfs" lineno="1867">
+<interface name="files_manage_root_dir" lineno="2037">
+<summary>
+Manage the root directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_getattr_rootfs" lineno="2056">
+<summary>
+Get the attributes of a rootfs
+file system.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_associate_rootfs" lineno="2074">
+<summary>
+Associate to root file system.
+</summary>
+<param name="file_type">
+<summary>
+Type of the file to associate.
+</summary>
+</param>
+</interface>
+<interface name="files_relabel_rootfs" lineno="2092">
+<summary>
+Relabel to and from rootfs file system.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_unmount_rootfs" lineno="2110">
 <summary>
 Unmount a rootfs filesystem.
 </summary>
@@ -73314,7 +78112,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_getattr_boot_dirs" lineno="1885">
+<interface name="files_mounton_root" lineno="2128">
+<summary>
+Mount on the root directory (/)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_getattr_boot_dirs" lineno="2146">
 <summary>
 Get attributes of the /boot directory.
 </summary>
@@ -73324,7 +78132,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_getattr_boot_dirs" lineno="1904">
+<interface name="files_dontaudit_getattr_boot_dirs" lineno="2165">
 <summary>
 Do not audit attempts to get attributes
 of the /boot directory.
@@ -73335,7 +78143,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_search_boot" lineno="1922">
+<interface name="files_search_boot" lineno="2183">
 <summary>
 Search the /boot directory.
 </summary>
@@ -73345,7 +78153,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_search_boot" lineno="1940">
+<interface name="files_dontaudit_search_boot" lineno="2201">
 <summary>
 Do not audit attempts to search the /boot directory.
 </summary>
@@ -73355,7 +78163,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_list_boot" lineno="1958">
+<interface name="files_list_boot" lineno="2219">
 <summary>
 List the /boot directory.
 </summary>
@@ -73365,7 +78173,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_list_boot" lineno="1976">
+<interface name="files_dontaudit_list_boot" lineno="2237">
 <summary>
 Do not audit attempts to list the /boot directory.
 </summary>
@@ -73375,7 +78183,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_create_boot_dirs" lineno="1994">
+<interface name="files_create_boot_dirs" lineno="2255">
 <summary>
 Create directories in /boot
 </summary>
@@ -73385,7 +78193,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_boot_dirs" lineno="2013">
+<interface name="files_manage_boot_dirs" lineno="2274">
 <summary>
 Create, read, write, and delete
 directories in /boot.
@@ -73396,7 +78204,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_boot_filetrans" lineno="2047">
+<interface name="files_boot_filetrans" lineno="2308">
 <summary>
 Create a private type object in boot
 with an automatic type transition
@@ -73422,7 +78230,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="files_read_boot_files" lineno="2066">
+<interface name="files_read_boot_files" lineno="2327">
 <summary>
 read files in the /boot directory.
 </summary>
@@ -73433,7 +78241,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_manage_boot_files" lineno="2086">
+<interface name="files_manage_boot_files" lineno="2347">
 <summary>
 Create, read, write, and delete files
 in the /boot directory.
@@ -73445,7 +78253,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_relabelfrom_boot_files" lineno="2104">
+<interface name="files_relabelfrom_boot_files" lineno="2365">
 <summary>
 Relabel from files in the /boot directory.
 </summary>
@@ -73455,7 +78263,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_boot_symlinks" lineno="2122">
+<interface name="files_read_boot_symlinks" lineno="2383">
 <summary>
 Read symbolic links in the /boot directory.
 </summary>
@@ -73465,7 +78273,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_rw_boot_symlinks" lineno="2141">
+<interface name="files_rw_boot_symlinks" lineno="2402">
 <summary>
 Read and write symbolic links
 in the /boot directory.
@@ -73476,7 +78284,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_boot_symlinks" lineno="2161">
+<interface name="files_manage_boot_symlinks" lineno="2422">
 <summary>
 Create, read, write, and delete symbolic links
 in the /boot directory.
@@ -73487,7 +78295,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_kernel_img" lineno="2179">
+<interface name="files_read_kernel_img" lineno="2440">
 <summary>
 Read kernel files in the /boot directory.
 </summary>
@@ -73497,7 +78305,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_create_kernel_img" lineno="2200">
+<interface name="files_create_kernel_img" lineno="2461">
 <summary>
 Install a kernel into the /boot directory.
 </summary>
@@ -73508,7 +78316,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_delete_kernel" lineno="2220">
+<interface name="files_delete_kernel" lineno="2481">
 <summary>
 Delete a kernel from /boot.
 </summary>
@@ -73519,7 +78327,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_getattr_default_dirs" lineno="2238">
+<interface name="files_getattr_default_dirs" lineno="2499">
 <summary>
 Getattr of directories with the default file type.
 </summary>
@@ -73529,7 +78337,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_getattr_default_dirs" lineno="2257">
+<interface name="files_dontaudit_getattr_default_dirs" lineno="2518">
 <summary>
 Do not audit attempts to get the attributes of
 directories with the default file type.
@@ -73540,7 +78348,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_search_default" lineno="2275">
+<interface name="files_search_default" lineno="2536">
 <summary>
 Search the contents of directories with the default file type.
 </summary>
@@ -73550,7 +78358,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_list_default" lineno="2293">
+<interface name="files_list_default" lineno="2554">
 <summary>
 List contents of directories with the default file type.
 </summary>
@@ -73560,7 +78368,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_list_default" lineno="2312">
+<interface name="files_dontaudit_list_default" lineno="2573">
 <summary>
 Do not audit attempts to list contents of
 directories with the default file type.
@@ -73571,7 +78379,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_default_dirs" lineno="2331">
+<interface name="files_manage_default_dirs" lineno="2592">
 <summary>
 Create, read, write, and delete directories with
 the default file type.
@@ -73582,7 +78390,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_mounton_default" lineno="2349">
+<interface name="files_mounton_default" lineno="2610">
 <summary>
 Mount a filesystem on a directory with the default file type.
 </summary>
@@ -73592,7 +78400,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_getattr_default_files" lineno="2368">
+<interface name="files_dontaudit_getattr_default_files" lineno="2629">
 <summary>
 Do not audit attempts to get the attributes of
 files with the default file type.
@@ -73603,7 +78411,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_read_default_files" lineno="2386">
+<interface name="files_read_default_files" lineno="2647">
 <summary>
 Read files with the default file type.
 </summary>
@@ -73613,7 +78421,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_read_default_files" lineno="2405">
+<interface name="files_dontaudit_read_default_files" lineno="2666">
 <summary>
 Do not audit attempts to read files
 with the default file type.
@@ -73624,7 +78432,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_default_files" lineno="2424">
+<interface name="files_manage_default_files" lineno="2685">
 <summary>
 Create, read, write, and delete files with
 the default file type.
@@ -73635,7 +78443,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_default_symlinks" lineno="2442">
+<interface name="files_read_default_symlinks" lineno="2703">
 <summary>
 Read symbolic links with the default file type.
 </summary>
@@ -73645,7 +78453,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_default_sockets" lineno="2460">
+<interface name="files_read_default_sockets" lineno="2721">
 <summary>
 Read sockets with the default file type.
 </summary>
@@ -73655,7 +78463,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_default_pipes" lineno="2478">
+<interface name="files_read_default_pipes" lineno="2739">
 <summary>
 Read named pipes with the default file type.
 </summary>
@@ -73665,7 +78473,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_search_etc" lineno="2496">
+<interface name="files_search_etc" lineno="2757">
 <summary>
 Search the contents of /etc directories.
 </summary>
@@ -73675,7 +78483,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_setattr_etc_dirs" lineno="2514">
+<interface name="files_setattr_etc_dirs" lineno="2775">
 <summary>
 Set the attributes of the /etc directories.
 </summary>
@@ -73685,7 +78493,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_list_etc" lineno="2532">
+<interface name="files_list_etc" lineno="2793">
 <summary>
 List the contents of /etc directories.
 </summary>
@@ -73695,7 +78503,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_write_etc_dirs" lineno="2550">
+<interface name="files_dontaudit_write_etc_dirs" lineno="2811">
 <summary>
 Do not audit attempts to write to /etc dirs.
 </summary>
@@ -73705,7 +78513,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_rw_etc_dirs" lineno="2568">
+<interface name="files_rw_etc_dirs" lineno="2829">
 <summary>
 Add and remove entries from /etc directories.
 </summary>
@@ -73715,7 +78523,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_etc_dirs" lineno="2587">
+<interface name="files_manage_etc_dirs" lineno="2848">
 <summary>
 Manage generic directories in /etc
 </summary>
@@ -73726,7 +78534,28 @@ Domain allowed access
 </param>
 
 </interface>
-<interface name="files_read_etc_files" lineno="2639">
+<interface name="files_relabelto_etc_dirs" lineno="2866">
+<summary>
+Relabel directories to etc_t.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_mounton_etc_dirs" lineno="2885">
+<summary>
+Mount a filesystem on the
+etc directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_read_etc_files" lineno="2937">
 <summary>
 Read generic files in /etc.
 </summary>
@@ -73770,7 +78599,29 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="files_dontaudit_write_etc_files" lineno="2659">
+<interface name="files_map_etc_files" lineno="2969">
+<summary>
+Map generic files in /etc.
+</summary>
+<desc>
+<p>
+Allow the specified domain to map generic files in /etc.
+</p>
+<p>
+Related interfaces:
+</p>
+<ul>
+<li>files_read_etc_files()</li>
+</ul>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="files_dontaudit_write_etc_files" lineno="2987">
 <summary>
 Do not audit attempts to write generic files in /etc.
 </summary>
@@ -73780,7 +78631,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_rw_etc_files" lineno="2678">
+<interface name="files_rw_etc_files" lineno="3006">
 <summary>
 Read and write generic files in /etc.
 </summary>
@@ -73791,7 +78642,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_manage_etc_files" lineno="2700">
+<interface name="files_manage_etc_files" lineno="3028">
 <summary>
 Create, read, write, and delete generic
 files in /etc.
@@ -73803,7 +78654,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_delete_etc_files" lineno="2719">
+<interface name="files_delete_etc_files" lineno="3047">
 <summary>
 Delete system configuration files in /etc.
 </summary>
@@ -73813,7 +78664,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_exec_etc_files" lineno="2737">
+<interface name="files_exec_etc_files" lineno="3065">
 <summary>
 Execute generic files in /etc.
 </summary>
@@ -73823,7 +78674,37 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_relabel_etc_files" lineno="2757">
+<interface name="files_get_etc_unit_status" lineno="3085">
+<summary>
+Get etc_t service status.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_start_etc_service" lineno="3103">
+<summary>
+start etc_t service
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_stop_etc_service" lineno="3121">
+<summary>
+stop etc_t service
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_relabel_etc_files" lineno="3139">
 <summary>
 Relabel from and to generic files in /etc.
 </summary>
@@ -73833,7 +78714,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_etc_symlinks" lineno="2776">
+<interface name="files_read_etc_symlinks" lineno="3158">
 <summary>
 Read symbolic links in /etc.
 </summary>
@@ -73843,7 +78724,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_etc_symlinks" lineno="2794">
+<interface name="files_manage_etc_symlinks" lineno="3176">
 <summary>
 Create, read, write, and delete symbolic links in /etc.
 </summary>
@@ -73853,7 +78734,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_etc_filetrans" lineno="2828">
+<interface name="files_etc_filetrans" lineno="3210">
 <summary>
 Create objects in /etc with a private
 type using a type_transition.
@@ -73879,7 +78760,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="files_create_boot_flag" lineno="2858">
+<interface name="files_create_boot_flag" lineno="3240">
 <summary>
 Create a boot flag.
 </summary>
@@ -73901,7 +78782,7 @@ The name of the object being created.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_delete_boot_flag" lineno="2884">
+<interface name="files_delete_boot_flag" lineno="3266">
 <summary>
 Delete a boot flag.
 </summary>
@@ -73918,9 +78799,31 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_dontaudit_setattr_etc_runtime_files" lineno="2902">
+<interface name="files_getattr_etc_runtime_dirs" lineno="3285">
 <summary>
-Do not audit attempts to set the attributes of the etc_runtime files
+Get the attributes of the
+etc_runtime directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_mounton_etc_runtime_dirs" lineno="3304">
+<summary>
+Mount a filesystem on the
+etc_runtime directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_relabelto_etc_runtime_dirs" lineno="3322">
+<summary>
+Relabel to etc_runtime_t dirs.
 </summary>
 <param name="domain">
 <summary>
@@ -73928,7 +78831,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_etc_runtime_files" lineno="2940">
+<interface name="files_dontaudit_setattr_etc_runtime_files" lineno="3340">
+<summary>
+Do not audit attempts to set the attributes of the etc_runtime files
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_read_etc_runtime_files" lineno="3378">
 <summary>
 Read files in /etc that are dynamically
 created on boot, such as mtab.
@@ -73958,7 +78871,7 @@ Domain allowed access.
 <infoflow type="read" weight="10" />
 <rolecap/>
 </interface>
-<interface name="files_dontaudit_read_etc_runtime_files" lineno="2962">
+<interface name="files_dontaudit_read_etc_runtime_files" lineno="3400">
 <summary>
 Do not audit attempts to read files
 in /etc that are dynamically
@@ -73970,67 +78883,10 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_rw_etc_runtime_files" lineno="2982">
-<summary>
-Read and write files in /etc that are dynamically
-created on boot, such as mtab.
-</summary>
-<param name="domain">
-<summary>
-Domain allowed access.
-</summary>
-</param>
-<rolecap/>
-</interface>
-<interface name="files_manage_etc_runtime_files" lineno="3004">
-<summary>
-Create, read, write, and delete files in
-/etc that are dynamically created on boot,
-such as mtab.
-</summary>
-<param name="domain">
-<summary>
-Domain allowed access.
-</summary>
-</param>
-<rolecap/>
-</interface>
-<interface name="files_etc_filetrans_etc_runtime" lineno="3033">
-<summary>
-Create, etc runtime objects with an automatic
-type transition.
-</summary>
-<param name="domain">
+<interface name="files_dontaudit_read_etc_files" lineno="3419">
 <summary>
-Domain allowed access.
-</summary>
-</param>
-<param name="object">
-<summary>
-The class of the object being created.
-</summary>
-</param>
-<param name="name" optional="true">
-<summary>
-The name of the object being created.
-</summary>
-</param>
-</interface>
-<interface name="files_getattr_isid_type_dirs" lineno="3052">
-<summary>
-Getattr of directories on new filesystems
-that have not yet been labeled.
-</summary>
-<param name="domain">
-<summary>
-Domain allowed access.
-</summary>
-</param>
-</interface>
-<interface name="files_dontaudit_search_isid_type_dirs" lineno="3071">
-<summary>
-Do not audit attempts to search directories on new filesystems
-that have not yet been labeled.
+Do not audit attempts to read files
+in /etc
 </summary>
 <param name="domain">
 <summary>
@@ -74038,131 +78894,10 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_list_isid_type_dirs" lineno="3090">
-<summary>
-List the contents of directories on new filesystems
-that have not yet been labeled.
-</summary>
-<param name="domain">
-<summary>
-Domain allowed access.
-</summary>
-</param>
-</interface>
-<interface name="files_rw_isid_type_dirs" lineno="3109">
-<summary>
-Read and write directories on new filesystems
-that have not yet been labeled.
-</summary>
-<param name="domain">
-<summary>
-Domain allowed access.
-</summary>
-</param>
-</interface>
-<interface name="files_delete_isid_type_dirs" lineno="3128">
-<summary>
-Delete directories on new filesystems
-that have not yet been labeled.
-</summary>
-<param name="domain">
-<summary>
-Domain allowed access.
-</summary>
-</param>
-</interface>
-<interface name="files_manage_isid_type_dirs" lineno="3147">
-<summary>
-Create, read, write, and delete directories
-on new filesystems that have not yet been labeled.
-</summary>
-<param name="domain">
-<summary>
-Domain allowed access.
-</summary>
-</param>
-</interface>
-<interface name="files_mounton_isid_type_dirs" lineno="3166">
+<interface name="files_dontaudit_write_etc_runtime_files" lineno="3438">
 <summary>
-Mount a filesystem on a directory on new filesystems
-that has not yet been labeled.
-</summary>
-<param name="domain">
-<summary>
-Domain allowed access.
-</summary>
-</param>
-</interface>
-<interface name="files_read_isid_type_files" lineno="3185">
-<summary>
-Read files on new filesystems
-that have not yet been labeled.
-</summary>
-<param name="domain">
-<summary>
-Domain allowed access.
-</summary>
-</param>
-</interface>
-<interface name="files_delete_isid_type_files" lineno="3204">
-<summary>
-Delete files on new filesystems
-that have not yet been labeled.
-</summary>
-<param name="domain">
-<summary>
-Domain allowed access.
-</summary>
-</param>
-</interface>
-<interface name="files_delete_isid_type_symlinks" lineno="3223">
-<summary>
-Delete symbolic links on new filesystems
-that have not yet been labeled.
-</summary>
-<param name="domain">
-<summary>
-Domain allowed access.
-</summary>
-</param>
-</interface>
-<interface name="files_delete_isid_type_fifo_files" lineno="3242">
-<summary>
-Delete named pipes on new filesystems
-that have not yet been labeled.
-</summary>
-<param name="domain">
-<summary>
-Domain allowed access.
-</summary>
-</param>
-</interface>
-<interface name="files_delete_isid_type_sock_files" lineno="3261">
-<summary>
-Delete named sockets on new filesystems
-that have not yet been labeled.
-</summary>
-<param name="domain">
-<summary>
-Domain allowed access.
-</summary>
-</param>
-</interface>
-<interface name="files_delete_isid_type_blk_files" lineno="3280">
-<summary>
-Delete block files on new filesystems
-that have not yet been labeled.
-</summary>
-<param name="domain">
-<summary>
-Domain allowed access.
-</summary>
-</param>
-</interface>
-<interface name="files_dontaudit_write_isid_chr_files" lineno="3299">
-<summary>
-Do not audit attempts to write to character
-files that have not yet been labeled.
+Do not audit attempts to write
+etc runtime files.
 </summary>
 <param name="domain">
 <summary>
@@ -74170,32 +78905,34 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_delete_isid_type_chr_files" lineno="3318">
+<interface name="files_rw_etc_runtime_files" lineno="3458">
 <summary>
-Delete chr files on new filesystems
-that have not yet been labeled.
+Read and write files in /etc that are dynamically
+created on boot, such as mtab.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<rolecap/>
 </interface>
-<interface name="files_manage_isid_type_files" lineno="3337">
+<interface name="files_manage_etc_runtime_files" lineno="3480">
 <summary>
-Create, read, write, and delete files
-on new filesystems that have not yet been labeled.
+Create, read, write, and delete files in
+/etc that are dynamically created on boot,
+such as mtab.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<rolecap/>
 </interface>
-<interface name="files_manage_isid_type_symlinks" lineno="3356">
+<interface name="files_relabelto_etc_runtime_files" lineno="3498">
 <summary>
-Create, read, write, and delete symbolic links
-on new filesystems that have not yet been labeled.
+Relabel to etc_runtime_t files.
 </summary>
 <param name="domain">
 <summary>
@@ -74203,40 +78940,28 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_rw_isid_type_blk_files" lineno="3375">
+<interface name="files_etc_filetrans_etc_runtime" lineno="3527">
 <summary>
-Read and write block device nodes on new filesystems
-that have not yet been labeled.
+Create, etc runtime objects with an automatic
+type transition.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-</interface>
-<interface name="files_manage_isid_type_blk_files" lineno="3394">
-<summary>
-Create, read, write, and delete block device nodes
-on new filesystems that have not yet been labeled.
-</summary>
-<param name="domain">
+<param name="object">
 <summary>
-Domain allowed access.
+The class of the object being created.
 </summary>
 </param>
-</interface>
-<interface name="files_manage_isid_type_chr_files" lineno="3413">
-<summary>
-Create, read, write, and delete character device nodes
-on new filesystems that have not yet been labeled.
-</summary>
-<param name="domain">
+<param name="name" optional="true">
 <summary>
-Domain allowed access.
+The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="files_getattr_home_dir" lineno="3432">
+<interface name="files_getattr_home_dir" lineno="3546">
 <summary>
 Get the attributes of the home directories root
 (/home).
@@ -74247,7 +78972,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_getattr_home_dir" lineno="3453">
+<interface name="files_dontaudit_getattr_home_dir" lineno="3567">
 <summary>
 Do not audit attempts to get the
 attributes of the home directories root
@@ -74259,7 +78984,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_search_home" lineno="3472">
+<interface name="files_search_home" lineno="3586">
 <summary>
 Search home directories root (/home).
 </summary>
@@ -74269,7 +78994,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_search_home" lineno="3492">
+<interface name="files_dontaudit_search_home" lineno="3606">
 <summary>
 Do not audit attempts to search
 home directories root (/home).
@@ -74280,7 +79005,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_list_home" lineno="3512">
+<interface name="files_dontaudit_list_home" lineno="3626">
 <summary>
 Do not audit attempts to list
 home directories root (/home).
@@ -74291,7 +79016,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_list_home" lineno="3531">
+<interface name="files_list_home" lineno="3645">
 <summary>
 Get listing of home directories.
 </summary>
@@ -74301,7 +79026,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_relabelto_home" lineno="3550">
+<interface name="files_relabelto_home" lineno="3664">
 <summary>
 Relabel to user home root (/home).
 </summary>
@@ -74311,7 +79036,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_home_filetrans" lineno="3583">
+<interface name="files_relabelfrom_home" lineno="3682">
+<summary>
+Relabel from user home root (/home).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_home_filetrans" lineno="3715">
 <summary>
 Create objects in /home.
 </summary>
@@ -74336,7 +79071,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="files_getattr_lost_found_dirs" lineno="3601">
+<interface name="files_getattr_lost_found_dirs" lineno="3733">
 <summary>
 Get the attributes of lost+found directories.
 </summary>
@@ -74346,7 +79081,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_getattr_lost_found_dirs" lineno="3620">
+<interface name="files_dontaudit_getattr_lost_found_dirs" lineno="3752">
 <summary>
 Do not audit attempts to get the attributes of
 lost+found directories.
@@ -74357,7 +79092,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_list_lost_found" lineno="3638">
+<interface name="files_list_lost_found" lineno="3770">
 <summary>
 List the contents of lost+found directories.
 </summary>
@@ -74367,7 +79102,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_lost_found" lineno="3658">
+<interface name="files_manage_lost_found" lineno="3790">
 <summary>
 Create, read, write, and delete objects in
 lost+found directories.
@@ -74379,7 +79114,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_search_mnt" lineno="3680">
+<interface name="files_search_mnt" lineno="3812">
 <summary>
 Search the contents of /mnt.
 </summary>
@@ -74389,7 +79124,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_search_mnt" lineno="3698">
+<interface name="files_dontaudit_search_mnt" lineno="3830">
 <summary>
 Do not audit attempts to search /mnt.
 </summary>
@@ -74399,7 +79134,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_list_mnt" lineno="3716">
+<interface name="files_list_mnt" lineno="3848">
 <summary>
 List the contents of /mnt.
 </summary>
@@ -74409,7 +79144,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_list_mnt" lineno="3734">
+<interface name="files_dontaudit_list_mnt" lineno="3866">
 <summary>
 Do not audit attempts to list the contents of /mnt.
 </summary>
@@ -74419,7 +79154,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_mounton_mnt" lineno="3752">
+<interface name="files_mounton_mnt" lineno="3884">
 <summary>
 Mount a filesystem on /mnt.
 </summary>
@@ -74429,7 +79164,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_mnt_dirs" lineno="3771">
+<interface name="files_manage_mnt_dirs" lineno="3903">
 <summary>
 Create, read, write, and delete directories in /mnt.
 </summary>
@@ -74440,7 +79175,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_manage_mnt_files" lineno="3789">
+<interface name="files_manage_mnt_files" lineno="3921">
 <summary>
 Create, read, write, and delete files in /mnt.
 </summary>
@@ -74450,7 +79185,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_mnt_files" lineno="3807">
+<interface name="files_read_mnt_files" lineno="3939">
 <summary>
 read files in /mnt.
 </summary>
@@ -74460,7 +79195,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_mnt_symlinks" lineno="3825">
+<interface name="files_read_mnt_symlinks" lineno="3957">
 <summary>
 Read symbolic links in /mnt.
 </summary>
@@ -74470,7 +79205,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_mnt_symlinks" lineno="3843">
+<interface name="files_manage_mnt_symlinks" lineno="3975">
 <summary>
 Create, read, write, and delete symbolic links in /mnt.
 </summary>
@@ -74480,7 +79215,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_search_kernel_modules" lineno="3861">
+<interface name="files_search_kernel_modules" lineno="3993">
 <summary>
 Search the contents of the kernel module directories.
 </summary>
@@ -74490,7 +79225,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_list_kernel_modules" lineno="3880">
+<interface name="files_list_kernel_modules" lineno="4012">
 <summary>
 List the contents of the kernel module directories.
 </summary>
@@ -74500,7 +79235,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_getattr_kernel_modules" lineno="3898">
+<interface name="files_getattr_kernel_modules" lineno="4031">
 <summary>
 Get the attributes of kernel module files.
 </summary>
@@ -74510,7 +79245,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_kernel_modules" lineno="3916">
+<interface name="files_read_kernel_modules" lineno="4049">
 <summary>
 Read kernel module files.
 </summary>
@@ -74520,7 +79255,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_write_kernel_modules" lineno="3936">
+<interface name="files_write_kernel_modules" lineno="4069">
 <summary>
 Write kernel module files.
 </summary>
@@ -74530,7 +79265,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_delete_kernel_modules" lineno="3955">
+<interface name="files_delete_kernel_modules" lineno="4088">
 <summary>
 Delete kernel module files.
 </summary>
@@ -74540,7 +79275,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_kernel_modules" lineno="3975">
+<interface name="files_manage_kernel_modules" lineno="4108">
 <summary>
 Create, read, write, and delete
 kernel module files.
@@ -74552,7 +79287,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_relabel_kernel_modules" lineno="3993">
+<interface name="files_relabel_kernel_modules" lineno="4127">
 <summary>
 Relabel from and to kernel module files.
 </summary>
@@ -74562,7 +79297,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_kernel_modules_filetrans" lineno="4028">
+<interface name="files_kernel_modules_filetrans" lineno="4162">
 <summary>
 Create objects in the kernel module directories
 with a private type via an automatic type transition.
@@ -74588,7 +79323,17 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="files_list_world_readable" lineno="4047">
+<interface name="files_load_kernel_modules" lineno="4180">
+<summary>
+Load kernel module files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_list_world_readable" lineno="4200">
 <summary>
 List world-readable directories.
 </summary>
@@ -74599,7 +79344,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_read_world_readable_files" lineno="4066">
+<interface name="files_read_world_readable_files" lineno="4219">
 <summary>
 Read world-readable files.
 </summary>
@@ -74610,7 +79355,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_read_world_readable_symlinks" lineno="4085">
+<interface name="files_read_world_readable_symlinks" lineno="4238">
 <summary>
 Read world-readable symbolic links.
 </summary>
@@ -74621,7 +79366,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_read_world_readable_pipes" lineno="4103">
+<interface name="files_read_world_readable_pipes" lineno="4256">
 <summary>
 Read world-readable named pipes.
 </summary>
@@ -74631,7 +79376,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_world_readable_sockets" lineno="4121">
+<interface name="files_read_world_readable_sockets" lineno="4274">
 <summary>
 Read world-readable sockets.
 </summary>
@@ -74641,7 +79386,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_associate_tmp" lineno="4141">
+<interface name="files_associate_tmp" lineno="4294">
 <summary>
 Allow the specified type to associate
 to a filesystem with the type of the
@@ -74653,7 +79398,7 @@ Type of the file to associate.
 </summary>
 </param>
 </interface>
-<interface name="files_getattr_tmp_dirs" lineno="4159">
+<interface name="files_getattr_tmp_dirs" lineno="4312">
 <summary>
 Get the	attributes of the tmp directory (/tmp).
 </summary>
@@ -74663,7 +79408,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_getattr_tmp_dirs" lineno="4178">
+<interface name="files_dontaudit_getattr_tmp_dirs" lineno="4331">
 <summary>
 Do not audit attempts to get the
 attributes of the tmp directory (/tmp).
@@ -74674,7 +79419,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_search_tmp" lineno="4196">
+<interface name="files_search_tmp" lineno="4349">
 <summary>
 Search the tmp directory (/tmp).
 </summary>
@@ -74684,7 +79429,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_search_tmp" lineno="4214">
+<interface name="files_dontaudit_search_tmp" lineno="4367">
 <summary>
 Do not audit attempts to search the tmp directory (/tmp).
 </summary>
@@ -74694,7 +79439,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_list_tmp" lineno="4232">
+<interface name="files_list_tmp" lineno="4385">
 <summary>
 Read the tmp directory (/tmp).
 </summary>
@@ -74704,7 +79449,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_list_tmp" lineno="4250">
+<interface name="files_dontaudit_list_tmp" lineno="4403">
 <summary>
 Do not audit listing of the tmp directory (/tmp).
 </summary>
@@ -74714,7 +79459,7 @@ Domain not to audit.
 </summary>
 </param>
 </interface>
-<interface name="files_delete_tmp_dir_entry" lineno="4268">
+<interface name="files_delete_tmp_dir_entry" lineno="4421">
 <summary>
 Remove entries from the tmp directory.
 </summary>
@@ -74724,7 +79469,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_generic_tmp_files" lineno="4286">
+<interface name="files_read_generic_tmp_files" lineno="4439">
 <summary>
 Read files in the tmp directory (/tmp).
 </summary>
@@ -74734,7 +79479,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_generic_tmp_dirs" lineno="4304">
+<interface name="files_manage_generic_tmp_dirs" lineno="4457">
 <summary>
 Manage temporary directories in /tmp.
 </summary>
@@ -74744,7 +79489,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_generic_tmp_files" lineno="4322">
+<interface name="files_manage_generic_tmp_files" lineno="4475">
 <summary>
 Manage temporary files and directories in /tmp.
 </summary>
@@ -74754,7 +79499,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_generic_tmp_symlinks" lineno="4340">
+<interface name="files_read_generic_tmp_symlinks" lineno="4493">
 <summary>
 Read symbolic links in the tmp directory (/tmp).
 </summary>
@@ -74764,7 +79509,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_rw_generic_tmp_sockets" lineno="4358">
+<interface name="files_rw_generic_tmp_sockets" lineno="4511">
 <summary>
 Read and write generic named sockets in the tmp directory (/tmp).
 </summary>
@@ -74774,7 +79519,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_setattr_all_tmp_dirs" lineno="4376">
+<interface name="files_mounton_tmp" lineno="4529">
+<summary>
+Mount filesystems in the tmp directory (/tmp)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_setattr_all_tmp_dirs" lineno="4547">
 <summary>
 Set the attributes of all tmp directories.
 </summary>
@@ -74784,7 +79539,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_list_all_tmp" lineno="4394">
+<interface name="files_list_all_tmp" lineno="4565">
 <summary>
 List all tmp directories.
 </summary>
@@ -74794,7 +79549,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_relabel_all_tmp_dirs" lineno="4414">
+<interface name="files_relabel_all_tmp_dirs" lineno="4585">
 <summary>
 Relabel to and from all temporary
 directory types.
@@ -74806,7 +79561,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_dontaudit_getattr_all_tmp_files" lineno="4435">
+<interface name="files_dontaudit_getattr_all_tmp_files" lineno="4606">
 <summary>
 Do not audit attempts to get the attributes
 of all tmp files.
@@ -74817,7 +79572,7 @@ Domain not to audit.
 </summary>
 </param>
 </interface>
-<interface name="files_getattr_all_tmp_files" lineno="4454">
+<interface name="files_getattr_all_tmp_files" lineno="4625">
 <summary>
 Allow attempts to get the attributes
 of all tmp files.
@@ -74828,7 +79583,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_relabel_all_tmp_files" lineno="4474">
+<interface name="files_relabel_all_tmp_files" lineno="4645">
 <summary>
 Relabel to and from all temporary
 file types.
@@ -74840,7 +79595,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_dontaudit_getattr_all_tmp_sockets" lineno="4495">
+<interface name="files_dontaudit_getattr_all_tmp_sockets" lineno="4666">
 <summary>
 Do not audit attempts to get the attributes
 of all tmp sock_file.
@@ -74851,7 +79606,7 @@ Domain not to audit.
 </summary>
 </param>
 </interface>
-<interface name="files_read_all_tmp_files" lineno="4513">
+<interface name="files_read_all_tmp_files" lineno="4684">
 <summary>
 Read all tmp files.
 </summary>
@@ -74861,7 +79616,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_tmp_filetrans" lineno="4547">
+<interface name="files_tmp_filetrans" lineno="4718">
 <summary>
 Create an object in the tmp directories, with a private
 type using a type transition.
@@ -74887,7 +79642,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="files_purge_tmp" lineno="4565">
+<interface name="files_purge_tmp" lineno="4736">
 <summary>
 Delete the contents of /tmp.
 </summary>
@@ -74897,7 +79652,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_setattr_usr_dirs" lineno="4588">
+<interface name="files_setattr_usr_dirs" lineno="4759">
 <summary>
 Set the attributes of the /usr directory.
 </summary>
@@ -74907,7 +79662,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_search_usr" lineno="4606">
+<interface name="files_search_usr" lineno="4777">
 <summary>
 Search the content of /usr.
 </summary>
@@ -74917,7 +79672,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_list_usr" lineno="4625">
+<interface name="files_list_usr" lineno="4796">
 <summary>
 List the contents of generic
 directories in /usr.
@@ -74928,7 +79683,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_write_usr_dirs" lineno="4643">
+<interface name="files_dontaudit_write_usr_dirs" lineno="4814">
 <summary>
 Do not audit write of /usr dirs
 </summary>
@@ -74938,7 +79693,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_rw_usr_dirs" lineno="4661">
+<interface name="files_rw_usr_dirs" lineno="4832">
 <summary>
 Add and remove entries from /usr directories.
 </summary>
@@ -74948,7 +79703,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_rw_usr_dirs" lineno="4680">
+<interface name="files_dontaudit_rw_usr_dirs" lineno="4851">
 <summary>
 Do not audit attempts to add and remove
 entries from /usr directories.
@@ -74959,7 +79714,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_delete_usr_dirs" lineno="4698">
+<interface name="files_delete_usr_dirs" lineno="4869">
 <summary>
 Delete generic directories in /usr in the caller domain.
 </summary>
@@ -74969,7 +79724,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_delete_usr_files" lineno="4716">
+<interface name="files_delete_usr_files" lineno="4887">
 <summary>
 Delete generic files in /usr in the caller domain.
 </summary>
@@ -74979,7 +79734,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_getattr_usr_files" lineno="4734">
+<interface name="files_getattr_usr_files" lineno="4905">
 <summary>
 Get the attributes of files in /usr.
 </summary>
@@ -74989,7 +79744,18 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_usr_files" lineno="4770">
+<interface name="files_map_usr_files" lineno="4924">
+<summary>
+Map generic files in /usr.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="10"/>
+</interface>
+<interface name="files_read_usr_files" lineno="4960">
 <summary>
 Read generic files in /usr.
 </summary>
@@ -75017,7 +79783,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="files_exec_usr_files" lineno="4790">
+<interface name="files_exec_usr_files" lineno="4980">
 <summary>
 Execute generic programs in /usr in the caller domain.
 </summary>
@@ -75027,7 +79793,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_write_usr_files" lineno="4810">
+<interface name="files_dontaudit_write_usr_files" lineno="5000">
 <summary>
 dontaudit write of /usr files
 </summary>
@@ -75037,7 +79803,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_usr_files" lineno="4828">
+<interface name="files_manage_usr_files" lineno="5018">
 <summary>
 Create, read, write, and delete files in the /usr directory.
 </summary>
@@ -75047,7 +79813,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_relabelto_usr_files" lineno="4846">
+<interface name="files_relabelto_usr_files" lineno="5036">
 <summary>
 Relabel a file to the type used in /usr.
 </summary>
@@ -75057,7 +79823,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_relabelfrom_usr_files" lineno="4864">
+<interface name="files_relabelfrom_usr_files" lineno="5054">
 <summary>
 Relabel a file from the type used in /usr.
 </summary>
@@ -75067,7 +79833,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_usr_symlinks" lineno="4882">
+<interface name="files_read_usr_symlinks" lineno="5072">
 <summary>
 Read symbolic links in /usr.
 </summary>
@@ -75077,7 +79843,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_usr_filetrans" lineno="4915">
+<interface name="files_usr_filetrans" lineno="5105">
 <summary>
 Create objects in the /usr directory
 </summary>
@@ -75102,7 +79868,17 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_search_src" lineno="4933">
+<interface name="files_search_src" lineno="5123">
+<summary>
+Search directories in /usr/src.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_dontaudit_search_src" lineno="5141">
 <summary>
 Do not audit attempts to search /usr/src.
 </summary>
@@ -75112,7 +79888,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_getattr_usr_src_files" lineno="4951">
+<interface name="files_getattr_usr_src_files" lineno="5159">
 <summary>
 Get the attributes of files in /usr/src.
 </summary>
@@ -75122,7 +79898,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_usr_src_files" lineno="4972">
+<interface name="files_read_usr_src_files" lineno="5180">
 <summary>
 Read files in /usr/src.
 </summary>
@@ -75132,7 +79908,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_exec_usr_src_files" lineno="4993">
+<interface name="files_exec_usr_src_files" lineno="5201">
 <summary>
 Execute programs in /usr/src in the caller domain.
 </summary>
@@ -75142,7 +79918,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_create_kernel_symbol_table" lineno="5013">
+<interface name="files_create_kernel_symbol_table" lineno="5221">
 <summary>
 Install a system.map into the /boot directory.
 </summary>
@@ -75152,7 +79928,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_kernel_symbol_table" lineno="5032">
+<interface name="files_read_kernel_symbol_table" lineno="5240">
 <summary>
 Read system.map in the /boot directory.
 </summary>
@@ -75162,7 +79938,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_delete_kernel_symbol_table" lineno="5051">
+<interface name="files_delete_kernel_symbol_table" lineno="5259">
 <summary>
 Delete a system.map in the /boot directory.
 </summary>
@@ -75172,7 +79948,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_search_var" lineno="5070">
+<interface name="files_search_var" lineno="5278">
 <summary>
 Search the contents of /var.
 </summary>
@@ -75182,7 +79958,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_write_var_dirs" lineno="5088">
+<interface name="files_dontaudit_write_var_dirs" lineno="5296">
 <summary>
 Do not audit attempts to write to /var.
 </summary>
@@ -75192,7 +79968,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_write_var_dirs" lineno="5106">
+<interface name="files_write_var_dirs" lineno="5314">
 <summary>
 Allow attempts to write to /var.dirs
 </summary>
@@ -75202,7 +79978,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_search_var" lineno="5125">
+<interface name="files_dontaudit_search_var" lineno="5333">
 <summary>
 Do not audit attempts to search
 the contents of /var.
@@ -75213,7 +79989,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_list_var" lineno="5143">
+<interface name="files_list_var" lineno="5351">
 <summary>
 List the contents of /var.
 </summary>
@@ -75223,7 +79999,18 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_var_dirs" lineno="5162">
+<interface name="files_dontaudit_list_var" lineno="5370">
+<summary>
+Do not audit attempts to list
+the contents of /var.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="files_manage_var_dirs" lineno="5389">
 <summary>
 Create, read, write, and delete directories
 in the /var directory.
@@ -75234,7 +80021,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_var_files" lineno="5180">
+<interface name="files_relabel_var_dirs" lineno="5407">
+<summary>
+relabelto/from var directories
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_read_var_files" lineno="5425">
 <summary>
 Read files in the /var directory.
 </summary>
@@ -75244,7 +80041,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_append_var_files" lineno="5198">
+<interface name="files_append_var_files" lineno="5443">
 <summary>
 Append files in the /var directory.
 </summary>
@@ -75254,7 +80051,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_rw_var_files" lineno="5216">
+<interface name="files_rw_var_files" lineno="5461">
 <summary>
 Read and write files in the /var directory.
 </summary>
@@ -75264,7 +80061,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_rw_var_files" lineno="5235">
+<interface name="files_dontaudit_rw_var_files" lineno="5480">
 <summary>
 Do not audit attempts to read and write
 files in the /var directory.
@@ -75275,7 +80072,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_var_files" lineno="5253">
+<interface name="files_manage_var_files" lineno="5498">
 <summary>
 Create, read, write, and delete files in the /var directory.
 </summary>
@@ -75285,7 +80082,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_var_symlinks" lineno="5271">
+<interface name="files_read_var_symlinks" lineno="5516">
 <summary>
 Read symbolic links in the /var directory.
 </summary>
@@ -75295,7 +80092,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_var_symlinks" lineno="5290">
+<interface name="files_manage_var_symlinks" lineno="5535">
 <summary>
 Create, read, write, and delete symbolic
 links in the /var directory.
@@ -75306,7 +80103,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_var_filetrans" lineno="5323">
+<interface name="files_var_filetrans" lineno="5568">
 <summary>
 Create objects in the /var directory
 </summary>
@@ -75331,7 +80128,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="files_getattr_var_lib_dirs" lineno="5341">
+<interface name="files_getattr_var_lib_dirs" lineno="5586">
 <summary>
 Get the attributes of the /var/lib directory.
 </summary>
@@ -75341,7 +80138,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_search_var_lib" lineno="5373">
+<interface name="files_search_var_lib" lineno="5618">
 <summary>
 Search the /var/lib directory.
 </summary>
@@ -75365,7 +80162,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="5"/>
 </interface>
-<interface name="files_dontaudit_search_var_lib" lineno="5393">
+<interface name="files_dontaudit_search_var_lib" lineno="5638">
 <summary>
 Do not audit attempts to search the
 contents of /var/lib.
@@ -75377,7 +80174,7 @@ Domain to not audit.
 </param>
 <infoflow type="read" weight="5"/>
 </interface>
-<interface name="files_list_var_lib" lineno="5411">
+<interface name="files_list_var_lib" lineno="5656">
 <summary>
 List the contents of the /var/lib directory.
 </summary>
@@ -75387,7 +80184,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_rw_var_lib_dirs" lineno="5429">
+<interface name="files_rw_var_lib_dirs" lineno="5674">
 <summary>
 Read-write /var/lib directories
 </summary>
@@ -75397,7 +80194,27 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_var_lib_filetrans" lineno="5462">
+<interface name="files_manage_var_lib_dirs" lineno="5692">
+<summary>
+manage var_lib_t dirs
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_relabel_var_lib_dirs" lineno="5711">
+<summary>
+relabel var_lib_t dirs
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_var_lib_filetrans" lineno="5745">
 <summary>
 Create objects in the /var/lib directory
 </summary>
@@ -75422,7 +80239,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="files_read_var_lib_files" lineno="5481">
+<interface name="files_read_var_lib_files" lineno="5764">
 <summary>
 Read generic files in /var/lib.
 </summary>
@@ -75432,7 +80249,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_var_lib_symlinks" lineno="5500">
+<interface name="files_read_var_lib_symlinks" lineno="5783">
 <summary>
 Read generic symbolic links in /var/lib
 </summary>
@@ -75442,7 +80259,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_urandom_seed" lineno="5522">
+<interface name="files_manage_urandom_seed" lineno="5805">
 <summary>
 Create, read, write, and delete the
 pseudorandom number generator seed.
@@ -75453,7 +80270,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_mounttab" lineno="5542">
+<interface name="files_manage_mounttab" lineno="5825">
 <summary>
 Allow domain to manage mount tables
 necessary for rpcd, nfsd, etc.
@@ -75464,7 +80281,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_setattr_lock_dirs" lineno="5561">
+<interface name="files_setattr_lock_dirs" lineno="5844">
 <summary>
 Set the attributes of the generic lock directories.
 </summary>
@@ -75474,7 +80291,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_search_locks" lineno="5579">
+<interface name="files_search_locks" lineno="5862">
 <summary>
 Search the locks directory (/var/lock).
 </summary>
@@ -75484,7 +80301,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_search_locks" lineno="5599">
+<interface name="files_dontaudit_search_locks" lineno="5882">
 <summary>
 Do not audit attempts to search the
 locks directory (/var/lock).
@@ -75495,7 +80312,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_list_locks" lineno="5618">
+<interface name="files_list_locks" lineno="5901">
 <summary>
 List generic lock directories.
 </summary>
@@ -75505,7 +80322,27 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_rw_lock_dirs" lineno="5638">
+<interface name="files_check_write_lock_dirs" lineno="5920">
+<summary>
+Test write access on lock directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_add_entry_lock_dirs" lineno="5939">
+<summary>
+Add entries in the /var/lock directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_rw_lock_dirs" lineno="5959">
 <summary>
 Add and remove entries in the /var/lock
 directories.
@@ -75516,7 +80353,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_create_lock_dirs" lineno="5657">
+<interface name="files_create_lock_dirs" lineno="5978">
 <summary>
 Create lock directories
 </summary>
@@ -75526,7 +80363,7 @@ Domain allowed access
 </summary>
 </param>
 </interface>
-<interface name="files_relabel_all_lock_dirs" lineno="5678">
+<interface name="files_relabel_all_lock_dirs" lineno="5999">
 <summary>
 Relabel to and from all lock directory types.
 </summary>
@@ -75537,7 +80374,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_getattr_generic_locks" lineno="5699">
+<interface name="files_getattr_generic_locks" lineno="6020">
 <summary>
 Get the attributes of generic lock files.
 </summary>
@@ -75547,7 +80384,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_delete_generic_locks" lineno="5720">
+<interface name="files_delete_generic_locks" lineno="6041">
 <summary>
 Delete generic lock files.
 </summary>
@@ -75557,7 +80394,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_generic_locks" lineno="5741">
+<interface name="files_manage_generic_locks" lineno="6062">
 <summary>
 Create, read, write, and delete generic
 lock files.
@@ -75568,7 +80405,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_delete_all_locks" lineno="5762">
+<interface name="files_delete_all_locks" lineno="6084">
 <summary>
 Delete all lock files.
 </summary>
@@ -75579,7 +80416,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_read_all_locks" lineno="5783">
+<interface name="files_read_all_locks" lineno="6105">
 <summary>
 Read all lock files.
 </summary>
@@ -75589,7 +80426,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_all_locks" lineno="5806">
+<interface name="files_manage_all_locks" lineno="6128">
 <summary>
 manage all lock files.
 </summary>
@@ -75599,7 +80436,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_lock_filetrans" lineno="5845">
+<interface name="files_relabel_all_locks" lineno="6151">
+<summary>
+Relabel from/to all lock files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_lock_filetrans" lineno="6190">
 <summary>
 Create an object in the locks directory, with a private
 type using a type transition.
@@ -75625,7 +80472,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_getattr_pid_dirs" lineno="5866">
+<interface name="files_dontaudit_getattr_pid_dirs" lineno="6211">
 <summary>
 Do not audit attempts to get the attributes
 of the /var/run directory.
@@ -75636,7 +80483,17 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_setattr_pid_dirs" lineno="5885">
+<interface name="files_mounton_pid_dirs" lineno="6230">
+<summary>
+mounton a /var/run directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_setattr_pid_dirs" lineno="6248">
 <summary>
 Set the attributes of the /var/run directory.
 </summary>
@@ -75646,7 +80503,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_search_pids" lineno="5905">
+<interface name="files_search_pids" lineno="6268">
 <summary>
 Search the contents of runtime process
 ID directories (/var/run).
@@ -75657,7 +80514,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_search_pids" lineno="5925">
+<interface name="files_dontaudit_search_pids" lineno="6288">
 <summary>
 Do not audit attempts to search
 the /var/run directory.
@@ -75668,7 +80525,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_list_pids" lineno="5945">
+<interface name="files_list_pids" lineno="6308">
 <summary>
 List the contents of the runtime process
 ID directories (/var/run).
@@ -75679,7 +80536,27 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_generic_pids" lineno="5964">
+<interface name="files_check_write_pid_dirs" lineno="6327">
+<summary>
+Check write access on /var/run directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_create_pid_dirs" lineno="6345">
+<summary>
+Create a /var/run directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_read_generic_pids" lineno="6363">
 <summary>
 Read generic process ID files.
 </summary>
@@ -75689,7 +80566,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_write_generic_pid_pipes" lineno="5984">
+<interface name="files_write_generic_pid_pipes" lineno="6383">
 <summary>
 Write named generic process ID pipes
 </summary>
@@ -75699,7 +80576,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_pid_filetrans" lineno="6045">
+<interface name="files_pid_filetrans" lineno="6444">
 <summary>
 Create an object in the process ID directory, with a private type.
 </summary>
@@ -75751,7 +80628,7 @@ The name of the object being created.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="files_pid_filetrans_lock_dir" lineno="6070">
+<interface name="files_pid_filetrans_lock_dir" lineno="6469">
 <summary>
 Create a generic lock directory within the run directories
 </summary>
@@ -75766,7 +80643,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="files_rw_generic_pids" lineno="6088">
+<interface name="files_rw_generic_pids" lineno="6487">
 <summary>
 Read and write generic process ID files.
 </summary>
@@ -75776,7 +80653,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_getattr_all_pids" lineno="6109">
+<interface name="files_dontaudit_getattr_all_pids" lineno="6508">
 <summary>
 Do not audit attempts to get the attributes of
 daemon runtime data files.
@@ -75787,7 +80664,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_write_all_pids" lineno="6129">
+<interface name="files_dontaudit_write_all_pids" lineno="6528">
 <summary>
 Do not audit attempts to write to daemon runtime data files.
 </summary>
@@ -75797,7 +80674,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_ioctl_all_pids" lineno="6148">
+<interface name="files_dontaudit_ioctl_all_pids" lineno="6547">
 <summary>
 Do not audit attempts to ioctl daemon runtime data files.
 </summary>
@@ -75807,7 +80684,18 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_read_all_pids" lineno="6169">
+<interface name="files_manage_all_pid_dirs" lineno="6568">
+<summary>
+manage all pidfile directories
+in the /var/run directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_read_all_pids" lineno="6587">
 <summary>
 Read all process ID files.
 </summary>
@@ -75818,10 +80706,19 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_mounton_all_poly_members" lineno="6191">
+<interface name="files_exec_generic_pid_files" lineno="6608">
 <summary>
-Mount filesystems on all polyinstantiation
-member directories.
+Execute generic programs in /var/run in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_relabel_all_pid_files" lineno="6626">
+<summary>
+Relable all pid files
 </summary>
 <param name="domain">
 <summary>
@@ -75829,7 +80726,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_delete_all_pids" lineno="6210">
+<interface name="files_delete_all_pids" lineno="6645">
 <summary>
 Delete all process IDs.
 </summary>
@@ -75840,7 +80737,47 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_delete_all_pid_dirs" lineno="6235">
+<interface name="files_create_all_pid_sockets" lineno="6670">
+<summary>
+Create all pid sockets
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_create_all_pid_pipes" lineno="6688">
+<summary>
+Create all pid named pipes
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_create_all_spool_sockets" lineno="6706">
+<summary>
+Create all spool sockets
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_delete_all_spool_sockets" lineno="6724">
+<summary>
+Delete all spool sockets
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_delete_all_pid_dirs" lineno="6742">
 <summary>
 Delete all process ID directories.
 </summary>
@@ -75850,7 +80787,59 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_search_spool" lineno="6257">
+<interface name="files_manage_all_pids" lineno="6764">
+<summary>
+Create, read, write and delete all
+var_run (pid) content
+</summary>
+<param name="domain">
+<summary>
+Domain alloed access.
+</summary>
+</param>
+</interface>
+<interface name="files_relabel_all_pid_dirs" lineno="6784">
+<summary>
+Relabel to/from all var_run (pid) directories
+</summary>
+<param name="domain">
+<summary>
+Domain alloed access.
+</summary>
+</param>
+</interface>
+<interface name="files_relabel_all_pid_sock_files" lineno="6802">
+<summary>
+Relabel to/from all var_run (pid) socket files
+</summary>
+<param name="domain">
+<summary>
+Domain alloed access.
+</summary>
+</param>
+</interface>
+<interface name="files_relabel_all_pids" lineno="6820">
+<summary>
+Relabel to/from all var_run (pid) files and directories
+</summary>
+<param name="domain">
+<summary>
+Domain alloed access.
+</summary>
+</param>
+</interface>
+<interface name="files_mounton_all_poly_members" lineno="6841">
+<summary>
+Mount filesystems on all polyinstantiation
+member directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_search_spool" lineno="6860">
 <summary>
 Search the contents of generic spool
 directories (/var/spool).
@@ -75861,7 +80850,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_search_spool" lineno="6276">
+<interface name="files_dontaudit_search_spool" lineno="6879">
 <summary>
 Do not audit attempts to search generic
 spool directories.
@@ -75872,7 +80861,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_list_spool" lineno="6295">
+<interface name="files_list_spool" lineno="6898">
 <summary>
 List the contents of generic spool
 (/var/spool) directories.
@@ -75883,7 +80872,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_generic_spool_dirs" lineno="6314">
+<interface name="files_manage_generic_spool_dirs" lineno="6917">
 <summary>
 Create, read, write, and delete generic
 spool directories (/var/spool).
@@ -75894,7 +80883,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_generic_spool" lineno="6333">
+<interface name="files_read_generic_spool" lineno="6936">
 <summary>
 Read generic spool files.
 </summary>
@@ -75904,7 +80893,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_generic_spool" lineno="6353">
+<interface name="files_manage_generic_spool" lineno="6956">
 <summary>
 Create, read, write, and delete generic
 spool files.
@@ -75915,7 +80904,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_spool_filetrans" lineno="6389">
+<interface name="files_spool_filetrans" lineno="6992">
 <summary>
 Create objects in the spool directory
 with a private type with a type transition.
@@ -75942,7 +80931,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="files_polyinstantiate_all" lineno="6409">
+<interface name="files_polyinstantiate_all" lineno="7012">
 <summary>
 Allow access to manage all polyinstantiated
 directories on the system.
@@ -75953,7 +80942,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_unconfined" lineno="6463">
+<interface name="files_unconfined" lineno="7066">
 <summary>
 Unconfined access to files.
 </summary>
@@ -75963,6 +80952,122 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
+<interface name="files_manage_etc_runtime_lnk_files" lineno="7088">
+<summary>
+Create, read, write, and delete symbolic links in
+/etc that are dynamically created on boot.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="files_dontaudit_read_etc_runtime" lineno="7106">
+<summary>
+Do not audit attempts to read etc_runtime resources
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="files_list_src" lineno="7124">
+<summary>
+List usr/src files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="files_read_src_files" lineno="7142">
+<summary>
+Read usr/src files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="files_manage_src_files" lineno="7160">
+<summary>
+Manage /usr/src files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="files_lib_filetrans_kernel_modules" lineno="7191">
+<summary>
+Create a resource in the generic lib location
+with an automatic type transition towards the kernel modules
+type
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+<param name="class">
+<summary>
+Class of the created resource for which a type transition should occur
+</summary>
+</param>
+<param name="filename" optional="true">
+<summary>
+Optional name of the resource
+</summary>
+</param>
+</interface>
+<interface name="files_read_etc_runtime" lineno="7209">
+<summary>
+Read etc runtime resources
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="files_relabel_all_non_security_file_types" lineno="7231">
+<summary>
+Allow relabel from and to non-security types
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="files_manage_all_non_security_file_types" lineno="7261">
+<summary>
+Manage non-security-sensitive resource types
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="files_relabel_all_pidfiles" lineno="7283">
+<summary>
+Allow relabeling from and to any pidfile associated type
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
 </module>
 <module name="filesystem" filename="policy/modules/kernel/filesystem.if">
 <summary>Policy for filesystems.</summary>
@@ -76030,7 +81135,47 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_mount_xattr_fs" lineno="121">
+<interface name="fs_xattr_type" lineno="121">
+<summary>
+Transform specified type into a filesystem
+type which has extended attribute
+support.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_getattr_all_xattr_fs" lineno="159">
+<summary>
+Get the attributes of all the
+filesystems which have extended
+attributes.
+This includes pseudo filesystems.
+</summary>
+<desc>
+<p>
+Allow the specified domain to
+get the attributes of a filesystems
+which have extended attributes.
+Example attributes:
+</p>
+<ul>
+<li>Type of the file system (e.g., tmpfs)</li>
+<li>Size of the file system</li>
+<li>Available space on the file system</li>
+</ul>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="read" weight="5"/>
+<rolecap/>
+</interface>
+<interface name="fs_mount_xattr_fs" lineno="179">
 <summary>
 Mount a persistent filesystem which
 has extended attributes, such as
@@ -76042,7 +81187,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_remount_xattr_fs" lineno="142">
+<interface name="fs_remount_xattr_fs" lineno="200">
 <summary>
 Remount a persistent filesystem which
 has extended attributes, such as
@@ -76055,7 +81200,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_unmount_xattr_fs" lineno="162">
+<interface name="fs_unmount_xattr_fs" lineno="220">
 <summary>
 Unmount a persistent filesystem which
 has extended attributes, such as
@@ -76067,7 +81212,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_xattr_fs" lineno="198">
+<interface name="fs_getattr_xattr_fs" lineno="256">
 <summary>
 Get the attributes of persistent
 filesystems which have extended
@@ -76095,7 +81240,7 @@ Domain allowed access.
 <infoflow type="read" weight="5"/>
 <rolecap/>
 </interface>
-<interface name="fs_dontaudit_getattr_xattr_fs" lineno="219">
+<interface name="fs_dontaudit_getattr_xattr_fs" lineno="277">
 <summary>
 Do not audit attempts to
 get the attributes of a persistent
@@ -76108,7 +81253,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_relabelfrom_xattr_fs" lineno="239">
+<interface name="fs_relabelfrom_xattr_fs" lineno="297">
 <summary>
 Allow changing of the label of a
 filesystem with extended attributes
@@ -76120,7 +81265,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_get_xattr_fs_quotas" lineno="259">
+<interface name="fs_get_xattr_fs_quotas" lineno="317">
 <summary>
 Get the filesystem quotas of a filesystem
 with extended attributes.
@@ -76132,7 +81277,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_set_xattr_fs_quotas" lineno="279">
+<interface name="fs_set_xattr_fs_quotas" lineno="337">
 <summary>
 Set the filesystem quotas of a filesystem
 with extended attributes.
@@ -76144,7 +81289,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_read_anon_inodefs_files" lineno="297">
+<interface name="fs_read_anon_inodefs_files" lineno="355">
 <summary>
 Read files on anon_inodefs file systems.
 </summary>
@@ -76154,7 +81299,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_rw_anon_inodefs_files" lineno="317">
+<interface name="fs_rw_anon_inodefs_files" lineno="375">
 <summary>
 Read and write files on anon_inodefs
 file systems.
@@ -76165,7 +81310,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_rw_anon_inodefs_files" lineno="337">
+<interface name="fs_dontaudit_rw_anon_inodefs_files" lineno="395">
 <summary>
 Do not audit attempts to read or write files on
 anon_inodefs file systems.
@@ -76176,7 +81321,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_mount_autofs" lineno="356">
+<interface name="fs_mount_autofs" lineno="414">
 <summary>
 Mount an automount pseudo filesystem.
 </summary>
@@ -76186,7 +81331,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_remount_autofs" lineno="375">
+<interface name="fs_remount_autofs" lineno="433">
 <summary>
 Remount an automount pseudo filesystem
 This allows some mount options to be changed.
@@ -76197,7 +81342,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_unmount_autofs" lineno="393">
+<interface name="fs_unmount_autofs" lineno="451">
 <summary>
 Unmount an automount pseudo filesystem.
 </summary>
@@ -76207,7 +81352,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_autofs" lineno="412">
+<interface name="fs_getattr_autofs" lineno="470">
 <summary>
 Get the attributes of an automount
 pseudo filesystem.
@@ -76218,7 +81363,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_search_auto_mountpoints" lineno="439">
+<interface name="fs_search_auto_mountpoints" lineno="497">
 <summary>
 Search automount filesystem to use automatically
 mounted filesystems.
@@ -76237,7 +81382,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="5"/>
 </interface>
-<interface name="fs_list_auto_mountpoints" lineno="459">
+<interface name="fs_list_auto_mountpoints" lineno="517">
 <summary>
 Read directories of automatically
 mounted filesystems.
@@ -76249,7 +81394,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_dontaudit_list_auto_mountpoints" lineno="478">
+<interface name="fs_dontaudit_list_auto_mountpoints" lineno="536">
 <summary>
 Do not audit attempts to list directories of automatically
 mounted filesystems.
@@ -76260,7 +81405,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_autofs_symlinks" lineno="497">
+<interface name="fs_manage_autofs_symlinks" lineno="555">
 <summary>
 Create, read, write, and delete symbolic links
 on an autofs filesystem.
@@ -76271,7 +81416,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_binfmt_misc_dirs" lineno="516">
+<interface name="fs_getattr_binfmt_misc_dirs" lineno="574">
 <summary>
 Get the attributes of directories on
 binfmt_misc filesystems.
@@ -76282,7 +81427,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_register_binary_executable_type" lineno="552">
+<interface name="fs_register_binary_executable_type" lineno="610">
 <summary>
 Register an interpreter for new binary
 file types, using the kernel binfmt_misc
@@ -76309,7 +81454,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_mount_cgroup" lineno="570">
+<interface name="fs_mount_cgroup" lineno="630">
 <summary>
 Mount cgroup filesystems.
 </summary>
@@ -76319,7 +81464,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_remount_cgroup" lineno="588">
+<interface name="fs_remount_cgroup" lineno="648">
 <summary>
 Remount cgroup filesystems.
 </summary>
@@ -76329,7 +81474,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_unmount_cgroup" lineno="606">
+<interface name="fs_unmount_cgroup" lineno="666">
 <summary>
 Unmount cgroup filesystems.
 </summary>
@@ -76339,7 +81484,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_cgroup" lineno="624">
+<interface name="fs_getattr_cgroup" lineno="684">
 <summary>
 Get attributes of cgroup filesystems.
 </summary>
@@ -76349,7 +81494,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_search_cgroup_dirs" lineno="642">
+<interface name="fs_search_cgroup_dirs" lineno="702">
 <summary>
 Search cgroup directories.
 </summary>
@@ -76359,7 +81504,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_list_cgroup_dirs" lineno="662">
+<interface name="fs_list_cgroup_dirs" lineno="722">
 <summary>
 list cgroup directories.
 </summary>
@@ -76369,7 +81514,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_delete_cgroup_dirs" lineno="681">
+<interface name="fs_delete_cgroup_dirs" lineno="741">
 <summary>
 Delete cgroup directories.
 </summary>
@@ -76379,7 +81524,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_cgroup_dirs" lineno="700">
+<interface name="fs_manage_cgroup_dirs" lineno="760">
 <summary>
 Manage cgroup directories.
 </summary>
@@ -76389,7 +81534,27 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_cgroup_files" lineno="720">
+<interface name="fs_relabel_cgroup_dirs" lineno="780">
+<summary>
+Relabel cgroup directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_getattr_cgroup_files" lineno="798">
+<summary>
+Get attributes of cgroup files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_read_cgroup_files" lineno="818">
 <summary>
 Read cgroup files.
 </summary>
@@ -76399,7 +81564,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_write_cgroup_files" lineno="740">
+<interface name="fs_create_cgroup_links" lineno="839">
+<summary>
+Create cgroup lnk_files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_write_cgroup_files" lineno="859">
 <summary>
 Write cgroup files.
 </summary>
@@ -76409,7 +81584,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_rw_cgroup_files" lineno="759">
+<interface name="fs_rw_cgroup_files" lineno="878">
 <summary>
 Read and write cgroup files.
 </summary>
@@ -76419,7 +81594,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_rw_cgroup_files" lineno="781">
+<interface name="fs_dontaudit_rw_cgroup_files" lineno="899">
 <summary>
 Do not audit attempts to open,
 get attributes, read and write
@@ -76431,7 +81606,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_cgroup_files" lineno="799">
+<interface name="fs_manage_cgroup_files" lineno="917">
 <summary>
 Manage cgroup files.
 </summary>
@@ -76441,7 +81616,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_mounton_cgroup" lineno="819">
+<interface name="fs_relabel_cgroup_symlinks" lineno="937">
+<summary>
+Relabel cgroup symbolic links.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_mounton_cgroup" lineno="955">
 <summary>
 Mount on cgroup directories.
 </summary>
@@ -76451,7 +81636,33 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_list_cifs_dirs" lineno="838">
+<interface name="fs_cgroup_filetrans" lineno="989">
+<summary>
+Create an object in a cgroup tmpfs filesystem, with a private
+type using a type transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="private type">
+<summary>
+The type of the object to be created.
+</summary>
+</param>
+<param name="object">
+<summary>
+The object class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="fs_dontaudit_list_cifs_dirs" lineno="1010">
 <summary>
 Do not audit attempts to read
 dirs on a CIFS or SMB filesystem.
@@ -76462,7 +81673,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_mount_cifs" lineno="856">
+<interface name="fs_mount_cifs" lineno="1028">
 <summary>
 Mount a CIFS or SMB network filesystem.
 </summary>
@@ -76472,7 +81683,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_remount_cifs" lineno="875">
+<interface name="fs_remount_cifs" lineno="1047">
 <summary>
 Remount a CIFS or SMB network filesystem.
 This allows some mount options to be changed.
@@ -76483,7 +81694,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_unmount_cifs" lineno="893">
+<interface name="fs_unmount_cifs" lineno="1065">
 <summary>
 Unmount a CIFS or SMB network filesystem.
 </summary>
@@ -76493,7 +81704,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_cifs" lineno="913">
+<interface name="fs_getattr_cifs" lineno="1085">
 <summary>
 Get the attributes of a CIFS or
 SMB network filesystem.
@@ -76505,7 +81716,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_search_cifs" lineno="931">
+<interface name="fs_search_cifs" lineno="1103">
 <summary>
 Search directories on a CIFS or SMB filesystem.
 </summary>
@@ -76515,7 +81726,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_list_cifs" lineno="950">
+<interface name="fs_list_cifs" lineno="1122">
 <summary>
 List the contents of directories on a
 CIFS or SMB filesystem.
@@ -76526,7 +81737,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_list_cifs" lineno="969">
+<interface name="fs_dontaudit_list_cifs" lineno="1141">
 <summary>
 Do not audit attempts to list the contents
 of directories on a CIFS or SMB filesystem.
@@ -76537,7 +81748,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_mounton_cifs" lineno="987">
+<interface name="fs_mounton_cifs" lineno="1159">
 <summary>
 Mounton a CIFS filesystem.
 </summary>
@@ -76547,7 +81758,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_cifs_files" lineno="1006">
+<interface name="fs_read_cifs_files" lineno="1178">
 <summary>
 Read files on a CIFS or SMB filesystem.
 </summary>
@@ -76558,7 +81769,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_getattr_noxattr_fs" lineno="1027">
+<interface name="fs_getattr_noxattr_fs" lineno="1199">
 <summary>
 Get the attributes of filesystems that
 do not have extended attribute support.
@@ -76570,7 +81781,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_list_noxattr_fs" lineno="1045">
+<interface name="fs_list_noxattr_fs" lineno="1217">
 <summary>
 Read all noxattrfs directories.
 </summary>
@@ -76580,7 +81791,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_list_noxattr_fs" lineno="1064">
+<interface name="fs_dontaudit_list_noxattr_fs" lineno="1236">
 <summary>
 Do not audit attempts to list all
 noxattrfs directories.
@@ -76591,7 +81802,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_noxattr_fs_dirs" lineno="1082">
+<interface name="fs_manage_noxattr_fs_dirs" lineno="1254">
 <summary>
 Create, read, write, and delete all noxattrfs directories.
 </summary>
@@ -76601,7 +81812,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_noxattr_fs_files" lineno="1100">
+<interface name="fs_read_noxattr_fs_files" lineno="1272">
 <summary>
 Read all noxattrfs files.
 </summary>
@@ -76611,7 +81822,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_read_noxattr_fs_files" lineno="1119">
+<interface name="fs_dontaudit_read_noxattr_fs_files" lineno="1292">
 <summary>
 Do not audit attempts to read all
 noxattrfs files.
@@ -76622,7 +81833,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_write_noxattr_fs_files" lineno="1137">
+<interface name="fs_dontaudit_write_noxattr_fs_files" lineno="1310">
 <summary>
 Dont audit attempts to write to noxattrfs files.
 </summary>
@@ -76632,7 +81843,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_noxattr_fs_files" lineno="1155">
+<interface name="fs_manage_noxattr_fs_files" lineno="1328">
 <summary>
 Create, read, write, and delete all noxattrfs files.
 </summary>
@@ -76642,7 +81853,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_noxattr_fs_symlinks" lineno="1173">
+<interface name="fs_read_noxattr_fs_symlinks" lineno="1347">
 <summary>
 Read all noxattrfs symbolic links.
 </summary>
@@ -76652,7 +81863,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_relabelfrom_noxattr_fs" lineno="1192">
+<interface name="fs_manage_noxattr_fs_symlinks" lineno="1366">
+<summary>
+Manage all noxattrfs symbolic links.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_relabelfrom_noxattr_fs" lineno="1386">
 <summary>
 Relabel all objets from filesystems that
 do not support extended attributes.
@@ -76663,7 +81884,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_read_cifs_files" lineno="1218">
+<interface name="fs_dontaudit_read_cifs_files" lineno="1412">
 <summary>
 Do not audit attempts to read
 files on a CIFS or SMB filesystem.
@@ -76674,7 +81895,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_append_cifs_files" lineno="1238">
+<interface name="fs_append_cifs_files" lineno="1432">
 <summary>
 Append files
 on a CIFS filesystem.
@@ -76686,7 +81907,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_dontaudit_append_cifs_files" lineno="1258">
+<interface name="fs_dontaudit_append_cifs_files" lineno="1452">
 <summary>
 dontaudit Append files
 on a CIFS filesystem.
@@ -76698,7 +81919,7 @@ Domain to not audit.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_dontaudit_rw_cifs_files" lineno="1277">
+<interface name="fs_dontaudit_rw_cifs_files" lineno="1471">
 <summary>
 Do not audit attempts to read or
 write files on a CIFS or SMB filesystem.
@@ -76709,7 +81930,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_cifs_symlinks" lineno="1295">
+<interface name="fs_read_cifs_symlinks" lineno="1489">
 <summary>
 Read symbolic links on a CIFS or SMB filesystem.
 </summary>
@@ -76719,7 +81940,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_cifs_named_pipes" lineno="1315">
+<interface name="fs_read_cifs_named_pipes" lineno="1509">
 <summary>
 Read named pipes
 on a CIFS or SMB network filesystem.
@@ -76730,9 +81951,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_cifs_named_sockets" lineno="1334">
+<interface name="fs_read_cifs_named_sockets" lineno="1528">
 <summary>
-Read named pipes
+Read named sockets
 on a CIFS or SMB network filesystem.
 </summary>
 <param name="domain">
@@ -76741,7 +81962,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_exec_cifs_files" lineno="1355">
+<interface name="fs_exec_cifs_files" lineno="1549">
 <summary>
 Execute files on a CIFS or SMB
 network filesystem, in the caller
@@ -76754,7 +81975,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_manage_cifs_dirs" lineno="1376">
+<interface name="fs_manage_cifs_dirs" lineno="1570">
 <summary>
 Create, read, write, and delete directories
 on a CIFS or SMB network filesystem.
@@ -76766,7 +81987,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_dontaudit_manage_cifs_dirs" lineno="1396">
+<interface name="fs_dontaudit_manage_cifs_dirs" lineno="1590">
 <summary>
 Do not audit attempts to create, read,
 write, and delete directories
@@ -76778,7 +81999,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_cifs_files" lineno="1416">
+<interface name="fs_manage_cifs_files" lineno="1610">
 <summary>
 Create, read, write, and delete files
 on a CIFS or SMB network filesystem.
@@ -76790,7 +82011,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_dontaudit_manage_cifs_files" lineno="1436">
+<interface name="fs_dontaudit_manage_cifs_files" lineno="1630">
 <summary>
 Do not audit attempts to create, read,
 write, and delete files
@@ -76802,7 +82023,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_cifs_symlinks" lineno="1455">
+<interface name="fs_manage_cifs_symlinks" lineno="1649">
 <summary>
 Create, read, write, and delete symbolic links
 on a CIFS or SMB network filesystem.
@@ -76813,7 +82034,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_cifs_named_pipes" lineno="1474">
+<interface name="fs_manage_cifs_named_pipes" lineno="1668">
 <summary>
 Create, read, write, and delete named pipes
 on a CIFS or SMB network filesystem.
@@ -76824,7 +82045,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_cifs_named_sockets" lineno="1493">
+<interface name="fs_manage_cifs_named_sockets" lineno="1687">
 <summary>
 Create, read, write, and delete named sockets
 on a CIFS or SMB network filesystem.
@@ -76835,7 +82056,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_cifs_domtrans" lineno="1536">
+<interface name="fs_cifs_domtrans" lineno="1730">
 <summary>
 Execute a file on a CIFS or SMB filesystem
 in the specified domain.
@@ -76870,7 +82091,7 @@ The type of the new process.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_configfs_dirs" lineno="1556">
+<interface name="fs_manage_configfs_dirs" lineno="1750">
 <summary>
 Create, read, write, and delete dirs
 on a configfs filesystem.
@@ -76881,7 +82102,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_configfs_files" lineno="1575">
+<interface name="fs_manage_configfs_files" lineno="1769">
 <summary>
 Create, read, write, and delete files
 on a configfs filesystem.
@@ -76892,7 +82113,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_mount_dos_fs" lineno="1594">
+<interface name="fs_mount_dos_fs" lineno="1788">
 <summary>
 Mount a DOS filesystem, such as
 FAT32 or NTFS.
@@ -76903,7 +82124,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_remount_dos_fs" lineno="1614">
+<interface name="fs_remount_dos_fs" lineno="1808">
 <summary>
 Remount a DOS filesystem, such as
 FAT32 or NTFS.  This allows
@@ -76915,7 +82136,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_unmount_dos_fs" lineno="1633">
+<interface name="fs_unmount_dos_fs" lineno="1827">
 <summary>
 Unmount a DOS filesystem, such as
 FAT32 or NTFS.
@@ -76926,7 +82147,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_dos_fs" lineno="1653">
+<interface name="fs_getattr_dos_fs" lineno="1847">
 <summary>
 Get the attributes of a DOS
 filesystem, such as FAT32 or NTFS.
@@ -76938,7 +82159,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_relabelfrom_dos_fs" lineno="1672">
+<interface name="fs_relabelfrom_dos_fs" lineno="1866">
 <summary>
 Allow changing of the label of a
 DOS filesystem using the context= mount option.
@@ -76949,7 +82170,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_search_dos" lineno="1690">
+<interface name="fs_getattr_dos_dirs" lineno="1884">
+<summary>
+Get attributes of directories on a dosfs filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_search_dos" lineno="1902">
 <summary>
 Search dosfs filesystem.
 </summary>
@@ -76959,7 +82190,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_list_dos" lineno="1708">
+<interface name="fs_list_dos" lineno="1920">
 <summary>
 List dirs DOS filesystem.
 </summary>
@@ -76969,7 +82200,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_dos_dirs" lineno="1727">
+<interface name="fs_manage_dos_dirs" lineno="1939">
 <summary>
 Create, read, write, and delete dirs
 on a DOS filesystem.
@@ -76980,7 +82211,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_dos_files" lineno="1745">
+<interface name="fs_read_dos_files" lineno="1957">
 <summary>
 Read files on a DOS filesystem.
 </summary>
@@ -76990,7 +82221,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_dos_files" lineno="1764">
+<interface name="fs_manage_dos_files" lineno="1976">
 <summary>
 Create, read, write, and delete files
 on a DOS filesystem.
@@ -77001,26 +82232,29 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_eventpollfs" lineno="1792">
+<interface name="fs_read_efivarfs_files" lineno="1996">
 <summary>
-Read eventpollfs files.
+Read files in efivarfs
+- contains Linux Kernel configuration options for UEFI systems
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="fs_getattr_fusefs" lineno="2014">
+<summary>
+stat a FUSE filesystem
 </summary>
-<desc>
-<p>
-Read eventpollfs files
-</p>
-<p>
-This interface has been deprecated, and will
-be removed in the future.
-</p>
-</desc>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_mount_fusefs" lineno="1806">
+<interface name="fs_mount_fusefs" lineno="2032">
 <summary>
 Mount a FUSE filesystem.
 </summary>
@@ -77030,7 +82264,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_unmount_fusefs" lineno="1824">
+<interface name="fs_unmount_fusefs" lineno="2050">
 <summary>
 Unmount a FUSE filesystem.
 </summary>
@@ -77040,7 +82274,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_mounton_fusefs" lineno="1842">
+<interface name="fs_mounton_fusefs" lineno="2068">
 <summary>
 Mounton a FUSEFS filesystem.
 </summary>
@@ -77050,7 +82284,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_search_fusefs" lineno="1862">
+<interface name="fs_search_fusefs" lineno="2088">
 <summary>
 Search directories
 on a FUSEFS filesystem.
@@ -77062,7 +82296,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_dontaudit_list_fusefs" lineno="1881">
+<interface name="fs_dontaudit_list_fusefs" lineno="2107">
 <summary>
 Do not audit attempts to list the contents
 of directories on a FUSEFS filesystem.
@@ -77073,7 +82307,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_fusefs_dirs" lineno="1901">
+<interface name="fs_manage_fusefs_dirs" lineno="2127">
 <summary>
 Create, read, write, and delete directories
 on a FUSEFS filesystem.
@@ -77085,7 +82319,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_dontaudit_manage_fusefs_dirs" lineno="1921">
+<interface name="fs_dontaudit_manage_fusefs_dirs" lineno="2147">
 <summary>
 Do not audit attempts to create, read,
 write, and delete directories
@@ -77097,7 +82331,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_fusefs_files" lineno="1940">
+<interface name="fs_read_fusefs_files" lineno="2166">
 <summary>
 Read, a FUSEFS filesystem.
 </summary>
@@ -77108,7 +82342,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_exec_fusefs_files" lineno="1959">
+<interface name="fs_exec_fusefs_files" lineno="2185">
 <summary>
 Execute files on a FUSEFS filesystem.
 </summary>
@@ -77119,7 +82353,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_manage_fusefs_files" lineno="1979">
+<interface name="fs_manage_fusefs_files" lineno="2205">
 <summary>
 Create, read, write, and delete files
 on a FUSEFS filesystem.
@@ -77131,7 +82365,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_dontaudit_manage_fusefs_files" lineno="1999">
+<interface name="fs_dontaudit_manage_fusefs_files" lineno="2225">
 <summary>
 Do not audit attempts to create,
 read, write, and delete files
@@ -77143,7 +82377,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_fusefs_symlinks" lineno="2017">
+<interface name="fs_read_fusefs_symlinks" lineno="2243">
 <summary>
 Read symbolic links on a FUSEFS filesystem.
 </summary>
@@ -77153,7 +82387,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_hugetlbfs" lineno="2037">
+<interface name="fs_getattr_hugetlbfs" lineno="2263">
 <summary>
 Get the attributes of an hugetlbfs
 filesystem.
@@ -77164,7 +82398,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_list_hugetlbfs" lineno="2055">
+<interface name="fs_list_hugetlbfs" lineno="2281">
 <summary>
 List hugetlbfs.
 </summary>
@@ -77174,7 +82408,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_hugetlbfs_dirs" lineno="2073">
+<interface name="fs_manage_hugetlbfs_dirs" lineno="2299">
 <summary>
 Manage hugetlbfs dirs.
 </summary>
@@ -77184,7 +82418,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_rw_hugetlbfs_files" lineno="2091">
+<interface name="fs_rw_inherited_hugetlbfs_files" lineno="2317">
+<summary>
+Read and write inherited hugetlbfs files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_rw_hugetlbfs_files" lineno="2335">
 <summary>
 Read and write hugetlbfs files.
 </summary>
@@ -77194,7 +82438,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_associate_hugetlbfs" lineno="2109">
+<interface name="fs_mmap_rw_hugetlbfs_files" lineno="2353">
+<summary>
+Read, map and write hugetlbfs files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_associate_hugetlbfs" lineno="2372">
 <summary>
 Allow the type to associate to hugetlbfs filesystems.
 </summary>
@@ -77204,7 +82458,7 @@ The type of the object to be associated.
 </summary>
 </param>
 </interface>
-<interface name="fs_search_inotifyfs" lineno="2127">
+<interface name="fs_search_inotifyfs" lineno="2390">
 <summary>
 Search inotifyfs filesystem.
 </summary>
@@ -77214,7 +82468,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_list_inotifyfs" lineno="2145">
+<interface name="fs_list_inotifyfs" lineno="2408">
 <summary>
 List inotifyfs filesystem.
 </summary>
@@ -77224,7 +82478,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_list_inotifyfs" lineno="2163">
+<interface name="fs_dontaudit_list_inotifyfs" lineno="2426">
 <summary>
 Dontaudit List inotifyfs filesystem.
 </summary>
@@ -77234,7 +82488,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_hugetlbfs_filetrans" lineno="2197">
+<interface name="fs_hugetlbfs_filetrans" lineno="2460">
 <summary>
 Create an object in a hugetlbfs filesystem, with a private
 type using a type transition.
@@ -77260,7 +82514,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="fs_mount_iso9660_fs" lineno="2217">
+<interface name="fs_mount_iso9660_fs" lineno="2480">
 <summary>
 Mount an iso9660 filesystem, which
 is usually used on CDs.
@@ -77271,7 +82525,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_remount_iso9660_fs" lineno="2237">
+<interface name="fs_remount_iso9660_fs" lineno="2500">
 <summary>
 Remount an iso9660 filesystem, which
 is usually used on CDs.  This allows
@@ -77283,7 +82537,18 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_unmount_iso9660_fs" lineno="2256">
+<interface name="fs_relabelfrom_iso9660_fs" lineno="2519">
+<summary>
+Allow changing of the label of a
+filesystem with iso9660 type
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_unmount_iso9660_fs" lineno="2538">
 <summary>
 Unmount an iso9660 filesystem, which
 is usually used on CDs.
@@ -77294,7 +82559,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_iso9660_fs" lineno="2276">
+<interface name="fs_getattr_iso9660_fs" lineno="2558">
 <summary>
 Get the attributes of an iso9660
 filesystem, which is usually used on CDs.
@@ -77306,10 +82571,10 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_getattr_iso9660_files" lineno="2295">
+<interface name="fs_getattr_iso9660_files" lineno="2577">
 <summary>
-Read files on an iso9660 filesystem, which
-is usually used on CDs.
+Get the attributes of files on an iso9660
+filesystem, which is usually used on CDs.
 </summary>
 <param name="domain">
 <summary>
@@ -77317,7 +82582,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_iso9660_files" lineno="2315">
+<interface name="fs_read_iso9660_files" lineno="2597">
 <summary>
 Read files on an iso9660 filesystem, which
 is usually used on CDs.
@@ -77328,7 +82593,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_mount_nfs" lineno="2335">
+<interface name="fs_mount_nfs" lineno="2617">
 <summary>
 Mount a NFS filesystem.
 </summary>
@@ -77338,7 +82603,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_remount_nfs" lineno="2354">
+<interface name="fs_remount_nfs" lineno="2636">
 <summary>
 Remount a NFS filesystem.  This allows
 some mount options to be changed.
@@ -77349,7 +82614,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_unmount_nfs" lineno="2372">
+<interface name="fs_unmount_nfs" lineno="2654">
 <summary>
 Unmount a NFS filesystem.
 </summary>
@@ -77359,7 +82624,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_nfs" lineno="2391">
+<interface name="fs_getattr_nfs" lineno="2673">
 <summary>
 Get the attributes of a NFS filesystem.
 </summary>
@@ -77370,7 +82635,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_search_nfs" lineno="2409">
+<interface name="fs_search_nfs" lineno="2691">
 <summary>
 Search directories on a NFS filesystem.
 </summary>
@@ -77380,7 +82645,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_list_nfs" lineno="2427">
+<interface name="fs_list_nfs" lineno="2709">
 <summary>
 List NFS filesystem.
 </summary>
@@ -77390,7 +82655,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_list_nfs" lineno="2446">
+<interface name="fs_dontaudit_list_nfs" lineno="2728">
 <summary>
 Do not audit attempts to list the contents
 of directories on a NFS filesystem.
@@ -77401,7 +82666,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_mounton_nfs" lineno="2464">
+<interface name="fs_mounton_nfs" lineno="2746">
 <summary>
 Mounton a NFS filesystem.
 </summary>
@@ -77411,7 +82676,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_nfs_files" lineno="2483">
+<interface name="fs_read_nfs_files" lineno="2765">
 <summary>
 Read files on a NFS filesystem.
 </summary>
@@ -77422,7 +82687,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_dontaudit_read_nfs_files" lineno="2503">
+<interface name="fs_dontaudit_read_nfs_files" lineno="2785">
 <summary>
 Do not audit attempts to read
 files on a NFS filesystem.
@@ -77433,7 +82698,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_write_nfs_files" lineno="2521">
+<interface name="fs_write_nfs_files" lineno="2803">
 <summary>
 Read files on a NFS filesystem.
 </summary>
@@ -77443,7 +82708,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_exec_nfs_files" lineno="2541">
+<interface name="fs_exec_nfs_files" lineno="2823">
 <summary>
 Execute files on a NFS filesystem.
 </summary>
@@ -77454,7 +82719,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_append_nfs_files" lineno="2562">
+<interface name="fs_append_nfs_files" lineno="2844">
 <summary>
 Append files
 on a NFS filesystem.
@@ -77466,7 +82731,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_dontaudit_append_nfs_files" lineno="2582">
+<interface name="fs_dontaudit_append_nfs_files" lineno="2864">
 <summary>
 dontaudit Append files
 on a NFS filesystem.
@@ -77478,7 +82743,7 @@ Domain to not audit.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_dontaudit_rw_nfs_files" lineno="2601">
+<interface name="fs_dontaudit_rw_nfs_files" lineno="2883">
 <summary>
 Do not audit attempts to read or
 write files on a NFS filesystem.
@@ -77489,7 +82754,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_nfs_symlinks" lineno="2619">
+<interface name="fs_read_nfs_symlinks" lineno="2901">
 <summary>
 Read symbolic links on a NFS filesystem.
 </summary>
@@ -77499,7 +82764,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_read_nfs_symlinks" lineno="2638">
+<interface name="fs_dontaudit_read_nfs_symlinks" lineno="2920">
 <summary>
 Dontaudit read symbolic links on a NFS filesystem.
 </summary>
@@ -77509,7 +82774,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_nfs_named_sockets" lineno="2656">
+<interface name="fs_read_nfs_named_sockets" lineno="2938">
 <summary>
 Read named sockets on a NFS filesystem.
 </summary>
@@ -77519,7 +82784,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_nfs_named_pipes" lineno="2675">
+<interface name="fs_read_nfs_named_pipes" lineno="2957">
 <summary>
 Read named pipes on a NFS network filesystem.
 </summary>
@@ -77530,9 +82795,10 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_getattr_rpc_dirs" lineno="2693">
+<interface name="fs_getattr_rpc_dirs" lineno="2976">
 <summary>
-Read directories of RPC file system pipes.
+Get the attributes of directories of RPC
+file system pipes.
 </summary>
 <param name="domain">
 <summary>
@@ -77540,7 +82806,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_search_rpc" lineno="2712">
+<interface name="fs_search_rpc" lineno="2995">
 <summary>
 Search directories of RPC file system pipes.
 </summary>
@@ -77550,7 +82816,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_search_removable" lineno="2730">
+<interface name="fs_search_removable" lineno="3013">
 <summary>
 Search removable storage directories.
 </summary>
@@ -77560,7 +82826,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_list_removable" lineno="2748">
+<interface name="fs_dontaudit_list_removable" lineno="3031">
 <summary>
 Do not audit attempts to list removable storage directories.
 </summary>
@@ -77570,7 +82836,7 @@ Domain not to audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_removable_files" lineno="2766">
+<interface name="fs_read_removable_files" lineno="3049">
 <summary>
 Read removable storage files.
 </summary>
@@ -77580,7 +82846,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_read_removable_files" lineno="2784">
+<interface name="fs_dontaudit_read_removable_files" lineno="3067">
 <summary>
 Do not audit attempts to read removable storage files.
 </summary>
@@ -77590,7 +82856,7 @@ Domain not to audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_write_removable_files" lineno="2802">
+<interface name="fs_dontaudit_write_removable_files" lineno="3085">
 <summary>
 Do not audit attempts to write removable storage files.
 </summary>
@@ -77600,7 +82866,7 @@ Domain not to audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_removable_symlinks" lineno="2820">
+<interface name="fs_read_removable_symlinks" lineno="3103">
 <summary>
 Read removable storage symbolic links.
 </summary>
@@ -77610,7 +82876,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_removable_blk_files" lineno="2838">
+<interface name="fs_read_removable_blk_files" lineno="3121">
 <summary>
 Read block nodes on removable filesystems.
 </summary>
@@ -77620,7 +82886,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_rw_removable_blk_files" lineno="2857">
+<interface name="fs_rw_removable_blk_files" lineno="3140">
 <summary>
 Read and write block nodes on removable filesystems.
 </summary>
@@ -77630,7 +82896,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_list_rpc" lineno="2876">
+<interface name="fs_list_rpc" lineno="3159">
 <summary>
 Read directories of RPC file system pipes.
 </summary>
@@ -77640,7 +82906,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_rpc_files" lineno="2894">
+<interface name="fs_read_rpc_files" lineno="3177">
 <summary>
 Read files of RPC file system pipes.
 </summary>
@@ -77650,7 +82916,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_rpc_symlinks" lineno="2912">
+<interface name="fs_read_rpc_symlinks" lineno="3195">
 <summary>
 Read symbolic links of RPC file system pipes.
 </summary>
@@ -77660,7 +82926,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_rpc_sockets" lineno="2930">
+<interface name="fs_read_rpc_sockets" lineno="3213">
 <summary>
 Read sockets of RPC file system pipes.
 </summary>
@@ -77670,7 +82936,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_rw_rpc_sockets" lineno="2948">
+<interface name="fs_rw_rpc_sockets" lineno="3231">
 <summary>
 Read and write sockets of RPC file system pipes.
 </summary>
@@ -77680,7 +82946,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_nfs_dirs" lineno="2968">
+<interface name="fs_manage_nfs_dirs" lineno="3251">
 <summary>
 Create, read, write, and delete directories
 on a NFS filesystem.
@@ -77692,7 +82958,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_dontaudit_manage_nfs_dirs" lineno="2988">
+<interface name="fs_dontaudit_manage_nfs_dirs" lineno="3271">
 <summary>
 Do not audit attempts to create, read,
 write, and delete directories
@@ -77704,7 +82970,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_nfs_files" lineno="3008">
+<interface name="fs_manage_nfs_files" lineno="3291">
 <summary>
 Create, read, write, and delete files
 on a NFS filesystem.
@@ -77716,7 +82982,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_dontaudit_manage_nfs_files" lineno="3028">
+<interface name="fs_dontaudit_manage_nfs_files" lineno="3311">
 <summary>
 Do not audit attempts to create,
 read, write, and delete files
@@ -77728,7 +82994,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_nfs_symlinks" lineno="3048">
+<interface name="fs_manage_nfs_symlinks" lineno="3331">
 <summary>
 Create, read, write, and delete symbolic links
 on a NFS network filesystem.
@@ -77740,7 +83006,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_manage_nfs_named_pipes" lineno="3067">
+<interface name="fs_manage_nfs_named_pipes" lineno="3350">
 <summary>
 Create, read, write, and delete named pipes
 on a NFS filesystem.
@@ -77751,7 +83017,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_nfs_named_sockets" lineno="3086">
+<interface name="fs_manage_nfs_named_sockets" lineno="3369">
 <summary>
 Create, read, write, and delete named sockets
 on a NFS filesystem.
@@ -77762,7 +83028,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_nfs_domtrans" lineno="3129">
+<interface name="fs_nfs_domtrans" lineno="3412">
 <summary>
 Execute a file on a NFS filesystem
 in the specified domain.
@@ -77797,7 +83063,7 @@ The type of the new process.
 </summary>
 </param>
 </interface>
-<interface name="fs_mount_nfsd_fs" lineno="3148">
+<interface name="fs_mount_nfsd_fs" lineno="3431">
 <summary>
 Mount a NFS server pseudo filesystem.
 </summary>
@@ -77807,7 +83073,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_remount_nfsd_fs" lineno="3167">
+<interface name="fs_remount_nfsd_fs" lineno="3450">
 <summary>
 Mount a NFS server pseudo filesystem.
 This allows some mount options to be changed.
@@ -77818,7 +83084,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_unmount_nfsd_fs" lineno="3185">
+<interface name="fs_unmount_nfsd_fs" lineno="3468">
 <summary>
 Unmount a NFS server pseudo filesystem.
 </summary>
@@ -77828,7 +83094,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_nfsd_fs" lineno="3204">
+<interface name="fs_getattr_nfsd_fs" lineno="3487">
 <summary>
 Get the attributes of a NFS server
 pseudo filesystem.
@@ -77839,7 +83105,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_search_nfsd_fs" lineno="3222">
+<interface name="fs_search_nfsd_fs" lineno="3505">
 <summary>
 Search NFS server directories.
 </summary>
@@ -77849,7 +83115,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_list_nfsd_fs" lineno="3240">
+<interface name="fs_list_nfsd_fs" lineno="3523">
 <summary>
 List NFS server directories.
 </summary>
@@ -77859,7 +83125,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_nfsd_files" lineno="3258">
+<interface name="fs_getattr_nfsd_files" lineno="3541">
 <summary>
 Getattr files on an nfsd filesystem
 </summary>
@@ -77869,7 +83135,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_rw_nfsd_fs" lineno="3276">
+<interface name="fs_rw_nfsd_fs" lineno="3559">
 <summary>
 Read and write NFS server files.
 </summary>
@@ -77879,7 +83145,48 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_associate_ramfs" lineno="3294">
+<interface name="fs_read_nsfs_files" lineno="3577">
+<summary>
+Read nsfs inodes (e.g. /proc/pid/ns/uts)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_getattr_pstorefs" lineno="3595">
+<summary>
+Get the attributes of a pstore filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_getattr_pstore_dirs" lineno="3614">
+<summary>
+Get the attributes of directories
+of a pstore filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_relabel_pstore_dirs" lineno="3633">
+<summary>
+Relabel to/from pstore_t directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_associate_ramfs" lineno="3651">
 <summary>
 Allow the type to associate to ramfs filesystems.
 </summary>
@@ -77889,7 +83196,7 @@ The type of the object to be associated.
 </summary>
 </param>
 </interface>
-<interface name="fs_mount_ramfs" lineno="3312">
+<interface name="fs_mount_ramfs" lineno="3669">
 <summary>
 Mount a RAM filesystem.
 </summary>
@@ -77899,7 +83206,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_remount_ramfs" lineno="3331">
+<interface name="fs_remount_ramfs" lineno="3688">
 <summary>
 Remount a RAM filesystem.  This allows
 some mount options to be changed.
@@ -77910,7 +83217,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_unmount_ramfs" lineno="3349">
+<interface name="fs_unmount_ramfs" lineno="3706">
 <summary>
 Unmount a RAM filesystem.
 </summary>
@@ -77920,7 +83227,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_ramfs" lineno="3367">
+<interface name="fs_getattr_ramfs" lineno="3724">
 <summary>
 Get the attributes of a RAM filesystem.
 </summary>
@@ -77930,7 +83237,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_search_ramfs" lineno="3385">
+<interface name="fs_search_ramfs" lineno="3742">
 <summary>
 Search directories on a ramfs
 </summary>
@@ -77940,7 +83247,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_search_ramfs" lineno="3403">
+<interface name="fs_dontaudit_search_ramfs" lineno="3760">
 <summary>
 Dontaudit Search directories on a ramfs
 </summary>
@@ -77950,7 +83257,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_ramfs_dirs" lineno="3422">
+<interface name="fs_manage_ramfs_dirs" lineno="3779">
 <summary>
 Create, read, write, and delete
 directories on a ramfs.
@@ -77961,7 +83268,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_read_ramfs_files" lineno="3440">
+<interface name="fs_dontaudit_read_ramfs_files" lineno="3797">
 <summary>
 Dontaudit read on a ramfs files.
 </summary>
@@ -77971,7 +83278,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_read_ramfs_pipes" lineno="3458">
+<interface name="fs_dontaudit_read_ramfs_pipes" lineno="3815">
 <summary>
 Dontaudit read on a ramfs fifo_files.
 </summary>
@@ -77981,7 +83288,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_ramfs_files" lineno="3477">
+<interface name="fs_manage_ramfs_files" lineno="3834">
 <summary>
 Create, read, write, and delete
 files on a ramfs filesystem.
@@ -77992,7 +83299,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_write_ramfs_pipes" lineno="3495">
+<interface name="fs_write_ramfs_pipes" lineno="3852">
 <summary>
 Write to named pipe on a ramfs filesystem.
 </summary>
@@ -78002,7 +83309,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_write_ramfs_pipes" lineno="3514">
+<interface name="fs_dontaudit_write_ramfs_pipes" lineno="3871">
 <summary>
 Do not audit attempts to write to named
 pipes on a ramfs filesystem.
@@ -78013,7 +83320,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_rw_ramfs_pipes" lineno="3532">
+<interface name="fs_rw_ramfs_pipes" lineno="3889">
 <summary>
 Read and write a named pipe on a ramfs filesystem.
 </summary>
@@ -78023,7 +83330,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_ramfs_pipes" lineno="3551">
+<interface name="fs_manage_ramfs_pipes" lineno="3908">
 <summary>
 Create, read, write, and delete
 named pipes on a ramfs filesystem.
@@ -78034,7 +83341,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_write_ramfs_sockets" lineno="3569">
+<interface name="fs_write_ramfs_sockets" lineno="3926">
 <summary>
 Write to named socket on a ramfs filesystem.
 </summary>
@@ -78044,7 +83351,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_ramfs_sockets" lineno="3588">
+<interface name="fs_manage_ramfs_sockets" lineno="3945">
 <summary>
 Create, read, write, and delete
 named sockets on a ramfs filesystem.
@@ -78055,7 +83362,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_mount_romfs" lineno="3606">
+<interface name="fs_mount_romfs" lineno="3963">
 <summary>
 Mount a ROM filesystem.
 </summary>
@@ -78065,7 +83372,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_remount_romfs" lineno="3625">
+<interface name="fs_remount_romfs" lineno="3982">
 <summary>
 Remount a ROM filesystem.  This allows
 some mount options to be changed.
@@ -78076,7 +83383,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_unmount_romfs" lineno="3643">
+<interface name="fs_unmount_romfs" lineno="4000">
 <summary>
 Unmount a ROM filesystem.
 </summary>
@@ -78086,7 +83393,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_romfs" lineno="3662">
+<interface name="fs_getattr_romfs" lineno="4019">
 <summary>
 Get the attributes of a ROM
 filesystem.
@@ -78097,7 +83404,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_mount_rpc_pipefs" lineno="3680">
+<interface name="fs_mount_rpc_pipefs" lineno="4037">
 <summary>
 Mount a RPC pipe filesystem.
 </summary>
@@ -78107,7 +83414,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_remount_rpc_pipefs" lineno="3699">
+<interface name="fs_remount_rpc_pipefs" lineno="4056">
 <summary>
 Remount a RPC pipe filesystem.  This
 allows some mount option to be changed.
@@ -78118,7 +83425,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_unmount_rpc_pipefs" lineno="3717">
+<interface name="fs_unmount_rpc_pipefs" lineno="4074">
 <summary>
 Unmount a RPC pipe filesystem.
 </summary>
@@ -78128,7 +83435,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_rpc_pipefs" lineno="3736">
+<interface name="fs_getattr_rpc_pipefs" lineno="4093">
 <summary>
 Get the attributes of a RPC pipe
 filesystem.
@@ -78139,7 +83446,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_rw_rpc_named_pipes" lineno="3754">
+<interface name="fs_rw_rpc_named_pipes" lineno="4111">
 <summary>
 Read and write RPC pipe filesystem named pipes.
 </summary>
@@ -78149,7 +83456,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_mount_tmpfs" lineno="3772">
+<interface name="fs_mount_tmpfs" lineno="4129">
 <summary>
 Mount a tmpfs filesystem.
 </summary>
@@ -78159,7 +83466,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_remount_tmpfs" lineno="3790">
+<interface name="fs_remount_tmpfs" lineno="4147">
 <summary>
 Remount a tmpfs filesystem.
 </summary>
@@ -78169,7 +83476,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_unmount_tmpfs" lineno="3808">
+<interface name="fs_unmount_tmpfs" lineno="4165">
 <summary>
 Unmount a tmpfs filesystem.
 </summary>
@@ -78179,7 +83486,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_tmpfs" lineno="3828">
+<interface name="fs_dontaudit_getattr_tmpfs" lineno="4183">
+<summary>
+Do not audit getting the attributes of a tmpfs filesystem
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit
+</summary>
+</param>
+</interface>
+<interface name="fs_getattr_tmpfs" lineno="4203">
 <summary>
 Get the attributes of a tmpfs
 filesystem.
@@ -78191,7 +83508,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_associate_tmpfs" lineno="3846">
+<interface name="fs_associate_tmpfs" lineno="4221">
 <summary>
 Allow the type to associate to tmpfs filesystems.
 </summary>
@@ -78201,7 +83518,17 @@ The type of the object to be associated.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_tmpfs_dirs" lineno="3864">
+<interface name="fs_relabelfrom_tmpfs" lineno="4239">
+<summary>
+Relabel from tmpfs filesystem.
+</summary>
+<param name="type">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_getattr_tmpfs_dirs" lineno="4257">
 <summary>
 Get the attributes of tmpfs directories.
 </summary>
@@ -78211,7 +83538,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_getattr_tmpfs_dirs" lineno="3883">
+<interface name="fs_dontaudit_getattr_tmpfs_dirs" lineno="4276">
 <summary>
 Do not audit attempts to get the attributes
 of tmpfs directories.
@@ -78222,7 +83549,27 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_setattr_tmpfs_dirs" lineno="3901">
+<interface name="fs_mounton_tmpfs" lineno="4294">
+<summary>
+Mount on tmpfs directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_mounton_tmpfs_files" lineno="4312">
+<summary>
+Mount on tmpfs files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_setattr_tmpfs_dirs" lineno="4330">
 <summary>
 Set the attributes of tmpfs directories.
 </summary>
@@ -78232,7 +83579,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_search_tmpfs" lineno="3919">
+<interface name="fs_search_tmpfs" lineno="4348">
 <summary>
 Search tmpfs directories.
 </summary>
@@ -78242,7 +83589,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_list_tmpfs" lineno="3937">
+<interface name="fs_list_tmpfs" lineno="4366">
 <summary>
 List the contents of generic tmpfs directories.
 </summary>
@@ -78252,7 +83599,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_list_tmpfs" lineno="3956">
+<interface name="fs_dontaudit_list_tmpfs" lineno="4385">
 <summary>
 Do not audit attempts to list the
 contents of generic tmpfs directories.
@@ -78263,7 +83610,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_tmpfs_dirs" lineno="3975">
+<interface name="fs_manage_tmpfs_dirs" lineno="4404">
 <summary>
 Create, read, write, and delete
 tmpfs directories
@@ -78274,7 +83621,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_write_tmpfs_dirs" lineno="3994">
+<interface name="fs_dontaudit_write_tmpfs_dirs" lineno="4423">
 <summary>
 Do not audit attempts to write
 tmpfs directories
@@ -78285,7 +83632,27 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_tmpfs_filetrans" lineno="4028">
+<interface name="fs_relabelfrom_tmpfs_dirs" lineno="4441">
+<summary>
+Relabel from tmpfs_t dir
+</summary>
+<param name="type">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_relabel_tmpfs_dirs" lineno="4459">
+<summary>
+Relabel directory on tmpfs filesystems.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_tmpfs_filetrans" lineno="4492">
 <summary>
 Create an object in a tmpfs filesystem, with a private
 type using a type transition.
@@ -78311,7 +83678,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_getattr_tmpfs_files" lineno="4048">
+<interface name="fs_dontaudit_getattr_tmpfs_files" lineno="4512">
 <summary>
 Do not audit attempts to getattr
 generic tmpfs files.
@@ -78322,7 +83689,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_rw_tmpfs_files" lineno="4067">
+<interface name="fs_dontaudit_rw_tmpfs_files" lineno="4531">
 <summary>
 Do not audit attempts to read or write
 generic tmpfs files.
@@ -78333,7 +83700,17 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_auto_mountpoints" lineno="4086">
+<interface name="fs_delete_tmpfs_symlinks" lineno="4549">
+<summary>
+Delete tmpfs symbolic links.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_manage_auto_mountpoints" lineno="4568">
 <summary>
 Create, read, write, and delete
 auto moutpoints.
@@ -78344,7 +83721,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_tmpfs_files" lineno="4104">
+<interface name="fs_read_tmpfs_files" lineno="4586">
 <summary>
 Read generic tmpfs files.
 </summary>
@@ -78354,7 +83731,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_rw_tmpfs_files" lineno="4122">
+<interface name="fs_rw_tmpfs_files" lineno="4604">
 <summary>
 Read and write generic tmpfs files.
 </summary>
@@ -78364,7 +83741,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_tmpfs_symlinks" lineno="4140">
+<interface name="fs_relabel_tmpfs_files" lineno="4622">
+<summary>
+Relabel files on tmpfs filesystems.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_read_tmpfs_symlinks" lineno="4640">
 <summary>
 Read tmpfs link files.
 </summary>
@@ -78374,7 +83761,27 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_rw_tmpfs_chr_files" lineno="4158">
+<interface name="fs_relabelfrom_tmpfs_sockets" lineno="4658">
+<summary>
+Relabelfrom socket files on tmpfs filesystems.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_relabelfrom_tmpfs_symlinks" lineno="4676">
+<summary>
+Relabelfrom tmpfs link files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_rw_tmpfs_chr_files" lineno="4694">
 <summary>
 Read and write character nodes on tmpfs filesystems.
 </summary>
@@ -78384,7 +83791,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_use_tmpfs_chr_dev" lineno="4177">
+<interface name="fs_dontaudit_use_tmpfs_chr_dev" lineno="4713">
 <summary>
 dontaudit Read and write character nodes on tmpfs filesystems.
 </summary>
@@ -78394,7 +83801,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_relabel_tmpfs_chr_file" lineno="4196">
+<interface name="fs_relabel_tmpfs_chr_file" lineno="4732">
 <summary>
 Relabel character nodes on tmpfs filesystems.
 </summary>
@@ -78404,7 +83811,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_rw_tmpfs_blk_files" lineno="4215">
+<interface name="fs_rw_tmpfs_blk_files" lineno="4751">
 <summary>
 Read and write block nodes on tmpfs filesystems.
 </summary>
@@ -78414,7 +83821,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_relabel_tmpfs_blk_file" lineno="4234">
+<interface name="fs_relabel_tmpfs_blk_file" lineno="4770">
 <summary>
 Relabel block nodes on tmpfs filesystems.
 </summary>
@@ -78424,7 +83831,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_tmpfs_files" lineno="4254">
+<interface name="fs_manage_tmpfs_files" lineno="4790">
 <summary>
 Read and write, create and delete generic
 files on tmpfs filesystems.
@@ -78435,7 +83842,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_tmpfs_symlinks" lineno="4273">
+<interface name="fs_manage_tmpfs_symlinks" lineno="4809">
 <summary>
 Read and write, create and delete symbolic
 links on tmpfs filesystems.
@@ -78446,7 +83853,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_tmpfs_sockets" lineno="4292">
+<interface name="fs_manage_tmpfs_sockets" lineno="4828">
 <summary>
 Read and write, create and delete socket
 files on tmpfs filesystems.
@@ -78457,7 +83864,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_tmpfs_chr_files" lineno="4311">
+<interface name="fs_manage_tmpfs_chr_files" lineno="4847">
 <summary>
 Read and write, create and delete character
 nodes on tmpfs filesystems.
@@ -78468,7 +83875,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_tmpfs_blk_files" lineno="4330">
+<interface name="fs_manage_tmpfs_blk_files" lineno="4866">
 <summary>
 Read and write, create and delete block nodes
 on tmpfs filesystems.
@@ -78479,7 +83886,48 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_mount_xenfs" lineno="4348">
+<interface name="fs_getattr_tracefs" lineno="4884">
+<summary>
+Get the attributes of a trace filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_getattr_tracefs_dirs" lineno="4902">
+<summary>
+Get attributes of dirs on tracefs filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_search_tracefs" lineno="4920">
+<summary>
+search directories on a tracefs filesystem
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_getattr_tracefs_files" lineno="4939">
+<summary>
+Get the attributes of files
+on a trace filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_mount_xenfs" lineno="4957">
 <summary>
 Mount a XENFS filesystem.
 </summary>
@@ -78489,7 +83937,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_search_xenfs" lineno="4366">
+<interface name="fs_search_xenfs" lineno="4975">
 <summary>
 Search the XENFS filesystem.
 </summary>
@@ -78499,7 +83947,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_xenfs_dirs" lineno="4386">
+<interface name="fs_manage_xenfs_dirs" lineno="4995">
 <summary>
 Create, read, write, and delete directories
 on a XENFS filesystem.
@@ -78511,7 +83959,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_dontaudit_manage_xenfs_dirs" lineno="4406">
+<interface name="fs_dontaudit_manage_xenfs_dirs" lineno="5015">
 <summary>
 Do not audit attempts to create, read,
 write, and delete directories
@@ -78523,7 +83971,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_xenfs_files" lineno="4426">
+<interface name="fs_manage_xenfs_files" lineno="5035">
 <summary>
 Create, read, write, and delete files
 on a XENFS filesystem.
@@ -78535,7 +83983,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_dontaudit_manage_xenfs_files" lineno="4446">
+<interface name="fs_dontaudit_manage_xenfs_files" lineno="5055">
 <summary>
 Do not audit attempts to create,
 read, write, and delete files
@@ -78547,7 +83995,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_mount_all_fs" lineno="4464">
+<interface name="fs_mount_all_fs" lineno="5073">
 <summary>
 Mount all filesystems.
 </summary>
@@ -78557,7 +84005,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_remount_all_fs" lineno="4483">
+<interface name="fs_remount_all_fs" lineno="5092">
 <summary>
 Remount all filesystems.  This
 allows some mount options to be changed.
@@ -78568,7 +84016,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_unmount_all_fs" lineno="4501">
+<interface name="fs_unmount_all_fs" lineno="5110">
 <summary>
 Unmount all filesystems.
 </summary>
@@ -78578,14 +84026,14 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_all_fs" lineno="4533">
+<interface name="fs_getattr_all_fs" lineno="5142">
 <summary>
 Get the attributes of all filesystems.
 </summary>
 <desc>
 <p>
 Allow the specified domain to
-et the attributes of all filesystems.
+get the attributes of all filesystems.
 Example attributes:
 </p>
 <ul>
@@ -78602,7 +84050,7 @@ Domain allowed access.
 <infoflow type="read" weight="5"/>
 <rolecap/>
 </interface>
-<interface name="fs_dontaudit_getattr_all_fs" lineno="4553">
+<interface name="fs_dontaudit_getattr_all_fs" lineno="5162">
 <summary>
 Do not audit attempts to get the attributes
 all filesystems.
@@ -78613,7 +84061,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_get_all_fs_quotas" lineno="4572">
+<interface name="fs_get_all_fs_quotas" lineno="5181">
 <summary>
 Get the quotas of all filesystems.
 </summary>
@@ -78624,7 +84072,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_set_all_quotas" lineno="4591">
+<interface name="fs_set_all_quotas" lineno="5200">
 <summary>
 Set the quotas of all filesystems.
 </summary>
@@ -78635,7 +84083,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_relabelfrom_all_fs" lineno="4609">
+<interface name="fs_relabelfrom_all_fs" lineno="5218">
 <summary>
 Relabelfrom all filesystems.
 </summary>
@@ -78645,7 +84093,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_all_dirs" lineno="4628">
+<interface name="fs_getattr_all_dirs" lineno="5237">
 <summary>
 Get the attributes of all directories
 with a filesystem type.
@@ -78656,7 +84104,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_search_all" lineno="4646">
+<interface name="fs_search_all" lineno="5255">
 <summary>
 Search all directories with a filesystem type.
 </summary>
@@ -78666,7 +84114,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_list_all" lineno="4664">
+<interface name="fs_list_all" lineno="5273">
 <summary>
 List all directories with a filesystem type.
 </summary>
@@ -78676,7 +84124,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_all_files" lineno="4683">
+<interface name="fs_getattr_all_files" lineno="5292">
 <summary>
 Get the attributes of all files with
 a filesystem type.
@@ -78687,7 +84135,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_getattr_all_files" lineno="4702">
+<interface name="fs_dontaudit_getattr_all_files" lineno="5311">
 <summary>
 Do not audit attempts to get the attributes
 of all files with a filesystem type.
@@ -78698,7 +84146,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_all_symlinks" lineno="4721">
+<interface name="fs_getattr_all_symlinks" lineno="5330">
 <summary>
 Get the attributes of all symbolic links with
 a filesystem type.
@@ -78709,7 +84157,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_getattr_all_symlinks" lineno="4740">
+<interface name="fs_dontaudit_getattr_all_symlinks" lineno="5349">
 <summary>
 Do not audit attempts to get the attributes
 of all symbolic links with a filesystem type.
@@ -78720,7 +84168,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_all_pipes" lineno="4759">
+<interface name="fs_getattr_all_pipes" lineno="5368">
 <summary>
 Get the attributes of all named pipes with
 a filesystem type.
@@ -78731,7 +84179,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_getattr_all_pipes" lineno="4778">
+<interface name="fs_dontaudit_getattr_all_pipes" lineno="5387">
 <summary>
 Do not audit attempts to get the attributes
 of all named pipes with a filesystem type.
@@ -78742,7 +84190,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_all_sockets" lineno="4797">
+<interface name="fs_getattr_all_sockets" lineno="5406">
 <summary>
 Get the attributes of all named sockets with
 a filesystem type.
@@ -78753,7 +84201,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_getattr_all_sockets" lineno="4816">
+<interface name="fs_dontaudit_getattr_all_sockets" lineno="5425">
 <summary>
 Do not audit attempts to get the attributes
 of all named sockets with a filesystem type.
@@ -78764,7 +84212,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_all_blk_files" lineno="4835">
+<interface name="fs_getattr_all_blk_files" lineno="5444">
 <summary>
 Get the attributes of all block device nodes with
 a filesystem type.
@@ -78775,7 +84223,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_all_chr_files" lineno="4854">
+<interface name="fs_getattr_all_chr_files" lineno="5463">
 <summary>
 Get the attributes of all character device nodes with
 a filesystem type.
@@ -78786,7 +84234,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_unconfined" lineno="4872">
+<interface name="fs_unconfined" lineno="5481">
 <summary>
 Unconfined access to filesystems
 </summary>
@@ -78805,7 +84253,18 @@ and unlabeled processes and objects.
 <required val="true">
 This module has initial SIDs.
 </required>
-<interface name="kernel_domtrans_to" lineno="25">
+<interface name="kernel_dyntrans_to" lineno="20">
+<summary>
+Allows the kernel to start userland processes
+by dynamic transitions to the specified domain.
+</summary>
+<param name="domain">
+<summary>
+The process type entered by the kernel.
+</summary>
+</param>
+</interface>
+<interface name="kernel_domtrans_to" lineno="46">
 <summary>
 Allows to start userland processes
 by transitioning to the specified domain.
@@ -78821,7 +84280,7 @@ The executable type for the entrypoint.
 </summary>
 </param>
 </interface>
-<interface name="kernel_ranged_domtrans_to" lineno="55">
+<interface name="kernel_ranged_domtrans_to" lineno="76">
 <summary>
 Allows to start userland processes
 by transitioning to the specified domain,
@@ -78843,7 +84302,7 @@ Range for the domain.
 </summary>
 </param>
 </interface>
-<interface name="kernel_rootfs_mountpoint" lineno="83">
+<interface name="kernel_rootfs_mountpoint" lineno="104">
 <summary>
 Allows the kernel to mount filesystems on
 the specified directory type.
@@ -78854,7 +84313,7 @@ The type of the directory to use as a mountpoint.
 </summary>
 </param>
 </interface>
-<interface name="kernel_setpgid" lineno="101">
+<interface name="kernel_setpgid" lineno="122">
 <summary>
 Set the process group of kernel threads.
 </summary>
@@ -78864,7 +84323,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_setsched" lineno="119">
+<interface name="kernel_setsched" lineno="140">
 <summary>
 Set the priority of kernel threads.
 </summary>
@@ -78874,7 +84333,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_sigchld" lineno="137">
+<interface name="kernel_sigchld" lineno="158">
 <summary>
 Send a SIGCHLD signal to kernel threads.
 </summary>
@@ -78884,7 +84343,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_kill" lineno="155">
+<interface name="kernel_kill" lineno="176">
 <summary>
 Send a kill signal to kernel threads.
 </summary>
@@ -78894,7 +84353,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_signal" lineno="173">
+<interface name="kernel_signal" lineno="194">
 <summary>
 Send a generic signal to kernel threads.
 </summary>
@@ -78904,7 +84363,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_share_state" lineno="192">
+<interface name="kernel_share_state" lineno="213">
 <summary>
 Allows the kernel to share state information with
 the caller.
@@ -78915,7 +84374,7 @@ The type of the process with which to share state information.
 </summary>
 </param>
 </interface>
-<interface name="kernel_use_fds" lineno="210">
+<interface name="kernel_use_fds" lineno="231">
 <summary>
 Permits caller to use kernel file descriptors.
 </summary>
@@ -78925,7 +84384,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_dontaudit_use_fds" lineno="229">
+<interface name="kernel_dontaudit_use_fds" lineno="250">
 <summary>
 Do not audit attempts to use
 kernel file descriptors.
@@ -78936,7 +84395,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="kernel_rw_pipes" lineno="247">
+<interface name="kernel_rw_pipes" lineno="268">
 <summary>
 Read and write kernel unnamed pipes.
 </summary>
@@ -78946,9 +84405,10 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_rw_unix_dgram_sockets" lineno="265">
+<interface name="kernel_rw_stream_sockets" lineno="287">
 <summary>
-Read and write kernel unix datagram sockets.
+Read/write to kernel using a unix
+domain stream socket.
 </summary>
 <param name="domain">
 <summary>
@@ -78956,9 +84416,10 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_dgram_send" lineno="283">
+<interface name="kernel_stream_connect" lineno="306">
 <summary>
-Send messages to kernel unix datagram sockets.
+Connect to kernel using a unix
+domain stream socket.
 </summary>
 <param name="domain">
 <summary>
@@ -78966,9 +84427,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_tcp_recvfrom" lineno="301">
+<interface name="kernel_getattr_dgram_sockets" lineno="324">
 <summary>
-Receive messages from kernel TCP sockets.  (Deprecated)
+Getattr on kernel unix datagram sockets.
 </summary>
 <param name="domain">
 <summary>
@@ -78976,9 +84437,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_udp_send" lineno="315">
+<interface name="kernel_rw_unix_dgram_sockets" lineno="342">
 <summary>
-Send UDP network traffic to the kernel.  (Deprecated)
+Read and write kernel unix datagram sockets.
 </summary>
 <param name="domain">
 <summary>
@@ -78986,9 +84447,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_udp_recvfrom" lineno="329">
+<interface name="kernel_dgram_send" lineno="360">
 <summary>
-Receive messages from kernel UDP sockets.  (Deprecated)
+Send messages to kernel unix datagram sockets.
 </summary>
 <param name="domain">
 <summary>
@@ -78996,7 +84457,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_load_module" lineno="343">
+<interface name="kernel_load_module" lineno="378">
 <summary>
 Allows caller to load kernel modules
 </summary>
@@ -79006,7 +84467,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_search_key" lineno="361">
+<interface name="kernel_search_key" lineno="396">
 <summary>
 Allow search the kernel key ring.
 </summary>
@@ -79016,7 +84477,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_dontaudit_search_key" lineno="379">
+<interface name="kernel_dontaudit_search_key" lineno="414">
 <summary>
 dontaudit search the kernel key ring.
 </summary>
@@ -79026,7 +84487,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="kernel_link_key" lineno="397">
+<interface name="kernel_link_key" lineno="432">
 <summary>
 Allow link to the kernel key ring.
 </summary>
@@ -79036,7 +84497,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_dontaudit_link_key" lineno="415">
+<interface name="kernel_dontaudit_link_key" lineno="450">
 <summary>
 dontaudit link to the kernel key ring.
 </summary>
@@ -79046,7 +84507,27 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="kernel_read_ring_buffer" lineno="434">
+<interface name="kernel_view_key" lineno="468">
+<summary>
+Allow view the kernel key ring.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_dontaudit_view_key" lineno="486">
+<summary>
+dontaudit view the kernel key ring.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="kernel_read_ring_buffer" lineno="505">
 <summary>
 Allows caller to read the ring buffer.
 </summary>
@@ -79057,7 +84538,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="kernel_dontaudit_read_ring_buffer" lineno="453">
+<interface name="kernel_dontaudit_read_ring_buffer" lineno="524">
 <summary>
 Do not audit attempts to read the ring buffer.
 </summary>
@@ -79067,7 +84548,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="kernel_change_ring_buffer_level" lineno="472">
+<interface name="kernel_change_ring_buffer_level" lineno="543">
 <summary>
 Change the level of kernel messages logged to the console.
 </summary>
@@ -79078,7 +84559,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="kernel_clear_ring_buffer" lineno="500">
+<interface name="kernel_clear_ring_buffer" lineno="563">
 <summary>
 Allows the caller to clear the ring buffer.
 </summary>
@@ -79089,7 +84570,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="kernel_request_load_module" lineno="540">
+<interface name="kernel_request_load_module" lineno="595">
 <summary>
 Allows caller to request the kernel to load a module
 </summary>
@@ -79112,7 +84593,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_dontaudit_request_load_module" lineno="558">
+<interface name="kernel_dontaudit_request_load_module" lineno="613">
 <summary>
 Do not audit requests to the kernel to load a module.
 </summary>
@@ -79122,7 +84603,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="kernel_get_sysvipc_info" lineno="576">
+<interface name="kernel_get_sysvipc_info" lineno="631">
 <summary>
 Get information on all System V IPC objects.
 </summary>
@@ -79132,7 +84613,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_getattr_debugfs" lineno="594">
+<interface name="kernel_getattr_debugfs" lineno="649">
 <summary>
 Get the attributes of a kernel debugging filesystem.
 </summary>
@@ -79142,7 +84623,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_mount_debugfs" lineno="612">
+<interface name="kernel_mount_debugfs" lineno="667">
 <summary>
 Mount a kernel debugging filesystem.
 </summary>
@@ -79152,7 +84633,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_unmount_debugfs" lineno="630">
+<interface name="kernel_unmount_debugfs" lineno="685">
 <summary>
 Unmount a kernel debugging filesystem.
 </summary>
@@ -79162,7 +84643,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_remount_debugfs" lineno="648">
+<interface name="kernel_remount_debugfs" lineno="703">
 <summary>
 Remount a kernel debugging filesystem.
 </summary>
@@ -79172,7 +84653,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_search_debugfs" lineno="666">
+<interface name="kernel_search_debugfs" lineno="721">
 <summary>
 Search the contents of a kernel debugging filesystem.
 </summary>
@@ -79182,7 +84663,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_dontaudit_search_debugfs" lineno="684">
+<interface name="kernel_dontaudit_search_debugfs" lineno="739">
 <summary>
 Do not audit attempts to search the kernel debugging filesystem.
 </summary>
@@ -79192,7 +84673,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="kernel_read_debugfs" lineno="702">
+<interface name="kernel_read_debugfs" lineno="757">
 <summary>
 Read information from the debugging filesystem.
 </summary>
@@ -79202,7 +84683,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_dontaudit_write_debugfs_dirs" lineno="722">
+<interface name="kernel_dontaudit_write_debugfs_dirs" lineno="777">
 <summary>
 Do not audit attempts to write kernel debugging filesystem dirs.
 </summary>
@@ -79212,7 +84693,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="kernel_manage_debugfs" lineno="740">
+<interface name="kernel_manage_debugfs" lineno="795">
 <summary>
 Manage information from the debugging filesystem.
 </summary>
@@ -79222,7 +84703,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_mount_kvmfs" lineno="760">
+<interface name="kernel_mount_kvmfs" lineno="815">
 <summary>
 Mount a kernel VM filesystem.
 </summary>
@@ -79232,7 +84713,27 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_unmount_proc" lineno="778">
+<interface name="kernel_mount_proc" lineno="833">
+<summary>
+mount the proc filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_remount_proc" lineno="851">
+<summary>
+remount the proc filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_unmount_proc" lineno="869">
 <summary>
 Unmount the proc filesystem.
 </summary>
@@ -79242,7 +84743,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_getattr_proc" lineno="796">
+<interface name="kernel_getattr_proc" lineno="887">
 <summary>
 Get the attributes of the proc filesystem.
 </summary>
@@ -79252,7 +84753,18 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_dontaudit_setattr_proc_dirs" lineno="815">
+<interface name="kernel_mounton_proc" lineno="906">
+<summary>
+Mount on proc directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kernel_dontaudit_setattr_proc_dirs" lineno="925">
 <summary>
 Do not audit attempts to set the
 attributes of directories in /proc.
@@ -79263,7 +84775,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="kernel_search_proc" lineno="833">
+<interface name="kernel_search_proc" lineno="943">
 <summary>
 Search directories in /proc.
 </summary>
@@ -79273,7 +84785,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_list_proc" lineno="851">
+<interface name="kernel_list_proc" lineno="961">
 <summary>
 List the contents of directories in /proc.
 </summary>
@@ -79283,7 +84795,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_dontaudit_list_proc" lineno="870">
+<interface name="kernel_dontaudit_list_proc" lineno="980">
 <summary>
 Do not audit attempts to list the
 contents of directories in /proc.
@@ -79294,7 +84806,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="kernel_dontaudit_write_proc_dirs" lineno="889">
+<interface name="kernel_dontaudit_write_proc_dirs" lineno="999">
 <summary>
 Do not audit attempts to write the
 directories in /proc.
@@ -79305,7 +84817,17 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="kernel_getattr_proc_files" lineno="907">
+<interface name="kernel_mounton_proc_dirs" lineno="1017">
+<summary>
+Mount the directories in /proc.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_getattr_proc_files" lineno="1035">
 <summary>
 Get the attributes of files in /proc.
 </summary>
@@ -79315,7 +84837,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_read_proc_symlinks" lineno="934">
+<interface name="kernel_read_proc_symlinks" lineno="1062">
 <summary>
 Read generic symbolic links in /proc.
 </summary>
@@ -79334,7 +84856,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="kernel_read_system_state" lineno="973">
+<interface name="kernel_read_system_state" lineno="1101">
 <summary>
 Allows caller to read system state information in /proc.
 </summary>
@@ -79365,7 +84887,7 @@ Domain allowed access.
 <infoflow type="read" weight="10"/>
 <rolecap/>
 </interface>
-<interface name="kernel_write_proc_files" lineno="999">
+<interface name="kernel_write_proc_files" lineno="1127">
 <summary>
 Write to generic proc entries.
 </summary>
@@ -79376,7 +84898,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="kernel_dontaudit_read_system_state" lineno="1018">
+<interface name="kernel_dontaudit_read_system_state" lineno="1146">
 <summary>
 Do not audit attempts by caller to
 read system state information in proc.
@@ -79387,10 +84909,10 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="kernel_dontaudit_read_proc_symlinks" lineno="1037">
+<interface name="kernel_dontaudit_read_proc_symlinks" lineno="1165">
 <summary>
 Do not audit attempts by caller to
-read system state information in proc.
+read symbolic links in proc.
 </summary>
 <param name="domain">
 <summary>
@@ -79398,7 +84920,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="kernel_rw_afs_state" lineno="1056">
+<interface name="kernel_rw_afs_state" lineno="1184">
 <summary>
 Allow caller to read and write state information for AFS.
 </summary>
@@ -79409,7 +84931,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="kernel_read_software_raid_state" lineno="1076">
+<interface name="kernel_read_software_raid_state" lineno="1204">
 <summary>
 Allow caller to read the state information for software raid.
 </summary>
@@ -79420,7 +84942,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="kernel_rw_software_raid_state" lineno="1096">
+<interface name="kernel_rw_software_raid_state" lineno="1224">
 <summary>
 Allow caller to read and set the state information for software raid.
 </summary>
@@ -79430,7 +84952,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_getattr_core_if" lineno="1116">
+<interface name="kernel_getattr_core_if" lineno="1244">
 <summary>
 Allows caller to get attribues of core kernel interface.
 </summary>
@@ -79440,7 +84962,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_dontaudit_getattr_core_if" lineno="1137">
+<interface name="kernel_dontaudit_getattr_core_if" lineno="1265">
 <summary>
 Do not audit attempts to get the attributes of
 core kernel interfaces.
@@ -79451,7 +84973,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="kernel_read_core_if" lineno="1155">
+<interface name="kernel_read_core_if" lineno="1283">
 <summary>
 Allows caller to read the core kernel interface.
 </summary>
@@ -79461,7 +84983,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_read_messages" lineno="1179">
+<interface name="kernel_read_messages" lineno="1307">
 <summary>
 Allow caller to read kernel messages
 using the /proc/kmsg interface.
@@ -79472,7 +84994,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_getattr_message_if" lineno="1201">
+<interface name="kernel_getattr_message_if" lineno="1329">
 <summary>
 Allow caller to get the attributes of kernel message
 interface (/proc/kmsg).
@@ -79483,7 +85005,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_dontaudit_getattr_message_if" lineno="1220">
+<interface name="kernel_dontaudit_getattr_message_if" lineno="1348">
 <summary>
 Do not audit attempts by caller to get the attributes of kernel
 message interfaces.
@@ -79494,7 +85016,18 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="kernel_dontaudit_search_network_state" lineno="1240">
+<interface name="kernel_mounton_message_if" lineno="1367">
+<summary>
+Mount on kernel message interfaces files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kernel_dontaudit_search_network_state" lineno="1388">
 <summary>
 Do not audit attempts to search the network
 state directory.
@@ -79506,7 +85039,7 @@ Domain to not audit.
 </param>
 
 </interface>
-<interface name="kernel_search_network_state" lineno="1259">
+<interface name="kernel_search_network_state" lineno="1407">
 <summary>
 Allow searching of network state directory.
 </summary>
@@ -79517,7 +85050,7 @@ Domain allowed access.
 </param>
 
 </interface>
-<interface name="kernel_read_network_state" lineno="1289">
+<interface name="kernel_read_network_state" lineno="1437">
 <summary>
 Read the network state information.
 </summary>
@@ -79539,7 +85072,7 @@ Domain allowed access.
 <infoflow type="read" weight="10"/>
 <rolecap/>
 </interface>
-<interface name="kernel_read_network_state_symlinks" lineno="1310">
+<interface name="kernel_read_network_state_symlinks" lineno="1458">
 <summary>
 Allow caller to read the network state symbolic links.
 </summary>
@@ -79549,7 +85082,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_search_xen_state" lineno="1331">
+<interface name="kernel_search_xen_state" lineno="1479">
 <summary>
 Allow searching of xen state directory.
 </summary>
@@ -79560,7 +85093,7 @@ Domain allowed access.
 </param>
 
 </interface>
-<interface name="kernel_dontaudit_search_xen_state" lineno="1351">
+<interface name="kernel_dontaudit_search_xen_state" lineno="1499">
 <summary>
 Do not audit attempts to search the xen
 state directory.
@@ -79572,7 +85105,7 @@ Domain to not audit.
 </param>
 
 </interface>
-<interface name="kernel_read_xen_state" lineno="1370">
+<interface name="kernel_read_xen_state" lineno="1518">
 <summary>
 Allow caller to read the xen state information.
 </summary>
@@ -79583,7 +85116,7 @@ Domain allowed access.
 </param>
 
 </interface>
-<interface name="kernel_read_xen_state_symlinks" lineno="1392">
+<interface name="kernel_read_xen_state_symlinks" lineno="1540">
 <summary>
 Allow caller to read the xen state symbolic links.
 </summary>
@@ -79594,7 +85127,7 @@ Domain allowed access.
 </param>
 
 </interface>
-<interface name="kernel_write_xen_state" lineno="1413">
+<interface name="kernel_write_xen_state" lineno="1561">
 <summary>
 Allow caller to write xen state information.
 </summary>
@@ -79605,7 +85138,7 @@ Domain allowed access.
 </param>
 
 </interface>
-<interface name="kernel_list_all_proc" lineno="1431">
+<interface name="kernel_list_all_proc" lineno="1579">
 <summary>
 Allow attempts to list all proc directories.
 </summary>
@@ -79615,7 +85148,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_dontaudit_list_all_proc" lineno="1450">
+<interface name="kernel_dontaudit_list_all_proc" lineno="1598">
 <summary>
 Do not audit attempts to list all proc directories.
 </summary>
@@ -79625,7 +85158,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="kernel_dontaudit_search_sysctl" lineno="1471">
+<interface name="kernel_dontaudit_search_sysctl" lineno="1619">
 <summary>
 Do not audit attempts by caller to search
 the base directory of sysctls.
@@ -79637,7 +85170,18 @@ Domain to not audit.
 </param>
 
 </interface>
-<interface name="kernel_read_sysctl" lineno="1490">
+<interface name="kernel_mounton_sysctl_dirs" lineno="1638">
+<summary>
+Mount on sysctl_t dirs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kernel_read_sysctl" lineno="1658">
 <summary>
 Allow access to read sysctl directories.
 </summary>
@@ -79648,7 +85192,18 @@ Domain allowed access.
 </param>
 
 </interface>
-<interface name="kernel_read_device_sysctls" lineno="1510">
+<interface name="kernel_mounton_sysctl_files" lineno="1678">
+<summary>
+Mount on sysctl files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kernel_read_device_sysctls" lineno="1698">
 <summary>
 Allow caller to read the device sysctls.
 </summary>
@@ -79659,7 +85214,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="kernel_rw_device_sysctls" lineno="1531">
+<interface name="kernel_rw_device_sysctls" lineno="1719">
 <summary>
 Read and write device sysctls.
 </summary>
@@ -79670,7 +85225,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="kernel_search_vm_sysctl" lineno="1551">
+<interface name="kernel_search_vm_sysctl" lineno="1739">
 <summary>
 Allow caller to search virtual memory sysctls.
 </summary>
@@ -79680,7 +85235,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_read_vm_sysctls" lineno="1570">
+<interface name="kernel_read_vm_sysctls" lineno="1758">
 <summary>
 Allow caller to read virtual memory sysctls.
 </summary>
@@ -79691,7 +85246,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="kernel_rw_vm_sysctls" lineno="1591">
+<interface name="kernel_rw_vm_sysctls" lineno="1779">
 <summary>
 Read and write virtual memory sysctls.
 </summary>
@@ -79702,7 +85257,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="kernel_search_network_sysctl" lineno="1613">
+<interface name="kernel_search_network_sysctl" lineno="1801">
 <summary>
 Search network sysctl directories.
 </summary>
@@ -79712,7 +85267,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_dontaudit_search_network_sysctl" lineno="1631">
+<interface name="kernel_dontaudit_search_network_sysctl" lineno="1819">
 <summary>
 Do not audit attempts by caller to search network sysctl directories.
 </summary>
@@ -79722,7 +85277,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="kernel_read_net_sysctls" lineno="1650">
+<interface name="kernel_read_net_sysctls" lineno="1838">
 <summary>
 Allow caller to read network sysctls.
 </summary>
@@ -79733,7 +85288,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="kernel_rw_net_sysctls" lineno="1671">
+<interface name="kernel_rw_net_sysctls" lineno="1859">
 <summary>
 Allow caller to modiry contents of sysctl network files.
 </summary>
@@ -79744,7 +85299,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="kernel_read_unix_sysctls" lineno="1693">
+<interface name="kernel_read_unix_sysctls" lineno="1881">
 <summary>
 Allow caller to read unix domain
 socket sysctls.
@@ -79756,7 +85311,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="kernel_rw_unix_sysctls" lineno="1715">
+<interface name="kernel_rw_unix_sysctls" lineno="1903">
 <summary>
 Read and write unix domain
 socket sysctls.
@@ -79768,7 +85323,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="kernel_read_hotplug_sysctls" lineno="1736">
+<interface name="kernel_read_hotplug_sysctls" lineno="1924">
 <summary>
 Read the hotplug sysctl.
 </summary>
@@ -79779,7 +85334,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="kernel_rw_hotplug_sysctls" lineno="1757">
+<interface name="kernel_rw_hotplug_sysctls" lineno="1945">
 <summary>
 Read and write the hotplug sysctl.
 </summary>
@@ -79790,7 +85345,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="kernel_read_modprobe_sysctls" lineno="1778">
+<interface name="kernel_read_modprobe_sysctls" lineno="1966">
 <summary>
 Read the modprobe sysctl.
 </summary>
@@ -79801,7 +85356,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="kernel_rw_modprobe_sysctls" lineno="1799">
+<interface name="kernel_rw_modprobe_sysctls" lineno="1987">
 <summary>
 Read and write the modprobe sysctl.
 </summary>
@@ -79812,7 +85367,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="kernel_dontaudit_search_kernel_sysctl" lineno="1819">
+<interface name="kernel_dontaudit_search_kernel_sysctl" lineno="2007">
 <summary>
 Do not audit attempts to search generic kernel sysctls.
 </summary>
@@ -79822,7 +85377,17 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="kernel_read_crypto_sysctls" lineno="1837">
+<interface name="kernel_dontaudit_read_kernel_sysctl" lineno="2025">
+<summary>
+Do not audit attempted reading of kernel sysctls
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit accesses from
+</summary>
+</param>
+</interface>
+<interface name="kernel_read_crypto_sysctls" lineno="2043">
 <summary>
 Read generic crypto sysctls.
 </summary>
@@ -79832,7 +85397,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_read_kernel_sysctls" lineno="1878">
+<interface name="kernel_read_kernel_sysctls" lineno="2084">
 <summary>
 Read general kernel sysctls.
 </summary>
@@ -79864,7 +85429,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="kernel_dontaudit_write_kernel_sysctl" lineno="1898">
+<interface name="kernel_dontaudit_write_kernel_sysctl" lineno="2104">
 <summary>
 Do not audit attempts to write generic kernel sysctls.
 </summary>
@@ -79874,7 +85439,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="kernel_rw_kernel_sysctl" lineno="1917">
+<interface name="kernel_rw_kernel_sysctl" lineno="2123">
 <summary>
 Read and write generic kernel sysctls.
 </summary>
@@ -79885,7 +85450,29 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="kernel_read_fs_sysctls" lineno="1938">
+<interface name="kernel_mounton_kernel_sysctl_files" lineno="2144">
+<summary>
+Mount on kernel sysctl files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kernel_search_fs_sysctls" lineno="2164">
+<summary>
+Search filesystem sysctl directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kernel_read_fs_sysctls" lineno="2183">
 <summary>
 Read filesystem sysctls.
 </summary>
@@ -79896,7 +85483,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="kernel_rw_fs_sysctls" lineno="1959">
+<interface name="kernel_rw_fs_sysctls" lineno="2204">
 <summary>
 Read and write fileystem sysctls.
 </summary>
@@ -79907,7 +85494,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="kernel_read_irq_sysctls" lineno="1980">
+<interface name="kernel_read_irq_sysctls" lineno="2225">
 <summary>
 Read IRQ sysctls.
 </summary>
@@ -79918,7 +85505,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="kernel_rw_irq_sysctls" lineno="2001">
+<interface name="kernel_rw_irq_sysctls" lineno="2246">
 <summary>
 Read and write IRQ sysctls.
 </summary>
@@ -79929,7 +85516,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="kernel_read_rpc_sysctls" lineno="2022">
+<interface name="kernel_read_rpc_sysctls" lineno="2267">
 <summary>
 Read RPC sysctls.
 </summary>
@@ -79940,7 +85527,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="kernel_rw_rpc_sysctls" lineno="2043">
+<interface name="kernel_rw_rpc_sysctls" lineno="2288">
 <summary>
 Read and write RPC sysctls.
 </summary>
@@ -79951,7 +85538,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="kernel_dontaudit_list_all_sysctls" lineno="2063">
+<interface name="kernel_dontaudit_list_all_sysctls" lineno="2308">
 <summary>
 Do not audit attempts to list all sysctl directories.
 </summary>
@@ -79961,7 +85548,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="kernel_read_all_sysctls" lineno="2083">
+<interface name="kernel_read_all_sysctls" lineno="2328">
 <summary>
 Allow caller to read all sysctls.
 </summary>
@@ -79972,7 +85559,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="kernel_rw_all_sysctls" lineno="2106">
+<interface name="kernel_rw_all_sysctls" lineno="2351">
 <summary>
 Read and write all sysctls.
 </summary>
@@ -79983,7 +85570,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="kernel_kill_unlabeled" lineno="2130">
+<interface name="kernel_kill_unlabeled" lineno="2375">
 <summary>
 Send a kill signal to unlabeled processes.
 </summary>
@@ -79993,7 +85580,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_mount_unlabeled" lineno="2148">
+<interface name="kernel_mount_unlabeled" lineno="2393">
 <summary>
 Mount a kernel unlabeled filesystem.
 </summary>
@@ -80003,7 +85590,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_unmount_unlabeled" lineno="2166">
+<interface name="kernel_unmount_unlabeled" lineno="2411">
 <summary>
 Unmount a kernel unlabeled filesystem.
 </summary>
@@ -80013,7 +85600,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_signal_unlabeled" lineno="2184">
+<interface name="kernel_signal_unlabeled" lineno="2429">
 <summary>
 Send general signals to unlabeled processes.
 </summary>
@@ -80023,7 +85610,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_signull_unlabeled" lineno="2202">
+<interface name="kernel_signull_unlabeled" lineno="2447">
 <summary>
 Send a null signal to unlabeled processes.
 </summary>
@@ -80033,7 +85620,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_sigstop_unlabeled" lineno="2220">
+<interface name="kernel_sigstop_unlabeled" lineno="2465">
 <summary>
 Send a stop signal to unlabeled processes.
 </summary>
@@ -80043,7 +85630,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_sigchld_unlabeled" lineno="2238">
+<interface name="kernel_sigchld_unlabeled" lineno="2483">
 <summary>
 Send a child terminated signal to unlabeled processes.
 </summary>
@@ -80053,7 +85640,27 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_list_unlabeled" lineno="2256">
+<interface name="kernel_getattr_unlabeled_dirs" lineno="2501">
+<summary>
+Get the attributes of unlabeled directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_dontaudit_search_unlabeled" lineno="2519">
+<summary>
+Do not audit attempts to search unlabeled directories.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="kernel_list_unlabeled" lineno="2537">
 <summary>
 List unlabeled directories.
 </summary>
@@ -80063,7 +85670,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_read_unlabeled_state" lineno="2274">
+<interface name="kernel_read_unlabeled_state" lineno="2555">
 <summary>
 Read the process state (/proc/pid) of all unlabeled_t.
 </summary>
@@ -80073,7 +85680,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_dontaudit_list_unlabeled" lineno="2294">
+<interface name="kernel_dontaudit_list_unlabeled" lineno="2575">
 <summary>
 Do not audit attempts to list unlabeled directories.
 </summary>
@@ -80083,7 +85690,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_rw_unlabeled_dirs" lineno="2312">
+<interface name="kernel_rw_unlabeled_dirs" lineno="2593">
 <summary>
 Read and write unlabeled directories.
 </summary>
@@ -80093,7 +85700,47 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_rw_unlabeled_files" lineno="2330">
+<interface name="kernel_delete_unlabeled_dirs" lineno="2611">
+<summary>
+Delete unlabeled directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_manage_unlabeled_dirs" lineno="2629">
+<summary>
+Create, read, write, and delete unlabeled directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_mounton_unlabeled_dirs" lineno="2647">
+<summary>
+Mount a filesystem on an unlabeled directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_read_unlabeled_files" lineno="2665">
+<summary>
+Read unlabeled files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_rw_unlabeled_files" lineno="2683">
 <summary>
 Read and write unlabeled files.
 </summary>
@@ -80103,7 +85750,27 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_dontaudit_getattr_unlabeled_files" lineno="2349">
+<interface name="kernel_delete_unlabeled_files" lineno="2701">
+<summary>
+Delete unlabeled files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_manage_unlabeled_files" lineno="2719">
+<summary>
+Create, read, write, and delete unlabeled files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_dontaudit_getattr_unlabeled_files" lineno="2738">
 <summary>
 Do not audit attempts by caller to get the
 attributes of an unlabeled file.
@@ -80114,7 +85781,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="kernel_dontaudit_read_unlabeled_files" lineno="2368">
+<interface name="kernel_dontaudit_read_unlabeled_files" lineno="2757">
 <summary>
 Do not audit attempts by caller to
 read an unlabeled file.
@@ -80125,7 +85792,27 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="kernel_dontaudit_getattr_unlabeled_symlinks" lineno="2387">
+<interface name="kernel_delete_unlabeled_symlinks" lineno="2775">
+<summary>
+Delete unlabeled symbolic links.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_manage_unlabeled_symlinks" lineno="2793">
+<summary>
+Create, read, write, and delete unlabeled symbolic links.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_dontaudit_getattr_unlabeled_symlinks" lineno="2812">
 <summary>
 Do not audit attempts by caller to get the
 attributes of unlabeled symbolic links.
@@ -80136,7 +85823,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="kernel_dontaudit_getattr_unlabeled_pipes" lineno="2406">
+<interface name="kernel_dontaudit_getattr_unlabeled_pipes" lineno="2831">
 <summary>
 Do not audit attempts by caller to get the
 attributes of unlabeled named pipes.
@@ -80147,7 +85834,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="kernel_dontaudit_getattr_unlabeled_sockets" lineno="2425">
+<interface name="kernel_dontaudit_getattr_unlabeled_sockets" lineno="2850">
 <summary>
 Do not audit attempts by caller to get the
 attributes of unlabeled named sockets.
@@ -80158,7 +85845,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="kernel_dontaudit_getattr_unlabeled_blk_files" lineno="2444">
+<interface name="kernel_dontaudit_getattr_unlabeled_blk_files" lineno="2869">
 <summary>
 Do not audit attempts by caller to get attributes for
 unlabeled block devices.
@@ -80169,7 +85856,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="kernel_rw_unlabeled_blk_files" lineno="2462">
+<interface name="kernel_rw_unlabeled_blk_files" lineno="2887">
 <summary>
 Read and write unlabeled block device nodes.
 </summary>
@@ -80179,7 +85866,27 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_dontaudit_getattr_unlabeled_chr_files" lineno="2481">
+<interface name="kernel_delete_unlabeled_blk_files" lineno="2905">
+<summary>
+Delete unlabeled block device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_manage_unlabeled_blk_files" lineno="2923">
+<summary>
+Create, read, write, and delete unlabeled block device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_dontaudit_getattr_unlabeled_chr_files" lineno="2942">
 <summary>
 Do not audit attempts by caller to get attributes for
 unlabeled character devices.
@@ -80190,7 +85897,38 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="kernel_relabelfrom_unlabeled_dirs" lineno="2499">
+<interface name="kernel_dontaudit_write_unlabeled_chr_files" lineno="2961">
+<summary>
+Do not audit attempts to
+write unlabeled character devices.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="kernel_delete_unlabeled_chr_files" lineno="2979">
+<summary>
+Delete unlabeled character device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_manage_unlabeled_chr_files" lineno="2998">
+<summary>
+Create, read, write, and delete unlabeled character device nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_relabelfrom_unlabeled_dirs" lineno="3016">
 <summary>
 Allow caller to relabel unlabeled directories.
 </summary>
@@ -80200,7 +85938,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_relabelfrom_unlabeled_files" lineno="2517">
+<interface name="kernel_relabelfrom_unlabeled_files" lineno="3034">
 <summary>
 Allow caller to relabel unlabeled files.
 </summary>
@@ -80210,7 +85948,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_relabelfrom_unlabeled_symlinks" lineno="2536">
+<interface name="kernel_relabelfrom_unlabeled_symlinks" lineno="3053">
 <summary>
 Allow caller to relabel unlabeled symbolic links.
 </summary>
@@ -80220,7 +85958,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_relabelfrom_unlabeled_pipes" lineno="2555">
+<interface name="kernel_relabelfrom_unlabeled_pipes" lineno="3072">
 <summary>
 Allow caller to relabel unlabeled named pipes.
 </summary>
@@ -80230,7 +85968,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_relabelfrom_unlabeled_sockets" lineno="2574">
+<interface name="kernel_delete_unlabeled_pipes" lineno="3091">
+<summary>
+Delete unlabeled named pipes
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_relabelfrom_unlabeled_sockets" lineno="3109">
 <summary>
 Allow caller to relabel unlabeled named sockets.
 </summary>
@@ -80240,7 +85988,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_sendrecv_unlabeled_association" lineno="2608">
+<interface name="kernel_delete_unlabeled_sockets" lineno="3128">
+<summary>
+Delete unlabeled named sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_sendrecv_unlabeled_association" lineno="3160">
 <summary>
 Send and receive messages from an
 unlabeled IPSEC association.
@@ -80265,7 +86023,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_dontaudit_sendrecv_unlabeled_association" lineno="2644">
+<interface name="kernel_dontaudit_sendrecv_unlabeled_association" lineno="3193">
 <summary>
 Do not audit attempts to send and receive messages
 from an	unlabeled IPSEC association.
@@ -80290,7 +86048,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="kernel_tcp_recvfrom_unlabeled" lineno="2671">
+<interface name="kernel_tcp_recvfrom_unlabeled" lineno="3220">
 <summary>
 Receive TCP packets from an unlabeled connection.
 </summary>
@@ -80309,7 +86067,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_dontaudit_tcp_recvfrom_unlabeled" lineno="2700">
+<interface name="kernel_dontaudit_tcp_recvfrom_unlabeled" lineno="3249">
 <summary>
 Do not audit attempts to receive TCP packets from an unlabeled
 connection.
@@ -80330,7 +86088,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="kernel_udp_recvfrom_unlabeled" lineno="2727">
+<interface name="kernel_udp_recvfrom_unlabeled" lineno="3276">
 <summary>
 Receive UDP packets from an unlabeled connection.
 </summary>
@@ -80349,7 +86107,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_dontaudit_udp_recvfrom_unlabeled" lineno="2756">
+<interface name="kernel_dontaudit_udp_recvfrom_unlabeled" lineno="3305">
 <summary>
 Do not audit attempts to receive UDP packets from an unlabeled
 connection.
@@ -80370,7 +86128,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="kernel_raw_recvfrom_unlabeled" lineno="2783">
+<interface name="kernel_raw_recvfrom_unlabeled" lineno="3332">
 <summary>
 Receive Raw IP packets from an unlabeled connection.
 </summary>
@@ -80389,7 +86147,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_dontaudit_raw_recvfrom_unlabeled" lineno="2812">
+<interface name="kernel_dontaudit_raw_recvfrom_unlabeled" lineno="3361">
 <summary>
 Do not audit attempts to receive Raw IP packets from an unlabeled
 connection.
@@ -80410,7 +86168,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="kernel_sendrecv_unlabeled_packets" lineno="2842">
+<interface name="kernel_sendrecv_unlabeled_packets" lineno="3391">
 <summary>
 Send and receive unlabeled packets.
 </summary>
@@ -80432,7 +86190,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_recvfrom_unlabeled_peer" lineno="2870">
+<interface name="kernel_recvfrom_unlabeled_peer" lineno="3419">
 <summary>
 Receive packets from an unlabeled peer.
 </summary>
@@ -80452,7 +86210,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_dontaudit_recvfrom_unlabeled_peer" lineno="2898">
+<interface name="kernel_dontaudit_recvfrom_unlabeled_peer" lineno="3447">
 <summary>
 Do not audit attempts to receive packets from an unlabeled peer.
 </summary>
@@ -80472,7 +86230,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="kernel_relabelfrom_unlabeled_database" lineno="2916">
+<interface name="kernel_relabelfrom_unlabeled_database" lineno="3465">
 <summary>
 Relabel from unlabeled database objects.
 </summary>
@@ -80482,7 +86240,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="kernel_unconfined" lineno="2953">
+<interface name="kernel_unconfined" lineno="3502">
 <summary>
 Unconfined access to kernel module resources.
 </summary>
@@ -80492,6 +86250,48 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
+<interface name="kernel_read_vm_overcommit_sysctl" lineno="3522">
+<summary>
+Read virtual memory overcommit sysctl.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kernel_rw_vm_overcommit_sysctl" lineno="3542">
+<summary>
+Read and write virtual memory overcommit sysctl.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kernel_ib_access_unlabeled_pkeys" lineno="3561">
+<summary>
+Access unlabeled infiniband pkeys.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kernel_ib_manage_subnet_unlabeled_endports" lineno="3579">
+<summary>
+Manage subnet on unlabeled Infiniband endports.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
 <bool name="secure_mode_insmod" dftval="false">
 <desc>
 <p>
@@ -80505,7 +86305,27 @@ Disable kernel module loading.
 <required val="true">
 Contains attributes used in MCS policy.
 </required>
-<interface name="mcs_file_read_all" lineno="18">
+<interface name="mcs_constrained" lineno="26">
+<summary>
+Constrain by category access control (MCS).
+</summary>
+<desc>
+<p>
+Constrain the specified type by category based
+access control (MCS) This prevents this domain from
+interacting with subjects and operating on objects
+that it otherwise would be able to interact
+with or operate on respectively.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Type to be constrained by MCS.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="mcs_file_read_all" lineno="46">
 <summary>
 This domain is allowed to read files and directories
 regardless of their MCS category set.
@@ -80517,7 +86337,7 @@ Domain target for user exemption.
 </param>
 <rolecap/>
 </interface>
-<interface name="mcs_file_write_all" lineno="38">
+<interface name="mcs_file_write_all" lineno="66">
 <summary>
 This domain is allowed to write files and directories
 regardless of their MCS category set.
@@ -80529,7 +86349,7 @@ Domain target for user exemption.
 </param>
 <rolecap/>
 </interface>
-<interface name="mcs_killall" lineno="58">
+<interface name="mcs_killall" lineno="86">
 <summary>
 This domain is allowed to sigkill and sigstop
 all domains regardless of their MCS category set.
@@ -80541,7 +86361,7 @@ Domain target for user exemption.
 </param>
 <rolecap/>
 </interface>
-<interface name="mcs_ptrace_all" lineno="78">
+<interface name="mcs_ptrace_all" lineno="106">
 <summary>
 This domain is allowed to ptrace
 all domains regardless of their MCS
@@ -80553,7 +86373,7 @@ Domain target for user exemption.
 </summary>
 </param>
 </interface>
-<interface name="mcs_process_set_categories" lineno="98">
+<interface name="mcs_process_set_categories" lineno="126">
 <summary>
 Make specified domain MCS trusted
 for setting any category set for
@@ -80591,31 +86411,22 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="mls_file_read_up" lineno="55">
+<interface name="mls_file_read_all_levels" lineno="46">
 <summary>
 Make specified domain MLS trusted
-for reading from files at all levels.  (Deprecated)
-</summary>
-<desc>
-<p>
-Make specified domain MLS trusted
 for reading from files at all levels.
-</p>
-<p>
-This interface has been deprecated, please use
-mls_file_read_all_levels() instead.
-</p>
-</desc>
+</summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<rolecap/>
 </interface>
-<interface name="mls_file_read_all_levels" lineno="72">
+<interface name="mls_file_write_to_clearance" lineno="66">
 <summary>
 Make specified domain MLS trusted
-for reading from files at all levels.
+for write to files up to its clearance.
 </summary>
 <param name="domain">
 <summary>
@@ -80624,10 +86435,10 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="mls_file_write_to_clearance" lineno="92">
+<interface name="mls_file_write_all_levels" lineno="86">
 <summary>
 Make specified domain MLS trusted
-for write to files up to its clearance.
+for writing to files at all levels.
 </summary>
 <param name="domain">
 <summary>
@@ -80636,31 +86447,22 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="mls_file_write_down" lineno="121">
+<interface name="mls_file_relabel_to_clearance" lineno="106">
 <summary>
 Make specified domain MLS trusted
-for writing to files at all levels.  (Deprecated)
+for relabelto to files up to its clearance.
 </summary>
-<desc>
-<p>
-Make specified domain MLS trusted
-for writing to files at all levels.
-</p>
-<p>
-This interface has been deprecated, please use
-mls_file_write_all_levels() instead.
-</p>
-</desc>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<rolecap/>
 </interface>
-<interface name="mls_file_write_all_levels" lineno="138">
+<interface name="mls_file_relabel" lineno="126">
 <summary>
 Make specified domain MLS trusted
-for writing to files at all levels.
+for relabelto to files at all levels.
 </summary>
 <param name="domain">
 <summary>
@@ -80669,7 +86471,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="mls_file_upgrade" lineno="158">
+<interface name="mls_file_upgrade" lineno="146">
 <summary>
 Make specified domain MLS trusted
 for raising the level of files.
@@ -80681,7 +86483,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="mls_file_downgrade" lineno="178">
+<interface name="mls_file_downgrade" lineno="166">
 <summary>
 Make specified domain MLS trusted
 for lowering the level of files.
@@ -80693,7 +86495,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="mls_file_write_within_range" lineno="200">
+<interface name="mls_file_write_within_range" lineno="188">
 <summary>
 Make specified domain trusted to
 be written to within its MLS range.
@@ -80707,7 +86509,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="mls_socket_read_all_levels" lineno="220">
+<interface name="mls_socket_read_all_levels" lineno="208">
 <summary>
 Make specified domain MLS trusted
 for reading from sockets at any level.
@@ -80719,7 +86521,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="mls_socket_read_to_clearance" lineno="241">
+<interface name="mls_socket_read_to_clearance" lineno="229">
 <summary>
 Make specified domain MLS trusted
 for reading from sockets at any level
@@ -80732,7 +86534,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="mls_socket_write_to_clearance" lineno="262">
+<interface name="mls_socket_write_to_clearance" lineno="250">
 <summary>
 Make specified domain MLS trusted
 for writing to sockets up to
@@ -80745,7 +86547,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="mls_socket_write_all_levels" lineno="282">
+<interface name="mls_socket_write_all_levels" lineno="270">
 <summary>
 Make specified domain MLS trusted
 for writing to sockets at any level.
@@ -80757,7 +86559,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="mls_net_receive_all_levels" lineno="303">
+<interface name="mls_net_receive_all_levels" lineno="291">
 <summary>
 Make specified domain MLS trusted
 for receiving network data from
@@ -80770,7 +86572,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="mls_net_write_within_range" lineno="325">
+<interface name="mls_net_write_within_range" lineno="313">
 <summary>
 Make specified domain trusted to
 write to network objects within its MLS range.
@@ -80784,7 +86586,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="mls_net_inbound_all_levels" lineno="346">
+<interface name="mls_net_inbound_all_levels" lineno="334">
 <summary>
 Make specified domain trusted to
 write inbound packets regardless of the
@@ -80797,7 +86599,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="mls_net_outbound_all_levels" lineno="367">
+<interface name="mls_net_outbound_all_levels" lineno="355">
 <summary>
 Make specified domain trusted to
 write outbound packets regardless of the
@@ -80810,7 +86612,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="mls_sysvipc_read_to_clearance" lineno="388">
+<interface name="mls_sysvipc_read_to_clearance" lineno="376">
 <summary>
 Make specified domain MLS trusted
 for reading from System V IPC objects
@@ -80823,7 +86625,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="mls_sysvipc_read_all_levels" lineno="409">
+<interface name="mls_sysvipc_read_all_levels" lineno="397">
 <summary>
 Make specified domain MLS trusted
 for reading from System V IPC objects
@@ -80836,7 +86638,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="mls_sysvipc_write_to_clearance" lineno="430">
+<interface name="mls_sysvipc_write_to_clearance" lineno="418">
 <summary>
 Make specified domain MLS trusted
 for writing to System V IPC objects
@@ -80849,7 +86651,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="mls_sysvipc_write_all_levels" lineno="451">
+<interface name="mls_sysvipc_write_all_levels" lineno="439">
 <summary>
 Make specified domain MLS trusted
 for writing to System V IPC objects
@@ -80862,68 +86664,60 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="mls_rangetrans_source" lineno="471">
+<interface name="mls_key_write_to_clearance" lineno="460">
 <summary>
-Allow the specified domain to do a MLS
-range transition that changes
-the current level.
+Make specified domain MLS trusted
+for writing to keys up to
+its clearance.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<rolecap/>
 </interface>
-<interface name="mls_rangetrans_target" lineno="491">
+<interface name="mls_key_write_all_levels" lineno="480">
 <summary>
-Make specified domain a target domain
-for MLS range transitions that change
-the current level.
+Make specified domain MLS trusted
+for writing to keys at all levels.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<rolecap/>
 </interface>
-<interface name="mls_process_read_to_clearance" lineno="512">
+<interface name="mls_rangetrans_source" lineno="500">
 <summary>
-Make specified domain MLS trusted
-for reading from processes up to
-its clearance.
+Allow the specified domain to do a MLS
+range transition that changes
+the current level.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="mls_process_read_up" lineno="541">
+<interface name="mls_rangetrans_target" lineno="520">
 <summary>
-Make specified domain MLS trusted
-for reading from processes at all levels.  (Deprecated)
+Make specified domain a target domain
+for MLS range transitions that change
+the current level.
 </summary>
-<desc>
-<p>
-Make specified domain MLS trusted
-for reading from processes at all levels.
-</p>
-<p>
-This interface has been deprecated, please use
-mls_process_read_all_levels() instead.
-</p>
-</desc>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="mls_process_read_all_levels" lineno="558">
+<interface name="mls_process_read_to_clearance" lineno="541">
 <summary>
 Make specified domain MLS trusted
-for reading from processes at all levels.
+for reading from processes up to
+its clearance.
 </summary>
 <param name="domain">
 <summary>
@@ -80932,11 +86726,10 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="mls_process_write_to_clearance" lineno="579">
+<interface name="mls_process_read_all_levels" lineno="561">
 <summary>
 Make specified domain MLS trusted
-for writing to processes up to
-its clearance.
+for reading from processes at all levels.
 </summary>
 <param name="domain">
 <summary>
@@ -80945,28 +86738,20 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="mls_process_write_down" lineno="608">
+<interface name="mls_process_write_to_clearance" lineno="582">
 <summary>
 Make specified domain MLS trusted
-for writing to processes at all levels.  (Deprecated)
+for writing to processes up to
+its clearance.
 </summary>
-<desc>
-<p>
-Make specified domain MLS trusted
-for writing to processes at all levels.
-</p>
-<p>
-This interface has been deprecated, please use
-mls_process_write_all_levels() instead.
-</p>
-</desc>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<rolecap/>
 </interface>
-<interface name="mls_process_write_all_levels" lineno="625">
+<interface name="mls_process_write_all_levels" lineno="602">
 <summary>
 Make specified domain MLS trusted
 for writing to processes at all levels.
@@ -80978,7 +86763,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="mls_process_set_level" lineno="646">
+<interface name="mls_process_set_level" lineno="623">
 <summary>
 Make specified domain MLS trusted
 for setting the level of processes
@@ -80991,7 +86776,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="mls_xwin_read_to_clearance" lineno="666">
+<interface name="mls_xwin_read_to_clearance" lineno="643">
 <summary>
 Make specified domain MLS trusted
 for reading from X objects up to its clearance.
@@ -81003,7 +86788,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="mls_xwin_read_all_levels" lineno="686">
+<interface name="mls_xwin_read_all_levels" lineno="663">
 <summary>
 Make specified domain MLS trusted
 for reading from X objects at any level.
@@ -81015,7 +86800,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="mls_xwin_write_to_clearance" lineno="706">
+<interface name="mls_xwin_write_to_clearance" lineno="683">
 <summary>
 Make specified domain MLS trusted
 for write to X objects up to its clearance.
@@ -81027,7 +86812,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="mls_xwin_write_all_levels" lineno="726">
+<interface name="mls_xwin_write_all_levels" lineno="703">
 <summary>
 Make specified domain MLS trusted
 for writing to X objects at any level.
@@ -81039,7 +86824,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="mls_colormap_read_all_levels" lineno="746">
+<interface name="mls_colormap_read_all_levels" lineno="723">
 <summary>
 Make specified domain MLS trusted
 for reading from X colormaps at any level.
@@ -81051,7 +86836,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="mls_colormap_write_all_levels" lineno="766">
+<interface name="mls_colormap_write_all_levels" lineno="743">
 <summary>
 Make specified domain MLS trusted
 for writing to X colormaps at any level.
@@ -81063,7 +86848,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="mls_trusted_object" lineno="795">
+<interface name="mls_trusted_object" lineno="772">
 <summary>
 Make specified object MLS trusted.
 </summary>
@@ -81084,7 +86869,26 @@ The type of the object.
 </summary>
 </param>
 </interface>
-<interface name="mls_fd_use_all_levels" lineno="816">
+<interface name="mls_trusted_socket" lineno="799">
+<summary>
+Make specified socket MLS trusted.
+</summary>
+<desc>
+<p>
+Make specified socket MLS trusted. For sockets
+marked as such, this allows all levels to:
+* sendto to unix_dgram_sockets
+* connectto to unix_stream_sockets
+respectively.
+</p>
+</desc>
+<param name="domain">
+<summary>
+The type of the object.
+</summary>
+</param>
+</interface>
+<interface name="mls_fd_use_all_levels" lineno="820">
 <summary>
 Make the specified domain trusted
 to inherit and use file descriptors
@@ -81097,7 +86901,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="mls_fd_share_all_levels" lineno="837">
+<interface name="mls_fd_share_all_levels" lineno="841">
 <summary>
 Make the file descriptors from the
 specifed domain inheritable by
@@ -81110,10 +86914,10 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="mls_context_translate_all_levels" lineno="857">
+<interface name="mls_context_translate_all_levels" lineno="861">
 <summary>
 Make specified domain MLS trusted
-for translating contexts at all levels.
+for translating contexts at all levels.  (Deprecated)
 </summary>
 <param name="domain">
 <summary>
@@ -81240,7 +87044,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="selinux_dontaudit_get_fs_mount" lineno="82">
+<interface name="selinux_dontaudit_get_fs_mount" lineno="86">
 <summary>
 Do not audit attempts to get the mountpoint
 of the selinuxfs filesystem.
@@ -81251,7 +87055,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="selinux_mount_fs" lineno="107">
+<interface name="selinux_mount_fs" lineno="115">
 <summary>
 Mount the selinuxfs filesystem.
 </summary>
@@ -81261,7 +87065,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="selinux_remount_fs" lineno="126">
+<interface name="selinux_remount_fs" lineno="134">
 <summary>
 Remount the selinuxfs filesystem.
 This allows some mount options to be changed.
@@ -81272,7 +87076,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="selinux_unmount_fs" lineno="144">
+<interface name="selinux_unmount_fs" lineno="152">
 <summary>
 Unmount the selinuxfs filesystem.
 </summary>
@@ -81282,7 +87086,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="selinux_getattr_fs" lineno="162">
+<interface name="selinux_getattr_fs" lineno="170">
 <summary>
 Get the attributes of the selinuxfs filesystem
 </summary>
@@ -81292,7 +87096,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="selinux_dontaudit_getattr_fs" lineno="181">
+<interface name="selinux_dontaudit_getattr_fs" lineno="192">
 <summary>
 Do not audit attempts to get the
 attributes of the selinuxfs filesystem
@@ -81303,7 +87107,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="selinux_dontaudit_getattr_dir" lineno="200">
+<interface name="selinux_dontaudit_getattr_dir" lineno="214">
 <summary>
 Do not audit attempts to get the
 attributes of the selinuxfs directory.
@@ -81314,7 +87118,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="selinux_search_fs" lineno="218">
+<interface name="selinux_search_fs" lineno="232">
 <summary>
 Search selinuxfs.
 </summary>
@@ -81324,7 +87128,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="selinux_dontaudit_search_fs" lineno="236">
+<interface name="selinux_dontaudit_search_fs" lineno="251">
 <summary>
 Do not audit attempts to search selinuxfs.
 </summary>
@@ -81334,7 +87138,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="selinux_dontaudit_read_fs" lineno="255">
+<interface name="selinux_dontaudit_read_fs" lineno="270">
 <summary>
 Do not audit attempts to read
 generic selinuxfs entries
@@ -81345,7 +87149,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="selinux_get_enforce_mode" lineno="276">
+<interface name="selinux_get_enforce_mode" lineno="291">
 <summary>
 Allows the caller to get the mode of policy enforcement
 (enforcing or permissive mode).
@@ -81357,7 +87161,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="selinux_set_enforce_mode" lineno="307">
+<interface name="selinux_set_enforce_mode" lineno="323">
 <summary>
 Allow caller to set the mode of policy enforcement
 (enforcing or permissive mode).
@@ -81379,7 +87183,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="selinux_load_policy" lineno="338">
+<interface name="selinux_load_policy" lineno="341">
 <summary>
 Allow caller to load the policy into the kernel.
 </summary>
@@ -81389,7 +87193,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="selinux_read_policy" lineno="369">
+<interface name="selinux_read_policy" lineno="359">
 <summary>
 Allow caller to read the policy from the kernel.
 </summary>
@@ -81399,34 +87203,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="selinux_set_boolean" lineno="406">
-<summary>
-Allow caller to set the state of Booleans to
-enable or disable conditional portions of the policy.  (Deprecated)
-</summary>
-<desc>
-<p>
-Allow caller to set the state of Booleans to
-enable or disable conditional portions of the policy.
-</p>
-<p>
-Since this is a security event, this action is
-always audited.
-</p>
-<p>
-This interface has been deprecated.  Please use
-selinux_set_generic_booleans() or selinux_set_all_booleans()
-instead.
-</p>
-</desc>
-<param name="domain">
-<summary>
-Domain allowed access.
-</summary>
-</param>
-<rolecap/>
-</interface>
-<interface name="selinux_set_generic_booleans" lineno="433">
+<interface name="selinux_set_generic_booleans" lineno="392">
 <summary>
 Allow caller to set the state of generic Booleans to
 enable or disable conditional portions of the policy.
@@ -81448,7 +87225,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="selinux_set_all_booleans" lineno="471">
+<interface name="selinux_set_all_booleans" lineno="427">
 <summary>
 Allow caller to set the state of all Booleans to
 enable or disable conditional portions of the policy.
@@ -81470,7 +87247,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="selinux_set_parameters" lineno="516">
+<interface name="selinux_set_parameters" lineno="469">
 <summary>
 Allow caller to set SELinux access vector cache parameters.
 </summary>
@@ -81492,7 +87269,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="selinux_validate_context" lineno="540">
+<interface name="selinux_validate_context" lineno="488">
 <summary>
 Allows caller to validate security contexts.
 </summary>
@@ -81503,7 +87280,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="selinux_dontaudit_validate_context" lineno="561">
+<interface name="selinux_dontaudit_validate_context" lineno="510">
 <summary>
 Do not audit attempts to validate security contexts.
 </summary>
@@ -81514,7 +87291,7 @@ Domain to not audit.
 </param>
 <rolecap/>
 </interface>
-<interface name="selinux_compute_access_vector" lineno="582">
+<interface name="selinux_compute_access_vector" lineno="531">
 <summary>
 Allows caller to compute an access vector.
 </summary>
@@ -81525,7 +87302,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="selinux_compute_create_context" lineno="603">
+<interface name="selinux_compute_create_context" lineno="554">
 <summary>
 Calculate the default type for object creation.
 </summary>
@@ -81536,7 +87313,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="selinux_compute_member" lineno="624">
+<interface name="selinux_compute_member" lineno="576">
 <summary>
 Allows caller to compute polyinstatntiated
 directory members.
@@ -81547,7 +87324,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="selinux_compute_relabel_context" lineno="653">
+<interface name="selinux_compute_relabel_context" lineno="606">
 <summary>
 Calculate the context for relabeling objects.
 </summary>
@@ -81566,7 +87343,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="selinux_compute_user_contexts" lineno="673">
+<interface name="selinux_compute_user_contexts" lineno="627">
 <summary>
 Allows caller to compute possible contexts for a user.
 </summary>
@@ -81576,7 +87353,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="selinux_unconfined" lineno="693">
+<interface name="selinux_unconfined" lineno="648">
 <summary>
 Unconfined access to the SELinux kernel security server.
 </summary>
@@ -81645,7 +87422,7 @@ Domain to not audit.
 <interface name="storage_raw_read_fixed_disk" lineno="95">
 <summary>
 Allow the caller to directly read from a fixed disk.
-This is extremly dangerous as it can bypass the
+This is extremely dangerous as it can bypass the
 SELinux protections for filesystem objects, and
 should only be used by trusted domains.
 </summary>
@@ -81669,7 +87446,7 @@ Domain to not audit.
 <interface name="storage_raw_write_fixed_disk" lineno="141">
 <summary>
 Allow the caller to directly write to a fixed disk.
-This is extremly dangerous as it can bypass the
+This is extremely dangerous as it can bypass the
 SELinux protections for filesystem objects, and
 should only be used by trusted domains.
 </summary>
@@ -81693,7 +87470,7 @@ Domain to not audit.
 <interface name="storage_raw_rw_fixed_disk" lineno="186">
 <summary>
 Allow the caller to directly read and write to a fixed disk.
-This is extremly dangerous as it can bypass the
+This is extremely dangerous as it can bypass the
 SELinux protections for filesystem objects, and
 should only be used by trusted domains.
 </summary>
@@ -81715,7 +87492,7 @@ Domain allowed access.
 </interface>
 <interface name="storage_delete_fixed_disk_dev" lineno="221">
 <summary>
-Allow the caller to create fixed disk device nodes.
+Allow the caller to delete fixed disk device nodes.
 </summary>
 <param name="domain">
 <summary>
@@ -81733,7 +87510,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="storage_dev_filetrans_fixed_disk" lineno="264">
+<interface name="storage_dev_filetrans_fixed_disk" lineno="269">
 <summary>
 Create block devices in /dev with the fixed disk type
 via an automatic type transition.
@@ -81743,8 +87520,13 @@ via an automatic type transition.
 Domain allowed access.
 </summary>
 </param>
+<param name="filename" optional="true">
+<summary>
+Optional filename of the block device to be created
+</summary>
+</param>
 </interface>
-<interface name="storage_tmpfs_filetrans_fixed_disk" lineno="283">
+<interface name="storage_tmpfs_filetrans_fixed_disk" lineno="288">
 <summary>
 Create block devices in on a tmpfs filesystem with the
 fixed disk type via an automatic type transition.
@@ -81755,7 +87537,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="storage_relabel_fixed_disk" lineno="301">
+<interface name="storage_relabel_fixed_disk" lineno="306">
 <summary>
 Relabel fixed disk device nodes.
 </summary>
@@ -81765,7 +87547,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="storage_swapon_fixed_disk" lineno="320">
+<interface name="storage_swapon_fixed_disk" lineno="325">
 <summary>
 Enable a fixed disk device as swap space
 </summary>
@@ -81775,7 +87557,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="storage_getattr_fuse_dev" lineno="340">
+<interface name="storage_getattr_fuse_dev" lineno="345">
 <summary>
 Allow the caller to get the attributes
 of device nodes of fuse devices.
@@ -81786,7 +87568,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="storage_rw_fuse" lineno="359">
+<interface name="storage_rw_fuse" lineno="364">
 <summary>
 read or write fuse device interfaces.
 </summary>
@@ -81796,7 +87578,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="storage_dontaudit_rw_fuse" lineno="378">
+<interface name="storage_dontaudit_rw_fuse" lineno="383">
 <summary>
 Do not audit attempts to read or write
 fuse device interfaces.
@@ -81807,7 +87589,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="storage_getattr_scsi_generic_dev" lineno="397">
+<interface name="storage_getattr_scsi_generic_dev" lineno="402">
 <summary>
 Allow the caller to get the attributes of
 the generic SCSI interface device nodes.
@@ -81818,7 +87600,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="storage_setattr_scsi_generic_dev" lineno="417">
+<interface name="storage_setattr_scsi_generic_dev" lineno="422">
 <summary>
 Allow the caller to set the attributes of
 the generic SCSI interface device nodes.
@@ -81829,11 +87611,11 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="storage_read_scsi_generic" lineno="440">
+<interface name="storage_read_scsi_generic" lineno="445">
 <summary>
 Allow the caller to directly read, in a
 generic fashion, from any SCSI device.
-This is extremly dangerous as it can bypass the
+This is extremely dangerous as it can bypass the
 SELinux protections for filesystem objects, and
 should only be used by trusted domains.
 </summary>
@@ -81843,11 +87625,11 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="storage_write_scsi_generic" lineno="465">
+<interface name="storage_write_scsi_generic" lineno="470">
 <summary>
 Allow the caller to directly write, in a
 generic fashion, from any SCSI device.
-This is extremly dangerous as it can bypass the
+This is extremely dangerous as it can bypass the
 SELinux protections for filesystem objects, and
 should only be used by trusted domains.
 </summary>
@@ -81857,7 +87639,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="storage_setattr_scsi_generic_dev_dev" lineno="487">
+<interface name="storage_setattr_scsi_generic_dev_dev" lineno="492">
 <summary>
 Set attributes of the device nodes
 for the SCSI generic inerface.
@@ -81868,7 +87650,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="storage_dontaudit_rw_scsi_generic" lineno="507">
+<interface name="storage_dontaudit_rw_scsi_generic" lineno="512">
 <summary>
 Do not audit attempts to read or write
 SCSI generic device interfaces.
@@ -81879,7 +87661,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="storage_getattr_removable_dev" lineno="526">
+<interface name="storage_getattr_removable_dev" lineno="531">
 <summary>
 Allow the caller to get the attributes of removable
 devices device nodes.
@@ -81890,7 +87672,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="storage_dontaudit_getattr_removable_dev" lineno="546">
+<interface name="storage_dontaudit_getattr_removable_dev" lineno="551">
 <summary>
 Do not audit attempts made by the caller to get
 the attributes of removable devices device nodes.
@@ -81901,7 +87683,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="storage_dontaudit_read_removable_device" lineno="565">
+<interface name="storage_dontaudit_read_removable_device" lineno="570">
 <summary>
 Do not audit attempts made by the caller to read
 removable devices device nodes.
@@ -81912,7 +87694,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="storage_dontaudit_write_removable_device" lineno="585">
+<interface name="storage_dontaudit_write_removable_device" lineno="590">
 <summary>
 Do not audit attempts made by the caller to write
 removable devices device nodes.
@@ -81923,7 +87705,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="storage_setattr_removable_dev" lineno="604">
+<interface name="storage_setattr_removable_dev" lineno="609">
 <summary>
 Allow the caller to set the attributes of removable
 devices device nodes.
@@ -81934,7 +87716,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="storage_dontaudit_setattr_removable_dev" lineno="624">
+<interface name="storage_dontaudit_setattr_removable_dev" lineno="629">
 <summary>
 Do not audit attempts made by the caller to set
 the attributes of removable devices device nodes.
@@ -81945,11 +87727,11 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="storage_raw_read_removable_device" lineno="646">
+<interface name="storage_raw_read_removable_device" lineno="651">
 <summary>
 Allow the caller to directly read from
 a removable device.
-This is extremly dangerous as it can bypass the
+This is extremely dangerous as it can bypass the
 SELinux protections for filesystem objects, and
 should only be used by trusted domains.
 </summary>
@@ -81959,7 +87741,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="storage_dontaudit_raw_read_removable_device" lineno="665">
+<interface name="storage_dontaudit_raw_read_removable_device" lineno="670">
 <summary>
 Do not audit attempts to directly read removable devices.
 </summary>
@@ -81969,11 +87751,11 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="storage_raw_write_removable_device" lineno="687">
+<interface name="storage_raw_write_removable_device" lineno="692">
 <summary>
 Allow the caller to directly write to
 a removable device.
-This is extremly dangerous as it can bypass the
+This is extremely dangerous as it can bypass the
 SELinux protections for filesystem objects, and
 should only be used by trusted domains.
 </summary>
@@ -81983,7 +87765,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="storage_dontaudit_raw_write_removable_device" lineno="706">
+<interface name="storage_dontaudit_raw_write_removable_device" lineno="711">
 <summary>
 Do not audit attempts to directly write removable devices.
 </summary>
@@ -81993,7 +87775,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="storage_read_tape" lineno="725">
+<interface name="storage_read_tape" lineno="730">
 <summary>
 Allow the caller to directly read
 a tape device.
@@ -82004,9 +87786,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="storage_write_tape" lineno="745">
+<interface name="storage_write_tape" lineno="750">
 <summary>
-Allow the caller to directly read
+Allow the caller to directly write
 a tape device.
 </summary>
 <param name="domain">
@@ -82015,7 +87797,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="storage_getattr_tape_dev" lineno="765">
+<interface name="storage_getattr_tape_dev" lineno="770">
 <summary>
 Allow the caller to get the attributes
 of device nodes of tape devices.
@@ -82026,7 +87808,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="storage_setattr_tape_dev" lineno="785">
+<interface name="storage_setattr_tape_dev" lineno="790">
 <summary>
 Allow the caller to set the attributes
 of device nodes of tape devices.
@@ -82037,7 +87819,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="storage_unconfined" lineno="804">
+<interface name="storage_unconfined" lineno="809">
 <summary>
 Unconfined access to storage devices.
 </summary>
@@ -82117,7 +87899,27 @@ An object type that will applied to a tty.
 </summary>
 </param>
 </interface>
-<interface name="term_create_pty" lineno="149">
+<interface name="term_mount_devpts" lineno="144">
+<summary>
+mount a devpts_t filesystem
+</summary>
+<param name="domain">
+<summary>
+The type of the process to mount it
+</summary>
+</param>
+</interface>
+<interface name="term_create_devpts_dirs" lineno="162">
+<summary>
+Create directory /dev/pts.
+</summary>
+<param name="domain">
+<summary>
+The type of the process creating the directory.
+</summary>
+</param>
+</interface>
+<interface name="term_create_pty" lineno="185">
 <summary>
 Create a pty in the /dev/pts directory.
 </summary>
@@ -82132,7 +87934,7 @@ The type of the pty.
 </summary>
 </param>
 </interface>
-<interface name="term_write_all_terms" lineno="175">
+<interface name="term_write_all_terms" lineno="211">
 <summary>
 Write the console, all
 ttys and all ptys.
@@ -82144,7 +87946,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="term_use_all_terms" lineno="198">
+<interface name="term_use_all_terms" lineno="234">
 <summary>
 Read and write the console, all
 ttys and all ptys.
@@ -82156,7 +87958,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="term_write_console" lineno="220">
+<interface name="term_write_console" lineno="256">
 <summary>
 Write to the console.
 </summary>
@@ -82167,7 +87969,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="term_read_console" lineno="240">
+<interface name="term_read_console" lineno="276">
 <summary>
 Read from the console.
 </summary>
@@ -82178,7 +87980,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="term_dontaudit_read_console" lineno="260">
+<interface name="term_dontaudit_read_console" lineno="296">
 <summary>
 Do not audit attempts to read from the console.
 </summary>
@@ -82189,7 +87991,7 @@ Domain to not audit.
 </param>
 <rolecap/>
 </interface>
-<interface name="term_use_console" lineno="279">
+<interface name="term_use_console" lineno="315">
 <summary>
 Read from and write to the console.
 </summary>
@@ -82200,7 +88002,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="term_dontaudit_use_console" lineno="299">
+<interface name="term_dontaudit_use_console" lineno="335">
 <summary>
 Do not audit attemtps to read from
 or write to the console.
@@ -82211,7 +88013,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="term_setattr_console" lineno="319">
+<interface name="term_setattr_console" lineno="355">
 <summary>
 Set the attributes of the console
 device node.
@@ -82223,7 +88025,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="term_relabel_console" lineno="338">
+<interface name="term_relabel_console" lineno="374">
 <summary>
 Relabel from and to the console type.
 </summary>
@@ -82233,7 +88035,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="term_create_console_dev" lineno="357">
+<interface name="term_create_console_dev" lineno="393">
 <summary>
 Create the console device (/dev/console).
 </summary>
@@ -82243,7 +88045,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="term_getattr_pty_fs" lineno="377">
+<interface name="term_getattr_pty_fs" lineno="413">
 <summary>
 Get the attributes of a pty filesystem
 </summary>
@@ -82253,7 +88055,28 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="term_dontaudit_getattr_pty_dirs" lineno="396">
+<interface name="term_relabel_pty_fs" lineno="431">
+<summary>
+Relabel from and to pty filesystem.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="term_getattr_pty_dirs" lineno="451">
+<summary>
+Get the attributes of the
+/dev/pts directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="term_dontaudit_getattr_pty_dirs" lineno="470">
 <summary>
 Do not audit attempts to get the
 attributes of the /dev/pts directory.
@@ -82264,7 +88087,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="term_search_ptys" lineno="414">
+<interface name="term_search_ptys" lineno="488">
 <summary>
 Search the contents of the /dev/pts directory.
 </summary>
@@ -82274,7 +88097,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="term_dontaudit_search_ptys" lineno="434">
+<interface name="term_dontaudit_search_ptys" lineno="508">
 <summary>
 Do not audit attempts to search the
 contents of the /dev/pts directory.
@@ -82285,7 +88108,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="term_list_ptys" lineno="454">
+<interface name="term_list_ptys" lineno="528">
 <summary>
 Read the /dev/pts directory to
 list all ptys.
@@ -82296,7 +88119,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="term_dontaudit_list_ptys" lineno="474">
+<interface name="term_dontaudit_list_ptys" lineno="548">
 <summary>
 Do not audit attempts to read the
 /dev/pts directory.
@@ -82307,7 +88130,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="term_dontaudit_manage_pty_dirs" lineno="493">
+<interface name="term_dontaudit_manage_pty_dirs" lineno="567">
 <summary>
 Do not audit attempts to create, read,
 write, or delete the /dev/pts directory.
@@ -82318,7 +88141,27 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="term_dontaudit_getattr_generic_ptys" lineno="512">
+<interface name="term_relabel_pty_dirs" lineno="585">
+<summary>
+Relabel from and to pty directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="term_getattr_generic_ptys" lineno="604">
+<summary>
+Get the attributes of generic pty devices.
+</summary>
+<param name="domain">
+<summary>
+Domain to allow
+</summary>
+</param>
+</interface>
+<interface name="term_dontaudit_getattr_generic_ptys" lineno="623">
 <summary>
 Do not audit attempts to get the attributes
 of generic pty devices.
@@ -82329,7 +88172,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="term_ioctl_generic_ptys" lineno="530">
+<interface name="term_ioctl_generic_ptys" lineno="641">
 <summary>
 ioctl of generic pty devices.
 </summary>
@@ -82339,7 +88182,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="term_setattr_generic_ptys" lineno="552">
+<interface name="term_setattr_generic_ptys" lineno="663">
 <summary>
 Allow setting the attributes of
 generic pty devices.
@@ -82350,7 +88193,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="term_dontaudit_setattr_generic_ptys" lineno="572">
+<interface name="term_dontaudit_setattr_generic_ptys" lineno="683">
 <summary>
 Dontaudit setting the attributes of
 generic pty devices.
@@ -82361,7 +88204,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="term_use_generic_ptys" lineno="592">
+<interface name="term_use_generic_ptys" lineno="703">
 <summary>
 Read and write the generic pty
 type.  This is generally only used in
@@ -82373,7 +88216,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="term_dontaudit_use_generic_ptys" lineno="614">
+<interface name="term_dontaudit_use_generic_ptys" lineno="725">
 <summary>
 Dot not audit attempts to read and
 write the generic pty type.  This is
@@ -82385,7 +88228,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="term_setattr_controlling_term" lineno="632">
+<interface name="term_setattr_controlling_term" lineno="743">
 <summary>
 Set the attributes of the tty device
 </summary>
@@ -82395,7 +88238,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="term_use_controlling_term" lineno="652">
+<interface name="term_use_controlling_term" lineno="763">
 <summary>
 Read and write the controlling
 terminal (/dev/tty).
@@ -82406,7 +88249,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="term_getattr_ptmx" lineno="671">
+<interface name="term_getattr_ptmx" lineno="782">
 <summary>
 Get the attributes of the pty multiplexor (/dev/ptmx).
 </summary>
@@ -82416,7 +88259,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="term_dontaudit_getattr_ptmx" lineno="690">
+<interface name="term_dontaudit_getattr_ptmx" lineno="801">
 <summary>
 Do not audit attempts to get attributes
 on the pty multiplexor (/dev/ptmx).
@@ -82427,7 +88270,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="term_use_ptmx" lineno="708">
+<interface name="term_use_ptmx" lineno="819">
 <summary>
 Read and write the pty multiplexor (/dev/ptmx).
 </summary>
@@ -82437,7 +88280,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="term_dontaudit_use_ptmx" lineno="728">
+<interface name="term_dontaudit_use_ptmx" lineno="839">
 <summary>
 Do not audit attempts to read and
 write the pty multiplexor (/dev/ptmx).
@@ -82448,7 +88291,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="term_getattr_all_ptys" lineno="748">
+<interface name="term_getattr_all_ptys" lineno="859">
 <summary>
 Get the attributes of all
 pty device nodes.
@@ -82460,7 +88303,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="term_dontaudit_getattr_all_ptys" lineno="771">
+<interface name="term_dontaudit_getattr_all_ptys" lineno="882">
 <summary>
 Do not audit attempts to get the
 attributes of any pty
@@ -82472,7 +88315,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="term_setattr_all_ptys" lineno="791">
+<interface name="term_setattr_all_ptys" lineno="902">
 <summary>
 Set the attributes of all
 pty device nodes.
@@ -82484,7 +88327,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="term_relabelto_all_ptys" lineno="812">
+<interface name="term_relabelto_all_ptys" lineno="923">
 <summary>
 Relabel to all ptys.
 </summary>
@@ -82494,7 +88337,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="term_write_all_ptys" lineno="830">
+<interface name="term_write_all_ptys" lineno="941">
 <summary>
 Write to all ptys.
 </summary>
@@ -82504,7 +88347,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="term_use_all_ptys" lineno="850">
+<interface name="term_use_all_ptys" lineno="961">
 <summary>
 Read and write all ptys.
 </summary>
@@ -82515,7 +88358,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="term_dontaudit_use_all_ptys" lineno="871">
+<interface name="term_dontaudit_use_all_ptys" lineno="982">
 <summary>
 Do not audit attempts to read or write any ptys.
 </summary>
@@ -82525,7 +88368,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="term_relabel_all_ptys" lineno="889">
+<interface name="term_relabel_all_ptys" lineno="1000">
 <summary>
 Relabel from and to all pty device nodes.
 </summary>
@@ -82535,34 +88378,10 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="term_getattr_all_user_ptys" lineno="911">
-<summary>
-Get the attributes of all user
-pty device nodes. (Deprecated)
-</summary>
-<param name="domain">
-<summary>
-Domain allowed access.
-</summary>
-</param>
-<rolecap/>
-</interface>
-<interface name="term_dontaudit_getattr_all_user_ptys" lineno="928">
+<interface name="term_getattr_unallocated_ttys" lineno="1022">
 <summary>
-Do not audit attempts to get the
-attributes of any user pty
-device nodes. (Deprecated)
-</summary>
-<param name="domain">
-<summary>
-Domain allowed access.
-</summary>
-</param>
-</interface>
-<interface name="term_setattr_all_user_ptys" lineno="945">
-<summary>
-Set the attributes of all user
-pty device nodes. (Deprecated)
+Get the attributes of all unallocated
+tty device nodes.
 </summary>
 <param name="domain">
 <summary>
@@ -82571,29 +88390,9 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="term_relabelto_all_user_ptys" lineno="960">
-<summary>
-Relabel to all user ptys. (Deprecated)
-</summary>
-<param name="domain">
-<summary>
-Domain allowed access.
-</summary>
-</param>
-</interface>
-<interface name="term_write_all_user_ptys" lineno="975">
-<summary>
-Write to all user ptys. (Deprecated)
-</summary>
-<param name="domain">
-<summary>
-Domain allowed access.
-</summary>
-</param>
-</interface>
-<interface name="term_use_all_user_ptys" lineno="991">
+<interface name="term_setattr_unlink_unallocated_ttys" lineno="1042">
 <summary>
-Read and write all user ptys. (Deprecated)
+Setattr and unlink unallocated tty device nodes.
 </summary>
 <param name="domain">
 <summary>
@@ -82602,41 +88401,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="term_dontaudit_use_all_user_ptys" lineno="1007">
-<summary>
-Do not audit attempts to read any
-user ptys. (Deprecated)
-</summary>
-<param name="domain">
-<summary>
-Domain to not audit.
-</summary>
-</param>
-</interface>
-<interface name="term_relabel_all_user_ptys" lineno="1023">
-<summary>
-Relabel from and to all user
-user pty device nodes. (Deprecated)
-</summary>
-<param name="domain">
-<summary>
-Domain allowed access.
-</summary>
-</param>
-</interface>
-<interface name="term_getattr_unallocated_ttys" lineno="1040">
-<summary>
-Get the attributes of all unallocated
-tty device nodes.
-</summary>
-<param name="domain">
-<summary>
-Domain allowed access.
-</summary>
-</param>
-<rolecap/>
-</interface>
-<interface name="term_dontaudit_getattr_unallocated_ttys" lineno="1060">
+<interface name="term_dontaudit_getattr_unallocated_ttys" lineno="1062">
 <summary>
 Do not audit attempts to get the attributes
 of all unallocated tty device nodes.
@@ -82647,7 +88412,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="term_setattr_unallocated_ttys" lineno="1080">
+<interface name="term_setattr_unallocated_ttys" lineno="1082">
 <summary>
 Set the attributes of all unallocated
 tty device nodes.
@@ -82659,7 +88424,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="term_dontaudit_setattr_unallocated_ttys" lineno="1100">
+<interface name="term_dontaudit_setattr_unallocated_ttys" lineno="1102">
 <summary>
 Do not audit attempts to set the attributes
 of unallocated tty device nodes.
@@ -82670,7 +88435,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="term_dontaudit_ioctl_unallocated_ttys" lineno="1119">
+<interface name="term_dontaudit_ioctl_unallocated_ttys" lineno="1121">
 <summary>
 Do not audit attempts to ioctl
 unallocated tty device nodes.
@@ -82681,7 +88446,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="term_relabel_unallocated_ttys" lineno="1138">
+<interface name="term_relabel_unallocated_ttys" lineno="1140">
 <summary>
 Relabel from and to the unallocated
 tty type.
@@ -82692,7 +88457,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="term_reset_tty_labels" lineno="1158">
+<interface name="term_reset_tty_labels" lineno="1160">
 <summary>
 Relabel from all user tty types to
 the unallocated tty type.
@@ -82703,7 +88468,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="term_append_unallocated_ttys" lineno="1179">
+<interface name="term_append_unallocated_ttys" lineno="1181">
 <summary>
 Append to unallocated ttys.
 </summary>
@@ -82713,7 +88478,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="term_write_unallocated_ttys" lineno="1198">
+<interface name="term_write_unallocated_ttys" lineno="1200">
 <summary>
 Write to unallocated ttys.
 </summary>
@@ -82723,7 +88488,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="term_use_unallocated_ttys" lineno="1218">
+<interface name="term_use_unallocated_ttys" lineno="1220">
 <summary>
 Read and write unallocated ttys.
 </summary>
@@ -82734,7 +88499,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="term_dontaudit_use_unallocated_ttys" lineno="1238">
+<interface name="term_dontaudit_use_unallocated_ttys" lineno="1240">
 <summary>
 Do not audit attempts to read or
 write unallocated ttys.
@@ -82745,7 +88510,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="term_getattr_all_ttys" lineno="1257">
+<interface name="term_getattr_all_ttys" lineno="1259">
 <summary>
 Get the attributes of all tty device nodes.
 </summary>
@@ -82756,7 +88521,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="term_dontaudit_getattr_all_ttys" lineno="1277">
+<interface name="term_dontaudit_getattr_all_ttys" lineno="1279">
 <summary>
 Do not audit attempts to get the
 attributes of any tty device nodes.
@@ -82767,7 +88532,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="term_setattr_all_ttys" lineno="1297">
+<interface name="term_setattr_all_ttys" lineno="1299">
 <summary>
 Set the attributes of all tty device nodes.
 </summary>
@@ -82778,7 +88543,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="term_relabel_all_ttys" lineno="1316">
+<interface name="term_relabel_all_ttys" lineno="1318">
 <summary>
 Relabel from and to all tty device nodes.
 </summary>
@@ -82788,7 +88553,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="term_write_all_ttys" lineno="1335">
+<interface name="term_write_all_ttys" lineno="1337">
 <summary>
 Write to all ttys.
 </summary>
@@ -82798,7 +88563,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="term_use_all_ttys" lineno="1355">
+<interface name="term_use_all_ttys" lineno="1357">
 <summary>
 Read and write all ttys.
 </summary>
@@ -82809,7 +88574,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="term_dontaudit_use_all_ttys" lineno="1375">
+<interface name="term_dontaudit_use_all_ttys" lineno="1377">
 <summary>
 Do not audit attempts to read or write
 any ttys.
@@ -82820,78 +88585,9 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="term_getattr_all_user_ttys" lineno="1395">
-<summary>
-Get the attributes of all user tty
-device nodes. (Deprecated)
-</summary>
-<param name="domain">
-<summary>
-Domain allowed access.
-</summary>
-</param>
-<rolecap/>
-</interface>
-<interface name="term_dontaudit_getattr_all_user_ttys" lineno="1412">
-<summary>
-Do not audit attempts to get the
-attributes of any user tty
-device nodes. (Deprecated)
-</summary>
-<param name="domain">
-<summary>
-Domain to not audit.
-</summary>
-</param>
-</interface>
-<interface name="term_setattr_all_user_ttys" lineno="1429">
-<summary>
-Set the attributes of all user tty
-device nodes. (Deprecated)
-</summary>
-<param name="domain">
-<summary>
-Domain allowed access.
-</summary>
-</param>
-<rolecap/>
-</interface>
-<interface name="term_relabel_all_user_ttys" lineno="1445">
-<summary>
-Relabel from and to all user
-user tty device nodes. (Deprecated)
-</summary>
-<param name="domain">
-<summary>
-Domain allowed access.
-</summary>
-</param>
-</interface>
-<interface name="term_write_all_user_ttys" lineno="1460">
-<summary>
-Write to all user ttys. (Deprecated)
-</summary>
-<param name="domain">
-<summary>
-Domain allowed access.
-</summary>
-</param>
-</interface>
-<interface name="term_use_all_user_ttys" lineno="1476">
-<summary>
-Read and write all user to all user ttys. (Deprecated)
-</summary>
-<param name="domain">
-<summary>
-Domain allowed access.
-</summary>
-</param>
-<rolecap/>
-</interface>
-<interface name="term_dontaudit_use_all_user_ttys" lineno="1492">
+<interface name="term_use_virtio_console" lineno="1395">
 <summary>
-Do not audit attempts to read or write
-any user ttys. (Deprecated)
+Read from and write virtio console.
 </summary>
 <param name="domain">
 <summary>
@@ -83058,6 +88754,94 @@ Role allowed access.
 <rolecap/>
 </interface>
 </module>
+<module name="dbadm" filename="policy/modules/roles/dbadm.if">
+<summary>Database administrator role.</summary>
+<interface name="dbadm_role_change" lineno="14">
+<summary>
+Change to the database administrator role.
+</summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="dbadm_role_change_to" lineno="44">
+<summary>
+Change from the database administrator role.
+</summary>
+<desc>
+<p>
+Change from the database administrator role to
+the specified role.
+</p>
+<p>
+This is an interface to support third party modules
+and its use is not allowed in upstream reference
+policy.
+</p>
+</desc>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="dbadm_manage_user_files" dftval="false">
+<desc>
+<p>
+Determine whether dbadm can manage
+generic user files.
+</p>
+</desc>
+</tunable>
+<tunable name="dbadm_read_user_files" dftval="false">
+<desc>
+<p>
+Determine whether dbadm can read
+generic user files.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="guest" filename="policy/modules/roles/guest.if">
+<summary>Least privledge terminal user role.</summary>
+<interface name="guest_role_change" lineno="14">
+<summary>
+Change to the guest role.
+</summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="guest_role_change_to" lineno="44">
+<summary>
+Change from the guest role.
+</summary>
+<desc>
+<p>
+Change from the guest role to
+the specified role.
+</p>
+<p>
+This is an interface to support third party modules
+and its use is not allowed in upstream reference
+policy.
+</p>
+</desc>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
 <module name="logadm" filename="policy/modules/roles/logadm.if">
 <summary>Log administrator role</summary>
 <interface name="logadm_role_change" lineno="14">
@@ -83354,12 +89138,14197 @@ Role allowed access.
 <rolecap/>
 </interface>
 </module>
+<module name="webadm" filename="policy/modules/roles/webadm.if">
+<summary>Web administrator role.</summary>
+<interface name="webadm_role_change" lineno="14">
+<summary>
+Change to the web administrator role.
+</summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="webadm_role_change_to" lineno="44">
+<summary>
+Change from the web administrator role.
+</summary>
+<desc>
+<p>
+Change from the web administrator role to
+the specified role.
+</p>
+<p>
+This is an interface to support third party modules
+and its use is not allowed in upstream reference
+policy.
+</p>
+</desc>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="webadm_manage_user_files" dftval="false">
+<desc>
+<p>
+Determine whether webadm can
+manage generic user files.
+</p>
+</desc>
+</tunable>
+<tunable name="webadm_read_user_files" dftval="false">
+<desc>
+<p>
+Determine whether webadm can
+read generic user files.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="xguest" filename="policy/modules/roles/xguest.if">
+<summary>Least privledge xwindows user role.</summary>
+<interface name="xguest_role_change" lineno="14">
+<summary>
+Change to the xguest role.
+</summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="xguest_role_change_to" lineno="44">
+<summary>
+Change from the xguest role.
+</summary>
+<desc>
+<p>
+Change from the xguest role to
+the specified role.
+</p>
+<p>
+This is an interface to support third party modules
+and its use is not allowed in upstream reference
+policy.
+</p>
+</desc>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="xguest_mount_media" dftval="false">
+<desc>
+<p>
+Determine whether xguest can
+mount removable media.
+</p>
+</desc>
+</tunable>
+<tunable name="xguest_connect_network" dftval="false">
+<desc>
+<p>
+Determine whether xguest can
+configure network manager.
+</p>
+</desc>
+</tunable>
+<tunable name="xguest_use_bluetooth" dftval="false">
+<desc>
+<p>
+Determine whether xguest can
+use blue tooth devices.
+</p>
+</desc>
+</tunable>
+</module>
 </layer>
 <layer name="services">
 <summary>
 	Policy modules for system services, like cron, and network services,
 	like sshd.
 </summary>
+<module name="abrt" filename="policy/modules/services/abrt.if">
+<summary>Automated bug-reporting tool.</summary>
+<interface name="abrt_domtrans" lineno="13">
+<summary>
+Execute abrt in the abrt domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="abrt_exec" lineno="32">
+<summary>
+Execute abrt in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="abrt_signull" lineno="51">
+<summary>
+Send null signals to abrt.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="abrt_read_state" lineno="69">
+<summary>
+Read process state of abrt.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="abrt_stream_connect" lineno="87">
+<summary>
+Connect to abrt over an unix stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="abrt_dbus_chat" lineno="107">
+<summary>
+Send and receive messages from
+abrt over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="abrt_domtrans_helper" lineno="128">
+<summary>
+Execute abrt-helper in the abrt
+helper domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="abrt_run_helper" lineno="155">
+<summary>
+Execute abrt helper in the abrt
+helper domain, and allow the
+specified role the abrt helper domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="abrt_manage_cache" lineno="175">
+<summary>
+Create, read, write, and delete
+abrt cache content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="abrt_read_config" lineno="196">
+<summary>
+Read abrt configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="abrt_read_log" lineno="215">
+<summary>
+Read abrt log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="abrt_read_pid_files" lineno="234">
+<summary>
+Read abrt PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="abrt_manage_pid_files" lineno="254">
+<summary>
+Create, read, write, and delete
+abrt PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="abrt_admin" lineno="280">
+<summary>
+All of the rules required to
+administrate an abrt environment,
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="abrt_anon_write" dftval="false">
+<desc>
+<p>
+Determine whether ABRT can modify
+public files used for public file
+transfer services.
+</p>
+</desc>
+</tunable>
+<tunable name="abrt_upload_watch_anon_write" dftval="true">
+<desc>
+<p>
+Determine whether abrt-handle-upload
+can modify public files used for public file
+transfer services in /var/spool/abrt-upload/.
+</p>
+</desc>
+</tunable>
+<tunable name="abrt_handle_event" dftval="false">
+<desc>
+<p>
+Determine whether ABRT can run in
+the abrt_handle_event_t domain to
+handle ABRT event scripts.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="accountsd" filename="policy/modules/services/accountsd.if">
+<summary>AccountsService and daemon for manipulating user account information via D-Bus.</summary>
+<interface name="accountsd_domtrans" lineno="14">
+<summary>
+Execute a domain transition to
+run accountsd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="accountsd_dontaudit_rw_fifo_file" lineno="34">
+<summary>
+Do not audit attempts to read and
+write Accounts Daemon fifo files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="accountsd_dbus_chat" lineno="53">
+<summary>
+Send and receive messages from
+accountsd over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="accountsd_search_lib" lineno="73">
+<summary>
+Search accountsd lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="accountsd_read_lib_files" lineno="92">
+<summary>
+Read accountsd lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="accountsd_manage_lib_files" lineno="113">
+<summary>
+Create, read, write, and delete
+accountsd lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="accountsd_admin" lineno="139">
+<summary>
+All of the rules required to
+administrate an accountsd environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role" unused="true">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="acpi" filename="policy/modules/services/acpi.if">
+<summary>Advanced power management.</summary>
+<interface name="acpi_domtrans_client" lineno="13">
+<summary>
+Execute apm in the apm domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="acpi_run_client" lineno="39">
+<summary>
+Execute apm in the apm domain
+and allow the specified role
+the apm domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+<interface name="acpi_use_fds" lineno="58">
+<summary>
+Use apmd file descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="acpi_write_pipes" lineno="76">
+<summary>
+Write apmd unnamed pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="acpi_rw_stream_sockets" lineno="95">
+<summary>
+Read and write to apmd unix
+stream sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="acpi_append_log" lineno="113">
+<summary>
+Append apmd log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="acpi_stream_connect" lineno="133">
+<summary>
+Connect to apmd over an unix
+stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="acpi_admin" lineno="159">
+<summary>
+All of the rules required to
+administrate an apm environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="afs" filename="policy/modules/services/afs.if">
+<summary>Andrew Filesystem server.</summary>
+<interface name="afs_domtrans" lineno="14">
+<summary>
+Execute a domain transition to run the
+afs client.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="afs_rw_udp_sockets" lineno="33">
+<summary>
+Read and write afs client UDP sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="afs_rw_cache" lineno="51">
+<summary>
+Read and write afs cache files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="afs_initrc_domtrans" lineno="70">
+<summary>
+Execute afs server in the afs domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="afs_admin" lineno="95">
+<summary>
+All of the rules required to
+administrate an afs environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="aiccu" filename="policy/modules/services/aiccu.if">
+<summary>Automatic IPv6 Connectivity Client Utility.</summary>
+<interface name="aiccu_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run aiccu.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="aiccu_initrc_domtrans" lineno="32">
+<summary>
+Execute aiccu server in the aiccu domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="aiccu_read_pid_files" lineno="50">
+<summary>
+Read aiccu PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="aiccu_admin" lineno="76">
+<summary>
+All of the rules required to
+administrate an aiccu environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="aisexec" filename="policy/modules/services/aisexec.if">
+<summary>Aisexec Cluster Engine.</summary>
+<interface name="aisexec_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run aisexec.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="aisexec_stream_connect" lineno="33">
+<summary>
+Connect to aisexec over a unix
+stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="aisexec_read_log" lineno="52">
+<summary>
+Read aisexec log files content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="aisexecd_admin" lineno="79">
+<summary>
+All of the rules required to
+administrate an aisexec environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="amavis" filename="policy/modules/services/amavis.if">
+<summary>High-performance interface between an email server and content checkers.</summary>
+<interface name="amavis_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run amavis.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="amavis_initrc_domtrans" lineno="32">
+<summary>
+Execute amavis server in the amavis domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="amavis_read_spool_files" lineno="50">
+<summary>
+Read amavis spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="amavis_manage_spool_files" lineno="70">
+<summary>
+Create, read, write, and delete
+amavis spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="amavis_spool_filetrans" lineno="106">
+<summary>
+Create objects in the amavis spool directories
+with a private type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="private_type">
+<summary>
+Private file type.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+Class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="amavis_search_lib" lineno="125">
+<summary>
+Search amavis lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="amavis_read_lib_files" lineno="144">
+<summary>
+Read amavis lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="amavis_manage_lib_files" lineno="165">
+<summary>
+Create, read, write, and delete
+amavis lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="amavis_setattr_pid_files" lineno="184">
+<summary>
+Set attributes of amavis pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="amavis_create_pid_files" lineno="203">
+<summary>
+Create amavis pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="amavis_admin" lineno="230">
+<summary>
+All of the rules required to
+administrate an amavis environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="amavis_use_jit" dftval="false">
+<desc>
+<p>
+Determine whether amavis can
+use JIT compiler.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="apache" filename="policy/modules/services/apache.if">
+<summary>Various web servers.</summary>
+<template name="apache_content_template" lineno="14">
+<summary>
+Create a set of derived types for
+httpd web content.
+</summary>
+<param name="prefix">
+<summary>
+The prefix to be used for deriving type names.
+</summary>
+</param>
+</template>
+<interface name="apache_role" lineno="141">
+<summary>
+Role access for apache.
+</summary>
+<param name="role">
+<summary>
+Role allowed access
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role.
+</summary>
+</param>
+</interface>
+<interface name="apache_read_user_scripts" lineno="196">
+<summary>
+Read user httpd script executable files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_read_user_content" lineno="216">
+<summary>
+Read user httpd content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_domtrans" lineno="236">
+<summary>
+Execute httpd with a domain transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="apache_initrc_domtrans" lineno="255">
+<summary>
+Execute httpd server in the httpd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="apache_signal" lineno="273">
+<summary>
+Send generic signals to httpd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_signull" lineno="291">
+<summary>
+Send null signals to httpd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_sigchld" lineno="309">
+<summary>
+Send child terminated signals to httpd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_use_fds" lineno="328">
+<summary>
+Inherit and use file descriptors
+from httpd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_dontaudit_rw_fifo_file" lineno="347">
+<summary>
+Do not audit attempts to read and
+write httpd unnamed pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="apache_dontaudit_rw_stream_sockets" lineno="366">
+<summary>
+Do not audit attempts to read and
+write httpd unix domain stream sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="apache_rw_stream_sockets" lineno="385">
+<summary>
+Read and write httpd unix domain
+stream sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_dontaudit_rw_tcp_sockets" lineno="404">
+<summary>
+Do not audit attempts to read and
+write httpd TCP sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="apache_reload" lineno="422">
+<summary>
+Reload the httpd service (systemd).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_read_all_ra_content" lineno="441">
+<summary>
+Read all appendable content
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_append_all_ra_content" lineno="460">
+<summary>
+Append to all appendable web content
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_read_all_rw_content" lineno="478">
+<summary>
+Read all read/write content
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_manage_all_rw_content" lineno="497">
+<summary>
+Manage all read/write content
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_read_all_content" lineno="516">
+<summary>
+Read all web content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_search_all_content" lineno="538">
+<summary>
+Search all apache content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_manage_all_content" lineno="558">
+<summary>
+Create, read, write, and delete
+all httpd content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="apache_setattr_cache_dirs" lineno="582">
+<summary>
+Set attributes httpd cache directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_list_cache" lineno="600">
+<summary>
+List httpd cache directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_rw_cache_files" lineno="618">
+<summary>
+Read and write httpd cache files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_delete_cache_dirs" lineno="636">
+<summary>
+Delete httpd cache directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_delete_cache_files" lineno="654">
+<summary>
+Delete httpd cache files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_read_config" lineno="673">
+<summary>
+Read httpd configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="apache_search_config" lineno="694">
+<summary>
+Search httpd configuration directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_manage_config" lineno="714">
+<summary>
+Create, read, write, and delete
+httpd configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_domtrans_helper" lineno="736">
+<summary>
+Execute the Apache helper program
+with a domain transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_run_helper" lineno="763">
+<summary>
+Execute the Apache helper program with
+a domain transition, and allow the
+specified role the Apache helper domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="apache_read_log" lineno="783">
+<summary>
+Read httpd log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="apache_append_log" lineno="804">
+<summary>
+Append httpd log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_dontaudit_append_log" lineno="825">
+<summary>
+Do not audit attempts to append
+httpd log files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="apache_manage_log" lineno="844">
+<summary>
+Create, read, write, and delete
+httpd log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_write_log" lineno="865">
+<summary>
+Write apache log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_dontaudit_search_modules" lineno="885">
+<summary>
+Do not audit attempts to search
+httpd module directories.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="apache_list_modules" lineno="903">
+<summary>
+List httpd module directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_exec_modules" lineno="921">
+<summary>
+Execute httpd module files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_read_module_files" lineno="941">
+<summary>
+Read httpd module files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_domtrans_rotatelogs" lineno="961">
+<summary>
+Execute a domain transition to
+run httpd_rotatelogs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="apache_list_sys_content" lineno="980">
+<summary>
+List httpd system content directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_manage_sys_content" lineno="1001">
+<summary>
+Create, read, write, and delete
+httpd system content files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="apache_manage_sys_rw_content" lineno="1023">
+<summary>
+Create, read, write, and delete
+httpd system rw content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_domtrans_sys_script" lineno="1045">
+<summary>
+Execute all httpd scripts in the
+system script domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="apache_dontaudit_rw_sys_script_stream_sockets" lineno="1068">
+<summary>
+Do not audit attempts to read and
+write httpd system script unix
+domain stream sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="apache_domtrans_all_scripts" lineno="1087">
+<summary>
+Execute all user scripts in the user
+script domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="apache_run_all_scripts" lineno="1112">
+<summary>
+Execute all user scripts in the user
+script domain. Add user script domains
+to the specified role.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_read_squirrelmail_data" lineno="1131">
+<summary>
+Read httpd squirrelmail data files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_append_squirrelmail_data" lineno="1149">
+<summary>
+Append httpd squirrelmail data files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_search_sys_content" lineno="1167">
+<summary>
+Search httpd system content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_read_sys_content" lineno="1186">
+<summary>
+Read httpd system content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_search_sys_scripts" lineno="1206">
+<summary>
+Search httpd system CGI directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_manage_all_user_content" lineno="1226">
+<summary>
+Create, read, write, and delete all
+user httpd content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="apache_search_sys_script_state" lineno="1247">
+<summary>
+Search system script state directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_read_tmp_files" lineno="1265">
+<summary>
+Read httpd tmp files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apache_dontaudit_write_tmp_files" lineno="1285">
+<summary>
+Do not audit attempts to write
+httpd tmp files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="apache_delete_lib_files" lineno="1303">
+<summary>
+Delete httpd_var_lib_t files
+</summary>
+<param name="domain">
+<summary>
+Domain that can delete the files
+</summary>
+</param>
+</interface>
+<interface name="apache_cgi_domain" lineno="1334">
+<summary>
+Execute CGI in the specified domain.
+</summary>
+<desc>
+<p>
+This is an interface to support third party modules
+and its use is not allowed in upstream reference
+policy.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain run the cgi script in.
+</summary>
+</param>
+<param name="entrypoint">
+<summary>
+Type of the executable to enter the cgi domain.
+</summary>
+</param>
+</interface>
+<interface name="apache_admin" lineno="1362">
+<summary>
+All of the rules required to
+administrate an apache environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="allow_httpd_anon_write" dftval="false">
+<desc>
+<p>
+Determine whether httpd can modify
+public files used for public file
+transfer services. Directories/Files must
+be labeled public_content_rw_t.
+</p>
+</desc>
+</tunable>
+<tunable name="allow_httpd_mod_auth_pam" dftval="false">
+<desc>
+<p>
+Determine whether httpd can use mod_auth_pam.
+</p>
+</desc>
+</tunable>
+<tunable name="httpd_builtin_scripting" dftval="false">
+<desc>
+<p>
+Determine whether httpd can use built in scripting.
+</p>
+</desc>
+</tunable>
+<tunable name="httpd_can_check_spam" dftval="false">
+<desc>
+<p>
+Determine whether httpd can check spam.
+</p>
+</desc>
+</tunable>
+<tunable name="httpd_can_network_connect" dftval="false">
+<desc>
+<p>
+Determine whether httpd scripts and modules
+can connect to the network using TCP.
+</p>
+</desc>
+</tunable>
+<tunable name="httpd_can_network_connect_cobbler" dftval="false">
+<desc>
+<p>
+Determine whether httpd scripts and modules
+can connect to cobbler over the network.
+</p>
+</desc>
+</tunable>
+<tunable name="httpd_can_network_connect_db" dftval="false">
+<desc>
+<p>
+Determine whether scripts and modules can
+connect to databases over the network.
+</p>
+</desc>
+</tunable>
+<tunable name="httpd_can_network_connect_ldap" dftval="false">
+<desc>
+<p>
+Determine whether httpd can connect to
+ldap over the network.
+</p>
+</desc>
+</tunable>
+<tunable name="httpd_can_network_connect_memcache" dftval="false">
+<desc>
+<p>
+Determine whether httpd can connect
+to memcache server over the network.
+</p>
+</desc>
+</tunable>
+<tunable name="httpd_can_network_relay" dftval="false">
+<desc>
+<p>
+Determine whether httpd can act as a relay.
+</p>
+</desc>
+</tunable>
+<tunable name="httpd_can_network_connect_zabbix" dftval="false">
+<desc>
+<p>
+Determine whether httpd daemon can
+connect to zabbix over the network.
+</p>
+</desc>
+</tunable>
+<tunable name="httpd_can_sendmail" dftval="false">
+<desc>
+<p>
+Determine whether httpd can send mail.
+</p>
+</desc>
+</tunable>
+<tunable name="httpd_dbus_avahi" dftval="false">
+<desc>
+<p>
+Determine whether httpd can communicate
+with avahi service via dbus.
+</p>
+</desc>
+</tunable>
+<tunable name="httpd_enable_cgi" dftval="false">
+<desc>
+<p>
+Determine wether httpd can use support.
+</p>
+</desc>
+</tunable>
+<tunable name="httpd_enable_ftp_server" dftval="false">
+<desc>
+<p>
+Determine whether httpd can act as a
+FTP server by listening on the ftp port.
+</p>
+</desc>
+</tunable>
+<tunable name="httpd_enable_homedirs" dftval="false">
+<desc>
+<p>
+Determine whether httpd can traverse
+user home directories.
+</p>
+</desc>
+</tunable>
+<tunable name="httpd_gpg_anon_write" dftval="false">
+<desc>
+<p>
+Determine whether httpd gpg can modify
+public files used for public file
+transfer services. Directories/Files must
+be labeled public_content_rw_t.
+</p>
+</desc>
+</tunable>
+<tunable name="httpd_tmp_exec" dftval="false">
+<desc>
+<p>
+Determine whether httpd can execute
+its temporary content.
+</p>
+</desc>
+</tunable>
+<tunable name="httpd_execmem" dftval="false">
+<desc>
+<p>
+Determine whether httpd scripts and
+modules can use execmem and execstack.
+</p>
+</desc>
+</tunable>
+<tunable name="httpd_graceful_shutdown" dftval="false">
+<desc>
+<p>
+Determine whether httpd can connect
+to port 80 for graceful shutdown.
+</p>
+</desc>
+</tunable>
+<tunable name="httpd_manage_ipa" dftval="false">
+<desc>
+<p>
+Determine whether httpd can
+manage IPA content files.
+</p>
+</desc>
+</tunable>
+<tunable name="httpd_mod_auth_ntlm_winbind" dftval="false">
+<desc>
+<p>
+Determine whether httpd can use mod_auth_ntlm_winbind.
+</p>
+</desc>
+</tunable>
+<tunable name="httpd_read_user_content" dftval="false">
+<desc>
+<p>
+Determine whether httpd can read
+generic user home content files.
+</p>
+</desc>
+</tunable>
+<tunable name="httpd_setrlimit" dftval="false">
+<desc>
+<p>
+Determine whether httpd can change
+its resource limits.
+</p>
+</desc>
+</tunable>
+<tunable name="httpd_ssi_exec" dftval="false">
+<desc>
+<p>
+Determine whether httpd can run
+SSI executables in the same domain
+as system CGI scripts.
+</p>
+</desc>
+</tunable>
+<tunable name="httpd_tty_comm" dftval="false">
+<desc>
+<p>
+Determine whether httpd can communicate
+with the terminal. Needed for entering the
+passphrase for certificates at the terminal.
+</p>
+</desc>
+</tunable>
+<tunable name="httpd_unified" dftval="false">
+<desc>
+<p>
+Determine whether httpd can have full access
+to its content types.
+</p>
+</desc>
+</tunable>
+<tunable name="httpd_use_cifs" dftval="false">
+<desc>
+<p>
+Determine whether httpd can use
+cifs file systems.
+</p>
+</desc>
+</tunable>
+<tunable name="httpd_use_fusefs" dftval="false">
+<desc>
+<p>
+Determine whether httpd can
+use fuse file systems.
+</p>
+</desc>
+</tunable>
+<tunable name="httpd_use_gpg" dftval="false">
+<desc>
+<p>
+Determine whether httpd can use gpg.
+</p>
+</desc>
+</tunable>
+<tunable name="httpd_use_nfs" dftval="false">
+<desc>
+<p>
+Determine whether httpd can use
+nfs file systems.
+</p>
+</desc>
+</tunable>
+<tunable name="allow_httpd_sys_script_anon_write" dftval="false">
+<desc>
+<p>
+Determine whether the script domain can
+modify public files used for public file
+transfer services. Directories/Files must
+be labeled public_content_rw_t.
+</p>
+</desc>
+</tunable>
+<tunable name="allow_httpd_user_script_anon_write" dftval="false">
+<desc>
+<p>
+Determine whether the script domain can
+modify public files used for public file
+transfer services. Directories/Files must
+be labeled public_content_rw_t.
+</p>
+</desc>
+</tunable>
+<tunable name="allow_httpd_unconfined_script_anon_write" dftval="false">
+<desc>
+<p>
+Determine whether the script domain can
+modify public files used for public file
+transfer services. Directories/Files must
+be labeled public_content_rw_t.
+</p>
+</desc>
+</tunable>
+<tunable name="hiawatha_httpd" dftval="false">
+<desc>
+<p>
+Enable specific permissions for the Hiawatha web server
+</p>
+</desc>
+</tunable>
+</module>
+<module name="apcupsd" filename="policy/modules/services/apcupsd.if">
+<summary>APC UPS monitoring daemon.</summary>
+<interface name="apcupsd_domtrans" lineno="14">
+<summary>
+Execute a domain transition to
+run apcupsd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="apcupsd_initrc_domtrans" lineno="34">
+<summary>
+Execute apcupsd server in the
+apcupsd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="apcupsd_read_pid_files" lineno="52">
+<summary>
+Read apcupsd PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apcupsd_read_log" lineno="72">
+<summary>
+Read apcupsd log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="apcupsd_append_log" lineno="92">
+<summary>
+Append apcupsd log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="apcupsd_cgi_script_domtrans" lineno="113">
+<summary>
+Execute a domain transition to
+run httpd_apcupsd_cgi_script.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="apcupsd_admin" lineno="143">
+<summary>
+All of the rules required to
+administrate an apcupsd environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="allow_httpd_apcupsd_cgi_script_anon_write" dftval="false">
+<desc>
+<p>
+Determine whether the script domain can
+modify public files used for public file
+transfer services. Directories/Files must
+be labeled public_content_rw_t.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="arpwatch" filename="policy/modules/services/arpwatch.if">
+<summary>Ethernet activity monitor.</summary>
+<interface name="arpwatch_initrc_domtrans" lineno="14">
+<summary>
+Execute arpwatch server in the
+arpwatch domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="arpwatch_search_data" lineno="32">
+<summary>
+Search arpwatch data file directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="arpwatch_manage_data_files" lineno="52">
+<summary>
+Create, read, write, and delete
+arpwatch data files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="arpwatch_rw_tmp_files" lineno="72">
+<summary>
+Read and write arpwatch temporary
+files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="arpwatch_manage_tmp_files" lineno="92">
+<summary>
+Create, read, write, and delete
+arpwatch temporary files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="arpwatch_dontaudit_rw_packet_sockets" lineno="112">
+<summary>
+Do not audit attempts to read and
+write arpwatch packet sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="arpwatch_admin" lineno="137">
+<summary>
+All of the rules required to
+administrate an arpwatch environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="asterisk" filename="policy/modules/services/asterisk.if">
+<summary>Asterisk IP telephony server.</summary>
+<interface name="asterisk_domtrans" lineno="13">
+<summary>
+Execute asterisk in the asterisk domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="asterisk_exec" lineno="32">
+<summary>
+Execute asterisk in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="asterisk_stream_connect" lineno="52">
+<summary>
+Connect to asterisk over a unix domain.
+stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="asterisk_setattr_logs" lineno="72">
+<summary>
+Set attributes of asterisk log
+files and directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="asterisk_setattr_pid_files" lineno="93">
+<summary>
+Set attributes of the asterisk
+PID content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="asterisk_admin" lineno="120">
+<summary>
+All of the rules required to
+administrate an asterisk environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="automount" filename="policy/modules/services/automount.if">
+<summary>Filesystem automounter service.</summary>
+<interface name="automount_domtrans" lineno="13">
+<summary>
+Execute automount in the automount domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="automount_signal" lineno="33">
+<summary>
+Send generic signals to automount.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="automount_read_state" lineno="51">
+<summary>
+Read automount process state.
+</summary>
+<param name="domain">
+<summary>
+Domain to allow access.
+</summary>
+</param>
+</interface>
+<interface name="automount_dontaudit_use_fds" lineno="73">
+<summary>
+Do not audit attempts to use
+automount file descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="automount_dontaudit_write_pipes" lineno="92">
+<summary>
+Do not audit attempts to write
+automount unnamed pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="automount_dontaudit_getattr_tmp_dirs" lineno="112">
+<summary>
+Do not audit attempts to get
+attributes of automount temporary
+directories.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="automount_admin" lineno="137">
+<summary>
+All of the rules required to
+administrate an automount environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="avahi" filename="policy/modules/services/avahi.if">
+<summary>mDNS/DNS-SD daemon implementing Apple ZeroConf architecture.</summary>
+<interface name="avahi_domtrans" lineno="13">
+<summary>
+Execute avahi server in the avahi domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="avahi_initrc_domtrans" lineno="33">
+<summary>
+Execute avahi init scripts in the
+init script domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="avahi_signal" lineno="51">
+<summary>
+Send generic signals to avahi.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="avahi_kill" lineno="69">
+<summary>
+Send kill signals to avahi.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="avahi_signull" lineno="87">
+<summary>
+Send null signals to avahi.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="avahi_dbus_chat" lineno="106">
+<summary>
+Send and receive messages from
+avahi over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="avahi_stream_connect" lineno="127">
+<summary>
+Connect to avahi using a unix
+stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="avahi_create_pid_dirs" lineno="146">
+<summary>
+Create avahi pid directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="avahi_setattr_pid_dirs" lineno="165">
+<summary>
+Set attributes of avahi pid directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="avahi_manage_pid_files" lineno="184">
+<summary>
+Create, read, and write avahi pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="avahi_dontaudit_search_pid" lineno="204">
+<summary>
+Do not audit attempts to search
+avahi pid directories.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="avahi_filetrans_pid" lineno="233">
+<summary>
+Create specified objects in generic
+pid directories with the avahi pid file type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+Class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="avahi_admin" lineno="258">
+<summary>
+All of the rules required to
+administrate an avahi environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="bind" filename="policy/modules/services/bind.if">
+<summary>Berkeley Internet name domain DNS server.</summary>
+<interface name="bind_initrc_domtrans" lineno="14">
+<summary>
+Execute bind init scripts in
+the init script domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="bind_domtrans_ndc" lineno="32">
+<summary>
+Execute ndc in the ndc domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="bind_signal" lineno="51">
+<summary>
+Send generic signals to bind.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="bind_signull" lineno="69">
+<summary>
+Send null signals to bind.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="bind_kill" lineno="87">
+<summary>
+Send kill signals to bind.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="bind_run_ndc" lineno="112">
+<summary>
+Execute ndc in the ndc domain, and
+allow the specified role the ndc domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="bind_domtrans" lineno="131">
+<summary>
+Execute bind in the named domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="bind_read_dnssec_keys" lineno="150">
+<summary>
+Read dnssec key files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="bind_read_config" lineno="168">
+<summary>
+Read bind named configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="bind_write_config" lineno="186">
+<summary>
+Write bind named configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="bind_manage_config_dirs" lineno="206">
+<summary>
+Create, read, write, and delete
+bind configuration directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="bind_search_cache" lineno="224">
+<summary>
+Search bind cache directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="bind_manage_cache" lineno="246">
+<summary>
+Create, read, write, and delete
+bind cache files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="bind_setattr_pid_dirs" lineno="267">
+<summary>
+Set attributes of bind pid directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="bind_setattr_zone_dirs" lineno="285">
+<summary>
+Set attributes of bind zone directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="bind_read_zone" lineno="303">
+<summary>
+Read bind zone files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="bind_manage_zone" lineno="323">
+<summary>
+Create, read, write, and delete
+bind zone files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="bind_admin" lineno="349">
+<summary>
+All of the rules required to
+administrate an bind environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="named_tcp_bind_http_port" dftval="false">
+<desc>
+<p>
+Determine whether Bind can bind tcp socket to http ports.
+</p>
+</desc>
+</tunable>
+<tunable name="named_write_master_zones" dftval="false">
+<desc>
+<p>
+Determine whether Bind can write to master zone files.
+Generally this is used for dynamic DNS or zone transfers.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="bird" filename="policy/modules/services/bird.if">
+<summary>BIRD Internet Routing Daemon.</summary>
+<interface name="bird_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an bird environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="bitlbee" filename="policy/modules/services/bitlbee.if">
+<summary>Tunnels instant messaging traffic to a virtual IRC channel.</summary>
+<interface name="bitlbee_read_config" lineno="13">
+<summary>
+Read bitlbee configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="bitlbee_admin" lineno="40">
+<summary>
+All of the rules required to
+administrate an bitlbee environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="bluetooth" filename="policy/modules/services/bluetooth.if">
+<summary>Bluetooth tools and system services.</summary>
+<interface name="bluetooth_role" lineno="18">
+<summary>
+Role access for bluetooth.
+</summary>
+<param name="role">
+<summary>
+Role allowed access
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role
+</summary>
+</param>
+</interface>
+<interface name="bluetooth_stream_connect" lineno="63">
+<summary>
+Connect to bluetooth over a unix domain
+stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="bluetooth_domtrans" lineno="83">
+<summary>
+Execute bluetooth in the bluetooth domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="bluetooth_read_config" lineno="102">
+<summary>
+Read bluetooth configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="bluetooth_dbus_chat" lineno="121">
+<summary>
+Send and receive messages from
+bluetooth over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="bluetooth_dontaudit_read_helper_state" lineno="142">
+<summary>
+Do not audit attempts to read
+bluetooth process state files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="bluetooth_admin" lineno="168">
+<summary>
+All of the rules required to
+administrate an bluetooth environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="boinc" filename="policy/modules/services/boinc.if">
+<summary>Platform for computing using volunteered resources.</summary>
+<interface name="boinc_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an boinc environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="boinc_execmem" dftval="true">
+<desc>
+<p>
+Determine whether boinc can execmem/execstack.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="bugzilla" filename="policy/modules/services/bugzilla.if">
+<summary>Bugtracker.</summary>
+<interface name="bugzilla_search_content" lineno="13">
+<summary>
+Search bugzilla directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="bugzilla_dontaudit_rw_stream_sockets" lineno="33">
+<summary>
+Do not audit attempts to read and
+write bugzilla script unix domain
+stream sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="bugzilla_admin" lineno="58">
+<summary>
+All of the rules required to
+administrate an bugzilla environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role" unused="true">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="allow_httpd_bugzilla_script_anon_write" dftval="false">
+<desc>
+<p>
+Determine whether the script domain can
+modify public files used for public file
+transfer services. Directories/Files must
+be labeled public_content_rw_t.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="cachefilesd" filename="policy/modules/services/cachefilesd.if">
+<summary>CacheFiles user-space management daemon.</summary>
+<interface name="cachefilesd_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an cachefilesd environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="callweaver" filename="policy/modules/services/callweaver.if">
+<summary>PBX software.</summary>
+<interface name="callweaver_exec" lineno="13">
+<summary>
+Execute callweaver in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="callweaver_stream_connect" lineno="33">
+<summary>
+Connect to callweaver over a
+unix stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="callweaver_admin" lineno="59">
+<summary>
+All of the rules required to
+administrate an callweaver environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="canna" filename="policy/modules/services/canna.if">
+<summary>Kana-kanji conversion server.</summary>
+<interface name="canna_stream_connect" lineno="14">
+<summary>
+Connect to Canna using a unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="canna_admin" lineno="40">
+<summary>
+All of the rules required to
+administrate an canna environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="ccs" filename="policy/modules/services/ccs.if">
+<summary>Cluster Configuration System.</summary>
+<interface name="ccs_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run ccs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ccs_stream_connect" lineno="32">
+<summary>
+Connect to ccs over an unix stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ccs_read_config" lineno="51">
+<summary>
+Read cluster configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ccs_manage_config" lineno="71">
+<summary>
+Create, read, write, and delete
+cluster configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ccs_admin" lineno="98">
+<summary>
+All of the rules required to
+administrate an ccs environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="certmaster" filename="policy/modules/services/certmaster.if">
+<summary>Remote certificate distribution framework.</summary>
+<interface name="certmaster_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run certmaster.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="certmaster_exec" lineno="32">
+<summary>
+Execute certmaster in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="certmaster_read_log" lineno="51">
+<summary>
+read certmaster logs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="certmaster_append_log" lineno="70">
+<summary>
+Append certmaster log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="certmaster_manage_log" lineno="90">
+<summary>
+Create, read, write, and delete
+certmaster log content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="certmaster_admin" lineno="117">
+<summary>
+All of the rules required to
+administrate an certmaster environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="certmonger" filename="policy/modules/services/certmonger.if">
+<summary>Certificate status monitor and PKI enrollment client.</summary>
+<interface name="certmonger_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run certmonger.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="certmonger_dbus_chat" lineno="33">
+<summary>
+Send and receive messages from
+certmonger over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="certmonger_initrc_domtrans" lineno="54">
+<summary>
+Execute certmonger server in
+the certmonger domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="certmonger_read_pid_files" lineno="72">
+<summary>
+Read certmonger PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="certmonger_search_lib" lineno="91">
+<summary>
+Search certmonger lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="certmonger_read_lib_files" lineno="110">
+<summary>
+Read certmonger lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="certmonger_manage_lib_files" lineno="130">
+<summary>
+Create, read, write, and delete
+certmonger lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="certmonger_admin" lineno="156">
+<summary>
+All of the rules required to
+administrate an certmonger environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="cgmanager" filename="policy/modules/services/cgmanager.if">
+<summary>Control Group manager daemon.</summary>
+<interface name="cgmanager_stream_connect" lineno="14">
+<summary>
+Connect to cgmanager with a unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="cgroup" filename="policy/modules/services/cgroup.if">
+<summary>libcg is a library that abstracts the control group file system in Linux.</summary>
+<interface name="cgroup_domtrans_cgclear" lineno="14">
+<summary>
+Execute a domain transition to run
+CG Clear.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="cgroup_domtrans_cgconfig" lineno="34">
+<summary>
+Execute a domain transition to run
+CG config parser.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="cgroup_initrc_domtrans_cgconfig" lineno="54">
+<summary>
+Execute CG config init scripts in
+the init script domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="cgroup_domtrans_cgred" lineno="73">
+<summary>
+Execute a domain transition to run
+CG rules engine daemon.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="cgroup_initrc_domtrans_cgred" lineno="94">
+<summary>
+Execute a domain transition to run
+CG rules engine daemon.
+domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="cgroup_run_cgclear" lineno="121">
+<summary>
+Execute a domain transition to
+run CG Clear and allow the
+specified role the CG Clear
+domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="cgroup_stream_connect_cgred" lineno="141">
+<summary>
+Connect to CG rules engine daemon
+over unix stream sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cgroup_admin" lineno="167">
+<summary>
+All of the rules required to administrate
+an cgroup environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="chronyd" filename="policy/modules/services/chronyd.if">
+<summary>Chrony NTP background daemon.</summary>
+<interface name="chronyd_domtrans" lineno="13">
+<summary>
+Execute chronyd in the chronyd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="chronyd_domtrans_cli" lineno="32">
+<summary>
+Execute chronyc in the chronyc domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="chronyd_initrc_domtrans" lineno="52">
+<summary>
+Execute chronyd server in the
+chronyd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="chronyd_exec" lineno="70">
+<summary>
+Execute chronyd in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="chronyd_run_cli" lineno="97">
+<summary>
+Execute chronyc in the chronyc domain,
+and allow the specified roles the
+chronyc domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="chronyd_read_log" lineno="116">
+<summary>
+Read chronyd log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="chronyd_read_config" lineno="135">
+<summary>
+Read chronyd config file.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="chronyd_rw_config" lineno="154">
+<summary>
+Read and write chronyd config file.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="chronyd_rw_shm" lineno="173">
+<summary>
+Read and write chronyd shared memory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="chronyd_stream_connect" lineno="196">
+<summary>
+Connect to chronyd using a unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="chronyd_dgram_send" lineno="216">
+<summary>
+Send to chronyd using a unix domain
+datagram socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="chronyd_read_key_files" lineno="235">
+<summary>
+Read chronyd key files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="chronyd_enabledisable" lineno="254">
+<summary>
+Allow specified domain to enable and disable chronyd unit
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="chronyd_startstop" lineno="273">
+<summary>
+Allow specified domain to start and stop chronyd unit
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="chronyd_status" lineno="292">
+<summary>
+Allow specified domain to get status of chronyd unit
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="chronyd_dgram_send_cli" lineno="312">
+<summary>
+Send to chronyd command line interface using a unix domain
+datagram socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="chronyd_admin" lineno="338">
+<summary>
+All of the rules required to
+administrate an chronyd environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="cipe" filename="policy/modules/services/cipe.if">
+<summary>Encrypted tunnel daemon.</summary>
+<interface name="cipe_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an cipe environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="clamav" filename="policy/modules/services/clamav.if">
+<summary>ClamAV Virus Scanner.</summary>
+<interface name="clamav_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run clamd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="clamav_run" lineno="39">
+<summary>
+Execute clamd programs in the clamd
+domain and allow the specified role
+the clamd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+<interface name="clamav_stream_connect" lineno="59">
+<summary>
+Connect to clamd using a unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="clamav_append_log" lineno="80">
+<summary>
+Append clamav log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="clamav_manage_pid_content" lineno="101">
+<summary>
+Create, read, write, and delete
+clamav pid content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="clamav_read_config" lineno="121">
+<summary>
+Read clamav configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="clamav_search_lib" lineno="140">
+<summary>
+Search clamav library directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="clamav_domtrans_clamscan" lineno="159">
+<summary>
+Execute a domain transition to run clamscan.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="clamav_exec_clamscan" lineno="178">
+<summary>
+Execute clamscan in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="clamav_read_state_clamd" lineno="197">
+<summary>
+Read clamd process state files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="clamav_read_signatures" lineno="225">
+<summary>
+Read clam virus signature files
+</summary>
+<desc>
+<p>
+Useful for when using things like 'sigtool'
+which provides useful information about
+ClamAV signature files.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="clamav_scannable_files" lineno="246">
+<summary>
+Denote a particular type to be scanned by ClamAV
+</summary>
+<param name="domain">
+<summary>
+Type that clamd_t and clamscan_t can read.
+</summary>
+</param>
+</interface>
+<interface name="clamav_domtrans_freshclam" lineno="264">
+<summary>
+Execute a domain transition to run freshclam.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="clamav_run_freshclam" lineno="290">
+<summary>
+Execute freshclam in the freshclam domain, and
+allow the specified role the freshclam domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="clamav_exec_freshclam" lineno="309">
+<summary>
+Execute freshclam in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="clamav_enabledisable_clamd" lineno="328">
+<summary>
+Allow specified domain to enable clamd units
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="clamav_startstop_clamd" lineno="347">
+<summary>
+Allow specified domain to start clamd units
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="clamav_status_clamd" lineno="366">
+<summary>
+Allow specified domain to get status of clamd
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="clamav_reload_clamd" lineno="385">
+<summary>
+Allow specified domain reload of clamd
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="clamav_admin" lineno="411">
+<summary>
+All of the rules required to
+administrate an clamav environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="clamav_read_user_content_files_clamscan" dftval="false">
+<desc>
+<p>
+Determine whether clamscan can
+read user content files.
+</p>
+</desc>
+</tunable>
+<tunable name="clamav_read_all_non_security_files_clamscan" dftval="false">
+<desc>
+<p>
+Determine whether clamscan can read
+all non-security files.
+</p>
+</desc>
+</tunable>
+<tunable name="clamd_use_jit" dftval="false">
+<desc>
+<p>
+Determine whether can clamd use JIT compiler.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="clockspeed" filename="policy/modules/services/clockspeed.if">
+<summary>Clock speed measurement and manipulation.</summary>
+<interface name="clockspeed_domtrans_cli" lineno="14">
+<summary>
+Execute clockspeed utilities in
+the clockspeed_cli domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="clockspeed_run_cli" lineno="41">
+<summary>
+Execute clockspeed utilities in the
+clockspeed cli domain, and allow the
+specified role the clockspeed cli domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="clogd" filename="policy/modules/services/clogd.if">
+<summary>Clustered Mirror Log Server.</summary>
+<interface name="clogd_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run clogd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="clogd_rw_semaphores" lineno="32">
+<summary>
+Read and write clogd semaphores.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="clogd_rw_shm" lineno="50">
+<summary>
+Read and write clogd shared memory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="cmirrord" filename="policy/modules/services/cmirrord.if">
+<summary>Cluster mirror log daemon.</summary>
+<interface name="cmirrord_domtrans" lineno="14">
+<summary>
+Execute a domain transition to
+run cmirrord.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="cmirrord_initrc_domtrans" lineno="34">
+<summary>
+Execute cmirrord server in the
+cmirrord domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="cmirrord_read_pid_files" lineno="52">
+<summary>
+Read cmirrord PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cmirrord_rw_shm" lineno="71">
+<summary>
+Read and write cmirrord shared memory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cmirrord_admin" lineno="101">
+<summary>
+All of the rules required to
+administrate an cmirrord environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="cobbler" filename="policy/modules/services/cobbler.if">
+<summary>Cobbler installation server.</summary>
+<interface name="cobblerd_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run cobblerd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="cobblerd_initrc_domtrans" lineno="33">
+<summary>
+Execute cobblerd init scripts in
+the init script domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="cobbler_read_config" lineno="51">
+<summary>
+Read cobbler configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cobbler_dontaudit_rw_log" lineno="71">
+<summary>
+Do not audit attempts to read and write
+cobbler log files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="cobbler_search_lib" lineno="89">
+<summary>
+Search cobbler lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cobbler_read_lib_files" lineno="108">
+<summary>
+Read cobbler lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cobbler_manage_lib_files" lineno="128">
+<summary>
+Create, read, write, and delete
+cobbler lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cobbler_admin" lineno="154">
+<summary>
+All of the rules required to
+administrate an cobbler environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="cobbler_anon_write" dftval="false">
+<desc>
+<p>
+Determine whether Cobbler can modify
+public files used for public file
+transfer services.
+</p>
+</desc>
+</tunable>
+<tunable name="cobbler_can_network_connect" dftval="false">
+<desc>
+<p>
+Determine whether Cobbler can connect
+to the network using TCP.
+</p>
+</desc>
+</tunable>
+<tunable name="cobbler_use_cifs" dftval="false">
+<desc>
+<p>
+Determine whether Cobbler can access
+cifs file systems.
+</p>
+</desc>
+</tunable>
+<tunable name="cobbler_use_nfs" dftval="false">
+<desc>
+<p>
+Determine whether Cobbler can access
+nfs file systems.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="collectd" filename="policy/modules/services/collectd.if">
+<summary>Statistics collection daemon for filling RRD files.</summary>
+<interface name="collectd_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an collectd environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="collectd_tcp_network_connect" dftval="false">
+<desc>
+<p>
+Determine whether collectd can connect
+to the network using TCP.
+</p>
+</desc>
+</tunable>
+<tunable name="allow_httpd_collectd_script_anon_write" dftval="false">
+<desc>
+<p>
+Determine whether the script domain can
+modify public files used for public file
+transfer services. Directories/Files must
+be labeled public_content_rw_t.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="colord" filename="policy/modules/services/colord.if">
+<summary>GNOME color manager.</summary>
+<interface name="colord_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run colord.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="colord_dbus_chat" lineno="33">
+<summary>
+Send and receive messages from
+colord over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="colord_read_lib_files" lineno="53">
+<summary>
+Read colord lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="comsat" filename="policy/modules/services/comsat.if">
+<summary>Comsat, a biff server.</summary>
+</module>
+<module name="condor" filename="policy/modules/services/condor.if">
+<summary>High-Throughput Computing System.</summary>
+<template name="condor_domain_template" lineno="13">
+<summary>
+The template to define a condor domain.
+</summary>
+<param name="domain_prefix">
+<summary>
+Domain prefix to be used.
+</summary>
+</param>
+</template>
+<interface name="condor_admin" lineno="58">
+<summary>
+All of the rules required to
+administrate an condor environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="condor_tcp_network_connect" dftval="false">
+<desc>
+<p>
+Determine whether Condor can connect
+to the network using TCP.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="consolekit" filename="policy/modules/services/consolekit.if">
+<summary>Framework for facilitating multiple user sessions on desktops.</summary>
+<interface name="consolekit_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run consolekit.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="consolekit_dbus_chat" lineno="33">
+<summary>
+Send and receive messages from
+consolekit over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="consolekit_use_inhibit_lock" lineno="57">
+<summary>
+Use consolekit inhibit locks.
+
+The program gets passed an FD to a fifo_file to hold.
+When the application is done with the lock, it closes the FD.
+Implements this API: https://www.freedesktop.org/wiki/Software/systemd/inhibit/
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="consolekit_read_log" lineno="76">
+<summary>
+Read consolekit log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="consolekit_manage_log" lineno="96">
+<summary>
+Create, read, write, and delete
+consolekit log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="consolekit_read_pid_files" lineno="115">
+<summary>
+Read consolekit PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="corosync" filename="policy/modules/services/corosync.if">
+<summary>Corosync Cluster Engine.</summary>
+<interface name="corosync_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run corosync.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="corosync_initrc_domtrans" lineno="33">
+<summary>
+Execute corosync init scripts in
+the init script domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="corosync_exec" lineno="51">
+<summary>
+Execute corosync in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corosync_read_log" lineno="70">
+<summary>
+Read corosync log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corosync_stream_connect" lineno="91">
+<summary>
+Connect to corosync over a unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corosync_rw_tmpfs" lineno="110">
+<summary>
+Read and write corosync tmpfs files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="corosync_admin" lineno="136">
+<summary>
+All of the rules required to
+administrate an corosync environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="couchdb" filename="policy/modules/services/couchdb.if">
+<summary>Document database server.</summary>
+<interface name="couchdb_read_log_files" lineno="13">
+<summary>
+Read couchdb log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="couchdb_manage_lib_files" lineno="32">
+<summary>
+Read, write, and create couchdb lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="couchdb_read_conf_files" lineno="51">
+<summary>
+Read couchdb config files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="couchdb_read_pid_files" lineno="70">
+<summary>
+Read couchdb pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="couchdb_admin" lineno="96">
+<summary>
+All of the rules required to
+administrate an couchdb environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="courier" filename="policy/modules/services/courier.if">
+<summary>Courier IMAP and POP3 email servers.</summary>
+<template name="courier_domain_template" lineno="13">
+<summary>
+The template to define a courier domain.
+</summary>
+<param name="domain_prefix">
+<summary>
+Domain prefix to be used.
+</summary>
+</param>
+</template>
+<interface name="courier_domtrans_authdaemon" lineno="46">
+<summary>
+Execute the courier authentication
+daemon with a domain transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="courier_stream_connect_authdaemon" lineno="66">
+<summary>
+Connect to courier-authdaemon over
+a unix stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="courier_domtrans_pop" lineno="86">
+<summary>
+Execute the courier POP3 and IMAP
+server with a domain transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="courier_read_config" lineno="105">
+<summary>
+Read courier config files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="courier_manage_spool_dirs" lineno="125">
+<summary>
+Create, read, write, and delete courier
+spool directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="courier_manage_spool_files" lineno="145">
+<summary>
+Create, read, write, and delete courier
+spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="courier_read_spool" lineno="164">
+<summary>
+Read courier spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="courier_rw_spool_pipes" lineno="183">
+<summary>
+Read and write courier spool pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="cpucontrol" filename="policy/modules/services/cpucontrol.if">
+<summary>Services for loading CPU microcode and CPU frequency scaling.</summary>
+<interface name="cpucontrol_stub" lineno="13">
+<summary>
+CPUcontrol stub interface.  No access allowed.
+</summary>
+<param name="domain" unused="true">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="cron" filename="policy/modules/services/cron.if">
+<summary>Periodic execution of scheduled commands.</summary>
+<template name="cron_common_crontab_template" lineno="13">
+<summary>
+The template to define a crontab domain.
+</summary>
+<param name="domain_prefix">
+<summary>
+Domain prefix to be used.
+</summary>
+</param>
+</template>
+<interface name="cron_role" lineno="59">
+<summary>
+Role access for cron.
+</summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="cron_unconfined_role" lineno="140">
+<summary>
+Role access for unconfined cron.
+</summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role.
+</summary>
+</param>
+</interface>
+<interface name="cron_admin_role" lineno="221">
+<summary>
+Role access for admin cron.
+</summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role.
+</summary>
+</param>
+</interface>
+<interface name="cron_system_entry" lineno="312">
+<summary>
+Make the specified program domain
+accessable from the system cron jobs.
+</summary>
+<param name="domain">
+<summary>
+The type of the process to transition to.
+</summary>
+</param>
+<param name="entrypoint">
+<summary>
+The type of the file used as an entrypoint to this domain.
+</summary>
+</param>
+</interface>
+<interface name="cron_domtrans" lineno="333">
+<summary>
+Execute cron in the cron system domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="cron_exec" lineno="352">
+<summary>
+Execute crond in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cron_initrc_domtrans" lineno="371">
+<summary>
+Execute crond server in the crond domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="cron_use_fds" lineno="389">
+<summary>
+Use crond file descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cron_sigchld" lineno="407">
+<summary>
+Send child terminated signals to crond.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cron_setattr_log_files" lineno="425">
+<summary>
+Set the attributes of cron log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cron_create_log_files" lineno="443">
+<summary>
+Create cron log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cron_write_log_files" lineno="461">
+<summary>
+Write to cron log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cron_manage_log_files" lineno="480">
+<summary>
+Create, read, write and delete
+cron log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cron_generic_log_filetrans_log" lineno="511">
+<summary>
+Create specified objects in generic
+log directories with the cron log file type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+Class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="cron_read_pipes" lineno="529">
+<summary>
+Read cron daemon unnamed pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cron_dontaudit_write_pipes" lineno="548">
+<summary>
+Do not audit attempts to write
+cron daemon unnamed pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="cron_rw_pipes" lineno="566">
+<summary>
+Read and write crond unnamed pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cron_rw_tcp_sockets" lineno="584">
+<summary>
+Read and write crond TCP sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cron_dontaudit_rw_tcp_sockets" lineno="603">
+<summary>
+Do not audit attempts to read and
+write cron daemon TCP sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="cron_search_spool" lineno="621">
+<summary>
+Search cron spool directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cron_manage_pid_files" lineno="641">
+<summary>
+Create, read, write, and delete
+crond pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cron_anacron_domtrans_system_job" lineno="660">
+<summary>
+Execute anacron in the cron
+system domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="cron_use_system_job_fds" lineno="679">
+<summary>
+Use system cron job file descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cron_manage_system_spool" lineno="697">
+<summary>
+Create, read, write, and delete the system spool.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cron_read_system_spool" lineno="716">
+<summary>
+Read the system spool.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cron_rw_tmp_files" lineno="736">
+<summary>
+Read and write crond temporary files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cron_read_system_job_lib_files" lineno="754">
+<summary>
+Read system cron job lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cron_manage_system_job_lib_files" lineno="774">
+<summary>
+Create, read, write, and delete
+system cron job lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cron_write_system_job_pipes" lineno="793">
+<summary>
+Write system cron job unnamed pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cron_rw_system_job_pipes" lineno="812">
+<summary>
+Read and write system cron job
+unnamed pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cron_rw_system_job_stream_sockets" lineno="831">
+<summary>
+Read and write inherited system cron
+job unix domain stream sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cron_read_system_job_tmp_files" lineno="849">
+<summary>
+Read system cron job temporary files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cron_dontaudit_append_system_job_tmp_files" lineno="869">
+<summary>
+Do not audit attempts to append temporary
+system cron job files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="cron_rw_inherited_system_job_tmp_files" lineno="887">
+<summary>
+Read and write to inherited system cron job temporary files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cron_dontaudit_write_system_job_tmp_files" lineno="906">
+<summary>
+Do not audit attempts to write temporary
+system cron job files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="cron_exec_crontab" lineno="925">
+<summary>
+Execute crontab in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="cron_admin" lineno="951">
+<summary>
+All of the rules required to
+administrate a cron environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="cron_can_relabel" dftval="false">
+<desc>
+<p>
+Determine whether system cron jobs
+can relabel filesystem for
+restoring file contexts.
+</p>
+</desc>
+</tunable>
+<tunable name="cron_userdomain_transition" dftval="false">
+<desc>
+<p>
+Determine whether crond can execute jobs
+in the user domain as opposed to the
+the generic cronjob domain.
+</p>
+</desc>
+</tunable>
+<tunable name="fcron_crond" dftval="false">
+<desc>
+<p>
+Determine whether extra rules
+should be enabled to support fcron.
+</p>
+</desc>
+</tunable>
+<tunable name="cron_read_generic_user_content" dftval="true">
+<desc>
+<p>
+Grant the cron domains read access to generic user content
+</p>
+</desc>
+</tunable>
+<tunable name="cron_read_all_user_content" dftval="false">
+<desc>
+<p>
+Grant the cron domains read access to all user content
+</p>
+</desc>
+</tunable>
+<tunable name="cron_manage_generic_user_content" dftval="false">
+<desc>
+<p>
+Grant the cron domains manage rights on generic user content
+</p>
+</desc>
+</tunable>
+<tunable name="cron_manage_all_user_content" dftval="false">
+<desc>
+<p>
+Grant the cron domains manage rights on all user content
+</p>
+</desc>
+</tunable>
+</module>
+<module name="ctdb" filename="policy/modules/services/ctdb.if">
+<summary>Clustered Database based on Samba Trivial Database.</summary>
+<interface name="ctdbd_manage_lib_files" lineno="14">
+<summary>
+Create, read, write, and delete
+ctdbd lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ctdbd_stream_connect" lineno="34">
+<summary>
+Connect to ctdbd with a unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ctdb_admin" lineno="60">
+<summary>
+All of the rules required to
+administrate an ctdb environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="cups" filename="policy/modules/services/cups.if">
+<summary>Common UNIX printing system.</summary>
+<interface name="cups_backend" lineno="19">
+<summary>
+Create a domain which can be
+started by cupsd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="entry_point">
+<summary>
+Type of the program to be used as an entry point to this domain.
+</summary>
+</param>
+</interface>
+<interface name="cups_domtrans" lineno="46">
+<summary>
+Execute cups in the cups domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="cups_stream_connect" lineno="66">
+<summary>
+Connect to cupsd over an unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cups_dbus_chat" lineno="87">
+<summary>
+Send and receive messages from
+cups over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cups_read_pid_files" lineno="107">
+<summary>
+Read cups PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cups_domtrans_config" lineno="127">
+<summary>
+Execute cups_config in the
+cups config domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="cups_signal_config" lineno="147">
+<summary>
+Send generic signals to the cups
+configuration daemon.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cups_dbus_chat_config" lineno="166">
+<summary>
+Send and receive messages from
+cupsd_config over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cups_read_config" lineno="187">
+<summary>
+Read cups configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="cups_read_rw_config" lineno="207">
+<summary>
+Read cups-writable configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="cups_read_log" lineno="227">
+<summary>
+Read cups log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="cups_append_log" lineno="246">
+<summary>
+Append cups log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cups_write_log" lineno="265">
+<summary>
+Write cups log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cups_stream_connect_ptal" lineno="285">
+<summary>
+Connect to ptal over an unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cups_read_state" lineno="304">
+<summary>
+Read the process state (/proc/pid) of cupsd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cups_domtrans_hplip" lineno="326">
+<summary>
+Execute HP Linux Imaging and
+Printing applications in their
+own domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="cups_admin" lineno="352">
+<summary>
+All of the rules required to
+administrate an cups environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="cvs" filename="policy/modules/services/cvs.if">
+<summary>Concurrent versions system.</summary>
+<interface name="cvs_read_data" lineno="13">
+<summary>
+Read CVS data and metadata content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cvs_exec" lineno="33">
+<summary>
+Execute cvs in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cvs_admin" lineno="59">
+<summary>
+All of the rules required to
+administrate an cvs environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="allow_cvs_read_shadow" dftval="false">
+<desc>
+<p>
+Determine whether cvs can read shadow
+password files.
+</p>
+</desc>
+</tunable>
+<tunable name="allow_httpd_cvs_script_anon_write" dftval="false">
+<desc>
+<p>
+Determine whether the script domain can
+modify public files used for public file
+transfer services. Directories/Files must
+be labeled public_content_rw_t.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="cyphesis" filename="policy/modules/services/cyphesis.if">
+<summary>Cyphesis WorldForge game server.</summary>
+<interface name="cyphesis_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run cyphesis.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="cyphesis_admin" lineno="39">
+<summary>
+All of the rules required to
+administrate an cyphesis environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="cyrus" filename="policy/modules/services/cyrus.if">
+<summary>Cyrus is an IMAP service intended to be run on sealed servers.</summary>
+<interface name="cyrus_manage_data" lineno="14">
+<summary>
+Create, read, write, and delete
+cyrus data files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cyrus_stream_connect" lineno="34">
+<summary>
+Connect to Cyrus using a unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="cyrus_admin" lineno="60">
+<summary>
+All of the rules required to
+administrate an cyrus environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="dante" filename="policy/modules/services/dante.if">
+<summary>Dante msproxy and socks4/5 proxy server.</summary>
+<interface name="dante_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an dante environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="dbskk" filename="policy/modules/services/dbskk.if">
+<summary>Dictionary server for the SKK Japanese input method system.</summary>
+</module>
+<module name="dbus" filename="policy/modules/services/dbus.if">
+<summary>Desktop messaging bus.</summary>
+<interface name="dbus_stub" lineno="13">
+<summary>
+DBUS stub interface.  No access allowed.
+</summary>
+<param name="domain" unused="true">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="dbus_exec" lineno="30">
+<summary>
+Execute dbus in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<template name="dbus_role_template" lineno="60">
+<summary>
+Role access for dbus.
+</summary>
+<param name="role_prefix">
+<summary>
+The prefix of the user role (e.g., user
+is the prefix for user_r).
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role
+</summary>
+</param>
+</template>
+<interface name="dbus_system_bus_client" lineno="133">
+<summary>
+Template for creating connections to
+the system bus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dbus_connect_all_session_bus" lineno="170">
+<summary>
+Acquire service on all DBUS
+session busses.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dbus_connect_spec_session_bus" lineno="196">
+<summary>
+Acquire service on specified
+DBUS session bus.
+</summary>
+<param name="role_prefix">
+<summary>
+The prefix of the user role (e.g., user
+is the prefix for user_r).
+</summary>
+</param>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dbus_all_session_bus_client" lineno="216">
+<summary>
+Creating connections to all
+DBUS session busses.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dbus_spec_session_bus_client" lineno="248">
+<summary>
+Creating connections to specified
+DBUS session bus.
+</summary>
+<param name="role_prefix">
+<summary>
+The prefix of the user role (e.g., user
+is the prefix for user_r).
+</summary>
+</param>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dbus_send_all_session_bus" lineno="275">
+<summary>
+Send messages to all DBUS
+session busses.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dbus_send_spec_session_bus" lineno="301">
+<summary>
+Send messages to specified
+DBUS session busses.
+</summary>
+<param name="role_prefix">
+<summary>
+The prefix of the user role (e.g., user
+is the prefix for user_r).
+</summary>
+</param>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dbus_read_config" lineno="320">
+<summary>
+Read dbus configuration content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dbus_read_lib_files" lineno="339">
+<summary>
+Read system dbus lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dbus_relabel_lib_dirs" lineno="359">
+<summary>
+Relabel system dbus lib directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dbus_manage_lib_files" lineno="379">
+<summary>
+Create, read, write, and delete
+system dbus lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dbus_all_session_domain" lineno="405">
+<summary>
+Allow a application domain to be
+started by the specified session bus.
+</summary>
+<param name="domain">
+<summary>
+Type to be used as a domain.
+</summary>
+</param>
+<param name="entry_point">
+<summary>
+Type of the program to be used as an
+entry point to this domain.
+</summary>
+</param>
+</interface>
+<interface name="dbus_spec_session_domain" lineno="439">
+<summary>
+Allow a application domain to be
+started by the specified session bus.
+</summary>
+<param name="role_prefix">
+<summary>
+The prefix of the user role (e.g., user
+is the prefix for user_r).
+</summary>
+</param>
+<param name="domain">
+<summary>
+Type to be used as a domain.
+</summary>
+</param>
+<param name="entry_point">
+<summary>
+Type of the program to be used as an
+entry point to this domain.
+</summary>
+</param>
+</interface>
+<interface name="dbus_connect_system_bus" lineno="460">
+<summary>
+Acquire service on the DBUS system bus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dbus_send_system_bus" lineno="479">
+<summary>
+Send messages to the DBUS system bus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dbus_system_bus_unconfined" lineno="498">
+<summary>
+Unconfined access to DBUS system bus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dbus_system_domain" lineno="523">
+<summary>
+Create a domain for processes which
+can be started by the DBUS system bus.
+</summary>
+<param name="domain">
+<summary>
+Type to be used as a domain.
+</summary>
+</param>
+<param name="entry_point">
+<summary>
+Type of the program to be used as an entry point to this domain.
+</summary>
+</param>
+</interface>
+<interface name="dbus_use_system_bus_fds" lineno="563">
+<summary>
+Use and inherit DBUS system bus
+file descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dbus_dontaudit_system_bus_rw_tcp_sockets" lineno="582">
+<summary>
+Do not audit attempts to read and
+write DBUS system bus TCP sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dbus_unconfined" lineno="600">
+<summary>
+Unconfined access to DBUS.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dbus_generic_pid_filetrans_system_dbusd_var_run" lineno="630">
+<summary>
+Create resources in /run or /var/run with the system_dbusd_var_run_t
+label. This method is deprecated in favor of the init_daemon_run_dir
+call.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+<param name="class">
+<summary>
+Classes supported for the created resources
+</summary>
+</param>
+<param name="filename" optional="true">
+<summary>
+Optional file name used for the resource
+</summary>
+</param>
+</interface>
+<interface name="dbus_create_system_dbusd_var_run_dirs" lineno="644">
+<summary>
+Create directories with the system_dbusd_var_run_t label
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+</module>
+<module name="dcc" filename="policy/modules/services/dcc.if">
+<summary>Distributed checksum clearinghouse spam filtering.</summary>
+<interface name="dcc_domtrans_cdcc" lineno="13">
+<summary>
+Execute cdcc in the cdcc domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="dcc_run_cdcc" lineno="40">
+<summary>
+Execute cdcc in the cdcc domain, and
+allow the specified role the
+cdcc domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="dcc_domtrans_client" lineno="60">
+<summary>
+Execute dcc client in the dcc
+client domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="dcc_signal_client" lineno="79">
+<summary>
+Send generic signals to dcc client.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dcc_run_client" lineno="105">
+<summary>
+Execute dcc client in the dcc
+client domain, and allow the
+specified role the dcc client domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="dcc_domtrans_dbclean" lineno="124">
+<summary>
+Execute dbclean in the dcc dbclean domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="dcc_run_dbclean" lineno="151">
+<summary>
+Execute dbclean in the dcc dbclean
+domain, and allow the specified
+role the dcc dbclean domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="dcc_stream_connect_dccifd" lineno="171">
+<summary>
+Connect to dccifd over a unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="ddclient" filename="policy/modules/services/ddclient.if">
+<summary>Update dynamic IP address at DynDNS.org.</summary>
+<interface name="ddclient_domtrans" lineno="13">
+<summary>
+Execute ddclient in the ddclient domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ddclient_run" lineno="40">
+<summary>
+Execute ddclient in the ddclient
+domain, and allow the specified
+role the ddclient domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="ddclient_admin" lineno="66">
+<summary>
+All of the rules required to
+administrate an ddclient environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="denyhosts" filename="policy/modules/services/denyhosts.if">
+<summary>SSH dictionary attack mitigation.</summary>
+<interface name="denyhosts_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run denyhosts.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="denyhosts_initrc_domtrans" lineno="33">
+<summary>
+Execute denyhost server in the
+denyhost domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="denyhosts_admin" lineno="57">
+<summary>
+All of the rules required to
+administrate an denyhosts environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="devicekit" filename="policy/modules/services/devicekit.if">
+<summary>Devicekit modular hardware abstraction layer.</summary>
+<interface name="devicekit_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run devicekit.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="devicekit_dgram_send" lineno="33">
+<summary>
+Send to devicekit over a unix domain
+datagram socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="devicekit_dbus_chat" lineno="53">
+<summary>
+Send and receive messages from
+devicekit over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="devicekit_dbus_chat_disk" lineno="74">
+<summary>
+Send and receive messages from
+devicekit disk over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="devicekit_signal_power" lineno="94">
+<summary>
+Send generic signals to devicekit power.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="devicekit_dbus_chat_power" lineno="113">
+<summary>
+Send and receive messages from
+devicekit power over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="devicekit_use_fds_power" lineno="134">
+<summary>
+Use and inherit devicekit power
+file descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="devicekit_append_inherited_log_files" lineno="152">
+<summary>
+Append inherited devicekit log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="devicekit_manage_log_files" lineno="174">
+<summary>
+Create, read, write, and delete
+devicekit log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="devicekit_relabel_log_files" lineno="193">
+<summary>
+Relabel devicekit log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="devicekit_read_pid_files" lineno="212">
+<summary>
+Read devicekit PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="devicekit_manage_pid_files" lineno="232">
+<summary>
+Create, read, write, and delete
+devicekit PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="devicekit_admin" lineno="258">
+<summary>
+All of the rules required to
+administrate an devicekit environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role" unused="true">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="dhcp" filename="policy/modules/services/dhcp.if">
+<summary>Dynamic host configuration protocol server.</summary>
+<interface name="dhcpd_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run dhcpd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="dhcpd_setattr_state_files" lineno="33">
+<summary>
+Set attributes of dhcpd server
+state files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dhcpd_initrc_domtrans" lineno="53">
+<summary>
+Execute dhcp server in the dhcp domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="dhcpd_admin" lineno="78">
+<summary>
+All of the rules required to
+administrate an dhcpd environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="dhcpd_use_ldap" dftval="false">
+<desc>
+<p>
+Determine whether DHCP daemon
+can use LDAP backends.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="dictd" filename="policy/modules/services/dictd.if">
+<summary>Dictionary daemon.</summary>
+<interface name="dictd_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an dictd environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="dirmngr" filename="policy/modules/services/dirmngr.if">
+<summary>Server for managing and downloading certificate revocation lists.</summary>
+<interface name="dirmngr_role" lineno="18">
+<summary>
+Role access for dirmngr.
+</summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role.
+</summary>
+</param>
+</interface>
+<interface name="dirmngr_domtrans" lineno="47">
+<summary>
+Execute dirmngr in the dirmngr domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="dirmngr_exec" lineno="66">
+<summary>
+Execute the dirmngr in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dirmngr_stream_connect" lineno="85">
+<summary>
+Connect to dirmngr socket
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dirmngr_admin" lineno="114">
+<summary>
+All of the rules required to
+administrate an dirmngr environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="distcc" filename="policy/modules/services/distcc.if">
+<summary>Distributed compiler daemon.</summary>
+<interface name="distcc_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an distcc environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="djbdns" filename="policy/modules/services/djbdns.if">
+<summary>Small and secure DNS daemon.</summary>
+<template name="djbdns_daemontools_domain_template" lineno="13">
+<summary>
+The template to define a djbdns domain.
+</summary>
+<param name="domain_prefix">
+<summary>
+Domain prefix to be used.
+</summary>
+</param>
+</template>
+<interface name="djbdns_search_tinydns_keys" lineno="54">
+<summary>
+Search djbdns-tinydns key ring.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="djbdns_link_tinydns_keys" lineno="72">
+<summary>
+Link djbdns-tinydns key ring.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="dkim" filename="policy/modules/services/dkim.if">
+<summary>DomainKeys Identified Mail milter.</summary>
+<interface name="dkim_stream_connect" lineno="13">
+<summary>
+Allow a domain to talk to dkim via Unix domain socket
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dkim_admin" lineno="38">
+<summary>
+All of the rules required to
+administrate an dkim environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="dnsmasq" filename="policy/modules/services/dnsmasq.if">
+<summary>DNS forwarder and DHCP server.</summary>
+<interface name="dnsmasq_domtrans" lineno="14">
+<summary>
+Execute dnsmasq server in the dnsmasq domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="dnsmasq_initrc_domtrans" lineno="35">
+<summary>
+Execute the dnsmasq init script in
+the init script domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="dnsmasq_signal" lineno="54">
+<summary>
+Send generic signals to dnsmasq.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dnsmasq_signull" lineno="73">
+<summary>
+Send null signals to dnsmasq.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dnsmasq_kill" lineno="92">
+<summary>
+Send kill signals to dnsmasq.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dnsmasq_read_config" lineno="110">
+<summary>
+Read dnsmasq config files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dnsmasq_write_config" lineno="129">
+<summary>
+Write dnsmasq config files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dnsmasq_delete_pid_files" lineno="149">
+<summary>
+Delete dnsmasq pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dnsmasq_manage_pid_files" lineno="168">
+<summary>
+Create, read, write, and delete
+dnsmasq pid files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dnsmasq_read_pid_files" lineno="188">
+<summary>
+Read dnsmasq pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dnsmasq_create_pid_dirs" lineno="206">
+<summary>
+Create dnsmasq pid directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dnsmasq_spec_filetrans_pid" lineno="242">
+<summary>
+Create specified objects in specified
+directories with a type transition to
+the dnsmasq pid file type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="file_type">
+<summary>
+Directory to transition on.
+</summary>
+</param>
+<param name="object">
+<summary>
+The object class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="dnsmasq_admin" lineno="267">
+<summary>
+All of the rules required to
+administrate an dnsmasq environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="dnssectrigger" filename="policy/modules/services/dnssectrigger.if">
+<summary>Enables DNSSEC protection for DNS traffic.</summary>
+<interface name="dnssectrigger_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an dnssec environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="dovecot" filename="policy/modules/services/dovecot.if">
+<summary>POP and IMAP mail server.</summary>
+<interface name="dovecot_stream_connect" lineno="14">
+<summary>
+Connect to dovecot using a unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dovecot_stream_connect_auth" lineno="35">
+<summary>
+Connect to dovecot using a unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="dovecot_domtrans_deliver" lineno="55">
+<summary>
+Execute dovecot_deliver in the
+dovecot_deliver domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="dovecot_manage_spool" lineno="75">
+<summary>
+Create, read, write, and delete
+dovecot spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dovecot_dontaudit_unlink_lib_files" lineno="97">
+<summary>
+Do not audit attempts to delete
+dovecot lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dovecot_write_inherited_tmp_files" lineno="115">
+<summary>
+Write inherited dovecot tmp files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="dovecot_admin" lineno="140">
+<summary>
+All of the rules required to
+administrate an dovecot environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="dovecot_can_connect_db" dftval="false">
+<desc>
+<p>
+Determine whether dovecot can connect to
+databases.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="drbd" filename="policy/modules/services/drbd.if">
+<summary>Mirrors a block device over the network to another machine.</summary>
+<interface name="drbd_domtrans" lineno="14">
+<summary>
+Execute a domain transition to
+run drbd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="drbd_admin" lineno="40">
+<summary>
+All of the rules required to
+administrate an drbd environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="dspam" filename="policy/modules/services/dspam.if">
+<summary>Content-based spam filter designed for multi-user enterprise systems.</summary>
+<interface name="dspam_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run dspam.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dspam_stream_connect" lineno="33">
+<summary>
+Connect to dspam using a unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="dspam_admin" lineno="60">
+<summary>
+All of the rules required to
+administrate an dspam environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="allow_httpd_dspam_script_anon_write" dftval="false">
+<desc>
+<p>
+Determine whether the script domain can
+modify public files used for public file
+transfer services. Directories/Files must
+be labeled public_content_rw_t.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="entropyd" filename="policy/modules/services/entropyd.if">
+<summary>Generate entropy from audio input.</summary>
+<interface name="entropyd_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an entropyd environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="entropyd_use_audio" dftval="false">
+<desc>
+<p>
+Determine whether entropyd can use
+audio devices as the source for
+the entropy feeds.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="exim" filename="policy/modules/services/exim.if">
+<summary>Mail transfer agent.</summary>
+<interface name="exim_exec" lineno="13">
+<summary>
+Execute exim in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="exim_domtrans" lineno="32">
+<summary>
+Execute a domain transition to run exim.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="exim_run" lineno="59">
+<summary>
+Execute exim in the exim domain,
+and allow the specified role
+the exim domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="exim_dontaudit_read_tmp_files" lineno="79">
+<summary>
+Do not audit attempts to read exim
+temporary tmp files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="exim_read_tmp_files" lineno="97">
+<summary>
+Read exim temporary files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="exim_read_pid_files" lineno="116">
+<summary>
+Read exim pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="exim_read_log" lineno="136">
+<summary>
+Read exim log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="exim_append_log" lineno="155">
+<summary>
+Append exim log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="exim_manage_log" lineno="176">
+<summary>
+Create, read, write, and delete
+exim log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="exim_manage_spool_dirs" lineno="196">
+<summary>
+Create, read, write, and delete
+exim spool directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="exim_read_spool_files" lineno="215">
+<summary>
+Read exim spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="exim_manage_spool_files" lineno="236">
+<summary>
+Create, read, write, and delete
+exim spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="exim_read_var_lib_files" lineno="255">
+<summary>
+Read exim var lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="exim_manage_var_lib_files" lineno="274">
+<summary>
+Create, read, and write exim var lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="exim_admin" lineno="300">
+<summary>
+All of the rules required to
+administrate an exim environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="exim_can_connect_db" dftval="false">
+<desc>
+<p>
+Determine whether exim can connect to
+databases.
+</p>
+</desc>
+</tunable>
+<tunable name="exim_read_user_files" dftval="false">
+<desc>
+<p>
+Determine whether exim can read generic
+user content files.
+</p>
+</desc>
+</tunable>
+<tunable name="exim_manage_user_files" dftval="false">
+<desc>
+<p>
+Determine whether exim can create,
+read, write, and delete generic user
+content files.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="fail2ban" filename="policy/modules/services/fail2ban.if">
+<summary>Update firewall filtering to ban IP addresses with too many password failures.</summary>
+<interface name="fail2ban_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run fail2ban.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="fail2ban_domtrans_client" lineno="33">
+<summary>
+Execute the fail2ban client in
+the fail2ban client domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="fail2ban_run_client" lineno="60">
+<summary>
+Execute fail2ban client in the
+fail2ban client domain, and allow
+the specified role the fail2ban
+client domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fail2ban_stream_connect" lineno="80">
+<summary>
+Connect to fail2ban over a
+unix domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fail2ban_rw_inherited_tmp_files" lineno="99">
+<summary>
+Read and write inherited temporary files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fail2ban_dontaudit_use_fds" lineno="119">
+<summary>
+Do not audit attempts to use
+fail2ban file descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="fail2ban_dontaudit_rw_stream_sockets" lineno="138">
+<summary>
+Do not audit attempts to read and
+write fail2ban unix stream sockets
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="fail2ban_rw_stream_sockets" lineno="157">
+<summary>
+Read and write fail2ban unix
+stream sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fail2ban_read_lib_files" lineno="175">
+<summary>
+Read fail2ban lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fail2ban_read_log" lineno="195">
+<summary>
+Read fail2ban log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="fail2ban_append_log" lineno="214">
+<summary>
+Append fail2ban log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fail2ban_read_pid_files" lineno="233">
+<summary>
+Read fail2ban pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fail2ban_admin" lineno="259">
+<summary>
+All of the rules required to
+administrate an fail2ban environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="fcoe" filename="policy/modules/services/fcoe.if">
+<summary>Fibre Channel over Ethernet utilities.</summary>
+<interface name="fcoe_dgram_send_fcoemon" lineno="13">
+<summary>
+Send to fcoemon with a unix dgram socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fcoe_admin" lineno="39">
+<summary>
+All of the rules required to
+administrate an fcoemon environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="fetchmail" filename="policy/modules/services/fetchmail.if">
+<summary>Remote-mail retrieval and forwarding utility.</summary>
+<interface name="fetchmail_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an fetchmail environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="finger" filename="policy/modules/services/finger.if">
+<summary>Finger user information service.</summary>
+<interface name="finger_domtrans" lineno="13">
+<summary>
+Execute fingerd in the fingerd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+</module>
+<module name="firewalld" filename="policy/modules/services/firewalld.if">
+<summary>Service daemon with a D-BUS interface that provides a dynamic managed firewall.</summary>
+<interface name="firewalld_read_config_files" lineno="13">
+<summary>
+Read firewalld configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="firewalld_dbus_chat" lineno="33">
+<summary>
+Send and receive messages from
+firewalld over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="firewalld_dontaudit_rw_tmp_files" lineno="54">
+<summary>
+Do not audit attempts to read, snd
+write firewalld temporary files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="firewalld_read_var_run_files" lineno="72">
+<summary>
+Read firewalld runtime files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="firewalld_admin" lineno="98">
+<summary>
+All of the rules required to
+administrate an firewalld environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="fprintd" filename="policy/modules/services/fprintd.if">
+<summary>DBus fingerprint reader service.</summary>
+<interface name="fprintd_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run fprintd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="fprintd_dbus_chat" lineno="33">
+<summary>
+Send and receive messages from
+fprintd over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="ftp" filename="policy/modules/services/ftp.if">
+<summary>File transfer protocol service.</summary>
+<interface name="ftp_dyntrans_anon_sftpd" lineno="13">
+<summary>
+Execute a dyntransition to run anon sftpd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ftp_read_config" lineno="31">
+<summary>
+Read ftpd configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ftp_check_exec" lineno="50">
+<summary>
+Execute FTP daemon entry point programs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ftp_read_log" lineno="69">
+<summary>
+Read ftpd log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ftp_domtrans_ftpdctl" lineno="88">
+<summary>
+Execute the ftpdctl in the ftpdctl domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ftp_run_ftpdctl" lineno="115">
+<summary>
+Execute the ftpdctl in the ftpdctl
+domain, and allow the specified
+role the ftpctl domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="ftp_dyntrans_sftpd" lineno="134">
+<summary>
+Execute a dyntransition to run sftpd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ftp_admin" lineno="159">
+<summary>
+All of the rules required to
+administrate an ftp environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="allow_ftpd_anon_write" dftval="false">
+<desc>
+<p>
+Determine whether ftpd can modify
+public files used for public file
+transfer services. Directories/Files must
+be labeled public_content_rw_t.
+</p>
+</desc>
+</tunable>
+<tunable name="allow_ftpd_full_access" dftval="false">
+<desc>
+<p>
+Determine whether ftpd can login to
+local users and can read and write
+all files on the system, governed by DAC.
+</p>
+</desc>
+</tunable>
+<tunable name="allow_ftpd_use_cifs" dftval="false">
+<desc>
+<p>
+Determine whether ftpd can use CIFS
+used for public file transfer services.
+</p>
+</desc>
+</tunable>
+<tunable name="allow_ftpd_use_nfs" dftval="false">
+<desc>
+<p>
+Determine whether ftpd can use NFS
+used for public file transfer services.
+</p>
+</desc>
+</tunable>
+<tunable name="ftpd_connect_db" dftval="false">
+<desc>
+<p>
+Determine whether ftpd can connect to
+databases over the TCP network.
+</p>
+</desc>
+</tunable>
+<tunable name="ftpd_use_passive_mode" dftval="false">
+<desc>
+<p>
+Determine whether ftpd can bind to all
+unreserved ports for passive mode.
+</p>
+</desc>
+</tunable>
+<tunable name="ftpd_connect_all_unreserved" dftval="false">
+<desc>
+<p>
+Determine whether ftpd can connect to
+all unreserved ports.
+</p>
+</desc>
+</tunable>
+<tunable name="ftp_home_dir" dftval="false">
+<desc>
+<p>
+Determine whether ftpd can read and write
+files in user home directories.
+</p>
+</desc>
+</tunable>
+<tunable name="sftpd_anon_write" dftval="false">
+<desc>
+<p>
+Determine whether sftpd can modify
+public files used for public file
+transfer services. Directories/Files must
+be labeled public_content_rw_t.
+</p>
+</desc>
+</tunable>
+<tunable name="sftpd_enable_homedirs" dftval="false">
+<desc>
+<p>
+Determine whether sftpd-can read and write
+files in user home directories.
+</p>
+</desc>
+</tunable>
+<tunable name="sftpd_full_access" dftval="false">
+<desc>
+<p>
+Determine whether sftpd-can login to
+local users and read and write all
+files on the system, governed by DAC.
+</p>
+</desc>
+</tunable>
+<tunable name="sftpd_write_ssh_home" dftval="false">
+<desc>
+<p>
+Determine whether sftpd can read and write
+files in user ssh home directories.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="gatekeeper" filename="policy/modules/services/gatekeeper.if">
+<summary>OpenH.323 Voice-Over-IP Gatekeeper.</summary>
+<interface name="gatekeeper_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an gatekeeper environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="gdomap" filename="policy/modules/services/gdomap.if">
+<summary>GNUstep distributed object mapper.</summary>
+<interface name="gdomap_read_config" lineno="13">
+<summary>
+Read gdomap configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="gdomap_admin" lineno="39">
+<summary>
+All of the rules required to
+administrate an gdomap environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="geoclue" filename="policy/modules/services/geoclue.if">
+<summary>Geoclue is a D-Bus service that provides location information.</summary>
+</module>
+<module name="git" filename="policy/modules/services/git.if">
+<summary>GIT revision control system.</summary>
+<template name="git_role" lineno="18">
+<summary>
+Role access for Git session.
+</summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role.
+</summary>
+</param>
+</template>
+<interface name="git_read_generic_sys_content_files" lineno="60">
+<summary>
+Read generic system content files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<tunable name="git_cgi_enable_homedirs" dftval="false">
+<desc>
+<p>
+Determine whether Git CGI
+can search home directories.
+</p>
+</desc>
+</tunable>
+<tunable name="git_cgi_use_cifs" dftval="false">
+<desc>
+<p>
+Determine whether Git CGI
+can access cifs file systems.
+</p>
+</desc>
+</tunable>
+<tunable name="git_cgi_use_nfs" dftval="false">
+<desc>
+<p>
+Determine whether Git CGI
+can access nfs file systems.
+</p>
+</desc>
+</tunable>
+<tunable name="git_session_bind_all_unreserved_ports" dftval="false">
+<desc>
+<p>
+Determine whether Git session daemon
+can bind TCP sockets to all
+unreserved ports.
+</p>
+</desc>
+</tunable>
+<tunable name="git_session_users" dftval="false">
+<desc>
+<p>
+Determine whether calling user domains
+can execute Git daemon in the
+git_session_t domain.
+</p>
+</desc>
+</tunable>
+<tunable name="git_session_send_syslog_msg" dftval="false">
+<desc>
+<p>
+Determine whether Git session daemons
+can send syslog messages.
+</p>
+</desc>
+</tunable>
+<tunable name="git_system_enable_homedirs" dftval="false">
+<desc>
+<p>
+Determine whether Git system daemon
+can search home directories.
+</p>
+</desc>
+</tunable>
+<tunable name="git_system_use_cifs" dftval="false">
+<desc>
+<p>
+Determine whether Git system daemon
+can access cifs file systems.
+</p>
+</desc>
+</tunable>
+<tunable name="git_system_use_nfs" dftval="false">
+<desc>
+<p>
+Determine whether Git system daemon
+can access nfs file systems.
+</p>
+</desc>
+</tunable>
+<tunable name="allow_httpd_git_script_anon_write" dftval="false">
+<desc>
+<p>
+Determine whether the script domain can
+modify public files used for public file
+transfer services. Directories/Files must
+be labeled public_content_rw_t.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="glance" filename="policy/modules/services/glance.if">
+<summary>OpenStack image registry and delivery service.</summary>
+<interface name="glance_domtrans_registry" lineno="14">
+<summary>
+Execute a domain transition to
+run glance registry.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="glance_domtrans_api" lineno="34">
+<summary>
+Execute a domain transition to
+run glance api.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="glance_read_log" lineno="54">
+<summary>
+Read glance log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="glance_append_log" lineno="73">
+<summary>
+Append glance log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="glance_manage_log" lineno="93">
+<summary>
+Create, read, write, and delete
+glance log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="glance_search_lib" lineno="114">
+<summary>
+Search glance lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="glance_read_lib_files" lineno="133">
+<summary>
+Read glance lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="glance_manage_lib_files" lineno="153">
+<summary>
+Create, read, write, and delete
+glance lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="glance_manage_lib_dirs" lineno="173">
+<summary>
+Create, read, write, and delete
+glance lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="glance_read_pid_files" lineno="192">
+<summary>
+Read glance pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="glance_manage_pid_files" lineno="212">
+<summary>
+Create, read, write, and delete
+glance pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="glance_admin" lineno="238">
+<summary>
+All of the rules required to
+administrate an glance environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="glusterfs" filename="policy/modules/services/glusterfs.if">
+<summary>Cluster File System binary, daemon and command line.</summary>
+<interface name="glusterfs_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an glusterfs environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="gnomeclock" filename="policy/modules/services/gnomeclock.if">
+<summary>Gnome clock handler for setting the time.</summary>
+<interface name="gnomeclock_domtrans" lineno="14">
+<summary>
+Execute a domain transition to
+run gnomeclock.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="gnomeclock_run" lineno="40">
+<summary>
+Execute gnomeclock in the gnomeclock
+domain, and allow the specified
+role the gnomeclock domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+<interface name="gnomeclock_dbus_chat" lineno="60">
+<summary>
+Send and receive messages from
+gnomeclock over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="gnomeclock_dontaudit_dbus_chat" lineno="82">
+<summary>
+Do not audit attempts to send and
+receive messages from gnomeclock
+over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+</module>
+<module name="gpm" filename="policy/modules/services/gpm.if">
+<summary>General Purpose Mouse driver.</summary>
+<interface name="gpm_stream_connect" lineno="14">
+<summary>
+Connect to GPM over a unix domain
+stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="gpm_getattr_gpmctl" lineno="34">
+<summary>
+Get attributes of gpm control
+channel named sock files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="gpm_dontaudit_getattr_gpmctl" lineno="56">
+<summary>
+Do not audit attempts to get
+attributes of gpm control channel
+named sock files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="gpm_setattr_gpmctl" lineno="76">
+<summary>
+Set attributes of gpm control
+channel named sock files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="gpm_admin" lineno="102">
+<summary>
+All of the rules required to
+administrate an gpm environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="gpsd" filename="policy/modules/services/gpsd.if">
+<summary>gpsd monitor daemon.</summary>
+<interface name="gpsd_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run gpsd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="gpsd_run" lineno="38">
+<summary>
+Execute gpsd in the gpsd domain, and
+allow the specified role the gpsd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+<interface name="gpsd_rw_shm" lineno="57">
+<summary>
+Read and write gpsd shared memory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="gpsd_admin" lineno="86">
+<summary>
+All of the rules required to
+administrate an gpsd environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="gssproxy" filename="policy/modules/services/gssproxy.if">
+<summary>policy for gssproxy - daemon to proxy GSSAPI context establishment and channel handling</summary>
+<interface name="gssproxy_domtrans" lineno="13">
+<summary>
+Execute gssproxy in the gssproxy domin.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="gssproxy_search_lib" lineno="32">
+<summary>
+Search gssproxy lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="gssproxy_read_lib_files" lineno="51">
+<summary>
+Read gssproxy lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="gssproxy_manage_lib_files" lineno="70">
+<summary>
+Manage gssproxy lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="gssproxy_manage_lib_dirs" lineno="89">
+<summary>
+Manage gssproxy lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="gssproxy_read_pid_files" lineno="108">
+<summary>
+Read gssproxy PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="gssproxy_stream_connect" lineno="128">
+<summary>
+Connect to gssproxy over an unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="gssproxy_admin" lineno="150">
+<summary>
+All of the rules required to administrate
+an gssproxy environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="hadoop" filename="policy/modules/services/hadoop.if">
+<summary>Software for reliable, scalable, distributed computing.</summary>
+<template name="hadoop_domain_template" lineno="13">
+<summary>
+The template to define a hadoop domain.
+</summary>
+<param name="domain_prefix">
+<summary>
+Domain prefix to be used.
+</summary>
+</param>
+</template>
+<interface name="hadoop_role" lineno="107">
+<summary>
+Role access for hadoop.
+</summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="hadoop_domtrans" lineno="139">
+<summary>
+Execute hadoop in the
+hadoop domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="hadoop_recvfrom" lineno="158">
+<summary>
+Receive from hadoop peer.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hadoop_domtrans_zookeeper_client" lineno="177">
+<summary>
+Execute zookeeper client in the
+zookeeper client domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="hadoop_recvfrom_zookeeper_client" lineno="196">
+<summary>
+Receive from zookeeper peer.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hadoop_domtrans_zookeeper_server" lineno="215">
+<summary>
+Execute zookeeper server in the
+zookeeper server domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="hadoop_recvfrom_zookeeper_server" lineno="234">
+<summary>
+Receive from zookeeper server peer.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hadoop_initrc_domtrans_zookeeper_server" lineno="253">
+<summary>
+Execute zookeeper server in the
+zookeeper domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="hadoop_recvfrom_datanode" lineno="271">
+<summary>
+Receive from datanode peer.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hadoop_read_config" lineno="289">
+<summary>
+Read hadoop configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hadoop_exec_config" lineno="308">
+<summary>
+Execute hadoop configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hadoop_recvfrom_jobtracker" lineno="327">
+<summary>
+Receive from jobtracker peer.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hadoop_match_lan_spd" lineno="345">
+<summary>
+Match hadoop lan association.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hadoop_recvfrom_namenode" lineno="363">
+<summary>
+Receive from namenode peer.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hadoop_recvfrom_secondarynamenode" lineno="381">
+<summary>
+Receive from secondary namenode peer.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hadoop_recvfrom_tasktracker" lineno="399">
+<summary>
+Receive from tasktracker peer.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hadoop_admin" lineno="424">
+<summary>
+All of the rules required to
+administrate an hadoop environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="hal" filename="policy/modules/services/hal.if">
+<summary>Hardware abstraction layer.</summary>
+<interface name="hal_domtrans" lineno="13">
+<summary>
+Execute hal in the hal domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="hal_getattr" lineno="32">
+<summary>
+Get attributes of hald processes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hal_read_state" lineno="50">
+<summary>
+Read hal process state files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hal_ptrace" lineno="68">
+<summary>
+Trace hald processes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hal_use_fds" lineno="86">
+<summary>
+Inherit and use hald file descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hal_dontaudit_use_fds" lineno="105">
+<summary>
+Do not audit attempts to inherited
+and use hald file descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="hal_rw_pipes" lineno="123">
+<summary>
+Read and write hald unnamed pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hal_dontaudit_rw_pipes" lineno="142">
+<summary>
+Do not audit attempts to read and
+write hald unnamed pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="hal_dgram_send" lineno="161">
+<summary>
+Send to hald over a unix domain
+datagram socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hal_stream_connect" lineno="181">
+<summary>
+Send to hald over a unix domain
+stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hal_dontaudit_rw_dgram_sockets" lineno="201">
+<summary>
+Do not audit attempts to read and
+write hald unix datagram sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="hal_dbus_send" lineno="219">
+<summary>
+Send messages to hald over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hal_dbus_chat" lineno="239">
+<summary>
+Send and receive messages from
+hald over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hal_domtrans_mac" lineno="259">
+<summary>
+Execute hal mac in the hal mac domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="hal_write_log" lineno="278">
+<summary>
+Write hald log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hal_dontaudit_write_log" lineno="298">
+<summary>
+Do not audit attempts to write hald
+log files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="hal_manage_log" lineno="317">
+<summary>
+Create, read, write, and delete
+hald log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hal_read_tmp_files" lineno="336">
+<summary>
+Read hald temporary files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hal_dontaudit_append_lib_files" lineno="356">
+<summary>
+Do not audit attempts to append
+hald libraries files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="hal_read_pid_files" lineno="374">
+<summary>
+Read hald pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hal_rw_pid_files" lineno="393">
+<summary>
+Read and write hald pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hal_manage_pid_dirs" lineno="413">
+<summary>
+Create, read, write, and delete
+hald pid directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hal_manage_pid_files" lineno="433">
+<summary>
+Create, read, write, and delete
+hald pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="hddtemp" filename="policy/modules/services/hddtemp.if">
+<summary>Hard disk temperature tool running as a daemon.</summary>
+<interface name="hddtemp_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run hddtemp.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="hddtemp_exec" lineno="32">
+<summary>
+Execute hddtemp in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="hddtemp_admin" lineno="58">
+<summary>
+All of the rules required to
+administrate an hddtemp environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="hostapd" filename="policy/modules/services/hostapd.if">
+<summary>IEEE 802.11 wireless LAN Host AP daemon.</summary>
+</module>
+<module name="howl" filename="policy/modules/services/howl.if">
+<summary>Port of Apple Rendezvous multicast DNS.</summary>
+<interface name="howl_signal" lineno="13">
+<summary>
+Send generic signals to howl.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="howl_admin" lineno="38">
+<summary>
+All of the rules required to
+administrate an howl environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="hypervkvp" filename="policy/modules/services/hypervkvp.if">
+<summary>HyperV key value pair (KVP).</summary>
+<interface name="hypervkvp_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an hypervkvp environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="i18n_input" filename="policy/modules/services/i18n_input.if">
+<summary>IIIMF htt server.</summary>
+<interface name="i18n_input_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an i18n input environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="i18n_input_read_generic_user_content" dftval="true">
+<desc>
+<p>
+Grant the i18n_input domains read access to generic user content
+</p>
+</desc>
+</tunable>
+</module>
+<module name="icecast" filename="policy/modules/services/icecast.if">
+<summary>ShoutCast compatible streaming media server.</summary>
+<interface name="icecast_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run icecast.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="icecast_signal" lineno="32">
+<summary>
+Send generic signals to icecast.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="icecast_initrc_domtrans" lineno="50">
+<summary>
+Execute icecast server in the icecast domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="icecast_read_pid_files" lineno="68">
+<summary>
+Read icecast pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="icecast_manage_pid_files" lineno="88">
+<summary>
+Create, read, write, and delete
+icecast pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="icecast_read_log" lineno="108">
+<summary>
+Read icecast log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="icecast_append_log" lineno="127">
+<summary>
+Append icecast log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="icecast_manage_log" lineno="147">
+<summary>
+Create, read, write, and delete
+icecast log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allow access.
+</summary>
+</param>
+</interface>
+<interface name="icecast_admin" lineno="173">
+<summary>
+All of the rules required to
+administrate an icecast environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="icecast_use_any_tcp_ports" dftval="false">
+<desc>
+<p>
+Determine whether icecast can listen
+on and connect to any TCP port.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="ifplugd" filename="policy/modules/services/ifplugd.if">
+<summary>Bring up/down ethernet interfaces based on cable detection.</summary>
+<interface name="ifplugd_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run ifplugd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ifplugd_signal" lineno="32">
+<summary>
+Send generic signals to ifplugd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ifplugd_read_config" lineno="50">
+<summary>
+Read ifplugd configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ifplugd_manage_config" lineno="70">
+<summary>
+Create, read, write, and delete
+ifplugd configuration content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ifplugd_read_pid_files" lineno="90">
+<summary>
+Read ifplugd pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ifplugd_admin" lineno="116">
+<summary>
+All of the rules required to
+administrate an ifplugd environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="imaze" filename="policy/modules/services/imaze.if">
+<summary>iMaze game server.</summary>
+</module>
+<module name="inetd" filename="policy/modules/services/inetd.if">
+<summary>Internet services daemon.</summary>
+<interface name="inetd_core_service_domain" lineno="27">
+<summary>
+Define the specified domain as a inetd service.
+</summary>
+<desc>
+<p>
+Define the specified domain as a inetd service.  The
+inetd_service_domain(), inetd_tcp_service_domain(),
+or inetd_udp_service_domain() interfaces should be used
+instead of this interface, as this interface only provides
+the common rules to these three interfaces.
+</p>
+</desc>
+<param name="domain">
+<summary>
+The type associated with the inetd service process.
+</summary>
+</param>
+<param name="entrypoint">
+<summary>
+The type associated with the process program.
+</summary>
+</param>
+</interface>
+<interface name="inetd_tcp_service_domain" lineno="57">
+<summary>
+Define the specified domain as a TCP inetd service.
+</summary>
+<param name="domain">
+<summary>
+The type associated with the inetd service process.
+</summary>
+</param>
+<param name="entrypoint">
+<summary>
+The type associated with the process program.
+</summary>
+</param>
+</interface>
+<interface name="inetd_udp_service_domain" lineno="83">
+<summary>
+Define the specified domain as a UDP inetd service.
+</summary>
+<param name="domain">
+<summary>
+The type associated with the inetd service process.
+</summary>
+</param>
+<param name="entrypoint">
+<summary>
+The type associated with the process program.
+</summary>
+</param>
+</interface>
+<interface name="inetd_service_domain" lineno="108">
+<summary>
+Define the specified domain as a TCP and UDP inetd service.
+</summary>
+<param name="domain">
+<summary>
+The type associated with the inetd service process.
+</summary>
+</param>
+<param name="entrypoint">
+<summary>
+The type associated with the process program.
+</summary>
+</param>
+</interface>
+<interface name="inetd_use_fds" lineno="133">
+<summary>
+Inherit and use inetd file descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="inetd_domtrans_child" lineno="152">
+<summary>
+Run inetd child process in the
+inet child domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="inetd_rw_tcp_sockets" lineno="171">
+<summary>
+Read and write inetd TCP sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="inn" filename="policy/modules/services/inn.if">
+<summary>Internet News NNTP server.</summary>
+<interface name="inn_exec" lineno="13">
+<summary>
+Execute innd in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="inn_exec_config" lineno="32">
+<summary>
+Execute inn configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="inn_manage_log" lineno="52">
+<summary>
+Create, read, write, and delete
+innd log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="inn_generic_log_filetrans_innd_log" lineno="81">
+<summary>
+Create specified objects in generic
+log directories with the innd log file type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+Class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="inn_manage_pid" lineno="100">
+<summary>
+Create, read, write, and delete
+innd pid content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="inn_read_config" lineno="122">
+<summary>
+Read innd configuration content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="inn_read_news_lib" lineno="142">
+<summary>
+Read innd news library content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="inn_read_news_spool" lineno="161">
+<summary>
+Read innd news spool content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="inn_dgram_send" lineno="181">
+<summary>
+Send to a innd unix dgram socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="inn_domtrans" lineno="200">
+<summary>
+Execute innd in the innd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="inn_admin" lineno="226">
+<summary>
+All of the rules required to
+administrate an inn environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="iodine" filename="policy/modules/services/iodine.if">
+<summary>IP over DNS tunneling daemon.</summary>
+<interface name="iodine_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an iodined environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="ircd" filename="policy/modules/services/ircd.if">
+<summary>IRC servers.</summary>
+<interface name="ircd_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an ircd environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="irqbalance" filename="policy/modules/services/irqbalance.if">
+<summary>IRQ balancing daemon.</summary>
+<interface name="irqbalance_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an irqbalance environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="isns" filename="policy/modules/services/isns.if">
+<summary>Internet Storage Name Service.</summary>
+<interface name="isnsd_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an isnsd environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="jabber" filename="policy/modules/services/jabber.if">
+<summary>Jabber instant messaging servers.</summary>
+<template name="jabber_domain_template" lineno="13">
+<summary>
+The template to define a jabber domain.
+</summary>
+<param name="domain_prefix">
+<summary>
+Domain prefix to be used.
+</summary>
+</param>
+</template>
+<interface name="jabber_manage_lib_files" lineno="34">
+<summary>
+Create, read, write, and delete
+jabber lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="jabber_admin" lineno="60">
+<summary>
+All of the rules required to
+administrate an jabber environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="jockey" filename="policy/modules/services/jockey.if">
+<summary>Jockey driver manager.</summary>
+</module>
+<module name="kerberos" filename="policy/modules/services/kerberos.if">
+<summary>MIT Kerberos admin and KDC.</summary>
+<interface name="kerberos_exec_kadmind" lineno="13">
+<summary>
+Execute kadmind in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kerberos_domtrans_kpropd" lineno="32">
+<summary>
+Execute a domain transition to run kpropd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="kerberos_use" lineno="51">
+<summary>
+Support kerberos services.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kerberos_read_config" lineno="112">
+<summary>
+Read kerberos configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kerberos_dontaudit_write_config" lineno="135">
+<summary>
+Do not audit attempts to write
+kerberos configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="kerberos_rw_config" lineno="155">
+<summary>
+Read and write kerberos
+configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kerberos_manage_krb5_home_files" lineno="175">
+<summary>
+Create, read, write, and delete
+kerberos home files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kerberos_relabel_krb5_home_files" lineno="194">
+<summary>
+Relabel kerberos home files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kerberos_home_filetrans_krb5_home" lineno="224">
+<summary>
+Create objects in user home
+directories with the krb5 home type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+Class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="kerberos_read_keytab" lineno="243">
+<summary>
+Read kerberos key table files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kerberos_rw_keytab" lineno="262">
+<summary>
+Read and write kerberos key table files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kerberos_manage_keytab_files" lineno="282">
+<summary>
+Create, read, write, and delete
+kerberos key table files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kerberos_etc_filetrans_keytab" lineno="313">
+<summary>
+Create specified objects in generic
+etc directories with the kerberos
+keytab file type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+Class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="kerberos_read_kdc_config" lineno="332">
+<summary>
+Read kerberos kdc configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kerberos_manage_host_rcache" lineno="353">
+<summary>
+Create, read, write, and delete
+kerberos host rcache files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="kerberos_tmp_filetrans_host_rcache" lineno="394">
+<summary>
+Create objects in generic temporary
+directories with the kerberos host
+rcache type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+Class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="kerberos_connect_524" lineno="412">
+<summary>
+Connect to krb524 service.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kerberos_admin" lineno="443">
+<summary>
+All of the rules required to
+administrate an kerberos environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="allow_kerberos" dftval="false">
+<desc>
+<p>
+Determine whether kerberos is supported.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="kerneloops" filename="policy/modules/services/kerneloops.if">
+<summary>Service for reporting kernel oopses to kerneloops.org.</summary>
+<interface name="kerneloops_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run kerneloops.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="kerneloops_dbus_chat" lineno="33">
+<summary>
+Send and receive messages from
+kerneloops over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kerneloops_dontaudit_dbus_chat" lineno="55">
+<summary>
+Do not audit attempts to Send and
+receive messages from kerneloops
+over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="kerneloops_manage_tmp_files" lineno="76">
+<summary>
+Create, read, write, and delete
+kerneloops temporary files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="kerneloops_admin" lineno="102">
+<summary>
+All of the rules required to
+administrate an kerneloops environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="keyboardd" filename="policy/modules/services/keyboardd.if">
+<summary>Xorg.conf keyboard layout callout.</summary>
+<interface name="keyboardd_read_pipes" lineno="13">
+<summary>
+Read keyboardd unnamed pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="keystone" filename="policy/modules/services/keystone.if">
+<summary>Python implementation of the OpenStack identity service API.</summary>
+<interface name="keystone_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an keystone environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="ksmtuned" filename="policy/modules/services/ksmtuned.if">
+<summary>Kernel Samepage Merging Tuning Daemon.</summary>
+<interface name="ksmtuned_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run ksmtuned.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ksmtuned_initrc_domtrans" lineno="33">
+<summary>
+Execute ksmtuned server in
+the ksmtuned domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ksmtuned_admin" lineno="58">
+<summary>
+All of the rules required to
+administrate an ksmtuned environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="ktalk" filename="policy/modules/services/ktalk.if">
+<summary>KDE Talk daemon.</summary>
+</module>
+<module name="l2tp" filename="policy/modules/services/l2tp.if">
+<summary>Layer 2 Tunneling Protocol.</summary>
+<interface name="l2tpd_dgram_send" lineno="14">
+<summary>
+Send to l2tpd with a unix
+domain dgram socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="l2tpd_rw_socket" lineno="34">
+<summary>
+Read and write l2tpd sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="l2tpd_stream_connect" lineno="53">
+<summary>
+Connect to l2tpd with a unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="l2tp_admin" lineno="80">
+<summary>
+All of the rules required to
+administrate an l2tp environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="ldap" filename="policy/modules/services/ldap.if">
+<summary>OpenLDAP directory server.</summary>
+<interface name="ldap_list_db" lineno="13">
+<summary>
+List ldap database directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ldap_read_config" lineno="33">
+<summary>
+Read ldap configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="ldap_stream_connect" lineno="53">
+<summary>
+Connect to slapd over an unix
+stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ldap_tcp_connect" lineno="72">
+<summary>
+Connect to ldap over the network.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ldap_admin" lineno="100">
+<summary>
+All of the rules required to
+administrate an ldap environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="ldap_run" lineno="148">
+<summary>
+Execute slapd in the slapd domain, and
+allow the given role the slapd_t type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="likewise" filename="policy/modules/services/likewise.if">
+<summary>Likewise Active Directory support for UNIX.</summary>
+<template name="likewise_domain_template" lineno="13">
+<summary>
+The template to define a likewise domain.
+</summary>
+<param name="userdomain_prefix">
+<summary>
+The type of daemon to be used.
+</summary>
+</param>
+</template>
+<interface name="likewise_stream_connect_lsassd" lineno="71">
+<summary>
+Connect to lsassd with a unix domain
+stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="likewise_admin" lineno="97">
+<summary>
+All of the rules required to
+administrate an likewise environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="lircd" filename="policy/modules/services/lircd.if">
+<summary>Linux infared remote control daemon.</summary>
+<interface name="lircd_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run lircd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="lircd_stream_connect" lineno="33">
+<summary>
+Connect to lircd over a unix domain
+stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="lircd_read_config" lineno="52">
+<summary>
+Read lircd etc files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="lircd_admin" lineno="78">
+<summary>
+All of the rules required to
+administrate a lircd environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="lldpad" filename="policy/modules/services/lldpad.if">
+<summary>Intel LLDP Agent.</summary>
+<interface name="lldpad_dgram_send" lineno="13">
+<summary>
+Send to lldpad with a unix dgram socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="lldpad_admin" lineno="39">
+<summary>
+All of the rules required to
+administrate an lldpad environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="lpd" filename="policy/modules/services/lpd.if">
+<summary>Line printer daemon.</summary>
+<interface name="lpd_role" lineno="18">
+<summary>
+Role access for lpd.
+</summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role.
+</summary>
+</param>
+</interface>
+<interface name="lpd_domtrans_checkpc" lineno="58">
+<summary>
+Execute lpd in the lpd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="lpd_run_checkpc" lineno="85">
+<summary>
+Execute amrecover in the lpd
+domain, and allow the specified
+role the lpd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="lpd_list_spool" lineno="104">
+<summary>
+List printer spool directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="lpd_read_spool" lineno="123">
+<summary>
+Read printer spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="lpd_manage_spool" lineno="143">
+<summary>
+Create, read, write, and delete
+printer spool content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="lpd_relabel_spool" lineno="164">
+<summary>
+Relabel spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="lpd_read_config" lineno="184">
+<summary>
+Read printer configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<template name="lpd_domtrans_lpr" lineno="203">
+<summary>
+Transition to a user lpr domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</template>
+<interface name="lpd_run_lpr" lineno="229">
+<summary>
+Execute lpr in the lpr domain, and
+allow the specified role the lpr domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="lpd_exec_lpr" lineno="248">
+<summary>
+Execute lpr in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<tunable name="use_lpd_server" dftval="false">
+<desc>
+<p>
+Determine whether to support lpd server.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="lsm" filename="policy/modules/services/lsm.if">
+<summary>Storage array management library.</summary>
+<interface name="lsmd_admin" lineno="20">
+<summary>
+All of the rules required to administrate
+an lsmd environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role" unused="true">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="mailman" filename="policy/modules/services/mailman.if">
+<summary>Manage electronic mail discussion and e-newsletter lists.</summary>
+<template name="mailman_domain_template" lineno="13">
+<summary>
+The template to define a mailman domain.
+</summary>
+<param name="domain_prefix">
+<summary>
+Domain prefix to be used.
+</summary>
+</param>
+</template>
+<interface name="mailman_domtrans" lineno="54">
+<summary>
+Execute mailman in the mailman domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="mailman_run" lineno="81">
+<summary>
+Execute the mailman program in the
+mailman domain and allow the
+specified role the mailman domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mailman_domtrans_cgi" lineno="101">
+<summary>
+Execute mailman CGI scripts in the
+mailman CGI domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="mailman_exec" lineno="120">
+<summary>
+Execute mailman in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowd access.
+</summary>
+</param>
+</interface>
+<interface name="mailman_signal_cgi" lineno="139">
+<summary>
+Send generic signals to mailman cgi.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mailman_search_data" lineno="157">
+<summary>
+Search mailman data directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mailman_read_data_files" lineno="176">
+<summary>
+Read mailman data content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mailman_manage_data_files" lineno="198">
+<summary>
+Create, read, write, and delete
+mailman data files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mailman_list_data" lineno="218">
+<summary>
+List mailman data directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mailman_read_data_symlinks" lineno="237">
+<summary>
+Read mailman data symbolic links.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mailman_read_log" lineno="255">
+<summary>
+Read mailman log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mailman_append_log" lineno="274">
+<summary>
+Append mailman log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mailman_manage_log" lineno="294">
+<summary>
+Create, read, write, and delete
+mailman log content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mailman_read_archive" lineno="314">
+<summary>
+Read mailman archive content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mailman_domtrans_queue" lineno="336">
+<summary>
+Execute mailman_queue in the
+mailman_queue domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+</module>
+<module name="mailscanner" filename="policy/modules/services/mailscanner.if">
+<summary>E-mail security and anti-spam package for e-mail gateway systems.</summary>
+<interface name="mscan_manage_spool_content" lineno="14">
+<summary>
+Create, read, write, and delete
+mscan spool content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mscan_admin" lineno="41">
+<summary>
+All of the rules required to
+administrate an mscan environment
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="mediawiki" filename="policy/modules/services/mediawiki.if">
+<summary>Open source wiki package written in PHP.</summary>
+<tunable name="allow_httpd_mediawiki_script_anon_write" dftval="false">
+<desc>
+<p>
+Determine whether the script domain can
+modify public files used for public file
+transfer services. Directories/Files must
+be labeled public_content_rw_t.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="memcached" filename="policy/modules/services/memcached.if">
+<summary>High-performance memory object caching system.</summary>
+<interface name="memcached_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run memcached.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="memcached_manage_pid_files" lineno="33">
+<summary>
+Create, read, write, and delete
+memcached pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="memcached_read_pid_files" lineno="52">
+<summary>
+Read memcached pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="memcached_stream_connect" lineno="72">
+<summary>
+Connect to memcached using a unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="memcached_tcp_connect" lineno="91">
+<summary>
+Connect to memcache over the network.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="memcached_admin" lineno="119">
+<summary>
+All of the rules required to
+administrate an memcached environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="milter" filename="policy/modules/services/milter.if">
+<summary>Milter mail filters.</summary>
+<template name="milter_template" lineno="13">
+<summary>
+The template to define a milter domain.
+</summary>
+<param name="domain_prefix">
+<summary>
+Domain prefix to be used.
+</summary>
+</param>
+</template>
+<interface name="milter_stream_connect_all" lineno="52">
+<summary>
+connect to all milter domains using
+a unix domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="milter_getattr_all_sockets" lineno="71">
+<summary>
+Get attributes of all  milter sock files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="milter_manage_spamass_state" lineno="90">
+<summary>
+Create, read, write, and delete
+spamassissin milter data content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="milter_getattr_data_dir" lineno="111">
+<summary>
+Get the attributes of the spamassissin milter data dir.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="minidlna" filename="policy/modules/services/minidlna.if">
+<summary>MiniDLNA lightweight DLNA/UPnP media server</summary>
+<interface name="minidlna_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an minidlna environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="minidlna_initrc_domtrans" lineno="55">
+<summary>
+Execute minidlna init scripts in
+the initrc domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<tunable name="minidlna_read_generic_user_content" dftval="false">
+<desc>
+<p>
+Determine whether minidlna can read generic user content.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="minissdpd" filename="policy/modules/services/minissdpd.if">
+<summary>Daemon used by MiniUPnPc to speed up device discoveries.</summary>
+<interface name="minissdpd_read_config" lineno="13">
+<summary>
+Read minissdpd configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="minissdpd_admin" lineno="39">
+<summary>
+All of the rules required to
+administrate an minissdpd environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="modemmanager" filename="policy/modules/services/modemmanager.if">
+<summary>Provides a DBus interface to communicate with mobile broadband (GSM, CDMA, UMTS, ...) cards.</summary>
+<interface name="modemmanager_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run modemmanager.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="modemmanager_dbus_chat" lineno="33">
+<summary>
+Send and receive messages from
+modemmanager over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="mojomojo" filename="policy/modules/services/mojomojo.if">
+<summary>MojoMojo Wiki.</summary>
+<tunable name="allow_httpd_mojomojo_script_anon_write" dftval="false">
+<desc>
+<p>
+Determine whether the script domain can
+modify public files used for public file
+transfer services. Directories/Files must
+be labeled public_content_rw_t.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="mon" filename="policy/modules/services/mon.if">
+<summary>mon network monitoring daemon.</summary>
+<interface name="mon_dontaudit_use_fds" lineno="13">
+<summary>
+dontaudit using an inherited fd from mon_t
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit
+</summary>
+</param>
+</interface>
+<interface name="mon_dontaudit_search_var_lib" lineno="31">
+<summary>
+dontaudit searching /var/lib/mon
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit
+</summary>
+</param>
+</interface>
+</module>
+<module name="mongodb" filename="policy/modules/services/mongodb.if">
+<summary>Scalable, high-performance, open source NoSQL database.</summary>
+<interface name="mongodb_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an mongodb environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="monit" filename="policy/modules/services/monit.if">
+<summary>Monit - utility for monitoring services on a Unix system.</summary>
+<interface name="monit_domtrans_cli" lineno="13">
+<summary>
+Execute a domain transition to run monit cli.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="monit_run_cli" lineno="39">
+<summary>
+Execute monit in the monit cli domain,
+and allow the specified role
+the monit cli domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+<interface name="monit_reload" lineno="58">
+<summary>
+Reload the monit daemon.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="monit_startstop_service" lineno="77">
+<summary>
+Start and stop the monit daemon.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="monit_admin" lineno="102">
+<summary>
+All of the rules required to
+administrate an monit environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+<tunable name="monit_startstop_services" dftval="false">
+<desc>
+<p>
+Allow monit to start/stop services
+</p>
+</desc>
+</tunable>
+</module>
+<module name="monop" filename="policy/modules/services/monop.if">
+<summary>Monopoly daemon.</summary>
+<interface name="monop_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an monop environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="mpd" filename="policy/modules/services/mpd.if">
+<summary>Music Player Daemon.</summary>
+<interface name="mpd_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run mpd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="mpd_initrc_domtrans" lineno="32">
+<summary>
+Execute mpd server in the mpd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="mpd_read_data_files" lineno="50">
+<summary>
+Read mpd data files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mpd_manage_data_files" lineno="70">
+<summary>
+Create, read, write, and delete
+mpd data files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mpd_manage_user_data_content" lineno="90">
+<summary>
+Create, read, write, and delete
+mpd user data content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mpd_relabel_user_data_content" lineno="111">
+<summary>
+Relabel mpd user data content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mpd_home_filetrans_user_data" lineno="143">
+<summary>
+Create objects in user home
+directories with the mpd user data type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+Class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="mpd_read_tmpfs_files" lineno="161">
+<summary>
+Read mpd tmpfs files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mpd_manage_tmpfs_files" lineno="181">
+<summary>
+Create, read, write, and delete
+mpd tmpfs files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mpd_search_lib" lineno="201">
+<summary>
+Search mpd lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mpd_read_lib_files" lineno="220">
+<summary>
+Read mpd lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mpd_manage_lib_files" lineno="240">
+<summary>
+Create, read, write, and delete
+mpd lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mpd_var_lib_filetrans" lineno="275">
+<summary>
+Create specified objects in mpd
+lib directories with a private type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="private type">
+<summary>
+The type of the object to be created.
+</summary>
+</param>
+<param name="object">
+<summary>
+The object class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="mpd_manage_lib_dirs" lineno="295">
+<summary>
+Create, read, write, and delete
+mpd lib dirs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mpd_admin" lineno="321">
+<summary>
+All of the rules required to
+administrate an mpd environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="mpd_enable_homedirs" dftval="false">
+<desc>
+<p>
+Determine whether mpd can traverse
+user home directories.
+</p>
+</desc>
+</tunable>
+<tunable name="mpd_use_cifs" dftval="false">
+<desc>
+<p>
+Determine whether mpd can use
+cifs file systems.
+</p>
+</desc>
+</tunable>
+<tunable name="mpd_use_nfs" dftval="false">
+<desc>
+<p>
+Determine whether mpd can use
+nfs file systems.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="mta" filename="policy/modules/services/mta.if">
+<summary>Common e-mail transfer agent policy.</summary>
+<interface name="mta_stub" lineno="13">
+<summary>
+MTA stub interface.  No access allowed.
+</summary>
+<param name="domain" unused="true">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<template name="mta_base_mail_template" lineno="29">
+<summary>
+The template to define a mail domain.
+</summary>
+<param name="domain_prefix">
+<summary>
+Domain prefix to be used.
+</summary>
+</param>
+</template>
+<interface name="mta_role" lineno="77">
+<summary>
+Role access for mta.
+</summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role.
+</summary>
+</param>
+</interface>
+<interface name="mta_mailserver" lineno="137">
+<summary>
+Make the specified domain usable for a mail server.
+</summary>
+<param name="type">
+<summary>
+Type to be used as a mail server domain.
+</summary>
+</param>
+<param name="entry_point">
+<summary>
+Type of the program to be used as an entry point to this domain.
+</summary>
+</param>
+</interface>
+<interface name="mta_agent_executable" lineno="156">
+<summary>
+Make the specified type a MTA executable file.
+</summary>
+<param name="type">
+<summary>
+Type to be used as a mail client.
+</summary>
+</param>
+</interface>
+<interface name="mta_read_mail_home_files" lineno="176">
+<summary>
+Read mta mail home files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mta_manage_mail_home_files" lineno="196">
+<summary>
+Create, read, write, and delete
+mta mail home files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mta_home_filetrans_mail_home" lineno="227">
+<summary>
+Create specified objects in user home
+directories with the generic mail
+home type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+Class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="mta_manage_mail_home_rw_content" lineno="246">
+<summary>
+Create, read, write, and delete
+mta mail home rw content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mta_home_filetrans_mail_home_rw" lineno="279">
+<summary>
+Create specified objects in user home
+directories with the generic mail
+home rw type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+Class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="mta_system_content" lineno="297">
+<summary>
+Make the specified type by a system MTA.
+</summary>
+<param name="type">
+<summary>
+Type to be used as a mail client.
+</summary>
+</param>
+</interface>
+<interface name="mta_sendmail_mailserver" lineno="330">
+<summary>
+Modified mailserver interface for
+sendmail daemon use.
+</summary>
+<desc>
+<p>
+A modified MTA mail server interface for
+the sendmail program.  It's design does
+not fit well with policy, and using the
+regular interface causes a type_transition
+conflict if direct running of init scripts
+is enabled.
+</p>
+<p>
+This interface should most likely only be used
+by the sendmail policy.
+</p>
+</desc>
+<param name="domain">
+<summary>
+The type to be used for the mail server.
+</summary>
+</param>
+</interface>
+<interface name="mta_use_mailserver_fds" lineno="351">
+<summary>
+Inherit FDs from mailserver_domain domains
+</summary>
+<param name="type">
+<summary>
+Type for a list server or delivery agent that inherits fds
+</summary>
+</param>
+</interface>
+<interface name="mta_mailserver_sender" lineno="370">
+<summary>
+Make a type a mailserver type used
+for sending mail.
+</summary>
+<param name="domain">
+<summary>
+Mail server domain type used for sending mail.
+</summary>
+</param>
+</interface>
+<interface name="mta_mailserver_delivery" lineno="389">
+<summary>
+Make a type a mailserver type used
+for delivering mail to local users.
+</summary>
+<param name="domain">
+<summary>
+Mail server domain type used for delivering mail.
+</summary>
+</param>
+</interface>
+<interface name="mta_mailserver_user_agent" lineno="409">
+<summary>
+Make a type a mailserver type used
+for sending mail on behalf of local
+users to the local mail spool.
+</summary>
+<param name="domain">
+<summary>
+Mail server domain type used for sending local mail.
+</summary>
+</param>
+</interface>
+<interface name="mta_send_mail" lineno="427">
+<summary>
+Send mail from the system.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="mta_sendmail_domtrans" lineno="472">
+<summary>
+Execute send mail in a specified domain.
+</summary>
+<desc>
+<p>
+Execute send mail in a specified domain.
+</p>
+<p>
+No interprocess communication (signals, pipes,
+etc.) is provided by this interface since
+the domains are not owned by this module.
+</p>
+</desc>
+<param name="source_domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="target_domain">
+<summary>
+Domain to transition to.
+</summary>
+</param>
+</interface>
+<interface name="mta_signal_system_mail" lineno="494">
+<summary>
+Send signals to system mail.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mta_kill_system_mail" lineno="512">
+<summary>
+Send kill signals to system mail.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mta_sendmail_exec" lineno="530">
+<summary>
+Execute sendmail in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mta_sendmail_entry_point" lineno="550">
+<summary>
+Make sendmail usable as an entry
+point for the domain.
+</summary>
+<param name="domain">
+<summary>
+Domain to be entered.
+</summary>
+</param>
+</interface>
+<interface name="mta_read_config" lineno="569">
+<summary>
+Read mail server configuration content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mta_write_config" lineno="591">
+<summary>
+Write mail server configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mta_read_aliases" lineno="610">
+<summary>
+Read mail address alias files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mta_map_aliases" lineno="638">
+<summary>
+Read mail address alias files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mta_manage_aliases" lineno="657">
+<summary>
+Create, read, write, and delete
+mail address alias content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mta_etc_filetrans_aliases" lineno="699">
+<summary>
+Create specified object in generic
+etc directories with the mail address
+alias type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="object">
+<summary>
+The object class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="mta_spec_filetrans_aliases" lineno="734">
+<summary>
+Create specified objects in specified
+directories with a type transition to
+the mail address alias type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="file_type">
+<summary>
+Directory to transition on.
+</summary>
+</param>
+<param name="object">
+<summary>
+The object class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="mta_rw_aliases" lineno="753">
+<summary>
+Read and write mail alias files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mta_dontaudit_rw_delivery_tcp_sockets" lineno="783">
+<summary>
+Do not audit attempts to read
+and write TCP sockets of mail
+delivery domains.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="mta_dontaudit_read_spool_symlinks" lineno="802">
+<summary>
+Do not audit attempts to read
+mail spool symlinks.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="mta_getattr_spool" lineno="820">
+<summary>
+Get attributes of mail spool content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mta_dontaudit_getattr_spool_files" lineno="842">
+<summary>
+Do not audit attempts to get
+attributes of mail spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="mta_spool_filetrans" lineno="880">
+<summary>
+Create specified objects in the
+mail spool directory with a
+private type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="private type">
+<summary>
+The type of the object to be created.
+</summary>
+</param>
+<param name="object">
+<summary>
+The object class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="mta_read_spool_files" lineno="899">
+<summary>
+Read mail spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mta_rw_spool" lineno="918">
+<summary>
+Read and write mail spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mta_append_spool" lineno="939">
+<summary>
+Create, read, and write mail spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mta_delete_spool" lineno="960">
+<summary>
+Delete mail spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mta_manage_spool" lineno="980">
+<summary>
+Create, read, write, and delete
+mail spool content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mta_queue_filetrans" lineno="1018">
+<summary>
+Create specified objects in the
+mail queue spool directory with a
+private type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="private type">
+<summary>
+The type of the object to be created.
+</summary>
+</param>
+<param name="object">
+<summary>
+The object class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="mta_search_queue" lineno="1037">
+<summary>
+Search mail queue directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mta_list_queue" lineno="1056">
+<summary>
+List mail queue directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mta_read_queue" lineno="1075">
+<summary>
+Read mail queue files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mta_dontaudit_rw_queue" lineno="1095">
+<summary>
+Do not audit attempts to read and
+write mail queue content.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="mta_manage_queue" lineno="1115">
+<summary>
+Create, read, write, and delete
+mail queue content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mta_read_sendmail_bin" lineno="1135">
+<summary>
+Read sendmail binary.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mta_rw_user_mail_stream_sockets" lineno="1154">
+<summary>
+Read and write unix domain stream
+sockets of all base mail domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="munin" filename="policy/modules/services/munin.if">
+<summary>Munin network-wide load graphing.</summary>
+<template name="munin_plugin_template" lineno="13">
+<summary>
+The template to define a munin plugin domain.
+</summary>
+<param name="domain_prefix">
+<summary>
+Domain prefix to be used.
+</summary>
+</param>
+</template>
+<interface name="munin_stream_connect" lineno="58">
+<summary>
+Connect to munin over a unix domain
+stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="munin_read_config" lineno="78">
+<summary>
+Read munin configuration content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="munin_append_log" lineno="100">
+<summary>
+Append munin log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="munin_search_lib" lineno="120">
+<summary>
+Search munin library directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="munin_dontaudit_search_lib" lineno="140">
+<summary>
+Do not audit attempts to search
+munin library directories.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="munin_admin" lineno="165">
+<summary>
+All of the rules required to
+administrate an munin environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="allow_httpd_munin_script_anon_write" dftval="false">
+<desc>
+<p>
+Determine whether the script domain can
+modify public files used for public file
+transfer services. Directories/Files must
+be labeled public_content_rw_t.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="mysql" filename="policy/modules/services/mysql.if">
+<summary>Open source database.</summary>
+<interface name="mysql_domtrans" lineno="13">
+<summary>
+Execute MySQL in the mysql domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="mysql_run_mysqld" lineno="38">
+<summary>
+Execute mysqld in the mysqld domain, and
+allow the specified role the mysqld domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mysql_signal" lineno="57">
+<summary>
+Send generic signals to mysqld.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mysql_tcp_connect" lineno="75">
+<summary>
+Connect to mysqld with a tcp socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mysql_stream_connect" lineno="98">
+<summary>
+Connect to mysqld with a unix
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mysql_read_config" lineno="118">
+<summary>
+Read mysqld configuration content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mysql_search_db" lineno="139">
+<summary>
+Search mysqld db directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mysql_rw_db_dirs" lineno="158">
+<summary>
+Read and write mysqld database directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mysql_manage_db_dirs" lineno="178">
+<summary>
+Create, read, write, and delete
+mysqld database directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mysql_append_db_files" lineno="197">
+<summary>
+Append mysqld database files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mysql_rw_db_files" lineno="216">
+<summary>
+Read and write mysqld database files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mysql_manage_db_files" lineno="236">
+<summary>
+Create, read, write, and delete
+mysqld database files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mysql_manage_mysqld_home_files" lineno="256">
+<summary>
+Create, read, write, and delete
+mysqld home files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mysql_relabel_mysqld_home_files" lineno="275">
+<summary>
+Relabel mysqld home files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mysql_home_filetrans_mysqld_home" lineno="305">
+<summary>
+Create objects in user home
+directories with the mysqld home type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+Class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="mysql_write_log" lineno="323">
+<summary>
+Write mysqld log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mysql_domtrans_mysql_safe" lineno="343">
+<summary>
+Execute mysqld safe in the
+mysqld safe domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="mysql_read_pid_files" lineno="362">
+<summary>
+Read mysqld pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mysql_search_pid_files" lineno="382">
+<summary>
+Search mysqld pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+
+</interface>
+<interface name="mysql_admin" lineno="408">
+<summary>
+All of the rules required to
+administrate an mysqld environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="mysql_setattr_run_dirs" lineno="450">
+<summary>
+Set the attributes of the MySQL run directories
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="mysql_create_run_dirs" lineno="468">
+<summary>
+Create MySQL run directories
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="mysql_generic_run_filetrans_run" lineno="499">
+<summary>
+Automatically use the MySQL run label for created resources in generic
+run locations. This method is deprecated in favor of the
+init_daemon_run_dir call.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+<param name="class">
+<summary>
+Type of the resource created for which the automatic file transition
+should occur
+</summary>
+</param>
+<param name="filename" optional="true">
+<summary>
+The name of the resource being created
+</summary>
+</param>
+</interface>
+<tunable name="mysql_connect_any" dftval="false">
+<desc>
+<p>
+Determine whether mysqld can
+connect to all TCP ports.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="nagios" filename="policy/modules/services/nagios.if">
+<summary>Network monitoring server.</summary>
+<template name="nagios_plugin_template" lineno="13">
+<summary>
+The template to define a nagios plugin domain.
+</summary>
+<param name="domain_prefix">
+<summary>
+Domain prefix to be used.
+</summary>
+</param>
+</template>
+<interface name="nagios_dontaudit_rw_pipes" lineno="52">
+<summary>
+Do not audit attempts to read or
+write nagios unnamed pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="nagios_read_config" lineno="71">
+<summary>
+Read nagios configuration content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="nagios_read_log" lineno="92">
+<summary>
+Read nagios log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nagios_dontaudit_rw_log" lineno="112">
+<summary>
+Do not audit attempts to read or
+write nagios log files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="nagios_search_spool" lineno="130">
+<summary>
+Search nagios spool directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nagios_read_tmp_files" lineno="149">
+<summary>
+Read nagios temporary files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nagios_domtrans_nrpe" lineno="168">
+<summary>
+Execute nrpe with a domain transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="nagios_admin" lineno="194">
+<summary>
+All of the rules required to
+administrate an nagios environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="allow_httpd_nagios_script_anon_write" dftval="false">
+<desc>
+<p>
+Determine whether the script domain can
+modify public files used for public file
+transfer services. Directories/Files must
+be labeled public_content_rw_t.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="nessus" filename="policy/modules/services/nessus.if">
+<summary>Network scanning daemon.</summary>
+<interface name="nessus_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an nessus environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="networkmanager" filename="policy/modules/services/networkmanager.if">
+<summary>Manager for dynamically switching between networks.</summary>
+<interface name="networkmanager_rw_udp_sockets" lineno="13">
+<summary>
+Read and write networkmanager udp sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="networkmanager_rw_packet_sockets" lineno="31">
+<summary>
+Read and write networkmanager packet sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="networkmanager_attach_tun_iface" lineno="49">
+<summary>
+Relabel networkmanager tun socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="networkmanager_rw_routing_sockets" lineno="69">
+<summary>
+Read and write networkmanager netlink
+routing sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="networkmanager_domtrans" lineno="87">
+<summary>
+Execute networkmanager with a domain transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="networkmanager_initrc_domtrans" lineno="107">
+<summary>
+Execute networkmanager scripts with
+an automatic domain transition to initrc.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="networkmanager_dbus_chat" lineno="126">
+<summary>
+Send and receive messages from
+networkmanager over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="networkmanager_read_state" lineno="146">
+<summary>
+Read metworkmanager process state files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="networkmanager_signal" lineno="166">
+<summary>
+Send generic signals to networkmanager.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="networkmanager_read_etc_files" lineno="184">
+<summary>
+Read networkmanager etc files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="networkmanager_manage_lib_files" lineno="205">
+<summary>
+Create, read, and write
+networkmanager library files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="networkmanager_read_lib_files" lineno="225">
+<summary>
+Read networkmanager lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="networkmanager_append_log_files" lineno="246">
+<summary>
+Append networkmanager log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="networkmanager_read_pid_files" lineno="266">
+<summary>
+Read networkmanager pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="networkmanager_stream_connect" lineno="287">
+<summary>
+Connect to networkmanager over
+a unix domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="networkmanager_admin" lineno="313">
+<summary>
+All of the rules required to
+administrate an networkmanager environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="networkmanager_dontaudit_use_wpa_cli_fds" lineno="352">
+<summary>
+Do not audit use of wpa_cli file descriptors
+</summary>
+<param name="domain">
+<summary>
+Domain to dontaudit access.
+</summary>
+</param>
+</interface>
+<interface name="networkmanager_domtrans_wpa_cli" lineno="371">
+<summary>
+Execute wpa_cli in the wpa_cli domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="networkmanager_run_wpa_cli" lineno="397">
+<summary>
+Execute wpa cli in the wpa_cli domain, and
+allow the specified role the wpa_cli domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="networkmanager_rw_rawip_sockets" lineno="418">
+<summary>
+Read and write networkmanager rawip sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="nis" filename="policy/modules/services/nis.if">
+<summary>Policy for NIS (YP) servers and clients.</summary>
+<interface name="nis_use_ypbind_uncond" lineno="26">
+<summary>
+Use the ypbind service to access NIS services
+unconditionally.
+</summary>
+<desc>
+<p>
+Use the ypbind service to access NIS services
+unconditionally.
+</p>
+<p>
+This interface was added because of apache and
+spamassassin, to fix a nested conditionals problem.
+When that support is added, this should be removed,
+and the regular	interface should be used.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nis_use_ypbind" lineno="90">
+<summary>
+Use the ypbind service to access NIS services.
+</summary>
+<desc>
+<p>
+Allow the specified domain to use the ypbind service
+to access Network Information Service (NIS) services.
+Information that can be retreived from NIS includes
+usernames, passwords, home directories, and groups.
+If the network is configured to have a single sign-on
+using NIS, it is likely that any program that does
+authentication will need this access.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+<rolecap/>
+</interface>
+<interface name="nis_authenticate" lineno="107">
+<summary>
+Use nis to authenticate passwords.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="nis_domtrans_ypbind" lineno="125">
+<summary>
+Execute ypbind in the ypbind domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="nis_exec_ypbind" lineno="144">
+<summary>
+Execute ypbind in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nis_run_ypbind" lineno="170">
+<summary>
+Execute ypbind in the ypbind domain, and
+allow the specified role the ypbind domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="nis_signal_ypbind" lineno="189">
+<summary>
+Send generic signals to ypbind.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nis_list_var_yp" lineno="207">
+<summary>
+List nis data directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nis_read_ypbind_pid" lineno="226">
+<summary>
+Read ypbind pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nis_delete_ypbind_pid" lineno="245">
+<summary>
+Delete ypbind pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nis_read_ypserv_config" lineno="263">
+<summary>
+Read ypserv configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nis_domtrans_ypxfr" lineno="282">
+<summary>
+Execute ypxfr in the ypxfr domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="nis_initrc_domtrans" lineno="303">
+<summary>
+Execute nis init scripts in
+the init script domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="nis_initrc_domtrans_ypbind" lineno="322">
+<summary>
+Execute ypbind init scripts in
+the init script domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="nis_admin" lineno="347">
+<summary>
+All of the rules required to
+administrate an nis environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="nscd" filename="policy/modules/services/nscd.if">
+<summary>Name service cache daemon.</summary>
+<interface name="nscd_signal" lineno="13">
+<summary>
+Send generic signals to nscd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nscd_kill" lineno="31">
+<summary>
+Send kill signals to nscd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nscd_signull" lineno="49">
+<summary>
+Send null signals to nscd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nscd_domtrans" lineno="67">
+<summary>
+Execute nscd in the nscd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="nscd_exec" lineno="86">
+<summary>
+Execute nscd in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nscd_socket_use" lineno="106">
+<summary>
+Use nscd services by connecting using
+a unix domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nscd_shm_use" lineno="138">
+<summary>
+Use nscd services by mapping the
+database from an inherited nscd
+file descriptor.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nscd_use" lineno="167">
+<summary>
+Use nscd services.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nscd_dontaudit_search_pid" lineno="186">
+<summary>
+Do not audit attempts to search
+nscd pid directories.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="nscd_read_pid" lineno="204">
+<summary>
+Read nscd pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nscd_unconfined" lineno="223">
+<summary>
+Unconfined access to nscd services.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nscd_run" lineno="248">
+<summary>
+Execute nscd in the nscd domain, and
+allow the specified role the nscd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nscd_initrc_domtrans" lineno="268">
+<summary>
+Execute the nscd server init
+script in the initrc domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="nscd_admin" lineno="293">
+<summary>
+All of the rules required to
+administrate an nscd environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="nscd_use_shm" dftval="false">
+<desc>
+<p>
+Determine whether confined applications
+can use nscd shared memory.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="nsd" filename="policy/modules/services/nsd.if">
+<summary>Authoritative only name server.</summary>
+<interface name="nsd_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an nsd environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="nslcd" filename="policy/modules/services/nslcd.if">
+<summary>Local LDAP name service daemon.</summary>
+<interface name="nslcd_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run nslcd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="nslcd_initrc_domtrans" lineno="32">
+<summary>
+Execute nslcd server in the nslcd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="nslcd_read_pid_files" lineno="50">
+<summary>
+Read nslcd pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nslcd_stream_connect" lineno="70">
+<summary>
+Connect to nslcd over an unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nslcd_admin" lineno="96">
+<summary>
+All of the rules required to
+administrate an nslcd environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="ntop" filename="policy/modules/services/ntop.if">
+<summary>A network traffic probe similar to the UNIX top command.</summary>
+<interface name="ntop_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an ntop environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="ntp" filename="policy/modules/services/ntp.if">
+<summary>Network time protocol daemon.</summary>
+<interface name="ntp_stub" lineno="13">
+<summary>
+NTP stub interface.  No access allowed.
+</summary>
+<param name="domain" unused="true">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ntp_read_config" lineno="29">
+<summary>
+Read ntp.conf
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ntp_domtrans" lineno="47">
+<summary>
+Execute ntp server in the ntpd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ntp_run" lineno="73">
+<summary>
+Execute ntp in the ntp domain, and
+allow the specified role the ntp domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="ntp_dbus_chat" lineno="93">
+<summary>
+Send and receive messages from
+ntpd over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ntp_domtrans_ntpdate" lineno="113">
+<summary>
+Execute ntpdate server in the ntpd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ntp_initrc_domtrans" lineno="133">
+<summary>
+Execute ntpd init scripts in
+the init script domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ntp_read_conf_files" lineno="151">
+<summary>
+Read ntp conf files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ntp_read_drift_files" lineno="170">
+<summary>
+Read ntp drift files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ntp_rw_shm" lineno="189">
+<summary>
+Read and write ntpd shared memory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ntp_enabledisable" lineno="211">
+<summary>
+Allow specified domain to enable/disable ntpd unit
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ntp_startstop" lineno="232">
+<summary>
+Allow specified domain to start/stop ntpd unit
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ntp_status" lineno="253">
+<summary>
+Allow specified domain to get status of ntpd unit
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ntp_admin" lineno="281">
+<summary>
+All of the rules required to
+administrate an ntp environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="ntp_manage_config" lineno="333">
+<summary>
+Manage ntp(d) configuration.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="numad" filename="policy/modules/services/numad.if">
+<summary>Non-Uniform Memory Alignment Daemon.</summary>
+<interface name="numad_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an numad environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="nut" filename="policy/modules/services/nut.if">
+<summary>Network UPS Tools </summary>
+<interface name="nut_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an nut environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="allow_httpd_nutups_cgi_script_anon_write" dftval="false">
+<desc>
+<p>
+Determine whether the script domain can
+modify public files used for public file
+transfer services. Directories/Files must
+be labeled public_content_rw_t.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="nx" filename="policy/modules/services/nx.if">
+<summary>NX remote desktop.</summary>
+<interface name="nx_spec_domtrans_server" lineno="13">
+<summary>
+Transition to nx server.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="nx_read_home_files" lineno="32">
+<summary>
+Read nx home directory content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nx_search_var_lib" lineno="51">
+<summary>
+Search nx lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="nx_var_lib_filetrans" lineno="86">
+<summary>
+Create specified objects in nx lib
+directories with a private type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="private type">
+<summary>
+The type of the object to be created.
+</summary>
+</param>
+<param name="object">
+<summary>
+The object class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+</module>
+<module name="oav" filename="policy/modules/services/oav.if">
+<summary>Open AntiVirus scannerdaemon and signature update.</summary>
+<interface name="oav_domtrans_update" lineno="13">
+<summary>
+Execute oav_update in the oav_update domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="oav_run_update" lineno="40">
+<summary>
+Execute oav_update in the oav update
+domain, and allow the specified role
+the oav_update domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="obex" filename="policy/modules/services/obex.if">
+<summary>D-Bus service providing high-level OBEX client and server side functionality.</summary>
+<template name="obex_role_template" lineno="24">
+<summary>
+The role template for obex.
+</summary>
+<param name="role_prefix">
+<summary>
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+</summary>
+</param>
+<param name="user_role">
+<summary>
+The role associated with the user domain.
+</summary>
+</param>
+<param name="user_domain">
+<summary>
+The type of the user domain.
+</summary>
+</param>
+</template>
+<interface name="obex_domtrans" lineno="60">
+<summary>
+Execute obex in the obex domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="obex_dbus_chat" lineno="80">
+<summary>
+Send and receive messages from
+obex over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="oddjob" filename="policy/modules/services/oddjob.if">
+<summary>D-BUS service which runs odd jobs on behalf of client applications.</summary>
+<interface name="oddjob_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run oddjob.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="oddjob_system_entry" lineno="38">
+<summary>
+Make the specified program domain
+accessable from the oddjob.
+</summary>
+<param name="domain">
+<summary>
+The type of the process to transition to.
+</summary>
+</param>
+<param name="entrypoint">
+<summary>
+The type of the file used as an entrypoint to this domain.
+</summary>
+</param>
+</interface>
+<interface name="oddjob_dbus_chat" lineno="57">
+<summary>
+Send and receive messages from
+oddjob over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="oddjob_domtrans_mkhomedir" lineno="78">
+<summary>
+Execute a domain transition to
+run oddjob mkhomedir.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="oddjob_run_mkhomedir" lineno="106">
+<summary>
+Execute oddjob mkhomedir in the
+oddjob mkhomedir domain and allow
+the specified role the oddjob
+mkhomedir domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="oddjob_dontaudit_rw_fifo_files" lineno="126">
+<summary>
+Do not audit attempts to read and write
+oddjob fifo files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="oddjob_sigchld" lineno="144">
+<summary>
+Send child terminated signals to oddjob.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="oident" filename="policy/modules/services/oident.if">
+<summary>An ident daemon with IP masq/NAT support and the ability to specify responses.</summary>
+<interface name="oident_read_user_content" lineno="13">
+<summary>
+Read oidentd user home content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="oident_manage_user_content" lineno="33">
+<summary>
+Create, read, write, and delete
+oidentd user home content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="oident_relabel_user_content" lineno="52">
+<summary>
+Relabel oidentd user home content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="oident_home_filetrans_oidentd_home" lineno="82">
+<summary>
+Create objects in user home
+directories with the oidentd home type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+Class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="oident_admin" lineno="107">
+<summary>
+All of the rules required to
+administrate an oident environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="openca" filename="policy/modules/services/openca.if">
+<summary>Open Certificate Authority.</summary>
+<interface name="openca_domtrans" lineno="14">
+<summary>
+Execute the openca with
+a domain transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="openca_signal" lineno="34">
+<summary>
+Send generic signals to openca.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="openca_sigstop" lineno="52">
+<summary>
+Send stop signals to openca.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="openca_kill" lineno="70">
+<summary>
+Send kill signals to openca.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="openct" filename="policy/modules/services/openct.if">
+<summary>Service for handling smart card readers.</summary>
+<interface name="openct_signull" lineno="13">
+<summary>
+Send null signals to openct.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="openct_exec" lineno="31">
+<summary>
+Execute openct in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="openct_domtrans" lineno="50">
+<summary>
+Execute a domain transition to run openct.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="openct_read_pid_files" lineno="69">
+<summary>
+Read openct pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="openct_stream_connect" lineno="89">
+<summary>
+Connect to openct over an unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="openct_admin" lineno="115">
+<summary>
+All of the rules required to
+administrate an openct environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="openhpi" filename="policy/modules/services/openhpi.if">
+<summary>Open source implementation of the Service Availability Forum Hardware Platform Interface.</summary>
+<interface name="openhpi_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an openhpi environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="openvpn" filename="policy/modules/services/openvpn.if">
+<summary>full-featured SSL VPN solution.</summary>
+<interface name="openvpn_domtrans" lineno="14">
+<summary>
+Execute openvpn clients in the
+openvpn domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="openvpn_run" lineno="41">
+<summary>
+Execute openvpn clients in the
+openvpn domain, and allow the
+specified role the openvpn domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="openvpn_kill" lineno="60">
+<summary>
+Send kill signals to openvpn.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="openvpn_signal" lineno="78">
+<summary>
+Send generic signals to openvpn.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="openvpn_signull" lineno="96">
+<summary>
+Send null signals to openvpn.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="openvpn_read_config" lineno="115">
+<summary>
+Read openvpn configuration content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="openvpn_admin" lineno="143">
+<summary>
+All of the rules required to
+administrate an openvpn environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="openvpn_enable_homedirs" dftval="false">
+<desc>
+<p>
+Determine whether openvpn can
+read generic user home content files.
+</p>
+</desc>
+</tunable>
+<tunable name="openvpn_can_network_connect" dftval="false">
+<desc>
+<p>
+Determine whether openvpn can
+connect to the TCP network.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="openvswitch" filename="policy/modules/services/openvswitch.if">
+<summary>Multilayer virtual switch.</summary>
+<interface name="openvswitch_domtrans" lineno="13">
+<summary>
+Execute openvswitch in the openvswitch domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="openvswitch_read_pid_files" lineno="32">
+<summary>
+Read openvswitch pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="openvswitch_admin" lineno="58">
+<summary>
+All of the rules required to
+administrate an openvswitch environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="pacemaker" filename="policy/modules/services/pacemaker.if">
+<summary>A scalable high-availability cluster resource manager.</summary>
+<interface name="pacemaker_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an pacemaker environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="pads" filename="policy/modules/services/pads.if">
+<summary>Passive Asset Detection System.</summary>
+<interface name="pads_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an pads environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="pcscd" filename="policy/modules/services/pcscd.if">
+<summary>PCSC smart card service.</summary>
+<interface name="pcscd_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run pcscd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="pcscd_read_pid_files" lineno="32">
+<summary>
+Read pcscd pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="pcscd_stream_connect" lineno="52">
+<summary>
+Connect to pcscd over an unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="pcscd_admin" lineno="81">
+<summary>
+All of the rules required to
+administrate an pcscd environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="pegasus" filename="policy/modules/services/pegasus.if">
+<summary>The Open Group Pegasus CIM/WBEM Server.</summary>
+<interface name="pegasus_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an pegasus environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="perdition" filename="policy/modules/services/perdition.if">
+<summary>Perdition POP and IMAP proxy.</summary>
+<interface name="perdition_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an perdition environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="pingd" filename="policy/modules/services/pingd.if">
+<summary>Pingd of the Whatsup cluster node up/down detection utility.</summary>
+<interface name="pingd_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run pingd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="pingd_read_config" lineno="32">
+<summary>
+Read pingd etc configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="pingd_manage_config" lineno="52">
+<summary>
+Create, read, write, and delete
+pingd etc configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="pingd_admin" lineno="78">
+<summary>
+All of the rules required to
+administrate an pingd environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="pkcs" filename="policy/modules/services/pkcs.if">
+<summary>Implementations of the Cryptoki specification.</summary>
+<interface name="pkcs_admin_slotd" lineno="20">
+<summary>
+All of the rules required to
+administrate an pkcs slotd environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="plymouthd" filename="policy/modules/services/plymouthd.if">
+<summary>Plymouth graphical boot.</summary>
+<interface name="plymouthd_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run plymouthd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="plymouthd_exec" lineno="32">
+<summary>
+Execute plymouthd in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="plymouthd_stream_connect" lineno="52">
+<summary>
+Connect to plymouthd using a unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="plymouthd_exec_plymouth" lineno="71">
+<summary>
+Execute plymouth in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="plymouthd_domtrans_plymouth" lineno="90">
+<summary>
+Execute a domain transition to run plymouth.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="plymouthd_search_spool" lineno="109">
+<summary>
+Search plymouthd spool directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="plymouthd_read_spool_files" lineno="128">
+<summary>
+Read plymouthd spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="plymouthd_manage_spool_files" lineno="148">
+<summary>
+Create, read, write, and delete
+plymouthd spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="plymouthd_search_lib" lineno="167">
+<summary>
+Search plymouthd lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="plymouthd_read_lib_files" lineno="186">
+<summary>
+Read plymouthd lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="plymouthd_manage_lib_files" lineno="206">
+<summary>
+Create, read, write, and delete
+plymouthd lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="plymouthd_read_pid_files" lineno="225">
+<summary>
+Read plymouthd pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="plymouthd_admin" lineno="252">
+<summary>
+All of the rules required to
+administrate an plymouthd environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role" unused="true">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="policykit" filename="policy/modules/services/policykit.if">
+<summary>Policy framework for controlling privileges for system-wide services.</summary>
+<interface name="policykit_dbus_chat" lineno="14">
+<summary>
+Send and receive messages from
+policykit over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="policykit_dbus_chat_auth" lineno="35">
+<summary>
+Send and receive messages from
+policykit auth over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="policykit_domtrans_auth" lineno="55">
+<summary>
+Execute a domain transition to run polkit_auth.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="policykit_run_auth" lineno="81">
+<summary>
+Execute a policy_auth in the policy
+auth domain, and allow the specified
+role the policy auth domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+<interface name="policykit_signal_auth" lineno="101">
+<summary>
+Send generic signals to
+policykit auth.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="policykit_domtrans_grant" lineno="119">
+<summary>
+Execute a domain transition to run polkit grant.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="policykit_run_grant" lineno="146">
+<summary>
+Execute a policy_grant in the policy
+grant domain, and allow the specified
+role the policy grant domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="policykit_read_reload" lineno="165">
+<summary>
+Read policykit reload files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="policykit_rw_reload" lineno="184">
+<summary>
+Read and write policykit reload files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="policykit_domtrans_resolve" lineno="203">
+<summary>
+Execute a domain transition to run polkit resolve.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="policykit_search_lib" lineno="222">
+<summary>
+Search policykit lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="policykit_read_lib" lineno="241">
+<summary>
+Read policykit lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="polipo" filename="policy/modules/services/polipo.if">
+<summary>Lightweight forwarding and caching proxy server.</summary>
+<template name="polipo_role" lineno="18">
+<summary>
+Role access for Polipo session.
+</summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role.
+</summary>
+</param>
+</template>
+<interface name="polipo_initrc_domtrans" lineno="64">
+<summary>
+Execute Polipo in the Polipo
+system domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="polipo_log_filetrans_log" lineno="94">
+<summary>
+Create specified objects in generic
+log directories with the polipo
+log file type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+Class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="polipo_admin" lineno="119">
+<summary>
+All of the rules required to
+administrate an polipo environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="polipo_system_use_cifs" dftval="false">
+<desc>
+<p>
+Determine whether Polipo system
+daemon can access CIFS file systems.
+</p>
+</desc>
+</tunable>
+<tunable name="polipo_system_use_nfs" dftval="false">
+<desc>
+<p>
+Determine whether Polipo system
+daemon can access NFS file systems.
+</p>
+</desc>
+</tunable>
+<tunable name="polipo_session_users" dftval="false">
+<desc>
+<p>
+Determine whether calling user domains
+can execute Polipo daemon in the
+polipo_session_t domain.
+</p>
+</desc>
+</tunable>
+<tunable name="polipo_session_send_syslog_msg" dftval="false">
+<desc>
+<p>
+Determine whether Polipo session daemon
+can send syslog messages.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="portmap" filename="policy/modules/services/portmap.if">
+<summary>RPC port mapping service.</summary>
+<interface name="portmap_domtrans_helper" lineno="13">
+<summary>
+Execute portmap helper in the helper domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="portmap_run_helper" lineno="40">
+<summary>
+Execute portmap helper in the helper
+domain, and allow the specified role
+the helper domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="portmap_admin" lineno="66">
+<summary>
+All of the rules required to
+administrate an portmap environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="portreserve" filename="policy/modules/services/portreserve.if">
+<summary>Reserve well-known ports in the RPC port range.</summary>
+<interface name="portreserve_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run portreserve.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="portreserve_read_config" lineno="33">
+<summary>
+Read portreserve configuration content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="portreserve_manage_config" lineno="55">
+<summary>
+Create, read, write, and delete
+portreserve configuration content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="portreserve_initrc_domtrans" lineno="77">
+<summary>
+Execute portreserve init scripts in
+the init script domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="portreserve_admin" lineno="102">
+<summary>
+All of the rules required to
+administrate an portreserve environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="portslave" filename="policy/modules/services/portslave.if">
+<summary>Portslave terminal server software.</summary>
+<interface name="portslave_domtrans" lineno="13">
+<summary>
+Execute portslave with a domain transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+</module>
+<module name="postfix" filename="policy/modules/services/postfix.if">
+<summary>Postfix email server.</summary>
+<interface name="postfix_stub" lineno="13">
+<summary>
+Postfix stub interface.  No access allowed.
+</summary>
+<param name="domain" unused="true">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<template name="postfix_domain_template" lineno="29">
+<summary>
+The template to define a postfix domain.
+</summary>
+<param name="domain_prefix">
+<summary>
+Domain prefix to be used.
+</summary>
+</param>
+</template>
+<template name="postfix_server_domain_template" lineno="65">
+<summary>
+The template to define a postfix server domain.
+</summary>
+<param name="domain_prefix">
+<summary>
+Domain prefix to be used.
+</summary>
+</param>
+</template>
+<template name="postfix_user_domain_template" lineno="104">
+<summary>
+The template to define a postfix user domain.
+</summary>
+<param name="domain_prefix">
+<summary>
+Domain prefix to be used.
+</summary>
+</param>
+</template>
+<interface name="postfix_read_config" lineno="141">
+<summary>
+Read postfix configuration content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="postfix_config_filetrans" lineno="178">
+<summary>
+Create specified object in postfix
+etc directories with a type transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="private type">
+<summary>
+The type of the object to be created.
+</summary>
+</param>
+<param name="object">
+<summary>
+The object class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="postfix_dontaudit_rw_local_tcp_sockets" lineno="198">
+<summary>
+Do not audit attempts to read and
+write postfix local delivery
+TCP sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="postfix_rw_local_pipes" lineno="216">
+<summary>
+Read and write postfix local pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="postfix_read_local_state" lineno="234">
+<summary>
+Read postfix local process state files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="postfix_rw_inherited_master_pipes" lineno="255">
+<summary>
+Read and write inherited postfix master pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="postfix_read_master_state" lineno="274">
+<summary>
+Read postfix master process state files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="postfix_use_fds_master" lineno="295">
+<summary>
+Use postfix master file descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="postfix_dontaudit_use_fds" lineno="315">
+<summary>
+Do not audit attempts to use
+postfix master process file
+file descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="postfix_domtrans_map" lineno="333">
+<summary>
+Execute postfix_map in the postfix_map domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="postfix_run_map" lineno="360">
+<summary>
+Execute postfix map in the postfix
+map domain, and allow the specified
+role the postfix_map domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="postfix_domtrans_master" lineno="380">
+<summary>
+Execute the master postfix program
+in the postfix_master domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="postfix_exec_master" lineno="400">
+<summary>
+Execute the master postfix program
+in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="postfix_stream_connect_master" lineno="421">
+<summary>
+Connect to postfix master process
+using a unix domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="postfix_domtrans_postdrop" lineno="440">
+<summary>
+Execute the master postdrop in the
+postfix postdrop domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="postfix_domtrans_postqueue" lineno="460">
+<summary>
+Execute the master postqueue in the
+postfix postqueue domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="postfix_exec_postqueue" lineno="480">
+<summary>
+Execute postfix postqueue in
+the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="postfix_create_private_sockets" lineno="499">
+<summary>
+Create postfix private sock files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="postfix_manage_private_sockets" lineno="518">
+<summary>
+Create, read, write, and delete
+postfix private sock files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="postfix_domtrans_smtp" lineno="537">
+<summary>
+Execute the smtp postfix program
+in the postfix smtp domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="postfix_getattr_all_spool_files" lineno="557">
+<summary>
+Get attributes of all postfix mail
+spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="postfix_search_spool" lineno="576">
+<summary>
+Search postfix mail spool directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="postfix_list_spool" lineno="595">
+<summary>
+List postfix mail spool directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="postfix_read_spool_files" lineno="614">
+<summary>
+Read postfix mail spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="postfix_manage_spool_files" lineno="634">
+<summary>
+Create, read, write, and delete
+postfix mail spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="postfix_domtrans_user_mail_handler" lineno="654">
+<summary>
+Execute postfix user mail programs
+in their respective domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="postfix_admin" lineno="679">
+<summary>
+All of the rules required to
+administrate an postfix environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="postfix_local_write_mail_spool" dftval="true">
+<desc>
+<p>
+Determine whether postfix local
+can manage mail spool content.
+</p>
+</desc>
+</tunable>
+<tunable name="postfix_read_generic_user_content" dftval="true">
+<desc>
+<p>
+Grant the postfix domains read access to generic user content
+</p>
+</desc>
+</tunable>
+<tunable name="postfix_read_all_user_content" dftval="false">
+<desc>
+<p>
+Grant the postfix domains read access to all user content
+</p>
+</desc>
+</tunable>
+<tunable name="postfix_manage_generic_user_content" dftval="false">
+<desc>
+<p>
+Grant the postfix domains manage rights on generic user content
+</p>
+</desc>
+</tunable>
+<tunable name="postfix_manage_all_user_content" dftval="false">
+<desc>
+<p>
+Grant the postfix domains manage rights on all user content
+</p>
+</desc>
+</tunable>
+</module>
+<module name="postfixpolicyd" filename="policy/modules/services/postfixpolicyd.if">
+<summary>Postfix policy server.</summary>
+<interface name="postfixpolicyd_admin" lineno="20">
+<summary>
+All of the rules required to administrate
+an postfixpolicyd environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
 <module name="postgresql" filename="policy/modules/services/postgresql.if">
 <summary>PostgreSQL relational database</summary>
 <interface name="postgresql_role" lineno="18">
@@ -83507,7 +103476,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="postgresql_domtrans" lineno="347">
+<interface name="postgresql_exec" lineno="347">
+<summary>
+Execute postgresql in the calling domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="postgresql_domtrans" lineno="365">
 <summary>
 Execute postgresql in the postgresql domain.
 </summary>
@@ -83517,7 +103496,7 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="postgresql_signal" lineno="365">
+<interface name="postgresql_signal" lineno="383">
 <summary>
 Allow domain to signal postgresql
 </summary>
@@ -83527,7 +103506,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="postgresql_read_config" lineno="383">
+<interface name="postgresql_read_config" lineno="401">
 <summary>
 Allow the specified domain to read postgresql's etc.
 </summary>
@@ -83538,7 +103517,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="postgresql_tcp_connect" lineno="404">
+<interface name="postgresql_tcp_connect" lineno="422">
 <summary>
 Allow the specified domain to connect to postgresql with a tcp socket.
 </summary>
@@ -83548,7 +103527,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="postgresql_stream_connect" lineno="426">
+<interface name="postgresql_stream_connect" lineno="444">
 <summary>
 Allow the specified domain to connect to postgresql with a unix socket.
 </summary>
@@ -83559,7 +103538,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="postgresql_unpriv_client" lineno="449">
+<interface name="postgresql_unpriv_client" lineno="466">
 <summary>
 Allow the specified domain unprivileged accesses to unifined database objects
 managed by SE-PostgreSQL,
@@ -83570,7 +103549,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="postgresql_unconfined" lineno="541">
+<interface name="postgresql_unconfined" lineno="558">
 <summary>
 Allow the specified domain unconfined accesses to any database objects
 managed by SE-PostgreSQL,
@@ -83581,7 +103560,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="postgresql_admin" lineno="565">
+<interface name="postgresql_admin" lineno="582">
 <summary>
 All of the rules required to administrate an postgresql environment
 </summary>
@@ -83597,7 +103576,7 @@ The role to be allowed to manage the postgresql domain.
 </param>
 <rolecap/>
 </interface>
-<tunable name="sepgsql_enable_users_ddl" dftval="true">
+<tunable name="sepgsql_enable_users_ddl" dftval="false">
 <desc>
 <p>
 Allow unprived users to execute DDL statement
@@ -83611,7 +103590,7 @@ Allow transmit client label to foreign database
 </p>
 </desc>
 </tunable>
-<tunable name="sepgsql_unconfined_dbadm" dftval="true">
+<tunable name="sepgsql_unconfined_dbadm" dftval="false">
 <desc>
 <p>
 Allow database admins to execute DML statement
@@ -83619,6 +103598,4497 @@ Allow database admins to execute DML statement
 </desc>
 </tunable>
 </module>
+<module name="postgrey" filename="policy/modules/services/postgrey.if">
+<summary>Postfix grey-listing server.</summary>
+<interface name="postgrey_stream_connect" lineno="14">
+<summary>
+Connect to postgrey using a unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="postgrey_search_spool" lineno="34">
+<summary>
+Search spool directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="postgrey_admin" lineno="60">
+<summary>
+All of the rules required to
+administrate an postgrey environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="ppp" filename="policy/modules/services/ppp.if">
+<summary>Point to Point Protocol daemon creates links in ppp networks.</summary>
+<interface name="ppp_manage_home_files" lineno="14">
+<summary>
+Create, read, write, and delete
+ppp home files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ppp_read_home_files" lineno="33">
+<summary>
+Read ppp user home content files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ppp_relabel_home_files" lineno="53">
+<summary>
+Relabel ppp home files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ppp_home_filetrans_ppp_home" lineno="83">
+<summary>
+Create objects in user home
+directories with the ppp home type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+Class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="ppp_use_fds" lineno="101">
+<summary>
+Inherit and use ppp file discriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ppp_dontaudit_use_fds" lineno="120">
+<summary>
+Do not audit attempts to inherit
+and use ppp file discriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="ppp_sigchld" lineno="138">
+<summary>
+Send child terminated signals to ppp.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ppp_kill" lineno="158">
+<summary>
+Send kill signals to ppp.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ppp_signal" lineno="176">
+<summary>
+Send generic signals to ppp.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ppp_signull" lineno="194">
+<summary>
+Send null signals to ppp.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ppp_domtrans" lineno="212">
+<summary>
+Execute pppd in the pppd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ppp_run_cond" lineno="238">
+<summary>
+Conditionally execute pppd on
+behalf of a user or staff type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="ppp_run" lineno="267">
+<summary>
+Unconditionally execute ppp daemon
+on behalf of a user or staff type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="ppp_exec" lineno="286">
+<summary>
+Execute domain in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ppp_read_config" lineno="305">
+<summary>
+Read ppp configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ppp_read_rw_config" lineno="324">
+<summary>
+Read ppp writable configuration content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ppp_read_secrets" lineno="345">
+<summary>
+Read ppp secret files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ppp_read_pid_files" lineno="366">
+<summary>
+Read ppp pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ppp_manage_pid_files" lineno="386">
+<summary>
+Create, read, write, and delete
+ppp pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ppp_pid_filetrans" lineno="416">
+<summary>
+Create specified pppd pid objects
+with a type transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+Class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="ppp_initrc_domtrans" lineno="435">
+<summary>
+Execute pppd init script in
+the initrc domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ppp_admin" lineno="460">
+<summary>
+All of the rules required to
+administrate an ppp environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="pppd_can_insmod" dftval="false">
+<desc>
+<p>
+Determine whether pppd can
+load kernel modules.
+</p>
+</desc>
+</tunable>
+<tunable name="pppd_for_user" dftval="false">
+<desc>
+<p>
+Determine whether common users can
+run pppd with a domain transition.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="prelude" filename="policy/modules/services/prelude.if">
+<summary>Prelude hybrid intrusion detection system.</summary>
+<interface name="prelude_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run prelude.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="prelude_domtrans_audisp" lineno="33">
+<summary>
+Execute a domain transition to
+run prelude audisp.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="prelude_signal_audisp" lineno="52">
+<summary>
+Send generic signals to prelude audisp.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="prelude_read_spool" lineno="70">
+<summary>
+Read prelude spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="prelude_manage_spool" lineno="90">
+<summary>
+Create, read, write, and delete
+prelude manager spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="prelude_admin" lineno="117">
+<summary>
+All of the rules required to
+administrate an prelude environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="allow_httpd_prewikka_script_anon_write" dftval="false">
+<desc>
+<p>
+Determine whether the script domain can
+modify public files used for public file
+transfer services. Directories/Files must
+be labeled public_content_rw_t.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="privoxy" filename="policy/modules/services/privoxy.if">
+<summary>Privacy enhancing web proxy.</summary>
+<interface name="privoxy_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an privoxy environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="privoxy_connect_any" dftval="false">
+<desc>
+<p>
+Determine whether privoxy can
+connect to all tcp ports.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="procmail" filename="policy/modules/services/procmail.if">
+<summary>Procmail mail delivery agent.</summary>
+<interface name="procmail_domtrans" lineno="13">
+<summary>
+Execute procmail with a domain transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="procmail_exec" lineno="32">
+<summary>
+Execute procmail in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="procmail_manage_home_files" lineno="52">
+<summary>
+Create, read, write, and delete
+procmail home files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="procmail_read_home_files" lineno="71">
+<summary>
+Read procmail user home content files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="procmail_relabel_home_files" lineno="91">
+<summary>
+Relabel procmail home files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="procmail_home_filetrans_procmail_home" lineno="121">
+<summary>
+Create objects in user home
+directories with the procmail home type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+Class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="procmail_read_tmp_files" lineno="139">
+<summary>
+Read procmail tmp files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="procmail_rw_tmp_files" lineno="158">
+<summary>
+Read and write procmail tmp files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="psad" filename="policy/modules/services/psad.if">
+<summary>Intrusion Detection and Log Analysis with iptables.</summary>
+<interface name="psad_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run psad.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="psad_signal" lineno="32">
+<summary>
+Send generic signals to psad.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="psad_signull" lineno="50">
+<summary>
+Send null signals to psad.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="psad_read_config" lineno="68">
+<summary>
+Read psad configuration content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="psad_manage_config" lineno="90">
+<summary>
+Create, read, write, and delete
+psad configuration content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="psad_read_pid_files" lineno="111">
+<summary>
+Read psad pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="psad_rw_pid_files" lineno="130">
+<summary>
+Read and write psad pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="psad_read_log" lineno="150">
+<summary>
+Read psad log content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="psad_append_log" lineno="171">
+<summary>
+Append psad log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="psad_rw_fifo_file" lineno="190">
+<summary>
+Read and write psad fifo files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="psad_rw_tmp_files" lineno="209">
+<summary>
+Read and write psad temporary files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="psad_admin" lineno="235">
+<summary>
+All of the rules required to
+administrate an psad environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="publicfile" filename="policy/modules/services/publicfile.if">
+<summary>publicfile supplies files to the public through HTTP and FTP.</summary>
+</module>
+<module name="pwauth" filename="policy/modules/services/pwauth.if">
+<summary>External plugin for mod_authnz_external authenticator.</summary>
+<interface name="pwauth_role" lineno="18">
+<summary>
+Role access for pwauth.
+</summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role.
+</summary>
+</param>
+</interface>
+<interface name="pwauth_domtrans" lineno="39">
+<summary>
+Execute pwauth in the pwauth domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="pwauth_run" lineno="65">
+<summary>
+Execute pwauth in the pwauth
+domain, and allow the specified
+role the pwauth domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="pxe" filename="policy/modules/services/pxe.if">
+<summary>Server for the PXE network boot protocol.</summary>
+<interface name="pxe_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an pxe environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="pyicqt" filename="policy/modules/services/pyicqt.if">
+<summary>ICQ transport for XMPP server.</summary>
+<interface name="pyicqt_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an pyicqt environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="pyzor" filename="policy/modules/services/pyzor.if">
+<summary>Pyzor is a distributed, collaborative spam detection and filtering network.</summary>
+<interface name="pyzor_role" lineno="18">
+<summary>
+Role access for pyzor.
+</summary>
+<param name="role">
+<summary>
+Role allowed access
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role
+</summary>
+</param>
+</interface>
+<interface name="pyzor_signal" lineno="49">
+<summary>
+Send generic signals to pyzor.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="pyzor_domtrans" lineno="67">
+<summary>
+Execute pyzor with a domain transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="pyzor_exec" lineno="86">
+<summary>
+Execute pyzor in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="pyzor_admin" lineno="112">
+<summary>
+All of the rules required to
+administrate an pyzor environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="qmail" filename="policy/modules/services/qmail.if">
+<summary>Qmail Mail Server.</summary>
+<template name="qmail_child_domain_template" lineno="18">
+<summary>
+Template for qmail parent/sub-domain pairs.
+</summary>
+<param name="child_prefix">
+<summary>
+The prefix of the child domain.
+</summary>
+</param>
+<param name="parent_domain">
+<summary>
+The name of the parent domain.
+</summary>
+</param>
+</template>
+<interface name="qmail_domtrans_inject" lineno="55">
+<summary>
+Transition to qmail_inject_t.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="qmail_domtrans_queue" lineno="80">
+<summary>
+Transition to qmail_queue_t.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="qmail_read_config" lineno="106">
+<summary>
+Read qmail configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="qmail_smtpd_service_domain" lineno="137">
+<summary>
+Define the specified domain as a
+qmail-smtp service.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+<param name="entrypoint">
+<summary>
+The type associated with the process program.
+</summary>
+</param>
+</interface>
+</module>
+<module name="qpid" filename="policy/modules/services/qpid.if">
+<summary>Apache QPID AMQP messaging server.</summary>
+<interface name="qpidd_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run qpidd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="qpidd_rw_semaphores" lineno="32">
+<summary>
+Read and write access qpidd semaphores.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="qpidd_rw_shm" lineno="50">
+<summary>
+Read and write qpidd shared memory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="qpidd_initrc_domtrans" lineno="69">
+<summary>
+Execute qpidd init script in
+the initrc domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="qpidd_read_pid_files" lineno="87">
+<summary>
+Read qpidd pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="qpidd_search_lib" lineno="106">
+<summary>
+Search qpidd lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="qpidd_read_lib_files" lineno="125">
+<summary>
+Read qpidd lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="qpidd_manage_lib_files" lineno="145">
+<summary>
+Create, read, write, and delete
+qpidd lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="qpidd_admin" lineno="171">
+<summary>
+All of the rules required to
+administrate an qpidd environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="quantum" filename="policy/modules/services/quantum.if">
+<summary>Virtual network service for Openstack.</summary>
+<interface name="quantum_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an quantum environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="rabbitmq" filename="policy/modules/services/rabbitmq.if">
+<summary>AMQP server written in Erlang.</summary>
+<interface name="rabbitmq_domtrans" lineno="13">
+<summary>
+Execute rabbitmq in the rabbitmq domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="rabbitmq_admin" lineno="41">
+<summary>
+All of the rules required to
+administrate an rabbitmq environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="radius" filename="policy/modules/services/radius.if">
+<summary>RADIUS authentication and accounting server.</summary>
+<interface name="radius_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an radius environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="radvd" filename="policy/modules/services/radvd.if">
+<summary>IPv6 router advertisement daemon.</summary>
+<interface name="radvd_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an radvd environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="razor" filename="policy/modules/services/razor.if">
+<summary>A distributed, collaborative, spam detection and filtering network.</summary>
+<template name="razor_common_domain_template" lineno="13">
+<summary>
+The template to define a razor domain.
+</summary>
+<param name="domain_prefix">
+<summary>
+Domain prefix to be used.
+</summary>
+</param>
+</template>
+<interface name="razor_role" lineno="51">
+<summary>
+Role access for razor.
+</summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role.
+</summary>
+</param>
+</interface>
+<interface name="razor_domtrans" lineno="82">
+<summary>
+Execute razor in the system razor domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="razor_manage_home_content" lineno="102">
+<summary>
+Create, read, write, and delete
+razor home content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="razor_read_lib_files" lineno="123">
+<summary>
+Read razor lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="rdisc" filename="policy/modules/services/rdisc.if">
+<summary>Network router discovery daemon.</summary>
+<interface name="rdisc_exec" lineno="13">
+<summary>
+Execute rdisc in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="realmd" filename="policy/modules/services/realmd.if">
+<summary>Dbus system service which manages discovery and enrollment in realms and domains like Active Directory or IPA.</summary>
+<interface name="realmd_domtrans" lineno="13">
+<summary>
+Execute realmd in the realmd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="realmd_dbus_chat" lineno="33">
+<summary>
+Send and receive messages from
+realmd over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="redis" filename="policy/modules/services/redis.if">
+<summary>Advanced key-value store.</summary>
+<interface name="redis_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an redis environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="remotelogin" filename="policy/modules/services/remotelogin.if">
+<summary>Rshd, rlogind, and telnetd.</summary>
+<interface name="remotelogin_domtrans" lineno="13">
+<summary>
+Domain transition to the remote login domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="remotelogin_signal" lineno="32">
+<summary>
+Send generic signals to remote login.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="remotelogin_manage_tmp_content" lineno="51">
+<summary>
+Create, read, write, and delete
+remote login temporary content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="remotelogin_relabel_tmp_content" lineno="71">
+<summary>
+Relabel remote login temporary content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="resmgr" filename="policy/modules/services/resmgr.if">
+<summary>Resource management daemon.</summary>
+<interface name="resmgr_stream_connect" lineno="14">
+<summary>
+Connect to resmgrd over a unix domain
+stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="resmgr_admin" lineno="40">
+<summary>
+All of the rules required to
+administrate an resmgr environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="rgmanager" filename="policy/modules/services/rgmanager.if">
+<summary>Resource Group Manager.</summary>
+<interface name="rgmanager_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run rgmanager.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="rgmanager_stream_connect" lineno="33">
+<summary>
+Connect to rgmanager with a unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rgmanager_manage_tmp_files" lineno="53">
+<summary>
+Create, read, write, and delete
+rgmanager tmp files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rgmanager_manage_tmpfs_files" lineno="73">
+<summary>
+Create, read, write, and delete
+rgmanager tmpfs files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rgmanager_admin" lineno="99">
+<summary>
+All of the rules required to
+administrate an rgmanager environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="rgmanager_can_network_connect" dftval="false">
+<desc>
+<p>
+Determine whether rgmanager can
+connect to the network using TCP.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="rhcs" filename="policy/modules/services/rhcs.if">
+<summary>Red Hat Cluster Suite.</summary>
+<template name="rhcs_domain_template" lineno="13">
+<summary>
+The template to define a rhcs domain.
+</summary>
+<param name="domain_prefix">
+<summary>
+Domain prefix to be used.
+</summary>
+</param>
+</template>
+<interface name="rhcs_domtrans_dlm_controld" lineno="75">
+<summary>
+Execute a domain transition to
+run dlm_controld.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="rhcs_getattr_fenced_exec_files" lineno="95">
+<summary>
+Get attributes of fenced
+executable files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhcs_stream_connect_dlm_controld" lineno="114">
+<summary>
+Connect to dlm_controld with a
+unix domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhcs_rw_dlm_controld_semaphores" lineno="133">
+<summary>
+Read and write dlm_controld semaphores.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhcs_domtrans_fenced" lineno="154">
+<summary>
+Execute a domain transition to run fenced.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="rhcs_rw_fenced_semaphores" lineno="173">
+<summary>
+Read and write fenced semaphores.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhcs_stream_connect_cluster" lineno="195">
+<summary>
+Connect to all cluster domains
+with a unix domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhcs_stream_connect_fenced" lineno="215">
+<summary>
+Connect to fenced with an unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhcs_domtrans_gfs_controld" lineno="235">
+<summary>
+Execute a domain transition
+to run gfs_controld.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="rhcs_rw_gfs_controld_semaphores" lineno="254">
+<summary>
+Read and write gfs_controld semaphores.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhcs_rw_gfs_controld_shm" lineno="275">
+<summary>
+Read and write gfs_controld_t shared memory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhcs_stream_connect_gfs_controld" lineno="297">
+<summary>
+Connect to gfs_controld_t with
+a unix domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhcs_domtrans_groupd" lineno="316">
+<summary>
+Execute a domain transition to run groupd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="rhcs_stream_connect_groupd" lineno="336">
+<summary>
+Connect to groupd with a unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhcs_rw_cluster_shm" lineno="356">
+<summary>
+Read and write all cluster domains
+shared memory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhcs_rw_cluster_semaphores" lineno="378">
+<summary>
+Read and write all cluster
+domains semaphores.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhcs_rw_groupd_semaphores" lineno="396">
+<summary>
+Read and write groupd semaphores.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhcs_rw_groupd_shm" lineno="417">
+<summary>
+Read and write groupd shared memory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhcs_domtrans_qdiskd" lineno="438">
+<summary>
+Execute a domain transition to run qdiskd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="rhcs_admin" lineno="464">
+<summary>
+All of the rules required to
+administrate an rhcs environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="fenced_can_network_connect" dftval="false">
+<desc>
+<p>
+Determine whether fenced can
+connect to the TCP network.
+</p>
+</desc>
+</tunable>
+<tunable name="fenced_can_ssh" dftval="false">
+<desc>
+<p>
+Determine whether fenced can use ssh.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="rhgb" filename="policy/modules/services/rhgb.if">
+<summary> Red Hat Graphical Boot.</summary>
+<interface name="rhgb_stub" lineno="13">
+<summary>
+RHGB stub interface.  No access allowed.
+</summary>
+<param name="domain" unused="true">
+<summary>
+N/A
+</summary>
+</param>
+</interface>
+<interface name="rhgb_use_fds" lineno="29">
+<summary>
+Inherit and use rhgb file descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhgb_getpgid" lineno="47">
+<summary>
+Get the process group of rhgb.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhgb_signal" lineno="65">
+<summary>
+Send generic signals to rhgb.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhgb_rw_stream_sockets" lineno="84">
+<summary>
+Read and write inherited rhgb unix
+domain stream sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhgb_dontaudit_rw_stream_sockets" lineno="103">
+<summary>
+Do not audit attempts to read and write
+rhgb unix domain stream sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="rhgb_stream_connect" lineno="122">
+<summary>
+Connected to rhgb with a unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhgb_rw_shm" lineno="141">
+<summary>
+Read and write to rhgb shared memory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhgb_use_ptys" lineno="159">
+<summary>
+Read and write rhgb pty devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhgb_dontaudit_use_ptys" lineno="179">
+<summary>
+Do not audit attempts to read and
+write rhgb pty devices.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="rhgb_rw_tmpfs_files" lineno="197">
+<summary>
+Read and write to rhgb tmpfs files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="rhsmcertd" filename="policy/modules/services/rhsmcertd.if">
+<summary>Subscription Management Certificate Daemon.</summary>
+<interface name="rhsmcertd_domtrans" lineno="13">
+<summary>
+Execute rhsmcertd in the rhsmcertd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="rhsmcertd_initrc_domtrans" lineno="33">
+<summary>
+Execute rhsmcertd init scripts
+in the initrc domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="rhsmcertd_read_log" lineno="52">
+<summary>
+Read rhsmcertd log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="rhsmcertd_append_log" lineno="71">
+<summary>
+Append rhsmcertd log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhsmcertd_manage_log" lineno="91">
+<summary>
+Create, read, write, and delete
+rhsmcertd log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhsmcertd_search_lib" lineno="112">
+<summary>
+Search rhsmcertd lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhsmcertd_read_lib_files" lineno="131">
+<summary>
+Read rhsmcertd lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhsmcertd_manage_lib_files" lineno="151">
+<summary>
+Create, read, write, and delete
+rhsmcertd lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhsmcertd_manage_lib_dirs" lineno="171">
+<summary>
+Create, read, write, and delete
+rhsmcertd lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhsmcertd_read_pid_files" lineno="190">
+<summary>
+Read rhsmcertd pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhsmcertd_stream_connect" lineno="210">
+<summary>
+Connect to rhsmcertd with a
+unix domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhsmcertd_dbus_chat" lineno="230">
+<summary>
+Send and receive messages from
+rhsmcertd over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rhsmcertd_dontaudit_dbus_chat" lineno="252">
+<summary>
+Do not audit attempts to send
+and receive messages from
+rhsmcertd over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="rhsmcertd_admin" lineno="279">
+<summary>
+All of the rules required to
+administrate an rhsmcertd environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="ricci" filename="policy/modules/services/ricci.if">
+<summary>Ricci cluster management agent.</summary>
+<interface name="ricci_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run ricci.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ricci_domtrans_modcluster" lineno="33">
+<summary>
+Execute a domain transition to
+run ricci modcluster.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ricci_dontaudit_use_modcluster_fds" lineno="53">
+<summary>
+Do not audit attempts to use
+ricci modcluster file descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="ricci_dontaudit_rw_modcluster_pipes" lineno="72">
+<summary>
+Do not audit attempts to read write
+ricci modcluster unamed pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="ricci_stream_connect_modclusterd" lineno="91">
+<summary>
+Connect to ricci_modclusterd with
+a unix domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ricci_domtrans_modlog" lineno="111">
+<summary>
+Execute a domain transition to
+run ricci modlog.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ricci_domtrans_modrpm" lineno="131">
+<summary>
+Execute a domain transition to
+run ricci modrpm.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ricci_domtrans_modservice" lineno="151">
+<summary>
+Execute a domain transition to
+run ricci modservice.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ricci_domtrans_modstorage" lineno="171">
+<summary>
+Execute a domain transition to
+run ricci modstorage.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ricci_admin" lineno="197">
+<summary>
+All of the rules required to
+administrate an ricci environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="rlogin" filename="policy/modules/services/rlogin.if">
+<summary>Remote login daemon.</summary>
+<interface name="rlogin_domtrans" lineno="13">
+<summary>
+Execute rlogind in the rlogin domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<template name="rlogin_read_home_content" lineno="32">
+<summary>
+Read rlogin user home content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</template>
+<interface name="rlogin_manage_rlogind_home_files" lineno="54">
+<summary>
+Create, read, write, and delete
+rlogind home files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rlogin_relabel_rlogind_home_files" lineno="73">
+<summary>
+Relabel rlogind home files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rlogin_home_filetrans_logind_home" lineno="103">
+<summary>
+Create objects in user home
+directories with the rlogind home type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+Class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="rlogin_manage_rlogind_tmp_content" lineno="122">
+<summary>
+Create, read, write, and delete
+rlogind temporary content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rlogin_relabel_rlogind_tmp_content" lineno="142">
+<summary>
+Relabel rlogind temporary content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="rngd" filename="policy/modules/services/rngd.if">
+<summary>Check and feed random data from hardware device to kernel random device.</summary>
+<interface name="rngd_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an rng environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="roundup" filename="policy/modules/services/roundup.if">
+<summary>Roundup Issue Tracking System.</summary>
+<interface name="roundup_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an roundup environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="rpc" filename="policy/modules/services/rpc.if">
+<summary>Remote Procedure Call Daemon.</summary>
+<interface name="rpc_stub" lineno="13">
+<summary>
+RPC stub interface.  No access allowed.
+</summary>
+<param name="domain" unused="true">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<template name="rpc_domain_template" lineno="29">
+<summary>
+The template to define a rpc domain.
+</summary>
+<param name="domain_prefix">
+<summary>
+Domain prefix to be used.
+</summary>
+</param>
+</template>
+<interface name="rpc_dontaudit_getattr_exports" lineno="64">
+<summary>
+Do not audit attempts to get
+attributes of export files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="rpc_read_exports" lineno="82">
+<summary>
+Read export files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpc_write_exports" lineno="100">
+<summary>
+Write export files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpc_domtrans_nfsd" lineno="118">
+<summary>
+Execute nfsd in the nfsd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="rpc_initrc_domtrans_nfsd" lineno="138">
+<summary>
+Execute nfsd init scripts in
+the initrc domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="rpc_domtrans_rpcd" lineno="156">
+<summary>
+Execute rpcd in the rpcd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="rpc_initrc_domtrans_rpcd" lineno="176">
+<summary>
+Execute rpcd init scripts in
+the initrc domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="rpc_read_nfs_content" lineno="195">
+<summary>
+Read nfs exported content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="rpc_manage_nfs_rw_content" lineno="217">
+<summary>
+Create, read, write, and delete
+nfs exported read write content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="rpc_manage_nfs_ro_content" lineno="239">
+<summary>
+Create, read, write, and delete
+nfs exported read only content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="rpc_tcp_rw_nfs_sockets" lineno="259">
+<summary>
+Read and write to nfsd tcp sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpc_udp_rw_nfs_sockets" lineno="277">
+<summary>
+Read and write to nfsd udp sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpc_search_nfs_state_data" lineno="295">
+<summary>
+Search nfs lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpc_read_nfs_state_data" lineno="314">
+<summary>
+Read nfs lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpc_manage_nfs_state_data" lineno="334">
+<summary>
+Create, read, write, and delete
+nfs lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpc_admin" lineno="364">
+<summary>
+All of the rules required to
+administrate an rpc environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="allow_gssd_read_tmp" dftval="false">
+<desc>
+<p>
+Determine whether gssd can read
+generic user temporary content.
+</p>
+</desc>
+</tunable>
+<tunable name="allow_gssd_write_tmp" dftval="false">
+<desc>
+<p>
+Determine whether gssd can write
+generic user temporary content.
+</p>
+</desc>
+</tunable>
+<tunable name="allow_nfsd_anon_write" dftval="false">
+<desc>
+<p>
+Determine whether nfs can modify
+public files used for public file
+transfer services. Directories/Files must
+be labeled public_content_rw_t.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="rpcbind" filename="policy/modules/services/rpcbind.if">
+<summary>Universal Addresses to RPC Program Number Mapper.</summary>
+<interface name="rpcbind_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run rpcbind.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="rpcbind_stream_connect" lineno="33">
+<summary>
+Connect to rpcbind with a
+unix domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpcbind_read_pid_files" lineno="52">
+<summary>
+Read rpcbind pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpcbind_search_lib" lineno="71">
+<summary>
+Search rpcbind lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpcbind_read_lib_files" lineno="90">
+<summary>
+Read rpcbind lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpcbind_manage_lib_files" lineno="110">
+<summary>
+Create, read, write, and delete
+rpcbind lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpcbind_signull" lineno="129">
+<summary>
+Send null signals to rpcbind.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rpcbind_admin" lineno="154">
+<summary>
+All of the rules required to
+administrate an rpcbind environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="rshd" filename="policy/modules/services/rshd.if">
+<summary>Remote shell service.</summary>
+<interface name="rshd_domtrans" lineno="13">
+<summary>
+Execute rshd in the rshd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+</module>
+<module name="rsync" filename="policy/modules/services/rsync.if">
+<summary>Fast incremental file transfer for synchronization.</summary>
+<interface name="rsync_entry_type" lineno="14">
+<summary>
+Make rsync executable file an
+entry point for the specified domain.
+</summary>
+<param name="domain">
+<summary>
+The domain for which rsync_exec_t is an entrypoint.
+</summary>
+</param>
+</interface>
+<interface name="rsync_entry_spec_domtrans" lineno="47">
+<summary>
+Execute a rsync in a specified domain.
+</summary>
+<desc>
+<p>
+Execute a rsync in a specified domain.
+</p>
+<p>
+No interprocess communication (signals, pipes,
+etc.) is provided by this interface since
+the domains are not owned by this module.
+</p>
+</desc>
+<param name="source_domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="target_domain">
+<summary>
+Domain to transition to.
+</summary>
+</param>
+</interface>
+<interface name="rsync_entry_domtrans" lineno="81">
+<summary>
+Execute a rsync in a specified domain.
+</summary>
+<desc>
+<p>
+Execute a rsync in a specified domain.
+</p>
+<p>
+No interprocess communication (signals, pipes,
+etc.) is provided by this interface since
+the domains are not owned by this module.
+</p>
+</desc>
+<param name="source_domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="target_domain">
+<summary>
+Domain to transition to.
+</summary>
+</param>
+</interface>
+<interface name="rsync_domtrans" lineno="100">
+<summary>
+Execute the rsync program in the rsync domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="rsync_run" lineno="125">
+<summary>
+Execute rsync in the rsync domain, and
+allow the specified role the rsync domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rsync_exec" lineno="144">
+<summary>
+Execute rsync in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rsync_read_config" lineno="163">
+<summary>
+Read rsync config files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rsync_write_config" lineno="182">
+<summary>
+Write rsync config files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rsync_manage_config_files" lineno="202">
+<summary>
+Create, read, write, and delete
+rsync config files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rsync_etc_filetrans_config" lineno="232">
+<summary>
+Create specified objects in etc directories
+with rsync etc type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+Class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="rsync_admin" lineno="257">
+<summary>
+All of the rules required to
+administrate an rsync environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role" unused="true">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="rsync_use_cifs" dftval="false">
+<desc>
+<p>
+Determine whether rsync can use
+cifs file systems.
+</p>
+</desc>
+</tunable>
+<tunable name="rsync_use_fusefs" dftval="false">
+<desc>
+<p>
+Determine whether rsync can
+use fuse file systems.
+</p>
+</desc>
+</tunable>
+<tunable name="rsync_use_nfs" dftval="false">
+<desc>
+<p>
+Determine whether rsync can use
+nfs file systems.
+</p>
+</desc>
+</tunable>
+<tunable name="rsync_client" dftval="false">
+<desc>
+<p>
+Determine whether rsync can
+run as a client
+</p>
+</desc>
+</tunable>
+<tunable name="rsync_export_all_ro" dftval="false">
+<desc>
+<p>
+Determine whether rsync can
+export all content read only.
+</p>
+</desc>
+</tunable>
+<tunable name="allow_rsync_anon_write" dftval="false">
+<desc>
+<p>
+Determine whether rsync can modify
+public files used for public file
+transfer services. Directories/Files must
+be labeled public_content_rw_t.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="rtkit" filename="policy/modules/services/rtkit.if">
+<summary>Realtime scheduling for user processes.</summary>
+<interface name="rtkit_daemon_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run rtkit_daemon.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="rtkit_daemon_dbus_chat" lineno="33">
+<summary>
+Send and receive messages from
+rtkit_daemon over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rtkit_scheduled" lineno="53">
+<summary>
+Allow rtkit to control scheduling for your process.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rtkit_admin" lineno="85">
+<summary>
+All of the rules required to
+administrate an rtkit environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="rwho" filename="policy/modules/services/rwho.if">
+<summary>Who is logged in on other machines?</summary>
+<interface name="rwho_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run rwho.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="rwho_search_log" lineno="32">
+<summary>
+Search rwho log directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rwho_read_log_files" lineno="51">
+<summary>
+Read rwho log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rwho_search_spool" lineno="71">
+<summary>
+Search rwho spool directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rwho_read_spool_files" lineno="90">
+<summary>
+Read rwho spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rwho_manage_spool_files" lineno="110">
+<summary>
+Create, read, write, and delete
+rwho spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="rwho_admin" lineno="136">
+<summary>
+All of the rules required to
+administrate an rwho environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="samba" filename="policy/modules/services/samba.if">
+<summary>SMB and CIFS client/server programs.</summary>
+<interface name="samba_domtrans_nmbd" lineno="13">
+<summary>
+Execute nmbd in the nmbd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="samba_signal_nmbd" lineno="32">
+<summary>
+Send generic signals to nmbd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="samba_stream_connect_nmbd" lineno="50">
+<summary>
+Connect to nmbd with a unix domain
+stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="samba_initrc_domtrans" lineno="70">
+<summary>
+Execute samba init scripts in
+the init script domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="samba_domtrans_net" lineno="88">
+<summary>
+Execute samba net in the samba net domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="samba_run_net" lineno="115">
+<summary>
+Execute samba net in the samba net
+domain, and allow the specified
+role the samba net domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="samba_domtrans_smbmount" lineno="134">
+<summary>
+Execute smbmount in the smbmount domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="samba_run_smbmount" lineno="161">
+<summary>
+Execute smbmount in the smbmount
+domain, and allow the specified
+role the smbmount domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="samba_read_config" lineno="181">
+<summary>
+Read samba configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="samba_rw_config" lineno="201">
+<summary>
+Read and write samba configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="samba_manage_config" lineno="222">
+<summary>
+Create, read, write, and delete
+samba configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="samba_read_log" lineno="243">
+<summary>
+Read samba log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="samba_append_log" lineno="264">
+<summary>
+Append to samba log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="samba_exec_log" lineno="284">
+<summary>
+Execute samba log files in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="samba_read_secrets" lineno="303">
+<summary>
+Read samba secret files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="samba_read_share_files" lineno="322">
+<summary>
+Read samba share files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="samba_search_var" lineno="341">
+<summary>
+Search samba var directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="samba_read_var_files" lineno="360">
+<summary>
+Read samba var files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="samba_dontaudit_write_var_files" lineno="380">
+<summary>
+Do not audit attempts to write
+samba var files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="samba_rw_var_files" lineno="398">
+<summary>
+Read and write samba var files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="samba_manage_var_files" lineno="418">
+<summary>
+Create, read, write, and delete
+samba var files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="samba_domtrans_smbcontrol" lineno="437">
+<summary>
+Execute smbcontrol in the smbcontrol domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="samba_run_smbcontrol" lineno="463">
+<summary>
+Execute smbcontrol in the smbcontrol
+domain, and allow the specified
+role the smbcontrol domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+<interface name="samba_domtrans_smbd" lineno="482">
+<summary>
+Execute smbd in the smbd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="samba_signal_smbd" lineno="501">
+<summary>
+Send generic signals to smbd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="samba_dontaudit_use_fds" lineno="519">
+<summary>
+Do not audit attempts to inherit
+and use smbd file descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="samba_write_smbmount_tcp_sockets" lineno="537">
+<summary>
+Write smbmount tcp sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="samba_rw_smbmount_tcp_sockets" lineno="555">
+<summary>
+Read and write smbmount tcp sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="samba_domtrans_winbind_helper" lineno="574">
+<summary>
+Execute winbind helper in the
+winbind helper domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="samba_getattr_winbind_exec" lineno="593">
+<summary>
+Get attributes of winbind executable files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="samba_run_winbind_helper" lineno="619">
+<summary>
+Execute winbind helper in the winbind
+helper domain, and allow the specified
+role the winbind helper domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="samba_read_winbind_pid" lineno="638">
+<summary>
+Read winbind pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="samba_stream_connect_winbind" lineno="658">
+<summary>
+Connect to winbind with a unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="samba_admin" lineno="684">
+<summary>
+All of the rules required to
+administrate an samba environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="samba_read_shadow" dftval="false">
+<desc>
+<p>
+Determine whether smbd_t can
+read shadow files.
+</p>
+</desc>
+</tunable>
+<tunable name="allow_smbd_anon_write" dftval="false">
+<desc>
+<p>
+Determine whether samba can modify
+public files used for public file
+transfer services. Directories/Files must
+be labeled public_content_rw_t.
+</p>
+</desc>
+</tunable>
+<tunable name="samba_create_home_dirs" dftval="false">
+<desc>
+<p>
+Determine whether samba can
+create home directories via pam.
+</p>
+</desc>
+</tunable>
+<tunable name="samba_domain_controller" dftval="false">
+<desc>
+<p>
+Determine whether samba can act as the
+domain controller, add users, groups
+and change passwords.
+</p>
+</desc>
+</tunable>
+<tunable name="samba_portmapper" dftval="false">
+<desc>
+<p>
+Determine whether samba can
+act as a portmapper.
+</p>
+</desc>
+</tunable>
+<tunable name="samba_enable_home_dirs" dftval="false">
+<desc>
+<p>
+Determine whether samba can share
+users home directories.
+</p>
+</desc>
+</tunable>
+<tunable name="samba_export_all_ro" dftval="false">
+<desc>
+<p>
+Determine whether samba can share
+any content read only.
+</p>
+</desc>
+</tunable>
+<tunable name="samba_export_all_rw" dftval="false">
+<desc>
+<p>
+Determine whether samba can share any
+content readable and writable.
+</p>
+</desc>
+</tunable>
+<tunable name="samba_run_unconfined" dftval="false">
+<desc>
+<p>
+Determine whether samba can
+run unconfined scripts.
+</p>
+</desc>
+</tunable>
+<tunable name="samba_share_nfs" dftval="false">
+<desc>
+<p>
+Determine whether samba can
+use nfs file systems.
+</p>
+</desc>
+</tunable>
+<tunable name="samba_share_fusefs" dftval="false">
+<desc>
+<p>
+Determine whether samba can
+use fuse file systems.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="sanlock" filename="policy/modules/services/sanlock.if">
+<summary>shared storage lock manager.</summary>
+<interface name="sanlock_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run sanlock.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sanlock_initrc_domtrans" lineno="33">
+<summary>
+Execute sanlock init scripts in
+the initrc domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="sanlock_manage_pid_files" lineno="52">
+<summary>
+Create, read, write, and delete
+sanlock pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sanlock_stream_connect" lineno="72">
+<summary>
+Connect to sanlock with a unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sanlock_admin" lineno="98">
+<summary>
+All of the rules required to
+administrate an sanlock environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="sanlock_use_nfs" dftval="false">
+<desc>
+<p>
+Determine whether sanlock can use
+nfs file systems.
+</p>
+</desc>
+</tunable>
+<tunable name="sanlock_use_samba" dftval="false">
+<desc>
+<p>
+Determine whether sanlock can use
+cifs file systems.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="sasl" filename="policy/modules/services/sasl.if">
+<summary>SASL authentication server.</summary>
+<interface name="sasl_connect" lineno="13">
+<summary>
+Connect to SASL.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sasl_admin" lineno="39">
+<summary>
+All of the rules required to
+administrate an sasl environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="allow_saslauthd_read_shadow" dftval="false">
+<desc>
+<p>
+Determine whether sasl can
+read shadow files.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="sendmail" filename="policy/modules/services/sendmail.if">
+<summary>Internetwork email routing facility.</summary>
+<interface name="sendmail_stub" lineno="13">
+<summary>
+Sendmail stub interface.  No access allowed.
+</summary>
+<param name="domain" unused="true">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sendmail_rw_pipes" lineno="29">
+<summary>
+Read and write sendmail unnamed pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sendmail_domtrans" lineno="47">
+<summary>
+Execute a domain transition to run sendmail.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="sendmail_run" lineno="78">
+<summary>
+Execute the sendmail program in the
+sendmail domain, and allow the
+specified role the sendmail domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="sendmail_signal" lineno="97">
+<summary>
+Send generic signals to sendmail.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sendmail_rw_tcp_sockets" lineno="115">
+<summary>
+Read and write sendmail TCP sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sendmail_dontaudit_rw_tcp_sockets" lineno="134">
+<summary>
+Do not audit attempts to read and write
+sendmail TCP sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="sendmail_rw_unix_stream_sockets" lineno="153">
+<summary>
+Read and write sendmail unix
+domain stream sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sendmail_dontaudit_rw_unix_stream_sockets" lineno="172">
+<summary>
+Do not audit attempts to read and write
+sendmail unix_stream_sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="sendmail_read_log" lineno="191">
+<summary>
+Read sendmail log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="sendmail_manage_log" lineno="212">
+<summary>
+Create, read, write, and delete
+sendmail log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="sendmail_log_filetrans_sendmail_log" lineno="242">
+<summary>
+Create specified objects in generic
+log directories sendmail log file type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+Class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="sendmail_manage_tmp_files" lineno="261">
+<summary>
+Create, read, write, and delete
+sendmail tmp files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sendmail_domtrans_unconfined" lineno="280">
+<summary>
+Execute sendmail in the unconfined sendmail domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="sendmail_run_unconfined" lineno="311">
+<summary>
+Execute sendmail in the unconfined
+sendmail domain, and allow the
+specified role the unconfined
+sendmail domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="sendmail_admin" lineno="337">
+<summary>
+All of the rules required to
+administrate an sendmail environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="sensord" filename="policy/modules/services/sensord.if">
+<summary>Sensor information logging daemon.</summary>
+<interface name="sensord_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an sensord environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="setroubleshoot" filename="policy/modules/services/setroubleshoot.if">
+<summary>SELinux troubleshooting service.</summary>
+<interface name="setroubleshoot_stream_connect" lineno="14">
+<summary>
+Connect to setroubleshootd with a
+unix domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="setroubleshoot_dontaudit_stream_connect" lineno="36">
+<summary>
+Do not audit attempts to connect to
+setroubleshootd with a unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="setroubleshoot_signull" lineno="55">
+<summary>
+Send null signals to setroubleshoot.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="setroubleshoot_dbus_chat" lineno="74">
+<summary>
+Send and receive messages from
+setroubleshoot over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="setroubleshoot_dontaudit_dbus_chat" lineno="95">
+<summary>
+Do not audit send and receive messages from
+setroubleshoot over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="setroubleshoot_dbus_chat_fixit" lineno="116">
+<summary>
+Send and receive messages from
+setroubleshoot fixit over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="setroubleshoot_admin" lineno="143">
+<summary>
+All of the rules required to
+administrate an setroubleshoot environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role" unused="true">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="shibboleth" filename="policy/modules/services/shibboleth.if">
+<summary>Shibboleth authentication deamon</summary>
+<interface name="shibboleth_read_config" lineno="14">
+<summary>
+Allow your application domain to access
+config files from shibboleth
+</summary>
+<param name="domain">
+<summary>
+The domain which should be enabled.
+</summary>
+</param>
+</interface>
+<interface name="shibboleth_stream_connect" lineno="32">
+<summary>
+Allow the specified domain to connect to shibboleth with a unix socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="slpd" filename="policy/modules/services/slpd.if">
+<summary>OpenSLP server daemon to dynamically register services.</summary>
+<interface name="slpd_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an slpd environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="slrnpull" filename="policy/modules/services/slrnpull.if">
+<summary>Service for downloading news feeds the slrn newsreader.</summary>
+<interface name="slrnpull_search_spool" lineno="13">
+<summary>
+Search slrnpull spool directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="slrnpull_manage_spool" lineno="33">
+<summary>
+Create, read, write, and delete
+slrnpull spool content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="smartmon" filename="policy/modules/services/smartmon.if">
+<summary>Smart disk monitoring daemon.</summary>
+<interface name="smartmon_read_tmp_files" lineno="13">
+<summary>
+Read smartmon temporary files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="smartmon_admin" lineno="39">
+<summary>
+All of the rules required to
+administrate an smartmon environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="smartmon_3ware" dftval="false">
+<desc>
+<p>
+Determine whether smartmon can support
+devices on 3ware controllers.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="smokeping" filename="policy/modules/services/smokeping.if">
+<summary>Smokeping network latency measurement.</summary>
+<interface name="smokeping_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run smokeping.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="smokeping_initrc_domtrans" lineno="33">
+<summary>
+Execute smokeping init scripts in
+the initrc domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="smokeping_read_pid_files" lineno="51">
+<summary>
+Read smokeping pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="smokeping_manage_pid_files" lineno="71">
+<summary>
+Create, read, write, and delete
+smokeping pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="smokeping_getattr_lib_files" lineno="90">
+<summary>
+Get attributes of smokeping lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="smokeping_read_lib_files" lineno="109">
+<summary>
+Read smokeping lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="smokeping_manage_lib_files" lineno="129">
+<summary>
+Create, read, write, and delete
+smokeping lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="smokeping_admin" lineno="155">
+<summary>
+All of the rules required to
+administrate a smokeping environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="allow_httpd_smokeping_cgi_script_anon_write" dftval="false">
+<desc>
+<p>
+Determine whether the script domain can
+modify public files used for public file
+transfer services. Directories/Files must
+be labeled public_content_rw_t.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="smstools" filename="policy/modules/services/smstools.if">
+<summary> Tools to send and receive short messages through GSM modems or mobile phones.</summary>
+<interface name="smstools_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an smstools environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="snmp" filename="policy/modules/services/snmp.if">
+<summary>Simple network management protocol services.</summary>
+<interface name="snmp_stream_connect" lineno="14">
+<summary>
+Connect to snmpd with a unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="snmp_tcp_connect" lineno="33">
+<summary>
+Connect to snmp over the TCP network.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="snmp_manage_var_lib_dirs" lineno="55">
+<summary>
+Create, read, write, and delete
+snmp lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="snmp_manage_var_lib_files" lineno="75">
+<summary>
+Create, read, write, and delete
+snmp lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="snmp_read_snmp_var_lib_files" lineno="95">
+<summary>
+Read snmpd lib content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="snmp_dontaudit_read_snmp_var_lib_files" lineno="116">
+<summary>
+Do not audit attempts to read
+snmpd lib content.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="snmp_dontaudit_write_snmp_var_lib_files" lineno="137">
+<summary>
+Do not audit attempts to write
+snmpd lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="snmp_admin" lineno="162">
+<summary>
+All of the rules required to
+administrate an snmp environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="snmp_append_var_lib_files" lineno="195">
+<summary>
+Append to the snmp variable lib data
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="snort" filename="policy/modules/services/snort.if">
+<summary>Snort network intrusion detection system.</summary>
+<interface name="snort_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run snort.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="snort_admin" lineno="39">
+<summary>
+All of the rules required to
+administrate an snort environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="soundserver" filename="policy/modules/services/soundserver.if">
+<summary>sound server for network audio server programs, nasd, yiff, etc</summary>
+<interface name="soundserver_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an soundd environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="spamassassin" filename="policy/modules/services/spamassassin.if">
+<summary>Filter used for removing unsolicited email.</summary>
+<interface name="spamassassin_role" lineno="18">
+<summary>
+Role access for spamassassin.
+</summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<param name="domain">
+<summary>
+User domain for the role.
+</summary>
+</param>
+</interface>
+<interface name="spamassassin_run_update" lineno="57">
+<summary>
+Execute sa-update in the spamd-update domain,
+and allow the specified role
+the spamd-update domain. Also allow transitive
+access to the private gpg domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+<interface name="spamassassin_exec" lineno="77">
+<summary>
+Execute the standalone spamassassin
+program in the caller directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="spamassassin_signal_spamd" lineno="96">
+<summary>
+Send generic signals to spamd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="spamassassin_exec_spamd" lineno="114">
+<summary>
+Execute spamd in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="spamassassin_domtrans_client" lineno="133">
+<summary>
+Execute spamc in the spamc domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="spamassassin_exec_client" lineno="152">
+<summary>
+Execute spamc in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="spamassassin_kill_client" lineno="171">
+<summary>
+Send kill signals to spamc.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="spamassassin_domtrans_local_client" lineno="190">
+<summary>
+Execute spamassassin standalone client
+in the user spamassassin domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="spamassassin_manage_spamd_home_content" lineno="210">
+<summary>
+Create, read, write, and delete
+spamd home content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="spamassassin_relabel_spamd_home_content" lineno="231">
+<summary>
+Relabel spamd home content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="spamassassin_home_filetrans_spamd_home" lineno="263">
+<summary>
+Create objects in user home
+directories with the spamd home type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+Class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="spamassassin_read_lib_files" lineno="281">
+<summary>
+Read spamd lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="spamassassin_manage_lib_files" lineno="301">
+<summary>
+Create, read, write, and delete
+spamd lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="spamassassin_read_spamd_pid_files" lineno="320">
+<summary>
+Read spamd pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="spamassassin_read_spamd_tmp_files" lineno="339">
+<summary>
+Read temporary spamd files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="spamassassin_dontaudit_getattr_spamd_tmp_sockets" lineno="358">
+<summary>
+Do not audit attempts to get
+attributes of temporary spamd sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="spamassassin_stream_connect_spamd" lineno="377">
+<summary>
+Connect to spamd with a unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="spamassassin_admin" lineno="403">
+<summary>
+All of the rules required to
+administrate an spamassassin environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="spamassassin_can_network" dftval="false">
+<desc>
+<p>
+Determine whether spamassassin
+clients can use the network.
+</p>
+</desc>
+</tunable>
+<tunable name="spamd_enable_home_dirs" dftval="false">
+<desc>
+<p>
+Determine whether spamd can manage
+generic user home content.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="speedtouch" filename="policy/modules/services/speedtouch.if">
+<summary>Alcatel speedtouch USB ADSL modem</summary>
+</module>
+<module name="squid" filename="policy/modules/services/squid.if">
+<summary>Squid caching http proxy server.</summary>
+<interface name="squid_domtrans" lineno="13">
+<summary>
+Execute squid in the squid domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="squid_exec" lineno="32">
+<summary>
+Execute squid in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="squid_signal" lineno="51">
+<summary>
+Send generic signals to squid.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="squid_rw_stream_sockets" lineno="70">
+<summary>
+Read and write squid unix
+domain stream sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="squid_dontaudit_search_cache" lineno="90">
+<summary>
+Do not audit attempts to search
+squid cache directories.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="squid_read_config" lineno="109">
+<summary>
+Read squid configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="squid_read_log" lineno="129">
+<summary>
+Read squid log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="squid_append_log" lineno="148">
+<summary>
+Append squid log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="squid_manage_logs" lineno="169">
+<summary>
+Create, read, write, and delete
+squid log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="squid_dontaudit_read_tmpfs_files" lineno="189">
+<summary>
+dontaudit statting tmpfs files
+</summary>
+<param name="domain">
+<summary>
+Domain to not be audited
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="squid_admin" lineno="214">
+<summary>
+All of the rules required to
+administrate an squid environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="squid_connect_any" dftval="false">
+<desc>
+<p>
+Determine whether squid can
+connect to all TCP ports.
+</p>
+</desc>
+</tunable>
+<tunable name="squid_use_tproxy" dftval="false">
+<desc>
+<p>
+Determine whether squid can run
+as a transparent proxy.
+</p>
+</desc>
+</tunable>
+<tunable name="squid_use_pinger" dftval="true">
+<desc>
+<p>
+Determine whether squid can use the
+pinger daemon (needs raw net access)
+</p>
+</desc>
+</tunable>
+<tunable name="allow_httpd_squid_script_anon_write" dftval="false">
+<desc>
+<p>
+Determine whether the script domain can
+modify public files used for public file
+transfer services. Directories/Files must
+be labeled public_content_rw_t.
+</p>
+</desc>
+</tunable>
+</module>
 <module name="ssh" filename="policy/modules/services/ssh.if">
 <summary>Secure shell client and server policy.</summary>
 <template name="ssh_basic_client_template" lineno="34">
@@ -83672,7 +108142,7 @@ is the prefix for sshd_t).
 </summary>
 </param>
 </template>
-<template name="ssh_role_template" lineno="296">
+<template name="ssh_role_template" lineno="301">
 <summary>
 Role access for ssh
 </summary>
@@ -83693,7 +108163,7 @@ User domain for the role
 </summary>
 </param>
 </template>
-<interface name="ssh_sigchld" lineno="440">
+<interface name="ssh_sigchld" lineno="455">
 <summary>
 Send a SIGCHLD signal to the ssh server.
 </summary>
@@ -83703,7 +108173,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="ssh_signal" lineno="458">
+<interface name="ssh_signal" lineno="473">
 <summary>
 Send a generic signal to the ssh server.
 </summary>
@@ -83713,7 +108183,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="ssh_signull" lineno="476">
+<interface name="ssh_signull" lineno="491">
 <summary>
 Send a null signal to sshd processes.
 </summary>
@@ -83723,7 +108193,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="ssh_read_pipes" lineno="494">
+<interface name="ssh_read_pipes" lineno="509">
 <summary>
 Read a ssh server unnamed pipe.
 </summary>
@@ -83733,7 +108203,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="ssh_rw_pipes" lineno="511">
+<interface name="ssh_rw_pipes" lineno="526">
 <summary>
 Read and write a ssh server unnamed pipe.
 </summary>
@@ -83743,7 +108213,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="ssh_rw_stream_sockets" lineno="529">
+<interface name="ssh_rw_stream_sockets" lineno="544">
 <summary>
 Read and write ssh server unix domain stream sockets.
 </summary>
@@ -83753,7 +108223,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="ssh_rw_tcp_sockets" lineno="547">
+<interface name="ssh_rw_tcp_sockets" lineno="562">
 <summary>
 Read and write ssh server TCP sockets.
 </summary>
@@ -83763,7 +108233,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="ssh_dontaudit_rw_tcp_sockets" lineno="566">
+<interface name="ssh_dontaudit_rw_tcp_sockets" lineno="581">
 <summary>
 Do not audit attempts to read and write
 ssh server TCP sockets.
@@ -83774,9 +108244,9 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="ssh_tcp_connect" lineno="584">
+<interface name="ssh_exec_sshd" lineno="599">
 <summary>
-Connect to SSH daemons over TCP sockets.  (Deprecated)
+Execute the ssh daemon in the caller domain.
 </summary>
 <param name="domain">
 <summary>
@@ -83784,7 +108254,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="ssh_domtrans" lineno="598">
+<interface name="ssh_domtrans" lineno="618">
 <summary>
 Execute the ssh daemon sshd domain.
 </summary>
@@ -83794,7 +108264,7 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="ssh_exec" lineno="616">
+<interface name="ssh_exec" lineno="636">
 <summary>
 Execute the ssh client in the caller domain.
 </summary>
@@ -83804,7 +108274,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="ssh_setattr_key_files" lineno="635">
+<interface name="ssh_setattr_key_files" lineno="655">
 <summary>
 Set the attributes of sshd key files.
 </summary>
@@ -83814,7 +108284,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="ssh_agent_exec" lineno="654">
+<interface name="ssh_agent_exec" lineno="674">
 <summary>
 Execute the ssh agent client in the caller domain.
 </summary>
@@ -83824,7 +108294,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="ssh_read_user_home_files" lineno="673">
+<interface name="ssh_read_user_home_files" lineno="693">
 <summary>
 Read ssh home directory content
 </summary>
@@ -83834,7 +108304,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="ssh_domtrans_keygen" lineno="694">
+<interface name="ssh_domtrans_keygen" lineno="714">
 <summary>
 Execute the ssh key generator in the ssh keygen domain.
 </summary>
@@ -83844,7 +108314,7 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="ssh_dontaudit_read_server_keys" lineno="712">
+<interface name="ssh_dontaudit_read_server_keys" lineno="732">
 <summary>
 Read ssh server keys
 </summary>
@@ -83854,7 +108324,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="ssh_manage_home_files" lineno="730">
+<interface name="ssh_manage_home_files" lineno="750">
 <summary>
 Manage ssh home directory content
 </summary>
@@ -83864,7 +108334,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="ssh_delete_tmp" lineno="749">
+<interface name="ssh_delete_tmp" lineno="769">
 <summary>
 Delete from the ssh temp files.
 </summary>
@@ -83888,6 +108358,2221 @@ Allow ssh logins as sysadm_r:sysadm_t
 </p>
 </desc>
 </tunable>
+<tunable name="ssh_use_gpg_agent" dftval="false">
+<desc>
+<p>
+Allow ssh to use gpg-agent
+</p>
+</desc>
+</tunable>
+</module>
+<module name="sssd" filename="policy/modules/services/sssd.if">
+<summary>System Security Services Daemon.</summary>
+<interface name="sssd_getattr_exec" lineno="13">
+<summary>
+Get attributes of sssd executable files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sssd_domtrans" lineno="31">
+<summary>
+Execute a domain transition to run sssd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="sssd_initrc_domtrans" lineno="51">
+<summary>
+Execute sssd init scripts in
+the initrc domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="sssd_read_config" lineno="69">
+<summary>
+Read sssd configuration content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sssd_write_config" lineno="89">
+<summary>
+Write sssd configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sssd_manage_config" lineno="109">
+<summary>
+Create, read, write, and delete
+sssd configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sssd_read_public_files" lineno="128">
+<summary>
+Read sssd public files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sssd_manage_public_files" lineno="149">
+<summary>
+Create, read, write, and delete
+sssd public files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sssd_read_pid_files" lineno="168">
+<summary>
+Read sssd pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sssd_manage_pids" lineno="188">
+<summary>
+Create, read, write, and delete
+sssd pid content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sssd_search_lib" lineno="208">
+<summary>
+Search sssd lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sssd_dontaudit_search_lib" lineno="228">
+<summary>
+Do not audit attempts to search
+sssd lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="sssd_read_lib_files" lineno="246">
+<summary>
+Read sssd lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sssd_manage_lib_files" lineno="267">
+<summary>
+Create, read, write, and delete
+sssd lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sssd_dbus_chat" lineno="288">
+<summary>
+Send and receive messages from
+sssd over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sssd_stream_connect" lineno="309">
+<summary>
+Connect to sssd with a unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sssd_admin" lineno="335">
+<summary>
+All of the rules required to
+administrate an sssd environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="stubby" filename="policy/modules/services/stubby.if">
+<summary>DNS Privacy stub resolver.</summary>
+</module>
+<module name="stunnel" filename="policy/modules/services/stunnel.if">
+<summary>SSL Tunneling Proxy.</summary>
+<interface name="stunnel_service_domain" lineno="18">
+<summary>
+Define the specified domain as a stunnel inetd service.
+</summary>
+<param name="domain">
+<summary>
+The type associated with the stunnel inetd service process.
+</summary>
+</param>
+<param name="entrypoint">
+<summary>
+The type associated with the process program.
+</summary>
+</param>
+</interface>
+<interface name="stunnel_read_config" lineno="37">
+<summary>
+Read stunnel configuration content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="svnserve" filename="policy/modules/services/svnserve.if">
+<summary>Server for the svn repository access method.</summary>
+<interface name="svnserve_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an svnserve environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="sysstat" filename="policy/modules/services/sysstat.if">
+<summary>Reports on various system states.</summary>
+<interface name="sysstat_manage_log" lineno="15">
+<summary>
+Create, read, write, and delete
+sysstat log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="sysstat_admin" lineno="41">
+<summary>
+All of the rules required to
+administrate an sysstat environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="systemtap" filename="policy/modules/services/systemtap.if">
+<summary>instrumentation system for Linux.</summary>
+<interface name="stapserver_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an stapserver environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="tcpd" filename="policy/modules/services/tcpd.if">
+<summary>TCP daemon.</summary>
+<interface name="tcpd_domtrans" lineno="13">
+<summary>
+Execute tcpd in the tcpd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="tcpd_wrapped_domain" lineno="38">
+<summary>
+Create a domain for services that
+utilize tcp wrappers.
+</summary>
+<param name="domain">
+<summary>
+Type to be used as a domain.
+</summary>
+</param>
+<param name="entry_point">
+<summary>
+Type of the program to be used as an entry point to this domain.
+</summary>
+</param>
+</interface>
+</module>
+<module name="tcsd" filename="policy/modules/services/tcsd.if">
+<summary>TSS Core Services daemon.</summary>
+<interface name="tcsd_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run tcsd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="tcsd_initrc_domtrans" lineno="33">
+<summary>
+Execute tcsd init scripts in the
+initrc domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="tcsd_search_lib" lineno="51">
+<summary>
+Search tcsd lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="tcsd_manage_lib_dirs" lineno="71">
+<summary>
+Create, read, write, and delete
+tcsd lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="tcsd_read_lib_files" lineno="90">
+<summary>
+Read tcsd lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="tcsd_manage_lib_files" lineno="110">
+<summary>
+Create, read, write, and delete
+tcsd lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="tcsd_admin" lineno="136">
+<summary>
+All of the rules required to
+administrate an tcsd environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="telnet" filename="policy/modules/services/telnet.if">
+<summary>Telnet daemon.</summary>
+<interface name="telnet_use_ptys" lineno="13">
+<summary>
+Read and write telnetd pty devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="tftp" filename="policy/modules/services/tftp.if">
+<summary>Trivial file transfer protocol daemon.</summary>
+<interface name="tftp_read_content" lineno="13">
+<summary>
+Read tftp content files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="tftp_manage_rw_content" lineno="35">
+<summary>
+Create, read, write, and delete
+tftp rw content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="tftp_read_config_files" lineno="56">
+<summary>
+Read tftpd configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="tftp_manage_config_files" lineno="76">
+<summary>
+Create, read, write, and delete
+tftpd configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="tftp_etc_filetrans_config" lineno="106">
+<summary>
+Create objects in etc directories
+with tftp conf type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+Class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="tftp_filetrans_tftpdir" lineno="140">
+<summary>
+Create objects in tftpdir directories
+with a private type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="private_type">
+<summary>
+Private file type.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+Class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="tftp_admin" lineno="166">
+<summary>
+All of the rules required to
+administrate an tftp environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role" unused="true">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="tftp_anon_write" dftval="false">
+<desc>
+<p>
+Determine whether tftp can modify
+public files used for public file
+transfer services. Directories/Files must
+be labeled public_content_rw_t.
+</p>
+</desc>
+</tunable>
+<tunable name="tftp_enable_homedir" dftval="false">
+<desc>
+<p>
+Determine whether tftp can manage
+generic user home content.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="tgtd" filename="policy/modules/services/tgtd.if">
+<summary>Linux Target Framework Daemon.</summary>
+<interface name="tgtd_rw_semaphores" lineno="13">
+<summary>
+Read and write tgtd semaphores.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="tgtd_manage_semaphores" lineno="32">
+<summary>
+Create, read, write, and delete
+tgtd sempaphores.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="tgtd_stream_connect" lineno="51">
+<summary>
+Connect to tgtd with a unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="tgtd_admin" lineno="77">
+<summary>
+All of the rules required to
+administrate an tgtd environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="timidity" filename="policy/modules/services/timidity.if">
+<summary>MIDI to WAV converter and player configured as a service.</summary>
+</module>
+<module name="tor" filename="policy/modules/services/tor.if">
+<summary>The onion router.</summary>
+<interface name="tor_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run tor.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="tor_admin" lineno="39">
+<summary>
+All of the rules required to
+administrate an tor environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="tor_bind_all_unreserved_ports" dftval="false">
+<desc>
+<p>
+Determine whether tor can bind
+tcp sockets to all unreserved ports.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="transproxy" filename="policy/modules/services/transproxy.if">
+<summary>Portable Transparent Proxy Solution.</summary>
+<interface name="transproxy_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an transproxy environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="tuned" filename="policy/modules/services/tuned.if">
+<summary>Dynamic adaptive system tuning daemon.</summary>
+<interface name="tuned_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run tuned.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="tuned_exec" lineno="32">
+<summary>
+Execute tuned in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="tuned_read_pid_files" lineno="51">
+<summary>
+Read tuned pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="tuned_manage_pid_files" lineno="71">
+<summary>
+Create, read, write, and delete
+tuned pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="tuned_initrc_domtrans" lineno="91">
+<summary>
+Execute tuned init scripts in
+the initrc domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="tuned_admin" lineno="116">
+<summary>
+All of the rules required to
+administrate an tuned environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="ucspitcp" filename="policy/modules/services/ucspitcp.if">
+<summary>UNIX Client-Server Program Interface for TCP.</summary>
+<interface name="ucspitcp_service_domain" lineno="18">
+<summary>
+Define a specified domain as a ucspitcp service.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="entrypoint">
+<summary>
+The type associated with the process program.
+</summary>
+</param>
+</interface>
+</module>
+<module name="ulogd" filename="policy/modules/services/ulogd.if">
+<summary>Iptables/netfilter userspace logging daemon.</summary>
+<interface name="ulogd_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run ulogd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="ulogd_read_config" lineno="33">
+<summary>
+Read ulogd configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="ulogd_read_log" lineno="53">
+<summary>
+Read ulogd log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="ulogd_search_log" lineno="73">
+<summary>
+Search ulogd log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="ulogd_append_log" lineno="93">
+<summary>
+Append to ulogd log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="ulogd_admin" lineno="120">
+<summary>
+All of the rules required to
+administrate an ulogd environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="uptime" filename="policy/modules/services/uptime.if">
+<summary>Daemon to record and keep track of system up times.</summary>
+<interface name="uptime_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an uptime environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="usbmuxd" filename="policy/modules/services/usbmuxd.if">
+<summary>USB multiplexing daemon for communicating with Apple iPod Touch and iPhone.</summary>
+<interface name="usbmuxd_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run usbmuxd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="usbmuxd_stream_connect" lineno="33">
+<summary>
+Connect to usbmuxd with a unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="uucp" filename="policy/modules/services/uucp.if">
+<summary>Unix to Unix Copy.</summary>
+<interface name="uucp_domtrans" lineno="13">
+<summary>
+Execute uucico in the uucpd_t domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="uucp_append_log" lineno="32">
+<summary>
+Append uucp log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="uucp_manage_spool" lineno="53">
+<summary>
+Create, read, write, and delete
+uucp spool files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="uucp_domtrans_uux" lineno="74">
+<summary>
+Execute uux in the uux_t domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="uucp_admin" lineno="100">
+<summary>
+All of the rules required to
+administrate an uucp environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="uuidd" filename="policy/modules/services/uuidd.if">
+<summary>UUID generation daemon.</summary>
+<interface name="uuidd_domtrans" lineno="13">
+<summary>
+Execute uuidd in the uuidd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="uuidd_initrc_domtrans" lineno="33">
+<summary>
+Execute uuidd init scripts in
+the initrc domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="uuidd_search_lib" lineno="51">
+<summary>
+Search uuidd lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="uuidd_read_lib_files" lineno="70">
+<summary>
+Read uuidd lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="uuidd_manage_lib_files" lineno="90">
+<summary>
+Create, read, write, and delete
+uuidd lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="uuidd_manage_lib_dirs" lineno="110">
+<summary>
+Create, read, write, and delete
+uuidd lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="uuidd_read_pid_files" lineno="129">
+<summary>
+Read uuidd pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="uuidd_stream_connect_manager" lineno="149">
+<summary>
+Connect to uuidd with an unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="uuidd_admin" lineno="175">
+<summary>
+All of the rules required to
+administrate an uuidd environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="uwimap" filename="policy/modules/services/uwimap.if">
+<summary>University of Washington IMAP toolkit POP3 and IMAP mail server.</summary>
+<interface name="uwimap_domtrans" lineno="13">
+<summary>
+Execute imapd in the imapd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+</module>
+<module name="varnishd" filename="policy/modules/services/varnishd.if">
+<summary>Varnishd http accelerator daemon.</summary>
+<interface name="varnishd_domtrans" lineno="13">
+<summary>
+Execute varnishd in the varnishd domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="varnishd_exec" lineno="32">
+<summary>
+Execute varnishd in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="varnishd_read_config" lineno="51">
+<summary>
+Read varnishd configuration files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="varnishd_read_lib_files" lineno="70">
+<summary>
+Read varnish lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="varnishd_read_log" lineno="89">
+<summary>
+Read varnish log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="varnishd_append_log" lineno="108">
+<summary>
+Append varnish log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="varnishd_manage_log" lineno="128">
+<summary>
+Create, read, write, and delete
+varnish log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="varnishd_admin_varnishlog" lineno="154">
+<summary>
+All of the rules required to
+administrate an varnishlog environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="varnishd_admin" lineno="189">
+<summary>
+All of the rules required to
+administrate an varnishd environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="varnishd_connect_any" dftval="false">
+<desc>
+<p>
+Determine whether varnishd can
+use the full TCP network.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="vdagent" filename="policy/modules/services/vdagent.if">
+<summary>Spice agent for Linux.</summary>
+<interface name="vdagent_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run vdagent.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="vdagent_getattr_exec_files" lineno="32">
+<summary>
+Get attributes of vdagent executable files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="vdagent_getattr_log" lineno="50">
+<summary>
+Get attributes of vdagent log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="vdagent_read_pid_files" lineno="69">
+<summary>
+Read vdagent pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="vdagent_stream_connect" lineno="89">
+<summary>
+Connect to vdagent with a unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="vdagent_admin" lineno="115">
+<summary>
+All of the rules required to
+administrate an vdagent environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="vhostmd" filename="policy/modules/services/vhostmd.if">
+<summary>Virtual host metrics daemon.</summary>
+<interface name="vhostmd_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run vhostmd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="vhostmd_initrc_domtrans" lineno="33">
+<summary>
+Execute vhostmd init scripts in
+the initrc domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="vhostmd_read_tmpfs_files" lineno="51">
+<summary>
+Read vhostmd tmpfs files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="vhostmd_dontaudit_read_tmpfs_files" lineno="71">
+<summary>
+Do not audit attempts to read
+vhostmd tmpfs files
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="vhostmd_rw_tmpfs_files" lineno="89">
+<summary>
+Read and write vhostmd tmpfs files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="vhostmd_manage_tmpfs_files" lineno="109">
+<summary>
+Create, read, write, and delete
+vhostmd tmpfs files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="vhostmd_read_pid_files" lineno="128">
+<summary>
+Read vhostmd pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="vhostmd_manage_pid_files" lineno="148">
+<summary>
+Create, read, write, and delete
+vhostmd pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="vhostmd_stream_connect" lineno="168">
+<summary>
+Connect to vhostmd with a unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="vhostmd_dontaudit_rw_stream_connect" lineno="188">
+<summary>
+Do not audit attempts to read and
+write vhostmd unix domain stream sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="vhostmd_admin" lineno="213">
+<summary>
+All of the rules required to
+administrate an vhostmd environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="virt" filename="policy/modules/services/virt.if">
+<summary>Libvirt virtualization API.</summary>
+<template name="virt_domain_template" lineno="13">
+<summary>
+The template to define a virt domain.
+</summary>
+<param name="domain_prefix">
+<summary>
+Domain prefix to be used.
+</summary>
+</param>
+</template>
+<template name="virt_lxc_domain_template" lineno="102">
+<summary>
+The template to define a virt lxc domain.
+</summary>
+<param name="domain_prefix">
+<summary>
+Domain prefix to be used.
+</summary>
+</param>
+</template>
+<interface name="virt_image" lineno="126">
+<summary>
+Make the specified type virt image type.
+</summary>
+<param name="type">
+<summary>
+Type to be used as a virtual image.
+</summary>
+</param>
+</interface>
+<interface name="virt_domtrans" lineno="146">
+<summary>
+Execute a domain transition to run virtd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="virt_domtrans_qmf" lineno="165">
+<summary>
+Execute a domain transition to run virt qmf.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="virt_domtrans_bridgehelper" lineno="185">
+<summary>
+Execute a domain transition to
+run virt bridgehelper.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="virt_domtrans_leaseshelper" lineno="205">
+<summary>
+Execute a domain transition to
+run virt leaseshelper.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="virt_run_bridgehelper" lineno="231">
+<summary>
+Execute bridgehelper in the bridgehelper
+domain, and allow the specified role
+the bridgehelper domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_run_virt_domain" lineno="257">
+<summary>
+Execute virt domain in the their
+domain, and allow the specified
+role that virt domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_signal_all_virt_domains" lineno="281">
+<summary>
+Send generic signals to all virt domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_kill_all_virt_domains" lineno="299">
+<summary>
+Send kill signals to all virt domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_run_svirt_lxc_domain" lineno="324">
+<summary>
+Execute svirt lxc domains in their
+domain, and allow the specified
+role that svirt lxc domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_getattr_virtd_exec_files" lineno="348">
+<summary>
+Get attributes of virtd executable files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_stream_connect" lineno="367">
+<summary>
+Connect to virt with a unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_attach_tun_iface" lineno="386">
+<summary>
+Attach to virt tun devices.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_read_config" lineno="405">
+<summary>
+Read virt configuration content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_manage_config" lineno="428">
+<summary>
+Create, read, write, and delete
+virt configuration content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_read_content" lineno="450">
+<summary>
+Read virt content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_manage_virt_content" lineno="486">
+<summary>
+Create, read, write, and delete
+virt content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_relabel_virt_content" lineno="522">
+<summary>
+Relabel virt content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_home_filetrans_virt_content" lineno="557">
+<summary>
+Create specified objects in user home
+directories with the virt content type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+Class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="virt_manage_svirt_home_content" lineno="576">
+<summary>
+Create, read, write, and delete
+svirt home content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_relabel_svirt_home_content" lineno="611">
+<summary>
+Relabel svirt home content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_home_filetrans_svirt_home" lineno="645">
+<summary>
+Create specified objects in user home
+directories with the svirt home type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+Class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="virt_home_filetrans" lineno="680">
+<summary>
+Create specified objects in generic
+virt home directories with private
+home type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="private_type">
+<summary>
+Private file type.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+Class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="virt_manage_home_files" lineno="700">
+<summary>
+Create, read, write, and delete
+virt home files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_manage_generic_virt_home_content" lineno="720">
+<summary>
+Create, read, write, and delete
+virt home content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_relabel_generic_virt_home_content" lineno="755">
+<summary>
+Relabel virt home content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_home_filetrans_virt_home" lineno="790">
+<summary>
+Create specified objects in user home
+directories with the generic virt
+home type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+Class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="virt_read_pid_files" lineno="808">
+<summary>
+Read virt pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_manage_pid_files" lineno="828">
+<summary>
+Create, read, write, and delete
+virt pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_search_lib" lineno="847">
+<summary>
+Search virt lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_read_lib_files" lineno="866">
+<summary>
+Read virt lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_manage_lib_files" lineno="887">
+<summary>
+Create, read, write, and delete
+virt lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_pid_filetrans" lineno="923">
+<summary>
+Create objects in virt pid
+directories with a private type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="private type">
+<summary>
+The type of the object to be created.
+</summary>
+</param>
+<param name="object">
+<summary>
+The object class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+<infoflow type="write" weight="10"/>
+</interface>
+<interface name="virt_read_log" lineno="943">
+<summary>
+Read virt log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="virt_append_log" lineno="962">
+<summary>
+Append virt log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_manage_log" lineno="982">
+<summary>
+Create, read, write, and delete
+virt log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_search_images" lineno="1003">
+<summary>
+Search virt image directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_read_images" lineno="1022">
+<summary>
+Read virt image files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_rw_all_image_chr_files" lineno="1059">
+<summary>
+Read and write all virt image
+character files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_manage_virt_cache" lineno="1080">
+<summary>
+Create, read, write, and delete
+virt cache content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_manage_images" lineno="1102">
+<summary>
+Create, read, write, and delete
+virt image files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="virt_admin" lineno="1145">
+<summary>
+All of the rules required to
+administrate an virt environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="virt_use_comm" dftval="false">
+<desc>
+<p>
+Determine whether confined virtual guests
+can use serial/parallel communication ports.
+</p>
+</desc>
+</tunable>
+<tunable name="virt_use_execmem" dftval="false">
+<desc>
+<p>
+Determine whether confined virtual guests
+can use executable memory and can make
+their stack executable.
+</p>
+</desc>
+</tunable>
+<tunable name="virt_use_fusefs" dftval="false">
+<desc>
+<p>
+Determine whether confined virtual guests
+can use fuse file systems.
+</p>
+</desc>
+</tunable>
+<tunable name="virt_use_nfs" dftval="false">
+<desc>
+<p>
+Determine whether confined virtual guests
+can use nfs file systems.
+</p>
+</desc>
+</tunable>
+<tunable name="virt_use_samba" dftval="false">
+<desc>
+<p>
+Determine whether confined virtual guests
+can use cifs file systems.
+</p>
+</desc>
+</tunable>
+<tunable name="virt_use_sysfs" dftval="false">
+<desc>
+<p>
+Determine whether confined virtual guests
+can manage device configuration.
+</p>
+</desc>
+</tunable>
+<tunable name="virt_use_usb" dftval="false">
+<desc>
+<p>
+Determine whether confined virtual guests
+can use usb devices.
+</p>
+</desc>
+</tunable>
+<tunable name="virt_use_xserver" dftval="false">
+<desc>
+<p>
+Determine whether confined virtual guests
+can interact with xserver.
+</p>
+</desc>
+</tunable>
+<tunable name="virt_use_vfio" dftval="false">
+<desc>
+<p>
+Determine whether confined virtual guests
+can use vfio for pci device pass through (vt-d).
+</p>
+</desc>
+</tunable>
+</module>
+<module name="vnstatd" filename="policy/modules/services/vnstatd.if">
+<summary>Console network traffic monitor.</summary>
+<interface name="vnstatd_domtrans_vnstat" lineno="13">
+<summary>
+Execute a domain transition to run vnstat.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="vnstatd_run_vnstat" lineno="39">
+<summary>
+Execute vnstat in the vnstat domain,
+and allow the specified role
+the vnstat domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+<interface name="vnstatd_domtrans" lineno="58">
+<summary>
+Execute a domain transition to run vnstatd.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="vnstatd_search_lib" lineno="79">
+<summary>
+Search vnstatd lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="vnstatd_manage_lib_dirs" lineno="101">
+<summary>
+Create, read, write, and delete
+vnstatd lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="vnstatd_read_lib_files" lineno="122">
+<summary>
+Read vnstatd lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="vnstatd_manage_lib_files" lineno="144">
+<summary>
+Create, read, write, and delete
+vnstatd lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="vnstatd_admin" lineno="172">
+<summary>
+All of the rules required to
+administrate an vnstatd environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="w3c" filename="policy/modules/services/w3c.if">
+<summary>W3C Markup Validator.</summary>
+<tunable name="allow_httpd_w3c_validator_script_anon_write" dftval="false">
+<desc>
+<p>
+Determine whether the script domain can
+modify public files used for public file
+transfer services. Directories/Files must
+be labeled public_content_rw_t.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="watchdog" filename="policy/modules/services/watchdog.if">
+<summary>Software watchdog.</summary>
+<interface name="watchdog_admin" lineno="20">
+<summary>
+All of the rules required to
+administrate an watchdog environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="wdmd" filename="policy/modules/services/wdmd.if">
+<summary>Watchdog multiplexing daemon.</summary>
+<interface name="wdmd_stream_connect" lineno="14">
+<summary>
+Connect to wdmd with a unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="wdmd_admin" lineno="40">
+<summary>
+All of the rules required to
+administrate an wdmd environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="xfs" filename="policy/modules/services/xfs.if">
+<summary>X Windows Font Server.</summary>
+<interface name="xfs_read_sockets" lineno="13">
+<summary>
+Read xfs temporary sock files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xfs_stream_connect" lineno="33">
+<summary>
+Connect to xfs with a unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xfs_exec" lineno="52">
+<summary>
+Execute xfs in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xfs_create_tmp_dirs" lineno="71">
+<summary>
+Create xfs temporary dirs
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xfs_admin" lineno="97">
+<summary>
+All of the rules required to
+administrate an xfs environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="xprint" filename="policy/modules/services/xprint.if">
+<summary>A X11-based print system and API.</summary>
 </module>
 <module name="xserver" filename="policy/modules/services/xserver.if">
 <summary>X Windows Server</summary>
@@ -83907,7 +110592,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="xserver_role" lineno="133">
+<interface name="xserver_role" lineno="138">
 <summary>
 Rules required for using the X Windows server
 and environment.
@@ -83923,7 +110608,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="xserver_ro_session" lineno="185">
+<interface name="xserver_ro_session" lineno="232">
 <summary>
 Create sessions on the X server, with read-only
 access to the X server shared
@@ -83940,7 +110625,7 @@ The type of the domain SYSV tmpfs files.
 </summary>
 </param>
 </interface>
-<interface name="xserver_rw_session" lineno="225">
+<interface name="xserver_rw_session" lineno="274">
 <summary>
 Create sessions on the X server, with read and write
 access to the X server shared
@@ -83957,7 +110642,7 @@ The type of the domain SYSV tmpfs files.
 </summary>
 </param>
 </interface>
-<interface name="xserver_non_drawing_client" lineno="245">
+<interface name="xserver_non_drawing_client" lineno="294">
 <summary>
 Create non-drawing client sessions on an X server.
 </summary>
@@ -83967,23 +110652,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="xserver_user_client" lineno="282">
-<summary>
-Create full client sessions
-on a user X server.
-</summary>
-<param name="domain">
-<summary>
-Domain allowed access.
-</summary>
-</param>
-<param name="tmpfs_type">
-<summary>
-The type of the domain SYSV tmpfs files.
-</summary>
-</param>
-</interface>
-<template name="xserver_common_x_domain_template" lineno="343">
+<template name="xserver_common_x_domain_template" lineno="333">
 <summary>
 Interface to provide X object permissions on a given X server to
 an X client domain.  Provides the minimal set required by a basic
@@ -84001,7 +110670,7 @@ Client domain allowed access.
 </summary>
 </param>
 </template>
-<template name="xserver_object_types_template" lineno="403">
+<template name="xserver_object_types_template" lineno="393">
 <summary>
 Template for creating the set of types used
 in an X windows domain.
@@ -84013,7 +110682,7 @@ is the prefix for user_t).
 </summary>
 </param>
 </template>
-<template name="xserver_user_x_domain_template" lineno="445">
+<template name="xserver_user_x_domain_template" lineno="435">
 <summary>
 Interface to provide X object permissions on a given X server to
 an X client domain.  Provides the minimal set required by a basic
@@ -84036,7 +110705,7 @@ The type of the domain SYSV tmpfs files.
 </summary>
 </param>
 </template>
-<interface name="xserver_use_user_fonts" lineno="512">
+<interface name="xserver_use_user_fonts" lineno="502">
 <summary>
 Read user fonts, user font configuration,
 and manage the user font cache.
@@ -84057,7 +110726,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="xserver_domtrans_xauth" lineno="542">
+<interface name="xserver_domtrans_xauth" lineno="534">
 <summary>
 Transition to the Xauthority domain.
 </summary>
@@ -84067,7 +110736,7 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="xserver_user_home_dir_filetrans_user_xauth" lineno="560">
+<interface name="xserver_user_home_dir_filetrans_user_xauth" lineno="557">
 <summary>
 Create a Xauthority file in the user home directory.
 </summary>
@@ -84076,11 +110745,32 @@ Create a Xauthority file in the user home directory.
 Domain allowed access.
 </summary>
 </param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="xserver_user_home_dir_filetrans_user_iceauth" lineno="581">
+<summary>
+Create a ICEauthority file in
+the user home directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
 </interface>
-<interface name="xserver_use_all_users_fonts" lineno="579">
+<interface name="xserver_user_home_dir_filetrans_user_xsession_log" lineno="600">
 <summary>
-Read all users fonts, user font configurations,
-and manage all users font caches.
+Create a .xsession-errors log
+file in the user home directory.
 </summary>
 <param name="domain">
 <summary>
@@ -84088,7 +110778,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="xserver_read_user_xauth" lineno="594">
+<interface name="xserver_read_user_xauth" lineno="618">
 <summary>
 Read all users .Xauthority.
 </summary>
@@ -84098,7 +110788,27 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="xserver_setattr_console_pipes" lineno="613">
+<interface name="xserver_read_user_dmrc" lineno="637">
+<summary>
+Read all users .dmrc.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_read_user_iceauth" lineno="656">
+<summary>
+Read all users .ICEauthority.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_setattr_console_pipes" lineno="675">
 <summary>
 Set the attributes of the X windows console named pipes.
 </summary>
@@ -84108,7 +110818,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="xserver_rw_console" lineno="631">
+<interface name="xserver_rw_console" lineno="693">
 <summary>
 Read and write the X windows console named pipe.
 </summary>
@@ -84118,7 +110828,27 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="xserver_use_xdm_fds" lineno="649">
+<interface name="xserver_create_console_pipes" lineno="711">
+<summary>
+Create the X windows console named pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_relabel_console_pipes" lineno="729">
+<summary>
+relabel the X windows console named pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_use_xdm_fds" lineno="747">
 <summary>
 Use file descriptors for xdm.
 </summary>
@@ -84128,7 +110858,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="xserver_dontaudit_use_xdm_fds" lineno="668">
+<interface name="xserver_dontaudit_use_xdm_fds" lineno="766">
 <summary>
 Do not audit attempts to inherit
 XDM file descriptors.
@@ -84139,7 +110869,17 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="xserver_rw_xdm_pipes" lineno="686">
+<interface name="xserver_sigchld_xdm" lineno="784">
+<summary>
+Allow domain to send sigchld to xdm_t
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_rw_xdm_pipes" lineno="802">
 <summary>
 Read and write XDM unnamed pipes.
 </summary>
@@ -84149,7 +110889,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="xserver_dontaudit_rw_xdm_pipes" lineno="705">
+<interface name="xserver_dontaudit_rw_xdm_pipes" lineno="821">
 <summary>
 Do not audit attempts to read and write
 XDM unnamed pipes.
@@ -84160,7 +110900,50 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="xserver_stream_connect_xdm" lineno="725">
+<interface name="xserver_dbus_chat_xdm" lineno="841">
+<summary>
+Send and receive messages from
+xdm over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_read_xdm_state" lineno="861">
+<summary>
+Read xdm process state files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_setsched_xdm" lineno="883">
+<summary>
+Set the priority of the X Display
+Manager (XDM).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_manage_xdm_spool_files" lineno="902">
+<summary>
+Create, read, write, and delete
+xdm_spool files.
+</summary>
+<param name="domain" unused="true">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_stream_connect_xdm" lineno="917">
 <summary>
 Connect to XDM over a unix domain
 stream socket.
@@ -84171,7 +110954,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="xserver_read_xdm_rw_config" lineno="744">
+<interface name="xserver_read_xdm_rw_config" lineno="936">
 <summary>
 Read xdm-writable configuration files.
 </summary>
@@ -84181,7 +110964,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="xserver_setattr_xdm_tmp_dirs" lineno="763">
+<interface name="xserver_setattr_xdm_tmp_dirs" lineno="955">
 <summary>
 Set the attributes of XDM temporary directories.
 </summary>
@@ -84191,7 +110974,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="xserver_create_xdm_tmp_sockets" lineno="782">
+<interface name="xserver_create_xdm_tmp_sockets" lineno="974">
 <summary>
 Create a named socket in a XDM
 temporary directory.
@@ -84202,7 +110985,18 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="xserver_read_xdm_pid" lineno="802">
+<interface name="xserver_delete_xdm_tmp_sockets" lineno="995">
+<summary>
+Delete a named socket in a XDM
+temporary directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_read_xdm_pid" lineno="1014">
 <summary>
 Read XDM pid files.
 </summary>
@@ -84212,7 +111006,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="xserver_read_xdm_lib_files" lineno="821">
+<interface name="xserver_read_xdm_lib_files" lineno="1033">
 <summary>
 Read XDM var lib files.
 </summary>
@@ -84222,7 +111016,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="xserver_xsession_entry_type" lineno="839">
+<interface name="xserver_xsession_entry_type" lineno="1051">
 <summary>
 Make an X session script an entrypoint for the specified domain.
 </summary>
@@ -84232,7 +111026,7 @@ The domain for which the shell is an entrypoint.
 </summary>
 </param>
 </interface>
-<interface name="xserver_xsession_spec_domtrans" lineno="876">
+<interface name="xserver_xsession_spec_domtrans" lineno="1088">
 <summary>
 Execute an X session in the target domain.  This
 is an explicit transition, requiring the
@@ -84261,7 +111055,51 @@ The type of the shell process.
 </summary>
 </param>
 </interface>
-<interface name="xserver_getattr_log" lineno="894">
+<interface name="xserver_write_inherited_xsession_log" lineno="1107">
+<summary>
+Write to inherited  xsession log
+files such as .xsession-errors.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_rw_xsession_log" lineno="1127">
+<summary>
+Read and write xsession log
+files such as .xsession-errors.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_manage_xsession_log" lineno="1146">
+<summary>
+Manage xsession log files such
+as .xsession-errors.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_write_inherited_log" lineno="1165">
+<summary>
+Write to inherited X server log
+files like /var/log/lightdm/lightdm.log
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_getattr_log" lineno="1183">
 <summary>
 Get the attributes of X server logs.
 </summary>
@@ -84271,7 +111109,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="xserver_dontaudit_write_log" lineno="914">
+<interface name="xserver_dontaudit_write_log" lineno="1203">
 <summary>
 Do not audit attempts to write the X server
 log files.
@@ -84282,7 +111120,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="xserver_delete_log" lineno="932">
+<interface name="xserver_delete_log" lineno="1221">
 <summary>
 Delete X server log files.
 </summary>
@@ -84292,7 +111130,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="xserver_read_xkb_libs" lineno="953">
+<interface name="xserver_read_xkb_libs" lineno="1242">
 <summary>
 Read X keyboard extension libraries.
 </summary>
@@ -84302,7 +111140,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="xserver_read_xdm_tmp_files" lineno="974">
+<interface name="xserver_create_xdm_tmp_dirs" lineno="1263">
+<summary>
+Create xdm temporary directories.
+</summary>
+<param name="domain">
+<summary>
+Domain to allow access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_read_xdm_tmp_files" lineno="1281">
 <summary>
 Read xdm temporary files.
 </summary>
@@ -84312,7 +111160,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="xserver_dontaudit_read_xdm_tmp_files" lineno="993">
+<interface name="xserver_dontaudit_read_xdm_tmp_files" lineno="1300">
 <summary>
 Do not audit attempts to read xdm temporary files.
 </summary>
@@ -84322,7 +111170,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="xserver_rw_xdm_tmp_files" lineno="1012">
+<interface name="xserver_rw_xdm_tmp_files" lineno="1319">
 <summary>
 Read write xdm temporary files.
 </summary>
@@ -84332,7 +111180,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="xserver_manage_xdm_tmp_files" lineno="1031">
+<interface name="xserver_manage_xdm_tmp_files" lineno="1338">
 <summary>
 Create, read, write, and delete xdm temporary files.
 </summary>
@@ -84342,7 +111190,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="xserver_dontaudit_getattr_xdm_tmp_sockets" lineno="1050">
+<interface name="xserver_dontaudit_getattr_xdm_tmp_sockets" lineno="1357">
 <summary>
 Do not audit attempts to get the attributes of
 xdm temporary named sockets.
@@ -84353,7 +111201,17 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="xserver_domtrans" lineno="1068">
+<interface name="xserver_list_xdm_tmp" lineno="1375">
+<summary>
+list xdm_tmp_t directories
+</summary>
+<param name="domain">
+<summary>
+Domain to allow
+</summary>
+</param>
+</interface>
+<interface name="xserver_domtrans" lineno="1393">
 <summary>
 Execute the X server in the X server domain.
 </summary>
@@ -84363,7 +111221,7 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="xserver_signal" lineno="1087">
+<interface name="xserver_signal" lineno="1412">
 <summary>
 Signal X servers
 </summary>
@@ -84373,7 +111231,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="xserver_kill" lineno="1105">
+<interface name="xserver_kill" lineno="1430">
 <summary>
 Kill X servers
 </summary>
@@ -84383,7 +111241,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="xserver_rw_shm" lineno="1124">
+<interface name="xserver_read_state" lineno="1448">
+<summary>
+Allow reading xserver_t files to get cgroup and sessionid
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_rw_shm" lineno="1468">
 <summary>
 Read and write X server Sys V Shared
 memory segments.
@@ -84394,7 +111262,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="xserver_dontaudit_rw_tcp_sockets" lineno="1143">
+<interface name="xserver_dontaudit_rw_tcp_sockets" lineno="1487">
 <summary>
 Do not audit attempts to read and write to
 X server sockets.
@@ -84405,7 +111273,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="xserver_dontaudit_rw_stream_sockets" lineno="1162">
+<interface name="xserver_dontaudit_rw_stream_sockets" lineno="1506">
 <summary>
 Do not audit attempts to read and write X server
 unix domain stream sockets.
@@ -84416,7 +111284,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="xserver_stream_connect" lineno="1181">
+<interface name="xserver_stream_connect" lineno="1525">
 <summary>
 Connect to the X server over a unix domain
 stream socket.
@@ -84427,7 +111295,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="xserver_read_tmp_files" lineno="1200">
+<interface name="xserver_read_tmp_files" lineno="1544">
 <summary>
 Read X server temporary files.
 </summary>
@@ -84437,7 +111305,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="xserver_manage_core_devices" lineno="1221">
+<interface name="xserver_dbus_chat" lineno="1563">
+<summary>
+talk to xserver_t by dbus
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_manage_core_devices" lineno="1584">
 <summary>
 Interface to provide X object permissions on a given X server to
 an X client domain.  Gives the domain permission to read the
@@ -84449,7 +111327,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="xserver_unconfined" lineno="1244">
+<interface name="xserver_unconfined" lineno="1607">
 <summary>
 Interface to provide X object permissions on a given X server to
 an X client domain.  Gives the domain complete control over the
@@ -84461,6 +111339,36 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
+<interface name="xserver_rw_xdm_keys" lineno="1627">
+<summary>
+Manage keys for xdm.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_link_xdm_keys" lineno="1645">
+<summary>
+Manage keys for xdm.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xserver_rw_mesa_shader_cache" lineno="1663">
+<summary>
+Read and write the mesa shader cache.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
 <tunable name="allow_write_xshm" dftval="false">
 <desc>
 <p>
@@ -84476,6 +111384,14 @@ Allow xdm logins as sysadm
 </p>
 </desc>
 </tunable>
+<tunable name="xserver_gnome_xdm" dftval="false">
+<desc>
+<p>
+Use gnome-shell in gdm mode as the
+X Display Manager (XDM)
+</p>
+</desc>
+</tunable>
 <tunable name="xserver_object_manager" dftval="false">
 <desc>
 <p>
@@ -84484,6 +111400,246 @@ Support X userspace object manager
 </desc>
 </tunable>
 </module>
+<module name="zabbix" filename="policy/modules/services/zabbix.if">
+<summary>Distributed infrastructure monitoring.</summary>
+<interface name="zabbix_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run zabbix.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="zabbix_tcp_connect" lineno="32">
+<summary>
+Connect to zabbit on the TCP network.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="zabbix_read_log" lineno="54">
+<summary>
+Read zabbix log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="zabbix_append_log" lineno="73">
+<summary>
+Append zabbix log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="zabbix_read_pid_files" lineno="92">
+<summary>
+Read zabbix pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="zabbix_agent_tcp_connect" lineno="111">
+<summary>
+Connect to zabbix agent on the TCP network.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="zabbix_admin" lineno="139">
+<summary>
+All of the rules required to
+administrate an zabbix environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="zabbix_can_network" dftval="false">
+<desc>
+<p>
+Determine whether zabbix can
+connect to all TCP ports
+</p>
+</desc>
+</tunable>
+</module>
+<module name="zarafa" filename="policy/modules/services/zarafa.if">
+<summary>Zarafa collaboration platform.</summary>
+<template name="zarafa_domain_template" lineno="13">
+<summary>
+The template to define a zarafa domain.
+</summary>
+<param name="domain_prefix">
+<summary>
+Domain prefix to be used.
+</summary>
+</param>
+</template>
+<interface name="zarafa_search_config" lineno="60">
+<summary>
+search zarafa configuration directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="zarafa_domtrans_deliver" lineno="79">
+<summary>
+Execute a domain transition to run zarafa deliver.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="zarafa_domtrans_server" lineno="98">
+<summary>
+Execute a domain transition to run zarafa server.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="zarafa_stream_connect_server" lineno="118">
+<summary>
+Connect to zarafa server with a unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="zarafa_admin" lineno="144">
+<summary>
+All of the rules required to
+administrate an zarafa environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="zebra" filename="policy/modules/services/zebra.if">
+<summary>Zebra border gateway protocol network routing service.</summary>
+<interface name="zebra_read_config" lineno="14">
+<summary>
+Read zebra configuration content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="zebra_stream_connect" lineno="36">
+<summary>
+Connect to zebra with a unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="zebra_admin" lineno="62">
+<summary>
+All of the rules required to
+administrate an zebra environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<tunable name="allow_zebra_write_config" dftval="false">
+<desc>
+<p>
+Determine whether zebra daemon can
+manage its configuration files.
+</p>
+</desc>
+</tunable>
+</module>
+<module name="zosremote" filename="policy/modules/services/zosremote.if">
+<summary>z/OS Remote-services Audit dispatcher plugin.</summary>
+<interface name="zosremote_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run audispd-zos-remote.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="zosremote_run" lineno="39">
+<summary>
+Execute zos remote in the zos remote
+domain, and allow the specified role
+the zos remote domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
+</module>
 </layer>
 <layer name="system">
 <summary>
@@ -84641,49 +111797,37 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="auth_login_pgm_domain" lineno="95">
+<interface name="auth_use_pam_systemd" lineno="103">
 <summary>
-Make the specified domain used for a login program.
+Use the pam module systemd during authentication.
 </summary>
 <param name="domain">
 <summary>
-Domain type used for a login program domain.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="auth_login_entry_type" lineno="173">
+<interface name="auth_login_pgm_domain" lineno="118">
 <summary>
-Use the login program as an entry point program.
+Make the specified domain used for a login program.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain type used for a login program domain.
 </summary>
 </param>
 </interface>
-<interface name="auth_file" lineno="203">
+<interface name="auth_login_entry_type" lineno="205">
 <summary>
-Make the specified type usable as a
-login file.
+Use the login program as an entry point program.
 </summary>
-<desc>
-<p>
-Make the specified type usable as a login file,
-This type has restricted modification capabilities when used with
-other interfaces that permit files_type access.
-The default type has properties similar to that of the shadow file.
-This will also make the type usable as a security file, making
-calls to files_security_file() redundant.
-</p>
-</desc>
-<param name="type">
+<param name="domain">
 <summary>
-Type to be used as a login file.
+Domain allowed access.
 </summary>
 </param>
-<infoflow type="none"/>
 </interface>
-<interface name="auth_domtrans_login_program" lineno="223">
+<interface name="auth_domtrans_login_program" lineno="228">
 <summary>
 Execute a login_program in the target domain.
 </summary>
@@ -84698,7 +111842,7 @@ The type of the login_program process.
 </summary>
 </param>
 </interface>
-<interface name="auth_ranged_domtrans_login_program" lineno="253">
+<interface name="auth_ranged_domtrans_login_program" lineno="258">
 <summary>
 Execute a login_program in the target domain,
 with a range transition.
@@ -84719,7 +111863,7 @@ Range of the login program.
 </summary>
 </param>
 </interface>
-<interface name="auth_search_cache" lineno="279">
+<interface name="auth_search_cache" lineno="284">
 <summary>
 Search authentication cache
 </summary>
@@ -84729,7 +111873,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="auth_read_cache" lineno="297">
+<interface name="auth_read_cache" lineno="302">
 <summary>
 Read authentication cache
 </summary>
@@ -84739,7 +111883,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="auth_rw_cache" lineno="315">
+<interface name="auth_rw_cache" lineno="320">
 <summary>
 Read/Write authentication cache
 </summary>
@@ -84749,7 +111893,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="auth_manage_cache" lineno="333">
+<interface name="auth_manage_cache" lineno="338">
 <summary>
 Manage authentication cache
 </summary>
@@ -84759,7 +111903,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="auth_var_filetrans_cache" lineno="352">
+<interface name="auth_var_filetrans_cache" lineno="357">
 <summary>
 Automatic transition from cache_t to cache.
 </summary>
@@ -84769,7 +111913,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="auth_domtrans_chk_passwd" lineno="370">
+<interface name="auth_domtrans_chk_passwd" lineno="375">
 <summary>
 Run unix_chkpwd to check a password.
 </summary>
@@ -84779,7 +111923,7 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="auth_domtrans_chkpwd" lineno="418">
+<interface name="auth_domtrans_chkpwd" lineno="423">
 <summary>
 Run unix_chkpwd to check a password.
 Stripped down version to be called within boolean
@@ -84790,7 +111934,7 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="auth_run_chk_passwd" lineno="444">
+<interface name="auth_run_chk_passwd" lineno="449">
 <summary>
 Execute chkpwd programs in the chkpwd domain.
 </summary>
@@ -84805,7 +111949,7 @@ The role to allow the chkpwd domain.
 </summary>
 </param>
 </interface>
-<interface name="auth_domtrans_upd_passwd" lineno="463">
+<interface name="auth_domtrans_upd_passwd" lineno="468">
 <summary>
 Execute a domain transition to run unix_update.
 </summary>
@@ -84815,7 +111959,7 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="auth_run_upd_passwd" lineno="488">
+<interface name="auth_run_upd_passwd" lineno="493">
 <summary>
 Execute updpwd programs in the updpwd domain.
 </summary>
@@ -84830,7 +111974,7 @@ The role to allow the updpwd domain.
 </summary>
 </param>
 </interface>
-<interface name="auth_getattr_shadow" lineno="507">
+<interface name="auth_getattr_shadow" lineno="512">
 <summary>
 Get the attributes of the shadow passwords file.
 </summary>
@@ -84840,7 +111984,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="auth_dontaudit_getattr_shadow" lineno="527">
+<interface name="auth_dontaudit_getattr_shadow" lineno="532">
 <summary>
 Do not audit attempts to get the attributes
 of the shadow passwords file.
@@ -84851,7 +111995,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="auth_read_shadow" lineno="549">
+<interface name="auth_read_shadow" lineno="554">
 <summary>
 Read the shadow passwords file (/etc/shadow)
 </summary>
@@ -84861,7 +112005,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="auth_can_read_shadow_passwords" lineno="573">
+<interface name="auth_can_read_shadow_passwords" lineno="578">
 <summary>
 Pass shadow assertion for reading.
 </summary>
@@ -84880,7 +112024,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="auth_tunable_read_shadow" lineno="599">
+<interface name="auth_tunable_read_shadow" lineno="604">
 <summary>
 Read the shadow password file.
 </summary>
@@ -84898,7 +112042,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="auth_dontaudit_read_shadow" lineno="619">
+<interface name="auth_dontaudit_read_shadow" lineno="624">
 <summary>
 Do not audit attempts to read the shadow
 password file (/etc/shadow).
@@ -84909,7 +112053,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="auth_rw_shadow" lineno="637">
+<interface name="auth_rw_shadow" lineno="642">
 <summary>
 Read and write the shadow password file (/etc/shadow).
 </summary>
@@ -84919,7 +112063,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="auth_manage_shadow" lineno="659">
+<interface name="auth_manage_shadow" lineno="664">
 <summary>
 Create, read, write, and delete the shadow
 password file.
@@ -84930,7 +112074,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="auth_etc_filetrans_shadow" lineno="679">
+<interface name="auth_etc_filetrans_shadow" lineno="684">
 <summary>
 Automatic transition from etc to shadow.
 </summary>
@@ -84940,7 +112084,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="auth_relabelto_shadow" lineno="698">
+<interface name="auth_relabelto_shadow" lineno="703">
 <summary>
 Relabel to the shadow
 password file type.
@@ -84951,7 +112095,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="auth_relabel_shadow" lineno="720">
+<interface name="auth_relabel_shadow" lineno="725">
 <summary>
 Relabel from and to the shadow
 password file type.
@@ -84962,7 +112106,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="auth_append_faillog" lineno="741">
+<interface name="auth_append_faillog" lineno="746">
 <summary>
 Append to the login failure log.
 </summary>
@@ -84972,9 +112116,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="auth_rw_faillog" lineno="760">
+<interface name="auth_create_faillog_files" lineno="765">
 <summary>
-Read and write the login failure log.
+Create fail log lock (in /run/faillock).
 </summary>
 <param name="domain">
 <summary>
@@ -84982,20 +112126,19 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="auth_read_lastlog" lineno="780">
+<interface name="auth_rw_faillog" lineno="783">
 <summary>
-Read the last logins log.
+Read and write the login failure log.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="auth_append_lastlog" lineno="799">
+<interface name="auth_manage_faillog" lineno="802">
 <summary>
-Append only to the last logins log.
+Manage the login failure logs.
 </summary>
 <param name="domain">
 <summary>
@@ -85003,9 +112146,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="auth_rw_lastlog" lineno="818">
+<interface name="auth_setattr_faillog_files" lineno="821">
 <summary>
-Read and write to the last logins log.
+Setattr the login failure logs.
 </summary>
 <param name="domain">
 <summary>
@@ -85013,44 +112156,30 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="auth_domtrans_pam" lineno="837">
-<summary>
-Execute pam programs in the pam domain.
-</summary>
-<param name="domain">
-<summary>
-Domain allowed to transition.
-</summary>
-</param>
-</interface>
-<interface name="auth_signal_pam" lineno="855">
+<interface name="auth_read_lastlog" lineno="840">
 <summary>
-Send generic signals to pam processes.
+Read the last logins log.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<rolecap/>
 </interface>
-<interface name="auth_run_pam" lineno="878">
+<interface name="auth_append_lastlog" lineno="859">
 <summary>
-Execute pam programs in the PAM domain.
+Append only to the last logins log.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
-</summary>
-</param>
-<param name="role">
-<summary>
-The role to allow the PAM domain.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="auth_exec_pam" lineno="897">
+<interface name="auth_relabel_lastlog" lineno="878">
 <summary>
-Execute the pam program.
+relabel the last logins log.
 </summary>
 <param name="domain">
 <summary>
@@ -85058,10 +112187,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="auth_read_var_auth" lineno="916">
+<interface name="auth_rw_lastlog" lineno="897">
 <summary>
-Read var auth files. Used by various other applications
-and pam applets etc.
+Read and write to the last logins log.
 </summary>
 <param name="domain">
 <summary>
@@ -85069,10 +112197,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="auth_rw_var_auth" lineno="936">
+<interface name="auth_manage_lastlog" lineno="916">
 <summary>
-Read and write var auth files. Used by various other applications
-and pam applets etc.
+Manage the last logins log.
 </summary>
 <param name="domain">
 <summary>
@@ -85080,20 +112207,19 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="auth_manage_var_auth" lineno="956">
+<interface name="auth_domtrans_pam" lineno="935">
 <summary>
-Manage var auth files. Used by various other applications
-and pam applets etc.
+Execute pam programs in the pam domain.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="auth_read_pam_pid" lineno="977">
+<interface name="auth_signal_pam" lineno="953">
 <summary>
-Read PAM PID files.
+Send generic signals to pam processes.
 </summary>
 <param name="domain">
 <summary>
@@ -85101,29 +112227,24 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="auth_dontaudit_read_pam_pid" lineno="997">
+<interface name="auth_run_pam" lineno="976">
 <summary>
-Do not audit attemps to read PAM PID files.
+Execute pam programs in the PAM domain.
 </summary>
 <param name="domain">
 <summary>
-Domain to not audit.
+Domain allowed to transition.
 </summary>
 </param>
-</interface>
-<interface name="auth_delete_pam_pid" lineno="1015">
-<summary>
-Delete pam PID files.
-</summary>
-<param name="domain">
+<param name="role">
 <summary>
-Domain allowed access.
+The role to allow the PAM domain.
 </summary>
 </param>
 </interface>
-<interface name="auth_manage_pam_pid" lineno="1035">
+<interface name="auth_exec_pam" lineno="995">
 <summary>
-Manage pam PID files.
+Execute the pam program.
 </summary>
 <param name="domain">
 <summary>
@@ -85131,20 +112252,21 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="auth_domtrans_pam_console" lineno="1055">
+<interface name="auth_read_var_auth" lineno="1014">
 <summary>
-Execute pam_console with a domain transition.
+Read var auth files. Used by various other applications
+and pam applets etc.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed to transition.
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="auth_search_pam_console_data" lineno="1074">
+<interface name="auth_rw_var_auth" lineno="1034">
 <summary>
-Search the contents of the
-pam_console data directory.
+Read and write var auth files. Used by various other applications
+and pam applets etc.
 </summary>
 <param name="domain">
 <summary>
@@ -85152,10 +112274,10 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="auth_list_pam_console_data" lineno="1094">
+<interface name="auth_manage_var_auth" lineno="1054">
 <summary>
-List the contents of the pam_console
-data directory.
+Manage var auth files. Used by various other applications
+and pam applets etc.
 </summary>
 <param name="domain">
 <summary>
@@ -85163,9 +112285,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="auth_relabel_pam_console_data_dirs" lineno="1113">
+<interface name="auth_read_pam_pid" lineno="1075">
 <summary>
-Relabel pam_console data directories.
+Read PAM PID files.
 </summary>
 <param name="domain">
 <summary>
@@ -85173,244 +112295,166 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="auth_read_pam_console_data" lineno="1131">
+<interface name="auth_dontaudit_read_pam_pid" lineno="1095">
 <summary>
-Read pam_console data files.
+Do not audit attemps to read PAM PID files.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="auth_manage_pam_console_data" lineno="1152">
+<interface name="auth_pid_filetrans_pam_var_run" lineno="1126">
 <summary>
-Create, read, write, and delete
-pam_console data files.
+Create specified objects in
+pid directories with the pam var
+run file type using a
+file type transition.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-</interface>
-<interface name="auth_delete_pam_console_data" lineno="1172">
+<param name="object_class">
 <summary>
-Delete pam_console data.
+Class of the object being created.
 </summary>
-<param name="domain">
+</param>
+<param name="name" optional="true">
 <summary>
-Domain allowed access.
+The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="auth_read_all_dirs_except_auth_files" lineno="1199">
+<interface name="auth_delete_pam_pid" lineno="1144">
 <summary>
-Read all directories on the filesystem, except
-login files and listed exceptions.
+Delete pam PID files.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="exception_types" optional="true">
-<summary>
-The types to be excluded.  Each type or attribute
-must be negated by the caller.
-</summary>
-</param>
 </interface>
-<interface name="auth_read_all_dirs_except_shadow" lineno="1221">
+<interface name="auth_manage_pam_pid" lineno="1164">
 <summary>
-Read all directories on the filesystem, except
-the shadow passwords and listed exceptions.
+Manage pam PID files.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="exception_types" optional="true">
-<summary>
-The types to be excluded.  Each type or attribute
-must be negated by the caller.
-</summary>
-</param>
 </interface>
-<interface name="auth_read_all_files_except_auth_files" lineno="1244">
+<interface name="auth_domtrans_pam_console" lineno="1184">
 <summary>
-Read all files on the filesystem, except
-login files and listed exceptions.
+Execute pam_console with a domain transition.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
-</summary>
-</param>
-<param name="exception_types" optional="true">
-<summary>
-The types to be excluded.  Each type or attribute
-must be negated by the caller.
+Domain allowed to transition.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="auth_read_all_files_except_shadow" lineno="1267">
+<interface name="auth_search_pam_console_data" lineno="1203">
 <summary>
-Read all files on the filesystem, except
-the shadow passwords and listed exceptions.
+Search the contents of the
+pam_console data directory.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="exception_types" optional="true">
-<summary>
-The types to be excluded.  Each type or attribute
-must be negated by the caller.
-</summary>
-</param>
-<rolecap/>
 </interface>
-<interface name="auth_read_all_symlinks_except_auth_files" lineno="1289">
+<interface name="auth_list_pam_console_data" lineno="1223">
 <summary>
-Read all symbolic links on the filesystem, except
-login files and listed exceptions.
+List the contents of the pam_console
+data directory.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="exception_types" optional="true">
-<summary>
-The types to be excluded.  Each type or attribute
-must be negated by the caller.
-</summary>
-</param>
 </interface>
-<interface name="auth_read_all_symlinks_except_shadow" lineno="1311">
+<interface name="auth_create_pam_console_data_dirs" lineno="1242">
 <summary>
-Read all symbolic links on the filesystem, except
-the shadow passwords and listed exceptions.
+Create pam var console pid directories.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="exception_types" optional="true">
-<summary>
-The types to be excluded.  Each type or attribute
-must be negated by the caller.
-</summary>
-</param>
 </interface>
-<interface name="auth_relabel_all_files_except_auth_files" lineno="1333">
+<interface name="auth_relabel_pam_console_data_dirs" lineno="1261">
 <summary>
-Relabel all files on the filesystem, except
-login files and listed exceptions.
+Relabel pam_console data directories.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="exception_types" optional="true">
-<summary>
-The types to be excluded.  Each type or attribute
-must be negated by the caller.
-</summary>
-</param>
 </interface>
-<interface name="auth_relabel_all_files_except_shadow" lineno="1355">
+<interface name="auth_read_pam_console_data" lineno="1279">
 <summary>
-Relabel all files on the filesystem, except
-the shadow passwords and listed exceptions.
+Read pam_console data files.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="exception_types" optional="true">
-<summary>
-The types to be excluded.  Each type or attribute
-must be negated by the caller.
-</summary>
-</param>
 </interface>
-<interface name="auth_rw_all_files_except_auth_files" lineno="1377">
+<interface name="auth_manage_pam_console_data" lineno="1300">
 <summary>
-Read and write all files on the filesystem, except
-login files and listed exceptions.
+Create, read, write, and delete
+pam_console data files.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="exception_types" optional="true">
-<summary>
-The types to be excluded.  Each type or attribute
-must be negated by the caller.
-</summary>
-</param>
 </interface>
-<interface name="auth_rw_all_files_except_shadow" lineno="1399">
+<interface name="auth_delete_pam_console_data" lineno="1320">
 <summary>
-Read and write all files on the filesystem, except
-the shadow passwords and listed exceptions.
+Delete pam_console data.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="exception_types" optional="true">
-<summary>
-The types to be excluded.  Each type or attribute
-must be negated by the caller.
-</summary>
-</param>
 </interface>
-<interface name="auth_manage_all_files_except_auth_files" lineno="1421">
+<interface name="auth_pid_filetrans_pam_var_console" lineno="1353">
 <summary>
-Manage all files on the filesystem, except
-login files passwords and listed exceptions.
+Create specified objects in
+pid directories with the pam var
+console pid file type using a
+file type transition.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="exception_types" optional="true">
-<summary>
-The types to be excluded.  Each type or attribute
-must be negated by the caller.
-</summary>
-</param>
-</interface>
-<interface name="auth_manage_all_files_except_shadow" lineno="1443">
-<summary>
-Manage all files on the filesystem, except
-the shadow passwords and listed exceptions.
-</summary>
-<param name="domain">
+<param name="object_class">
 <summary>
-Domain allowed access.
+Class of the object being created.
 </summary>
 </param>
-<param name="exception_types" optional="true">
+<param name="name" optional="true">
 <summary>
-The types to be excluded.  Each type or attribute
-must be negated by the caller.
+The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="auth_domtrans_utempter" lineno="1458">
+<interface name="auth_domtrans_utempter" lineno="1371">
 <summary>
 Execute utempter programs in the utempter domain.
 </summary>
@@ -85420,7 +112464,7 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="auth_run_utempter" lineno="1481">
+<interface name="auth_run_utempter" lineno="1394">
 <summary>
 Execute utempter programs in the utempter domain.
 </summary>
@@ -85435,7 +112479,7 @@ The role to allow the utempter domain.
 </summary>
 </param>
 </interface>
-<interface name="auth_dontaudit_exec_utempter" lineno="1500">
+<interface name="auth_dontaudit_exec_utempter" lineno="1413">
 <summary>
 Do not audit attemps to execute utempter executable.
 </summary>
@@ -85445,7 +112489,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="auth_setattr_login_records" lineno="1518">
+<interface name="auth_setattr_login_records" lineno="1431">
 <summary>
 Set the attributes of login record files.
 </summary>
@@ -85455,7 +112499,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="auth_read_login_records" lineno="1538">
+<interface name="auth_read_login_records" lineno="1451">
 <summary>
 Read login records files (/var/log/wtmp).
 </summary>
@@ -85466,7 +112510,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="auth_dontaudit_read_login_records" lineno="1559">
+<interface name="auth_dontaudit_read_login_records" lineno="1472">
 <summary>
 Do not audit attempts to read login records
 files (/var/log/wtmp).
@@ -85478,7 +112522,7 @@ Domain to not audit.
 </param>
 <rolecap/>
 </interface>
-<interface name="auth_dontaudit_write_login_records" lineno="1578">
+<interface name="auth_dontaudit_write_login_records" lineno="1491">
 <summary>
 Do not audit attempts to write to
 login records files.
@@ -85489,7 +112533,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="auth_append_login_records" lineno="1596">
+<interface name="auth_append_login_records" lineno="1509">
 <summary>
 Append to login records (wtmp).
 </summary>
@@ -85499,7 +112543,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="auth_write_login_records" lineno="1615">
+<interface name="auth_write_login_records" lineno="1528">
 <summary>
 Write to login records (wtmp).
 </summary>
@@ -85509,7 +112553,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="auth_rw_login_records" lineno="1633">
+<interface name="auth_rw_login_records" lineno="1546">
 <summary>
 Read and write login records.
 </summary>
@@ -85519,7 +112563,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="auth_log_filetrans_login_records" lineno="1653">
+<interface name="auth_log_filetrans_login_records" lineno="1566">
 <summary>
 Create a login records in the log directory
 using a type transition.
@@ -85530,7 +112574,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="auth_manage_login_records" lineno="1672">
+<interface name="auth_manage_login_records" lineno="1585">
 <summary>
 Create, read, write, and delete login
 records files.
@@ -85541,7 +112585,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="auth_relabel_login_records" lineno="1691">
+<interface name="auth_relabel_login_records" lineno="1604">
 <summary>
 Relabel login record files.
 </summary>
@@ -85551,7 +112595,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="auth_use_nsswitch" lineno="1719">
+<interface name="auth_use_nsswitch" lineno="1632">
 <summary>
 Use nsswitch to look up user, password, group, or
 host information.
@@ -85571,7 +112615,7 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="auth_unconfined" lineno="1747">
+<interface name="auth_unconfined" lineno="1660">
 <summary>
 Unconfined access to the authlogin module.
 </summary>
@@ -85638,7 +112682,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="clock_dontaudit_write_adjtime" lineno="75">
+<interface name="clock_read_adjtime" lineno="75">
+<summary>
+Read clock drift adjustments.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="clock_dontaudit_write_adjtime" lineno="94">
 <summary>
 Do not audit attempts to write clock drift adjustments.
 </summary>
@@ -85648,7 +112702,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="clock_rw_adjtime" lineno="93">
+<interface name="clock_rw_adjtime" lineno="112">
 <summary>
 Read and write clock drift adjustments.
 </summary>
@@ -85659,6 +112713,130 @@ Domain allowed access.
 </param>
 </interface>
 </module>
+<module name="daemontools" filename="policy/modules/system/daemontools.if">
+<summary>Collection of tools for managing UNIX services.</summary>
+<interface name="daemontools_ipc_domain" lineno="14">
+<summary>
+An ipc channel between the
+supervised domain and svc_start_t.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="daemontools_service_domain" lineno="41">
+<summary>
+Create a domain which can be
+started by daemontools.
+</summary>
+<param name="domain">
+<summary>
+Type to be used as a domain.
+</summary>
+</param>
+<param name="entrypoint">
+<summary>
+Type of the program to be used as an entry point to this domain.
+</summary>
+</param>
+</interface>
+<interface name="daemontools_domtrans_start" lineno="64">
+<summary>
+Execute svc start in the svc
+start domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="daemonstools_run_start" lineno="91">
+<summary>
+Execute svc start in the svc
+start domain, and allow the
+specified role the svc start domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="daemontools_domtrans_run" lineno="110">
+<summary>
+Execute avc run in the svc run domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="daemontools_sigchld_run" lineno="130">
+<summary>
+Send child terminated signals
+to svc run.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="daemontools_domtrans_multilog" lineno="149">
+<summary>
+Execute avc multilog in the svc
+multilog domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="daemontools_search_svc_dir" lineno="168">
+<summary>
+Search svc svc directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="daemontools_read_svc" lineno="188">
+<summary>
+Read svc avc files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="daemontools_manage_svc" lineno="210">
+<summary>
+Create, read, write and delete
+svc svc content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
 <module name="fstools" filename="policy/modules/system/fstools.if">
 <summary>Tools for filesystem management, such as mkfs and fsck.</summary>
 <interface name="fstools_domtrans" lineno="13">
@@ -85708,7 +112886,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fstools_read_pipes" lineno="94">
+<interface name="fstools_use_fds" lineno="94">
+<summary>
+Inherit fstools file descriptors.
+</summary>
+<param name="domain">
+<summary>
+The type of the process performing this action.
+</summary>
+</param>
+</interface>
+<interface name="fstools_read_pipes" lineno="112">
 <summary>
 Read fstools unnamed pipes.
 </summary>
@@ -85718,7 +112906,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fstools_relabelto_entry_files" lineno="113">
+<interface name="fstools_relabelto_entry_files" lineno="131">
 <summary>
 Relabel a file to the type used by the
 filesystem tools programs.
@@ -85729,7 +112917,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fstools_manage_entry_files" lineno="132">
+<interface name="fstools_manage_entry_files" lineno="150">
 <summary>
 Create, read, write, and delete a file used by the
 filesystem tools programs.
@@ -85740,7 +112928,28 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fstools_getattr_swap_files" lineno="150">
+<interface name="fstools_write_log" lineno="168">
+<summary>
+Write to fsadm_log_t
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fstools_manage_runtime_files" lineno="187">
+<summary>
+Create, read, write, and delete filesystem tools
+runtime files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fstools_getattr_swap_files" lineno="205">
 <summary>
 Getattr swapfile
 </summary>
@@ -85750,9 +112959,39 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
+<interface name="fstools_dontaudit_getattr_swap_files" lineno="223">
+<summary>
+Ignore access to a swapfile.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="fstools_relabelto_swap_files" lineno="241">
+<summary>
+Relabel to swapfile.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fstools_manage_swap_files" lineno="259">
+<summary>
+Manage swapfile.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
 </module>
 <module name="getty" filename="policy/modules/system/getty.if">
-<summary>Policy for getty.</summary>
+<summary>Manages physical or virtual terminals.</summary>
 <interface name="getty_domtrans" lineno="13">
 <summary>
 Execute gettys in the getty domain.
@@ -85763,7 +113002,17 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="getty_use_fds" lineno="32">
+<interface name="getty_dontaudit_use_fds" lineno="32">
+<summary>
+Do not audit the use of getty file descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="getty_use_fds" lineno="50">
 <summary>
 Inherit and use getty file descriptors.
 </summary>
@@ -85773,7 +113022,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="getty_read_log" lineno="51">
+<interface name="getty_read_log" lineno="69">
 <summary>
 Allow process to read getty log file.
 </summary>
@@ -85784,7 +113033,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="getty_read_config" lineno="71">
+<interface name="getty_read_config" lineno="89">
 <summary>
 Allow process to read getty config file.
 </summary>
@@ -85795,7 +113044,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="getty_rw_config" lineno="91">
+<interface name="getty_rw_config" lineno="109">
 <summary>
 Allow process to edit getty config file.
 </summary>
@@ -85977,7 +113226,18 @@ Type to be used for a script file.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="init_script_domain" lineno="67">
+<interface name="init_unit_file" lineno="56">
+<summary>
+Make the specified type usable for
+systemd unit files.
+</summary>
+<param name="type">
+<summary>
+Type to be used for systemd unit files.
+</summary>
+</param>
+</interface>
+<interface name="init_script_domain" lineno="87">
 <summary>
 Create a domain used for init scripts.
 </summary>
@@ -85999,7 +113259,7 @@ Type of the script file used as an entry point to this domain.
 </summary>
 </param>
 </interface>
-<interface name="init_domain" lineno="97">
+<interface name="init_domain" lineno="119">
 <summary>
 Create a domain which can be started by init.
 </summary>
@@ -86014,7 +113274,7 @@ Type of the program to be used as an entry point to this domain.
 </summary>
 </param>
 </interface>
-<interface name="init_ranged_domain" lineno="140">
+<interface name="init_ranged_domain" lineno="162">
 <summary>
 Create a domain which can be started by init,
 with a range transition.
@@ -86035,7 +113295,31 @@ Range for the domain.
 </summary>
 </param>
 </interface>
-<interface name="init_daemon_domain" lineno="192">
+<interface name="init_spec_daemon_domain" lineno="203">
+<summary>
+Setup a domain which can be manually transitioned to from init.
+</summary>
+<desc>
+<p>
+Create a domain used for systemd services where the SELinuxContext
+option is specified in the .service file.  This allows for the
+manual transition from systemd into the new domain.  This is used
+when automatic transitions won't work.  Used for the case where the
+same binary is used for multiple target domains.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Type to be used as a domain.
+</summary>
+</param>
+<param name="entry_point">
+<summary>
+Type of the program being executed when starting this domain.
+</summary>
+</param>
+</interface>
+<interface name="init_daemon_domain" lineno="276">
 <summary>
 Create a domain for long running processes
 (daemons/services) which are started by init scripts.
@@ -86070,7 +113354,7 @@ Type of the program to be used as an entry point to this domain.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="init_ranged_daemon_domain" lineno="283">
+<interface name="init_ranged_daemon_domain" lineno="363">
 <summary>
 Create a domain for long running processes
 (daemons/services) which are started by init scripts,
@@ -86112,7 +113396,32 @@ MLS/MCS range for the domain.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="init_system_domain" lineno="337">
+<interface name="init_abstract_socket_activation" lineno="394">
+<summary>
+Abstract socket service activation (systemd).
+</summary>
+<param name="domain">
+<summary>
+The domain to be started by systemd socket activation.
+</summary>
+</param>
+</interface>
+<interface name="init_named_socket_activation" lineno="419">
+<summary>
+Named socket service activation (systemd).
+</summary>
+<param name="domain">
+<summary>
+The domain to be started by systemd socket activation.
+</summary>
+</param>
+<param name="sock_file">
+<summary>
+The domain socket file type.
+</summary>
+</param>
+</interface>
+<interface name="init_system_domain" lineno="470">
 <summary>
 Create a domain for short running processes
 which are started by init scripts.
@@ -86149,7 +113458,7 @@ Type of the program to be used as an entry point to this domain.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="init_ranged_system_domain" lineno="401">
+<interface name="init_ranged_system_domain" lineno="532">
 <summary>
 Create a domain for short running processes
 which are started by init scripts.
@@ -86192,7 +113501,59 @@ Range for the domain.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="init_domtrans" lineno="428">
+<interface name="init_dyntrans" lineno="563">
+<summary>
+Allow domain dyntransition to init_t domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="init_daemon_pid_file" lineno="592">
+<summary>
+Mark the file type as a daemon pid file, allowing initrc_t
+to create it
+</summary>
+<param name="filetype">
+<summary>
+Type to mark as a daemon pid file
+</summary>
+</param>
+<param name="class">
+<summary>
+Class on which the type is applied
+</summary>
+</param>
+<param name="filename">
+<summary>
+Filename of the file that the init script creates
+</summary>
+</param>
+</interface>
+<interface name="init_daemon_lock_file" lineno="625">
+<summary>
+Mark the file type as a daemon lock file, allowing initrc_t
+to create it
+</summary>
+<param name="filetype">
+<summary>
+Type to mark as a daemon lock file
+</summary>
+</param>
+<param name="class">
+<summary>
+Class on which the type is applied
+</summary>
+</param>
+<param name="filename">
+<summary>
+Filename of the file that the init script creates
+</summary>
+</param>
+</interface>
+<interface name="init_domtrans" lineno="647">
 <summary>
 Execute init (/sbin/init) with a domain transition.
 </summary>
@@ -86202,7 +113563,7 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="init_exec" lineno="447">
+<interface name="init_exec" lineno="666">
 <summary>
 Execute the init program in the caller domain.
 </summary>
@@ -86213,7 +113574,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="init_exec_rc" lineno="477">
+<interface name="init_exec_rc" lineno="696">
 <summary>
 Execute the rc application in the caller domain.
 </summary>
@@ -86234,7 +113595,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="init_getpgid" lineno="496">
+<interface name="init_getpgid" lineno="715">
 <summary>
 Get the process group of init.
 </summary>
@@ -86244,7 +113605,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="init_signull" lineno="514">
+<interface name="init_signal" lineno="733">
+<summary>
+Send init a generic signal.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_signull" lineno="751">
 <summary>
 Send init a null signal.
 </summary>
@@ -86254,7 +113625,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="init_sigchld" lineno="532">
+<interface name="init_sigchld" lineno="769">
 <summary>
 Send init a SIGCHLD signal.
 </summary>
@@ -86264,7 +113635,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="init_stream_connect" lineno="550">
+<interface name="init_stream_connect" lineno="787">
 <summary>
 Connect to init with a unix socket.
 </summary>
@@ -86274,7 +113645,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="init_use_fds" lineno="608">
+<interface name="init_use_fds" lineno="847">
 <summary>
 Inherit and use file descriptors from init.
 </summary>
@@ -86324,7 +113695,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="1"/>
 </interface>
-<interface name="init_dontaudit_use_fds" lineno="627">
+<interface name="init_dontaudit_use_fds" lineno="866">
 <summary>
 Do not audit attempts to inherit file
 descriptors from init.
@@ -86335,9 +113706,172 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="init_udp_send" lineno="645">
+<interface name="init_dgram_send" lineno="885">
+<summary>
+Send messages to init unix datagram sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="init_rw_inherited_stream_socket" lineno="905">
+<summary>
+Read and write to inherited init unix streams.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_rw_stream_sockets" lineno="924">
+<summary>
+Allow the specified domain to read/write to
+init with unix domain stream sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_start_system" lineno="942">
+<summary>
+start service (systemd).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_stop_system" lineno="960">
+<summary>
+stop service (systemd).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_get_system_status" lineno="978">
+<summary>
+Get all service status (systemd).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_enable" lineno="996">
+<summary>
+Enable all systemd services (systemd).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_disable" lineno="1014">
+<summary>
+Disable all services (systemd).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_reload" lineno="1032">
+<summary>
+Reload all services (systemd).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_reboot_system" lineno="1050">
+<summary>
+Reboot the system (systemd).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_shutdown_system" lineno="1068">
+<summary>
+Shutdown (halt) the system (systemd).
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_service_status" lineno="1086">
+<summary>
+Allow specified domain to get init status
+</summary>
+<param name="domain">
+<summary>
+Domain to allow access.
+</summary>
+</param>
+</interface>
+<interface name="init_service_start" lineno="1105">
+<summary>
+Allow specified domain to get init start
+</summary>
+<param name="domain">
+<summary>
+Domain to allow access.
+</summary>
+</param>
+</interface>
+<interface name="init_dbus_chat" lineno="1125">
+<summary>
+Send and receive messages from
+systemd over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_read_var_lib_links" lineno="1145">
+<summary>
+read/follow symlinks under /var/lib/systemd/
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_list_var_lib_dirs" lineno="1164">
+<summary>
+List /var/lib/systemd/ dir
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_relabel_var_lib_dirs" lineno="1182">
 <summary>
-Send UDP network traffic to init.  (Deprecated)
+Relabel dirs in /var/lib/systemd/.
 </summary>
 <param name="domain">
 <summary>
@@ -86345,7 +113879,88 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="init_getattr_initctl" lineno="659">
+<interface name="init_manage_var_lib_files" lineno="1200">
+<summary>
+Manage files in /var/lib/systemd/.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_var_lib_filetrans" lineno="1235">
+<summary>
+Create files in /var/lib/systemd
+with an automatic type transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="type">
+<summary>
+The type of object to be created
+</summary>
+</param>
+<param name="object_class">
+<summary>
+The object class.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="init_search_pids" lineno="1254">
+<summary>
+Allow search  directory in the /run/systemd directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_list_pids" lineno="1272">
+<summary>
+Allow listing of the /run/systemd directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_pid_filetrans" lineno="1306">
+<summary>
+Create files in an init PID directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="file_type">
+<summary>
+The type of the object to be created
+</summary>
+</param>
+<param name="object_class">
+<summary>
+The object class.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="init_getattr_initctl" lineno="1325">
 <summary>
 Get the attributes of initctl.
 </summary>
@@ -86355,7 +113970,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="init_dontaudit_getattr_initctl" lineno="678">
+<interface name="init_dontaudit_getattr_initctl" lineno="1346">
 <summary>
 Do not audit attempts to get the
 attributes of initctl.
@@ -86366,7 +113981,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="init_write_initctl" lineno="696">
+<interface name="init_write_initctl" lineno="1364">
 <summary>
 Write to initctl.
 </summary>
@@ -86376,7 +113991,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="init_telinit" lineno="716">
+<interface name="init_telinit" lineno="1385">
 <summary>
 Use telinit (Read and write initctl).
 </summary>
@@ -86387,7 +114002,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="init_rw_initctl" lineno="747">
+<interface name="init_rw_initctl" lineno="1418">
 <summary>
 Read and write initctl.
 </summary>
@@ -86397,18 +114012,18 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="init_dontaudit_rw_initctl" lineno="767">
+<interface name="init_dontaudit_rw_initctl" lineno="1439">
 <summary>
 Do not audit attempts to read and
 write initctl.
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="init_script_file_entry_type" lineno="786">
+<interface name="init_script_file_entry_type" lineno="1458">
 <summary>
 Make init scripts an entry point for
 the specified domain.
@@ -86419,7 +114034,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="init_spec_domtrans_script" lineno="804">
+<interface name="init_spec_domtrans_script" lineno="1481">
 <summary>
 Execute init scripts with a specified domain transition.
 </summary>
@@ -86429,7 +114044,7 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="init_domtrans_script" lineno="839">
+<interface name="init_domtrans_script" lineno="1508">
 <summary>
 Execute init scripts with an automatic domain transition.
 </summary>
@@ -86439,7 +114054,17 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="init_script_file_domtrans" lineno="881">
+<interface name="init_domtrans_labeled_script" lineno="1543">
+<summary>
+Execute labelled init scripts with an automatic domain transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="init_script_file_domtrans" lineno="1589">
 <summary>
 Execute a init script in a specified domain.
 </summary>
@@ -86464,7 +114089,27 @@ Domain to transition to.
 </summary>
 </param>
 </interface>
-<interface name="init_labeled_script_domtrans" lineno="906">
+<interface name="init_kill_scripts" lineno="1608">
+<summary>
+Send a kill signal to init scripts.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_manage_script_service" lineno="1626">
+<summary>
+Allow manage service for initrc_exec_t scripts
+</summary>
+<param name="domain">
+<summary>
+Target domain
+</summary>
+</param>
+</interface>
+<interface name="init_labeled_script_domtrans" lineno="1651">
 <summary>
 Transition to the init script domain
 on a specified labeled init script.
@@ -86480,7 +114125,7 @@ Labeled init script file.
 </summary>
 </param>
 </interface>
-<interface name="init_all_labeled_script_domtrans" lineno="926">
+<interface name="init_all_labeled_script_domtrans" lineno="1673">
 <summary>
 Transition to the init script domain
 for all labeled init script types
@@ -86491,7 +114136,48 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="init_run_daemon" lineno="956">
+<interface name="init_get_script_status" lineno="1691">
+<summary>
+Allow getting service status of initrc_exec_t scripts
+</summary>
+<param name="domain">
+<summary>
+Target domain
+</summary>
+</param>
+</interface>
+<interface name="init_startstop_service" lineno="1731">
+<summary>
+Allow the role to start and stop
+labeled services.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+The role to be performing this action.
+</summary>
+</param>
+<param name="domain">
+<summary>
+Type to be used as a daemon domain.
+</summary>
+</param>
+<param name="init_script_file">
+<summary>
+Labeled init script file.
+</summary>
+</param>
+<param name="unit" optional="true">
+<summary>
+Systemd unit file type.
+</summary>
+</param>
+</interface>
+<interface name="init_run_daemon" lineno="1784">
 <summary>
 Start and stop daemon programs directly.
 </summary>
@@ -86513,7 +114199,17 @@ The role to be performing this action.
 </summary>
 </param>
 </interface>
-<interface name="init_read_state" lineno="976">
+<interface name="init_startstop_all_script_services" lineno="1806">
+<summary>
+Start and stop init_script_file_type services
+</summary>
+<param name="domain">
+<summary>
+domain that can start and stop the services
+</summary>
+</param>
+</interface>
+<interface name="init_read_state" lineno="1825">
 <summary>
 Read the process state (/proc/pid) of init.
 </summary>
@@ -86523,7 +114219,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="init_ptrace" lineno="997">
+<interface name="init_dontaudit_read_state" lineno="1845">
+<summary>
+Dontaudit read the process state (/proc/pid) of init.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="init_ptrace" lineno="1866">
 <summary>
 Ptrace init
 </summary>
@@ -86534,7 +114240,28 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="init_write_script_pipes" lineno="1015">
+<interface name="init_getattr" lineno="1885">
+<summary>
+get init process stats
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="init_read_script_pipes" lineno="1903">
+<summary>
+Read an init script unnamed pipe.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_write_script_pipes" lineno="1921">
 <summary>
 Write an init script unnamed pipe.
 </summary>
@@ -86544,7 +114271,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="init_getattr_script_files" lineno="1033">
+<interface name="init_getattr_script_files" lineno="1939">
 <summary>
 Get the attribute of init script entrypoint files.
 </summary>
@@ -86554,7 +114281,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="init_read_script_files" lineno="1052">
+<interface name="init_read_script_files" lineno="1958">
 <summary>
 Read init scripts.
 </summary>
@@ -86564,7 +114291,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="init_exec_script_files" lineno="1071">
+<interface name="init_exec_script_files" lineno="1977">
 <summary>
 Execute init scripts in the caller domain.
 </summary>
@@ -86574,7 +114301,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="init_getattr_all_script_files" lineno="1090">
+<interface name="init_getattr_all_script_files" lineno="1996">
 <summary>
 Get the attribute of all init script entrypoint files.
 </summary>
@@ -86584,7 +114311,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="init_read_all_script_files" lineno="1109">
+<interface name="init_read_all_script_files" lineno="2015">
 <summary>
 Read all init script files.
 </summary>
@@ -86594,7 +114321,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="init_dontaudit_read_all_script_files" lineno="1128">
+<interface name="init_dontaudit_read_all_script_files" lineno="2039">
 <summary>
 Dontaudit read all init script files.
 </summary>
@@ -86604,7 +114331,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="init_exec_all_script_files" lineno="1146">
+<interface name="init_exec_all_script_files" lineno="2057">
 <summary>
 Execute all init scripts in the caller domain.
 </summary>
@@ -86614,7 +114341,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="init_read_script_state" lineno="1165">
+<interface name="init_read_script_state" lineno="2076">
 <summary>
 Read the process state (/proc/pid) of the init scripts.
 </summary>
@@ -86624,7 +114351,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="init_use_script_fds" lineno="1189">
+<interface name="init_use_script_fds" lineno="2095">
 <summary>
 Inherit and use init script file descriptors.
 </summary>
@@ -86634,7 +114361,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="init_dontaudit_use_script_fds" lineno="1208">
+<interface name="init_dontaudit_use_script_fds" lineno="2114">
 <summary>
 Do not audit attempts to inherit
 init script file descriptors.
@@ -86645,7 +114372,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="init_search_script_keys" lineno="1226">
+<interface name="init_search_script_keys" lineno="2132">
 <summary>
 Search init script keys.
 </summary>
@@ -86655,7 +114382,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="init_getpgid_script" lineno="1244">
+<interface name="init_getpgid_script" lineno="2150">
 <summary>
 Get the process group ID of init scripts.
 </summary>
@@ -86665,7 +114392,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="init_sigchld_script" lineno="1262">
+<interface name="init_sigchld_script" lineno="2168">
 <summary>
 Send SIGCHLD signals to init scripts.
 </summary>
@@ -86675,7 +114402,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="init_signal_script" lineno="1280">
+<interface name="init_signal_script" lineno="2186">
 <summary>
 Send generic signals to init scripts.
 </summary>
@@ -86685,7 +114412,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="init_signull_script" lineno="1298">
+<interface name="init_signull_script" lineno="2204">
 <summary>
 Send null signals to init scripts.
 </summary>
@@ -86695,7 +114422,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="init_rw_script_pipes" lineno="1316">
+<interface name="init_rw_script_pipes" lineno="2222">
 <summary>
 Read and write init script unnamed pipes.
 </summary>
@@ -86705,17 +114432,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="init_udp_send_script" lineno="1334">
-<summary>
-Send UDP network traffic to init scripts.  (Deprecated)
-</summary>
-<param name="domain">
-<summary>
-Domain allowed access.
-</summary>
-</param>
-</interface>
-<interface name="init_stream_connect_script" lineno="1349">
+<interface name="init_stream_connect_script" lineno="2241">
 <summary>
 Allow the specified domain to connect to
 init scripts with a unix socket.
@@ -86726,7 +114443,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="init_rw_script_stream_sockets" lineno="1368">
+<interface name="init_rw_script_stream_sockets" lineno="2260">
 <summary>
 Allow the specified domain to read/write to
 init scripts with a unix domain stream sockets.
@@ -86737,7 +114454,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="init_dontaudit_stream_connect_script" lineno="1387">
+<interface name="init_dontaudit_stream_connect_script" lineno="2279">
 <summary>
 Dont audit the specified domain connecting to
 init scripts with a unix domain stream socket.
@@ -86748,7 +114465,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="init_dbus_send_script" lineno="1404">
+<interface name="init_dbus_send_script" lineno="2296">
 <summary>
 Send messages to init scripts over dbus.
 </summary>
@@ -86758,7 +114475,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="init_dbus_chat_script" lineno="1424">
+<interface name="init_dbus_chat_script" lineno="2316">
 <summary>
 Send and receive messages from
 init scripts over dbus.
@@ -86769,7 +114486,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="init_use_script_ptys" lineno="1453">
+<interface name="init_use_script_ptys" lineno="2345">
 <summary>
 Read and write the init script pty.
 </summary>
@@ -86788,7 +114505,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="init_dontaudit_use_script_ptys" lineno="1473">
+<interface name="init_use_inherited_script_ptys" lineno="2364">
+<summary>
+Read and write inherited init script ptys.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_dontaudit_use_script_ptys" lineno="2386">
 <summary>
 Do not audit attempts to read and
 write the init script pty.
@@ -86799,7 +114526,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="init_getattr_script_status_files" lineno="1492">
+<interface name="init_getattr_script_status_files" lineno="2405">
 <summary>
 Get the attributes of init script
 status files.
@@ -86810,7 +114537,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="init_dontaudit_read_script_status_files" lineno="1511">
+<interface name="init_dontaudit_read_script_status_files" lineno="2424">
 <summary>
 Do not audit attempts to read init script
 status files.
@@ -86821,7 +114548,17 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="init_read_script_tmp_files" lineno="1530">
+<interface name="init_search_run" lineno="2443">
+<summary>
+Search the /run/systemd directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_read_script_tmp_files" lineno="2462">
 <summary>
 Read init script temporary data.
 </summary>
@@ -86831,7 +114568,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="init_rw_script_tmp_files" lineno="1549">
+<interface name="init_rw_inherited_script_tmp_files" lineno="2481">
+<summary>
+Read and write init script inherited temporary data.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_rw_script_tmp_files" lineno="2499">
 <summary>
 Read and write init script temporary data.
 </summary>
@@ -86841,7 +114588,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="init_script_tmp_filetrans" lineno="1584">
+<interface name="init_script_tmp_filetrans" lineno="2534">
 <summary>
 Create files in a init script
 temporary data directory.
@@ -86867,7 +114614,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="init_getattr_utmp" lineno="1603">
+<interface name="init_getattr_utmp" lineno="2553">
 <summary>
 Get the attributes of init script process id files.
 </summary>
@@ -86877,7 +114624,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="init_read_utmp" lineno="1621">
+<interface name="init_read_utmp" lineno="2571">
 <summary>
 Read utmp.
 </summary>
@@ -86887,7 +114634,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="init_dontaudit_write_utmp" lineno="1640">
+<interface name="init_dontaudit_write_utmp" lineno="2590">
 <summary>
 Do not audit attempts to write utmp.
 </summary>
@@ -86897,7 +114644,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="init_write_utmp" lineno="1658">
+<interface name="init_write_utmp" lineno="2608">
 <summary>
 Write to utmp.
 </summary>
@@ -86907,7 +114654,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="init_dontaudit_lock_utmp" lineno="1678">
+<interface name="init_dontaudit_lock_utmp" lineno="2628">
 <summary>
 Do not audit attempts to lock
 init script pid files.
@@ -86918,7 +114665,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="init_rw_utmp" lineno="1696">
+<interface name="init_rw_utmp" lineno="2646">
 <summary>
 Read and write utmp.
 </summary>
@@ -86928,7 +114675,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="init_dontaudit_rw_utmp" lineno="1715">
+<interface name="init_dontaudit_rw_utmp" lineno="2665">
 <summary>
 Do not audit attempts to read and write utmp.
 </summary>
@@ -86938,7 +114685,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="init_manage_utmp" lineno="1733">
+<interface name="init_manage_utmp" lineno="2683">
 <summary>
 Create, read, write, and delete utmp.
 </summary>
@@ -86948,7 +114695,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="init_pid_filetrans_utmp" lineno="1753">
+<interface name="init_relabel_utmp" lineno="2702">
+<summary>
+Relabel utmp.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_pid_filetrans_utmp" lineno="2721">
 <summary>
 Create files in /var/run with the
 utmp file type.
@@ -86959,7 +114716,130 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="init_tcp_recvfrom_all_daemons" lineno="1771">
+<interface name="init_runtime_filetrans_utmp" lineno="2737">
+<summary>
+Create files in /var/run with the
+utmp file type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_create_pid_dirs" lineno="2755">
+<summary>
+Create a directory in the /run/systemd directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_create_runtime_dirs" lineno="2770">
+<summary>
+Create a directory in the /run/systemd directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_rename_pid_files" lineno="2789">
+<summary>
+Rename init_var_run_t files
+</summary>
+<param name="domain">
+<summary>
+domain
+</summary>
+</param>
+</interface>
+<interface name="init_rename_runtime_files" lineno="2804">
+<summary>
+Rename init_var_run_t files
+</summary>
+<param name="domain">
+<summary>
+domain
+</summary>
+</param>
+</interface>
+<interface name="init_delete_pid_files" lineno="2822">
+<summary>
+Delete init_var_run_t files
+</summary>
+<param name="domain">
+<summary>
+domain
+</summary>
+</param>
+</interface>
+<interface name="init_delete_runtime_files" lineno="2837">
+<summary>
+Delete init_var_run_t files
+</summary>
+<param name="domain">
+<summary>
+domain
+</summary>
+</param>
+</interface>
+<interface name="init_write_pid_socket" lineno="2856">
+<summary>
+Allow the specified domain to write to
+init sock file.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_write_runtime_socket" lineno="2872">
+<summary>
+Allow the specified domain to write to
+init sock file.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_read_pid_pipes" lineno="2890">
+<summary>
+Read init unnamed pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_read_runtime_pipes" lineno="2905">
+<summary>
+Read init unnamed pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_read_runtime_symlinks" lineno="2923">
+<summary>
+read systemd unit symlinks (usually under /run/systemd/units/)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_tcp_recvfrom_all_daemons" lineno="2941">
 <summary>
 Allow the specified domain to connect to daemon with a tcp socket
 </summary>
@@ -86969,7 +114849,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="init_udp_recvfrom_all_daemons" lineno="1789">
+<interface name="init_udp_recvfrom_all_daemons" lineno="2959">
 <summary>
 Allow the specified domain to connect to daemon with a udp socket
 </summary>
@@ -86979,6 +114859,166 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
+<interface name="init_read_script_status_files" lineno="2978">
+<summary>
+Allow reading the init script state files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="init_relabelto_script_state" lineno="2996">
+<summary>
+Label to init script status files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="init_script_readable_type" lineno="3015">
+<summary>
+Mark as a readable type for the initrc_t domain
+</summary>
+<param name="type">
+<summary>
+Type that initrc_t needs read access to
+</summary>
+</param>
+</interface>
+<interface name="init_search_units" lineno="3033">
+<summary>
+Search systemd unit dirs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_read_generic_units_symlinks" lineno="3058">
+<summary>
+Read systemd unit links
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_get_generic_units_status" lineno="3076">
+<summary>
+Get status of generic systemd units.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_start_generic_units" lineno="3095">
+<summary>
+Start generic systemd units.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_stop_generic_units" lineno="3114">
+<summary>
+Stop generic systemd units.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="init_reload_generic_units" lineno="3133">
+<summary>
+Reload generic systemd units.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_get_all_units_status" lineno="3152">
+<summary>
+Get status of all systemd units.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_manage_all_units" lineno="3171">
+<summary>
+All perms on all systemd units.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_start_all_units" lineno="3191">
+<summary>
+Start all systemd units.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_stop_all_units" lineno="3210">
+<summary>
+Stop all systemd units.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="init_reload_all_units" lineno="3229">
+<summary>
+Reload all systemd units.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="init_admin" lineno="3248">
+<summary>
+Allow unconfined access to send instructions to init
+</summary>
+<param name="domain">
+<summary>
+Target domain
+</summary>
+</param>
+</interface>
+<interface name="init_getrlimit" lineno="3285">
+<summary>
+Allow getting init_t rlimit
+</summary>
+<param name="domain">
+<summary>
+Source domain
+</summary>
+</param>
+</interface>
 <tunable name="init_upstart" dftval="false">
 <desc>
 <p>
@@ -86986,6 +115026,13 @@ Enable support for upstart as the init program.
 </p>
 </desc>
 </tunable>
+<tunable name="init_daemons_use_tty" dftval="false">
+<desc>
+<p>
+Allow all daemons the ability to read/write terminals
+</p>
+</desc>
+</tunable>
 </module>
 <module name="ipsec" filename="policy/modules/system/ipsec.if">
 <summary>TCP/IP encryption</summary>
@@ -87194,6 +115241,23 @@ Role allowed access..
 </param>
 <rolecap/>
 </interface>
+<interface name="ipsec_admin" lineno="390">
+<summary>
+All of the rules required to
+administrate an ipsec environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
 <tunable name="racoon_read_shadow" dftval="false">
 <desc>
 <p>
@@ -87203,7 +115267,7 @@ Allow racoon to read shadow
 </tunable>
 </module>
 <module name="iptables" filename="policy/modules/system/iptables.if">
-<summary>Policy for iptables.</summary>
+<summary>Administration tool for IP packet filtering and NAT.</summary>
 <interface name="iptables_domtrans" lineno="13">
 <summary>
 Execute iptables in the iptables domain.
@@ -87241,9 +115305,10 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="iptables_initrc_domtrans" lineno="81">
+<interface name="iptables_initrc_domtrans" lineno="82">
 <summary>
-Execute iptables in the iptables domain.
+Execute iptables init scripts in
+the init script domain.
 </summary>
 <param name="domain">
 <summary>
@@ -87251,7 +115316,7 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="iptables_setattr_config" lineno="99">
+<interface name="iptables_setattr_config" lineno="100">
 <summary>
 Set the attributes of iptables config files.
 </summary>
@@ -87261,7 +115326,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="iptables_read_config" lineno="118">
+<interface name="iptables_read_config" lineno="119">
 <summary>
 Read iptables config files.
 </summary>
@@ -87271,7 +115336,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="iptables_etc_filetrans_config" lineno="139">
+<interface name="iptables_etc_filetrans_config" lineno="140">
 <summary>
 Create files in /etc with the type used for
 the iptables config files.
@@ -87282,7 +115347,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="iptables_manage_config" lineno="157">
+<interface name="iptables_manage_config" lineno="158">
 <summary>
 Manage iptables config files.
 </summary>
@@ -87292,6 +115357,116 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
+<interface name="iptables_dontaudit_read_pids" lineno="178">
+<summary>
+dontaudit reading iptables_runtime_t
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="iptables_startstop" lineno="196">
+<summary>
+Allow specified domain to start and stop iptables service
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="iptables_status" lineno="215">
+<summary>
+Allow specified domain to get status of iptables service
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="iptables_admin" lineno="242">
+<summary>
+All of the rules required to
+administrate an iptables
+environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
+<module name="iscsi" filename="policy/modules/system/iscsi.if">
+<summary>Establish connections to iSCSI devices.</summary>
+<interface name="iscsid_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run iscsid.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="iscsi_manage_semaphores" lineno="33">
+<summary>
+Create, read, write, and delete
+iscsid sempaphores.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="iscsi_stream_connect" lineno="52">
+<summary>
+Connect to iscsid using a unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="iscsi_read_lib_files" lineno="71">
+<summary>
+Read iscsid lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="iscsi_admin" lineno="98">
+<summary>
+All of the rules required to
+administrate an iscsi environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
 </module>
 <module name="libraries" filename="policy/modules/system/libraries.if">
 <summary>Policy for system libraries.</summary>
@@ -87465,18 +115640,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="libs_use_lib_files" lineno="326">
-<summary>
-Load and execute functions from generic
-lib files as shared libraries.
-</summary>
-<param name="domain">
-<summary>
-Domain allowed access.
-</summary>
-</param>
-</interface>
-<interface name="libs_manage_lib_files" lineno="343">
+<interface name="libs_manage_lib_files" lineno="327">
 <summary>
 Create, read, write, and delete generic
 files in library directories.
@@ -87487,7 +115651,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="libs_relabelto_lib_files" lineno="361">
+<interface name="libs_relabelto_lib_files" lineno="345">
 <summary>
 Relabel files to the type used in library directories.
 </summary>
@@ -87497,7 +115661,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="libs_relabel_lib_files" lineno="381">
+<interface name="libs_relabel_lib_files" lineno="365">
 <summary>
 Relabel to and from the type used
 for generic lib files.
@@ -87508,7 +115672,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="libs_delete_lib_symlinks" lineno="400">
+<interface name="libs_delete_lib_symlinks" lineno="384">
 <summary>
 Delete generic symlinks in library directories.
 </summary>
@@ -87518,7 +115682,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="libs_manage_shared_libs" lineno="419">
+<interface name="libs_manage_shared_libs" lineno="403">
 <summary>
 Create, read, write, and delete shared libraries.
 </summary>
@@ -87528,7 +115692,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="libs_use_shared_libs" lineno="437">
+<interface name="libs_use_shared_libs" lineno="421">
 <summary>
 Load and execute functions from shared libraries.
 </summary>
@@ -87538,7 +115702,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="libs_legacy_use_shared_libs" lineno="460">
+<interface name="libs_legacy_use_shared_libs" lineno="444">
 <summary>
 Load and execute functions from shared libraries,
 with legacy support.
@@ -87549,7 +115713,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="libs_relabel_shared_libs" lineno="481">
+<interface name="libs_relabel_shared_libs" lineno="465">
 <summary>
 Relabel to and from the type used for
 shared libraries.
@@ -87560,44 +115724,63 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="lib_filetrans_shared_lib" lineno="505">
+<interface name="libs_generic_etc_filetrans_ld_so_cache" lineno="498">
 <summary>
-Create an object in lib directories, with
-the shared libraries type using a type transition.
+Create an object in etc with a type transition to
+the ld_so_cache_t type
 </summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed access
 </summary>
 </param>
-<param name="object">
+<param name="class">
 <summary>
-The object class of the object being created.
+Class of the resource for which a type transition occurs.
+This is usually file as ld_so_cache is currently not used
+for any other resources.
+</summary>
+</param>
+<param name="filename" optional="true">
+<summary>
+Name of the resource created for which a type transition occurs
 </summary>
 </param>
 </interface>
-<interface name="files_lib_filetrans_shared_lib" lineno="534">
+<interface name="libs_lib_filetrans" lineno="532">
 <summary>
-Create an object in lib directories, with
-the shared libraries type using a type transition.  (Deprecated)
+Create an object in the generic lib location with a type transition
+to the provided type
 </summary>
-<desc>
-<p>
-Create an object in lib directories, with
-the shared libraries type using a type transition.  (Deprecated)
-</p>
-<p>
-lib_filetrans_shared_lib() should be used instead.
-</p>
-</desc>
 <param name="domain">
 <summary>
-Domain allowed access.
+Domain allowed access
 </summary>
 </param>
-<param name="object">
+<param name="target">
 <summary>
-The object class of the object being created.
+Target domain towards which a type transition should occur
+</summary>
+</param>
+<param name="class">
+<summary>
+Class of the resource for which a type transition occurs.
+</summary>
+</param>
+<param name="filetrans" optional="true">
+<summary>
+Name of the resource created for which a type transition should occur
+</summary>
+</param>
+</interface>
+<interface name="libs_relabel_lib_dirs" lineno="553">
+<summary>
+Relabel to and from the type used
+for generic lib directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
 </summary>
 </param>
 </interface>
@@ -87614,7 +115797,17 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="locallogin_use_fds" lineno="35">
+<interface name="locallogin_read_state" lineno="35">
+<summary>
+Allow calling domain to read locallogin state.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed permission.
+</summary>
+</param>
+</interface>
+<interface name="locallogin_use_fds" lineno="56">
 <summary>
 Allow processes to inherit local login file descriptors.
 </summary>
@@ -87624,7 +115817,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="locallogin_dontaudit_use_fds" lineno="53">
+<interface name="locallogin_dontaudit_use_fds" lineno="74">
 <summary>
 Do not audit attempts to inherit local login file descriptors.
 </summary>
@@ -87634,7 +115827,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="locallogin_signull" lineno="71">
+<interface name="locallogin_signull" lineno="92">
 <summary>
 Send a null signal to local login processes.
 </summary>
@@ -87644,7 +115837,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="locallogin_search_keys" lineno="89">
+<interface name="locallogin_search_keys" lineno="110">
 <summary>
 Search for key.
 </summary>
@@ -87654,7 +115847,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="locallogin_link_keys" lineno="107">
+<interface name="locallogin_link_keys" lineno="128">
 <summary>
 Allow link to the local_login key ring.
 </summary>
@@ -87664,9 +115857,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="locallogin_domtrans_sulogin" lineno="125">
+<interface name="locallogin_domtrans_sulogin" lineno="146">
 <summary>
-Execute local logins in the local login domain.
+Execute single-user logins in the single-user login domain.
 </summary>
 <param name="domain">
 <summary>
@@ -87776,7 +115969,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="logging_domtrans_auditctl" lineno="157">
+<interface name="logging_domtrans_auditctl" lineno="159">
 <summary>
 Execute auditctl in the auditctl domain.
 </summary>
@@ -87786,7 +115979,7 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="logging_run_auditctl" lineno="182">
+<interface name="logging_run_auditctl" lineno="184">
 <summary>
 Execute auditctl in the auditctl domain, and
 allow the specified role the auditctl domain.
@@ -87803,7 +115996,7 @@ Role allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="logging_domtrans_auditd" lineno="201">
+<interface name="logging_domtrans_auditd" lineno="203">
 <summary>
 Execute auditd in the auditd domain.
 </summary>
@@ -87813,7 +116006,7 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="logging_run_auditd" lineno="225">
+<interface name="logging_run_auditd" lineno="227">
 <summary>
 Execute auditd in the auditd domain, and
 allow the specified role the auditd domain.
@@ -87829,17 +116022,7 @@ Role allowed access.
 </summary>
 </param>
 </interface>
-<interface name="logging_stream_connect_auditd" lineno="244">
-<summary>
-Connect to auditdstored over an unix stream socket.
-</summary>
-<param name="domain">
-<summary>
-Domain allowed access.
-</summary>
-</param>
-</interface>
-<interface name="logging_domtrans_dispatcher" lineno="259">
+<interface name="logging_domtrans_dispatcher" lineno="246">
 <summary>
 Execute a domain transition to run the audit dispatcher.
 </summary>
@@ -87849,7 +116032,7 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="logging_signal_dispatcher" lineno="277">
+<interface name="logging_signal_dispatcher" lineno="264">
 <summary>
 Signal the audit dispatcher.
 </summary>
@@ -87859,7 +116042,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="logging_dispatcher_domain" lineno="301">
+<interface name="logging_dispatcher_domain" lineno="288">
 <summary>
 Create a domain for processes
 which can be started by the system audit dispatcher
@@ -87875,7 +116058,7 @@ Type of the program to be used as an entry point to this domain.
 </summary>
 </param>
 </interface>
-<interface name="logging_stream_connect_dispatcher" lineno="329">
+<interface name="logging_stream_connect_dispatcher" lineno="316">
 <summary>
 Connect to the audit dispatcher over an unix stream socket.
 </summary>
@@ -87885,7 +116068,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="logging_manage_audit_config" lineno="349">
+<interface name="logging_manage_audit_config" lineno="336">
 <summary>
 Manage the auditd configuration files.
 </summary>
@@ -87896,7 +116079,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="logging_manage_audit_log" lineno="369">
+<interface name="logging_manage_audit_log" lineno="358">
 <summary>
 Manage the audit log.
 </summary>
@@ -87907,7 +116090,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="logging_domtrans_klog" lineno="389">
+<interface name="logging_domtrans_klog" lineno="380">
 <summary>
 Execute klogd in the klog domain.
 </summary>
@@ -87917,7 +116100,7 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="logging_check_exec_syslog" lineno="408">
+<interface name="logging_check_exec_syslog" lineno="399">
 <summary>
 Check if syslogd is executable.
 </summary>
@@ -87927,7 +116110,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="logging_domtrans_syslog" lineno="428">
+<interface name="logging_domtrans_syslog" lineno="418">
 <summary>
 Execute syslogd in the syslog domain.
 </summary>
@@ -87937,7 +116120,61 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="logging_log_filetrans" lineno="490">
+<interface name="logging_status_syslog" lineno="440">
+<summary>
+Allow specified domain to check status of syslog unit
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="logging_setattr_syslogd_tmp_files" lineno="460">
+<summary>
+Set the attributes of syslog temporary files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="logging_relabel_syslogd_tmp_files" lineno="479">
+<summary>
+Relabel to and from syslog temporary file type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="logging_setattr_syslogd_tmp_dirs" lineno="498">
+<summary>
+Set the attributes of syslog temporary directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="logging_relabel_syslogd_tmp_dirs" lineno="517">
+<summary>
+Relabel to and from syslog temporary directory type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="logging_log_filetrans" lineno="578">
 <summary>
 Create an object in the log directory, with a private type.
 </summary>
@@ -87990,7 +116227,7 @@ The name of the object being created.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="logging_send_syslog_msg" lineno="531">
+<interface name="logging_send_syslog_msg" lineno="620">
 <summary>
 Send system log messages.
 </summary>
@@ -88022,7 +116259,28 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="logging_read_audit_config" lineno="562">
+<interface name="logging_relabelto_devlog_sock_files" lineno="659">
+<summary>
+Allow domain to relabelto devlog sock_files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="logging_create_devlog" lineno="677">
+<summary>
+Connect to the syslog control unix stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="logging_read_audit_config" lineno="698">
 <summary>
 Read the auditd configuration files.
 </summary>
@@ -88033,7 +116291,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="logging_dontaudit_search_audit_config" lineno="583">
+<interface name="logging_dontaudit_search_audit_config" lineno="721">
 <summary>
 dontaudit search of auditd configuration files.
 </summary>
@@ -88044,7 +116302,7 @@ Domain to not audit.
 </param>
 <rolecap/>
 </interface>
-<interface name="logging_read_syslog_config" lineno="602">
+<interface name="logging_read_syslog_config" lineno="740">
 <summary>
 Read syslog configuration files.
 </summary>
@@ -88055,7 +116313,28 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="logging_search_logs" lineno="622">
+<interface name="logging_delete_devlog_socket" lineno="759">
+<summary>
+Delete the syslog socket files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="logging_manage_pid_sockets" lineno="777">
+<summary>
+Create, read, write, and delete syslog PID sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="logging_search_logs" lineno="798">
 <summary>
 Allows the domain to open a file in the
 log directory, but does not allow the listing
@@ -88067,7 +116346,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="logging_dontaudit_search_logs" lineno="641">
+<interface name="logging_dontaudit_search_logs" lineno="818">
 <summary>
 Do not audit attempts to search the var log directory.
 </summary>
@@ -88077,7 +116356,7 @@ Domain not to audit.
 </summary>
 </param>
 </interface>
-<interface name="logging_list_logs" lineno="659">
+<interface name="logging_list_logs" lineno="836">
 <summary>
 List the contents of the generic log directory (/var/log).
 </summary>
@@ -88087,7 +116366,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="logging_rw_generic_log_dirs" lineno="678">
+<interface name="logging_rw_generic_log_dirs" lineno="856">
 <summary>
 Read and write the generic log directory (/var/log).
 </summary>
@@ -88097,7 +116376,18 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="logging_setattr_all_log_dirs" lineno="698">
+<interface name="logging_search_all_logs" lineno="877">
+<summary>
+Search through all log dirs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="logging_setattr_all_log_dirs" lineno="896">
 <summary>
 Set attributes on all log dirs.
 </summary>
@@ -88108,9 +116398,9 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="logging_dontaudit_getattr_all_logs" lineno="717">
+<interface name="logging_dontaudit_getattr_all_logs" lineno="915">
 <summary>
-Do not audit attempts to get the atttributes
+Do not audit attempts to get the attributes
 of any log files.
 </summary>
 <param name="domain">
@@ -88119,7 +116409,17 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="logging_append_all_logs" lineno="735">
+<interface name="logging_getattr_all_logs" lineno="933">
+<summary>
+Read the atttributes of any log file
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="logging_append_all_logs" lineno="951">
 <summary>
 Append to all log files.
 </summary>
@@ -88129,7 +116429,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="logging_read_all_logs" lineno="756">
+<interface name="logging_append_all_inherited_logs" lineno="972">
+<summary>
+Append to all log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="logging_read_all_logs" lineno="991">
 <summary>
 Read all log files.
 </summary>
@@ -88140,7 +116450,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="logging_exec_all_logs" lineno="778">
+<interface name="logging_exec_all_logs" lineno="1013">
 <summary>
 Execute all log files in the caller domain.
 </summary>
@@ -88150,7 +116460,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="logging_rw_all_logs" lineno="798">
+<interface name="logging_rw_all_logs" lineno="1033">
 <summary>
 read/write to all log files.
 </summary>
@@ -88160,7 +116470,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="logging_manage_all_logs" lineno="818">
+<interface name="logging_manage_all_logs" lineno="1053">
 <summary>
 Create, read, write, and delete all log files.
 </summary>
@@ -88171,7 +116481,29 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="logging_read_generic_logs" lineno="839">
+<interface name="logging_manage_generic_log_dirs" lineno="1074">
+<summary>
+Create, read, write, and delete generic log directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="logging_relabel_generic_log_dirs" lineno="1094">
+<summary>
+Relabel from and to generic log directory type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="logging_read_generic_logs" lineno="1114">
 <summary>
 Read generic log files.
 </summary>
@@ -88182,7 +116514,18 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="logging_write_generic_logs" lineno="859">
+<interface name="logging_mmap_generic_logs" lineno="1135">
+<summary>
+Map generic log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="logging_write_generic_logs" lineno="1153">
 <summary>
 Write generic log files.
 </summary>
@@ -88192,7 +116535,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="logging_dontaudit_write_generic_logs" lineno="879">
+<interface name="logging_dontaudit_write_generic_logs" lineno="1174">
 <summary>
 Dontaudit Write generic log files.
 </summary>
@@ -88202,7 +116545,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="logging_rw_generic_logs" lineno="897">
+<interface name="logging_rw_generic_logs" lineno="1192">
 <summary>
 Read and write generic log files.
 </summary>
@@ -88212,7 +116555,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="logging_manage_generic_logs" lineno="919">
+<interface name="logging_manage_generic_logs" lineno="1215">
 <summary>
 Create, read, write, and delete
 generic log files.
@@ -88224,7 +116567,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="logging_admin_audit" lineno="945">
+<interface name="logging_admin_audit" lineno="1241">
 <summary>
 All of the rules required to administrate
 the audit environment
@@ -88241,7 +116584,7 @@ User role allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="logging_admin_syslog" lineno="989">
+<interface name="logging_admin_syslog" lineno="1285">
 <summary>
 All of the rules required to administrate
 the syslog environment
@@ -88258,7 +116601,7 @@ User role allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="logging_admin" lineno="1047">
+<interface name="logging_admin" lineno="1341">
 <summary>
 All of the rules required to administrate
 the logging environment
@@ -88275,6 +116618,61 @@ User role allowed access.
 </param>
 <rolecap/>
 </interface>
+<interface name="logging_syslog_managed_log_file" lineno="1364">
+<summary>
+Mark the type as a syslog managed log file
+and introduce the proper file transition when
+created by the system logger in the generic
+log directory
+</summary>
+<param name="type">
+<summary>
+Type to mark as a syslog managed log file
+</summary>
+</param>
+<param name="filename" optional="true">
+<summary>
+Name to use for the file
+</summary>
+</param>
+</interface>
+<interface name="logging_syslog_managed_log_dir" lineno="1403">
+<summary>
+Mark the type as a syslog managed log dir
+and introduce the proper file transition when
+created by the system logger in the generic
+log directory
+</summary>
+<desc>
+<p>
+Once set, the system logger is able to fully
+manage files and directory of the given type.
+You do not need to use logging_syslog_managed_file
+anymore (unless a file name transition is needed
+for that as well).
+</p>
+</desc>
+<param name="type">
+<summary>
+Type to mark as a syslog managed log dir
+</summary>
+</param>
+<param name="filename" optional="true">
+<summary>
+Name to use for the directory
+</summary>
+</param>
+</interface>
+<interface name="logging_mmap_journal" lineno="1425">
+<summary>
+Map files in /run/log/journal/ directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
 </module>
 <module name="lvm" filename="policy/modules/system/lvm.if">
 <summary>Policy for logical volume management programs.</summary>
@@ -88314,7 +116712,17 @@ The role to allow the LVM domain.
 </param>
 <rolecap/>
 </interface>
-<interface name="lvm_read_config" lineno="77">
+<interface name="lvm_signull" lineno="76">
+<summary>
+Send lvm a null signal.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="lvm_read_config" lineno="95">
 <summary>
 Read LVM configuration files.
 </summary>
@@ -88325,7 +116733,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="lvm_manage_config" lineno="98">
+<interface name="lvm_manage_config" lineno="116">
 <summary>
 Manage LVM configuration files.
 </summary>
@@ -88336,7 +116744,28 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="lvm_domtrans_clvmd" lineno="118">
+<interface name="lvm_create_lock_dirs" lineno="137">
+<summary>
+Create lvm_lock_t directories
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="lvm_rw_inherited_pid_pipes" lineno="156">
+<summary>
+Read and write a lvm unnamed pipe.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="lvm_domtrans_clvmd" lineno="174">
 <summary>
 Execute a domain transition to run clvmd.
 </summary>
@@ -88346,9 +116775,25 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
+<interface name="lvm_admin" lineno="199">
+<summary>
+All of the rules required to
+administrate an lvm environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
 </module>
 <module name="miscfiles" filename="policy/modules/system/miscfiles.if">
-<summary>Miscelaneous files.</summary>
+<summary>Miscellaneous files.</summary>
 <interface name="miscfiles_cert_type" lineno="38">
 <summary>
 Make the specified type usable as a cert file.
@@ -88384,9 +116829,45 @@ Type to be used for files.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="miscfiles_read_all_certs" lineno="58">
+<interface name="miscfiles_tls_privkey_type" lineno="83">
+<summary>
+Make the specified type usable
+as a SSL/TLS private key file.
+</summary>
+<desc>
+<p>
+Make the specified type usable for SSL/TLS private key files.
+This will also make the type usable for files, making
+calls to files_type() redundant.  Failure to use this interface
+for a temporary file may result in problems with
+SSL/TLS private key management tools.
+</p>
+<p>
+Related interfaces:
+</p>
+<ul>
+<li>files_type()</li>
+</ul>
+<p>
+Example:
+</p>
+<p>
+type mytlsprivkeyfile_t;
+tls_privkey_type(mytlsprivkeyfile_t)
+allow mydomain_t mytlsprivkeyfile_t:file read_file_perms;
+files_search_etc(mydomain_t)
+</p>
+</desc>
+<param name="type">
+<summary>
+Type to be used for files.
+</summary>
+</param>
+<infoflow type="none"/>
+</interface>
+<interface name="miscfiles_read_all_certs" lineno="103">
 <summary>
-Read all SSL certificates.
+Read all SSL/TLS certificates.
 </summary>
 <param name="domain">
 <summary>
@@ -88395,9 +116876,9 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="miscfiles_read_generic_certs" lineno="79">
+<interface name="miscfiles_read_generic_certs" lineno="124">
 <summary>
-Read generic SSL certificates.
+Read generic SSL/TLS certificates.
 </summary>
 <param name="domain">
 <summary>
@@ -88406,9 +116887,40 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="miscfiles_manage_generic_cert_dirs" lineno="99">
+<interface name="miscfiles_manage_user_certs" lineno="144">
+<summary>
+Manage user-managed SSL certificates
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="miscfiles_dontaudit_read_generic_certs" lineno="160">
 <summary>
-Manage generic SSL certificates.
+Do not audit attempts to read generic SSL/TLS certificates.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="miscfiles_relabel_user_certs" lineno="180">
+<summary>
+Relabel from/to user_cert_t (user-managed SSL certificates)
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="miscfiles_manage_generic_cert_dirs" lineno="195">
+<summary>
+Manage generic SSL/TLS certificates.
 </summary>
 <param name="domain">
 <summary>
@@ -88416,9 +116928,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="miscfiles_manage_generic_cert_files" lineno="118">
+<interface name="miscfiles_manage_generic_cert_files" lineno="214">
 <summary>
-Manage generic SSL certificates.
+Manage generic SSL/TLS certificates.
 </summary>
 <param name="domain">
 <summary>
@@ -88427,19 +116939,22 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="miscfiles_read_certs" lineno="137">
+<interface name="miscfiles_read_generic_tls_privkey" lineno="235">
 <summary>
-Read SSL certificates.
+Read generic SSL/TLS private
+keys.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<rolecap/>
 </interface>
-<interface name="miscfiles_manage_cert_dirs" lineno="152">
+<interface name="miscfiles_manage_generic_tls_privkey_dirs" lineno="256">
 <summary>
-Manage SSL certificates.
+Manage generic SSL/TLS private
+keys.
 </summary>
 <param name="domain">
 <summary>
@@ -88447,17 +116962,19 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="miscfiles_manage_cert_files" lineno="167">
+<interface name="miscfiles_manage_generic_tls_privkey_files" lineno="276">
 <summary>
-Manage SSL certificates.
+Manage generic SSL/TLS private
+keys.
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
+<rolecap/>
 </interface>
-<interface name="miscfiles_read_fonts" lineno="183">
+<interface name="miscfiles_read_fonts" lineno="296">
 <summary>
 Read fonts.
 </summary>
@@ -88468,7 +116985,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="miscfiles_setattr_fonts_dirs" lineno="212">
+<interface name="miscfiles_setattr_fonts_dirs" lineno="327">
 <summary>
 Set the attributes on a fonts directory.
 </summary>
@@ -88479,7 +116996,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="miscfiles_dontaudit_setattr_fonts_dirs" lineno="232">
+<interface name="miscfiles_dontaudit_setattr_fonts_dirs" lineno="347">
 <summary>
 Do not audit attempts to set the attributes
 on a fonts directory.
@@ -88491,7 +117008,7 @@ Domain to not audit.
 </param>
 <rolecap/>
 </interface>
-<interface name="miscfiles_dontaudit_write_fonts" lineno="251">
+<interface name="miscfiles_dontaudit_write_fonts" lineno="366">
 <summary>
 Do not audit attempts to write fonts.
 </summary>
@@ -88502,7 +117019,7 @@ Domain to not audit.
 </param>
 <rolecap/>
 </interface>
-<interface name="miscfiles_manage_fonts" lineno="271">
+<interface name="miscfiles_manage_fonts" lineno="386">
 <summary>
 Create, read, write, and delete fonts.
 </summary>
@@ -88513,7 +117030,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="miscfiles_setattr_fonts_cache_dirs" lineno="295">
+<interface name="miscfiles_setattr_fonts_cache_dirs" lineno="410">
 <summary>
 Set the attributes on a fonts cache directory.
 </summary>
@@ -88523,7 +117040,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="miscfiles_dontaudit_setattr_fonts_cache_dirs" lineno="314">
+<interface name="miscfiles_dontaudit_setattr_fonts_cache_dirs" lineno="429">
 <summary>
 Do not audit attempts to set the attributes
 on a fonts cache directory.
@@ -88534,7 +117051,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="miscfiles_manage_fonts_cache" lineno="333">
+<interface name="miscfiles_manage_fonts_cache" lineno="448">
 <summary>
 Create, read, write, and delete fonts cache.
 </summary>
@@ -88545,7 +117062,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="miscfiles_read_hwdata" lineno="355">
+<interface name="miscfiles_read_hwdata" lineno="470">
 <summary>
 Read hardware identification data.
 </summary>
@@ -88555,7 +117072,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="miscfiles_setattr_localization" lineno="375">
+<interface name="miscfiles_setattr_localization" lineno="490">
 <summary>
 Allow process to setattr localization info
 </summary>
@@ -88565,7 +117082,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="miscfiles_read_localization" lineno="407">
+<interface name="miscfiles_read_localization" lineno="522">
 <summary>
 Allow process to read localization information.
 </summary>
@@ -88587,7 +117104,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="miscfiles_rw_localization" lineno="429">
+<interface name="miscfiles_rw_localization" lineno="545">
 <summary>
 Allow process to write localization info
 </summary>
@@ -88597,7 +117114,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="miscfiles_relabel_localization" lineno="449">
+<interface name="miscfiles_relabel_localization" lineno="565">
 <summary>
 Allow process to relabel localization info
 </summary>
@@ -88607,7 +117124,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="miscfiles_legacy_read_localization" lineno="468">
+<interface name="miscfiles_legacy_read_localization" lineno="584">
 <summary>
 Allow process to read legacy time localization info
 </summary>
@@ -88617,7 +117134,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="miscfiles_search_man_pages" lineno="487">
+<interface name="miscfiles_search_man_pages" lineno="603">
 <summary>
 Search man pages.
 </summary>
@@ -88627,7 +117144,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="miscfiles_dontaudit_search_man_pages" lineno="506">
+<interface name="miscfiles_dontaudit_search_man_pages" lineno="622">
 <summary>
 Do not audit attempts to search man pages.
 </summary>
@@ -88637,7 +117154,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="miscfiles_read_man_pages" lineno="525">
+<interface name="miscfiles_read_man_pages" lineno="641">
 <summary>
 Read man pages
 </summary>
@@ -88648,7 +117165,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="miscfiles_delete_man_pages" lineno="547">
+<interface name="miscfiles_delete_man_pages" lineno="663">
 <summary>
 Delete man pages
 </summary>
@@ -88658,7 +117175,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="miscfiles_manage_man_pages" lineno="572">
+<interface name="miscfiles_manage_man_pages" lineno="685">
 <summary>
 Create, read, write, and delete man pages
 </summary>
@@ -88668,7 +117185,48 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="miscfiles_read_public_files" lineno="595">
+<interface name="miscfiles_read_man_cache" lineno="706">
+<summary>
+Read man cache content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="miscfiles_map_man_cache" lineno="727">
+<summary>
+Map man cache content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="miscfiles_manage_man_cache" lineno="746">
+<summary>
+Create, read, write, and delete
+man cache content.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="miscfiles_relabel_man_cache" lineno="767">
+<summary>
+Relabel from and to man cache.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="miscfiles_read_public_files" lineno="788">
 <summary>
 Read public files used for file
 transfer services.
@@ -88680,7 +117238,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="miscfiles_manage_public_files" lineno="617">
+<interface name="miscfiles_manage_public_files" lineno="810">
 <summary>
 Create, read, write, and delete public files
 and directories used for file transfer services.
@@ -88692,7 +117250,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="miscfiles_read_tetex_data" lineno="637">
+<interface name="miscfiles_read_tetex_data" lineno="830">
 <summary>
 Read TeX data
 </summary>
@@ -88702,7 +117260,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="miscfiles_exec_tetex_data" lineno="661">
+<interface name="miscfiles_exec_tetex_data" lineno="854">
 <summary>
 Execute TeX data programs in the caller domain.
 </summary>
@@ -88712,7 +117270,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="miscfiles_domain_entry_test_files" lineno="686">
+<interface name="miscfiles_domain_entry_test_files" lineno="879">
 <summary>
 Let test files be an entry point for
 a specified domain.
@@ -88723,7 +117281,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="miscfiles_read_test_files" lineno="704">
+<interface name="miscfiles_read_test_files" lineno="897">
 <summary>
 Read test files and directories.
 </summary>
@@ -88733,7 +117291,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="miscfiles_exec_test_files" lineno="723">
+<interface name="miscfiles_exec_test_files" lineno="916">
 <summary>
 Execute test files.
 </summary>
@@ -88743,9 +117301,10 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="miscfiles_etc_filetrans_localization" lineno="742">
+<interface name="miscfiles_etc_filetrans_localization" lineno="936">
 <summary>
-Execute test files.
+Create files in etc directories
+with localization file type.
 </summary>
 <param name="domain">
 <summary>
@@ -88753,7 +117312,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="miscfiles_manage_localization" lineno="762">
+<interface name="miscfiles_manage_localization" lineno="956">
 <summary>
 Create, read, write, and delete localization
 </summary>
@@ -88787,7 +117346,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="modutils_read_module_config" lineno="52">
+<interface name="modutils_read_module_objects" lineno="50">
+<summary>
+Read the kernel modules.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="modutils_read_module_config" lineno="71">
 <summary>
 Read the configuration options used when
 loading modules.
@@ -88799,7 +117368,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="modutils_rename_module_config" lineno="77">
+<interface name="modutils_rename_module_config" lineno="97">
 <summary>
 Rename a file with the configuration options used when
 loading modules.
@@ -88810,7 +117379,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="modutils_delete_module_config" lineno="96">
+<interface name="modutils_delete_module_config" lineno="116">
 <summary>
 Unlink a file with the configuration options used when
 loading modules.
@@ -88821,7 +117390,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="modutils_manage_module_config" lineno="115">
+<interface name="modutils_manage_module_config" lineno="135">
 <summary>
 Manage files with the configuration options used when
 loading modules.
@@ -88832,7 +117401,51 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="modutils_domtrans_insmod_uncond" lineno="135">
+<interface name="modutils_domtrans" lineno="155">
+<summary>
+Execute any modutil,
+like insmod, kmod, depmod or updates-modules,
+in the kmod domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="modutils_run" lineno="184">
+<summary>
+Execute any modutil,
+like insmod, kmod, depmod or updates-modules,
+in the kmod domain, and allow the specified role
+the kmod domain, and use the caller's terminal.
+Has a sigchld backchannel.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="modutils_exec" lineno="205">
+<summary>
+Execute any modutil,
+like insmod, kmod, depmod or updates-modules,
+in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="modutils_domtrans_insmod_uncond" lineno="226">
 <summary>
 Unconditionally execute insmod in the insmod domain.
 </summary>
@@ -88842,7 +117455,7 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="modutils_domtrans_insmod" lineno="154">
+<interface name="modutils_domtrans_insmod" lineno="241">
 <summary>
 Execute insmod in the insmod domain.
 </summary>
@@ -88852,7 +117465,7 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="modutils_run_insmod" lineno="182">
+<interface name="modutils_run_insmod" lineno="265">
 <summary>
 Execute insmod in the insmod domain, and
 allow the specified role the insmod domain,
@@ -88871,7 +117484,7 @@ Role allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="modutils_exec_insmod" lineno="201">
+<interface name="modutils_exec_insmod" lineno="280">
 <summary>
 Execute insmod in the caller domain.
 </summary>
@@ -88881,7 +117494,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="modutils_domtrans_depmod" lineno="220">
+<interface name="modutils_domtrans_depmod" lineno="295">
 <summary>
 Execute depmod in the depmod domain.
 </summary>
@@ -88891,7 +117504,7 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="modutils_run_depmod" lineno="245">
+<interface name="modutils_run_depmod" lineno="316">
 <summary>
 Execute depmod in the depmod domain.
 </summary>
@@ -88907,7 +117520,7 @@ Role allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="modutils_exec_depmod" lineno="264">
+<interface name="modutils_exec_depmod" lineno="331">
 <summary>
 Execute depmod in the caller domain.
 </summary>
@@ -88917,9 +117530,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="modutils_domtrans_update_mods" lineno="283">
+<interface name="modutils_domtrans_update_mods" lineno="346">
 <summary>
-Execute depmod in the depmod domain.
+Execute update_modules in the update_modules domain.
 </summary>
 <param name="domain">
 <summary>
@@ -88927,7 +117540,7 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="modutils_run_update_mods" lineno="308">
+<interface name="modutils_run_update_mods" lineno="367">
 <summary>
 Execute update_modules in the update_modules domain.
 </summary>
@@ -88943,7 +117556,7 @@ Role allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="modutils_exec_update_mods" lineno="327">
+<interface name="modutils_exec_update_mods" lineno="382">
 <summary>
 Execute update_modules in the caller domain.
 </summary>
@@ -88953,6 +117566,16 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
+<interface name="modutils_read_var_run_files" lineno="397">
+<summary>
+Read kmod lib files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
 </module>
 <module name="mount" filename="policy/modules/system/mount.if">
 <summary>Policy for mount.</summary>
@@ -89014,29 +117637,7 @@ The type of the process performing this action.
 </summary>
 </param>
 </interface>
-<interface name="mount_send_nfs_client_request" lineno="128">
-<summary>
-Allow the mount domain to send nfs requests for mounting
-network drives
-</summary>
-<desc>
-<p>
-Allow the mount domain to send nfs requests for mounting
-network drives
-</p>
-<p>
-This interface has been deprecated as these rules were
-a side effect of leaked mount file descriptors.  This
-interface has no effect.
-</p>
-</desc>
-<param name="domain">
-<summary>
-Domain allowed access.
-</summary>
-</param>
-</interface>
-<interface name="mount_domtrans_unconfined" lineno="142">
+<interface name="mount_domtrans_unconfined" lineno="116">
 <summary>
 Execute mount in the unconfined mount domain.
 </summary>
@@ -89046,7 +117647,7 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="mount_run_unconfined" lineno="168">
+<interface name="mount_run_unconfined" lineno="142">
 <summary>
 Execute mount in the unconfined mount domain, and
 allow the specified role the unconfined mount domain,
@@ -89064,6 +117665,56 @@ Role allowed access.
 </param>
 <rolecap/>
 </interface>
+<interface name="mount_read_loopback_files" lineno="161">
+<summary>
+Read loopback filesystem image files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mount_rw_loopback_files" lineno="179">
+<summary>
+Read and write loopback filesystem image files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mount_getattr_runtime_files" lineno="197">
+<summary>
+Getattr on mount_var_run_t files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mount_rw_runtime_files" lineno="215">
+<summary>
+Read and write mount runtime files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="mount_rw_pipes" lineno="235">
+<summary>
+Read and write mount unnamed pipes
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
 <tunable name="allow_mount_anyfile" dftval="false">
 <desc>
 <p>
@@ -89102,6 +117753,168 @@ Role allowed access.
 <rolecap/>
 </interface>
 </module>
+<module name="pcmcia" filename="policy/modules/system/pcmcia.if">
+<summary>PCMCIA card management services.</summary>
+<interface name="pcmcia_stub" lineno="13">
+<summary>
+PCMCIA stub interface.  No access allowed.
+</summary>
+<param name="domain" unused="true">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="pcmcia_domtrans_cardmgr" lineno="29">
+<summary>
+Execute cardmgr in the cardmgr domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="pcmcia_use_cardmgr_fds" lineno="48">
+<summary>
+Inherit and use cardmgr file descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="pcmcia_domtrans_cardctl" lineno="66">
+<summary>
+Execute cardctl in the cardmgr domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="pcmcia_run_cardctl" lineno="93">
+<summary>
+Execute cardctl in the cardmgr
+domain, and allow the specified
+role the cardmgr domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="pcmcia_read_pid" lineno="112">
+<summary>
+Read cardmgr pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="pcmcia_manage_pid" lineno="132">
+<summary>
+Create, read, write, and delete
+cardmgr pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="pcmcia_manage_pid_chr_files" lineno="152">
+<summary>
+Create, read, write, and delete
+cardmgr runtime character nodes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+</module>
+<module name="raid" filename="policy/modules/system/raid.if">
+<summary>RAID array management tools.</summary>
+<interface name="raid_domtrans_mdadm" lineno="14">
+<summary>
+Execute software raid tools in
+the mdadm domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="raid_run_mdadm" lineno="40">
+<summary>
+Execute mdadm in the mdadm
+domain, and allow the specified
+role the mdadm domain.
+</summary>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="raid_read_mdadm_pid" lineno="59">
+<summary>
+read mdadm pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="raid_manage_mdadm_pid" lineno="80">
+<summary>
+Create, read, write, and delete
+mdadm pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="raid_admin_mdadm" lineno="106">
+<summary>
+All of the rules required to
+administrate an mdadm environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+</module>
 <module name="selinuxutil" filename="policy/modules/system/selinuxutil.if">
 <summary>Policy for SELinux policy and userland applications.</summary>
 <interface name="seutil_domtrans_checkpolicy" lineno="13">
@@ -89281,9 +118094,9 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="seutil_domtrans_restorecon" lineno="316">
+<interface name="seutil_domtrans_runinit" lineno="316">
 <summary>
-Execute restorecon in the restorecon domain.  (Deprecated)
+Execute run_init in the run_init domain.
 </summary>
 <param name="domain">
 <summary>
@@ -89291,46 +118104,28 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="seutil_run_restorecon" lineno="339">
+<interface name="seutil_labeled_init_script_domtrans_runinit" lineno="347">
 <summary>
-Execute restorecon in the restorecon domain, and
-allow the specified role the restorecon domain,
-and use the caller's terminal.  (Deprecated)
+Execute file in the run_init domain.
 </summary>
+<desc>
+<p>
+Execute file in the run_init domain.
+This is used for the Gentoo integrated run_init.
+</p>
+</desc>
 <param name="domain">
 <summary>
 Domain allowed to transition.
 </summary>
 </param>
-<param name="role">
-<summary>
-Role allowed access.
-</summary>
-</param>
-<rolecap/>
-</interface>
-<interface name="seutil_exec_restorecon" lineno="355">
-<summary>
-Execute restorecon in the caller domain.  (Deprecated)
-</summary>
 <param name="domain">
 <summary>
-Domain allowed access.
+Type of entry file.
 </summary>
 </param>
-<rolecap/>
 </interface>
-<interface name="seutil_domtrans_runinit" lineno="370">
-<summary>
-Execute run_init in the run_init domain.
-</summary>
-<param name="domain">
-<summary>
-Domain allowed to transition.
-</summary>
-</param>
-</interface>
-<interface name="seutil_init_script_domtrans_runinit" lineno="396">
+<interface name="seutil_init_script_domtrans_runinit" lineno="376">
 <summary>
 Execute init scripts in the run_init domain.
 </summary>
@@ -89346,7 +118141,7 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="seutil_run_runinit" lineno="426">
+<interface name="seutil_run_runinit" lineno="406">
 <summary>
 Execute run_init in the run_init domain, and
 allow the specified role the run_init domain,
@@ -89364,7 +118159,7 @@ Role allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="seutil_init_script_run_runinit" lineno="462">
+<interface name="seutil_init_script_run_runinit" lineno="442">
 <summary>
 Execute init scripts in the run_init domain, and
 allow the specified role the run_init domain,
@@ -89391,7 +118186,39 @@ Role allowed access.
 </summary>
 </param>
 </interface>
-<interface name="seutil_use_runinit_fds" lineno="481">
+<interface name="seutil_labeled_init_script_run_runinit" lineno="483">
+<summary>
+Execute specified file in the run_init domain, and
+allow the specified role the run_init domain,
+and use the caller's terminal.
+</summary>
+<desc>
+<p>
+Execute specified file in the run_init domain, and
+allow the specified role the run_init domain,
+and use the caller's terminal.
+</p>
+<p>
+This is used for the Gentoo integrated run_init.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<param name="domain">
+<summary>
+Type of init script.
+</summary>
+</param>
+</interface>
+<interface name="seutil_use_runinit_fds" lineno="502">
 <summary>
 Inherit and use run_init file descriptors.
 </summary>
@@ -89401,7 +118228,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="seutil_domtrans_setfiles" lineno="499">
+<interface name="seutil_domtrans_setfiles" lineno="520">
 <summary>
 Execute setfiles in the setfiles domain.
 </summary>
@@ -89411,7 +118238,7 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="seutil_run_setfiles" lineno="527">
+<interface name="seutil_run_setfiles" lineno="548">
 <summary>
 Execute setfiles in the setfiles domain, and
 allow the specified role the setfiles domain,
@@ -89429,7 +118256,7 @@ Role allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="seutil_exec_setfiles" lineno="546">
+<interface name="seutil_exec_setfiles" lineno="567">
 <summary>
 Execute setfiles in the caller domain.
 </summary>
@@ -89439,7 +118266,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="seutil_dontaudit_search_config" lineno="567">
+<interface name="seutil_dontaudit_search_config" lineno="588">
 <summary>
 Do not audit attempts to search the SELinux
 configuration directory (/etc/selinux).
@@ -89450,7 +118277,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="seutil_dontaudit_read_config" lineno="586">
+<interface name="seutil_dontaudit_read_config" lineno="607">
 <summary>
 Do not audit attempts to read the SELinux
 userland configuration (/etc/selinux).
@@ -89461,7 +118288,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="seutil_read_config" lineno="606">
+<interface name="seutil_read_config" lineno="627">
 <summary>
 Read the general SELinux configuration files.
 </summary>
@@ -89472,7 +118299,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="seutil_rw_config" lineno="628">
+<interface name="seutil_rw_config" lineno="649">
 <summary>
 Read and write the general SELinux configuration files.
 </summary>
@@ -89483,29 +118310,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="seutil_manage_selinux_config" lineno="660">
-<summary>
-Create, read, write, and delete
-the general selinux configuration files.  (Deprecated)
-</summary>
-<desc>
-<p>
-Create, read, write, and delete
-the general selinux configuration files.
-</p>
-<p>
-This interface has been deprecated, please
-use the seutil_manage_config() interface instead.
-</p>
-</desc>
-<param name="domain">
-<summary>
-Domain allowed access.
-</summary>
-</param>
-<rolecap/>
-</interface>
-<interface name="seutil_manage_config" lineno="677">
+<interface name="seutil_manage_config" lineno="671">
 <summary>
 Create, read, write, and delete
 the general selinux configuration files.
@@ -89517,10 +118322,10 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="seutil_manage_config_dirs" lineno="699">
+<interface name="seutil_manage_config_dirs" lineno="693">
 <summary>
 Create, read, write, and delete
-the general selinux configuration files.
+the general selinux configuration directories.
 </summary>
 <param name="domain">
 <summary>
@@ -89529,7 +118334,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="seutil_search_default_contexts" lineno="718">
+<interface name="seutil_search_default_contexts" lineno="712">
 <summary>
 Search the policy directory with default_context files.
 </summary>
@@ -89539,7 +118344,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="seutil_read_default_contexts" lineno="738">
+<interface name="seutil_read_default_contexts" lineno="732">
 <summary>
 Read the default_contexts files.
 </summary>
@@ -89550,7 +118355,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="seutil_manage_default_contexts" lineno="759">
+<interface name="seutil_manage_default_contexts" lineno="753">
 <summary>
 Create, read, write, and delete the default_contexts files.
 </summary>
@@ -89560,7 +118365,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="seutil_read_file_contexts" lineno="780">
+<interface name="seutil_read_file_contexts" lineno="774">
 <summary>
 Read the file_contexts files.
 </summary>
@@ -89571,7 +118376,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="seutil_dontaudit_read_file_contexts" lineno="801">
+<interface name="seutil_dontaudit_read_file_contexts" lineno="796">
 <summary>
 Do not audit attempts to read the file_contexts files.
 </summary>
@@ -89582,7 +118387,7 @@ Domain to not audit.
 </param>
 <rolecap/>
 </interface>
-<interface name="seutil_rw_file_contexts" lineno="820">
+<interface name="seutil_rw_file_contexts" lineno="816">
 <summary>
 Read and write the file_contexts files.
 </summary>
@@ -89592,7 +118397,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="seutil_manage_file_contexts" lineno="841">
+<interface name="seutil_manage_file_contexts" lineno="838">
 <summary>
 Create, read, write, and delete the file_contexts files.
 </summary>
@@ -89603,7 +118408,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="seutil_read_bin_policy" lineno="861">
+<interface name="seutil_read_bin_policy" lineno="859">
 <summary>
 Read the SELinux binary policy.
 </summary>
@@ -89613,7 +118418,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="seutil_create_bin_policy" lineno="881">
+<interface name="seutil_create_bin_policy" lineno="886">
 <summary>
 Create the SELinux binary policy.
 </summary>
@@ -89623,7 +118428,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="seutil_relabelto_bin_policy" lineno="904">
+<interface name="seutil_relabelto_bin_policy" lineno="909">
 <summary>
 Allow the caller to relabel a file to the binary policy type.
 </summary>
@@ -89633,7 +118438,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="seutil_manage_bin_policy" lineno="925">
+<interface name="seutil_manage_bin_policy" lineno="930">
 <summary>
 Create, read, write, and delete the SELinux
 binary policy.
@@ -89644,7 +118449,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="seutil_read_src_policy" lineno="947">
+<interface name="seutil_read_src_policy" lineno="952">
 <summary>
 Read SELinux policy source files.
 </summary>
@@ -89654,7 +118459,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="seutil_manage_src_policy" lineno="969">
+<interface name="seutil_manage_src_policy" lineno="974">
 <summary>
 Create, read, write, and delete SELinux
 policy source files.
@@ -89666,7 +118471,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="seutil_domtrans_semanage" lineno="990">
+<interface name="seutil_domtrans_semanage" lineno="995">
 <summary>
 Execute a domain transition to run semanage.
 </summary>
@@ -89676,7 +118481,7 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="seutil_run_semanage" lineno="1018">
+<interface name="seutil_run_semanage" lineno="1023">
 <summary>
 Execute semanage in the semanage domain, and
 allow the specified role the semanage domain,
@@ -89694,7 +118499,17 @@ Role allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="seutil_manage_module_store" lineno="1038">
+<interface name="seutil_read_module_store" lineno="1042">
+<summary>
+Read the semanage module store.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="seutil_manage_module_store" lineno="1067">
 <summary>
 Full management of the semanage
 module store.
@@ -89705,7 +118520,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="seutil_get_semanage_read_lock" lineno="1059">
+<interface name="seutil_get_semanage_read_lock" lineno="1091">
 <summary>
 Get read lock on module store
 </summary>
@@ -89715,7 +118530,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="seutil_get_semanage_trans_lock" lineno="1078">
+<interface name="seutil_get_semanage_trans_lock" lineno="1110">
 <summary>
 Get trans lock on module store
 </summary>
@@ -89725,7 +118540,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="seutil_libselinux_linked" lineno="1106">
+<interface name="seutil_libselinux_linked" lineno="1138">
 <summary>
 SELinux-enabled program access for
 libselinux-linked programs.
@@ -89744,7 +118559,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="seutil_dontaudit_libselinux_linked" lineno="1136">
+<interface name="seutil_dontaudit_libselinux_linked" lineno="1168">
 <summary>
 Do not audit SELinux-enabled program access for
 libselinux-linked programs.
@@ -89784,7 +118599,7 @@ Domain allowed to transition.
 </interface>
 <interface name="setrans_translate_context" lineno="32">
 <summary>
-Allow a domain to translate contexts.
+Allow a domain to translate contexts.  (Deprecated)
 </summary>
 <param name="domain">
 <summary>
@@ -89792,6 +118607,22 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
+<interface name="setrans_admin" lineno="52">
+<summary>
+All of the rules required to
+administrate an setrans environment.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+</interface>
 </module>
 <module name="sysnetwork" filename="policy/modules/system/sysnetwork.if">
 <summary>Policy for network configuration: ifconfig and dhcp client.</summary>
@@ -89822,7 +118653,18 @@ Role allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="sysnet_dontaudit_use_dhcpc_fds" lineno="59">
+<interface name="sysnet_dontaudit_rw_dhcpc_udp_sockets" lineno="59">
+<summary>
+Do not audit attempts to read and
+write dhcpc udp socket descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="sysnet_dontaudit_use_dhcpc_fds" lineno="78">
 <summary>
 Do not audit attempts to use
 the dhcp file descriptors.
@@ -89833,7 +118675,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_dontaudit_rw_dhcpc_unix_stream_sockets" lineno="78">
+<interface name="sysnet_dontaudit_rw_dhcpc_unix_stream_sockets" lineno="97">
 <summary>
 Do not audit attempts to read/write to the
 dhcp unix stream socket descriptors.
@@ -89844,7 +118686,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_sigchld_dhcpc" lineno="96">
+<interface name="sysnet_sigchld_dhcpc" lineno="115">
 <summary>
 Send a SIGCHLD signal to the dhcp client.
 </summary>
@@ -89854,7 +118696,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_kill_dhcpc" lineno="115">
+<interface name="sysnet_kill_dhcpc" lineno="134">
 <summary>
 Send a kill signal to the dhcp client.
 </summary>
@@ -89865,7 +118707,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="sysnet_sigstop_dhcpc" lineno="133">
+<interface name="sysnet_sigstop_dhcpc" lineno="152">
 <summary>
 Send a SIGSTOP signal to the dhcp client.
 </summary>
@@ -89875,7 +118717,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_signull_dhcpc" lineno="151">
+<interface name="sysnet_signull_dhcpc" lineno="170">
 <summary>
 Send a null signal to the dhcp client.
 </summary>
@@ -89885,7 +118727,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_signal_dhcpc" lineno="170">
+<interface name="sysnet_signal_dhcpc" lineno="189">
 <summary>
 Send a generic signal to the dhcp client.
 </summary>
@@ -89896,7 +118738,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="sysnet_dbus_chat_dhcpc" lineno="189">
+<interface name="sysnet_dbus_chat_dhcpc" lineno="208">
 <summary>
 Send and receive messages from
 dhcpc over dbus.
@@ -89907,7 +118749,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_rw_dhcp_config" lineno="209">
+<interface name="sysnet_rw_dhcp_config" lineno="228">
 <summary>
 Read and write dhcp configuration files.
 </summary>
@@ -89917,7 +118759,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_search_dhcpc_state" lineno="229">
+<interface name="sysnet_search_dhcpc_state" lineno="248">
 <summary>
 Search the DHCP client state
 directories.
@@ -89928,7 +118770,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_read_dhcpc_state" lineno="248">
+<interface name="sysnet_read_dhcpc_state" lineno="267">
 <summary>
 Read dhcp client state files.
 </summary>
@@ -89938,7 +118780,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_delete_dhcpc_state" lineno="266">
+<interface name="sysnet_delete_dhcpc_state" lineno="285">
 <summary>
 Delete the dhcp client state files.
 </summary>
@@ -89948,7 +118790,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_setattr_config" lineno="284">
+<interface name="sysnet_setattr_config" lineno="303">
 <summary>
 Set the attributes of network config files.
 </summary>
@@ -89958,7 +118800,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_read_config" lineno="324">
+<interface name="sysnet_read_config" lineno="343">
 <summary>
 Read network config files.
 </summary>
@@ -89989,7 +118831,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_dontaudit_read_config" lineno="348">
+<interface name="sysnet_dontaudit_read_config" lineno="377">
 <summary>
 Do not audit attempts to read network config files.
 </summary>
@@ -89999,7 +118841,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_write_config" lineno="366">
+<interface name="sysnet_write_config" lineno="395">
 <summary>
 Write network config files.
 </summary>
@@ -90009,7 +118851,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_create_config" lineno="385">
+<interface name="sysnet_create_config" lineno="414">
 <summary>
 Create network config files.
 </summary>
@@ -90019,7 +118861,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_etc_filetrans_config" lineno="410">
+<interface name="sysnet_relabel_config" lineno="433">
+<summary>
+Relabel network config files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="sysnet_etc_filetrans_config" lineno="458">
 <summary>
 Create files in /etc with the type used for
 the network config files.
@@ -90035,7 +118887,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_manage_config" lineno="428">
+<interface name="sysnet_manage_config" lineno="476">
 <summary>
 Create, read, write, and delete network config files.
 </summary>
@@ -90045,7 +118897,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_read_dhcpc_pid" lineno="450">
+<interface name="sysnet_read_dhcpc_pid" lineno="504">
 <summary>
 Read the dhcp client pid file.
 </summary>
@@ -90055,7 +118907,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_delete_dhcpc_pid" lineno="469">
+<interface name="sysnet_delete_dhcpc_pid" lineno="523">
 <summary>
 Delete the dhcp client pid file.
 </summary>
@@ -90065,7 +118917,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_domtrans_ifconfig" lineno="487">
+<interface name="sysnet_domtrans_ifconfig" lineno="541">
 <summary>
 Execute ifconfig in the ifconfig domain.
 </summary>
@@ -90075,7 +118927,7 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_run_ifconfig" lineno="514">
+<interface name="sysnet_run_ifconfig" lineno="568">
 <summary>
 Execute ifconfig in the ifconfig domain, and
 allow the specified role the ifconfig domain,
@@ -90093,7 +118945,7 @@ Role allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="sysnet_exec_ifconfig" lineno="534">
+<interface name="sysnet_exec_ifconfig" lineno="588">
 <summary>
 Execute ifconfig in the caller domain.
 </summary>
@@ -90103,7 +118955,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_signal_ifconfig" lineno="554">
+<interface name="sysnet_signal_ifconfig" lineno="608">
 <summary>
 Send a generic signal to ifconfig.
 </summary>
@@ -90114,7 +118966,18 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="sysnet_read_dhcp_config" lineno="572">
+<interface name="sysnet_signull_ifconfig" lineno="627">
+<summary>
+Send null signals to ifconfig.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="sysnet_read_dhcp_config" lineno="645">
 <summary>
 Read the DHCP configuration files.
 </summary>
@@ -90124,7 +118987,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_search_dhcp_state" lineno="592">
+<interface name="sysnet_search_dhcp_state" lineno="665">
 <summary>
 Search the DHCP state data directory.
 </summary>
@@ -90134,7 +118997,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_dhcp_state_filetrans" lineno="636">
+<interface name="sysnet_dhcp_state_filetrans" lineno="709">
 <summary>
 Create DHCP state data.
 </summary>
@@ -90169,7 +119032,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_dns_name_resolve" lineno="656">
+<interface name="sysnet_dns_name_resolve" lineno="729">
 <summary>
 Perform a DNS name resolution.
 </summary>
@@ -90180,7 +119043,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="sysnet_use_ldap" lineno="697">
+<interface name="sysnet_use_ldap" lineno="785">
 <summary>
 Connect and use a LDAP server.
 </summary>
@@ -90190,7 +119053,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_use_portmap" lineno="729">
+<interface name="sysnet_use_portmap" lineno="817">
 <summary>
 Connect and use remote port mappers.
 </summary>
@@ -90200,6 +119063,625 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
+<interface name="sysnet_dhcpc_script_entry" lineno="857">
+<summary>
+Make the specified program domain
+accessable from the DHCP hooks/scripts.
+</summary>
+<param name="domain">
+<summary>
+The type of the process to transition to.
+</summary>
+</param>
+<param name="entrypoint">
+<summary>
+The type of the file used as an entrypoint to this domain.
+</summary>
+</param>
+</interface>
+</module>
+<module name="systemd" filename="policy/modules/system/systemd.if">
+<summary>Systemd components (not PID 1)</summary>
+<interface name="systemd_log_parse_environment" lineno="14">
+<summary>
+Make the specified type usable as an
+log parse environment type.
+</summary>
+<param name="domain">
+<summary>
+Type to be used as a log parse environment type.
+</summary>
+</param>
+</interface>
+<interface name="systemd_read_hwdb" lineno="32">
+<summary>
+Allow domain to read udev hwdb file
+</summary>
+<param name="domain">
+<summary>
+domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="systemd_map_hwdb" lineno="50">
+<summary>
+Allow domain to map udev hwdb file
+</summary>
+<param name="domain">
+<summary>
+domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="systemd_read_logind_pids" lineno="68">
+<summary>
+Read systemd_login PID files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="systemd_manage_logind_pid_pipes" lineno="88">
+<summary>
+Manage systemd_login PID pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="systemd_write_logind_pid_pipes" lineno="107">
+<summary>
+Write systemd_login named pipe.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="systemd_use_logind_fds" lineno="128">
+<summary>
+Use inherited systemd
+logind file descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="systemd_read_logind_sessions_files" lineno="146">
+<summary>
+Read logind sessions files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="systemd_write_inherited_logind_sessions_pipes" lineno="167">
+<summary>
+Write inherited logind sessions pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="systemd_write_inherited_logind_inhibit_pipes" lineno="187">
+<summary>
+Write inherited logind inhibit pipes.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="systemd_dbus_chat_logind" lineno="208">
+<summary>
+Send and receive messages from
+systemd logind over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="systemd_write_kmod_files" lineno="229">
+<summary>
+Allow process to write to systemd_kmod_conf_t.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="systemd_status_logind" lineno="243">
+<summary>
+Get the system status information from systemd_login
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="systemd_signull_logind" lineno="262">
+<summary>
+Send systemd_login a null signal.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="systemd_read_machines" lineno="280">
+<summary>
+Allow reading /run/systemd/machines
+</summary>
+<param name="domain">
+<summary>
+Domain that can access the machines files
+</summary>
+</param>
+</interface>
+<interface name="systemd_dbus_chat_hostnamed" lineno="300">
+<summary>
+Send and receive messages from
+systemd hostnamed over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="systemd_use_passwd_agent_fds" lineno="320">
+<summary>
+allow systemd_passwd_agent to inherit fds
+</summary>
+<param name="domain">
+<summary>
+Domain that owns the fds
+</summary>
+</param>
+</interface>
+<interface name="systemd_use_passwd_agent" lineno="339">
+<summary>
+Allow a systemd_passwd_agent_t process to interact with a daemon
+that needs a password from the sysadmin.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="systemd_filetrans_passwd_runtime_dirs" lineno="363">
+<summary>
+Transition to systemd_passwd_var_run_t when creating dirs
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="systemd_manage_passwd_runtime_symlinks" lineno="382">
+<summary>
+Allow to domain to create systemd-passwd symlink
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="systemd_manage_all_units" lineno="400">
+<summary>
+manage systemd unit dirs and the files in them
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="systemd_read_journal_files" lineno="420">
+<summary>
+Allow domain to read systemd_journal_t files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="systemd_manage_journal_files" lineno="439">
+<summary>
+Allow domain to create/manage systemd_journal_t files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="systemd_relabelto_journal_dirs" lineno="459">
+<summary>
+Relabel to systemd-journald directory type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="systemd_relabelto_journal_files" lineno="478">
+<summary>
+Relabel to systemd-journald file type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="systemd_read_networkd_units" lineno="498">
+<summary>
+Allow domain to read systemd_networkd_t unit files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="systemd_manage_networkd_units" lineno="518">
+<summary>
+Allow domain to create/manage systemd_networkd_t unit files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="systemd_enabledisable_networkd" lineno="538">
+<summary>
+Allow specified domain to enable systemd-networkd units
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="systemd_startstop_networkd" lineno="557">
+<summary>
+Allow specified domain to start systemd-networkd units
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="systemd_status_networkd" lineno="576">
+<summary>
+Allow specified domain to get status of systemd-networkd
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="systemd_relabelfrom_networkd_tun_sockets" lineno="595">
+<summary>
+Relabel systemd_networkd tun socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="systemd_rw_networkd_netlink_route_sockets" lineno="613">
+<summary>
+Read/Write from systemd_networkd netlink route socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="systemd_list_networkd_runtime" lineno="631">
+<summary>
+Allow domain to list dirs under /run/systemd/netif
+</summary>
+<param name="domain">
+<summary>
+domain permitted the access
+</summary>
+</param>
+</interface>
+<interface name="systemd_read_networkd_runtime" lineno="651">
+<summary>
+Allow domain to read files generated by systemd_networkd
+</summary>
+<param name="domain">
+<summary>
+domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="systemd_read_logind_state" lineno="670">
+<summary>
+Allow systemd_logind_t to read process state for cgroup file
+</summary>
+<param name="domain">
+<summary>
+Domain systemd_logind_t may access.
+</summary>
+</param>
+</interface>
+<interface name="systemd_start_power_units" lineno="689">
+<summary>
+Allow specified domain to start power units
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="systemd_tmpfiles_conf_file" lineno="709">
+<summary>
+Make the specified type usable for
+systemd tmpfiles config files.
+</summary>
+<param name="type">
+<summary>
+Type to be used for systemd tmpfiles config files.
+</summary>
+</param>
+</interface>
+<interface name="systemd_tmpfiles_creator" lineno="730">
+<summary>
+Allow the specified domain to create
+the tmpfiles config directory with
+the correct context.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="systemd_tmpfiles_conf_filetrans" lineno="766">
+<summary>
+Create an object in the systemd tmpfiles config
+directory, with a private type
+using a type transition.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="private type">
+<summary>
+The type of the object to be created.
+</summary>
+</param>
+<param name="object">
+<summary>
+The object class of the object being created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="systemd_list_tmpfiles_conf" lineno="785">
+<summary>
+Allow domain to list systemd tmpfiles config directory
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="systemd_relabelto_tmpfiles_conf_dirs" lineno="803">
+<summary>
+Allow domain to relabel to systemd tmpfiles config directory
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="systemd_relabelto_tmpfiles_conf_files" lineno="821">
+<summary>
+Allow domain to relabel to systemd tmpfiles config files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="systemd_tmpfilesd_managed" lineno="844">
+<summary>
+Allow systemd_tmpfiles_t to manage filesystem objects
+</summary>
+<param name="type">
+<summary>
+type of object to manage
+</summary>
+</param>
+<param name="class">
+<summary>
+object class to manage
+</summary>
+</param>
+</interface>
+<interface name="systemd_dbus_chat_resolved" lineno="863">
+<summary>
+Send and receive messages from
+systemd resolved over dbus.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="systemd_read_resolved_runtime" lineno="883">
+<summary>
+Allow domain to read resolv.conf file generated by systemd_resolved
+</summary>
+<param name="domain">
+<summary>
+domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="systemd_getattr_updated_runtime" lineno="901">
+<summary>
+Allow domain to getattr on .updated file (generated by systemd-update-done
+</summary>
+<param name="domain">
+<summary>
+domain allowed access
+</summary>
+</param>
+</interface>
+<tunable name="systemd_tmpfiles_manage_all" dftval="false">
+<desc>
+<p>
+Enable support for systemd-tmpfiles to manage all non-security files.
+</p>
+</desc>
+</tunable>
+<tunable name="systemd_nspawn_labeled_namespace" dftval="false">
+<desc>
+<p>
+Allow systemd-nspawn to create a labelled namespace with the same types
+as parent environment
+</p>
+</desc>
+</tunable>
+</module>
+<module name="tmpfiles" filename="policy/modules/system/tmpfiles.if">
+<summary>Policy for tmpfiles, a boot-time temporary file handler</summary>
+<interface name="tmpfiles_read_var_run" lineno="13">
+<summary>
+Read resources in /run/tmpfiles.d/.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="tmpfiles_create_var_run_files" lineno="33">
+<summary>
+Create files in /run/tmpfiles.d/.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="tmpfiles_write_var_run_files" lineno="53">
+<summary>
+Write to files in /run/tmpfiles.d/.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="tmpfiles_manage_var_run_files" lineno="73">
+<summary>
+Manage files in /run/tmpfiles.d/.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="tmpfiles_read_conf" lineno="93">
+<summary>
+Read files in /etc/tmpfiles.d/.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="tmpfiles_create_conf_files" lineno="113">
+<summary>
+Create files in /etc/tmpfiles.d/.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="tmpfiles_write_conf_files" lineno="133">
+<summary>
+Write to files in /etc/tmpfiles.d/.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="tmpfiles_manage_conf_files" lineno="153">
+<summary>
+Manage files in /etc/tmpfiles.d/.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<tunable name="tmpfiles_manage_all_non_security" dftval="true">
+<desc>
+<p>
+Determine whether tmpfiles can manage
+all non-security sensitive resources.
+Without this, it is only allowed rights towards
+/run, /tmp, /dev and /var/lock.
+</p>
+</desc>
+</tunable>
 </module>
 <module name="udev" filename="policy/modules/system/udev.if">
 <summary>Policy for udev.</summary>
@@ -90223,7 +119705,30 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="udev_exec" lineno="49">
+<interface name="udev_run_domain" lineno="62">
+<summary>
+Allow udev to execute the specified program in
+the specified domain.
+</summary>
+<desc>
+<p>
+This is a interface to support the UDEV 'RUN'
+command.  This will allow the command run by
+udev to be run in a domain other than udev_t.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain to execute in.
+</summary>
+</param>
+<param name="entry_file">
+<summary>
+Domain entry point file.
+</summary>
+</param>
+</interface>
+<interface name="udev_exec" lineno="80">
 <summary>
 Execute udev in the caller domain.
 </summary>
@@ -90233,7 +119738,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="udev_helper_domtrans" lineno="67">
+<interface name="udev_helper_domtrans" lineno="98">
 <summary>
 Execute a udev helper in the udev domain.
 </summary>
@@ -90243,7 +119748,7 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="udev_read_state" lineno="85">
+<interface name="udev_read_state" lineno="116">
 <summary>
 Allow process to read udev process state.
 </summary>
@@ -90253,7 +119758,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="udev_dontaudit_use_fds" lineno="106">
+<interface name="udev_create_kobject_uevent_sockets" lineno="137">
+<summary>
+Allow domain to create uevent sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="udev_dontaudit_use_fds" lineno="156">
 <summary>
 Do not audit attempts to inherit a
 udev file descriptor.
@@ -90264,7 +119779,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="udev_dontaudit_rw_dgram_sockets" lineno="125">
+<interface name="udev_dontaudit_rw_dgram_sockets" lineno="175">
 <summary>
 Do not audit attempts to read or write
 to a udev unix datagram socket.
@@ -90275,7 +119790,17 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="udev_manage_rules_files" lineno="143">
+<interface name="udev_read_rules_files" lineno="193">
+<summary>
+Read udev rules files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="udev_manage_rules_files" lineno="214">
 <summary>
 Manage udev rules files
 </summary>
@@ -90285,7 +119810,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="udev_dontaudit_search_db" lineno="165">
+<interface name="udev_dontaudit_search_db" lineno="236">
 <summary>
 Do not audit search of udev database directories.
 </summary>
@@ -90295,7 +119820,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="udev_read_db" lineno="189">
+<interface name="udev_read_db" lineno="260">
 <summary>
 Read the udev device table.
 </summary>
@@ -90311,7 +119836,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="udev_rw_db" lineno="216">
+<interface name="udev_rw_db" lineno="288">
 <summary>
 Allow process to modify list of devices.
 </summary>
@@ -90321,7 +119846,57 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="udev_search_pids" lineno="235">
+<interface name="udev_create_db_dirs" lineno="307">
+<summary>
+Create udev database directories
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="udev_pid_filetrans_db" lineno="338">
+<summary>
+Write in /var/run/udev with the udev_tbl_t (udev database) file type
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="class">
+<summary>
+Classes on which the file transition should occur
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+Name of the directory that the file transition will work on
+</summary>
+</param>
+</interface>
+<interface name="udev_relabelto_db" lineno="357">
+<summary>
+Allow process to relabelto udev database
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="udev_relabelto_db_sockets" lineno="377">
+<summary>
+Allow process to relabelto sockets in /run/udev
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="udev_search_pids" lineno="395">
 <summary>
 Search through udev pid content
 </summary>
@@ -90331,10 +119906,20 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="udev_manage_pid_dirs" lineno="255">
+<interface name="udev_list_pids" lineno="414">
+<summary>
+list udev pid content
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="udev_manage_pid_dirs" lineno="434">
 <summary>
 Create, read, write, and delete
-udev pid directories
+udev run directories
 </summary>
 <param name="domain">
 <summary>
@@ -90342,22 +119927,27 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="udev_generic_pid_filetrans_run_dirs" lineno="279">
+<interface name="udev_read_pid_files" lineno="453">
 <summary>
-Create directories in the run location with udev_var_run_t type
+Read udev pid files
 </summary>
 <param name="domain">
 <summary>
 Domain allowed access.
 </summary>
 </param>
-<param name="name" optional="true">
+</interface>
+<interface name="udev_dontaudit_rw_pid_files" lineno="473">
+<summary>
+dontaudit attempts to read/write udev pidfiles
+</summary>
+<param name="domain">
 <summary>
-Name of the directory that is created
+Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="udev_manage_pid_files" lineno="298">
+<interface name="udev_manage_pid_files" lineno="492">
 <summary>
 Create, read, write, and delete
 udev pid files.
@@ -90368,6 +119958,89 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
+<interface name="udev_generic_pid_filetrans_run_dirs" lineno="517">
+<summary>
+Write dirs in /var/run with the udev_var_run file type.
+This method is deprecated in favor of the init_daemon_run_dir call.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+Name of the directory that the file transition will work on
+</summary>
+</param>
+</interface>
+<interface name="udevadm_domtrans" lineno="531">
+<summary>
+Execute udev admin in the udevadm domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="udevadm_run" lineno="556">
+<summary>
+Execute udevadm in the udevadm domain, and
+allow the specified role the udevadm domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+<param name="role">
+<summary>
+Role allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="udevadm_exec" lineno="575">
+<summary>
+Execute udevadm in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="udev_pid_filetrans_rules" lineno="605">
+<summary>
+Write in /var/run/udev with the udev_rules_t (udev rules) file type
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="class">
+<summary>
+Classes on which the file transition should occur
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+Name of the directory that the file transition will work on
+</summary>
+</param>
+</interface>
+<interface name="udev_create_rules_dirs" lineno="624">
+<summary>
+Create udev rules directories
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
 </module>
 <module name="unconfined" filename="policy/modules/system/unconfined.if">
 <summary>The unconfined domain.</summary>
@@ -90381,7 +120054,7 @@ Domain to make unconfined.
 </summary>
 </param>
 </interface>
-<interface name="unconfined_domain" lineno="124">
+<interface name="unconfined_domain" lineno="133">
 <summary>
 Make the specified domain unconfined and
 audit executable heap usage.
@@ -90397,56 +120070,19 @@ is like SELinux	was not being used.
 <p>
 Only completely trusted domains should use this interface.
 </p>
-</desc>
-<param name="domain">
-<summary>
-Domain to make unconfined.
-</summary>
-</param>
-</interface>
-<interface name="unconfined_alias_domain" lineno="152">
-<summary>
-Add an alias type to the unconfined domain.  (Deprecated)
-</summary>
-<desc>
-<p>
-Add an alias type to the unconfined domain.  (Deprecated)
-</p>
 <p>
-This is added to support targeted policy.  Its
-use should be limited.  It has no effect
-on the strict policy.
+Does not allow return communications from confined
+domains via message based mechanisms such as dbus or
+SysV message queues.
 </p>
 </desc>
 <param name="domain">
 <summary>
-New alias of the unconfined domain.
-</summary>
-</param>
-</interface>
-<interface name="unconfined_execmem_alias_program" lineno="178">
-<summary>
-Add an alias type to the unconfined execmem
-program file type.  (Deprecated)
-</summary>
-<desc>
-<p>
-Add an alias type to the unconfined execmem
-program file type.  (Deprecated)
-</p>
-<p>
-This is added to support targeted policy.  Its
-use should be limited.  It has no effect
-on the strict policy.
-</p>
-</desc>
-<param name="domain">
-<summary>
-New alias of the unconfined execmem program type.
+Domain to make unconfined.
 </summary>
 </param>
 </interface>
-<interface name="unconfined_domtrans" lineno="192">
+<interface name="unconfined_domtrans" lineno="151">
 <summary>
 Transition to the unconfined domain.
 </summary>
@@ -90456,7 +120092,7 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="unconfined_run" lineno="215">
+<interface name="unconfined_run" lineno="174">
 <summary>
 Execute specified programs in the unconfined domain.
 </summary>
@@ -90471,7 +120107,7 @@ The role to allow the unconfined domain.
 </summary>
 </param>
 </interface>
-<interface name="unconfined_shell_domtrans" lineno="234">
+<interface name="unconfined_shell_domtrans" lineno="193">
 <summary>
 Transition to the unconfined domain by executing a shell.
 </summary>
@@ -90481,7 +120117,7 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="unconfined_domtrans_to" lineno="272">
+<interface name="unconfined_domtrans_to" lineno="231">
 <summary>
 Allow unconfined to execute the specified program in
 the specified domain.
@@ -90508,7 +120144,7 @@ Domain entry point file.
 </summary>
 </param>
 </interface>
-<interface name="unconfined_run_to" lineno="309">
+<interface name="unconfined_run_to" lineno="268">
 <summary>
 Allow unconfined to execute the specified program in
 the specified domain.  Allow the specified domain the
@@ -90537,7 +120173,7 @@ Domain entry point file.
 </summary>
 </param>
 </interface>
-<interface name="unconfined_use_fds" lineno="330">
+<interface name="unconfined_use_fds" lineno="289">
 <summary>
 Inherit file descriptors from the unconfined domain.
 </summary>
@@ -90547,7 +120183,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="unconfined_sigchld" lineno="348">
+<interface name="unconfined_sigchld" lineno="307">
 <summary>
 Send a SIGCHLD signal to the unconfined domain.
 </summary>
@@ -90557,7 +120193,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="unconfined_signull" lineno="366">
+<interface name="unconfined_signull" lineno="325">
 <summary>
 Send a SIGNULL signal to the unconfined domain.
 </summary>
@@ -90567,7 +120203,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="unconfined_signal" lineno="384">
+<interface name="unconfined_signal" lineno="343">
 <summary>
 Send generic signals to the unconfined domain.
 </summary>
@@ -90577,7 +120213,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="unconfined_read_pipes" lineno="402">
+<interface name="unconfined_read_pipes" lineno="361">
 <summary>
 Read unconfined domain unnamed pipes.
 </summary>
@@ -90587,7 +120223,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="unconfined_dontaudit_read_pipes" lineno="420">
+<interface name="unconfined_dontaudit_read_pipes" lineno="379">
 <summary>
 Do not audit attempts to read unconfined domain unnamed pipes.
 </summary>
@@ -90597,7 +120233,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="unconfined_rw_pipes" lineno="438">
+<interface name="unconfined_rw_pipes" lineno="397">
 <summary>
 Read and write unconfined domain unnamed pipes.
 </summary>
@@ -90607,7 +120243,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="unconfined_dontaudit_rw_pipes" lineno="457">
+<interface name="unconfined_dontaudit_rw_pipes" lineno="416">
 <summary>
 Do not audit attempts to read and write
 unconfined domain unnamed pipes.
@@ -90618,7 +120254,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="unconfined_stream_connect" lineno="476">
+<interface name="unconfined_stream_connect" lineno="435">
 <summary>
 Connect to the unconfined domain using
 a unix domain stream socket.
@@ -90629,7 +120265,18 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="unconfined_dontaudit_rw_tcp_sockets" lineno="505">
+<interface name="unconfined_dontaudit_rw_stream_sockets" lineno="454">
+<summary>
+Do not audit attempts to read and write
+unconfined domain stream.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="unconfined_dontaudit_rw_tcp_sockets" lineno="483">
 <summary>
 Do not audit attempts to read or write
 unconfined domain tcp sockets.
@@ -90650,7 +120297,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="unconfined_create_keys" lineno="523">
+<interface name="unconfined_create_keys" lineno="501">
 <summary>
 Create keys for the unconfined domain.
 </summary>
@@ -90660,7 +120307,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="unconfined_dbus_send" lineno="541">
+<interface name="unconfined_dbus_send" lineno="519">
 <summary>
 Send messages to the unconfined domain over dbus.
 </summary>
@@ -90670,7 +120317,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="unconfined_dbus_chat" lineno="561">
+<interface name="unconfined_dbus_chat" lineno="539">
 <summary>
 Send and receive messages from
 unconfined_t over dbus.
@@ -90681,7 +120328,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="unconfined_dbus_connect" lineno="582">
+<interface name="unconfined_dbus_connect" lineno="560">
 <summary>
 Connect to the the unconfined DBUS
 for service (acquire_svc).
@@ -90716,7 +120363,36 @@ is the prefix for user_t).
 </param>
 <rolebase/>
 </template>
-<interface name="userdom_ro_home_role" lineno="148">
+<template name="userdom_user_content_access_template" lineno="175">
+<summary>
+Template for handling user content through standard tunables
+</summary>
+<desc>
+<p>
+This template generates the tunable blocks for accessing
+end user content, either the generic one (user_home_t)
+or the complete one (based on user_home_content_type).
+</p>
+<p>
+It calls the *_read_generic_user_content,
+*_read_all_user_content, *_manage_generic_user_content, and
+*_manage_all_user_content booleans.
+</p>
+</desc>
+<param name="prefix">
+<summary>
+The application domain prefix to use, meant for the boolean
+calls
+</summary>
+</param>
+<param name="domain">
+<summary>
+The application domain which is granted the necessary privileges
+</summary>
+</param>
+<rolebase/>
+</template>
+<interface name="userdom_ro_home_role" lineno="266">
 <summary>
 Allow a home directory for which the
 role has read-only access.
@@ -90730,7 +120406,7 @@ role has read-only access.
 This does not allow execute access.
 </p>
 </desc>
-<param name="role">
+<param name="role" unused="true">
 <summary>
 The user role
 </summary>
@@ -90742,7 +120418,7 @@ The user domain
 </param>
 <rolebase/>
 </interface>
-<interface name="userdom_manage_home_role" lineno="219">
+<interface name="userdom_manage_home_role" lineno="337">
 <summary>
 Allow a home directory for which the
 role has full access.
@@ -90756,7 +120432,7 @@ role has full access.
 This does not allow execute access.
 </p>
 </desc>
-<param name="role">
+<param name="role" unused="true">
 <summary>
 The user role
 </summary>
@@ -90768,11 +120444,11 @@ The user domain
 </param>
 <rolebase/>
 </interface>
-<interface name="userdom_manage_tmp_role" lineno="288">
+<interface name="userdom_manage_tmp_role" lineno="417">
 <summary>
 Manage user temporary files
 </summary>
-<param name="role">
+<param name="role" unused="true">
 <summary>
 Role allowed access.
 </summary>
@@ -90784,7 +120460,7 @@ Domain allowed access.
 </param>
 <rolebase/>
 </interface>
-<interface name="userdom_exec_user_tmp_files" lineno="314">
+<interface name="userdom_exec_user_tmp_files" lineno="444">
 <summary>
 The execute access user temporary files.
 </summary>
@@ -90795,7 +120471,7 @@ Domain allowed access.
 </param>
 <rolebase/>
 </interface>
-<interface name="userdom_manage_tmpfs_role" lineno="349">
+<interface name="userdom_manage_tmpfs_role" lineno="480">
 <summary>
 Role access for the user tmpfs type
 that the user has full access.
@@ -90809,7 +120485,7 @@ that the user has full access.
 This does not allow execute access.
 </p>
 </desc>
-<param name="role">
+<param name="role" unused="true">
 <summary>
 Role allowed access.
 </summary>
@@ -90821,7 +120497,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<template name="userdom_basic_networking_template" lineno="375">
+<template name="userdom_basic_networking_template" lineno="506">
 <summary>
 The template allowing the user basic
 network permissions
@@ -90834,19 +120510,7 @@ is the prefix for user_t).
 </param>
 <rolebase/>
 </template>
-<template name="userdom_xwindows_client_template" lineno="418">
-<summary>
-The template for creating a user xwindows client.  (Deprecated)
-</summary>
-<param name="userdomain_prefix">
-<summary>
-The prefix of the user domain (e.g., user
-is the prefix for user_t).
-</summary>
-</param>
-<rolebase/>
-</template>
-<template name="userdom_change_password_template" lineno="459">
+<template name="userdom_change_password_template" lineno="549">
 <summary>
 The template for allowing the user to change passwords.
 </summary>
@@ -90858,7 +120522,7 @@ is the prefix for user_t).
 </param>
 <rolebase/>
 </template>
-<template name="userdom_common_user_template" lineno="489">
+<template name="userdom_common_user_template" lineno="579">
 <summary>
 The template containing rules common to unprivileged
 users and administrative users.
@@ -90876,7 +120540,7 @@ is the prefix for user_t).
 </summary>
 </param>
 </template>
-<template name="userdom_login_user_template" lineno="709">
+<template name="userdom_login_user_template" lineno="903">
 <summary>
 The template for creating a login user.
 </summary>
@@ -90894,7 +120558,7 @@ is the prefix for user_t).
 </summary>
 </param>
 </template>
-<template name="userdom_restricted_user_template" lineno="827">
+<template name="userdom_restricted_user_template" lineno="1026">
 <summary>
 The template for creating a unprivileged login user.
 </summary>
@@ -90912,7 +120576,7 @@ is the prefix for user_t).
 </summary>
 </param>
 </template>
-<template name="userdom_restricted_xwindows_user_template" lineno="868">
+<template name="userdom_restricted_xwindows_user_template" lineno="1067">
 <summary>
 The template for creating a unprivileged xwindows login user.
 </summary>
@@ -90933,7 +120597,7 @@ is the prefix for user_t).
 </summary>
 </param>
 </template>
-<template name="userdom_unpriv_user_template" lineno="943">
+<template name="userdom_unpriv_user_template" lineno="1154">
 <summary>
 The template for creating a unprivileged user roughly
 equivalent to a regular linux user.
@@ -90956,7 +120620,7 @@ is the prefix for user_t).
 </summary>
 </param>
 </template>
-<template name="userdom_admin_user_template" lineno="1040">
+<template name="userdom_admin_user_template" lineno="1252">
 <summary>
 The template for creating an administrative user.
 </summary>
@@ -90985,7 +120649,7 @@ is the prefix for sysadm_t).
 </summary>
 </param>
 </template>
-<template name="userdom_security_admin_template" lineno="1204">
+<template name="userdom_security_admin_template" lineno="1426">
 <summary>
 Allow user to run as a secadm
 </summary>
@@ -91011,7 +120675,7 @@ The role  of the object to create.
 </summary>
 </param>
 </template>
-<interface name="userdom_user_application_type" lineno="1279">
+<interface name="userdom_user_application_type" lineno="1506">
 <summary>
 Make the specified type usable as
 a user application domain type.
@@ -91022,7 +120686,7 @@ Type to be used as a user application domain.
 </summary>
 </param>
 </interface>
-<interface name="userdom_user_application_domain" lineno="1300">
+<interface name="userdom_user_application_domain" lineno="1527">
 <summary>
 Make the specified type usable as
 a user application domain.
@@ -91038,7 +120702,7 @@ Type to be used as the domain entry point.
 </summary>
 </param>
 </interface>
-<interface name="userdom_user_home_content" lineno="1317">
+<interface name="userdom_user_home_content" lineno="1544">
 <summary>
 Make the specified type usable in a
 user home directory.
@@ -91050,7 +120714,7 @@ user home directory.
 </summary>
 </param>
 </interface>
-<interface name="userdom_user_tmp_file" lineno="1340">
+<interface name="userdom_user_tmp_file" lineno="1570">
 <summary>
 Make the specified type usable as a
 user temporary file.
@@ -91062,7 +120726,7 @@ temporary directories.
 </summary>
 </param>
 </interface>
-<interface name="userdom_user_tmpfs_file" lineno="1357">
+<interface name="userdom_user_tmpfs_file" lineno="1587">
 <summary>
 Make the specified type usable as a
 user tmpfs file.
@@ -91074,7 +120738,7 @@ tmpfs directories.
 </summary>
 </param>
 </interface>
-<interface name="userdom_attach_admin_tun_iface" lineno="1372">
+<interface name="userdom_attach_admin_tun_iface" lineno="1602">
 <summary>
 Allow domain to attach to TUN devices created by administrative users.
 </summary>
@@ -91084,7 +120748,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_setattr_user_ptys" lineno="1391">
+<interface name="userdom_setattr_user_ptys" lineno="1621">
 <summary>
 Set the attributes of a user pty.
 </summary>
@@ -91094,7 +120758,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_create_user_pty" lineno="1409">
+<interface name="userdom_create_user_pty" lineno="1639">
 <summary>
 Create a user pty.
 </summary>
@@ -91104,7 +120768,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_getattr_user_home_dirs" lineno="1427">
+<interface name="userdom_getattr_user_home_dirs" lineno="1657">
 <summary>
 Get the attributes of user home directories.
 </summary>
@@ -91114,7 +120778,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_dontaudit_getattr_user_home_dirs" lineno="1446">
+<interface name="userdom_dontaudit_getattr_user_home_dirs" lineno="1676">
 <summary>
 Do not audit attempts to get the attributes of user home directories.
 </summary>
@@ -91124,7 +120788,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="userdom_search_user_home_dirs" lineno="1464">
+<interface name="userdom_search_user_home_dirs" lineno="1694">
 <summary>
 Search user home directories.
 </summary>
@@ -91134,14 +120798,14 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_dontaudit_search_user_home_dirs" lineno="1491">
+<interface name="userdom_dontaudit_search_user_home_dirs" lineno="1721">
 <summary>
 Do not audit attempts to search user home directories.
 </summary>
 <desc>
 <p>
 Do not audit attempts to search user home directories.
-This will supress SELinux denial messages when the specified
+This will suppress SELinux denial messages when the specified
 domain is denied the permission to search these directories.
 </p>
 </desc>
@@ -91152,7 +120816,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="userdom_list_user_home_dirs" lineno="1509">
+<interface name="userdom_list_user_home_dirs" lineno="1739">
 <summary>
 List user home directories.
 </summary>
@@ -91162,7 +120826,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_dontaudit_list_user_home_dirs" lineno="1528">
+<interface name="userdom_dontaudit_list_user_home_dirs" lineno="1758">
 <summary>
 Do not audit attempts to list user home subdirectories.
 </summary>
@@ -91172,7 +120836,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="userdom_create_user_home_dirs" lineno="1546">
+<interface name="userdom_create_user_home_dirs" lineno="1776">
 <summary>
 Create user home directories.
 </summary>
@@ -91182,9 +120846,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_manage_user_home_dirs" lineno="1564">
+<interface name="userdom_manage_user_home_dirs" lineno="1794">
 <summary>
-Create user home directories.
+Manage user home directories.
 </summary>
 <param name="domain">
 <summary>
@@ -91192,7 +120856,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_relabelto_user_home_dirs" lineno="1582">
+<interface name="userdom_relabelto_user_home_dirs" lineno="1812">
 <summary>
 Relabel to user home directories.
 </summary>
@@ -91202,7 +120866,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_home_filetrans_user_home_dir" lineno="1606">
+<interface name="userdom_home_filetrans_user_home_dir" lineno="1836">
 <summary>
 Create directories in the home dir root with
 the user home directory type.
@@ -91218,7 +120882,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="userdom_user_home_domtrans" lineno="1643">
+<interface name="userdom_user_home_domtrans" lineno="1873">
 <summary>
 Do a domain transition to the specified
 domain when executing a program in the
@@ -91247,7 +120911,7 @@ Domain to transition to.
 </summary>
 </param>
 </interface>
-<interface name="userdom_dontaudit_search_user_home_content" lineno="1663">
+<interface name="userdom_dontaudit_search_user_home_content" lineno="1893">
 <summary>
 Do not audit attempts to search user home content directories.
 </summary>
@@ -91257,7 +120921,17 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="userdom_list_user_home_content" lineno="1681">
+<interface name="userdom_list_all_user_home_content" lineno="1911">
+<summary>
+List all users home content directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_list_user_home_content" lineno="1930">
 <summary>
 List contents of users home directory.
 </summary>
@@ -91267,7 +120941,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_manage_user_home_content_dirs" lineno="1700">
+<interface name="userdom_manage_user_home_content_dirs" lineno="1949">
 <summary>
 Create, read, write, and delete directories
 in a user home subdirectory.
@@ -91278,7 +120952,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_delete_user_home_content_dirs" lineno="1719">
+<interface name="userdom_delete_all_user_home_content_dirs" lineno="1968">
+<summary>
+Delete all user home content directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_delete_user_home_content_dirs" lineno="1988">
 <summary>
 Delete directories in a user home subdirectory.
 </summary>
@@ -91288,7 +120972,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_dontaudit_setattr_user_home_content_files" lineno="1738">
+<interface name="userdom_setattr_all_user_home_content_dirs" lineno="2006">
+<summary>
+Set attributes of all user home content directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_dontaudit_setattr_user_home_content_files" lineno="2026">
 <summary>
 Do not audit attempts to set the
 attributes of user home files.
@@ -91299,7 +120993,17 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="userdom_mmap_user_home_content_files" lineno="1756">
+<interface name="userdom_map_user_home_content_files" lineno="2044">
+<summary>
+Map user home files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_mmap_user_home_content_files" lineno="2062">
 <summary>
 Mmap user home files.
 </summary>
@@ -91309,7 +121013,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_read_user_home_content_files" lineno="1775">
+<interface name="userdom_read_user_home_content_files" lineno="2081">
 <summary>
 Read user home files.
 </summary>
@@ -91319,7 +121023,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_dontaudit_read_user_home_content_files" lineno="1794">
+<interface name="userdom_dontaudit_read_user_home_content_files" lineno="2100">
 <summary>
 Do not audit attempts to read user home files.
 </summary>
@@ -91329,7 +121033,27 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="userdom_dontaudit_append_user_home_content_files" lineno="1813">
+<interface name="userdom_read_all_user_home_content" lineno="2119">
+<summary>
+Read all user home content, including application-specific resources.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="userdom_manage_all_user_home_content" lineno="2141">
+<summary>
+Manage all user home content, including application-specific resources.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="userdom_dontaudit_append_user_home_content_files" lineno="2163">
 <summary>
 Do not audit attempts to append user home files.
 </summary>
@@ -91339,7 +121063,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="userdom_dontaudit_write_user_home_content_files" lineno="1831">
+<interface name="userdom_dontaudit_write_user_home_content_files" lineno="2181">
 <summary>
 Do not audit attempts to write user home files.
 </summary>
@@ -91349,7 +121073,17 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="userdom_delete_user_home_content_files" lineno="1849">
+<interface name="userdom_delete_all_user_home_content_files" lineno="2199">
+<summary>
+Delete all user home content files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_delete_user_home_content_files" lineno="2219">
 <summary>
 Delete files in a user home subdirectory.
 </summary>
@@ -91359,9 +121093,9 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_dontaudit_relabel_user_home_content_files" lineno="1867">
+<interface name="userdom_dontaudit_relabel_user_home_content_files" lineno="2237">
 <summary>
-Do not audit attempts to write user home files.
+Do not audit attempts to relabel user home files.
 </summary>
 <param name="domain">
 <summary>
@@ -91369,7 +121103,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="userdom_read_user_home_content_symlinks" lineno="1885">
+<interface name="userdom_read_user_home_content_symlinks" lineno="2255">
 <summary>
 Read user home subdirectory symbolic links.
 </summary>
@@ -91379,7 +121113,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_exec_user_home_content_files" lineno="1905">
+<interface name="userdom_exec_user_home_content_files" lineno="2275">
 <summary>
 Execute user home files.
 </summary>
@@ -91390,7 +121124,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="userdom_dontaudit_exec_user_home_content_files" lineno="1932">
+<interface name="userdom_dontaudit_exec_user_home_content_files" lineno="2302">
 <summary>
 Do not audit attempts to execute user home files.
 </summary>
@@ -91400,7 +121134,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="userdom_manage_user_home_content_files" lineno="1951">
+<interface name="userdom_manage_user_home_content_files" lineno="2321">
 <summary>
 Create, read, write, and delete files
 in a user home subdirectory.
@@ -91411,7 +121145,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_dontaudit_manage_user_home_content_dirs" lineno="1972">
+<interface name="userdom_dontaudit_manage_user_home_content_dirs" lineno="2342">
 <summary>
 Do not audit attempts to create, read, write, and delete directories
 in a user home subdirectory.
@@ -91422,7 +121156,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="userdom_manage_user_home_content_symlinks" lineno="1991">
+<interface name="userdom_manage_user_home_content_symlinks" lineno="2361">
 <summary>
 Create, read, write, and delete symbolic links
 in a user home subdirectory.
@@ -91433,7 +121167,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_delete_user_home_content_symlinks" lineno="2011">
+<interface name="userdom_delete_all_user_home_content_symlinks" lineno="2381">
+<summary>
+Delete all user home content symbolic links.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_delete_user_home_content_symlinks" lineno="2401">
 <summary>
 Delete symbolic links in a user home directory.
 </summary>
@@ -91443,7 +121187,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_manage_user_home_content_pipes" lineno="2030">
+<interface name="userdom_manage_user_home_content_pipes" lineno="2420">
 <summary>
 Create, read, write, and delete named pipes
 in a user home subdirectory.
@@ -91454,7 +121198,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_manage_user_home_content_sockets" lineno="2051">
+<interface name="userdom_manage_user_home_content_sockets" lineno="2441">
 <summary>
 Create, read, write, and delete named sockets
 in a user home subdirectory.
@@ -91465,7 +121209,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_user_home_dir_filetrans" lineno="2088">
+<interface name="userdom_user_home_dir_filetrans" lineno="2478">
 <summary>
 Create objects in a user home directory
 with an automatic type transition to
@@ -91492,10 +121236,11 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="userdom_user_home_content_filetrans" lineno="2124">
+<interface name="userdom_user_home_content_filetrans" lineno="2515">
 <summary>
-Create objects in a user home directory
-with an automatic type transition to
+Create objects in a directory located
+in a user home directory with an
+automatic type transition to
 a specified private type.
 </summary>
 <param name="domain">
@@ -91519,7 +121264,28 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="userdom_user_home_dir_filetrans_user_home_content" lineno="2156">
+<interface name="userdom_user_home_dir_filetrans_user_cert" lineno="2546">
+<summary>
+Automatically use the user_cert_t label for selected resources
+created in a users home directory
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+<param name="class">
+<summary>
+Resource type(s) for which the label should be used
+</summary>
+</param>
+<param name="filename" optional="true">
+<summary>
+Name of the resource that is being created
+</summary>
+</param>
+</interface>
+<interface name="userdom_user_home_dir_filetrans_user_home_content" lineno="2576">
 <summary>
 Create objects in a user home directory
 with an automatic type transition to
@@ -91541,7 +121307,40 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="userdom_write_user_tmp_sockets" lineno="2175">
+<interface name="userdom_read_user_certs" lineno="2596">
+<summary>
+Read user SSL certificates.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="userdom_dontaudit_manage_user_certs" lineno="2619">
+<summary>
+Do not audit attempts to manage
+the user SSL certificates.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="userdom_manage_user_certs" lineno="2639">
+<summary>
+Manage user SSL certificates.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_write_user_tmp_sockets" lineno="2660">
 <summary>
 Write to user temporary named sockets.
 </summary>
@@ -91551,7 +121350,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_list_user_tmp" lineno="2194">
+<interface name="userdom_list_user_tmp" lineno="2680">
 <summary>
 List user temporary directories.
 </summary>
@@ -91561,7 +121360,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_dontaudit_list_user_tmp" lineno="2214">
+<interface name="userdom_dontaudit_list_user_tmp" lineno="2702">
 <summary>
 Do not audit attempts to list user
 temporary directories.
@@ -91572,7 +121371,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="userdom_dontaudit_manage_user_tmp_dirs" lineno="2233">
+<interface name="userdom_dontaudit_manage_user_tmp_dirs" lineno="2721">
 <summary>
 Do not audit attempts to manage users
 temporary directories.
@@ -91583,7 +121382,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="userdom_read_user_tmp_files" lineno="2251">
+<interface name="userdom_read_user_tmp_files" lineno="2739">
 <summary>
 Read user temporary files.
 </summary>
@@ -91593,7 +121392,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_dontaudit_read_user_tmp_files" lineno="2272">
+<interface name="userdom_map_user_tmp_files" lineno="2760">
+<summary>
+Map user temporary files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_dontaudit_read_user_tmp_files" lineno="2779">
 <summary>
 Do not audit attempts to read users
 temporary files.
@@ -91604,7 +121413,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="userdom_dontaudit_append_user_tmp_files" lineno="2291">
+<interface name="userdom_dontaudit_append_user_tmp_files" lineno="2798">
 <summary>
 Do not audit attempts to append users
 temporary files.
@@ -91615,7 +121424,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="userdom_rw_user_tmp_files" lineno="2309">
+<interface name="userdom_rw_user_tmp_files" lineno="2816">
 <summary>
 Read and write user temporary files.
 </summary>
@@ -91625,7 +121434,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_dontaudit_manage_user_tmp_files" lineno="2330">
+<interface name="userdom_dontaudit_manage_user_tmp_files" lineno="2838">
 <summary>
 Do not audit attempts to manage users
 temporary files.
@@ -91636,7 +121445,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="userdom_read_user_tmp_symlinks" lineno="2348">
+<interface name="userdom_read_user_tmp_symlinks" lineno="2856">
 <summary>
 Read user temporary symbolic links.
 </summary>
@@ -91646,7 +121455,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_manage_user_tmp_dirs" lineno="2369">
+<interface name="userdom_manage_user_tmp_dirs" lineno="2878">
 <summary>
 Create, read, write, and delete user
 temporary directories.
@@ -91657,7 +121466,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_manage_user_tmp_files" lineno="2389">
+<interface name="userdom_manage_user_tmp_files" lineno="2899">
 <summary>
 Create, read, write, and delete user
 temporary files.
@@ -91668,7 +121477,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_manage_user_tmp_symlinks" lineno="2409">
+<interface name="userdom_manage_user_tmp_symlinks" lineno="2920">
 <summary>
 Create, read, write, and delete user
 temporary symbolic links.
@@ -91679,7 +121488,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_manage_user_tmp_pipes" lineno="2429">
+<interface name="userdom_manage_user_tmp_pipes" lineno="2941">
 <summary>
 Create, read, write, and delete user
 temporary named pipes.
@@ -91690,7 +121499,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_manage_user_tmp_sockets" lineno="2449">
+<interface name="userdom_manage_user_tmp_sockets" lineno="2962">
 <summary>
 Create, read, write, and delete user
 temporary named sockets.
@@ -91701,7 +121510,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_user_tmp_filetrans" lineno="2485">
+<interface name="userdom_user_tmp_filetrans" lineno="2999">
 <summary>
 Create objects in a user temporary directory
 with an automatic type transition to
@@ -91728,7 +121537,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="userdom_tmp_filetrans_user_tmp" lineno="2516">
+<interface name="userdom_tmp_filetrans_user_tmp" lineno="3031">
 <summary>
 Create objects in the temporary directory
 with an automatic type transition to
@@ -91750,9 +121559,9 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="userdom_read_user_tmpfs_files" lineno="2534">
+<interface name="userdom_map_user_tmpfs_files" lineno="3049">
 <summary>
-Read user tmpfs files.
+Map user tmpfs files.
 </summary>
 <param name="domain">
 <summary>
@@ -91760,7 +121569,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_rw_user_tmpfs_files" lineno="2554">
+<interface name="userdom_read_user_tmpfs_files" lineno="3067">
 <summary>
 Read user tmpfs files.
 </summary>
@@ -91770,7 +121579,348 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_manage_user_tmpfs_files" lineno="2575">
+<interface name="userdom_dontaudit_read_user_tmpfs_files" lineno="3087">
+<summary>
+dontaudit Read attempts of user tmpfs files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_relabel_user_tmpfs_dirs" lineno="3106">
+<summary>
+relabel to/from user tmpfs dirs
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_relabel_user_tmpfs_files" lineno="3125">
+<summary>
+relabel to/from user tmpfs files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_user_runtime_content" lineno="3147">
+<summary>
+Make the specified type usable in
+the directory /run/user/%{USERID}/.
+</summary>
+<param name="type">
+<summary>
+Type to be used as a file in the
+user_runtime_content_dir_t.
+</summary>
+</param>
+</interface>
+<interface name="userdom_search_user_runtime" lineno="3167">
+<summary>
+Search users runtime directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_search_user_runtime_root" lineno="3186">
+<summary>
+Search user runtime root directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_manage_user_runtime_root_dirs" lineno="3206">
+<summary>
+Create, read, write, and delete user
+runtime root dirs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_relabel_user_runtime_root_dirs" lineno="3225">
+<summary>
+Relabel to and from user runtime root dirs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_manage_user_runtime_dirs" lineno="3244">
+<summary>
+Create, read, write, and delete user
+runtime dirs.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_mounton_user_runtime_dirs" lineno="3264">
+<summary>
+Mount a filesystem on user runtime dir
+directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_relabelto_user_runtime_dirs" lineno="3282">
+<summary>
+Relabel to user runtime directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_relabelfrom_user_runtime_dirs" lineno="3300">
+<summary>
+Relabel from user runtime directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_delete_user_runtime_files" lineno="3318">
+<summary>
+delete user runtime files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_search_all_user_runtime" lineno="3337">
+<summary>
+Search users runtime directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_list_all_user_runtime" lineno="3356">
+<summary>
+List user runtime directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_delete_all_user_runtime_dirs" lineno="3375">
+<summary>
+delete user runtime directories
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_delete_all_user_runtime_files" lineno="3393">
+<summary>
+delete user runtime files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_delete_all_user_runtime_symlinks" lineno="3412">
+<summary>
+delete user runtime symlink files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_delete_all_user_runtime_named_pipes" lineno="3431">
+<summary>
+delete user runtime fifo files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_delete_all_user_runtime_named_sockets" lineno="3450">
+<summary>
+delete user runtime socket files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_pid_filetrans_user_runtime_root" lineno="3481">
+<summary>
+Create objects in the pid directory
+with an automatic type transition to
+the user runtime root type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+The class of the object to be created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="userdom_user_runtime_filetrans" lineno="3517">
+<summary>
+Create objects in a user runtime
+directory with an automatic type
+transition to a specified private
+type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="private_type">
+<summary>
+The type of the object to create.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+The class of the object to be created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="userdom_user_runtime_filetrans_user_tmp" lineno="3548">
+<summary>
+Create objects in the user runtime directory
+with an automatic type transition to
+the user temporary type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+The class of the object to be created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="userdom_user_runtime_root_filetrans_user_runtime" lineno="3578">
+<summary>
+Create objects in the user runtime root
+directory with an automatic type transition
+to the user runtime dir type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+The class of the object to be created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="userdom_user_run_filetrans_user_runtime" lineno="3609">
+<summary>
+Create objects in the user runtime root
+directory with an automatic type transition
+to the user runtime dir type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+The class of the object to be created.
+</summary>
+</param>
+<param name="name" optional="true">
+<summary>
+The name of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="userdom_rw_user_tmpfs_files" lineno="3627">
+<summary>
+Read and write user tmpfs files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_delete_user_tmpfs_files" lineno="3648">
+<summary>
+Delete user tmpfs files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_manage_user_tmpfs_files" lineno="3667">
 <summary>
 Create, read, write, and delete user tmpfs files.
 </summary>
@@ -91780,7 +121930,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_getattr_user_ttys" lineno="2595">
+<interface name="userdom_getattr_user_ttys" lineno="3687">
 <summary>
 Get the attributes of a user domain tty.
 </summary>
@@ -91790,7 +121940,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_dontaudit_getattr_user_ttys" lineno="2613">
+<interface name="userdom_dontaudit_getattr_user_ttys" lineno="3705">
 <summary>
 Do not audit attempts to get the attributes of a user domain tty.
 </summary>
@@ -91800,7 +121950,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="userdom_setattr_user_ttys" lineno="2631">
+<interface name="userdom_setattr_user_ttys" lineno="3723">
 <summary>
 Set the attributes of a user domain tty.
 </summary>
@@ -91810,7 +121960,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_dontaudit_setattr_user_ttys" lineno="2649">
+<interface name="userdom_dontaudit_setattr_user_ttys" lineno="3741">
 <summary>
 Do not audit attempts to set the attributes of a user domain tty.
 </summary>
@@ -91820,7 +121970,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="userdom_use_user_ttys" lineno="2667">
+<interface name="userdom_use_user_ttys" lineno="3759">
 <summary>
 Read and write a user domain tty.
 </summary>
@@ -91830,7 +121980,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_use_user_ptys" lineno="2685">
+<interface name="userdom_use_user_ptys" lineno="3777">
 <summary>
 Read and write a user domain pty.
 </summary>
@@ -91840,7 +121990,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_use_user_terminals" lineno="2719">
+<interface name="userdom_use_inherited_user_terminals" lineno="3812">
 <summary>
 Read and write a user TTYs and PTYs.
 </summary>
@@ -91866,7 +122016,39 @@ Domain allowed access.
 </param>
 <infoflow type="both" weight="10"/>
 </interface>
-<interface name="userdom_dontaudit_use_user_terminals" lineno="2740">
+<interface name="userdom_use_user_terminals" lineno="3853">
+<summary>
+Read, write and open a user TTYs and PTYs.
+</summary>
+<desc>
+<p>
+Allow the specified domain to read and write user
+TTYs and PTYs. This will allow the domain to
+interact with the user via the terminal. Typically
+all interactive applications will require this
+access.
+</p>
+<p>
+This interface will also allow to open these user
+terminals, which should not be necessary in general
+and userdom_use_inherited_user_terminals() should
+be sufficient.
+</p>
+<p>
+However, this also allows the applications to spy
+on user sessions or inject information into the
+user session.  Thus, this access should likely
+not be allowed for non-interactive domains.
+</p>
+</desc>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<infoflow type="both" weight="10"/>
+</interface>
+<interface name="userdom_dontaudit_use_user_terminals" lineno="3869">
 <summary>
 Do not audit attempts to read and write
 a user domain tty and pty.
@@ -91877,7 +122059,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="userdom_spec_domtrans_all_users" lineno="2761">
+<interface name="userdom_spec_domtrans_all_users" lineno="3890">
 <summary>
 Execute a shell in all user domains.  This
 is an explicit transition, requiring the
@@ -91889,9 +122071,9 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="userdom_xsession_spec_domtrans_all_users" lineno="2784">
+<interface name="userdom_xsession_spec_domtrans_all_users" lineno="3913">
 <summary>
-Execute an Xserver session in all unprivileged user domains.  This
+Execute an Xserver session in all user domains.  This
 is an explicit transition, requiring the
 caller to use setexeccon().
 </summary>
@@ -91901,7 +122083,7 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="userdom_spec_domtrans_unpriv_users" lineno="2807">
+<interface name="userdom_spec_domtrans_unpriv_users" lineno="3936">
 <summary>
 Execute a shell in all unprivileged user domains.  This
 is an explicit transition, requiring the
@@ -91913,7 +122095,7 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="userdom_xsession_spec_domtrans_unpriv_users" lineno="2830">
+<interface name="userdom_xsession_spec_domtrans_unpriv_users" lineno="3959">
 <summary>
 Execute an Xserver session in all unprivileged user domains.  This
 is an explicit transition, requiring the
@@ -91925,7 +122107,7 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="userdom_rw_unpriv_user_semaphores" lineno="2851">
+<interface name="userdom_rw_unpriv_user_semaphores" lineno="3980">
 <summary>
 Read and write unpriviledged user SysV sempaphores.
 </summary>
@@ -91935,7 +122117,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_manage_unpriv_user_semaphores" lineno="2869">
+<interface name="userdom_manage_unpriv_user_semaphores" lineno="3998">
 <summary>
 Manage unpriviledged user SysV sempaphores.
 </summary>
@@ -91945,7 +122127,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_rw_unpriv_user_shared_mem" lineno="2888">
+<interface name="userdom_rw_unpriv_user_shared_mem" lineno="4017">
 <summary>
 Read and write unpriviledged user SysV shared
 memory segments.
@@ -91956,7 +122138,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_manage_unpriv_user_shared_mem" lineno="2907">
+<interface name="userdom_manage_unpriv_user_shared_mem" lineno="4036">
 <summary>
 Manage unpriviledged user SysV shared
 memory segments.
@@ -91967,7 +122149,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_bin_spec_domtrans_unpriv_users" lineno="2927">
+<interface name="userdom_bin_spec_domtrans_unpriv_users" lineno="4056">
 <summary>
 Execute bin_t in the unprivileged user domains. This
 is an explicit transition, requiring the
@@ -91979,7 +122161,7 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="userdom_entry_spec_domtrans_unpriv_users" lineno="2950">
+<interface name="userdom_entry_spec_domtrans_unpriv_users" lineno="4079">
 <summary>
 Execute all entrypoint files in unprivileged user
 domains. This is an explicit transition, requiring the
@@ -91991,7 +122173,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_search_user_home_content" lineno="2971">
+<interface name="userdom_search_user_home_content" lineno="4100">
 <summary>
 Search users home directories.
 </summary>
@@ -92001,7 +122183,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_signull_unpriv_users" lineno="2990">
+<interface name="userdom_signull_unpriv_users" lineno="4119">
 <summary>
 Send signull to unprivileged user domains.
 </summary>
@@ -92011,7 +122193,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_signal_unpriv_users" lineno="3008">
+<interface name="userdom_signal_unpriv_users" lineno="4137">
 <summary>
 Send general signals to unprivileged user domains.
 </summary>
@@ -92021,7 +122203,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_use_unpriv_users_fds" lineno="3026">
+<interface name="userdom_use_unpriv_users_fds" lineno="4155">
 <summary>
 Inherit the file descriptors from unprivileged user domains.
 </summary>
@@ -92031,7 +122213,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_dontaudit_use_unpriv_user_fds" lineno="3054">
+<interface name="userdom_dontaudit_use_unpriv_user_fds" lineno="4183">
 <summary>
 Do not audit attempts to inherit the file descriptors
 from unprivileged user domains.
@@ -92039,7 +122221,7 @@ from unprivileged user domains.
 <desc>
 <p>
 Do not audit attempts to inherit the file descriptors
-from unprivileged user domains. This will supress
+from unprivileged user domains. This will suppress
 SELinux denial messages when the specified domain is denied
 the permission to inherit these file descriptors.
 </p>
@@ -92051,7 +122233,7 @@ Domain to not audit.
 </param>
 <infoflow type="none"/>
 </interface>
-<interface name="userdom_dontaudit_use_user_ptys" lineno="3072">
+<interface name="userdom_dontaudit_use_user_ptys" lineno="4201">
 <summary>
 Do not audit attempts to use user ptys.
 </summary>
@@ -92061,7 +122243,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="userdom_relabelto_user_ptys" lineno="3090">
+<interface name="userdom_relabelto_user_ptys" lineno="4219">
 <summary>
 Relabel files to unprivileged user pty types.
 </summary>
@@ -92071,7 +122253,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_dontaudit_relabelfrom_user_ptys" lineno="3109">
+<interface name="userdom_dontaudit_relabelfrom_user_ptys" lineno="4238">
 <summary>
 Do not audit attempts to relabel files from
 user pty types.
@@ -92082,7 +122264,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="userdom_write_user_tmp_files" lineno="3127">
+<interface name="userdom_write_user_tmp_files" lineno="4256">
 <summary>
 Write all users files in /tmp
 </summary>
@@ -92092,7 +122274,18 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_dontaudit_use_user_ttys" lineno="3145">
+<interface name="userdom_dontaudit_write_user_tmp_files" lineno="4275">
+<summary>
+Do not audit attempts to write users
+temporary files.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="userdom_dontaudit_use_user_ttys" lineno="4293">
 <summary>
 Do not audit attempts to use user ttys.
 </summary>
@@ -92102,7 +122295,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="userdom_read_all_users_state" lineno="3163">
+<interface name="userdom_read_all_users_state" lineno="4311">
 <summary>
 Read the process state of all user domains.
 </summary>
@@ -92112,7 +122305,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_getattr_all_users" lineno="3182">
+<interface name="userdom_getattr_all_users" lineno="4330">
 <summary>
 Get the attributes of all user domains.
 </summary>
@@ -92122,7 +122315,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_use_all_users_fds" lineno="3200">
+<interface name="userdom_use_all_users_fds" lineno="4348">
 <summary>
 Inherit the file descriptors from all user domains
 </summary>
@@ -92132,7 +122325,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_dontaudit_use_all_users_fds" lineno="3219">
+<interface name="userdom_dontaudit_use_all_users_fds" lineno="4367">
 <summary>
 Do not audit attempts to inherit the file
 descriptors from any user domains.
@@ -92143,7 +122336,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="userdom_signal_all_users" lineno="3237">
+<interface name="userdom_signal_all_users" lineno="4385">
 <summary>
 Send general signals to all user domains.
 </summary>
@@ -92153,7 +122346,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_sigchld_all_users" lineno="3255">
+<interface name="userdom_sigchld_all_users" lineno="4403">
 <summary>
 Send a SIGCHLD signal to all user domains.
 </summary>
@@ -92163,7 +122356,37 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_create_all_users_keys" lineno="3273">
+<interface name="userdom_read_all_users_keys" lineno="4421">
+<summary>
+Read keys for all user domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_write_all_users_keys" lineno="4439">
+<summary>
+Write keys for all user domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_rw_all_users_keys" lineno="4457">
+<summary>
+Read and write keys for all user domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_create_all_users_keys" lineno="4475">
 <summary>
 Create keys for all user domains.
 </summary>
@@ -92173,7 +122396,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="userdom_dbus_send_all_users" lineno="3291">
+<interface name="userdom_manage_all_users_keys" lineno="4493">
+<summary>
+Manage keys for all user domains.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_dbus_send_all_users" lineno="4511">
 <summary>
 Send a dbus message to all user domains.
 </summary>
@@ -92183,6 +122416,38 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
+<interface name="userdom_manage_user_tmp_chr_files" lineno="4533">
+<summary>
+Create, read, write, and delete user
+temporary character files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="userdom_relabel_user_certs" lineno="4554">
+<summary>
+Allow relabeling resources to user_cert_t
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="userdom_dontaudit_rw_all_users_stream_sockets" lineno="4577">
+<summary>
+Do not audit attempts to read and write
+unserdomain stream.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
 <tunable name="allow_user_mysql_connect" dftval="false">
 <desc>
 <p>
@@ -92219,6 +122484,23 @@ that do not have extended attributes (FAT, CDROM, FLOPPY)
 </p>
 </desc>
 </tunable>
+<tunable name="user_exec_noexattrfile" dftval="false">
+<desc>
+<p>
+Allow user to execute files on filesystems
+that do not have extended attributes (FAT, CDROM, FLOPPY)
+</p>
+</desc>
+</tunable>
+<tunable name="user_write_removable" dftval="false">
+<desc>
+<p>
+Allow user to write files on removable
+devices (e.g. external USB memory
+devices or floppies)
+</p>
+</desc>
+</tunable>
 <tunable name="user_ttyfile_stat" dftval="false">
 <desc>
 <p>
@@ -92227,6 +122509,1396 @@ Allow w to display everyone
 </desc>
 </tunable>
 </module>
+<module name="xdg" filename="policy/modules/system/xdg.if">
+<summary>
+Freedesktop standard locations (formerly known as X Desktop Group)
+</summary>
+<interface name="xdg_cache_content" lineno="16">
+<summary>
+Mark the selected type as an xdg_cache_type
+</summary>
+<param name="type">
+<summary>
+Type to give the xdg_cache_type attribute to
+</summary>
+</param>
+</interface>
+<interface name="xdg_config_content" lineno="36">
+<summary>
+Mark the selected type as an xdg_config_type
+</summary>
+<param name="type">
+<summary>
+Type to give the xdg_config_type attribute to
+</summary>
+</param>
+</interface>
+<interface name="xdg_data_content" lineno="56">
+<summary>
+Mark the selected type as an xdg_data_type
+</summary>
+<param name="type">
+<summary>
+Type to give the xdg_data_type attribute to
+</summary>
+</param>
+</interface>
+<interface name="xdg_search_cache_dirs" lineno="76">
+<summary>
+Search through the xdg cache home directories
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xdg_read_cache_files" lineno="96">
+<summary>
+Read the xdg cache home files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xdg_read_all_cache_files" lineno="119">
+<summary>
+Read all xdg_cache_type files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xdg_cache_filetrans" lineno="159">
+<summary>
+Create objects in an xdg_cache directory
+with an automatic type transition to
+a specified private type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="private_type">
+<summary>
+The type of the object to create.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+The class of the object to be created.
+</summary>
+</param>
+<param name="filename" optional="true">
+<summary>
+Name of the file or directory created
+</summary>
+</param>
+</interface>
+<interface name="xdg_generic_user_home_dir_filetrans_cache" lineno="192">
+<summary>
+Create objects in the user home dir with an automatic type transition to
+the xdg_cache_t type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+The class of the object to be created.
+</summary>
+</param>
+<param name="filename" optional="true">
+<summary>
+Name of the directory created
+</summary>
+</param>
+</interface>
+<interface name="xdg_create_cache_dirs" lineno="210">
+<summary>
+Create xdg cache home directories
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="xdg_manage_cache" lineno="228">
+<summary>
+Manage the xdg cache home files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xdg_manage_all_cache" lineno="253">
+<summary>
+Manage all the xdg cache home files regardless of their specific type
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xdg_relabel_cache" lineno="278">
+<summary>
+Allow relabeling the xdg cache home files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xdg_relabel_all_cache" lineno="302">
+<summary>
+Allow relabeling the xdg cache home files, regardless of their specific type
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xdg_search_config_dirs" lineno="326">
+<summary>
+Search through the xdg config home directories
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xdg_read_config_files" lineno="346">
+<summary>
+Read the xdg config home files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xdg_read_all_config_files" lineno="369">
+<summary>
+Read all xdg_config_type files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xdg_config_filetrans" lineno="409">
+<summary>
+Create objects in an xdg_config directory
+with an automatic type transition to
+a specified private type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="private_type">
+<summary>
+The type of the object to create.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+The class of the object to be created.
+</summary>
+</param>
+<param name="filename" optional="true">
+<summary>
+Name of the file or directory created
+</summary>
+</param>
+</interface>
+<interface name="xdg_generic_user_home_dir_filetrans_config" lineno="442">
+<summary>
+Create objects in the user home dir with an automatic type transition to
+the xdg_config_t type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+The class of the object to be created.
+</summary>
+</param>
+<param name="filename" optional="true">
+<summary>
+Name of the directory created
+</summary>
+</param>
+</interface>
+<interface name="xdg_create_config_dirs" lineno="460">
+<summary>
+Create xdg config home directories
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="xdg_manage_config" lineno="478">
+<summary>
+Manage the xdg config home files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xdg_manage_all_config" lineno="503">
+<summary>
+Manage all the xdg config home files regardless of their specific type
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xdg_relabel_config" lineno="528">
+<summary>
+Allow relabeling the xdg config home files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xdg_relabel_all_config" lineno="552">
+<summary>
+Allow relabeling the xdg config home files, regardless of their specific type
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xdg_read_data_files" lineno="576">
+<summary>
+Read the xdg data home files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xdg_read_all_data_files" lineno="599">
+<summary>
+Read all xdg_data_type files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xdg_data_filetrans" lineno="639">
+<summary>
+Create objects in an xdg_data directory
+with an automatic type transition to
+a specified private type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="private_type">
+<summary>
+The type of the object to create.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+The class of the object to be created.
+</summary>
+</param>
+<param name="filename" optional="true">
+<summary>
+Optional name of the file or directory created
+</summary>
+</param>
+</interface>
+<interface name="xdg_generic_user_home_dir_filetrans_data" lineno="672">
+<summary>
+Create objects in the user home dir with an automatic type transition to
+the xdg_data_t type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+The class of the object to be created.
+</summary>
+</param>
+<param name="filename" optional="true">
+<summary>
+Name of the directory created
+</summary>
+</param>
+</interface>
+<interface name="xdg_create_data_dirs" lineno="690">
+<summary>
+Create xdg data home directories
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="xdg_manage_data" lineno="708">
+<summary>
+Manage the xdg data home files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xdg_manage_all_data" lineno="733">
+<summary>
+Manage all the xdg data home files, regardless of their specific type
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xdg_relabel_data" lineno="758">
+<summary>
+Allow relabeling the xdg data home files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xdg_relabel_all_data" lineno="782">
+<summary>
+Allow relabeling the xdg data home files, regardless of their type
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xdg_generic_user_home_dir_filetrans_documents" lineno="817">
+<summary>
+Create objects in the user home dir with an automatic type transition to
+the xdg_documents_t type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+The class of the object to be created.
+</summary>
+</param>
+<param name="filename" optional="true">
+<summary>
+Name of the directory created
+</summary>
+</param>
+</interface>
+<interface name="xdg_manage_documents" lineno="835">
+<summary>
+Manage documents content
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="xdg_relabel_documents" lineno="856">
+<summary>
+Allow relabeling the documents resources
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xdg_read_downloads" lineno="878">
+<summary>
+Read downloaded content
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="xdg_create_downloads" lineno="901">
+<summary>
+Create downloaded content
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="xdg_write_downloads" lineno="924">
+<summary>
+Write downloaded content
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="xdg_generic_user_home_dir_filetrans_downloads" lineno="958">
+<summary>
+Create objects in the user home dir with an automatic type transition to
+the xdg_downloads_t type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+The class of the object to be created.
+</summary>
+</param>
+<param name="filename" optional="true">
+<summary>
+Name of the directory created
+</summary>
+</param>
+</interface>
+<interface name="xdg_manage_downloads" lineno="976">
+<summary>
+Manage downloaded content
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="xdg_relabel_downloads" lineno="997">
+<summary>
+Allow relabeling the downloads resources
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xdg_read_pictures" lineno="1019">
+<summary>
+Read user pictures content
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="xdg_generic_user_home_dir_filetrans_pictures" lineno="1053">
+<summary>
+Create objects in the user home dir with an automatic type transition to
+the xdg_pictures_t type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+The class of the object to be created.
+</summary>
+</param>
+<param name="filename" optional="true">
+<summary>
+Name of the directory created
+</summary>
+</param>
+</interface>
+<interface name="xdg_manage_pictures" lineno="1071">
+<summary>
+Manage pictures content
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="xdg_relabel_pictures" lineno="1092">
+<summary>
+Allow relabeling the pictures resources
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xdg_read_music" lineno="1114">
+<summary>
+Read user music content
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="xdg_generic_user_home_dir_filetrans_music" lineno="1148">
+<summary>
+Create objects in the user home dir with an automatic type transition to
+the xdg_pictures_t type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+The class of the object to be created.
+</summary>
+</param>
+<param name="filename" optional="true">
+<summary>
+Name of the directory created
+</summary>
+</param>
+</interface>
+<interface name="xdg_manage_music" lineno="1166">
+<summary>
+Manage music content
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="xdg_relabel_music" lineno="1187">
+<summary>
+Allow relabeling the music resources
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xdg_read_videos" lineno="1209">
+<summary>
+Read user video content
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="xdg_generic_user_home_dir_filetrans_videos" lineno="1243">
+<summary>
+Create objects in the user home dir with an automatic type transition to
+the xdg_videos_t type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+The class of the object to be created.
+</summary>
+</param>
+<param name="filename" optional="true">
+<summary>
+Name of the directory created
+</summary>
+</param>
+</interface>
+<interface name="xdg_manage_videos" lineno="1261">
+<summary>
+Manage video content
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="xdg_relabel_videos" lineno="1282">
+<summary>
+Allow relabeling the videos resources
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xdg_cache_home_content" lineno="1308">
+<summary>
+Mark the selected type as an xdg_cache_home_type
+</summary>
+<param name="type">
+<summary>
+Type to give the xdg_cache_home_type attribute to
+</summary>
+</param>
+</interface>
+<interface name="xdg_config_home_content" lineno="1322">
+<summary>
+Mark the selected type as an xdg_config_home_type
+</summary>
+<param name="type">
+<summary>
+Type to give the xdg_config_home_type attribute to
+</summary>
+</param>
+</interface>
+<interface name="xdg_data_home_content" lineno="1336">
+<summary>
+Mark the selected type as an xdg_data_home_type
+</summary>
+<param name="type">
+<summary>
+Type to give the xdg_data_home_type attribute to
+</summary>
+</param>
+</interface>
+<interface name="xdg_read_cache_home_files" lineno="1350">
+<summary>
+Read the xdg cache home files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xdg_read_all_cache_home_files" lineno="1364">
+<summary>
+Read all xdg_cache_home_type files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xdg_cache_home_filetrans" lineno="1395">
+<summary>
+Create objects in an xdg_cache_home directory
+with an automatic type transition to
+a specified private type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="private_type">
+<summary>
+The type of the object to create.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+The class of the object to be created.
+</summary>
+</param>
+<param name="filename" optional="true">
+<summary>
+Name of the file or directory created
+</summary>
+</param>
+</interface>
+<interface name="xdg_generic_user_home_dir_filetrans_cache_home" lineno="1420">
+<summary>
+Create objects in the user home dir with an automatic type transition to
+the xdg_cache_home_t type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+The class of the object to be created.
+</summary>
+</param>
+<param name="filename" optional="true">
+<summary>
+Name of the directory created
+</summary>
+</param>
+</interface>
+<interface name="xdg_create_cache_home_dirs" lineno="1434">
+<summary>
+Create xdg cache home directories
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="xdg_manage_cache_home" lineno="1448">
+<summary>
+Manage the xdg cache home files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xdg_manage_all_cache_home" lineno="1462">
+<summary>
+Manage all the xdg cache home files regardless of their specific type
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xdg_relabel_cache_home" lineno="1476">
+<summary>
+Allow relabeling the xdg cache home files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xdg_relabel_all_cache_home" lineno="1490">
+<summary>
+Allow relabeling the xdg cache home files, regardless of their specific type
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xdg_search_config_home_dirs" lineno="1504">
+<summary>
+Search through the xdg config home directories
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xdg_read_config_home_files" lineno="1518">
+<summary>
+Read the xdg config home files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xdg_read_all_config_home_files" lineno="1532">
+<summary>
+Read all xdg_config_home_type files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xdg_config_home_filetrans" lineno="1563">
+<summary>
+Create objects in an xdg_config_home directory
+with an automatic type transition to
+a specified private type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="private_type">
+<summary>
+The type of the object to create.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+The class of the object to be created.
+</summary>
+</param>
+<param name="filename" optional="true">
+<summary>
+Name of the file or directory created
+</summary>
+</param>
+</interface>
+<interface name="xdg_generic_user_home_dir_filetrans_config_home" lineno="1588">
+<summary>
+Create objects in the user home dir with an automatic type transition to
+the xdg_config_home_t type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+The class of the object to be created.
+</summary>
+</param>
+<param name="filename" optional="true">
+<summary>
+Name of the directory created
+</summary>
+</param>
+</interface>
+<interface name="xdg_create_config_home_dirs" lineno="1602">
+<summary>
+Create xdg config home directories
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="xdg_manage_config_home" lineno="1616">
+<summary>
+Manage the xdg config home files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xdg_manage_all_config_home" lineno="1630">
+<summary>
+Manage all the xdg config home files regardless of their specific type
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xdg_relabel_config_home" lineno="1644">
+<summary>
+Allow relabeling the xdg config home files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xdg_relabel_all_config_home" lineno="1658">
+<summary>
+Allow relabeling the xdg config home files, regardless of their specific type
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xdg_read_data_home_files" lineno="1672">
+<summary>
+Read the xdg data home files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xdg_read_all_data_home_files" lineno="1686">
+<summary>
+Read all xdg_data_home_type files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xdg_data_home_filetrans" lineno="1717">
+<summary>
+Create objects in an xdg_data_home directory
+with an automatic type transition to
+a specified private type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="private_type">
+<summary>
+The type of the object to create.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+The class of the object to be created.
+</summary>
+</param>
+<param name="filename" optional="true">
+<summary>
+Optional name of the file or directory created
+</summary>
+</param>
+</interface>
+<interface name="xdg_generic_user_home_dir_filetrans_data_home" lineno="1742">
+<summary>
+Create objects in the user home dir with an automatic type transition to
+the xdg_data_home_t type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="object_class">
+<summary>
+The class of the object to be created.
+</summary>
+</param>
+<param name="filename" optional="true">
+<summary>
+Name of the directory created
+</summary>
+</param>
+</interface>
+<interface name="xdg_create_data_home_dirs" lineno="1756">
+<summary>
+Create xdg data home directories
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="xdg_manage_data_home" lineno="1770">
+<summary>
+Manage the xdg data home files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xdg_manage_all_data_home" lineno="1784">
+<summary>
+Manage all the xdg data home files, regardless of their specific type
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xdg_relabel_data_home" lineno="1798">
+<summary>
+Allow relabeling the xdg data home files
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xdg_relabel_all_data_home" lineno="1812">
+<summary>
+Allow relabeling the xdg data home files, regardless of their type
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xdg_read_downloads_home" lineno="1826">
+<summary>
+Read downloaded content
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="xdg_read_videos_home" lineno="1840">
+<summary>
+Read user video content
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="xdg_read_pictures_home" lineno="1854">
+<summary>
+Read user pictures content
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="xdg_read_music_home" lineno="1868">
+<summary>
+Read user music content
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="xdg_create_downloads_home" lineno="1882">
+<summary>
+Create downloaded content
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="xdg_write_downloads_home" lineno="1896">
+<summary>
+Write downloaded content
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="xdg_manage_downloads_home" lineno="1910">
+<summary>
+Manage downloaded content
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="xdg_manage_documents_home" lineno="1924">
+<summary>
+Manage documents content
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="xdg_manage_music_home" lineno="1938">
+<summary>
+Manage music content
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="xdg_manage_pictures_home" lineno="1952">
+<summary>
+Manage pictures content
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+<interface name="xdg_manage_videos_home" lineno="1966">
+<summary>
+Manage video content
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access
+</summary>
+</param>
+</interface>
+</module>
+<module name="xen" filename="policy/modules/system/xen.if">
+<summary>Xen hypervisor.</summary>
+<interface name="xen_domtrans" lineno="13">
+<summary>
+Execute a domain transition to run xend.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="xen_exec" lineno="32">
+<summary>
+Execute xend in the caller domain.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xen_use_fds" lineno="51">
+<summary>
+Inherit and use xen file descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xen_dontaudit_use_fds" lineno="70">
+<summary>
+Do not audit attempts to inherit
+xen file descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="xen_manage_image_dirs" lineno="89">
+<summary>
+Create, read, write, and delete
+xend image directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xen_read_image_files" lineno="108">
+<summary>
+Read xend image files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xen_rw_image_files" lineno="128">
+<summary>
+Read and write xend image files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xen_append_log" lineno="148">
+<summary>
+Append xend log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xen_manage_log" lineno="169">
+<summary>
+Create, read, write, and delete
+xend log files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xen_read_xenstored_pid_files" lineno="189">
+<summary>
+Read xenstored pid files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xen_dontaudit_rw_unix_stream_sockets" lineno="209">
+<summary>
+Do not audit attempts to read and write
+Xen unix domain stream sockets.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="xen_stream_connect_xenstore" lineno="228">
+<summary>
+Connect to xenstored with a unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xen_stream_connect" lineno="248">
+<summary>
+Connect to xend with a unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="xen_pid_filetrans" lineno="280">
+<summary>
+Create in a xend_var_run_t directory
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<param name="private type">
+<summary>
+The type of the object to be created.
+</summary>
+</param>
+<param name="object">
+<summary>
+The object class of the object being created.
+</summary>
+</param>
+</interface>
+<interface name="xen_domtrans_xm" lineno="298">
+<summary>
+Execute a domain transition to run xm.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed to transition.
+</summary>
+</param>
+</interface>
+<interface name="xen_stream_connect_xm" lineno="318">
+<summary>
+Connect to xm with a unix
+domain stream socket.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<tunable name="xend_run_blktap" dftval="false">
+<desc>
+<p>
+Determine whether xend can
+run blktapctrl and tapdisk.
+</p>
+</desc>
+</tunable>
+<tunable name="xen_use_fusefs" dftval="false">
+<desc>
+<p>
+Determine whether xen can
+use fusefs file systems.
+</p>
+</desc>
+</tunable>
+<tunable name="xen_use_nfs" dftval="false">
+<desc>
+<p>
+Determine whether xen can
+use nfs file systems.
+</p>
+</desc>
+</tunable>
+<tunable name="xen_use_samba" dftval="false">
+<desc>
+<p>
+Determine whether xen can
+use samba file systems.
+</p>
+</desc>
+</tunable>
+</module>
 </layer>
 <tunable name="allow_execheap" dftval="false">
 <desc>
@@ -92336,6 +124008,14 @@ and may change other protocols.
 </p>
 </desc>
 </tunable>
+<tunable name="user_udp_server" dftval="false">
+<desc>
+<p>
+Allow users to run UDP servers (bind to ports and accept connection from
+the same domain and outside users)
+</p>
+</desc>
+</tunable>
 <bool name="secure_mode" dftval="false">
 <desc>
 <p>
@@ -92345,4 +124025,120 @@ user domains.
 </p>
 </desc>
 </bool>
+<tunable name="mozilla_read_generic_user_content" dftval="true">
+<desc>
+<p>
+Allow mozilla to read generic user content (i.e. content that is not specific to an application).
+</p>
+</desc>
+</tunable>
+<tunable name="mozilla_read_all_user_content" dftval="false">
+<desc>
+<p>
+Allow mozilla to read all user content (including content that is specific to an application, such as the configuration files of other applications in the users home directory).
+</p>
+</desc>
+</tunable>
+<tunable name="mozilla_manage_generic_user_content" dftval="false">
+<desc>
+<p>
+Allow mozilla to manage generic user content (i.e. content that is not specific to an application).
+</p>
+</desc>
+</tunable>
+<tunable name="mozilla_manage_all_user_content" dftval="false">
+<desc>
+<p>
+Allow mozilla to manage all user content (including content that is specific to an application, such as the configuration files of other applications in the users home directory).
+</p>
+</desc>
+</tunable>
+
+<tunable name="chromium_read_generic_user_content" dftval="true">
+<desc>
+<p>
+Allow chromium to read generic user content (i.e. content that is not specific to an application).
+</p>
+</desc>
+</tunable>
+<tunable name="chromium_read_all_user_content" dftval="false">
+<desc>
+<p>
+Allow chromium to read all user content (including content that is specific to an application, such as the configuration files of other applications in the users home directory).
+</p>
+</desc>
+</tunable>
+<tunable name="chromium_manage_generic_user_content" dftval="false">
+<desc>
+<p>
+Allow chromium to manage generic user content (i.e. content that is not specific to an application).
+</p>
+</desc>
+</tunable>
+<tunable name="chromium_manage_all_user_content" dftval="false">
+<desc>
+<p>
+Allow chromium to manage all user content (including content that is specific to an application, such as the configuration files of other applications in the users home directory).
+</p>
+</desc>
+</tunable>
+
+<tunable name="mutt_read_generic_user_content" dftval="true">
+<desc>
+<p>
+Allow mutt to read generic user content (i.e. content that is not specific to an application).
+</p>
+</desc>
+</tunable>
+<tunable name="mutt_read_all_user_content" dftval="false">
+<desc>
+<p>
+Allow mutt to read all user content (including content that is specific to an application, such as the configuration files of other applications in the users home directory).
+</p>
+</desc>
+</tunable>
+<tunable name="mutt_manage_generic_user_content" dftval="false">
+<desc>
+<p>
+Allow mutt to manage generic user content (i.e. content that is not specific to an application).
+</p>
+</desc>
+</tunable>
+<tunable name="mutt_manage_all_user_content" dftval="false">
+<desc>
+<p>
+Allow mutt to manage all user content (including content that is specific to an application, such as the configuration files of other applications in the users home directory).
+</p>
+</desc>
+</tunable>
+
+<tunable name="thunderbird_read_generic_user_content" dftval="true">
+<desc>
+<p>
+Allow thunderbird to read generic user content (i.e. content that is not specific to an application).
+</p>
+</desc>
+</tunable>
+<tunable name="thunderbird_read_all_user_content" dftval="false">
+<desc>
+<p>
+Allow thunderbird to read all user content (including content that is specific to an application, such as the configuration files of other applications in the users home directory).
+</p>
+</desc>
+</tunable>
+<tunable name="thunderbird_manage_generic_user_content" dftval="false">
+<desc>
+<p>
+Allow thunderbird to manage generic user content (i.e. content that is not specific to an application).
+</p>
+</desc>
+</tunable>
+<tunable name="thunderbird_manage_all_user_content" dftval="false">
+<desc>
+<p>
+Allow thunderbird to manage all user content (including content that is specific to an application, such as the configuration files of other applications in the users home directory).
+</p>
+</desc>
+</tunable>
+
 </policy>
diff --git a/policy/booleans.conf b/policy/booleans.conf
index e0e9d40f9..3f88d47a5 100644
--- a/policy/booleans.conf
+++ b/policy/booleans.conf
@@ -18,232 +18,1256 @@ secure_mode_policyload = false
 secure_mode = false
 
 #
+# Control if AIDE can mmap files.
+# AIDE can be compiled with the option 'with-mmap' in which case it will
+# attempt to mmap files while running.
+# 
+aide_mmap_files = false
+
+#
+# Grant the firstboot domains read access to generic user content
+# 
+firstboot_read_generic_user_content = true
+
+#
+# Grant the firstboot domains read access to all user content
+# 
+firstboot_read_all_user_content = false
+
+#
+# Grant the firstboot domains manage rights on generic user content
+# 
+firstboot_manage_generic_user_content = false
+
+#
+# Grant the firstboot domains manage rights on all user content
+# 
+firstboot_manage_all_user_content = false
+
+#
+# Determine whether logwatch can connect
+# to mail over the network.
+# 
+logwatch_can_network_connect_mail = false
+
+#
+# Determine whether mcelog supports
+# client mode.
+# 
+mcelog_client = false
+
+#
+# Determine whether mcelog can execute scripts.
+# 
+mcelog_exec_scripts = true
+
+#
+# Determine whether mcelog can use all
+# the user ttys.
+# 
+mcelog_foreground = false
+
+#
+# Determine whether mcelog supports
+# server mode.
+# 
+mcelog_server = false
+
+#
+# Determine whether mcelog can use syslog.
+# 
+mcelog_syslog = false
+
+#
 # Control users use of ping and traceroute
 # 
 user_ping = false
 
 #
-# Allow Apache to modify public files
-# used for public file transfer services. Directories/Files must
+# Determine whether portage can
+# use nfs filesystems.
+# 
+portage_use_nfs = false
+
+#
+# Determine whether portage domains can read user content.
+# This is for non-portage_t domains as portage_t can manage the entire file system.
+# 
+portage_read_user_content = false
+
+#
+# Determine whether portage can mount file systems (used to mount /boot for instance).
+# 
+portage_mount_fs = false
+
+#
+# Extra rules which are sometimes needed when FEATURES=test is enabled
+# 
+portage_enable_test = false
+
+#
+# Determine whether puppet can
+# manage all non-security files.
+# 
+puppet_manage_all_files = false
+
+#
+# Determine whether rkhunter can connect
+# to http ports. This is required by the
+# --update option.
+# 
+rkhunter_connect_http = false
+
+#
+# Determine whether attempts by
+# vbetool to mmap low regions should
+# be silently blocked.
+# 
+vbetool_mmap_zero_ignore = false
+
+#
+# Determine whether awstats can
+# purge httpd log files.
+# 
+awstats_purge_apache_log_files = false
+
+#
+# Determine whether the script domain can
+# modify public files used for public file
+# transfer services. Directories/Files must
+# be labeled public_content_rw_t.
+# 
+allow_httpd_awstats_script_anon_write = false
+
+#
+# Determine whether cdrecord can read
+# various content. nfs, samba, removable
+# devices, user temp and untrusted
+# content files
+# 
+cdrecord_read_content = false
+
+#
+# Allow chromium to read system information
+# 
+# 
+# 
+# 
+# Although not needed for regular browsing, this will allow chromium to update
+# its own memory consumption based on system state, support additional
+# debugging, detect specific devices, etc.
+# 
+chromium_read_system_info = false
+
+#
+# Allow chromium to bind to tcp ports
+# 
+# 
+# 
+# 
+# Although not needed for regular browsing, some chrome extensions need to
+# bind to tcp ports and accept connections.
+# 
+chromium_bind_tcp_unreserved_ports = false
+
+#
+# Allow chromium to read/write USB devices
+# 
+# 
+# 
+# 
+# Although not needed for regular browsing, used for debugging over usb
+# or using FIDO U2F tokens.
+# 
+chromium_rw_usb_dev = false
+
+#
+# Grant the chromium domains read access to generic user content
+# 
+chromium_read_generic_user_content = true
+
+#
+# Grant the chromium domains read access to all user content
+# 
+chromium_read_all_user_content = false
+
+#
+# Grant the chromium domains manage rights on generic user content
+# 
+chromium_manage_generic_user_content = false
+
+#
+# Grant the chromium domains manage rights on all user content
+# 
+chromium_manage_all_user_content = false
+
+#
+# Allow evolution to create and write
+# user certificates in addition to
+# being able to read them
+# 
+evolution_manage_user_certs = false
+
+#
+# Grant the evolution domains read access to generic user content
+# 
+evolution_read_generic_user_content = true
+
+#
+# Grant the evolution domains read access to all user content
+# 
+evolution_read_all_user_content = false
+
+#
+# Grant the evolution domains manage rights on generic user content
+# 
+evolution_manage_generic_user_content = false
+
+#
+# Grant the evolution domains manage rights on all user content
+# 
+evolution_manage_all_user_content = false
+
+#
+# Determine whether Gitosis can send mail.
+# 
+gitosis_can_sendmail = false
+
+#
+# Determine whether GPG agent can manage
+# generic user home content files. This is
+# required by the --write-env-file option.
+# 
+gpg_agent_env_file = false
+
+#
+# Determine whether GPG agent can use OpenPGP
+# cards or Yubikeys over USB
+# 
+gpg_agent_use_card = false
+
+#
+# Grant the gpg domains read access to generic user content
+# 
+gpg_read_generic_user_content = true
+
+#
+# Grant the gpg domains read access to all user content
+# 
+gpg_read_all_user_content = false
+
+#
+# Grant the gpg domains manage rights on generic user content
+# 
+gpg_manage_generic_user_content = false
+
+#
+# Grant the gpg domains manage rights on all user content
+# 
+gpg_manage_all_user_content = false
+
+#
+# Determine whether irc clients can
+# listen on and connect to any
+# unreserved TCP ports.
+# 
+irc_use_any_tcp_ports = false
+
+#
+# Grant the irc domains read access to generic user content
+# 
+irc_read_generic_user_content = true
+
+#
+# Grant the irc domains read access to all user content
+# 
+irc_read_all_user_content = false
+
+#
+# Grant the irc domains manage rights on generic user content
+# 
+irc_manage_generic_user_content = false
+
+#
+# Grant the irc domains manage rights on all user content
+# 
+irc_manage_all_user_content = false
+
+#
+# Determine whether java can make
+# its stack executable.
+# 
+allow_java_execstack = false
+
+#
+# Grant the java domains read access to generic user content
+# 
+java_read_generic_user_content = true
+
+#
+# Grant the java domains read access to all user content
+# 
+java_read_all_user_content = false
+
+#
+# Grant the java domains manage rights on generic user content
+# 
+java_manage_generic_user_content = false
+
+#
+# Grant the java domains manage rights on all user content
+# 
+java_manage_all_user_content = false
+
+#
+# Determine whether libmtp can read
+# and manage the user home directories
+# and files.
+# 
+libmtp_enable_home_dirs = false
+
+#
+# Determine whether the script domain can
+# modify public files used for public file
+# transfer services. Directories/Files must
+# be labeled public_content_rw_t.
+# 
+allow_httpd_lightsquid_script_anon_write = false
+
+#
+# Determine whether the script domain can
+# modify public files used for public file
+# transfer services. Directories/Files must
+# be labeled public_content_rw_t.
+# 
+allow_httpd_man2html_script_anon_write = false
+
+#
+# Determine whether mozilla can
+# make its stack executable.
+# 
+mozilla_execstack = false
+
+#
+# Grant the mozilla domains read access to generic user content
+# 
+mozilla_read_generic_user_content = true
+
+#
+# Grant the mozilla domains read access to all user content
+# 
+mozilla_read_all_user_content = false
+
+#
+# Grant the mozilla domains manage rights on generic user content
+# 
+mozilla_manage_generic_user_content = false
+
+#
+# Grant the mozilla domains manage rights on all user content
+# 
+mozilla_manage_all_user_content = false
+
+#
+# Determine whether mozilla firefox can bind TCP sockets to all
+# unreserved ports (for instance used with various Proxy
+# management extensions).
+# 
+mozilla_bind_all_unreserved_ports = false
+
+#
+# Determine whether mozilla firefox plugins can connect to
+# unreserved ports (for instance when dealing with Google Talk)
+# 
+mozilla_plugin_connect_all_unreserved = false
+
+#
+# Determine whether mplayer can make
+# its stack executable.
+# 
+allow_mplayer_execstack = false
+
+#
+# Grant the mplayer_mencoder domains read access to generic user content
+# 
+mplayer_mencoder_read_generic_user_content = true
+
+#
+# Grant the mplayer_mencoder domains read access to all user content
+# 
+mplayer_mencoder_read_all_user_content = false
+
+#
+# Grant the mplayer_mencoder domains manage rights on generic user content
+# 
+mplayer_mencoder_manage_generic_user_content = false
+
+#
+# Grant the mplayer_mencoder domains manage rights on all user content
+# 
+mplayer_mencoder_manage_all_user_content = false
+
+#
+# Grant the mplayer domains read access to generic user content
+# 
+mplayer_read_generic_user_content = true
+
+#
+# Grant the mplayer domains read access to all user content
+# 
+mplayer_read_all_user_content = false
+
+#
+# Grant the mplayer domains manage rights on generic user content
+# 
+mplayer_manage_generic_user_content = false
+
+#
+# Grant the mplayer domains manage rights on all user content
+# 
+mplayer_manage_all_user_content = false
+
+#
+# Determine whether openoffice can
+# download software updates from the
+# network (application and/or
+# extensions).
+# 
+openoffice_allow_update = true
+
+#
+# Determine whether openoffice writer
+# can send emails directly (print to
+# email). This is different from the
+# functionality of sending emails
+# through external clients which is
+# always enabled.
+# 
+openoffice_allow_email = false
+
+#
+# Grant the openoffice domains read access to generic user content
+# 
+openoffice_read_generic_user_content = true
+
+#
+# Grant the openoffice domains read access to all user content
+# 
+openoffice_read_all_user_content = false
+
+#
+# Grant the openoffice domains manage rights on generic user content
+# 
+openoffice_manage_generic_user_content = false
+
+#
+# Grant the openoffice domains manage rights on all user content
+# 
+openoffice_manage_all_user_content = false
+
+#
+# Allow pulseaudio to execute code in
+# writable memory
+# 
+pulseaudio_execmem = false
+
+#
+# Determine whether qemu has full
+# access to the network.
+# 
+qemu_full_network = false
+
+#
+# Grant the syncthing domains read access to generic user content
+# 
+syncthing_read_generic_user_content = true
+
+#
+# Grant the syncthing domains read access to all user content
+# 
+syncthing_read_all_user_content = false
+
+#
+# Grant the syncthing domains manage rights on generic user content
+# 
+syncthing_manage_generic_user_content = false
+
+#
+# Grant the syncthing domains manage rights on all user content
+# 
+syncthing_manage_all_user_content = false
+
+#
+# Determine whether telepathy connection
+# managers can connect to generic tcp ports.
+# 
+telepathy_tcp_connect_generic_network_ports = false
+
+#
+# Determine whether telepathy connection
+# managers can connect to any port.
+# 
+telepathy_connect_all_ports = false
+
+#
+# Grant the thunderbird domains read access to generic user content
+# 
+thunderbird_read_generic_user_content = true
+
+#
+# Grant the thunderbird domains read access to all user content
+# 
+thunderbird_read_all_user_content = false
+
+#
+# Grant the thunderbird domains manage rights on generic user content
+# 
+thunderbird_manage_generic_user_content = false
+
+#
+# Grant the thunderbird domains manage rights on all user content
+# 
+thunderbird_manage_all_user_content = false
+
+#
+# Determine whether the script domain can
+# modify public files used for public file
+# transfer services. Directories/Files must
+# be labeled public_content_rw_t.
+# 
+allow_httpd_webalizer_script_anon_write = false
+
+#
+# Determine whether attempts by
+# wine to mmap low regions should
+# be silently blocked.
+# 
+wine_mmap_zero_ignore = false
+
+#
+# Grant the wireshark domains read access to generic user content
+# 
+wireshark_read_generic_user_content = true
+
+#
+# Grant the wireshark domains read access to all user content
+# 
+wireshark_read_all_user_content = false
+
+#
+# Grant the wireshark domains manage rights on generic user content
+# 
+wireshark_manage_generic_user_content = false
+
+#
+# Grant the wireshark domains manage rights on all user content
+# 
+wireshark_manage_all_user_content = false
+
+#
+# Grant the xscreensaver domains read access to generic user content
+# 
+xscreensaver_read_generic_user_content = true
+
+#
+# Determine whether the bitcoin daemon can bind
+# to all unreserved ports or not.
+# 
+bitcoin_bind_all_unreserved_ports = false
+
+#
+# Determine whether dropbox can bind to
+# local tcp and udp ports.
+# Required for Dropbox' LAN Sync feature
+# 
+dropbox_bind_port = false
+
+#
+# Grant the dropbox domains read access to generic user content
+# 
+dropbox_read_generic_user_content = true
+
+#
+# Grant the dropbox domains read access to all user content
+# 
+dropbox_read_all_user_content = false
+
+#
+# Grant the dropbox domains manage rights on generic user content
+# 
+dropbox_manage_generic_user_content = false
+
+#
+# Grant the dropbox domains manage rights on all user content
+# 
+dropbox_manage_all_user_content = false
+
+#
+# Allow KDEConnect to read user home files
+# 
+kdeconnect_read_user_files = true
+
+#
+# Allow links to manage files in users home directories (download files)
+# 
+links_manage_user_files = false
+
+#
+# Grant the mutt domains read access to generic user content
+# 
+mutt_read_generic_user_content = true
+
+#
+# Grant the mutt domains read access to all user content
+# 
+mutt_read_all_user_content = false
+
+#
+# Grant the mutt domains manage rights on generic user content
+# 
+mutt_manage_generic_user_content = false
+
+#
+# Grant the mutt domains manage rights on all user content
+# 
+mutt_manage_all_user_content = false
+
+#
+# Allow nginx to serve HTTP content (act as an http server)
+# 
+nginx_enable_http_server = false
+
+#
+# Allow nginx to act as an imap proxy server)
+# 
+nginx_enable_imap_server = false
+
+#
+# Allow nginx to act as a pop3 server)
+# 
+nginx_enable_pop3_server = false
+
+#
+# Allow nginx to act as an smtp server)
+# 
+nginx_enable_smtp_server = false
+
+#
+# Allow nginx to connect to remote HTTP servers
+# 
+nginx_can_network_connect_http = false
+
+#
+# Allow nginx to connect to remote servers (regardless of protocol)
+# 
+nginx_can_network_connect = false
+
+#
+# Be able to manage user files (needed to support sending and downloading
+# attachments). Without this boolean set, only files marked as pan_home_t
+# can be used for sending and receiving.
+# 
+pan_manage_user_content = false
+
+#
+# Allow phpfpm to use LDAP services
+# 
+phpfpm_use_ldap = false
+
+#
+# Allow rtorrent to use dht.
+# The correspondig port must be rtorrent_udp_port_t.
+# 
+rtorrent_use_dht = true
+
+#
+# Allow rtorrent to use rsync, for example in a hook.
+# 
+rtorrent_use_rsync = false
+
+#
+# Determine wether the salt master can read NFS files
+# 
+salt_master_read_nfs = false
+
+#
+# Determine wether the salt minion can manage NFS files
+# 
+salt_minion_manage_nfs = false
+
+#
+# Be able to manage user files (needed to support sending and receiving files).
+# Without this boolean set, only files marked as skype_home_t can be used for
+# sending and receiving.
+# 
+skype_manage_user_content = false
+
+#
+# Control the ability to mmap a low area of the address space,
+# as configured by /proc/sys/kernel/mmap_min_addr.
+# 
+mmap_low_allowed = false
+
+#
+# Determine whether dbadm can manage
+# generic user files.
+# 
+dbadm_manage_user_files = false
+
+#
+# Determine whether dbadm can read
+# generic user files.
+# 
+dbadm_read_user_files = false
+
+#
+# Allow sysadm to debug or ptrace all processes.
+# 
+allow_ptrace = false
+
+#
+# Determine whether webadm can
+# manage generic user files.
+# 
+webadm_manage_user_files = false
+
+#
+# Determine whether webadm can
+# read generic user files.
+# 
+webadm_read_user_files = false
+
+#
+# Determine whether xguest can
+# mount removable media.
+# 
+xguest_mount_media = false
+
+#
+# Determine whether xguest can
+# configure network manager.
+# 
+xguest_connect_network = false
+
+#
+# Determine whether xguest can
+# use blue tooth devices.
+# 
+xguest_use_bluetooth = false
+
+#
+# Determine whether ABRT can modify
+# public files used for public file
+# transfer services.
+# 
+abrt_anon_write = false
+
+#
+# Determine whether abrt-handle-upload
+# can modify public files used for public file
+# transfer services in /var/spool/abrt-upload/.
+# 
+abrt_upload_watch_anon_write = true
+
+#
+# Determine whether ABRT can run in
+# the abrt_handle_event_t domain to
+# handle ABRT event scripts.
+# 
+abrt_handle_event = false
+
+#
+# Determine whether amavis can
+# use JIT compiler.
+# 
+amavis_use_jit = false
+
+#
+# Determine whether httpd can modify
+# public files used for public file
+# transfer services. Directories/Files must
 # be labeled public_content_rw_t.
 # 
 allow_httpd_anon_write = false
 
 #
-# Allow Apache to use mod_auth_pam
+# Determine whether httpd can use mod_auth_pam.
 # 
 allow_httpd_mod_auth_pam = false
 
 #
-# Allow httpd to use built in scripting (usually php)
+# Determine whether httpd can use built in scripting.
 # 
 httpd_builtin_scripting = false
 
 #
-# Allow HTTPD scripts and modules to connect to the network using TCP.
+# Determine whether httpd can check spam.
+# 
+httpd_can_check_spam = false
+
+#
+# Determine whether httpd scripts and modules
+# can connect to the network using TCP.
 # 
 httpd_can_network_connect = false
 
 #
-# Allow HTTPD scripts and modules to connect to databases over the network.
+# Determine whether httpd scripts and modules
+# can connect to cobbler over the network.
+# 
+httpd_can_network_connect_cobbler = false
+
+#
+# Determine whether scripts and modules can
+# connect to databases over the network.
 # 
 httpd_can_network_connect_db = false
 
 #
-# Allow httpd to act as a relay
+# Determine whether httpd can connect to
+# ldap over the network.
+# 
+httpd_can_network_connect_ldap = false
+
+#
+# Determine whether httpd can connect
+# to memcache server over the network.
+# 
+httpd_can_network_connect_memcache = false
+
+#
+# Determine whether httpd can act as a relay.
 # 
 httpd_can_network_relay = false
 
 #
-# Allow http daemon to send mail
+# Determine whether httpd daemon can
+# connect to zabbix over the network.
+# 
+httpd_can_network_connect_zabbix = false
+
+#
+# Determine whether httpd can send mail.
 # 
 httpd_can_sendmail = false
 
 #
-# Allow Apache to communicate with avahi service via dbus
+# Determine whether httpd can communicate
+# with avahi service via dbus.
 # 
 httpd_dbus_avahi = false
 
 #
-# Allow httpd cgi support
+# Determine wether httpd can use support.
 # 
 httpd_enable_cgi = false
 
 #
-# Allow httpd to act as a FTP server by
-# listening on the ftp port.
+# Determine whether httpd can act as a
+# FTP server by listening on the ftp port.
 # 
 httpd_enable_ftp_server = false
 
 #
-# Allow httpd to read home directories
+# Determine whether httpd can traverse
+# user home directories.
 # 
 httpd_enable_homedirs = false
 
 #
-# Allow httpd daemon to change its resource limits
+# Determine whether httpd gpg can modify
+# public files used for public file
+# transfer services. Directories/Files must
+# be labeled public_content_rw_t.
+# 
+httpd_gpg_anon_write = false
+
+#
+# Determine whether httpd can execute
+# its temporary content.
+# 
+httpd_tmp_exec = false
+
+#
+# Determine whether httpd scripts and
+# modules can use execmem and execstack.
+# 
+httpd_execmem = false
+
+#
+# Determine whether httpd can connect
+# to port 80 for graceful shutdown.
+# 
+httpd_graceful_shutdown = false
+
+#
+# Determine whether httpd can
+# manage IPA content files.
+# 
+httpd_manage_ipa = false
+
+#
+# Determine whether httpd can use mod_auth_ntlm_winbind.
+# 
+httpd_mod_auth_ntlm_winbind = false
+
+#
+# Determine whether httpd can read
+# generic user home content files.
+# 
+httpd_read_user_content = false
+
+#
+# Determine whether httpd can change
+# its resource limits.
 # 
 httpd_setrlimit = false
 
 #
-# Allow HTTPD to run SSI executables in the same domain as system CGI scripts.
+# Determine whether httpd can run
+# SSI executables in the same domain
+# as system CGI scripts.
 # 
 httpd_ssi_exec = false
 
 #
-# Unify HTTPD to communicate with the terminal.
-# Needed for entering the passphrase for certificates at
-# the terminal.
+# Determine whether httpd can communicate
+# with the terminal. Needed for entering the
+# passphrase for certificates at the terminal.
 # 
 httpd_tty_comm = false
 
 #
-# Unify HTTPD handling of all content files.
+# Determine whether httpd can have full access
+# to its content types.
 # 
 httpd_unified = false
 
 #
-# Allow httpd to access cifs file systems
+# Determine whether httpd can use
+# cifs file systems.
 # 
 httpd_use_cifs = false
 
 #
-# Allow httpd to run gpg
+# Determine whether httpd can
+# use fuse file systems.
+# 
+httpd_use_fusefs = false
+
+#
+# Determine whether httpd can use gpg.
 # 
 httpd_use_gpg = false
 
 #
-# Allow httpd to access nfs file systems
+# Determine whether httpd can use
+# nfs file systems.
 # 
 httpd_use_nfs = false
 
 #
-# Allow BIND to write the master zone files.
+# Determine whether the script domain can
+# modify public files used for public file
+# transfer services. Directories/Files must
+# be labeled public_content_rw_t.
+# 
+allow_httpd_sys_script_anon_write = false
+
+#
+# Determine whether the script domain can
+# modify public files used for public file
+# transfer services. Directories/Files must
+# be labeled public_content_rw_t.
+# 
+allow_httpd_user_script_anon_write = false
+
+#
+# Determine whether the script domain can
+# modify public files used for public file
+# transfer services. Directories/Files must
+# be labeled public_content_rw_t.
+# 
+allow_httpd_unconfined_script_anon_write = false
+
+#
+# Enable specific permissions for the Hiawatha web server
+# 
+hiawatha_httpd = false
+
+#
+# Determine whether the script domain can
+# modify public files used for public file
+# transfer services. Directories/Files must
+# be labeled public_content_rw_t.
+# 
+allow_httpd_apcupsd_cgi_script_anon_write = false
+
+#
+# Determine whether Bind can bind tcp socket to http ports.
+# 
+named_tcp_bind_http_port = false
+
+#
+# Determine whether Bind can write to master zone files.
 # Generally this is used for dynamic DNS or zone transfers.
 # 
 named_write_master_zones = false
 
 #
-# Allow cdrecord to read various content.
-# nfs, samba, removable devices, user temp
-# and untrusted content files
+# Determine whether boinc can execmem/execstack.
 # 
-cdrecord_read_content = false
+boinc_execmem = true
 
 #
-# Allow clamd to use JIT compiler
+# Determine whether the script domain can
+# modify public files used for public file
+# transfer services. Directories/Files must
+# be labeled public_content_rw_t.
+# 
+allow_httpd_bugzilla_script_anon_write = false
+
+#
+# Determine whether clamscan can
+# read user content files.
+# 
+clamav_read_user_content_files_clamscan = false
+
+#
+# Determine whether clamscan can read
+# all non-security files.
+# 
+clamav_read_all_non_security_files_clamscan = false
+
+#
+# Determine whether can clamd use JIT compiler.
 # 
 clamd_use_jit = false
 
 #
-# Allow Cobbler to modify public files
-# used for public file transfer services.
+# Determine whether Cobbler can modify
+# public files used for public file
+# transfer services.
 # 
 cobbler_anon_write = false
 
 #
-# Allow system cron jobs to relabel filesystem
-# for restoring file contexts.
+# Determine whether Cobbler can connect
+# to the network using TCP.
+# 
+cobbler_can_network_connect = false
+
+#
+# Determine whether Cobbler can access
+# cifs file systems.
+# 
+cobbler_use_cifs = false
+
+#
+# Determine whether Cobbler can access
+# nfs file systems.
+# 
+cobbler_use_nfs = false
+
+#
+# Determine whether collectd can connect
+# to the network using TCP.
+# 
+collectd_tcp_network_connect = false
+
+#
+# Determine whether the script domain can
+# modify public files used for public file
+# transfer services. Directories/Files must
+# be labeled public_content_rw_t.
+# 
+allow_httpd_collectd_script_anon_write = false
+
+#
+# Determine whether Condor can connect
+# to the network using TCP.
+# 
+condor_tcp_network_connect = false
+
+#
+# Determine whether system cron jobs
+# can relabel filesystem for
+# restoring file contexts.
 # 
 cron_can_relabel = false
 
 #
-# Enable extra rules in the cron domain
-# to support fcron.
+# Determine whether crond can execute jobs
+# in the user domain as opposed to the
+# the generic cronjob domain.
+# 
+cron_userdomain_transition = false
+
+#
+# Determine whether extra rules
+# should be enabled to support fcron.
 # 
 fcron_crond = false
 
 #
-# Allow cvs daemon to read shadow
+# Grant the cron domains read access to generic user content
 # 
-allow_cvs_read_shadow = false
+cron_read_generic_user_content = true
 
 #
-# Allow dbadm to manage files in users home directories
+# Grant the cron domains read access to all user content
 # 
-dbadm_manage_user_files = false
+cron_read_all_user_content = false
 
 #
-# Allow dbadm to read files in users home directories
+# Grant the cron domains manage rights on generic user content
 # 
-dbadm_read_user_files = false
+cron_manage_generic_user_content = false
+
+#
+# Grant the cron domains manage rights on all user content
+# 
+cron_manage_all_user_content = false
+
+#
+# Determine whether cvs can read shadow
+# password files.
+# 
+allow_cvs_read_shadow = false
+
+#
+# Determine whether the script domain can
+# modify public files used for public file
+# transfer services. Directories/Files must
+# be labeled public_content_rw_t.
+# 
+allow_httpd_cvs_script_anon_write = false
 
 #
-# Allow DHCP daemon to use LDAP backends
+# Determine whether DHCP daemon
+# can use LDAP backends.
 # 
 dhcpd_use_ldap = false
 
 #
-# Allow the use of the audio devices as the source for the entropy feeds
+# Determine whether dovecot can connect to
+# databases.
+# 
+dovecot_can_connect_db = false
+
+#
+# Determine whether the script domain can
+# modify public files used for public file
+# transfer services. Directories/Files must
+# be labeled public_content_rw_t.
+# 
+allow_httpd_dspam_script_anon_write = false
+
+#
+# Determine whether entropyd can use
+# audio devices as the source for
+# the entropy feeds.
 # 
 entropyd_use_audio = false
 
 #
-# Allow exim to connect to databases (postgres, mysql)
+# Determine whether exim can connect to
+# databases.
 # 
 exim_can_connect_db = false
 
 #
-# Allow exim to read unprivileged user files.
+# Determine whether exim can read generic
+# user content files.
 # 
 exim_read_user_files = false
 
 #
-# Allow exim to create, read, write, and delete
-# unprivileged user files.
+# Determine whether exim can create,
+# read, write, and delete generic user
+# content files.
 # 
 exim_manage_user_files = false
 
 #
-# Allow ftp servers to upload files,  used for public file
-# transfer services. Directories must be labeled
-# public_content_rw_t.
+# Determine whether ftpd can modify
+# public files used for public file
+# transfer services. Directories/Files must
+# be labeled public_content_rw_t.
 # 
 allow_ftpd_anon_write = false
 
 #
-# Allow ftp servers to login to local users and
-# read/write all files on the system, governed by DAC.
+# Determine whether ftpd can login to
+# local users and can read and write
+# all files on the system, governed by DAC.
 # 
 allow_ftpd_full_access = false
 
 #
-# Allow ftp servers to use cifs
+# Determine whether ftpd can use CIFS
 # used for public file transfer services.
 # 
 allow_ftpd_use_cifs = false
 
 #
-# Allow ftp servers to use nfs
+# Determine whether ftpd can use NFS
 # used for public file transfer services.
 # 
 allow_ftpd_use_nfs = false
 
 #
-# Allow ftp to read and write files in the user home directories
+# Determine whether ftpd can connect to
+# databases over the TCP network.
+# 
+ftpd_connect_db = false
+
+#
+# Determine whether ftpd can bind to all
+# unreserved ports for passive mode.
+# 
+ftpd_use_passive_mode = false
+
+#
+# Determine whether ftpd can connect to
+# all unreserved ports.
+# 
+ftpd_connect_all_unreserved = false
+
+#
+# Determine whether ftpd can read and write
+# files in user home directories.
 # 
 ftp_home_dir = false
 
 #
-# Allow anon internal-sftp to upload files, used for
-# public file transfer services. Directories must be labeled
-# public_content_rw_t.
+# Determine whether sftpd can modify
+# public files used for public file
+# transfer services. Directories/Files must
+# be labeled public_content_rw_t.
 # 
 sftpd_anon_write = false
 
 #
-# Allow sftp-internal to read and write files
-# in the user home directories
+# Determine whether sftpd-can read and write
+# files in user home directories.
 # 
 sftpd_enable_homedirs = false
 
 #
-# Allow sftp-internal to login to local users and
-# read/write all files on the system, governed by DAC.
+# Determine whether sftpd-can login to
+# local users and read and write all
+# files on the system, governed by DAC.
 # 
 sftpd_full_access = false
 
 #
+# Determine whether sftpd can read and write
+# files in user ssh home directories.
+# 
+sftpd_write_ssh_home = false
+
+#
 # Determine whether Git CGI
 # can search home directories.
 # 
@@ -262,6 +1286,13 @@ git_cgi_use_cifs = false
 git_cgi_use_nfs = false
 
 #
+# Determine whether Git session daemon
+# can bind TCP sockets to all
+# unreserved ports.
+# 
+git_session_bind_all_unreserved_ports = false
+
+#
 # Determine whether calling user domains
 # can execute Git daemon in the
 # git_session_t domain.
@@ -293,364 +1324,431 @@ git_system_use_cifs = false
 git_system_use_nfs = false
 
 #
-# Allow usage of the gpg-agent --write-env-file option.
-# This also allows gpg-agent to manage user files.
+# Determine whether the script domain can
+# modify public files used for public file
+# transfer services. Directories/Files must
+# be labeled public_content_rw_t.
 # 
-gpg_agent_env_file = false
+allow_httpd_git_script_anon_write = false
 
 #
-# Allow java executable stack
+# Grant the i18n_input domains read access to generic user content
 # 
-allow_java_execstack = false
+i18n_input_read_generic_user_content = true
 
 #
-# Allow confined applications to run with kerberos.
+# Determine whether icecast can listen
+# on and connect to any TCP port.
+# 
+icecast_use_any_tcp_ports = false
+
+#
+# Determine whether kerberos is supported.
 # 
 allow_kerberos = false
 
 #
-# Use lpd server instead of cups
+# Determine whether to support lpd server.
 # 
 use_lpd_server = false
 
 #
-# Allow confined web browsers to read home directory content
+# Determine whether the script domain can
+# modify public files used for public file
+# transfer services. Directories/Files must
+# be labeled public_content_rw_t.
 # 
-mozilla_read_content = false
+allow_httpd_mediawiki_script_anon_write = false
 
 #
-# Allow mplayer executable stack
+# Determine whether minidlna can read generic user content.
 # 
-allow_mplayer_execstack = false
+minidlna_read_generic_user_content = false
 
 #
-# Allow mysqld to connect to all ports
+# Determine whether the script domain can
+# modify public files used for public file
+# transfer services. Directories/Files must
+# be labeled public_content_rw_t.
 # 
-mysql_connect_any = false
+allow_httpd_mojomojo_script_anon_write = false
 
 #
-# Allow openvpn to read home directories
+# Allow monit to start/stop services
 # 
-openvpn_enable_homedirs = false
+monit_startstop_services = false
 
 #
-# Allow the portage domains to use NFS mounts (regular nfs_t)
+# Determine whether mpd can traverse
+# user home directories.
 # 
-portage_use_nfs = false
+mpd_enable_homedirs = false
 
 #
-# Allow pppd to load kernel modules for certain modems
+# Determine whether mpd can use
+# cifs file systems.
 # 
-pppd_can_insmod = false
+mpd_use_cifs = false
 
 #
-# Allow pppd to be run for a regular user
+# Determine whether mpd can use
+# nfs file systems.
 # 
-pppd_for_user = false
+mpd_use_nfs = false
 
 #
-# Allow privoxy to connect to all ports, not just
-# HTTP, FTP, and Gopher ports.
+# Determine whether the script domain can
+# modify public files used for public file
+# transfer services. Directories/Files must
+# be labeled public_content_rw_t.
 # 
-privoxy_connect_any = false
+allow_httpd_munin_script_anon_write = false
 
 #
-# Allow Puppet client to manage all file
-# types.
+# Determine whether mysqld can
+# connect to all TCP ports.
 # 
-puppet_manage_all_files = false
+mysql_connect_any = false
 
 #
-# Allow qemu to connect fully to the network
+# Determine whether the script domain can
+# modify public files used for public file
+# transfer services. Directories/Files must
+# be labeled public_content_rw_t.
 # 
-qemu_full_network = false
+allow_httpd_nagios_script_anon_write = false
 
 #
-# Allow qemu to use cifs/Samba file systems
+# Determine whether confined applications
+# can use nscd shared memory.
 # 
-qemu_use_cifs = true
+nscd_use_shm = false
 
 #
-# Allow qemu to use serial/parallel communication ports
+# Determine whether the script domain can
+# modify public files used for public file
+# transfer services. Directories/Files must
+# be labeled public_content_rw_t.
 # 
-qemu_use_comm = false
+allow_httpd_nutups_cgi_script_anon_write = false
 
 #
-# Allow qemu to use nfs file systems
+# Determine whether openvpn can
+# read generic user home content files.
 # 
-qemu_use_nfs = true
+openvpn_enable_homedirs = false
 
 #
-# Allow qemu to use usb devices
+# Determine whether openvpn can
+# connect to the TCP network.
 # 
-qemu_use_usb = true
+openvpn_can_network_connect = false
 
 #
-# Allow rgmanager domain to connect to the network using TCP.
+# Determine whether Polipo system
+# daemon can access CIFS file systems.
 # 
-rgmanager_can_network_connect = false
+polipo_system_use_cifs = false
 
 #
-# Allow fenced domain to connect to the network using TCP.
+# Determine whether Polipo system
+# daemon can access NFS file systems.
 # 
-fenced_can_network_connect = false
+polipo_system_use_nfs = false
 
 #
-# Allow gssd to read temp directory.  For access to kerberos tgt.
+# Determine whether calling user domains
+# can execute Polipo daemon in the
+# polipo_session_t domain.
 # 
-allow_gssd_read_tmp = true
+polipo_session_users = false
 
 #
-# Allow nfs servers to modify public files
-# used for public file transfer services.  Files/Directories must be
-# labeled public_content_rw_t.
+# Determine whether Polipo session daemon
+# can send syslog messages.
 # 
-allow_nfsd_anon_write = false
+polipo_session_send_syslog_msg = false
 
 #
-# Allow rsync to export any files/directories read only.
+# Determine whether postfix local
+# can manage mail spool content.
 # 
-rsync_export_all_ro = false
+postfix_local_write_mail_spool = true
 
 #
-# Allow rsync to modify public files
-# used for public file transfer services.  Files/Directories must be
-# labeled public_content_rw_t.
+# Grant the postfix domains read access to generic user content
 # 
-allow_rsync_anon_write = false
+postfix_read_generic_user_content = true
 
 #
-# Allow samba to modify public files used for public file
-# transfer services.  Files/Directories must be labeled
-# public_content_rw_t.
+# Grant the postfix domains read access to all user content
 # 
-allow_smbd_anon_write = false
+postfix_read_all_user_content = false
 
 #
-# Allow samba to create new home directories (e.g. via PAM)
+# Grant the postfix domains manage rights on generic user content
 # 
-samba_create_home_dirs = false
+postfix_manage_generic_user_content = false
 
 #
-# Allow samba to act as the domain controller, add users,
-# groups and change passwords.
+# Grant the postfix domains manage rights on all user content
 # 
-samba_domain_controller = false
+postfix_manage_all_user_content = false
 
 #
-# Allow samba to share users home directories.
+# Allow unprived users to execute DDL statement
 # 
-samba_enable_home_dirs = false
+sepgsql_enable_users_ddl = false
 
 #
-# Allow samba to share any file/directory read only.
+# Allow transmit client label to foreign database
 # 
-samba_export_all_ro = false
+sepgsql_transmit_client_label = false
 
 #
-# Allow samba to share any file/directory read/write.
+# Allow database admins to execute DML statement
 # 
-samba_export_all_rw = false
+sepgsql_unconfined_dbadm = false
 
 #
-# Allow samba to run unconfined scripts
+# Determine whether pppd can
+# load kernel modules.
 # 
-samba_run_unconfined = false
+pppd_can_insmod = false
 
 #
-# Allow samba to export NFS volumes.
+# Determine whether common users can
+# run pppd with a domain transition.
 # 
-samba_share_nfs = false
+pppd_for_user = false
 
 #
-# Allow samba to export ntfs/fusefs volumes.
+# Determine whether the script domain can
+# modify public files used for public file
+# transfer services. Directories/Files must
+# be labeled public_content_rw_t.
 # 
-samba_share_fusefs = false
+allow_httpd_prewikka_script_anon_write = false
 
 #
-# Allow confined virtual guests to manage nfs files
+# Determine whether privoxy can
+# connect to all tcp ports.
 # 
-sanlock_use_nfs = false
+privoxy_connect_any = false
 
 #
-# Allow confined virtual guests to manage cifs files
+# Determine whether rgmanager can
+# connect to the network using TCP.
 # 
-sanlock_use_samba = false
+rgmanager_can_network_connect = false
 
 #
-# Allow sasl to read shadow
+# Determine whether fenced can
+# connect to the TCP network.
 # 
-allow_saslauthd_read_shadow = false
+fenced_can_network_connect = false
 
 #
-# Enable additional permissions needed to support
-# devices on 3ware controllers.
+# Determine whether fenced can use ssh.
 # 
-smartmon_3ware = false
+fenced_can_ssh = false
 
 #
-# Allow user spamassassin clients to use the network.
+# Determine whether gssd can read
+# generic user temporary content.
 # 
-spamassassin_can_network = false
+allow_gssd_read_tmp = false
 
 #
-# Allow spamd to read/write user home directories.
+# Determine whether gssd can write
+# generic user temporary content.
 # 
-spamd_enable_home_dirs = true
+allow_gssd_write_tmp = false
 
 #
-# Allow squid to connect to all ports, not just
-# HTTP, FTP, and Gopher ports.
+# Determine whether nfs can modify
+# public files used for public file
+# transfer services. Directories/Files must
+# be labeled public_content_rw_t.
 # 
-squid_connect_any = false
+allow_nfsd_anon_write = false
 
 #
-# Allow squid to run as a transparent proxy (TPROXY)
+# Determine whether rsync can use
+# cifs file systems.
 # 
-squid_use_tproxy = false
+rsync_use_cifs = false
 
 #
-# Allow the Telepathy connection managers
-# to connect to any generic TCP port.
+# Determine whether rsync can
+# use fuse file systems.
 # 
-telepathy_tcp_connect_generic_network_ports = false
+rsync_use_fusefs = false
 
 #
-# Allow the Telepathy connection managers
-# to connect to any network port.
+# Determine whether rsync can use
+# nfs file systems.
 # 
-telepathy_connect_all_ports = false
+rsync_use_nfs = false
 
 #
-# Allow tftp to modify public files
-# used for public file transfer services.
+# Determine whether rsync can
+# run as a client
 # 
-tftp_anon_write = false
+rsync_client = false
 
 #
-# Allow tor daemon to bind
-# tcp sockets to all unreserved ports.
+# Determine whether rsync can
+# export all content read only.
 # 
-tor_bind_all_unreserved_ports = false
+rsync_export_all_ro = false
 
 #
-# Allow varnishd to connect to all ports,
-# not just HTTP.
+# Determine whether rsync can modify
+# public files used for public file
+# transfer services. Directories/Files must
+# be labeled public_content_rw_t.
 # 
-varnishd_connect_any = false
+allow_rsync_anon_write = false
 
 #
-# Ignore vbetool mmap_zero errors.
+# Determine whether smbd_t can
+# read shadow files.
 # 
-vbetool_mmap_zero_ignore = false
+samba_read_shadow = false
 
 #
-# Allow virt to use serial/parallell communication ports
+# Determine whether samba can modify
+# public files used for public file
+# transfer services. Directories/Files must
+# be labeled public_content_rw_t.
 # 
-virt_use_comm = false
+allow_smbd_anon_write = false
 
 #
-# Allow virt to read fuse files
+# Determine whether samba can
+# create home directories via pam.
 # 
-virt_use_fusefs = false
+samba_create_home_dirs = false
 
 #
-# Allow virt to manage nfs files
+# Determine whether samba can act as the
+# domain controller, add users, groups
+# and change passwords.
 # 
-virt_use_nfs = false
+samba_domain_controller = false
 
 #
-# Allow virt to manage cifs files
+# Determine whether samba can
+# act as a portmapper.
 # 
-virt_use_samba = false
+samba_portmapper = false
 
 #
-# Allow virt to manage device configuration, (pci)
+# Determine whether samba can share
+# users home directories.
 # 
-virt_use_sysfs = false
+samba_enable_home_dirs = false
 
 #
-# Allow virt to use usb devices
+# Determine whether samba can share
+# any content read only.
 # 
-virt_use_usb = true
+samba_export_all_ro = false
 
 #
-# Allow webadm to manage files in users home directories
+# Determine whether samba can share any
+# content readable and writable.
 # 
-webadm_manage_user_files = false
+samba_export_all_rw = false
 
 #
-# Allow webadm to read files in users home directories
+# Determine whether samba can
+# run unconfined scripts.
 # 
-webadm_read_user_files = false
+samba_run_unconfined = false
 
 #
-# Ignore wine mmap_zero errors.
+# Determine whether samba can
+# use nfs file systems.
 # 
-wine_mmap_zero_ignore = false
+samba_share_nfs = false
 
 #
-# Allow xend to run blktapctrl/tapdisk.
-# Not required if using dedicated logical volumes for disk images.
+# Determine whether samba can
+# use fuse file systems.
 # 
-xend_run_blktap = true
+samba_share_fusefs = false
 
 #
-# Allow xend to run qemu-dm.
-# Not required if using paravirt and no vfb.
+# Determine whether sanlock can use
+# nfs file systems.
 # 
-xend_run_qemu = true
+sanlock_use_nfs = false
 
 #
-# Allow xen to manage nfs files
+# Determine whether sanlock can use
+# cifs file systems.
 # 
-xen_use_nfs = false
+sanlock_use_samba = false
 
 #
-# Allow xguest users to mount removable media
+# Determine whether sasl can
+# read shadow files.
 # 
-xguest_mount_media = true
+allow_saslauthd_read_shadow = false
 
 #
-# Allow xguest to configure Network Manager
+# Determine whether smartmon can support
+# devices on 3ware controllers.
 # 
-xguest_connect_network = true
+smartmon_3ware = false
 
 #
-# Allow xguest to use blue tooth devices
+# Determine whether the script domain can
+# modify public files used for public file
+# transfer services. Directories/Files must
+# be labeled public_content_rw_t.
 # 
-xguest_use_bluetooth = true
+allow_httpd_smokeping_cgi_script_anon_write = false
 
 #
-# Allow zebra daemon to write it configuration files
+# Determine whether spamassassin
+# clients can use the network.
 # 
-allow_zebra_write_config = false
+spamassassin_can_network = false
 
 #
-# Control the ability to mmap a low area of the address space,
-# as configured by /proc/sys/kernel/mmap_min_addr.
+# Determine whether spamd can manage
+# generic user home content.
 # 
-mmap_low_allowed = false
+spamd_enable_home_dirs = false
 
 #
-# Allow sysadm to debug or ptrace all processes.
+# Determine whether squid can
+# connect to all TCP ports.
 # 
-allow_ptrace = false
+squid_connect_any = false
 
 #
-# Allow unprived users to execute DDL statement
+# Determine whether squid can run
+# as a transparent proxy.
 # 
-sepgsql_enable_users_ddl = true
+squid_use_tproxy = false
 
 #
-# Allow transmit client label to foreign database
+# Determine whether squid can use the
+# pinger daemon (needs raw net access)
 # 
-sepgsql_transmit_client_label = false
+squid_use_pinger = true
 
 #
-# Allow database admins to execute DML statement
+# Determine whether the script domain can
+# modify public files used for public file
+# transfer services. Directories/Files must
+# be labeled public_content_rw_t.
 # 
-sepgsql_unconfined_dbadm = true
+allow_httpd_squid_script_anon_write = false
 
 #
 # allow host key based authentication
@@ -663,6 +1761,100 @@ allow_ssh_keysign = false
 ssh_sysadm_login = false
 
 #
+# Allow ssh to use gpg-agent
+# 
+ssh_use_gpg_agent = false
+
+#
+# Determine whether tftp can modify
+# public files used for public file
+# transfer services. Directories/Files must
+# be labeled public_content_rw_t.
+# 
+tftp_anon_write = false
+
+#
+# Determine whether tftp can manage
+# generic user home content.
+# 
+tftp_enable_homedir = false
+
+#
+# Determine whether tor can bind
+# tcp sockets to all unreserved ports.
+# 
+tor_bind_all_unreserved_ports = false
+
+#
+# Determine whether varnishd can
+# use the full TCP network.
+# 
+varnishd_connect_any = false
+
+#
+# Determine whether confined virtual guests
+# can use serial/parallel communication ports.
+# 
+virt_use_comm = false
+
+#
+# Determine whether confined virtual guests
+# can use executable memory and can make
+# their stack executable.
+# 
+virt_use_execmem = false
+
+#
+# Determine whether confined virtual guests
+# can use fuse file systems.
+# 
+virt_use_fusefs = false
+
+#
+# Determine whether confined virtual guests
+# can use nfs file systems.
+# 
+virt_use_nfs = false
+
+#
+# Determine whether confined virtual guests
+# can use cifs file systems.
+# 
+virt_use_samba = false
+
+#
+# Determine whether confined virtual guests
+# can manage device configuration.
+# 
+virt_use_sysfs = false
+
+#
+# Determine whether confined virtual guests
+# can use usb devices.
+# 
+virt_use_usb = false
+
+#
+# Determine whether confined virtual guests
+# can interact with xserver.
+# 
+virt_use_xserver = false
+
+#
+# Determine whether confined virtual guests
+# can use vfio for pci device pass through (vt-d).
+# 
+virt_use_vfio = false
+
+#
+# Determine whether the script domain can
+# modify public files used for public file
+# transfer services. Directories/Files must
+# be labeled public_content_rw_t.
+# 
+allow_httpd_w3c_validator_script_anon_write = false
+
+#
 # Allows clients to write to the X server shared
 # memory segments.
 # 
@@ -674,11 +1866,29 @@ allow_write_xshm = false
 xdm_sysadm_login = false
 
 #
+# Use gnome-shell in gdm mode as the
+# X Display Manager (XDM)
+# 
+xserver_gnome_xdm = false
+
+#
 # Support X userspace object manager
 # 
 xserver_object_manager = false
 
 #
+# Determine whether zabbix can
+# connect to all TCP ports
+# 
+zabbix_can_network = false
+
+#
+# Determine whether zebra daemon can
+# manage its configuration files.
+# 
+allow_zebra_write_config = false
+
+#
 # Allow users to resolve user passwd entries directly from ldap rather then using a sssd server
 # 
 authlogin_nsswitch_use_ldap = false
@@ -689,6 +1899,11 @@ authlogin_nsswitch_use_ldap = false
 init_upstart = false
 
 #
+# Allow all daemons the ability to read/write terminals
+# 
+init_daemons_use_tty = false
+
+#
 # Allow racoon to read shadow
 # 
 racoon_read_shadow = false
@@ -699,6 +1914,25 @@ racoon_read_shadow = false
 allow_mount_anyfile = false
 
 #
+# Enable support for systemd-tmpfiles to manage all non-security files.
+# 
+systemd_tmpfiles_manage_all = false
+
+#
+# Allow systemd-nspawn to create a labelled namespace with the same types
+# as parent environment
+# 
+systemd_nspawn_labeled_namespace = false
+
+#
+# Determine whether tmpfiles can manage
+# all non-security sensitive resources.
+# Without this, it is only allowed rights towards
+# /run, /tmp, /dev and /var/lock.
+# 
+tmpfiles_manage_all_non_security = true
+
+#
 # Allow users to connect to mysql
 # 
 allow_user_mysql_connect = false
@@ -725,11 +1959,48 @@ user_dmesg = false
 user_rw_noexattrfile = false
 
 #
+# Allow user to execute files on filesystems
+# that do not have extended attributes (FAT, CDROM, FLOPPY)
+# 
+user_exec_noexattrfile = false
+
+#
+# Allow user to write files on removable
+# devices (e.g. external USB memory
+# devices or floppies)
+# 
+user_write_removable = false
+
+#
 # Allow w to display everyone
 # 
 user_ttyfile_stat = false
 
 #
+# Determine whether xend can
+# run blktapctrl and tapdisk.
+# 
+xend_run_blktap = false
+
+#
+# Determine whether xen can
+# use fusefs file systems.
+# 
+xen_use_fusefs = false
+
+#
+# Determine whether xen can
+# use nfs file systems.
+# 
+xen_use_nfs = false
+
+#
+# Determine whether xen can
+# use samba file systems.
+# 
+xen_use_samba = false
+
+#
 # Allow unconfined executables to make their heap memory executable.  Doing this is a really bad idea. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla
 # 
 allow_execheap = false
@@ -811,3 +2082,89 @@ use_samba_home_dirs = false
 # 
 user_tcp_server = false
 
+#
+# Allow users to run UDP servers (bind to ports and accept connection from
+# the same domain and outside users)
+# 
+user_udp_server = false
+
+#
+# Allow mozilla to read generic user content (i.e. content that is not specific to an application).
+# 
+mozilla_read_generic_user_content = true
+
+#
+# Allow mozilla to read all user content (including content that is specific to an application, such as the configuration files of other applications in the users home directory).
+# 
+mozilla_read_all_user_content = false
+
+#
+# Allow mozilla to manage generic user content (i.e. content that is not specific to an application).
+# 
+mozilla_manage_generic_user_content = false
+
+#
+# Allow mozilla to manage all user content (including content that is specific to an application, such as the configuration files of other applications in the users home directory).
+# 
+mozilla_manage_all_user_content = false
+
+#
+# Allow chromium to read generic user content (i.e. content that is not specific to an application).
+# 
+chromium_read_generic_user_content = true
+
+#
+# Allow chromium to read all user content (including content that is specific to an application, such as the configuration files of other applications in the users home directory).
+# 
+chromium_read_all_user_content = false
+
+#
+# Allow chromium to manage generic user content (i.e. content that is not specific to an application).
+# 
+chromium_manage_generic_user_content = false
+
+#
+# Allow chromium to manage all user content (including content that is specific to an application, such as the configuration files of other applications in the users home directory).
+# 
+chromium_manage_all_user_content = false
+
+#
+# Allow mutt to read generic user content (i.e. content that is not specific to an application).
+# 
+mutt_read_generic_user_content = true
+
+#
+# Allow mutt to read all user content (including content that is specific to an application, such as the configuration files of other applications in the users home directory).
+# 
+mutt_read_all_user_content = false
+
+#
+# Allow mutt to manage generic user content (i.e. content that is not specific to an application).
+# 
+mutt_manage_generic_user_content = false
+
+#
+# Allow mutt to manage all user content (including content that is specific to an application, such as the configuration files of other applications in the users home directory).
+# 
+mutt_manage_all_user_content = false
+
+#
+# Allow thunderbird to read generic user content (i.e. content that is not specific to an application).
+# 
+thunderbird_read_generic_user_content = true
+
+#
+# Allow thunderbird to read all user content (including content that is specific to an application, such as the configuration files of other applications in the users home directory).
+# 
+thunderbird_read_all_user_content = false
+
+#
+# Allow thunderbird to manage generic user content (i.e. content that is not specific to an application).
+# 
+thunderbird_manage_generic_user_content = false
+
+#
+# Allow thunderbird to manage all user content (including content that is specific to an application, such as the configuration files of other applications in the users home directory).
+# 
+thunderbird_manage_all_user_content = false
+
diff --git a/policy/modules.conf b/policy/modules.conf
index b9b41d91b..a8d55cbd7 100644
--- a/policy/modules.conf
+++ b/policy/modules.conf
@@ -110,6 +110,83 @@ terminal = base
 ubac = base
 
 # Layer: admin
+# Module: acct
+#
+# Berkeley process accounting.
+# 
+acct = module
+
+# Layer: admin
+# Module: aide
+#
+# Aide filesystem integrity checker.
+# 
+aide = module
+
+# Layer: admin
+# Module: alsa
+#
+# Advanced Linux Sound Architecture utilities.
+# 
+alsa = module
+
+# Layer: admin
+# Module: amanda
+#
+# Advanced Maryland Automatic Network Disk Archiver.
+# 
+amanda = module
+
+# Layer: admin
+# Module: amtu
+#
+# Abstract Machine Test Utility.
+# 
+amtu = module
+
+# Layer: admin
+# Module: anaconda
+#
+# Anaconda installer.
+# 
+anaconda = module
+
+# Layer: admin
+# Module: apt
+#
+# Advanced package tool.
+# 
+apt = module
+
+# Layer: admin
+# Module: backup
+#
+# System backup scripts.
+# 
+backup = module
+
+# Layer: admin
+# Module: bacula
+#
+# Cross platform network backup.
+# 
+bacula = module
+
+# Layer: admin
+# Module: bcfg2
+#
+# configuration management suite.
+# 
+bcfg2 = module
+
+# Layer: admin
+# Module: blueman
+#
+# Tool to manage Bluetooth devices.
+# 
+blueman = module
+
+# Layer: admin
 # Module: bootloader
 #
 # Policy for the kernel modules, kernel image, and bootloader.
@@ -117,6 +194,34 @@ ubac = base
 bootloader = module
 
 # Layer: admin
+# Module: brctl
+#
+# Utilities for configuring the Linux ethernet bridge.
+# 
+brctl = module
+
+# Layer: admin
+# Module: certwatch
+#
+# Digital Certificate Tracking.
+# 
+certwatch = module
+
+# Layer: admin
+# Module: cfengine
+#
+# System administration tool for networks.
+# 
+cfengine = module
+
+# Layer: admin
+# Module: chkrootkit
+#
+# chkrootkit - rootkit checker.
+# 
+chkrootkit = module
+
+# Layer: admin
 # Module: consoletype
 #
 # Determine of the console connected to the controlling terminal.
@@ -124,6 +229,13 @@ bootloader = module
 consoletype = module
 
 # Layer: admin
+# Module: ddcprobe
+#
+# ddcprobe retrieves monitor and graphics card information.
+# 
+ddcprobe = module
+
+# Layer: admin
 # Module: dmesg
 #
 # Policy for dmesg.
@@ -131,6 +243,111 @@ consoletype = module
 dmesg = module
 
 # Layer: admin
+# Module: dmidecode
+#
+# Decode DMI data for x86/ia64 bioses.
+# 
+dmidecode = module
+
+# Layer: admin
+# Module: dphysswapfile
+#
+# Set up, mount/unmount, and delete an swap file.
+# 
+dphysswapfile = module
+
+# Layer: admin
+# Module: dpkg
+#
+# Debian package manager.
+# 
+dpkg = module
+
+# Layer: admin
+# Module: fakehwclock
+#
+# fake-hwclock - Control fake hardware clock.
+# 
+fakehwclock = module
+
+# Layer: admin
+# Module: firstboot
+#
+# Initial system configuration utility.
+# 
+firstboot = module
+
+# Layer: admin
+# Module: hwloc
+#
+# Dump topology and locality information from hardware tables.
+# 
+hwloc = module
+
+# Layer: admin
+# Module: kdump
+#
+# Kernel crash dumping mechanism.
+# 
+kdump = module
+
+# Layer: admin
+# Module: kdumpgui
+#
+# System-config-kdump GUI.
+# 
+kdumpgui = module
+
+# Layer: admin
+# Module: kismet
+#
+# IEEE 802.11 wireless LAN sniffer.
+# 
+kismet = module
+
+# Layer: admin
+# Module: kudzu
+#
+# Hardware detection and configuration tools.
+# 
+kudzu = module
+
+# Layer: admin
+# Module: logrotate
+#
+# Rotates, compresses, removes and mails system log files.
+# 
+logrotate = module
+
+# Layer: admin
+# Module: logwatch
+#
+# System log analyzer and reporter.
+# 
+logwatch = module
+
+# Layer: admin
+# Module: mcelog
+#
+# Linux hardware error daemon.
+# 
+mcelog = module
+
+# Layer: admin
+# Module: mrtg
+#
+# Network traffic graphing.
+# 
+mrtg = module
+
+# Layer: admin
+# Module: ncftool
+#
+# Cross-platform network configuration library.
+# 
+ncftool = module
+
+# Layer: admin
 # Module: netutils
 #
 # Network analysis utilities
@@ -138,9 +355,114 @@ dmesg = module
 netutils = module
 
 # Layer: admin
+# Module: passenger
+#
+# Ruby on rails deployment for Apache and Nginx servers.
+# 
+passenger = module
+
+# Layer: admin
+# Module: portage
+#
+# Package Management System.
+# 
+portage = module
+
+# Layer: admin
+# Module: prelink
+#
+# Prelink ELF shared library mappings.
+# 
+prelink = module
+
+# Layer: admin
+# Module: puppet
+#
+# Configuration management system.
+# 
+puppet = module
+
+# Layer: admin
+# Module: quota
+#
+# File system quota management.
+# 
+quota = module
+
+# Layer: admin
+# Module: readahead
+#
+# Read files into page cache for improved performance.
+# 
+readahead = module
+
+# Layer: admin
+# Module: rkhunter
+#
+# rkhunter - rootkit checker.
+# 
+rkhunter = module
+
+# Layer: admin
+# Module: rpm
+#
+# Redhat package manager.
+# 
+rpm = module
+
+# Layer: admin
+# Module: samhain
+#
+# Check file integrity.
+# 
+samhain = module
+
+# Layer: admin
+# Module: sblim
+#
+# Standards Based Linux Instrumentation for Manageability.
+# 
+sblim = module
+
+# Layer: admin
+# Module: sectoolm
+#
+# Sectool security audit tool.
+# 
+sectoolm = module
+
+# Layer: admin
+# Module: shorewall
+#
+# Shoreline Firewall high-level tool for configuring netfilter.
+# 
+shorewall = module
+
+# Layer: admin
+# Module: shutdown
+#
+# System shutdown command.
+# 
+shutdown = module
+
+# Layer: admin
+# Module: smoltclient
+#
+# The Fedora hardware profiler client.
+# 
+smoltclient = module
+
+# Layer: admin
+# Module: sosreport
+#
+# Generate debugging information for system.
+# 
+sosreport = module
+
+# Layer: admin
 # Module: su
 #
-# Run shells with substitute user and group
+# Run shells with substitute user and group.
 # 
 su = module
 
@@ -152,12 +474,306 @@ su = module
 sudo = module
 
 # Layer: admin
+# Module: sxid
+#
+# SUID/SGID program monitoring.
+# 
+sxid = module
+
+# Layer: admin
+# Module: tboot
+#
+# Utilities for the tboot TXT module.
+# 
+tboot = module
+
+# Layer: admin
+# Module: tmpreaper
+#
+# Manage temporary directory sizes and file ages.
+# 
+tmpreaper = module
+
+# Layer: admin
+# Module: tripwire
+#
+# File integrity checker.
+# 
+tripwire = module
+
+# Layer: admin
+# Module: tzdata
+#
+# Time zone updater.
+# 
+tzdata = module
+
+# Layer: admin
+# Module: updfstab
+#
+# Red Hat utility to change fstab.
+# 
+updfstab = module
+
+# Layer: admin
+# Module: usbmodules
+#
+# List kernel modules of USB devices.
+# 
+usbmodules = module
+
+# Layer: admin
 # Module: usermanage
 #
 # Policy for managing user accounts.
 # 
 usermanage = module
 
+# Layer: admin
+# Module: vbetool
+#
+# run real-mode video BIOS code to alter hardware state.
+# 
+vbetool = module
+
+# Layer: admin
+# Module: vpn
+#
+# Virtual Private Networking client.
+# 
+vpn = module
+
+# Layer: apps
+# Module: ada
+#
+# GNAT Ada95 compiler.
+# 
+ada = module
+
+# Layer: apps
+# Module: awstats
+#
+# Log file analyzer for advanced statistics.
+# 
+awstats = module
+
+# Layer: apps
+# Module: calamaris
+#
+# Squid log analysis.
+# 
+calamaris = module
+
+# Layer: apps
+# Module: cdrecord
+#
+# Record audio or data Compact Discs from a master.
+# 
+cdrecord = module
+
+# Layer: apps
+# Module: chromium
+#
+# Chromium browser
+# 
+chromium = module
+
+# Layer: apps
+# Module: cpufreqselector
+#
+# Command-line CPU frequency settings.
+# 
+cpufreqselector = module
+
+# Layer: apps
+# Module: evolution
+#
+# Evolution email client.
+# 
+evolution = module
+
+# Layer: apps
+# Module: firewallgui
+#
+# system-config-firewall dbus system service.
+# 
+firewallgui = module
+
+# Layer: apps
+# Module: games
+#
+# Various games.
+# 
+games = module
+
+# Layer: apps
+# Module: gift
+#
+# Peer to peer file sharing tool.
+# 
+gift = module
+
+# Layer: apps
+# Module: gitosis
+#
+# Tools for managing and hosting git repositories.
+# 
+gitosis = module
+
+# Layer: apps
+# Module: gnome
+#
+# GNU network object model environment.
+# 
+gnome = module
+
+# Layer: apps
+# Module: gpg
+#
+# Policy for GNU Privacy Guard and related programs.
+# 
+gpg = module
+
+# Layer: apps
+# Module: irc
+#
+# IRC client policy.
+# 
+irc = module
+
+# Layer: apps
+# Module: java
+#
+# Java virtual machine
+# 
+java = module
+
+# Layer: apps
+# Module: libmtp
+#
+# libmtp: An Initiatior implementation of the Media Transfer Protocol (MTP).
+# 
+libmtp = module
+
+# Layer: apps
+# Module: lightsquid
+#
+# Log analyzer for squid proxy.
+# 
+lightsquid = module
+
+# Layer: apps
+# Module: livecd
+#
+# Tool for building alternate livecd for different os and policy versions.
+# 
+livecd = module
+
+# Layer: apps
+# Module: loadkeys
+#
+# Load keyboard mappings.
+# 
+loadkeys = module
+
+# Layer: apps
+# Module: lockdev
+#
+# Library for locking devices.
+# 
+lockdev = module
+
+# Layer: apps
+# Module: man2html
+#
+# A Unix manpage-to-HTML converter.
+# 
+man2html = module
+
+# Layer: apps
+# Module: mandb
+#
+# On-line manual database.
+# 
+mandb = module
+
+# Layer: apps
+# Module: mono
+#
+# Run .NET server and client applications on Linux.
+# 
+mono = module
+
+# Layer: apps
+# Module: mozilla
+#
+# Policy for Mozilla and related web browsers.
+# 
+mozilla = module
+
+# Layer: apps
+# Module: mplayer
+#
+# Mplayer media player and encoder.
+# 
+mplayer = module
+
+# Layer: apps
+# Module: openoffice
+#
+# Openoffice suite.
+# 
+openoffice = module
+
+# Layer: apps
+# Module: podsleuth
+#
+# Podsleuth is a tool to get information about an Apple (TM) iPod (TM).
+# 
+podsleuth = module
+
+# Layer: apps
+# Module: ptchown
+#
+# helper function for grantpt(3), changes ownship and permissions of pseudotty.
+# 
+ptchown = module
+
+# Layer: apps
+# Module: pulseaudio
+#
+# Pulseaudio network sound server.
+# 
+pulseaudio = module
+
+# Layer: apps
+# Module: qemu
+#
+# QEMU machine emulator and virtualizer.
+# 
+qemu = module
+
+# Layer: apps
+# Module: rssh
+#
+# Restricted (scp/sftp) only shell.
+# 
+rssh = module
+
+# Layer: apps
+# Module: sambagui
+#
+# system-config-samba dbus service.
+# 
+sambagui = module
+
+# Layer: apps
+# Module: screen
+#
+# GNU terminal multiplexer.
+# 
+screen = module
+
 # Layer: apps
 # Module: seunshare
 #
@@ -165,2212 +781,2232 @@ usermanage = module
 # 
 seunshare = module
 
-# Layer: contrib
-# Module: abrt
+# Layer: apps
+# Module: sigrok
 #
-# ABRT - automated bug-reporting tool
+# sigrok signal analysis software suite.
 # 
-abrt = module
+sigrok = module
+
+# Layer: apps
+# Module: slocate
+#
+# Update database for mlocate.
+# 
+slocate = module
+
+# Layer: apps
+# Module: syncthing
+#
+# Application that lets you synchronize your files across multiple devices.
+# 
+syncthing = module
+
+# Layer: apps
+# Module: telepathy
+#
+# Telepathy communications framework.
+# 
+telepathy = module
+
+# Layer: apps
+# Module: thunderbird
+#
+# Thunderbird email client.
+# 
+thunderbird = module
+
+# Layer: apps
+# Module: tvtime
+#
+# High quality television application.
+# 
+tvtime = module
+
+# Layer: apps
+# Module: uml
+#
+# User mode linux tools and services.
+# 
+uml = module
+
+# Layer: apps
+# Module: userhelper
+#
+# A wrapper that helps users run system programs.
+# 
+userhelper = module
+
+# Layer: apps
+# Module: usernetctl
+#
+# User network interface configuration helper.
+# 
+usernetctl = module
+
+# Layer: apps
+# Module: vlock
+#
+# Lock one or more sessions on the Linux console.
+# 
+vlock = module
+
+# Layer: apps
+# Module: vmware
+#
+# VMWare Workstation virtual machines.
+# 
+vmware = module
+
+# Layer: apps
+# Module: webalizer
+#
+# Web server log analysis.
+# 
+webalizer = module
+
+# Layer: apps
+# Module: wine
+#
+# Run Windows programs in Linux.
+# 
+wine = module
+
+# Layer: apps
+# Module: wireshark
+#
+# Wireshark packet capture tool.
+# 
+wireshark = module
+
+# Layer: apps
+# Module: wm
+#
+# X Window Managers.
+# 
+wm = module
+
+# Layer: apps
+# Module: xscreensaver
+#
+# Modular screen saver and locker for X11.
+# 
+xscreensaver = module
+
+# Layer: apps
+# Module: yam
+#
+# Yum/Apt Mirroring.
+# 
+yam = module
 
 # Layer: contrib
-# Module: accountsd
+# Module: android
 #
-# AccountsService and daemon for manipulating user account information via D-Bus
+# Android development tools - adb, fastboot, android studio
 # 
-accountsd = module
+android = module
 
 # Layer: contrib
-# Module: acct
+# Module: at
 #
-# Berkeley process accounting
+# At daemon for running a task a single time
 # 
-acct = module
+at = module
 
 # Layer: contrib
-# Module: ada
+# Module: bitcoin
 #
-# GNAT Ada95 compiler
+# Bitcoin software-based online payment system
 # 
-ada = module
+bitcoin = module
 
 # Layer: contrib
-# Module: afs
+# Module: ceph
 #
-# Andrew Filesystem server
+# Ceph distributed object storage
 # 
-afs = module
+ceph = module
 
 # Layer: contrib
-# Module: aiccu
+# Module: dirsrv
 #
-# Automatic IPv6 Connectivity Client Utility.
+# policy for dirsrv
 # 
-aiccu = module
+dirsrv = module
 
 # Layer: contrib
-# Module: aide
+# Module: dracut
 #
-# Aide filesystem integrity checker
+# Dracut initramfs creation tool
 # 
-aide = module
+dracut = module
 
 # Layer: contrib
-# Module: aisexec
+# Module: dropbox
 #
-# Aisexec Cluster Engine
+# Dropbox client - Store, Sync and Share Files Online
 # 
-aisexec = module
+dropbox = module
 
 # Layer: contrib
-# Module: alsa
+# Module: flash
 #
-# Ainit ALSA configuration tool.
+# Flash player
 # 
-alsa = module
+flash = module
 
 # Layer: contrib
-# Module: amanda
+# Module: googletalk
 #
-# Advanced Maryland Automatic Network Disk Archiver.
+# Google Talk
 # 
-amanda = module
+googletalk = module
 
 # Layer: contrib
-# Module: amavis
+# Module: gorg
 #
-# Daemon that interfaces mail transfer agents and content
-# checkers, such as virus scanners.
+# Policy for gorg
 # 
-amavis = module
+gorg = module
 
 # Layer: contrib
-# Module: amtu
+# Module: kdeconnect
 #
-# Abstract Machine Test Utility.
+# policy for kdeconnect
 # 
-amtu = module
+kdeconnect = module
 
 # Layer: contrib
-# Module: anaconda
+# Module: links
 #
-# Anaconda installer.
+# Links web browser
 # 
-anaconda = module
+links = module
 
 # Layer: contrib
-# Module: apache
+# Module: logsentry
 #
-# Apache web server
+# Log file monitoring tool
 # 
-apache = module
+logsentry = module
 
 # Layer: contrib
-# Module: apcupsd
+# Module: makewhatis
 #
-# APC UPS monitoring daemon
+# Build whatis database from man pages
 # 
-apcupsd = module
+makewhatis = module
 
 # Layer: contrib
-# Module: apm
+# Module: mutt
 #
-# Advanced power management daemon
+# Mutt e-mail client
 # 
-apm = module
+mutt = module
 
 # Layer: contrib
-# Module: apt
+# Module: nginx
 #
-# APT advanced package tool.
+# policy for nginx
 # 
-apt = module
+nginx = module
 
 # Layer: contrib
-# Module: arpwatch
+# Module: openrc
 #
-# Ethernet activity monitor.
+# OpenRC is an init system
 # 
-arpwatch = module
+openrc = module
 
 # Layer: contrib
-# Module: asterisk
+# Module: pan
 #
-# Asterisk IP telephony server
+# Pan news reader client
 # 
-asterisk = module
+pan = module
 
 # Layer: contrib
-# Module: authbind
+# Module: phpfpm
 #
-# Tool for non-root processes to bind to reserved ports
+# PHP FastCGI Process Manager
 # 
-authbind = module
+phpfpm = module
 
 # Layer: contrib
-# Module: automount
+# Module: resolvconf
 #
-# Filesystem automounter service.
+# OpenResolv network configuration management
 # 
-automount = module
+resolvconf = module
 
 # Layer: contrib
-# Module: avahi
+# Module: rtorrent
 #
-# mDNS/DNS-SD daemon implementing Apple ZeroConf architecture
+# rtorrent torrent client
 # 
-avahi = module
+rtorrent = module
 
 # Layer: contrib
-# Module: awstats
+# Module: salt
 #
-# AWStats is a free powerful and featureful tool that generates advanced
-# web, streaming, ftp or mail server statistics, graphically.
+# Infrastructure management toolset
 # 
-awstats = module
+salt = module
 
 # Layer: contrib
-# Module: backup
+# Module: skype
 #
-# System backup scripts
+# Skype softphone.
 # 
-backup = module
+skype = module
 
 # Layer: contrib
-# Module: bacula
+# Module: subsonic
 #
-# bacula backup program
+# Subsonic Music Streaming Server
 # 
-bacula = module
+subsonic = module
 
 # Layer: contrib
-# Module: bcfg2
+# Module: uwsgi
 #
-# bcfg2-server daemon which serves configurations to clients based on the data in its repository
+# uWSGI server for Python web applications
 # 
-bcfg2 = module
+uwsgi = module
 
 # Layer: contrib
+# Module: vde
+#
+# Virtual Distributed Ethernet switch service
+# 
+vde = module
+
+# Layer: kernel
+# Module: storage
+#
+# Policy controlling access to storage devices
+# 
+storage = module
+
+# Layer: roles
+# Module: auditadm
+#
+# Audit administrator role
+# 
+auditadm = module
+
+# Layer: roles
+# Module: dbadm
+#
+# Database administrator role.
+# 
+dbadm = module
+
+# Layer: roles
+# Module: guest
+#
+# Least privledge terminal user role.
+# 
+guest = module
+
+# Layer: roles
+# Module: logadm
+#
+# Log administrator role
+# 
+logadm = module
+
+# Layer: roles
+# Module: secadm
+#
+# Security administrator role
+# 
+secadm = module
+
+# Layer: roles
+# Module: staff
+#
+# Administrator's unprivileged user role
+# 
+staff = module
+
+# Layer: roles
+# Module: sysadm
+#
+# General system administration role
+# 
+sysadm = module
+
+# Layer: roles
+# Module: unprivuser
+#
+# Generic unprivileged user role
+# 
+unprivuser = module
+
+# Layer: roles
+# Module: webadm
+#
+# Web administrator role.
+# 
+webadm = module
+
+# Layer: roles
+# Module: xguest
+#
+# Least privledge xwindows user role.
+# 
+xguest = module
+
+# Layer: services
+# Module: abrt
+#
+# Automated bug-reporting tool.
+# 
+abrt = module
+
+# Layer: services
+# Module: accountsd
+#
+# AccountsService and daemon for manipulating user account information via D-Bus.
+# 
+accountsd = module
+
+# Layer: services
+# Module: acpi
+#
+# Advanced power management.
+# 
+acpi = module
+
+# Layer: services
+# Module: afs
+#
+# Andrew Filesystem server.
+# 
+afs = module
+
+# Layer: services
+# Module: aiccu
+#
+# Automatic IPv6 Connectivity Client Utility.
+# 
+aiccu = module
+
+# Layer: services
+# Module: aisexec
+#
+# Aisexec Cluster Engine.
+# 
+aisexec = module
+
+# Layer: services
+# Module: amavis
+#
+# High-performance interface between an email server and content checkers.
+# 
+amavis = module
+
+# Layer: services
+# Module: apache
+#
+# Various web servers.
+# 
+apache = module
+
+# Layer: services
+# Module: apcupsd
+#
+# APC UPS monitoring daemon.
+# 
+apcupsd = module
+
+# Layer: services
+# Module: arpwatch
+#
+# Ethernet activity monitor.
+# 
+arpwatch = module
+
+# Layer: services
+# Module: asterisk
+#
+# Asterisk IP telephony server.
+# 
+asterisk = module
+
+# Layer: services
+# Module: automount
+#
+# Filesystem automounter service.
+# 
+automount = module
+
+# Layer: services
+# Module: avahi
+#
+# mDNS/DNS-SD daemon implementing Apple ZeroConf architecture.
+# 
+avahi = module
+
+# Layer: services
 # Module: bind
 #
-# Berkeley internet name domain DNS server.
+# Berkeley Internet name domain DNS server.
 # 
 bind = module
 
-# Layer: contrib
-# Module: bitlbee
+# Layer: services
+# Module: bird
 #
-# Bitlbee service
+# BIRD Internet Routing Daemon.
 # 
-bitlbee = module
+bird = module
 
-# Layer: contrib
-# Module: blueman
+# Layer: services
+# Module: bitlbee
 #
-# Blueman is a tool to manage Bluetooth devices
+# Tunnels instant messaging traffic to a virtual IRC channel.
 # 
-blueman = module
+bitlbee = module
 
-# Layer: contrib
+# Layer: services
 # Module: bluetooth
 #
 # Bluetooth tools and system services.
 # 
 bluetooth = module
 
-# Layer: contrib
-# Module: brctl
+# Layer: services
+# Module: boinc
 #
-# Utilities for configuring the linux ethernet bridge
+# Platform for computing using volunteered resources.
 # 
-brctl = module
+boinc = module
 
-# Layer: contrib
+# Layer: services
 # Module: bugzilla
 #
-# Bugzilla server
+# Bugtracker.
 # 
 bugzilla = module
 
-# Layer: contrib
-# Module: calamaris
+# Layer: services
+# Module: cachefilesd
 #
-# Squid log analysis
+# CacheFiles user-space management daemon.
 # 
-calamaris = module
+cachefilesd = module
 
-# Layer: contrib
+# Layer: services
+# Module: callweaver
+#
+# PBX software.
+# 
+callweaver = module
+
+# Layer: services
 # Module: canna
 #
-# Canna - kana-kanji conversion server
+# Kana-kanji conversion server.
 # 
 canna = module
 
-# Layer: contrib
+# Layer: services
 # Module: ccs
 #
-# Cluster Configuration System
+# Cluster Configuration System.
 # 
 ccs = module
 
-# Layer: contrib
-# Module: cdrecord
-#
-# Policy for cdrecord
-# 
-cdrecord = module
-
-# Layer: contrib
+# Layer: services
 # Module: certmaster
 #
-# Certmaster SSL certificate distribution service
+# Remote certificate distribution framework.
 # 
 certmaster = module
 
-# Layer: contrib
+# Layer: services
 # Module: certmonger
 #
-# Certificate status monitor and PKI enrollment client
+# Certificate status monitor and PKI enrollment client.
 # 
 certmonger = module
 
-# Layer: contrib
-# Module: certwatch
+# Layer: services
+# Module: cgmanager
 #
-# Digital Certificate Tracking
+# Control Group manager daemon.
 # 
-certwatch = module
+cgmanager = module
 
-# Layer: contrib
+# Layer: services
 # Module: cgroup
 #
 # libcg is a library that abstracts the control group file system in Linux.
 # 
 cgroup = module
 
-# Layer: contrib
+# Layer: services
 # Module: chronyd
 #
-# Chrony NTP background daemon
+# Chrony NTP background daemon.
 # 
 chronyd = module
 
-# Layer: contrib
+# Layer: services
 # Module: cipe
 #
-# Encrypted tunnel daemon
+# Encrypted tunnel daemon.
 # 
 cipe = module
 
-# Layer: contrib
+# Layer: services
 # Module: clamav
 #
-# ClamAV Virus Scanner
+# ClamAV Virus Scanner.
 # 
 clamav = module
 
-# Layer: contrib
+# Layer: services
 # Module: clockspeed
 #
-# Clockspeed simple network time protocol client
+# Clock speed measurement and manipulation.
 # 
 clockspeed = module
 
-# Layer: contrib
+# Layer: services
 # Module: clogd
 #
-# clogd - Clustered Mirror Log Server
+# Clustered Mirror Log Server.
 # 
 clogd = module
 
-# Layer: contrib
+# Layer: services
 # Module: cmirrord
 #
-# Cluster mirror log daemon
+# Cluster mirror log daemon.
 # 
 cmirrord = module
 
-# Layer: contrib
+# Layer: services
 # Module: cobbler
 #
 # Cobbler installation server.
 # 
 cobbler = module
 
-# Layer: contrib
+# Layer: services
+# Module: collectd
+#
+# Statistics collection daemon for filling RRD files.
+# 
+collectd = module
+
+# Layer: services
 # Module: colord
 #
-# GNOME color manager
+# GNOME color manager.
 # 
 colord = module
 
-# Layer: contrib
+# Layer: services
 # Module: comsat
 #
 # Comsat, a biff server.
 # 
 comsat = module
 
-# Layer: contrib
+# Layer: services
+# Module: condor
+#
+# High-Throughput Computing System.
+# 
+condor = module
+
+# Layer: services
 # Module: consolekit
 #
 # Framework for facilitating multiple user sessions on desktops.
 # 
 consolekit = module
 
-# Layer: contrib
+# Layer: services
 # Module: corosync
 #
-# Corosync Cluster Engine
+# Corosync Cluster Engine.
 # 
 corosync = module
 
-# Layer: contrib
+# Layer: services
+# Module: couchdb
+#
+# Document database server.
+# 
+couchdb = module
+
+# Layer: services
 # Module: courier
 #
-# Courier IMAP and POP3 email servers
+# Courier IMAP and POP3 email servers.
 # 
 courier = module
 
-# Layer: contrib
+# Layer: services
 # Module: cpucontrol
 #
 # Services for loading CPU microcode and CPU frequency scaling.
 # 
 cpucontrol = module
 
-# Layer: contrib
-# Module: cpufreqselector
-#
-# Command-line CPU frequency settings.
-# 
-cpufreqselector = module
-
-# Layer: contrib
+# Layer: services
 # Module: cron
 #
 # Periodic execution of scheduled commands.
 # 
 cron = module
 
-# Layer: contrib
+# Layer: services
+# Module: ctdb
+#
+# Clustered Database based on Samba Trivial Database.
+# 
+ctdb = module
+
+# Layer: services
 # Module: cups
 #
-# Common UNIX printing system
+# Common UNIX printing system.
 # 
 cups = module
 
-# Layer: contrib
+# Layer: services
 # Module: cvs
 #
-# Concurrent versions system
+# Concurrent versions system.
 # 
 cvs = module
 
-# Layer: contrib
+# Layer: services
 # Module: cyphesis
 #
-# Cyphesis WorldForge game server
+# Cyphesis WorldForge game server.
 # 
 cyphesis = module
 
-# Layer: contrib
+# Layer: services
 # Module: cyrus
 #
-# Cyrus is an IMAP service intended to be run on sealed servers
+# Cyrus is an IMAP service intended to be run on sealed servers.
 # 
 cyrus = module
 
-# Layer: contrib
-# Module: daemontools
-#
-# Collection of tools for managing UNIX services
-# 
-daemontools = module
-
-# Layer: contrib
+# Layer: services
 # Module: dante
 #
-# Dante msproxy and socks4/5 proxy server
+# Dante msproxy and socks4/5 proxy server.
 # 
 dante = module
 
-# Layer: contrib
-# Module: dbadm
-#
-# Database administrator role
-# 
-dbadm = module
-
-# Layer: contrib
+# Layer: services
 # Module: dbskk
 #
 # Dictionary server for the SKK Japanese input method system.
 # 
 dbskk = module
 
-# Layer: contrib
+# Layer: services
 # Module: dbus
 #
-# Desktop messaging bus
+# Desktop messaging bus.
 # 
 dbus = module
 
-# Layer: contrib
+# Layer: services
 # Module: dcc
 #
-# Distributed checksum clearinghouse spam filtering
+# Distributed checksum clearinghouse spam filtering.
 # 
 dcc = module
 
-# Layer: contrib
+# Layer: services
 # Module: ddclient
 #
-# Update dynamic IP address at DynDNS.org
+# Update dynamic IP address at DynDNS.org.
 # 
 ddclient = module
 
-# Layer: contrib
-# Module: ddcprobe
-#
-# ddcprobe retrieves monitor and graphics card information
-# 
-ddcprobe = module
-
-# Layer: contrib
+# Layer: services
 # Module: denyhosts
 #
-# DenyHosts SSH dictionary attack mitigation
+# SSH dictionary attack mitigation.
 # 
 denyhosts = module
 
-# Layer: contrib
+# Layer: services
 # Module: devicekit
 #
-# Devicekit modular hardware abstraction layer
+# Devicekit modular hardware abstraction layer.
 # 
 devicekit = module
 
-# Layer: contrib
+# Layer: services
 # Module: dhcp
 #
-# Dynamic host configuration protocol (DHCP) server
+# Dynamic host configuration protocol server.
 # 
 dhcp = module
 
-# Layer: contrib
+# Layer: services
 # Module: dictd
 #
-# Dictionary daemon
+# Dictionary daemon.
 # 
 dictd = module
 
-# Layer: contrib
+# Layer: services
+# Module: dirmngr
+#
+# Server for managing and downloading certificate revocation lists.
+# 
+dirmngr = module
+
+# Layer: services
 # Module: distcc
 #
-# Distributed compiler daemon
+# Distributed compiler daemon.
 # 
 distcc = module
 
-# Layer: contrib
+# Layer: services
 # Module: djbdns
 #
-# small and secure DNS daemon
+# Small and secure DNS daemon.
 # 
 djbdns = module
 
-# Layer: contrib
+# Layer: services
 # Module: dkim
 #
 # DomainKeys Identified Mail milter.
 # 
 dkim = module
 
-# Layer: contrib
-# Module: dmidecode
+# Layer: services
+# Module: dnsmasq
 #
-# Decode DMI data for x86/ia64 bioses.
+# DNS forwarder and DHCP server.
 # 
-dmidecode = module
+dnsmasq = module
 
-# Layer: contrib
-# Module: dnsmasq
+# Layer: services
+# Module: dnssectrigger
 #
-# dnsmasq DNS forwarder and DHCP server
+# Enables DNSSEC protection for DNS traffic.
 # 
-dnsmasq = module
+dnssectrigger = module
 
-# Layer: contrib
+# Layer: services
 # Module: dovecot
 #
-# Dovecot POP and IMAP mail server
+# POP and IMAP mail server.
 # 
 dovecot = module
 
-# Layer: contrib
-# Module: dpkg
+# Layer: services
+# Module: drbd
 #
-# Policy for the Debian package manager.
+# Mirrors a block device over the network to another machine.
 # 
-dpkg = module
+drbd = module
 
-# Layer: contrib
-# Module: entropyd
+# Layer: services
+# Module: dspam
 #
-# Generate entropy from audio input
+# Content-based spam filter designed for multi-user enterprise systems.
 # 
-entropyd = module
+dspam = module
 
-# Layer: contrib
-# Module: evolution
+# Layer: services
+# Module: entropyd
 #
-# Evolution email client
+# Generate entropy from audio input.
 # 
-evolution = module
+entropyd = module
 
-# Layer: contrib
+# Layer: services
 # Module: exim
 #
-# Exim mail transfer agent
+# Mail transfer agent.
 # 
 exim = module
 
-# Layer: contrib
+# Layer: services
 # Module: fail2ban
 #
 # Update firewall filtering to ban IP addresses with too many password failures.
 # 
 fail2ban = module
 
-# Layer: contrib
+# Layer: services
+# Module: fcoe
+#
+# Fibre Channel over Ethernet utilities.
+# 
+fcoe = module
+
+# Layer: services
 # Module: fetchmail
 #
-# Remote-mail retrieval and forwarding utility
+# Remote-mail retrieval and forwarding utility.
 # 
 fetchmail = module
 
-# Layer: contrib
+# Layer: services
 # Module: finger
 #
 # Finger user information service.
 # 
 finger = module
 
-# Layer: contrib
-# Module: firstboot
+# Layer: services
+# Module: firewalld
 #
-# Final system configuration run during the first boot
-# after installation of Red Hat/Fedora systems.
+# Service daemon with a D-BUS interface that provides a dynamic managed firewall.
 # 
-firstboot = module
+firewalld = module
 
-# Layer: contrib
+# Layer: services
 # Module: fprintd
 #
-# DBus fingerprint reader service
+# DBus fingerprint reader service.
 # 
 fprintd = module
 
-# Layer: contrib
+# Layer: services
 # Module: ftp
 #
-# File transfer protocol service
+# File transfer protocol service.
 # 
 ftp = module
 
-# Layer: contrib
-# Module: games
+# Layer: services
+# Module: gatekeeper
 #
-# Games
+# OpenH.323 Voice-Over-IP Gatekeeper.
 # 
-games = module
+gatekeeper = module
 
-# Layer: contrib
-# Module: gatekeeper
+# Layer: services
+# Module: gdomap
 #
-# OpenH.323 Voice-Over-IP Gatekeeper
+# GNUstep distributed object mapper.
 # 
-gatekeeper = module
+gdomap = module
 
-# Layer: contrib
-# Module: gift
+# Layer: services
+# Module: geoclue
 #
-# giFT peer to peer file sharing tool
+# Geoclue is a D-Bus service that provides location information.
 # 
-gift = module
+geoclue = module
 
-# Layer: contrib
+# Layer: services
 # Module: git
 #
 # GIT revision control system.
 # 
 git = module
 
-# Layer: contrib
-# Module: gitosis
-#
-# Tools for managing and hosting git repositories.
-# 
-gitosis = module
-
-# Layer: contrib
+# Layer: services
 # Module: glance
 #
-# policy for glance
+# OpenStack image registry and delivery service.
 # 
 glance = module
 
-# Layer: contrib
-# Module: gnome
+# Layer: services
+# Module: glusterfs
 #
-# GNU network object model environment (GNOME)
+# Cluster File System binary, daemon and command line.
 # 
-gnome = module
+glusterfs = module
 
-# Layer: contrib
+# Layer: services
 # Module: gnomeclock
 #
 # Gnome clock handler for setting the time.
 # 
 gnomeclock = module
 
-# Layer: contrib
-# Module: gpg
-#
-# Policy for GNU Privacy Guard and related programs.
-# 
-gpg = module
-
-# Layer: contrib
+# Layer: services
 # Module: gpm
 #
-# General Purpose Mouse driver
+# General Purpose Mouse driver.
 # 
 gpm = module
 
-# Layer: contrib
+# Layer: services
 # Module: gpsd
 #
-# gpsd monitor daemon
+# gpsd monitor daemon.
 # 
 gpsd = module
 
-# Layer: contrib
-# Module: guest
+# Layer: services
+# Module: gssproxy
 #
-# Least privledge terminal user role
+# policy for gssproxy - daemon to proxy GSSAPI context establishment and channel handling
 # 
-guest = module
+gssproxy = module
 
-# Layer: contrib
+# Layer: services
 # Module: hadoop
 #
 # Software for reliable, scalable, distributed computing.
 # 
 hadoop = module
 
-# Layer: contrib
+# Layer: services
 # Module: hal
 #
-# Hardware abstraction layer
+# Hardware abstraction layer.
 # 
 hal = module
 
-# Layer: contrib
+# Layer: services
 # Module: hddtemp
 #
-# hddtemp hard disk temperature tool running as a daemon.
+# Hard disk temperature tool running as a daemon.
 # 
 hddtemp = module
 
-# Layer: contrib
+# Layer: services
+# Module: hostapd
+#
+# IEEE 802.11 wireless LAN Host AP daemon.
+# 
+hostapd = module
+
+# Layer: services
 # Module: howl
 #
-# Port of Apple Rendezvous multicast DNS
+# Port of Apple Rendezvous multicast DNS.
 # 
 howl = module
 
-# Layer: contrib
+# Layer: services
+# Module: hypervkvp
+#
+# HyperV key value pair (KVP).
+# 
+hypervkvp = module
+
+# Layer: services
 # Module: i18n_input
 #
-# IIIMF htt server
+# IIIMF htt server.
 # 
 i18n_input = module
 
-# Layer: contrib
+# Layer: services
 # Module: icecast
 #
-# ShoutCast compatible streaming media server
+# ShoutCast compatible streaming media server.
 # 
 icecast = module
 
-# Layer: contrib
+# Layer: services
 # Module: ifplugd
 #
 # Bring up/down ethernet interfaces based on cable detection.
 # 
 ifplugd = module
 
-# Layer: contrib
+# Layer: services
 # Module: imaze
 #
-# iMaze game server
+# iMaze game server.
 # 
 imaze = module
 
-# Layer: contrib
+# Layer: services
 # Module: inetd
 #
 # Internet services daemon.
 # 
 inetd = module
 
-# Layer: contrib
+# Layer: services
 # Module: inn
 #
-# Internet News NNTP server
+# Internet News NNTP server.
 # 
 inn = module
 
-# Layer: contrib
-# Module: irc
+# Layer: services
+# Module: iodine
 #
-# IRC client policy
+# IP over DNS tunneling daemon.
 # 
-irc = module
+iodine = module
 
-# Layer: contrib
+# Layer: services
 # Module: ircd
 #
-# IRC server
+# IRC servers.
 # 
 ircd = module
 
-# Layer: contrib
+# Layer: services
 # Module: irqbalance
 #
-# IRQ balancing daemon
+# IRQ balancing daemon.
 # 
 irqbalance = module
 
-# Layer: contrib
-# Module: iscsi
+# Layer: services
+# Module: isns
 #
-# Establish connections to iSCSI devices
+# Internet Storage Name Service.
 # 
-iscsi = module
+isns = module
 
-# Layer: contrib
+# Layer: services
 # Module: jabber
 #
-# Jabber instant messaging server
+# Jabber instant messaging servers.
 # 
 jabber = module
 
-# Layer: contrib
-# Module: java
-#
-# Java virtual machine
-# 
-java = module
-
-# Layer: contrib
-# Module: kdump
-#
-# Kernel crash dumping mechanism
-# 
-kdump = module
-
-# Layer: contrib
-# Module: kdumpgui
+# Layer: services
+# Module: jockey
 #
-# system-config-kdump GUI
+# Jockey driver manager.
 # 
-kdumpgui = module
+jockey = module
 
-# Layer: contrib
+# Layer: services
 # Module: kerberos
 #
-# MIT Kerberos admin and KDC
+# MIT Kerberos admin and KDC.
 # 
 kerberos = module
 
-# Layer: contrib
+# Layer: services
 # Module: kerneloops
 #
-# Service for reporting kernel oopses to kerneloops.org
+# Service for reporting kernel oopses to kerneloops.org.
 # 
 kerneloops = module
 
-# Layer: contrib
-# Module: kismet
+# Layer: services
+# Module: keyboardd
 #
-# Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.
+# Xorg.conf keyboard layout callout.
 # 
-kismet = module
+keyboardd = module
 
-# Layer: contrib
+# Layer: services
+# Module: keystone
+#
+# Python implementation of the OpenStack identity service API.
+# 
+keystone = module
+
+# Layer: services
 # Module: ksmtuned
 #
-# Kernel Samepage Merging (KSM) Tuning Daemon
+# Kernel Samepage Merging Tuning Daemon.
 # 
 ksmtuned = module
 
-# Layer: contrib
+# Layer: services
 # Module: ktalk
 #
-# KDE Talk daemon
+# KDE Talk daemon.
 # 
 ktalk = module
 
-# Layer: contrib
-# Module: kudzu
+# Layer: services
+# Module: l2tp
 #
-# Hardware detection and configuration tools
+# Layer 2 Tunneling Protocol.
 # 
-kudzu = module
+l2tp = module
 
-# Layer: contrib
+# Layer: services
 # Module: ldap
 #
-# OpenLDAP directory server
+# OpenLDAP directory server.
 # 
 ldap = module
 
-# Layer: contrib
+# Layer: services
 # Module: likewise
 #
 # Likewise Active Directory support for UNIX.
 # 
 likewise = module
 
-# Layer: contrib
+# Layer: services
 # Module: lircd
 #
-# Linux infared remote control daemon
+# Linux infared remote control daemon.
 # 
 lircd = module
 
-# Layer: contrib
-# Module: livecd
-#
-# Livecd tool for building alternate livecd for different os and policy versions.
-# 
-livecd = module
-
-# Layer: contrib
-# Module: loadkeys
-#
-# Load keyboard mappings.
-# 
-loadkeys = module
-
-# Layer: contrib
-# Module: lockdev
-#
-# device locking policy for lockdev
-# 
-lockdev = module
-
-# Layer: contrib
-# Module: logrotate
+# Layer: services
+# Module: lldpad
 #
-# Rotate and archive system logs
+# Intel LLDP Agent.
 # 
-logrotate = module
+lldpad = module
 
-# Layer: contrib
-# Module: logwatch
+# Layer: services
+# Module: lpd
 #
-# System log analyzer and reporter
+# Line printer daemon.
 # 
-logwatch = module
+lpd = module
 
-# Layer: contrib
-# Module: lpd
+# Layer: services
+# Module: lsm
 #
-# Line printer daemon
+# Storage array management library.
 # 
-lpd = module
+lsm = module
 
-# Layer: contrib
+# Layer: services
 # Module: mailman
 #
-# Mailman is for managing electronic mail discussion and e-newsletter lists
+# Manage electronic mail discussion and e-newsletter lists.
 # 
 mailman = module
 
-# Layer: contrib
-# Module: mcelog
+# Layer: services
+# Module: mailscanner
 #
-# policy for mcelog
+# E-mail security and anti-spam package for e-mail gateway systems.
 # 
-mcelog = module
+mailscanner = module
 
-# Layer: contrib
+# Layer: services
 # Module: mediawiki
 #
-# Mediawiki policy
+# Open source wiki package written in PHP.
 # 
 mediawiki = module
 
-# Layer: contrib
+# Layer: services
 # Module: memcached
 #
-# high-performance memory object caching system
+# High-performance memory object caching system.
 # 
 memcached = module
 
-# Layer: contrib
+# Layer: services
 # Module: milter
 #
-# Milter mail filters
+# Milter mail filters.
 # 
 milter = module
 
-# Layer: contrib
+# Layer: services
+# Module: minidlna
+#
+# MiniDLNA lightweight DLNA/UPnP media server
+# 
+minidlna = module
+
+# Layer: services
+# Module: minissdpd
+#
+# Daemon used by MiniUPnPc to speed up device discoveries.
+# 
+minissdpd = module
+
+# Layer: services
 # Module: modemmanager
 #
 # Provides a DBus interface to communicate with mobile broadband (GSM, CDMA, UMTS, ...) cards.
 # 
 modemmanager = module
 
-# Layer: contrib
+# Layer: services
 # Module: mojomojo
 #
-# MojoMojo Wiki
+# MojoMojo Wiki.
 # 
 mojomojo = module
 
-# Layer: contrib
-# Module: mono
-#
-# Run .NET server and client applications on Linux.
-# 
-mono = module
-
-# Layer: contrib
-# Module: monop
+# Layer: services
+# Module: mon
 #
-# Monopoly daemon
+# mon network monitoring daemon.
 # 
-monop = module
+mon = module
 
-# Layer: contrib
-# Module: mozilla
+# Layer: services
+# Module: mongodb
 #
-# Policy for Mozilla and related web browsers
+# Scalable, high-performance, open source NoSQL database.
 # 
-mozilla = module
+mongodb = module
 
-# Layer: contrib
-# Module: mpd
+# Layer: services
+# Module: monit
 #
-# Music Player Daemon
+# Monit - utility for monitoring services on a Unix system.
 # 
-mpd = module
+monit = module
 
-# Layer: contrib
-# Module: mplayer
+# Layer: services
+# Module: monop
 #
-# Mplayer media player and encoder
+# Monopoly daemon.
 # 
-mplayer = module
+monop = module
 
-# Layer: contrib
-# Module: mrtg
+# Layer: services
+# Module: mpd
 #
-# Network traffic graphing
+# Music Player Daemon.
 # 
-mrtg = module
+mpd = module
 
-# Layer: contrib
+# Layer: services
 # Module: mta
 #
-# Policy common to all email tranfer agents.
+# Common e-mail transfer agent policy.
 # 
 mta = module
 
-# Layer: contrib
+# Layer: services
 # Module: munin
 #
-# Munin network-wide load graphing (formerly LRRD)
+# Munin network-wide load graphing.
 # 
 munin = module
 
-# Layer: contrib
+# Layer: services
 # Module: mysql
 #
-# Policy for MySQL
+# Open source database.
 # 
 mysql = module
 
-# Layer: contrib
+# Layer: services
 # Module: nagios
 #
-# Net Saint / NAGIOS - network monitoring server
+# Network monitoring server.
 # 
 nagios = module
 
-# Layer: contrib
-# Module: ncftool
-#
-# Netcf network configuration tool (ncftool).
-# 
-ncftool = module
-
-# Layer: contrib
+# Layer: services
 # Module: nessus
 #
-# Nessus network scanning daemon
+# Network scanning daemon.
 # 
 nessus = module
 
-# Layer: contrib
+# Layer: services
 # Module: networkmanager
 #
 # Manager for dynamically switching between networks.
 # 
 networkmanager = module
 
-# Layer: contrib
+# Layer: services
 # Module: nis
 #
-# Policy for NIS (YP) servers and clients
+# Policy for NIS (YP) servers and clients.
 # 
 nis = module
 
-# Layer: contrib
+# Layer: services
 # Module: nscd
 #
-# Name service cache daemon
+# Name service cache daemon.
 # 
 nscd = module
 
-# Layer: contrib
+# Layer: services
 # Module: nsd
 #
-# Authoritative only name server
+# Authoritative only name server.
 # 
 nsd = module
 
-# Layer: contrib
+# Layer: services
 # Module: nslcd
 #
-# nslcd - local LDAP name service daemon.
+# Local LDAP name service daemon.
 # 
 nslcd = module
 
-# Layer: contrib
+# Layer: services
 # Module: ntop
 #
-# Network Top
+# A network traffic probe similar to the UNIX top command.
 # 
 ntop = module
 
-# Layer: contrib
+# Layer: services
 # Module: ntp
 #
-# Network time protocol daemon
+# Network time protocol daemon.
 # 
 ntp = module
 
-# Layer: contrib
+# Layer: services
+# Module: numad
+#
+# Non-Uniform Memory Alignment Daemon.
+# 
+numad = module
+
+# Layer: services
 # Module: nut
 #
-# nut - Network UPS Tools
+# Network UPS Tools
 # 
 nut = module
 
-# Layer: contrib
+# Layer: services
 # Module: nx
 #
-# NX remote desktop
+# NX remote desktop.
 # 
 nx = module
 
-# Layer: contrib
+# Layer: services
 # Module: oav
 #
-# Open AntiVirus scannerdaemon and signature update
+# Open AntiVirus scannerdaemon and signature update.
 # 
 oav = module
 
-# Layer: contrib
+# Layer: services
+# Module: obex
+#
+# D-Bus service providing high-level OBEX client and server side functionality.
+# 
+obex = module
+
+# Layer: services
 # Module: oddjob
 #
-# Oddjob provides a mechanism by which unprivileged applications can
-# request that specified privileged operations be performed on their
-# behalf.
+# D-BUS service which runs odd jobs on behalf of client applications.
 # 
 oddjob = module
 
-# Layer: contrib
+# Layer: services
 # Module: oident
 #
-# SELinux policy for Oident daemon.
+# An ident daemon with IP masq/NAT support and the ability to specify responses.
 # 
 oident = module
 
-# Layer: contrib
+# Layer: services
 # Module: openca
 #
-# OpenCA - Open Certificate Authority
+# Open Certificate Authority.
 # 
 openca = module
 
-# Layer: contrib
+# Layer: services
 # Module: openct
 #
 # Service for handling smart card readers.
 # 
 openct = module
 
-# Layer: contrib
+# Layer: services
+# Module: openhpi
+#
+# Open source implementation of the Service Availability Forum Hardware Platform Interface.
+# 
+openhpi = module
+
+# Layer: services
 # Module: openvpn
 #
-# full-featured SSL VPN solution
+# full-featured SSL VPN solution.
 # 
 openvpn = module
 
-# Layer: contrib
-# Module: pads
+# Layer: services
+# Module: openvswitch
 #
-# Passive Asset Detection System
+# Multilayer virtual switch.
 # 
-pads = module
+openvswitch = module
 
-# Layer: contrib
-# Module: passenger
+# Layer: services
+# Module: pacemaker
 #
-# Ruby on rails deployment for Apache and Nginx servers.
+# A scalable high-availability cluster resource manager.
 # 
-passenger = module
+pacemaker = module
 
-# Layer: contrib
-# Module: pcmcia
+# Layer: services
+# Module: pads
 #
-# PCMCIA card management services
+# Passive Asset Detection System.
 # 
-pcmcia = module
+pads = module
 
-# Layer: contrib
+# Layer: services
 # Module: pcscd
 #
-# PCSC smart card service
+# PCSC smart card service.
 # 
 pcscd = module
 
-# Layer: contrib
+# Layer: services
 # Module: pegasus
 #
 # The Open Group Pegasus CIM/WBEM Server.
 # 
 pegasus = module
 
-# Layer: contrib
+# Layer: services
 # Module: perdition
 #
-# Perdition POP and IMAP proxy
+# Perdition POP and IMAP proxy.
 # 
 perdition = module
 
-# Layer: contrib
+# Layer: services
 # Module: pingd
 #
-# Pingd of the Whatsup cluster node up/down detection utility
+# Pingd of the Whatsup cluster node up/down detection utility.
 # 
 pingd = module
 
-# Layer: contrib
-# Module: plymouthd
+# Layer: services
+# Module: pkcs
 #
-# Plymouth graphical boot
+# Implementations of the Cryptoki specification.
 # 
-plymouthd = module
+pkcs = module
 
-# Layer: contrib
-# Module: podsleuth
+# Layer: services
+# Module: plymouthd
 #
-# Podsleuth is a tool to get information about an Apple (TM) iPod (TM)
+# Plymouth graphical boot.
 # 
-podsleuth = module
+plymouthd = module
 
-# Layer: contrib
+# Layer: services
 # Module: policykit
 #
 # Policy framework for controlling privileges for system-wide services.
 # 
 policykit = module
 
-# Layer: contrib
-# Module: portage
+# Layer: services
+# Module: polipo
 #
-# Portage Package Management System. The primary package management and
-# distribution system for Gentoo.
+# Lightweight forwarding and caching proxy server.
 # 
-portage = module
+polipo = module
 
-# Layer: contrib
+# Layer: services
 # Module: portmap
 #
 # RPC port mapping service.
 # 
 portmap = module
 
-# Layer: contrib
+# Layer: services
 # Module: portreserve
 #
 # Reserve well-known ports in the RPC port range.
 # 
 portreserve = module
 
-# Layer: contrib
+# Layer: services
 # Module: portslave
 #
-# Portslave terminal server software
+# Portslave terminal server software.
 # 
 portslave = module
 
-# Layer: contrib
+# Layer: services
 # Module: postfix
 #
-# Postfix email server
+# Postfix email server.
 # 
 postfix = module
 
-# Layer: contrib
+# Layer: services
 # Module: postfixpolicyd
 #
-# Postfix policy server
+# Postfix policy server.
 # 
 postfixpolicyd = module
 
-# Layer: contrib
+# Layer: services
+# Module: postgresql
+#
+# PostgreSQL relational database
+# 
+postgresql = module
+
+# Layer: services
 # Module: postgrey
 #
-# Postfix grey-listing server
+# Postfix grey-listing server.
 # 
 postgrey = module
 
-# Layer: contrib
+# Layer: services
 # Module: ppp
 #
-# Point to Point Protocol daemon creates links in ppp networks
+# Point to Point Protocol daemon creates links in ppp networks.
 # 
 ppp = module
 
-# Layer: contrib
-# Module: prelink
-#
-# Prelink ELF shared library mappings.
-# 
-prelink = module
-
-# Layer: contrib
+# Layer: services
 # Module: prelude
 #
-# Prelude hybrid intrusion detection system
+# Prelude hybrid intrusion detection system.
 # 
 prelude = module
 
-# Layer: contrib
+# Layer: services
 # Module: privoxy
 #
 # Privacy enhancing web proxy.
 # 
 privoxy = module
 
-# Layer: contrib
+# Layer: services
 # Module: procmail
 #
-# Procmail mail delivery agent
+# Procmail mail delivery agent.
 # 
 procmail = module
 
-# Layer: contrib
+# Layer: services
 # Module: psad
 #
-# Intrusion Detection and Log Analysis with iptables
+# Intrusion Detection and Log Analysis with iptables.
 # 
 psad = module
 
-# Layer: contrib
-# Module: ptchown
-#
-# helper function for grantpt(3), changes ownship and permissions of pseudotty
-# 
-ptchown = module
-
-# Layer: contrib
+# Layer: services
 # Module: publicfile
 #
-# publicfile supplies files to the public through HTTP and FTP
+# publicfile supplies files to the public through HTTP and FTP.
 # 
 publicfile = module
 
-# Layer: contrib
-# Module: pulseaudio
-#
-# Pulseaudio network sound server.
-# 
-pulseaudio = module
-
-# Layer: contrib
-# Module: puppet
+# Layer: services
+# Module: pwauth
 #
-# Puppet client daemon
+# External plugin for mod_authnz_external authenticator.
 # 
-puppet = module
+pwauth = module
 
-# Layer: contrib
+# Layer: services
 # Module: pxe
 #
-# Server for the PXE network boot protocol
+# Server for the PXE network boot protocol.
 # 
 pxe = module
 
-# Layer: contrib
+# Layer: services
 # Module: pyicqt
 #
-# PyICQt is an ICQ transport for XMPP server.
+# ICQ transport for XMPP server.
 # 
 pyicqt = module
 
-# Layer: contrib
+# Layer: services
 # Module: pyzor
 #
 # Pyzor is a distributed, collaborative spam detection and filtering network.
 # 
 pyzor = module
 
-# Layer: contrib
-# Module: qemu
-#
-# QEMU machine emulator and virtualizer
-# 
-qemu = module
-
-# Layer: contrib
+# Layer: services
 # Module: qmail
 #
-# Qmail Mail Server
+# Qmail Mail Server.
 # 
 qmail = module
 
-# Layer: contrib
+# Layer: services
 # Module: qpid
 #
 # Apache QPID AMQP messaging server.
 # 
 qpid = module
 
-# Layer: contrib
-# Module: quota
+# Layer: services
+# Module: quantum
 #
-# File system quota management
+# Virtual network service for Openstack.
 # 
-quota = module
+quantum = module
 
-# Layer: contrib
+# Layer: services
+# Module: rabbitmq
+#
+# AMQP server written in Erlang.
+# 
+rabbitmq = module
+
+# Layer: services
 # Module: radius
 #
 # RADIUS authentication and accounting server.
 # 
 radius = module
 
-# Layer: contrib
+# Layer: services
 # Module: radvd
 #
-# IPv6 router advertisement daemon
+# IPv6 router advertisement daemon.
 # 
 radvd = module
 
-# Layer: contrib
-# Module: raid
-#
-# RAID array management tools
-# 
-raid = module
-
-# Layer: contrib
+# Layer: services
 # Module: razor
 #
 # A distributed, collaborative, spam detection and filtering network.
 # 
 razor = module
 
-# Layer: contrib
+# Layer: services
 # Module: rdisc
 #
-# Network router discovery daemon
+# Network router discovery daemon.
 # 
 rdisc = module
 
-# Layer: contrib
-# Module: readahead
+# Layer: services
+# Module: realmd
 #
-# Readahead, read files into page cache for improved performance
+# Dbus system service which manages discovery and enrollment in realms and domains like Active Directory or IPA.
 # 
-readahead = module
+realmd = module
 
-# Layer: contrib
+# Layer: services
+# Module: redis
+#
+# Advanced key-value store.
+# 
+redis = module
+
+# Layer: services
 # Module: remotelogin
 #
-# Policy for rshd, rlogind, and telnetd.
+# Rshd, rlogind, and telnetd.
 # 
 remotelogin = module
 
-# Layer: contrib
+# Layer: services
 # Module: resmgr
 #
-# Resource management daemon
+# Resource management daemon.
 # 
 resmgr = module
 
-# Layer: contrib
+# Layer: services
 # Module: rgmanager
 #
-# rgmanager - Resource Group Manager
+# Resource Group Manager.
 # 
 rgmanager = module
 
-# Layer: contrib
+# Layer: services
 # Module: rhcs
 #
-# RHCS - Red Hat Cluster Suite
+# Red Hat Cluster Suite.
 # 
 rhcs = module
 
-# Layer: contrib
+# Layer: services
 # Module: rhgb
 #
-# Red Hat Graphical Boot
+# Red Hat Graphical Boot.
 # 
 rhgb = module
 
-# Layer: contrib
+# Layer: services
 # Module: rhsmcertd
 #
-# Subscription Management Certificate Daemon policy
+# Subscription Management Certificate Daemon.
 # 
 rhsmcertd = module
 
-# Layer: contrib
+# Layer: services
 # Module: ricci
 #
-# Ricci cluster management agent
+# Ricci cluster management agent.
 # 
 ricci = module
 
-# Layer: contrib
+# Layer: services
 # Module: rlogin
 #
-# Remote login daemon
+# Remote login daemon.
 # 
 rlogin = module
 
-# Layer: contrib
+# Layer: services
+# Module: rngd
+#
+# Check and feed random data from hardware device to kernel random device.
+# 
+rngd = module
+
+# Layer: services
 # Module: roundup
 #
-# Roundup Issue Tracking System policy
+# Roundup Issue Tracking System.
 # 
 roundup = module
 
-# Layer: contrib
+# Layer: services
 # Module: rpc
 #
-# Remote Procedure Call Daemon for managment of network based process communication
+# Remote Procedure Call Daemon.
 # 
 rpc = module
 
-# Layer: contrib
+# Layer: services
 # Module: rpcbind
 #
-# Universal Addresses to RPC Program Number Mapper
+# Universal Addresses to RPC Program Number Mapper.
 # 
 rpcbind = module
 
-# Layer: contrib
-# Module: rpm
-#
-# Policy for the RPM package manager.
-# 
-rpm = module
-
-# Layer: contrib
+# Layer: services
 # Module: rshd
 #
 # Remote shell service.
 # 
 rshd = module
 
-# Layer: contrib
-# Module: rssh
-#
-# Restricted (scp/sftp) only shell
-# 
-rssh = module
-
-# Layer: contrib
+# Layer: services
 # Module: rsync
 #
-# Fast incremental file transfer for synchronization
+# Fast incremental file transfer for synchronization.
 # 
 rsync = module
 
-# Layer: contrib
+# Layer: services
 # Module: rtkit
 #
 # Realtime scheduling for user processes.
 # 
 rtkit = module
 
-# Layer: contrib
+# Layer: services
 # Module: rwho
 #
 # Who is logged in on other machines?
 # 
 rwho = module
 
-# Layer: contrib
+# Layer: services
 # Module: samba
 #
-# SMB and CIFS client/server programs for UNIX and
-# name  Service  Switch  daemon for resolving names
-# from Windows NT servers.
+# SMB and CIFS client/server programs.
 # 
 samba = module
 
-# Layer: contrib
-# Module: sambagui
-#
-# system-config-samba dbus service policy
-# 
-sambagui = module
-
-# Layer: contrib
-# Module: samhain
-#
-# Samhain - check file integrity
-# 
-samhain = module
-
-# Layer: contrib
+# Layer: services
 # Module: sanlock
 #
-# policy for sanlock
+# shared storage lock manager.
 # 
 sanlock = module
 
-# Layer: contrib
+# Layer: services
 # Module: sasl
 #
-# SASL authentication server
+# SASL authentication server.
 # 
 sasl = module
 
-# Layer: contrib
-# Module: sblim
-#
-# policy for SBLIM Gatherer
-# 
-sblim = module
-
-# Layer: contrib
-# Module: screen
-#
-# GNU terminal multiplexer
-# 
-screen = module
-
-# Layer: contrib
-# Module: sectoolm
-#
-# Sectool security audit tool
-# 
-sectoolm = module
-
-# Layer: contrib
+# Layer: services
 # Module: sendmail
 #
-# Policy for sendmail.
+# Internetwork email routing facility.
 # 
 sendmail = module
 
-# Layer: contrib
-# Module: setroubleshoot
+# Layer: services
+# Module: sensord
 #
-# SELinux troubleshooting service
+# Sensor information logging daemon.
 # 
-setroubleshoot = module
+sensord = module
 
-# Layer: contrib
-# Module: shorewall
+# Layer: services
+# Module: setroubleshoot
 #
-# Shoreline Firewall high-level tool for configuring netfilter
+# SELinux troubleshooting service.
 # 
-shorewall = module
+setroubleshoot = module
 
-# Layer: contrib
-# Module: shutdown
+# Layer: services
+# Module: shibboleth
 #
-# System shutdown command
+# Shibboleth authentication deamon
 # 
-shutdown = module
+shibboleth = module
 
-# Layer: contrib
-# Module: slocate
+# Layer: services
+# Module: slpd
 #
-# Update database for mlocate
+# OpenSLP server daemon to dynamically register services.
 # 
-slocate = module
+slpd = module
 
-# Layer: contrib
+# Layer: services
 # Module: slrnpull
 #
 # Service for downloading news feeds the slrn newsreader.
 # 
 slrnpull = module
 
-# Layer: contrib
+# Layer: services
 # Module: smartmon
 #
-# Smart disk monitoring daemon policy
+# Smart disk monitoring daemon.
 # 
 smartmon = module
 
-# Layer: contrib
+# Layer: services
 # Module: smokeping
 #
 # Smokeping network latency measurement.
 # 
 smokeping = module
 
-# Layer: contrib
-# Module: smoltclient
+# Layer: services
+# Module: smstools
 #
-# The Fedora hardware profiler client
+# Tools to send and receive short messages through GSM modems or mobile phones.
 # 
-smoltclient = module
+smstools = module
 
-# Layer: contrib
+# Layer: services
 # Module: snmp
 #
-# Simple network management protocol services
+# Simple network management protocol services.
 # 
 snmp = module
 
-# Layer: contrib
+# Layer: services
 # Module: snort
 #
-# Snort network intrusion detection system
+# Snort network intrusion detection system.
 # 
 snort = module
 
-# Layer: contrib
-# Module: sosreport
-#
-# sosreport - Generate debugging information for system
-# 
-sosreport = module
-
-# Layer: contrib
+# Layer: services
 # Module: soundserver
 #
 # sound server for network audio server programs, nasd, yiff, etc
 # 
 soundserver = module
 
-# Layer: contrib
+# Layer: services
 # Module: spamassassin
 #
 # Filter used for removing unsolicited email.
 # 
 spamassassin = module
 
-# Layer: contrib
+# Layer: services
 # Module: speedtouch
 #
 # Alcatel speedtouch USB ADSL modem
 # 
 speedtouch = module
 
-# Layer: contrib
+# Layer: services
 # Module: squid
 #
-# Squid caching http proxy server
+# Squid caching http proxy server.
 # 
 squid = module
 
-# Layer: contrib
+# Layer: services
+# Module: ssh
+#
+# Secure shell client and server policy.
+# 
+ssh = module
+
+# Layer: services
 # Module: sssd
 #
-# System Security Services Daemon
+# System Security Services Daemon.
 # 
 sssd = module
 
-# Layer: contrib
+# Layer: services
+# Module: stubby
+#
+# DNS Privacy stub resolver.
+# 
+stubby = module
+
+# Layer: services
 # Module: stunnel
 #
-# SSL Tunneling Proxy
+# SSL Tunneling Proxy.
 # 
 stunnel = module
 
-# Layer: contrib
-# Module: sxid
+# Layer: services
+# Module: svnserve
 #
-# SUID/SGID program monitoring
+# Server for the svn repository access method.
 # 
-sxid = module
+svnserve = module
 
-# Layer: contrib
+# Layer: services
 # Module: sysstat
 #
-# Policy for sysstat. Reports on various system states
+# Reports on various system states.
 # 
 sysstat = module
 
-# Layer: contrib
+# Layer: services
+# Module: systemtap
+#
+# instrumentation system for Linux.
+# 
+systemtap = module
+
+# Layer: services
 # Module: tcpd
 #
-# Policy for TCP daemon.
+# TCP daemon.
 # 
 tcpd = module
 
-# Layer: contrib
+# Layer: services
 # Module: tcsd
 #
-# TSS Core Services (TCS) daemon (tcsd) policy
+# TSS Core Services daemon.
 # 
 tcsd = module
 
-# Layer: contrib
-# Module: telepathy
-#
-# Telepathy communications framework.
-# 
-telepathy = module
-
-# Layer: contrib
+# Layer: services
 # Module: telnet
 #
-# Telnet daemon
+# Telnet daemon.
 # 
 telnet = module
 
-# Layer: contrib
+# Layer: services
 # Module: tftp
 #
-# Trivial file transfer protocol daemon
+# Trivial file transfer protocol daemon.
 # 
 tftp = module
 
-# Layer: contrib
+# Layer: services
 # Module: tgtd
 #
 # Linux Target Framework Daemon.
 # 
 tgtd = module
 
-# Layer: contrib
-# Module: thunderbird
-#
-# Thunderbird email client
-# 
-thunderbird = module
-
-# Layer: contrib
+# Layer: services
 # Module: timidity
 #
-# MIDI to WAV converter and player configured as a service
+# MIDI to WAV converter and player configured as a service.
 # 
 timidity = module
 
-# Layer: contrib
-# Module: tmpreaper
-#
-# Manage temporary directory sizes and file ages
-# 
-tmpreaper = module
-
-# Layer: contrib
+# Layer: services
 # Module: tor
 #
-# TOR, the onion router
+# The onion router.
 # 
 tor = module
 
-# Layer: contrib
+# Layer: services
 # Module: transproxy
 #
-# HTTP transperant proxy
+# Portable Transparent Proxy Solution.
 # 
 transproxy = module
 
-# Layer: contrib
-# Module: tripwire
-#
-# Tripwire file integrity checker.
-# 
-tripwire = module
-
-# Layer: contrib
+# Layer: services
 # Module: tuned
 #
-# Dynamic adaptive system tuning daemon
+# Dynamic adaptive system tuning daemon.
 # 
 tuned = module
 
-# Layer: contrib
-# Module: tvtime
-#
-# tvtime - a high quality television application
-# 
-tvtime = module
-
-# Layer: contrib
-# Module: tzdata
-#
-# Time zone updater
-# 
-tzdata = module
-
-# Layer: contrib
+# Layer: services
 # Module: ucspitcp
 #
-# ucspitcp policy
+# UNIX Client-Server Program Interface for TCP.
 # 
 ucspitcp = module
 
-# Layer: contrib
+# Layer: services
 # Module: ulogd
 #
 # Iptables/netfilter userspace logging daemon.
 # 
 ulogd = module
 
-# Layer: contrib
-# Module: uml
-#
-# Policy for UML
-# 
-uml = module
-
-# Layer: contrib
-# Module: updfstab
-#
-# Red Hat utility to change /etc/fstab.
-# 
-updfstab = module
-
-# Layer: contrib
+# Layer: services
 # Module: uptime
 #
-# Uptime daemon
+# Daemon to record and keep track of system up times.
 # 
 uptime = module
 
-# Layer: contrib
-# Module: usbmodules
-#
-# List kernel modules of USB devices
-# 
-usbmodules = module
-
-# Layer: contrib
+# Layer: services
 # Module: usbmuxd
 #
-# USB multiplexing daemon for communicating with Apple iPod Touch and iPhone
+# USB multiplexing daemon for communicating with Apple iPod Touch and iPhone.
 # 
 usbmuxd = module
 
-# Layer: contrib
-# Module: userhelper
-#
-# SELinux utility to run a shell with a new role
-# 
-userhelper = module
-
-# Layer: contrib
-# Module: usernetctl
-#
-# User network interface configuration helper
-# 
-usernetctl = module
-
-# Layer: contrib
+# Layer: services
 # Module: uucp
 #
-# Unix to Unix Copy
+# Unix to Unix Copy.
 # 
 uucp = module
 
-# Layer: contrib
+# Layer: services
 # Module: uuidd
 #
-# policy for uuidd
+# UUID generation daemon.
 # 
 uuidd = module
 
-# Layer: contrib
+# Layer: services
 # Module: uwimap
 #
-# University of Washington IMAP toolkit POP3 and IMAP mail server
+# University of Washington IMAP toolkit POP3 and IMAP mail server.
 # 
 uwimap = module
 
-# Layer: contrib
+# Layer: services
 # Module: varnishd
 #
-# Varnishd http accelerator daemon
+# Varnishd http accelerator daemon.
 # 
 varnishd = module
 
-# Layer: contrib
-# Module: vbetool
-#
-# run real-mode video BIOS code to alter hardware state
-# 
-vbetool = module
-
-# Layer: contrib
+# Layer: services
 # Module: vdagent
 #
-# policy for vdagent
+# Spice agent for Linux.
 # 
 vdagent = module
 
-# Layer: contrib
+# Layer: services
 # Module: vhostmd
 #
-# Virtual host metrics daemon
+# Virtual host metrics daemon.
 # 
 vhostmd = module
 
-# Layer: contrib
+# Layer: services
 # Module: virt
 #
-# Libvirt virtualization API
+# Libvirt virtualization API.
 # 
 virt = module
 
-# Layer: contrib
-# Module: vlock
-#
-# Lock one or more sessions on the Linux console.
-# 
-vlock = module
-
-# Layer: contrib
-# Module: vmware
-#
-# VMWare Workstation virtual machines
-# 
-vmware = module
-
-# Layer: contrib
+# Layer: services
 # Module: vnstatd
 #
 # Console network traffic monitor.
 # 
 vnstatd = module
 
-# Layer: contrib
-# Module: vpn
-#
-# Virtual Private Networking client
-# 
-vpn = module
-
-# Layer: contrib
+# Layer: services
 # Module: w3c
 #
-# W3C Markup Validator
+# W3C Markup Validator.
 # 
 w3c = module
 
-# Layer: contrib
+# Layer: services
 # Module: watchdog
 #
-# Software watchdog
+# Software watchdog.
 # 
 watchdog = module
 
-# Layer: contrib
-# Module: webadm
-#
-# Web administrator role
-# 
-webadm = module
-
-# Layer: contrib
-# Module: webalizer
-#
-# Web server log analysis
-# 
-webalizer = module
-
-# Layer: contrib
-# Module: wine
-#
-# Wine Is Not an Emulator.  Run Windows programs in Linux.
-# 
-wine = module
-
-# Layer: contrib
-# Module: wireshark
-#
-# Wireshark packet capture tool.
-# 
-wireshark = module
-
-# Layer: contrib
-# Module: wm
-#
-# X Window Managers
-# 
-wm = module
-
-# Layer: contrib
-# Module: xen
+# Layer: services
+# Module: wdmd
 #
-# Xen hypervisor
+# Watchdog multiplexing daemon.
 # 
-xen = module
+wdmd = module
 
-# Layer: contrib
+# Layer: services
 # Module: xfs
 #
-# X Windows Font Server
+# X Windows Font Server.
 # 
 xfs = module
 
-# Layer: contrib
-# Module: xguest
-#
-# Least privledge xwindows user role
-# 
-xguest = module
-
-# Layer: contrib
+# Layer: services
 # Module: xprint
 #
-# X print server
+# A X11-based print system and API.
 # 
 xprint = module
 
-# Layer: contrib
-# Module: xscreensaver
-#
-# X Screensaver
-# 
-xscreensaver = module
-
-# Layer: contrib
-# Module: yam
+# Layer: services
+# Module: xserver
 #
-# Yum/Apt Mirroring
+# X Windows Server
 # 
-yam = module
+xserver = module
 
-# Layer: contrib
+# Layer: services
 # Module: zabbix
 #
-# Distributed infrastructure monitoring
+# Distributed infrastructure monitoring.
 # 
 zabbix = module
 
-# Layer: contrib
+# Layer: services
 # Module: zarafa
 #
 # Zarafa collaboration platform.
 # 
 zarafa = module
 
-# Layer: contrib
+# Layer: services
 # Module: zebra
 #
-# Zebra border gateway protocol network routing service
+# Zebra border gateway protocol network routing service.
 # 
 zebra = module
 
-# Layer: contrib
+# Layer: services
 # Module: zosremote
 #
-# policy for z/OS Remote-services Audit dispatcher plugin
+# z/OS Remote-services Audit dispatcher plugin.
 # 
 zosremote = module
 
-# Layer: kernel
-# Module: storage
-#
-# Policy controlling access to storage devices
-# 
-storage = module
-
-# Layer: roles
-# Module: auditadm
-#
-# Audit administrator role
-# 
-auditadm = module
-
-# Layer: roles
-# Module: logadm
-#
-# Log administrator role
-# 
-logadm = module
-
-# Layer: roles
-# Module: secadm
-#
-# Security administrator role
-# 
-secadm = module
-
-# Layer: roles
-# Module: staff
-#
-# Administrator's unprivileged user role
-# 
-staff = module
-
-# Layer: roles
-# Module: sysadm
-#
-# General system administration role
-# 
-sysadm = module
-
-# Layer: roles
-# Module: unprivuser
-#
-# Generic unprivileged user role
-# 
-unprivuser = module
-
-# Layer: services
-# Module: postgresql
-#
-# PostgreSQL relational database
-# 
-postgresql = module
-
-# Layer: services
-# Module: ssh
-#
-# Secure shell client and server policy.
-# 
-ssh = module
-
-# Layer: services
-# Module: xserver
-#
-# X Windows Server
-# 
-xserver = module
-
 # Layer: system
 # Module: application
 #
@@ -2393,6 +3029,13 @@ authlogin = module
 clock = module
 
 # Layer: system
+# Module: daemontools
+#
+# Collection of tools for managing UNIX services.
+# 
+daemontools = module
+
+# Layer: system
 # Module: fstools
 #
 # Tools for filesystem management, such as mkfs and fsck.
@@ -2402,7 +3045,7 @@ fstools = module
 # Layer: system
 # Module: getty
 #
-# Policy for getty.
+# Manages physical or virtual terminals.
 # 
 getty = module
 
@@ -2438,11 +3081,18 @@ ipsec = module
 # Layer: system
 # Module: iptables
 #
-# Policy for iptables.
+# Administration tool for IP packet filtering and NAT.
 # 
 iptables = module
 
 # Layer: system
+# Module: iscsi
+#
+# Establish connections to iSCSI devices.
+# 
+iscsi = module
+
+# Layer: system
 # Module: libraries
 #
 # Policy for system libraries.
@@ -2473,7 +3123,7 @@ lvm = module
 # Layer: system
 # Module: miscfiles
 #
-# Miscelaneous files.
+# Miscellaneous files.
 # 
 miscfiles = module
 
@@ -2499,6 +3149,20 @@ mount = module
 netlabel = module
 
 # Layer: system
+# Module: pcmcia
+#
+# PCMCIA card management services.
+# 
+pcmcia = module
+
+# Layer: system
+# Module: raid
+#
+# RAID array management tools.
+# 
+raid = module
+
+# Layer: system
 # Module: selinuxutil
 #
 # Policy for SELinux policy and userland applications.
@@ -2520,6 +3184,20 @@ setrans = module
 sysnetwork = module
 
 # Layer: system
+# Module: systemd
+#
+# Systemd components (not PID 1)
+# 
+systemd = module
+
+# Layer: system
+# Module: tmpfiles
+#
+# Policy for tmpfiles, a boot-time temporary file handler
+# 
+tmpfiles = module
+
+# Layer: system
 # Module: udev
 #
 # Policy for udev.
@@ -2540,3 +3218,17 @@ unconfined = module
 # 
 userdomain = module
 
+# Layer: system
+# Module: xdg
+#
+# Freedesktop standard locations (formerly known as X Desktop Group)
+# 
+xdg = module
+
+# Layer: system
+# Module: xen
+#
+# Xen hypervisor.
+# 
+xen = module
+