(filecon "/usr/bin/subsonic" file (system_u object_r subsonic_exec_t (systemlow systemlow))) (filecon "/var/lib/subsonic(/.*)?" any (system_u object_r subsonic_var_lib_t (systemlow systemlow))) (filecon "/var/run/subsonic(/.*)?" any (system_u object_r subsonic_run_t (systemlow systemlow))) (type subsonic_t) (roletype object_r subsonic_t) (type subsonic_exec_t) (roletype object_r subsonic_exec_t) (type subsonic_var_lib_t) (roletype object_r subsonic_var_lib_t) (type subsonic_run_t) (roletype object_r subsonic_run_t) (roleattributeset cil_gen_require system_r) (roletype system_r subsonic_t) (typeattributeset cil_gen_require initrc_t) (typeattributeset cil_gen_require daemon) (typeattributeset daemon (subsonic_t )) (typeattributeset cil_gen_require domain) (typeattributeset domain (subsonic_t )) (typeattributeset cil_gen_require init_t) (typeattributeset cil_gen_require entry_type) (typeattributeset entry_type (subsonic_exec_t )) (typeattributeset cil_gen_require exec_type) (typeattributeset exec_type (subsonic_exec_t )) (typeattributeset cil_gen_require file_type) (typeattributeset file_type (subsonic_exec_t subsonic_var_lib_t subsonic_run_t )) (typeattributeset cil_gen_require non_security_file_type) (typeattributeset non_security_file_type (subsonic_exec_t subsonic_var_lib_t subsonic_run_t )) (typeattributeset cil_gen_require non_auth_file_type) (typeattributeset non_auth_file_type (subsonic_exec_t subsonic_var_lib_t subsonic_run_t )) (typeattributeset cil_gen_require console_device_t) (typeattributeset cil_gen_require initrc_devpts_t) (typeattributeset cil_gen_require devpts_t) (typeattributeset cil_gen_require device_t) (typeattributeset cil_gen_require kernel_t) (typeattributeset cil_gen_require var_t) (typeattributeset cil_gen_require var_run_t) (typeattributeset cil_gen_require pidfile) (typeattributeset pidfile (subsonic_run_t )) (typeattributeset cil_gen_require java_domain) (typeattributeset java_domain (subsonic_t )) (typeattributeset cil_gen_require nsswitch_domain) (typeattributeset nsswitch_domain (subsonic_t )) (typeattributeset cil_gen_require proc_type) (typeattributeset cil_gen_require var_lib_t) (typeattributeset cil_gen_require bin_t) (typeattributeset cil_gen_require shell_exec_t) (typeattributeset cil_gen_require unreserved_port_type) (typeattributeset cil_gen_require node_t) (typeattributeset cil_gen_require http_port_t) (typeattributeset cil_gen_require privfd) (allow subsonic_t subsonic_exec_t (file (entrypoint))) (allow subsonic_t subsonic_exec_t (file (ioctl read getattr lock execute open))) (allow initrc_t subsonic_exec_t (file (read getattr execute open))) (allow initrc_t subsonic_t (process (transition))) (dontaudit initrc_t subsonic_t (process (noatsecure siginh rlimitinh))) (typetransition initrc_t subsonic_exec_t process subsonic_t) (allow subsonic_t initrc_t (fd (use))) (allow subsonic_t initrc_t (fifo_file (ioctl read write getattr lock append open))) (allow subsonic_t initrc_t (process (sigchld))) (dontaudit subsonic_t init_t (fd (use))) (dontaudit subsonic_t console_device_t (chr_file (ioctl read write getattr lock append open))) (allow subsonic_t device_t (dir (getattr search open))) (allow subsonic_t device_t (dir (ioctl read getattr lock search open))) (allow subsonic_t device_t (dir (getattr search open))) (allow subsonic_t device_t (lnk_file (read getattr))) (allow subsonic_t devpts_t (dir (ioctl read getattr lock search open))) (allow subsonic_t initrc_devpts_t (chr_file (ioctl read write getattr lock append open))) (allow subsonic_t subsonic_exec_t (file (entrypoint))) (allow subsonic_t subsonic_exec_t (file (ioctl read getattr lock execute open))) (allow init_t subsonic_exec_t (file (read getattr execute open))) (allow init_t subsonic_t (process (transition))) (dontaudit init_t subsonic_t (process (noatsecure siginh rlimitinh))) (typetransition init_t subsonic_exec_t process subsonic_t) (allow subsonic_t init_t (fd (use))) (allow subsonic_t init_t (fifo_file (ioctl read write getattr lock append open))) (allow subsonic_t init_t (process (sigchld))) (allow subsonic_t init_t (unix_stream_socket (ioctl read write getattr))) (allow subsonic_t kernel_t (unix_dgram_socket (sendto))) (allow subsonic_t self (tcp_socket (listen accept))) (dontaudit subsonic_t proc_type (dir (ioctl read getattr lock search open))) (dontaudit subsonic_t proc_type (file (getattr))) (allow subsonic_t subsonic_run_t (dir (ioctl read write getattr lock add_name remove_name search open))) (allow subsonic_t subsonic_run_t (dir (ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open))) (allow subsonic_t subsonic_run_t (dir (ioctl read write getattr lock add_name remove_name search open))) (allow subsonic_t subsonic_run_t (file (ioctl read write create getattr setattr lock append unlink link rename open))) (allow subsonic_t var_t (dir (getattr search open))) (allow subsonic_t var_run_t (lnk_file (read getattr))) (allow subsonic_t var_run_t (dir (ioctl read write getattr lock add_name remove_name search open))) (typetransition subsonic_t var_run_t dir subsonic_run_t) (allow subsonic_t subsonic_var_lib_t (dir (ioctl read write getattr lock add_name remove_name search open))) (allow subsonic_t subsonic_var_lib_t (dir (ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open))) (allow subsonic_t subsonic_var_lib_t (dir (ioctl read write getattr lock add_name remove_name search open))) (allow subsonic_t subsonic_var_lib_t (file (ioctl read write create getattr setattr lock append unlink link rename open))) (allow subsonic_t var_t (dir (getattr search open))) (allow subsonic_t var_lib_t (dir (ioctl read write getattr lock add_name remove_name search open))) (typetransition subsonic_t var_lib_t dir subsonic_var_lib_t) (allow subsonic_t bin_t (dir (getattr search open))) (allow subsonic_t bin_t (lnk_file (read getattr))) (allow subsonic_t bin_t (dir (getattr search open))) (allow subsonic_t bin_t (dir (ioctl read getattr lock search open))) (allow subsonic_t bin_t (file (ioctl read getattr lock execute execute_no_trans open))) (allow subsonic_t bin_t (dir (getattr search open))) (allow subsonic_t bin_t (dir (ioctl read getattr lock search open))) (allow subsonic_t bin_t (dir (getattr search open))) (allow subsonic_t bin_t (lnk_file (read getattr))) (allow subsonic_t shell_exec_t (file (ioctl read getattr lock execute execute_no_trans open))) (allow subsonic_t unreserved_port_type (tcp_socket (name_bind))) (allow subsonic_t node_t (tcp_socket (node_bind))) (allow subsonic_t http_port_t (tcp_socket (name_connect))) (allow subsonic_t privfd (fd (use))) (optional subsonic_optional_2 (typeattributeset cil_gen_require init_t) (allow subsonic_t init_t (process (sigchld))) (allow subsonic_t init_t (process (signull))) (optional subsonic_optional_3 (typeattributeset cil_gen_require rpm_t) (allow subsonic_t rpm_t (fd (use))) (allow subsonic_t rpm_t (fifo_file (ioctl read getattr lock open))) ) (optional subsonic_optional_4 (typeattributeset cil_gen_require security_t) (typeattributeset cil_gen_require sysfs_t) (dontaudit subsonic_t security_t (filesystem (getattr))) (dontaudit subsonic_t sysfs_t (filesystem (getattr))) (dontaudit subsonic_t sysfs_t (dir (getattr search open))) (dontaudit subsonic_t security_t (dir (getattr search open))) (dontaudit subsonic_t security_t (file (ioctl read getattr lock open))) ) (optional subsonic_optional_5 (typeattributeset cil_gen_require selinux_config_t) (dontaudit subsonic_t selinux_config_t (dir (getattr search open))) (dontaudit subsonic_t selinux_config_t (file (ioctl read getattr lock open))) ) (optional subsonic_optional_6 (typeattributeset cil_gen_require init_t) (allow subsonic_t init_t (process (sigchld))) (allow subsonic_t init_t (process (signull))) (optional subsonic_optional_7 (typeattributeset cil_gen_require rpm_t) (allow subsonic_t rpm_t (fd (use))) (allow subsonic_t rpm_t (fifo_file (ioctl read getattr lock open))) ) (optional subsonic_optional_8 (typeattributeset cil_gen_require security_t) (typeattributeset cil_gen_require sysfs_t) (dontaudit subsonic_t security_t (filesystem (getattr))) (dontaudit subsonic_t sysfs_t (filesystem (getattr))) (dontaudit subsonic_t sysfs_t (dir (getattr search open))) (dontaudit subsonic_t security_t (dir (getattr search open))) (dontaudit subsonic_t security_t (file (ioctl read getattr lock open))) ) (optional subsonic_optional_9 (typeattributeset cil_gen_require selinux_config_t) (dontaudit subsonic_t selinux_config_t (dir (getattr search open))) (dontaudit subsonic_t selinux_config_t (file (ioctl read getattr lock open))) ) (optional subsonic_optional_10 (typeattributeset cil_gen_require nscd_t) (typeattributeset cil_gen_require nscd_var_run_t) (typeattributeset cil_gen_require var_t) (typeattributeset cil_gen_require var_run_t) (booleanif (nscd_use_shm) (true (allow subsonic_t nscd_var_run_t (sock_file (read getattr open))) (allow subsonic_t nscd_var_run_t (dir (ioctl read getattr lock search open))) (dontaudit subsonic_t nscd_var_run_t (file (ioctl read getattr lock open))) (allow subsonic_t nscd_t (unix_stream_socket (connectto))) (allow subsonic_t nscd_var_run_t (sock_file (write getattr append open))) (allow subsonic_t nscd_var_run_t (dir (getattr search open))) (allow subsonic_t var_run_t (dir (getattr search open))) (allow subsonic_t var_t (dir (getattr search open))) (allow subsonic_t var_run_t (lnk_file (read getattr))) (allow subsonic_t nscd_t (fd (use))) (allow subsonic_t nscd_t (nscd (getpwd getgrp gethost shmempwd shmemgrp shmemhost))) (allow subsonic_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect listen accept getopt setopt shutdown))) ) (false (allow nscd_t subsonic_t (process (getattr))) (allow nscd_t subsonic_t (lnk_file (read getattr))) (allow nscd_t subsonic_t (file (ioctl read getattr lock open))) (allow nscd_t subsonic_t (dir (ioctl read getattr lock search open))) (dontaudit subsonic_t nscd_var_run_t (file (ioctl read getattr lock open))) (allow subsonic_t nscd_t (unix_stream_socket (connectto))) (allow subsonic_t nscd_var_run_t (sock_file (write getattr append open))) (allow subsonic_t nscd_var_run_t (dir (getattr search open))) (allow subsonic_t var_run_t (dir (getattr search open))) (allow subsonic_t var_t (dir (getattr search open))) (allow subsonic_t var_run_t (lnk_file (read getattr))) (dontaudit subsonic_t nscd_t (nscd (shmempwd shmemgrp shmemhost getserv shmemserv))) (dontaudit subsonic_t nscd_t (fd (use))) (allow subsonic_t nscd_t (nscd (getpwd getgrp gethost))) (allow subsonic_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown))) ) ) ) (optional subsonic_optional_11 (typeattributeset cil_gen_require public_content_t) (typeattributeset cil_gen_require public_content_rw_t) (allow subsonic_t public_content_t (dir (ioctl read getattr lock search open))) (allow subsonic_t public_content_rw_t (dir (ioctl read getattr lock search open))) (allow subsonic_t public_content_t (dir (getattr search open))) (allow subsonic_t public_content_rw_t (dir (getattr search open))) (allow subsonic_t public_content_t (file (ioctl read getattr lock open))) (allow subsonic_t public_content_rw_t (file (ioctl read getattr lock open))) (allow subsonic_t public_content_t (dir (getattr search open))) (allow subsonic_t public_content_rw_t (dir (getattr search open))) (allow subsonic_t public_content_t (lnk_file (read getattr))) (allow subsonic_t public_content_rw_t (lnk_file (read getattr))) ) ) )