|8K,K%K$L8LLLdLLLL?L;L&;M9bMM9M7M+N/N'8N,`NN.N,NNO&"O/IO.yO&O0O/PS0P8PPPP7P&Q-Q1Q8QLQ]QnQQQQQQ%Q RR)'R/QRRRR RRR R>RI4S7~S$SS ^TCT)T TGUIVUDU8U7VLVV-VCVOW eW-W5W&W)X);X1eX7XpX?@Y=Y>YgYeZUZIZE$[1j[6[M[<!\:^\:\2\1]09]Kj]H]0]:0^k^.^^<^&_7_7_8_S0```&`&`a-a0Ea+va1a'a'a&$b%KbQqb@bc"c)Bc'lc$c cc3c-%d&Sd8zd)d-d@ e$Le0qe$ee9Pf'f)ff=f+9gFeg@g'g4h%Jh#phh,h"hAi6Biyii"jT>j9j"j*jk%k2k3k,+l"Xl!{l&lll%l6!m0Xm+m%mNm*nFn!cn1nInGoIoIfo?oVoKGpGpMp7)qHaq8qq/q/rsjs1Wt*tt3tu`u$}u0u*u]u\vwf.wEww&wKx+kx2x!x)x$y$;y)`y?y<y'z/z CzOzfzz(z)zzzz2 {@{ Z{ g{t{"|+|D|2[|#|1||2|} 8}"Y}|}7~|( ݀P6T!j"(ʁ,( -I%w(1Ƃ*2#8V9Ƀ%1 ?]2z$̈́!%0V/r Å(&$Bg%+$׆!$;`|'܇1OnՈ"0 E f ډ$%9+_#ۊ*Ge*5! (B!k"!&Ҍ$/8/h4B͍.?H4)).<@)}).я<)=)g.<$!"D)` ȑۑ  * F.R @Β iu9pǓ786p?Y>A4766$R[A@@1(r5UїR'4zZ` :ky@ 5a56͚469Up0ƛV;N8%ÜI;3Eop&KJDKT-3.G.v99ߠ0/J8z69C$6h7Dע57R4655,(bC8Ϥ75@5v ¥A NKO\;GHA̧N)] 7Ψ**1W\ EƩ: gGdg2|J-;((d<'ʬ( 5V"u#)ڭ != _ F Ubj\ͯi* ˰ Ұ1O"l  ͱ ױ -M;\"(. )!K)Q/{R ?4't+Ҵ  +< DPl4ڵ 6# Zg3ȶ ",? R] t<#̷   * 8Y!t ø׸ % :DF ! Թ QCK \6i5CֺB]`|)  H*s $*B)**T 88ս -;AJ(j ־&5E"`(ݿ  %>Uhz  "4EVfw:7=[c |76,nF &:R'B<j;G+(=$f  (0+.5Z6 qfls"!2Og= |3,*'.E t1''EH^r')Dn",*rD "7O)m&'] p }0rU+  .*AL^L%Ci"<E+0B3s  #;^)  ,4#Gk tV~', *5(K(t"(?[v +)Up "#748<;7x73cF $=%@7f  "'/%A$g#,% 'He~c^;ZJ%E7M40@ >N%4><B9EHuHP"4:F 4-"G5j#:8CS?% 3>UZjlnF"I]+PGm"pv\xg=O`ztIZ9KNL/Q|Oac>rv2*]ouMYbigmRc[$Z^w:z`-Y=[&:_Ec\$`q=T=RR#;v1bBGSKI*FtBognBJNd@?H41}bMF`NIL@ ] O O; ?  a O OM D ` NC n fFh[B EN<P;"g^f-7LjZA\CKS\@LAA,Dn@:K/b{FO%=u;5:q>S?lH8rf[kfR^GxQ9qA-K!g"c #Tq#;#Z$C]$$I<%X%b%B&&8'-(t(:>)Ky)i)c/*W*A*X-+A+B+K ,YW,L,@,?- X-d-#~--+-/-..'&.KN.&. ... ///50N0Km00@0*13,15`112z4h50q55"5 5P5276j606*6A6:#7=^7:7M7:%8G`8K8D8\99Q9R9%;:6a:?:+:';A,;.n;3;-;+;D+<$p<=<.<8=;=9T=3=,=+=?>;[>/>$>4>9!?$[?)?.?*?#@'(@"P@.s@,@3@A-A,GA%tA2A=A" B9.B+hB"B;BB6C6EC.|CBC>C)-DWD5sD5D-D= E9KE4E<EGE3?F4sF;F5F2GAMG6G9G#H9$H?^H?HBHR!I0tI*IMIHJ:gJ:J=JLK9hK9K<KKL@eL@LCLS+M2M-M9M@N[NtN|NNNNN NNO2OPOAhOO]O PQ'$QHLQQI"RHlRfRSQSUSORTNTATo3U[UZUPZV;VGVv/W_WAXwHXzXL;YYSMZLZRZPA[P[M[|1\;\o\RZ]O]A]h?^U^Q^P__x`w"a[amaEdbYbEcFJcYcVcGBdIdWdN,eA{ekeG)fNqfZfLgKhgAgPgOGhNh1hhiSiWiW-jLjjj)j k#*kINktki lwlEld@mUmpm5lnnnn3n^o2xoBoo pp |pwp`p_qqcrWr=s;sQs>NtXt(t0u@u8Zu,u8u5u+/v,[v#v*vv v wK9wwwwYwrxxyy y y y0y,*z#Wz({z(z#zz {{ ){ 5{?{U{ j{-v{<{{D{*:|Ae|B||.|-} 5}6V}P}}}(}(~B<~3~'~%~: < J8W B$BY.rF "C [gm). .CcxU; $.=AF Uc4v*5փ*  7DU6r$΄B-SI "f  s}1+ӆGCG$%ڇ:Ld{ x%*7b4gQ,- IS5hD   $".9Q 1.ʋ!'>C'݌!M0~ ƍߍ !5%HnԎ9Sk FL,L&y!ʐސBBU:5QݒC/2sZ`ebȕ"ޕ#% =KZ&nA>ז58L9 җݗ ٘,%'!M(o/ș" :+fv|-),)G7q >00$LUў69ҟ' 04=e/+Ӡ77#  %"7Z&v.:̢#/+4[q9VO 5V)f9GC]aЧ^ 2i.+˨JYB%2©=3<K S6ar   ث#9 C(V! o-!,O |?62;M/0&(6:3q2(د,.6>FNV^f(n3$˰ ##5G8}GHRMSNxC_-9=Cw5^ P]}µ ݵ -,A+n.19^a8 E\bPO T ,jYau5VT5N< P" 6Y[KkEp? KI;?h-s\R\m\^irS( z</mh&xx1$wR;|.eyrSm@-DaLM2d@{"X>N{Q= wg=+ss)XH3m&D}+.{4_I$[9A_)-10 O_vr^bGc~>Tw6xA/M~C&"'<IK3A6$8 [CgL(knFEiF? ]t7vNdtG8ZHo0q4MGWvV' exU}v ]c/+qqFJ>)5u%RZn~C7Xjcf%RWFOzV2@`4B!|ZkL|b' j9 fQzoJ_oQ  Y [npp3WAUDPNJn, 9J "2<* Zhyc!XB`5]B`TLl7d*|'pt$#lP8(#%1 }BU jyM43(s]G;bIWtyH,rSU=*C=oY:#;>+qHlQ:0l*ak{,E~}.^Kiew@f7%?#D6S0z:O)`!ge-Vigd/!f:hu&2u SELinux Distribution fcontext Equivalence SELinux Local fcontext Equivalence %s changed labels. %s is already in %s%s is not a domain type%s is not a valid context %s is not a valid domain%s is not in %s%s must be a directory%s! Could not get current context for %s, not relabeling tty. %s! Could not get new context for %s, not relabeling tty. %s! Could not set new context for %s %s: Can't load policy and enforcing mode requested: %s %s: Can't load policy: %s %s: Policy is already loaded and initial load requested ******************** IMPORTANT *********************** ...600-1024Add booleans from the %s policy:Add files/directories that %s managesApplicationsEnter name of application or user role:Enter network ports that %s binds on:Login UsersRoot UsersSelect additional roles for %s:Select common application traits for %s:Select domains that %s will administer:Select existing role to modify:Select network ports that %s connects to:Select roles that %s will transition to:Select the policy type for the application or user role you want to confine:Select the user_roles that will transition to %s:Select:TCP PortsUDP PortsWhich directory you will generate the %s policy?ActionAddAdd %sAdd Booleans DialogAdd File ContextAdd Network PortAdd SELinux Login MappingAdd SELinux Network PortsAdd SELinux UserAdd SELinux User MappingAdd SELinux UsersAdd UserAdd new SELinux User/Role definition.Add ports for %sAdd userAdd/Remove booleans used by the %s domainAddr %s is defined in policy, cannot be deletedAddr %s is not definedAdmin User RoleAdministrator Login User RoleAdvanced <<Advanced Search <<AllAll domainsAllow %s to call bindresvport with 0. Binding to port 600-1024Allow ABRT to modify public files used for public file transfer services.Allow Apache to communicate with avahi service via dbusAllow Apache to execute tmp content.Allow Apache to modify public files used for public file transfer services. Directories/Files must be labeled public_content_rw_t.Allow Apache to query NS recordsAllow Apache to run in stickshift mode, not transition to passengerAllow Apache to use mod_auth_ntlm_winbindAllow Apache to use mod_auth_pamAllow HTTPD scripts and modules to connect to cobbler over the network.Allow HTTPD scripts and modules to connect to databases over the network.Allow HTTPD scripts and modules to connect to the network using TCP.Allow HTTPD scripts and modules to server cobbler files.Allow HTTPD to connect to port 80 for graceful shutdownAllow HTTPD to run SSI executables in the same domain as system CGI scripts.Allow Puppet client to manage all file types.Allow Puppet master to use connect to MySQL and PostgreSQL databaseAllow ZoneMinder to modify public files used for public file transfer services.Allow ZoneMinder to run su/sudo.Allow a user to login as an unconfined domainAllow all daemons the ability to read/write terminalsAllow all daemons to use tcp wrappers.Allow all daemons to write corefiles to /Allow all domains to execute in fips_modeAllow all domains to have the kernel load modulesAllow all domains to use other domains file descriptorsAllow all unconfined executables to use libraries requiring text relocation that are not labeled textrel_shlib_tAllow antivirus programs to read non security files on a systemAllow any files/directories to be exported read/only via NFS.Allow any files/directories to be exported read/write via NFS.Allow apache scripts to write to public content, directories/files must be labeled public_rw_content_t.Allow auditadm to exec contentAllow cluster administrative cluster domains memcheck-amd64- to use executable memoryAllow cluster administrative domains to connect to the network using TCP.Allow cluster administrative domains to manage all files on a system.Allow confined applications to run with kerberos.Allow confined applications to use nscd shared memory.Allow confined users the ability to execute the ping and traceroute commands.Allow confined virtual guests to interact with rawip socketsAllow confined virtual guests to interact with the sanlockAllow confined virtual guests to interact with the xserverAllow confined virtual guests to manage cifs filesAllow confined virtual guests to manage nfs filesAllow confined virtual guests to read fuse filesAllow confined virtual guests to use executable memory and executable stackAllow confined virtual guests to use serial/parallel communication portsAllow confined virtual guests to use usb devicesAllow confined web browsers to read home directory contentAllow cups execmem/execstackAllow database admins to execute DML statementAllow dbadm to exec contentAllow dhcpc client applications to execute iptables commandsAllow ftpd to use ntfs/fusefs volumes.Allow glusterfsd to modify public files used for public file transfer services. Files/Directories must be labeled public_content_rw_t.Allow glusterfsd to share any file/directory read only.Allow glusterfsd to share any file/directory read/write.Allow gpg web domain to modify public files used for public file transfer services.Allow guest to exec contentAllow http daemon to check spamAllow http daemon to connect to mythtvAllow http daemon to connect to zabbixAllow http daemon to send mailAllow httpd cgi supportAllow httpd daemon to change its resource limitsAllow httpd processes to manage IPA contentAllow httpd scripts and modules execmem/execstackAllow httpd to access FUSE file systemsAllow httpd to access cifs file systemsAllow httpd to access nfs file systemsAllow httpd to access openstack portsAllow httpd to act as a FTP client connecting to the ftp port and ephemeral portsAllow httpd to act as a FTP server by listening on the ftp port.Allow httpd to act as a relayAllow httpd to connect to saslAllow httpd to connect to memcache serverAllow httpd to connect to the ldap portAllow httpd to read home directoriesAllow httpd to read user contentAllow httpd to run gpgAllow httpd to use built in scripting (usually php)Allow ksmtuned to use cifs/Samba file systemsAllow ksmtuned to use nfs file systemsAllow logging in and using the system from /dev/console.Allow mailman to access FUSE file systemsAllow mock to read files in home directories.Allow mozilla plugin domain to connect to the network using TCP.Allow mozilla plugin to support GPS.Allow mozilla plugin to support spice protocols.Allow mysqld to connect to all portsAllow nfs servers to modify public files used for public file transfer services. Files/Directories must be labeled public_content_rw_t.Allow openshift to access nfs file systems without labelsAllow openvpn to run unconfined scriptsAllow pcp to bind to all unreserved_portsAllow pcp to read generic logsAllow piranha-lvs domain to connect to the network using TCP.Allow polipo to connect to all ports > 1023Allow postfix_local domain full write access to mail_spool directoriesAllow postgresql to use ssh and rsync for point-in-time recoveryAllow pppd to be run for a regular userAllow pppd to load kernel modules for certain modemsAllow qemu-ga to manage qemu-ga date.Allow qemu-ga to read qemu-ga date.Allow racoon to read shadowAllow regular users direct dri device accessAllow rpcd_t to manage fuse filesAllow rsync server to manage all files/directories on the system.Allow rsync to export any files/directories read only.Allow rsync to modify public files used for public file transfer services. Files/Directories must be labeled public_content_rw_t.Allow rsync to run as a clientAllow samba to act as a portmapperAllow samba to act as the domain controller, add users, groups and change passwords.Allow samba to create new home directories (e.g. via PAM)Allow samba to export NFS volumes.Allow samba to export ntfs/fusefs volumes.Allow samba to modify public files used for public file transfer services. Files/Directories must be labeled public_content_rw_t.Allow samba to run unconfined scriptsAllow samba to share any file/directory read only.Allow samba to share any file/directory read/write.Allow samba to share users home directories.Allow sanlock to manage cifs filesAllow sanlock to manage nfs filesAllow sanlock to read/write fuse filesAllow sasl to read shadowAllow secadm to exec contentAllow sge to access nfs file systems.Allow sge to connect to the network using any TCP portAllow spamd to read/write user home directories.Allow spamd_update to connect to all ports.Allow ssh logins as sysadm_r:sysadm_tAllow ssh with chroot env to read and write files in the user home directoriesAllow staff to exec contentAllow sysadm to exec contentAllow syslogd daemon to send mailAllow syslogd the ability to read/write terminalsAllow system cron jobs to relabel filesystem for restoring file contexts.Allow system cronjob to be executed on on NFS, CIFS or FUSE filesystem.Allow system to run with NISAllow tftp to modify public files used for public file transfer services.Allow tftp to read and write files in the user home directoriesAllow the Irssi IRC Client to connect to any port, and to bind to any unreserved port.Allow the Telepathy connection managers to connect to any generic TCP port.Allow the Telepathy connection managers to connect to any network port.Allow the graphical login program to create files in HOME dirs as xdm_home_t.Allow the graphical login program to execute bootloaderAllow the graphical login program to login directly as sysadm_r:sysadm_tAllow the mount commands to mount any directory or file.Allow tor to act as a relayAllow transmit client label to foreign databaseAllow unconfined executables to make their heap memory executable. Doing this is a really bad idea. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzillaAllow unconfined executables to make their stack executable. This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzillaAllow unconfined users to transition to the Mozilla plugin domain when running xulrunner plugin-container.Allow unprivileged users to execute DDL statementAllow user to use ssh chroot environment.Allow user music sharingAllow user spamassassin clients to use the network.Allow user to exec contentAllow user to r/w files on filesystems that do not have extended attributes (FAT, CDROM, FLOPPY)Allow users to connect to PostgreSQLAllow users to connect to the local mysql serverAllow users to login using a radius serverAllow users to resolve user passwd entries directly from ldap rather then using a sssd serverAllow users to run TCP servers (bind to ports and accept connection from the same domain and outside users) disabling this forces FTP passive mode and may change other protocols.Allow xen to manage nfs filesAllow xend to run blktapctrl/tapdisk. Not required if using dedicated logical volumes for disk images.Allow xend to run qemu-dm. Not required if using paravirt and no vfb.Allow xguest to exec contentAllow xguest to use blue tooth devicesAllow xguest users to configure Network Manager and connect to apache portsAllow xguest users to mount removable mediaAllow zebra daemon to write it configuration filesAllows %s to bind to any udp portAllows %s to bind to any udp ports > 1024Allows %s to connect to any tcp portAllows %s to connect to any udp portAllows XServer to execute writable memoryAllows clients to write to the X server shared memory segments.Alternate SELinux policy, defaults to /sys/fs/selinux/policyAlternate root directory, defaults to /Analyzing Policy...ApplicationApplication File TypesApplications - Advanced SearchApplyAre you sure you want to delete %s '%s'?Bad format %(BOOLNAME)s: Record %(VALUE)sBooleanBoolean EnabledBoolean %s Allow RulesBoolean %s is defined in policy, cannot be deletedBoolean %s is not definedBoolean NameBoolean nameBoolean to determine whether the system permits loading policy, setting enforcing mode, and changing boolean values. Set this to true and you have to reboot to set it back.BooleansBuiltin Permissive TypesCalling Process DomainCan not combine +/- with other types of categoriesCan not have multiple sensitivitiesCan not modify sensitivity levels using '+' on %sCancelCannot find your entry in the shadow passwd file. Cannot read policy store.Change process mode to enforcingChange process mode to permissive.Changing the policy type will cause a relabel of the entire file system on the next boot. Relabeling takes a long time depending on the size of the file system. Do you wish to continue?Changing to SELinux disabled requires a reboot. It is not recommended. If you later decide to turn SELinux back on, the system will be required to relabel. If you just want to see if SELinux is causing a problem on your system, you can go to permissive mode which will only log errors and not enforce SELinux policy. Permissive mode does not require a reboot Do you wish to continue?Changing to SELinux enabled will cause a relabel of the entire file system on the next boot. Relabeling takes a long time depending on the size of the file system. Do you wish to continue?ClassCommand required for this type of policyConfigue SELinuxConfined Root Administrator RoleContextCopyright (c)2006 Red Hat, Inc. Copyright (c) 2006 Dan Walsh Could not add SELinux user %sCould not add addr %sCould not add file context for %sCould not add interface %sCould not add login mapping for %sCould not add port %(PROTOCOL)s/%(PORT)sCould not add prefix %(PREFIX)s for %(ROLE)sCould not add role %(ROLE)s for %(NAME)sCould not check if SELinux user %s is definedCould not check if addr %s is definedCould not check if boolean %s is definedCould not check if file context for %s is definedCould not check if interface %s is definedCould not check if login mapping for %s is definedCould not check if port %(PROTOCOL)s/%(PORT)s is definedCould not check if port @%(PROTOCOL)s/%(PORT)s is definedCould not close descriptors. Could not commit semanage transactionCould not create a key for %(PROTOTYPE)s/%(PORT)sCould not create a key for %sCould not create addr for %sCould not create context for %(PROTOCOL)s/%(PORT)sCould not create context for %sCould not create file context for %sCould not create interface for %sCould not create key for %sCould not create login mapping for %sCould not create module keyCould not create port for %(PROTOCOL)s/%(PORT)sCould not create semanage handleCould not delete SELinux user %sCould not delete addr %sCould not delete all interface mappingsCould not delete boolean %sCould not delete file context for %sCould not delete interface %sCould not delete login mapping for %sCould not delete port %(PROTOCOL)s/%(PORT)sCould not delete the file context %sCould not delete the port %sCould not deleteall node mappingsCould not determine enforcing mode. Could not disable module %sCould not enable module %sCould not establish semanage connectionCould not extract key for %sCould not get module enabledCould not get module lang_extCould not get module nameCould not get module priorityCould not list SELinux modulesCould not list SELinux usersCould not list addrsCould not list booleansCould not list file contextsCould not list interfacesCould not list local file contextsCould not list login mappingsCould not list portsCould not list roles for user %sCould not list the file contextsCould not list the portsCould not modify SELinux user %sCould not modify addr %sCould not modify boolean %sCould not modify file context for %sCould not modify interface %sCould not modify login mapping for %sCould not modify port %(PROTOCOL)s/%(PORT)sCould not open file %s Could not query addr %sCould not query file context %sCould not query file context for %sCould not query interface %sCould not query port %(PROTOCOL)s/%(PORT)sCould not query seuser for %sCould not query user for %sCould not remove module %s (remove failed)Could not remove permissive domain %s (remove failed)Could not set MLS level for %sCould not set MLS range for %sCould not set SELinux user for %sCould not set active value of boolean %sCould not set addr context for %sCould not set exec context to %s. Could not set file context for %sCould not set interface context for %sCould not set mask for %sCould not set message context for %sCould not set mls fields in addr context for %sCould not set mls fields in file context for %sCould not set mls fields in interface context for %sCould not set mls fields in port context for %(PROTOCOL)s/%(PORT)sCould not set module key nameCould not set name for %sCould not set permissive domain %s (module installation failed)Could not set port context for %(PROTOCOL)s/%(PORT)sCould not set role in addr context for %sCould not set role in file context for %sCould not set role in interface context for %sCould not set role in port context for %(PROTOCOL)s/%(PORT)sCould not set type in addr context for %sCould not set type in file context for %sCould not set type in interface context for %sCould not set type in port context for %(PROTOCOL)s/%(PORT)sCould not set user in addr context for %sCould not set user in file context for %sCould not set user in interface context for %sCould not set user in port context for %(PROTOCOL)s/%(PORT)sCould not start semanage transactionCould not test MLS enabled statusCouldn't get default type. Create/Manipulate temporary files in /tmpCurrent Enforcing ModeCustomizedCustomized Permissive TypesDBUS System DaemonDefaultDefault LevelDeleteDelete %sDelete File ContextDelete Network PortDelete SELinux User MappingDelete UserDelete modified SELinux User/Role definitions.Delete userDeny any process from ptracing or debugging any other processes.Deny user domains applications to map a memory region as both executable and writable, this is dangerous and the executable should be reported in bugzillaDescriptionDesktop Login User RoleDetermine whether Bind can bind tcp socket to http ports.Determine whether Bind can write to master zone files. Generally this is used for dynamic DNS or zone transfers.Determine whether Cobbler can access cifs file systems.Determine whether Cobbler can access nfs file systems.Determine whether Cobbler can connect to the network using TCP.Determine whether Cobbler can modify public files used for public file transfer services.Determine whether Condor can connect to the network using TCP.Determine whether DHCP daemon can use LDAP backends.Determine whether Git CGI can access cifs file systems.Determine whether Git CGI can access nfs file systems.Determine whether Git CGI can search home directories.Determine whether Git session daemon can bind TCP sockets to all unreserved ports.Determine whether Git system daemon can access cifs file systems.Determine whether Git system daemon can access nfs file systems.Determine whether Git system daemon can search home directories.Determine whether Gitosis can send mail.Determine whether Polipo can access nfs file systems.Determine whether Polipo session daemon can bind tcp sockets to all unreserved ports.Determine whether attempts by wine to mmap low regions should be silently blocked.Determine whether awstats can purge httpd log files.Determine whether calling user domains can execute Git daemon in the git_session_t domain.Determine whether calling user domains can execute Polipo daemon in the polipo_session_t domain.Determine whether can antivirus programs use JIT compiler.Determine whether cdrecord can read various content. nfs, samba, removable devices, user temp and untrusted content filesDetermine whether collectd can connect to the network using TCP.Determine whether conman can connect to all TCP portsDetermine whether cvs can read shadow password files.Determine whether dbadm can manage generic user files.Determine whether dbadm can read generic user files.Determine whether docker can connect to all TCP ports.Determine whether entropyd can use audio devices as the source for the entropy feeds.Determine whether exim can connect to databases.Determine whether exim can create, read, write, and delete generic user content files.Determine whether exim can read generic user content files.Determine whether fenced can connect to the TCP network.Determine whether fenced can use ssh.Determine whether ftpd can bind to all unreserved ports for passive mode.Determine whether ftpd can connect to all unreserved ports.Determine whether ftpd can connect to databases over the TCP network.Determine whether ftpd can login to local users and can read and write all files on the system, governed by DAC.Determine whether ftpd can modify public files used for public file transfer services. Directories/Files must be labeled public_content_rw_t.Determine whether ftpd can use CIFS used for public file transfer services.Determine whether ftpd can use NFS used for public file transfer services.Determine whether icecast can listen on and connect to any TCP port.Determine whether irc clients can listen on and connect to any unreserved TCP ports.Determine whether mcelog can execute scripts.Determine whether mcelog can use all the user ttys.Determine whether mcelog supports client mode.Determine whether mcelog supports server mode.Determine whether minidlna can read generic user content.Determine whether mpd can traverse user home directories.Determine whether mpd can use cifs file systems.Determine whether mpd can use nfs file systems.Determine whether mplayer can make its stack executable.Determine whether neutron can connect to all TCP portsDetermine whether openvpn can connect to the TCP network.Determine whether openvpn can read generic user home content files.Determine whether polipo can access cifs file systems.Determine whether privoxy can connect to all tcp ports.Determine whether smartmon can support devices on 3ware controllers.Determine whether squid can connect to all TCP ports.Determine whether squid can run as a transparent proxy.Determine whether swift can connect to all TCP portsDetermine whether tmpreaper can use cifs file systems.Determine whether tmpreaper can use nfs file systems.Determine whether tmpreaper can use samba_share filesDetermine whether to support lpd server.Determine whether tor can bind tcp sockets to all unreserved ports.Determine whether varnishd can use the full TCP network.Determine whether webadm can manage generic user files.Determine whether webadm can read generic user files.Determine whether zabbix can connect to all TCP portsDisableDisable AuditDisable kernel module loading.DisabledDisabled Permissive Enforcing Display applications that can transition into or out of the '%s'.Display applications that can transition into or out of the 'selected domain'.Display boolean information that can be used to modify the policy for the '%s'.Display boolean information that can be used to modify the policy for the 'selected domain'.Display file type information that can be used by the '%s'.Display file type information that can be used by the 'selected domain'.Display network ports to which the '%s' can connect or listen to.Display network ports to which the 'selected domain' can connect or listen to.Domain name(s) of man pages to be createdEdit Network PortEnableEnable AuditEnable cluster mode for daemons.Enable extra rules in the cron domain to support fcron.Enable polyinstantiated directory support.Enable reading of urandom for all domains.Enable/Disable additional audit rules, that are normally not reported in the log files.EnabledEnforcingEnter SELinux role(s) to which the administror domain will transitionEnter SELinux user(s) which will transition to this domainEnter a comma separated list of tcp ports or ranges of ports that %s connects to. Example: 612, 650-660Enter a comma separated list of udp ports or ranges of ports that %s binds to. Example: 612, 650-660Enter a comma separated list of udp ports or ranges of ports that %s connects to. Example: 612, 650-660Enter complete path for executable to be confined.Enter complete path to init script used to start the confined application.Enter domain type which you will be extendingEnter domain(s) which this confined admin will administrateEnter interface names, you wish to queryEnter unique name for the confined application or user role.Equivalence class for %s already existsEquivalence class for %s does not existsError allocating memory. Error allocating shell's argv0. Error changing uid, aborting. Error connecting to audit system. Error resetting KEEPCAPS, aborting Error sending audit message. Error! Could not clear O_NONBLOCK on %s Error! Could not open %s. Error! Shell is not valid. Error: multiple levels specified Error: multiple roles specified Error: multiple types specified Error: you are not allowed to change levels on a non secure terminal ExecutableExecutable FileExecutable FilesExecutables which will transition to a different domain, when the '%s' executes them.Executables which will transition to a different domain, when the 'selected domain' executes them.Executables which will transition to the '%s', when executing a selected domains entrypoint.Executables which will transition to the 'selected domain', when executing a selected domains entrypoint.Existing Domain TypeExisting User RolesExisting_UserExportExport system settings to a fileFailed to close tty properly Failed to drop capabilities %m Failed to read %s policy fileFailed to send audit messageFailed to transition to namespace File SpecificationFile TypeFile Contexts fileFile LabelingFile NameFile PathFile SpecificationFile TypeFile Types defined for the '%s'.File Types defined for the 'selected domain'.File class: %sFile context for %s is defined in policy, cannot be deletedFile context for %s is not definedFile path used to enter the '%s' domain.File path used to enter the 'selected domain'.File path: %sFile specification can not include spacesFilesFiles to which the '%s' domain can write.Files to which the 'selected domain' can write.Files/Directories which the %s "manages". Pid Files, Log Files, /var/lib Files ...FilterGPLGenerate '%s' policyGenerate '%s' policy Generate HTML man pages structure for selected SELinux man pageGenerate SELinux Policy module templateGenerate SELinux man pagesGenerate new policy moduleGraphical User Interface for SELinux PolicyGroup ViewImportImport system settings from another machineInboundInit scriptInteracts with the terminalInterface %s does not exist.Interface %s is defined in policy, cannot be deletedInterface %s is not definedInterface fileInternet Services DaemonInternet Services Daemon (inetd)Internet Services Daemon are daemons started by xinetdInvalid PortInvalid file specificationInvalid priority %d (needs to be between 1 and 999)LabelingLanguageLinux Group %s does not existLinux User %s does not existList SELinux Policy interfacesList ViewLoad Policy ModuleLoad policy moduleLogin NameLogin '%s' is requiredLogin NameLogin Name : %sLogin mapping for %s is defined in policy, cannot be deletedLogin mapping for %s is not definedMCS LevelMCS RangeMLSMLS/MLS/ MCS RangeMLS/MCS LevelMLS/MCS RangeMinimal Terminal Login User RoleMinimal Terminal User RoleMinimal X Windows Login User RoleMinimal X Windows User RoleModifyModify %sModify File ContextModify SELinux User MappingModify SELinux UsersModify UserModify an existing login user record.Modify userModule %s already loaded in current policy. Do you want to continue?Module NameModule does not exists %s Module information for a new typeMore DetailsMore TypesNameName must be alpha numberic with no spaces. Consider using option "-n MODULENAME"NetworkNetwork Bind tabNetwork PortNetwork Ports to which the '%s' is allowed to connect.Network Ports to which the '%s' is allowed to listen.Network Ports to which the 'selected domain' is allowed to connect.Network Ports to which the 'selected domain' is allowed to listen.NoNo SELinux Policy installedNo context in file %s Node Address is requiredNot yet implementedOnly Daemon apps can use an init script..Options Error %s Out of memory! OutboundPassword:PermissivePermit to prosody to bind apache port. Need to be activated to use BOSH.Policy DirectoryPolicy ModulePolicy types which require a commandPortPort %(PROTOCOL)s/%(PORT)s already definedPort %(PROTOCOL)s/%(PORT)s is defined in policy, cannot be deletedPort %(PROTOCOL)s/%(PORT)s is not definedPort @%(PROTOCOL)s/%(PORT)s is not definedPort NumberPort is requiredPort number "%s" is not valid. 0 < PORT_NUMBER < 65536 Ports must be numbers or ranges of numbers from 1 to %d PrefixPriorityProcess DomainProcess TypesProtoProtocolProtocol udp or tcp is requiredQuery SELinux policy network informationRed Hat 2007Relabel on next reboot.Remove loadable policy moduleRequires at least one categoryRequires prefix or rolesRequires prefix, roles, level or rangeRequires setypeRequires setype or serangeRequires setype, serange or seuserRequires seuser or serangeRevertRevert ChangesRevert boolean setting to system defaultRoleRoles: %sRoot Admin User RoleSELinux UserSELinux AdministrationSELinux Application TypeSELinux Directory TypeSELinux File LabelSELinux File TypeSELinux InterfaceSELinux Policy Generation ToolSELinux Port TypeSELinux Port TypeSELinux RolesSELinux TypeSELinux Type is requiredSELinux UserSELinux User : %sSELinux User NameSELinux User: %sSELinux UsernameSELinux booleanSELinux fcontextSELinux file type: %sSELinux node type is requiredSELinux policy is not managed or store cannot be accessed.SELinux user %s is defined in policy, cannot be deletedSELinux user %s is not definedSELinux user '%s' is requiredSandboxSelect Management ObjectSelect PortsSelect Root Administrator User Role, if this user will be used to administer the machine while running as root. This user will not be able to login to the system directly.Select applications domains that %s will transition to.Select directory to generate policy files inSelect directory(s) that the confined application owns and writes intoSelect domainSelect executable file to be confined.Select file(s) that confined application creates or writesSelect if you wish to relabel then entire file system on next reboot. Relabeling can take a very long time, depending on the size of the system. If you are changing policy types or going from disabled to enforcing, a relabel is required.Select init script file to be confined.Select the domains that you would like this user administer.Select the user roles that will transiton to the %s domain.Select the user roles that will transiton to this applications domains.Selinux File TypeSemanage transaction already in progressSemanage transaction not in progressSends audit messagesSends emailServiceSetup ScriptShow Modified OnlyShow ports defined for this SELinux typeSorry, -l may be used with SELinux MLS support. Sorry, newrole failed to drop capabilities Sorry, newrole may be used only on a SELinux kernel. Sorry, run_init may be used only on a SELinux kernel. Source DomainSpec fileStandard Init DaemonStandard Init Daemon are daemons started on boot via init scripts. Usually requires a script in /etc/rc.d/init.dStateStatusSupport NFS home directoriesSupport SAMBA home directoriesSupport X userspace object managerSupport ecryptfs home directoriesSupport fusefs home directoriesSystem Default Enforcing ModeSystem Default Policy Type: System Status: DisabledSystem Status: EnforcingSystem Status: PermissiveTarget %s is not valid. Target is not allowed to end with '/'Target DomainThe sepolgen python module is required to setup permissive domains. In some distributions it is included in the policycoreutils-devel patckage. # yum install policycoreutils-devel Or similar for your distro.This user can login to a machine via X or terminal. By default this user will have no setuid, no networking, no sudo, no suThis user will login to a machine only via a terminal or remote login. By default this user will have no setuid, no networking, no su, no sudo.To make this policy package active, execute:Toggle between Customized and All BooleansToggle between Customized and All PortsToggle between all and customized file contextTransitionsType %s is invalid, must be a file or device typeType %s is invalid, must be a node typeType %s is invalid, must be a port typeType %s_t already defined in current policy. Do you want to continue?Type Enforcement fileType field requiredType is requiredTypesUSAGE: run_init