(typealias tmpfiles_var_run_t)
(typealiasactual tmpfiles_var_run_t tmpfiles_runtime_t)
(type tmpfiles_t)
(roletype object_r tmpfiles_t)
(type tmpfiles_exec_t)
(roletype object_r tmpfiles_exec_t)
(type tmpfiles_conf_t)
(roletype object_r tmpfiles_conf_t)
(type tmpfiles_runtime_t)
(roletype object_r tmpfiles_runtime_t)
(boolean tmpfiles_manage_all_non_security true)
(roleattributeset cil_gen_require system_r)
(roletype system_r tmpfiles_t)
(typeattributeset cil_gen_require initrc_t)
(typeattributeset cil_gen_require daemon)
(typeattributeset daemon (tmpfiles_t ))
(typeattributeset cil_gen_require domain)
(typeattributeset domain (tmpfiles_t ))
(typeattributeset cil_gen_require security_t)
(typeattributeset cil_gen_require sysfs_t)
(typeattributeset cil_gen_require selinux_config_t)
(typeattributeset cil_gen_require entry_type)
(typeattributeset entry_type (tmpfiles_exec_t ))
(typeattributeset cil_gen_require exec_type)
(typeattributeset exec_type (tmpfiles_exec_t ))
(typeattributeset cil_gen_require file_type)
(typeattributeset file_type (tmpfiles_exec_t tmpfiles_conf_t tmpfiles_runtime_t ))
(typeattributeset cil_gen_require non_security_file_type)
(typeattributeset non_security_file_type (tmpfiles_exec_t tmpfiles_conf_t tmpfiles_runtime_t ))
(typeattributeset cil_gen_require non_auth_file_type)
(typeattributeset non_auth_file_type (tmpfiles_exec_t tmpfiles_conf_t tmpfiles_runtime_t ))
(typeattributeset cil_gen_require configfile)
(typeattributeset configfile (tmpfiles_conf_t ))
(typeattributeset cil_gen_require pidfile)
(typeattributeset pidfile (tmpfiles_runtime_t ))
(typeattributeset cil_gen_require bin_t)
(typeattributeset cil_gen_require usr_t)
(typeattributeset cil_gen_require shell_exec_t)
(typeattributeset cil_gen_require device_node)
(typeattributeset cil_gen_require device_t)
(typeattributeset cil_gen_require var_t)
(typeattributeset cil_gen_require var_lock_t)
(typeattributeset cil_gen_require tmp_t)
(typeattributeset cil_gen_require lockfile)
(typeattributeset cil_gen_require tmpfile)
(typeattributeset cil_gen_require var_run_t)
(typeattributeset cil_gen_require filesystem_type)
(typeattributeset cil_gen_require tmpfs_t)
(typeattributeset cil_gen_require cgroup_types)
(typeattributeset cil_gen_require nsswitch_domain)
(typeattributeset nsswitch_domain (tmpfiles_t ))
(typeattributeset cil_gen_require rc_exec_t)
(typeattributeset cil_gen_require locale_t)
(typeattributeset cil_gen_require etc_t)
(typeattributeset cil_gen_require setfiles_exec_t)
(typeattributeset cil_gen_require proc_t)
(typeattributeset cil_gen_require default_context_t)
(typeattributeset cil_gen_require file_context_t)
(typeattributeset cil_gen_require initrc_state_t)
(allow tmpfiles_t tmpfiles_exec_t (file (entrypoint)))
(allow tmpfiles_t tmpfiles_exec_t (file (ioctl read getattr lock map execute open)))
(allow initrc_t tmpfiles_exec_t (file (ioctl read getattr map execute open)))
(allow initrc_t tmpfiles_t (process (transition)))
(dontaudit initrc_t tmpfiles_t (process (noatsecure siginh rlimitinh)))
(typetransition initrc_t tmpfiles_exec_t process tmpfiles_t)
(allow tmpfiles_t initrc_t (fd (use)))
(allow tmpfiles_t initrc_t (fifo_file (ioctl read write getattr lock append)))
(allow tmpfiles_t initrc_t (process (sigchld)))
(allow tmpfiles_t self (capability (chown fowner fsetid mknod)))
(allow tmpfiles_t self (process (getsched setfscreate)))
(allow tmpfiles_t self (fifo_file (ioctl read write getattr lock append open)))
(allow tmpfiles_t self (unix_dgram_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow tmpfiles_t tmpfiles_exec_t (file (execute_no_trans)))
(allow tmpfiles_t tmpfiles_conf_t (dir (getattr open search)))
(allow tmpfiles_t tmpfiles_conf_t (dir (ioctl read getattr lock open search)))
(allow tmpfiles_t tmpfiles_conf_t (dir (getattr open search)))
(allow tmpfiles_t tmpfiles_conf_t (file (ioctl read getattr lock open)))
(allow tmpfiles_t tmpfiles_runtime_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow tmpfiles_t tmpfiles_runtime_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow tmpfiles_t tmpfiles_runtime_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow tmpfiles_t tmpfiles_runtime_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
(allow tmpfiles_t bin_t (dir (getattr open search)))
(allow tmpfiles_t bin_t (lnk_file (read getattr)))
(allow tmpfiles_t usr_t (dir (getattr open search)))
(allow tmpfiles_t bin_t (dir (getattr open search)))
(allow tmpfiles_t bin_t (dir (ioctl read getattr lock open search)))
(allow tmpfiles_t bin_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow tmpfiles_t bin_t (dir (getattr open search)))
(allow tmpfiles_t bin_t (lnk_file (read getattr)))
(allow tmpfiles_t usr_t (dir (getattr open search)))
(allow tmpfiles_t bin_t (dir (getattr open search)))
(allow tmpfiles_t bin_t (dir (ioctl read getattr lock open search)))
(allow tmpfiles_t shell_exec_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow tmpfiles_t self (capability (mknod)))
(allow tmpfiles_t device_t (dir (ioctl write getattr lock open add_name search)))
(allow tmpfiles_t device_node (blk_file (create getattr)))
(allow tmpfiles_t self (capability (mknod)))
(allow tmpfiles_t device_t (dir (ioctl write getattr lock open add_name search)))
(allow tmpfiles_t device_node (chr_file (create getattr)))
(allow tmpfiles_t device_t (dir (getattr open search)))
(allow tmpfiles_t device_node (blk_file (getattr)))
(allow tmpfiles_t device_t (dir (getattr open search)))
(allow tmpfiles_t device_t (blk_file (getattr)))
(allow tmpfiles_t device_t (dir (getattr open search)))
(allow tmpfiles_t device_t (chr_file (getattr)))
(allow tmpfiles_t device_t (dir (getattr open search)))
(allow tmpfiles_t device_node (dir (getattr relabelfrom)))
(allow tmpfiles_t device_t (dir (getattr relabelfrom)))
(allow tmpfiles_t device_t (dir (getattr open search)))
(allow tmpfiles_t device_node (file (getattr relabelfrom)))
(allow tmpfiles_t device_t (file (getattr relabelfrom)))
(allow tmpfiles_t device_t (dir (getattr open search)))
(allow tmpfiles_t device_node (lnk_file (getattr relabelfrom)))
(allow tmpfiles_t device_t (lnk_file (getattr relabelfrom)))
(allow tmpfiles_t device_t (dir (getattr open search)))
(allow tmpfiles_t device_node (fifo_file (getattr relabelfrom)))
(allow tmpfiles_t device_t (fifo_file (getattr relabelfrom)))
(allow tmpfiles_t device_t (dir (getattr open search)))
(allow tmpfiles_t device_node (sock_file (getattr relabelfrom)))
(allow tmpfiles_t device_t (sock_file (getattr relabelfrom)))
(allow tmpfiles_t device_t (dir (getattr open search)))
(allow tmpfiles_t device_node (blk_file (getattr relabelfrom relabelto)))
(allow tmpfiles_t device_t (blk_file (getattr relabelfrom relabelto)))
(allow tmpfiles_t device_t (dir (getattr open search)))
(allow tmpfiles_t device_node (chr_file (getattr relabelfrom relabelto)))
(allow tmpfiles_t device_t (chr_file (getattr relabelfrom relabelto)))
(allow tmpfiles_t device_t (dir (getattr open search)))
(allow tmpfiles_t device_t (dir (getattr relabelfrom relabelto)))
(allow tmpfiles_t device_t (chr_file (getattr relabelfrom)))
(allow tmpfiles_t device_t (dir (getattr open search)))
(allow tmpfiles_t device_node (blk_file (setattr)))
(allow tmpfiles_t device_t (dir (getattr open search)))
(allow tmpfiles_t device_node (chr_file (setattr)))
(allow tmpfiles_t device_t (dir (getattr open search)))
(allow tmpfiles_t device_t (dir (setattr)))
(allow tmpfiles_t pidfile (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow tmpfiles_t pidfile (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
(allow tmpfiles_t pidfile (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow tmpfiles_t pidfile (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow tmpfiles_t pidfile (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow tmpfiles_t pidfile (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
(allow tmpfiles_t var_t (dir (getattr open search)))
(allow tmpfiles_t var_lock_t (lnk_file (read getattr)))
(allow tmpfiles_t var_lock_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow tmpfiles_t var_lock_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
(allow tmpfiles_t var_lock_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow tmpfiles_t var_lock_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow tmpfiles_t tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow tmpfiles_t tmp_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
(allow tmpfiles_t tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow tmpfiles_t tmp_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow tmpfiles_t var_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
(allow tmpfiles_t var_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow tmpfiles_t var_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow tmpfiles_t var_t (dir (getattr open search)))
(allow tmpfiles_t var_lock_t (lnk_file (read getattr)))
(allow tmpfiles_t lockfile (dir (getattr open search)))
(allow tmpfiles_t lockfile (dir (getattr relabelfrom relabelto)))
(allow tmpfiles_t pidfile (dir (getattr open search)))
(allow tmpfiles_t pidfile (file (getattr relabelfrom relabelto)))
(allow tmpfiles_t var_t (dir (getattr open search)))
(allow tmpfiles_t tmpfile (dir (getattr open search)))
(allow tmpfiles_t tmpfile (dir (getattr relabelfrom relabelto)))
(allow tmpfiles_t var_t (dir (getattr open search)))
(allow tmpfiles_t tmpfile (dir (getattr open search)))
(allow tmpfiles_t tmpfile (file (getattr relabelfrom relabelto)))
(allow tmpfiles_t tmpfile (dir (getattr setattr open search)))
(allow tmpfiles_t var_t (dir (getattr open search)))
(allow tmpfiles_t var_lock_t (dir (setattr)))
(allow tmpfiles_t var_run_t (lnk_file (read getattr)))
(allow tmpfiles_t var_run_t (dir (setattr)))
(allow tmpfiles_t filesystem_type (filesystem (getattr)))
(allow tmpfiles_t file_type (filesystem (getattr)))
(allow tmpfiles_t tmpfs_t (dir (getattr)))
(allow tmpfiles_t cgroup_types (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow tmpfiles_t cgroup_types (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow tmpfiles_t sysfs_t (dir (getattr open search)))
(allow tmpfiles_t sysfs_t (dir (getattr open search)))
(allow tmpfiles_t sysfs_t (dir (getattr open search)))
(allow tmpfiles_t sysfs_t (dir (getattr open search)))
(allow tmpfiles_t security_t (dir (ioctl read getattr lock open search)))
(allow tmpfiles_t security_t (file (ioctl read getattr map open)))
(allow tmpfiles_t bin_t (dir (getattr open search)))
(allow tmpfiles_t bin_t (lnk_file (read getattr)))
(allow tmpfiles_t usr_t (dir (getattr open search)))
(allow tmpfiles_t rc_exec_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow tmpfiles_t etc_t (dir (getattr open search)))
(allow tmpfiles_t etc_t (lnk_file (read getattr)))
(allow tmpfiles_t usr_t (dir (getattr open search)))
(allow tmpfiles_t locale_t (dir (ioctl read getattr lock open search)))
(allow tmpfiles_t locale_t (dir (getattr open search)))
(allow tmpfiles_t locale_t (file (ioctl read getattr lock open)))
(allow tmpfiles_t locale_t (dir (getattr open search)))
(allow tmpfiles_t locale_t (lnk_file (read getattr)))
(allow tmpfiles_t locale_t (file (map)))
(allow tmpfiles_t usr_t (dir (getattr open search)))
(allow tmpfiles_t bin_t (dir (getattr open search)))
(allow tmpfiles_t bin_t (lnk_file (read getattr)))
(allow tmpfiles_t usr_t (dir (getattr open search)))
(allow tmpfiles_t setfiles_exec_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow tmpfiles_t security_t (filesystem (getattr)))
(allow tmpfiles_t sysfs_t (filesystem (getattr)))
(allow tmpfiles_t sysfs_t (dir (getattr open search)))
(allow tmpfiles_t sysfs_t (dir (getattr open search)))
(allow tmpfiles_t proc_t (dir (getattr open search)))
(allow tmpfiles_t proc_t (file (ioctl read getattr lock open)))
(allow tmpfiles_t proc_t (dir (getattr open search)))
(allow tmpfiles_t proc_t (lnk_file (read getattr)))
(allow tmpfiles_t proc_t (dir (getattr open search)))
(allow tmpfiles_t proc_t (dir (ioctl read getattr lock open search)))
(allow tmpfiles_t etc_t (dir (getattr open search)))
(allow tmpfiles_t selinux_config_t (dir (ioctl read getattr lock open search)))
(allow tmpfiles_t selinux_config_t (dir (getattr open search)))
(allow tmpfiles_t selinux_config_t (file (ioctl read getattr lock open)))
(allow tmpfiles_t selinux_config_t (dir (getattr open search)))
(allow tmpfiles_t selinux_config_t (lnk_file (read getattr)))
(allow tmpfiles_t etc_t (dir (getattr open search)))
(allow tmpfiles_t selinux_config_t (dir (getattr open search)))
(allow tmpfiles_t default_context_t (dir (getattr open search)))
(allow tmpfiles_t file_context_t (dir (getattr open search)))
(allow tmpfiles_t file_context_t (file (ioctl read getattr lock open)))
(allow tmpfiles_t file_context_t (file (map)))
(allow tmpfiles_t device_t (dir (ioctl read getattr lock open search)))
(allow tmpfiles_t device_t (dir (ioctl write getattr lock open add_name search)))
(allow tmpfiles_t device_t (dir (create getattr)))
(allow tmpfiles_t device_t (chr_file (ioctl read write getattr lock append open)))
(allow tmpfiles_t self (capability (mknod)))
(allow tmpfiles_t device_t (dir (ioctl write getattr lock open add_name search)))
(allow tmpfiles_t device_t (chr_file (create getattr)))
(allow tmpfiles_t self (capability (mknod)))
(allow tmpfiles_t device_t (dir (ioctl write getattr lock open add_name search)))
(allow tmpfiles_t device_t (blk_file (create getattr)))
(allow tmpfiles_t initrc_state_t (dir (getattr open search)))
(allow tmpfiles_t initrc_state_t (file (getattr relabelto)))
(allow tmpfiles_t initrc_state_t (dir (getattr open search)))
(allow tmpfiles_t initrc_state_t (dir (getattr relabelto)))
(booleanif (tmpfiles_manage_all_non_security)
    (true
        (allow tmpfiles_t non_security_file_type (chr_file (getattr relabelfrom)))
        (allow tmpfiles_t non_security_file_type (dir (getattr open search)))
        (allow tmpfiles_t non_security_file_type (blk_file (getattr relabelfrom)))
        (allow tmpfiles_t non_security_file_type (dir (getattr open search)))
        (allow tmpfiles_t non_security_file_type (sock_file (getattr relabelfrom relabelto)))
        (allow tmpfiles_t non_security_file_type (dir (getattr open search)))
        (allow tmpfiles_t non_security_file_type (fifo_file (getattr relabelfrom relabelto)))
        (allow tmpfiles_t non_security_file_type (dir (getattr open search)))
        (allow tmpfiles_t non_security_file_type (lnk_file (getattr relabelfrom relabelto)))
        (allow tmpfiles_t non_security_file_type (dir (getattr open search)))
        (allow tmpfiles_t non_security_file_type (file (getattr relabelfrom relabelto)))
        (allow tmpfiles_t non_security_file_type (dir (getattr open search)))
        (allow tmpfiles_t non_security_file_type (dir (getattr relabelfrom relabelto)))
        (allow tmpfiles_t non_security_file_type (dir (getattr open search)))
        (allow tmpfiles_t non_security_file_type (dir (ioctl read getattr lock open search)))
        (allow tmpfiles_t non_security_file_type (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
        (allow tmpfiles_t non_security_file_type (sock_file (ioctl read write create getattr setattr lock append unlink link rename open)))
        (allow tmpfiles_t non_security_file_type (dir (ioctl read write getattr lock open add_name remove_name search)))
        (allow tmpfiles_t non_security_file_type (fifo_file (ioctl read write create getattr setattr lock append unlink link rename open)))
        (allow tmpfiles_t non_security_file_type (dir (ioctl read write getattr lock open add_name remove_name search)))
        (allow tmpfiles_t non_security_file_type (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
        (allow tmpfiles_t non_security_file_type (dir (ioctl read write getattr lock open add_name remove_name search)))
        (allow tmpfiles_t non_security_file_type (file (ioctl read write create getattr setattr lock append unlink link rename open)))
        (allow tmpfiles_t non_security_file_type (dir (ioctl read write getattr lock open add_name remove_name search)))
        (allow tmpfiles_t non_security_file_type (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
        (allow tmpfiles_t non_security_file_type (dir (ioctl read write getattr lock open add_name remove_name search)))
    )
)
(optional tmpfiles_optional_2
    (typeattributeset cil_gen_require init_t)
    (allow tmpfiles_t init_t (process (sigchld)))
    (allow tmpfiles_t init_t (process (signull)))
)
(optional tmpfiles_optional_3
    (typeattributeset cil_gen_require rpm_t)
    (allow tmpfiles_t rpm_t (fd (use)))
    (allow tmpfiles_t rpm_t (fifo_file (ioctl read getattr lock open)))
)
(optional tmpfiles_optional_4
    (typeattributeset cil_gen_require security_t)
    (typeattributeset cil_gen_require sysfs_t)
    (dontaudit tmpfiles_t security_t (filesystem (getattr)))
    (dontaudit tmpfiles_t sysfs_t (filesystem (getattr)))
    (dontaudit tmpfiles_t sysfs_t (dir (getattr open search)))
    (dontaudit tmpfiles_t security_t (dir (getattr open search)))
    (dontaudit tmpfiles_t security_t (file (ioctl read getattr lock open)))
    (optional tmpfiles_optional_5
        (typeattributeset cil_gen_require selinux_config_t)
        (dontaudit tmpfiles_t selinux_config_t (dir (getattr open search)))
        (dontaudit tmpfiles_t selinux_config_t (file (ioctl read getattr lock open)))
    )
)
(filecon "/etc/tmpfiles\.d(/.*)?" any (system_u object_r tmpfiles_conf_t (systemlow systemlow)))
(filecon "/run/tmpfiles\.d(/.*)?" any (system_u object_r tmpfiles_runtime_t (systemlow systemlow)))
(filecon "/usr/bin/tmpfiles" file (system_u object_r tmpfiles_exec_t (systemlow systemlow)))
(filecon "/usr/lib/rc/bin/checkpath" file (system_u object_r tmpfiles_exec_t (systemlow systemlow)))
(filecon "/usr/lib/rc/sh/tmpfiles\.sh" file (system_u object_r tmpfiles_exec_t (systemlow systemlow)))
(filecon "/usr/libexec/rc/bin/checkpath" file (system_u object_r tmpfiles_exec_t (systemlow systemlow)))
(filecon "/usr/libexec/rc/sh/tmpfiles\.sh" file (system_u object_r tmpfiles_exec_t (systemlow systemlow)))
