ildbot@bb-ro-apexis-bbw03-x64-rhel-10-amd64 ~]$ sudo sesearch -A -s mysqld_t
allow corenet_unlabeled_type unlabeled_t:association { recvfrom sendto };
allow corenet_unlabeled_type unlabeled_t:dccp_socket recvfrom;
allow corenet_unlabeled_type unlabeled_t:peer recv;
allow corenet_unlabeled_type unlabeled_t:rawip_socket recvfrom;
allow corenet_unlabeled_type unlabeled_t:tcp_socket recvfrom;
allow corenet_unlabeled_type unlabeled_t:udp_socket recvfrom;
allow daemon abrt_t:unix_stream_socket connectto;
allow daemon abrt_var_run_t:sock_file { append getattr open write };
allow daemon auth_port_t:tcp_socket name_connect; [ daemons_use_tcp_wrapper ]:True
allow daemon cluster_conf_t:dir { add_name create getattr ioctl link lock open read remove_name rename reparent rmdir search setattr unlink watch watch_reads write }; [ daemons_enable_cluster_mode ]:True
allow daemon cluster_conf_t:dir { add_name getattr ioctl lock open read remove_name search write }; [ daemons_enable_cluster_mode ]:True
allow daemon cluster_conf_t:dir { add_name getattr ioctl lock open read remove_name search write }; [ daemons_enable_cluster_mode ]:True
allow daemon cluster_conf_t:dir { getattr open search }; [ daemons_enable_cluster_mode ]:False
allow daemon cluster_conf_t:file { append create getattr ioctl link lock open read rename setattr unlink watch watch_reads write }; [ daemons_enable_cluster_mode ]:True
allow daemon cluster_conf_t:file { getattr ioctl lock open read }; [ daemons_enable_cluster_mode ]:False
allow daemon cluster_pid:dir { getattr open search }; [ daemons_enable_cluster_mode ]:True
allow daemon cluster_pid:sock_file { append getattr open write }; [ daemons_enable_cluster_mode ]:True
allow daemon cluster_tmp_t:file write; [ daemons_enable_cluster_mode ]:True
allow daemon cluster_var_lib_t:dir { add_name getattr ioctl lock open read remove_name search write }; [ daemons_enable_cluster_mode ]:True
allow daemon cluster_var_lib_t:dir { getattr open search }; [ daemons_enable_cluster_mode ]:False
allow daemon cluster_var_lib_t:file { append create getattr ioctl link lock open read rename setattr unlink watch watch_reads write }; [ daemons_enable_cluster_mode ]:True
allow daemon cluster_var_lib_t:file { getattr ioctl lock open read }; [ daemons_enable_cluster_mode ]:False
allow daemon cluster_var_run_t:dir { add_name ioctl lock read remove_name write }; [ daemons_enable_cluster_mode ]:True
allow daemon cluster_var_run_t:dir { getattr open search }; [ daemons_enable_cluster_mode ]:False
allow daemon cluster_var_run_t:file { append create getattr ioctl link lock open read rename setattr unlink watch watch_reads write }; [ daemons_enable_cluster_mode ]:True
allow daemon cluster_var_run_t:file { getattr ioctl lock open read }; [ daemons_enable_cluster_mode ]:False
allow daemon daemon:unix_stream_socket connectto; [ daemons_enable_cluster_mode ]:True
allow daemon devpts_t:chr_file { append getattr ioctl lock open read write }; [ daemons_use_tty ]:True
allow daemon devpts_t:dir { getattr ioctl lock open read search };
allow daemon httpd_sys_content_t:dir { getattr open search };
allow daemon init_t:alg_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:appletalk_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:atmpvc_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:atmsvc_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:ax25_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:bluetooth_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:caif_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:can_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:dccp_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:decnet_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:icmp_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:ieee802154_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:ipx_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:irda_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:isdn_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:iucv_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:kcm_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:key_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:llc_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:mctp_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:netlink_audit_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:netlink_connector_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:netlink_crypto_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:netlink_dnrt_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:netlink_fib_lookup_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:netlink_firewall_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:netlink_generic_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:netlink_ip6fw_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:netlink_iscsi_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:netlink_kobject_uevent_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:netlink_netfilter_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:netlink_nflog_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:netlink_rdma_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:netlink_route_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:netlink_scsitransport_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:netlink_selinux_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:netlink_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:netlink_tcpdiag_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:netlink_xfrm_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:netrom_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:nfc_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:packet_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:phonet_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:pppox_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:qipcrtr_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:rawip_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:rds_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:rose_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:rxrpc_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:sctp_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:smc_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:tcp_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:tipc_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:tun_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:udp_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:unix_dgram_socket { getattr getopt ioctl read sendto setopt write };
allow daemon init_t:unix_stream_socket { accept append bind connect connectto getattr getopt ioctl listen lock read setattr setopt shutdown write };
allow daemon init_t:vsock_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:x25_socket { getattr getopt ioctl read setopt write };
allow daemon init_t:xdp_socket { getattr getopt ioctl read setopt write };
allow daemon init_var_run_t:dir { getattr open search };
allow daemon init_var_run_t:sock_file { append getattr open read write };
allow daemon initrc_devpts_t:chr_file { append getattr ioctl lock open read write };
allow daemon initrc_domain:fd use;
allow daemon initrc_domain:fifo_file { append getattr ioctl lock read write };
allow daemon initrc_domain:process sigchld;
allow daemon initrc_t:unix_dgram_socket sendto;
allow daemon initrc_t:unix_stream_socket { append bind connect getattr getopt ioctl lock read setattr setopt shutdown write };
allow daemon initrc_tmp_t:file write;
allow daemon initrc_transition_domain:fd use;
allow daemon initrc_transition_domain:fifo_file { append getattr ioctl lock read write };
allow daemon logfile:file { append getattr ioctl lock };
allow daemon nscd_t:nscd { getgrp gethost getpwd };
allow daemon nscd_t:unix_stream_socket { append bind connect connectto create getattr getopt ioctl lock read setattr setopt shutdown write };
allow daemon nscd_var_run_t:dir { getattr open search };
allow daemon nscd_var_run_t:file map;
allow daemon nscd_var_run_t:sock_file { append getattr open write };
allow daemon ptynode:chr_file { append getattr ioctl lock open read write }; [ daemons_use_tty ]:True
allow daemon root_t:dir { add_name remove_name write }; [ daemons_dump_core ]:True
allow daemon root_t:file { append create getattr ioctl link lock open read rename setattr unlink watch watch_reads write }; [ daemons_dump_core ]:True
allow daemon staff_usertype:association recvfrom;
allow daemon staff_usertype:peer recv;
allow daemon staff_usertype:tcp_socket recvfrom;
allow daemon sysadm_usertype:association recvfrom;
allow daemon sysadm_usertype:peer recv;
allow daemon sysadm_usertype:tcp_socket recvfrom;
allow daemon systemd_notify_exec_t:file { execute execute_no_trans getattr ioctl lock map open read };
allow daemon systemd_unit_file_type:dir getattr;
allow daemon tty_device_t:chr_file { append getattr ioctl lock open read write }; [ daemons_use_tty ]:True
allow daemon ttynode:chr_file { append getattr ioctl lock open read write }; [ daemons_use_tty ]:True
allow daemon unconfined_t:process signull;
allow daemon user_cron_spool_t:file { append getattr ioctl lock read write };
allow daemon user_home_t:file { append getattr };
allow daemon user_usertype:association recvfrom;
allow daemon user_usertype:peer recv;
allow daemon user_usertype:tcp_socket recvfrom;
allow domain abrt_dump_oops_t:process sigchld; [ deny_ptrace ]:False
allow domain abrt_helper_exec_t:file { execute getattr ioctl map open read };
allow domain abrt_helper_t:process transition;
allow domain abrt_t:dir { getattr ioctl lock open read search };
allow domain abrt_t:fifo_file { append getattr ioctl lock read write };
allow domain abrt_t:file { getattr ioctl lock open read };
allow domain abrt_t:lnk_file { getattr read };
allow domain abrt_t:process { getattr signull };
allow domain abrt_var_run_t:dir { getattr open search };
allow domain abrt_var_run_t:file { getattr ioctl lock open read };
allow domain admin_home_t:dir { getattr open search };
allow domain admin_home_t:lnk_file { getattr read };
allow domain afs_cache_t:file { read write };
allow domain afs_t:udp_socket { read write };
allow domain automount_t:fd use;
allow domain automount_t:fifo_file write;
allow domain base_file_type:dir { getattr open search };
allow domain base_ro_file_type:dir { ioctl lock read };
allow domain base_ro_file_type:file { getattr ioctl lock open read };
allow domain base_ro_file_type:lnk_file { getattr read };
allow domain cpu_online_t:dir { getattr open search };
allow domain cpu_online_t:file { getattr ioctl lock open read };
allow domain crond_t:fifo_file { append getattr ioctl lock read write };
allow domain crypt_device_t:chr_file { append getattr ioctl lock open read write };
allow domain device_t:dir { ioctl lock read };
allow domain device_t:lnk_file { getattr read };
allow domain devicekit_power_t:dbus send_msg;
allow domain devtty_t:chr_file { append getattr ioctl lock open read write };
allow domain domain:fd use; [ domain_fd_use ]:True
allow domain domain:key { link search };
allow domain file_type:blk_file map; [ domain_can_mmap_files ]:True
allow domain file_type:chr_file map; [ domain_can_mmap_files ]:True
allow domain file_type:file map; [ domain_can_mmap_files ]:True
allow domain file_type:lnk_file map; [ domain_can_mmap_files ]:True
allow domain fonts_cache_t:dir { getattr ioctl lock open read search };
allow domain fonts_cache_t:file { getattr ioctl lock map open read };
allow domain fonts_cache_t:lnk_file { getattr read };
allow domain fonts_t:dir { getattr ioctl lock open read search };
allow domain fonts_t:file { getattr ioctl lock map open read };
allow domain fonts_t:lnk_file { getattr read };
allow domain ica_tmpfs_t:file { create getattr open };
allow domain init_t:process { sigchld signull };
allow domain install_t:fd use;
allow domain install_t:process sigchld; [ deny_ptrace ]:False
allow domain ipsec_spd_t:association polmatch;
allow domain kernel_t:system module_request; [ domain_kernel_load_modules ]:True
allow domain kmsg_device_t:chr_file { append getattr ioctl lock open write }; [ domain_can_write_kmsg ]:True
allow domain ld_so_cache_t:file { getattr ioctl lock map open read };
allow domain ld_so_t:file { execute getattr ioctl map open read };
allow domain ld_so_t:lnk_file { getattr read };
allow domain lib_t:file { execute map };
allow domain locale_t:dir { getattr ioctl lock open read search };
allow domain locale_t:file { getattr ioctl lock map open read };
allow domain locale_t:lnk_file { getattr read };
allow domain machineid_t:file { getattr ioctl lock open read };
allow domain man_cache_t:dir { getattr ioctl lock open read search };
allow domain man_cache_t:file { getattr ioctl lock open read };
allow domain man_cache_t:lnk_file { getattr read };
allow domain man_t:dir { getattr ioctl lock open read search };
allow domain man_t:file { getattr ioctl lock open read };
allow domain man_t:lnk_file { getattr read };
allow domain mandb_cache_t:dir { getattr open search };
allow domain mandb_cache_t:file { getattr ioctl lock open read };
allow domain netlabel_peer_t:peer recv;
allow domain netlabel_peer_t:tcp_socket recvfrom;
allow domain null_device_t:chr_file { append getattr ioctl lock open read write };
allow domain pkcs11_modules_conf_t:dir { getattr ioctl lock open read search };
allow domain pkcs11_modules_conf_t:file { getattr ioctl lock map open read };
allow domain prelink_exec_t:file { execute execute_no_trans getattr ioctl lock map open read }; [ fips_mode ]:True
allow domain proc_t:dir { getattr open search };
allow domain proc_t:filesystem getattr;
allow domain proc_t:lnk_file { getattr read };
allow domain root_t:dir { ioctl lock read };
allow domain root_t:lnk_file { getattr ioctl lock read };
allow domain rpm_log_t:dir { getattr open search };
allow domain rpm_script_tmp_t:dir { getattr open search };
allow domain rpm_script_tmp_t:fifo_file { append getattr ioctl lock read write };
allow domain rpm_script_tmp_t:file open;
allow domain rpm_script_tmp_t:lnk_file { getattr read };
allow domain rpm_t:fd use;
allow domain rpm_t:fifo_file { getattr ioctl lock open read };
allow domain security_t:dir { getattr open search };
allow domain security_t:filesystem getattr;
allow domain security_t:lnk_file { getattr read };
allow domain selinux_config_t:dir { getattr open search };
allow domain setrans_t:context translate;
allow domain setrans_t:unix_stream_socket connectto;
allow domain setrans_var_run_t:dir { getattr open search };
allow domain setrans_var_run_t:sock_file { append getattr open write };
allow domain sosreport_tmp_t:dir { getattr open search };
allow domain sosreport_tmp_t:file open;
allow domain sshd_t:fifo_file { append getattr ioctl lock read write };
allow domain sysadm_t:process sigchld; [ deny_ptrace ]:False
allow domain sysctl_crypto_t:dir { getattr ioctl lock open read search };
allow domain sysctl_crypto_t:file { getattr ioctl lock open read };
allow domain sysctl_kernel_t:dir { getattr ioctl lock open read search }; [ fips_mode ]:True
allow domain sysctl_kernel_t:dir { getattr open search }; [ fips_mode ]:True
allow domain sysctl_kernel_t:file { getattr ioctl lock open read }; [ fips_mode ]:True
allow domain sysctl_t:dir { getattr open search };
allow domain sysctl_vm_overcommit_t:dir { getattr open search };
allow domain sysctl_vm_overcommit_t:file { getattr ioctl lock open read };
allow domain sysctl_vm_t:dir { getattr open search };
allow domain sysfs_t:dir { getattr open search };
allow domain sysfs_t:filesystem getattr;
allow domain system_cronjob_t:fifo_file { append getattr ioctl lock read write };
allow domain systemd_resolved_t:dbus send_msg;
allow domain systemd_resolved_t:unix_stream_socket connectto;
allow domain systemd_resolved_var_run_t:dir { getattr open search };
allow domain systemd_resolved_var_run_t:sock_file { append getattr open write };
allow domain textrel_shlib_t:file { execmod execute map };
allow domain tmp_t:lnk_file { getattr read };
allow domain tmpfile:file { append getattr ioctl lock read };
allow domain tmpfs_t:dir { add_name getattr ioctl lock open read remove_name search write };
allow domain unconfined_domain_type:association recvfrom;
allow domain unconfined_domain_type:peer recv;
allow domain unconfined_domain_type:tcp_socket recvfrom;
allow domain unconfined_t:fd use;
allow domain unconfined_t:process sigchld;
allow domain unlabeled_t:packet { recv send };
allow domain urandom_device_t:chr_file { getattr ioctl lock open read };
allow domain usermodehelper_t:dir { getattr ioctl lock open read search };
allow domain usermodehelper_t:file { getattr ioctl lock open read };
allow domain usermodehelper_t:lnk_file { getattr read };
allow domain usr_t:file map;
allow domain var_log_t:dir { getattr open search };
allow domain var_run_t:dir { ioctl lock read };
allow domain var_run_t:lnk_file { getattr read };
allow domain var_t:lnk_file { getattr read };
allow domain vmtools_unconfined_t:dbus send_msg;
allow domain zero_device_t:chr_file { append getattr ioctl lock map open read write };
allow kernel_system_state_reader proc_t:dir { ioctl lock read };
allow kernel_system_state_reader proc_t:file { getattr ioctl lock open read };
allow mysqld_t bacula_t:association recvfrom;
allow mysqld_t bacula_t:peer recv;
allow mysqld_t bacula_t:tcp_socket recvfrom;
allow mysqld_t base_ro_file_type:file { execute execute_no_trans map };
allow mysqld_t bugzilla_script_t:association recvfrom;
allow mysqld_t bugzilla_script_t:peer recv;
allow mysqld_t bugzilla_script_t:tcp_socket recvfrom;
allow mysqld_t chkpwd_exec_t:file { execute getattr ioctl map open read };
allow mysqld_t chkpwd_t:process transition;
allow mysqld_t client_packet_type:packet recv; [ mysql_connect_any ]:True
allow mysqld_t client_packet_type:packet send; [ mysql_connect_any ]:True
allow mysqld_t cluster_var_run_t:dir { add_name remove_name write };
allow mysqld_t cluster_var_run_t:file { append create getattr ioctl link lock open read rename setattr unlink watch watch_reads write };
allow mysqld_t consolekit_t:dbus send_msg;
allow mysqld_t crack_db_t:file { getattr ioctl lock open read };
allow mysqld_t domain:dir { getattr ioctl lock open read search };
allow mysqld_t domain:file { getattr ioctl lock open read };
allow mysqld_t domain:lnk_file { getattr read };
allow mysqld_t dovecot_auth_t:association recvfrom;
allow mysqld_t dovecot_auth_t:peer recv;
allow mysqld_t dovecot_auth_t:tcp_socket recvfrom;
allow mysqld_t dovecot_t:association recvfrom;
allow mysqld_t dovecot_t:peer recv;
allow mysqld_t dovecot_t:tcp_socket recvfrom;
allow mysqld_t dspam_script_t:association recvfrom;
allow mysqld_t dspam_script_t:peer recv;
allow mysqld_t dspam_script_t:tcp_socket recvfrom;
allow mysqld_t dspam_t:association recvfrom;
allow mysqld_t dspam_t:peer recv;
allow mysqld_t dspam_t:tcp_socket recvfrom;
allow mysqld_t faillog_t:dir { add_name create link remove_name rename reparent rmdir setattr unlink watch watch_reads write };
allow mysqld_t faillog_t:file { create link open read rename setattr unlink watch watch_reads write };
allow mysqld_t file_type:dir { getattr ioctl lock open read search };
allow mysqld_t file_type:filesystem getattr;
allow mysqld_t file_type:sock_file getattr;
allow mysqld_t filesystem_type:filesystem getattr;
allow mysqld_t fprintd_t:dbus send_msg;
allow mysqld_t ftpd_t:association recvfrom; [ ftpd_connect_db ]:True
allow mysqld_t ftpd_t:peer recv; [ ftpd_connect_db ]:True
allow mysqld_t ftpd_t:tcp_socket recvfrom; [ ftpd_connect_db ]:True
allow mysqld_t glance_registry_t:association recvfrom;
allow mysqld_t glance_registry_t:peer recv;
allow mysqld_t glance_registry_t:tcp_socket recvfrom;
allow mysqld_t http_port_t:tcp_socket name_connect; [ mysql_connect_http ]:True
allow mysqld_t httpd_php_t:association recvfrom; [ httpd_can_network_connect_db ]:True
allow mysqld_t httpd_php_t:peer recv; [ httpd_can_network_connect_db ]:True
allow mysqld_t httpd_php_t:tcp_socket recvfrom; [ httpd_can_network_connect_db ]:True
allow mysqld_t httpd_suexec_t:association recvfrom; [ httpd_can_network_connect_db ]:True
allow mysqld_t httpd_suexec_t:peer recv; [ httpd_can_network_connect_db ]:True
allow mysqld_t httpd_suexec_t:tcp_socket recvfrom; [ httpd_can_network_connect_db ]:True
allow mysqld_t httpd_sys_script_t:association recvfrom; [ httpd_can_network_connect_db ]:True
allow mysqld_t httpd_sys_script_t:peer recv; [ httpd_can_network_connect_db ]:True
allow mysqld_t httpd_sys_script_t:tcp_socket recvfrom; [ httpd_can_network_connect_db ]:True
allow mysqld_t httpd_t:association recvfrom; [ httpd_can_network_connect_db ]:True
allow mysqld_t httpd_t:peer recv; [ httpd_can_network_connect_db ]:True
allow mysqld_t httpd_t:tcp_socket recvfrom; [ httpd_can_network_connect_db ]:True
allow mysqld_t hugetlbfs_t:file { append getattr ioctl lock map open read write };
allow mysqld_t ifconfig_exec_t:file { execute getattr ioctl map open read };
allow mysqld_t ifconfig_t:process transition;
allow mysqld_t keystone_t:association recvfrom;
allow mysqld_t keystone_t:peer recv;
allow mysqld_t keystone_t:tcp_socket recvfrom;
allow mysqld_t krb5_home_t:file { getattr ioctl lock open read };
allow mysqld_t krb5_keytab_t:file { getattr ioctl lock open read };
allow mysqld_t lastlog_t:file { create open read setattr write };
allow mysqld_t local_login_home_t:file getattr;
allow mysqld_t mysqld_client_packet_t:packet { recv send };
allow mysqld_t mysqld_db_t:dir { add_name create link remove_name rename reparent rmdir setattr unlink watch watch_reads write };
allow mysqld_t mysqld_db_t:file { append create getattr ioctl link lock map open read rename setattr unlink watch watch_reads write };
allow mysqld_t mysqld_db_t:lnk_file { append create getattr ioctl link lock read rename setattr unlink watch watch_reads write };
allow mysqld_t mysqld_db_t:sock_file { append create ioctl link lock open read rename setattr unlink write };
allow mysqld_t mysqld_etc_t:file { getattr ioctl lock open read };
allow mysqld_t mysqld_etc_t:lnk_file { getattr read };
allow mysqld_t mysqld_exec_t:file { entrypoint execute execute_no_trans getattr ioctl lock map open read };
allow mysqld_t mysqld_log_t:dir { add_name create link remove_name rename reparent rmdir setattr unlink watch watch_reads write };
allow mysqld_t mysqld_log_t:fifo_file { append create getattr ioctl link lock open read rename setattr unlink write };
allow mysqld_t mysqld_log_t:file { create link open read rename setattr unlink watch watch_reads write };
allow mysqld_t mysqld_log_t:lnk_file { append create getattr ioctl link lock read rename setattr unlink watch watch_reads write };
allow mysqld_t mysqld_port_t:tcp_socket { name_bind name_connect };
allow mysqld_t mysqld_safe_t:fd use;
allow mysqld_t mysqld_safe_t:fifo_file { append getattr ioctl lock read write };
allow mysqld_t mysqld_safe_t:process sigchld;
allow mysqld_t mysqld_server_packet_t:packet { recv send };
allow mysqld_t mysqld_t:association sendto;
allow mysqld_t mysqld_t:capability { audit_write dac_read_search ipc_lock net_bind_service sys_nice sys_resource };
allow mysqld_t mysqld_t:dbus send_msg;
allow mysqld_t mysqld_t:dir watch;
allow mysqld_t mysqld_t:fifo_file { append getattr ioctl lock open read write };
allow mysqld_t mysqld_t:fifo_file { create link rename setattr unlink }; [ fips_mode ]:True
allow mysqld_t mysqld_t:file { append write };
allow mysqld_t mysqld_t:key { create read setattr view write };
allow mysqld_t mysqld_t:lnk_file { ioctl lock };
allow mysqld_t mysqld_t:netlink_audit_socket { append bind connect create getattr getopt ioctl lock nlmsg_read nlmsg_relay nlmsg_tty_audit read setattr setopt shutdown write };
allow mysqld_t mysqld_t:netlink_route_socket { append bind connect create getattr getopt ioctl lock nlmsg_read read setattr setopt shutdown write };
allow mysqld_t mysqld_t:peer recv;
allow mysqld_t mysqld_t:process setfscreate; [ kerberos_enabled ]:True
allow mysqld_t mysqld_t:process { fork getcap getsched rlimitinh setrlimit setsched sigchld sigkill signal signull sigstop };
allow mysqld_t mysqld_t:sem { associate create destroy getattr read setattr unix_read unix_write write };
allow mysqld_t mysqld_t:shm { associate create destroy getattr lock read setattr unix_read unix_write write };
allow mysqld_t mysqld_t:tcp_socket { accept append bind connect create getattr getopt ioctl listen lock read setattr setopt shutdown write };
allow mysqld_t mysqld_t:udp_socket { append bind connect create getattr getopt ioctl lock read setattr setopt shutdown write };
allow mysqld_t mysqld_t:unix_dgram_socket { append bind connect create getattr getopt ioctl lock read setattr setopt shutdown write };
allow mysqld_t mysqld_t:unix_stream_socket { accept append bind connect create getattr getopt ioctl listen lock read setattr setopt shutdown write };
allow mysqld_t mysqld_tmp_t:dir { add_name create link remove_name rename reparent rmdir setattr unlink watch watch_reads write };
allow mysqld_t mysqld_tmp_t:file { create link map open rename setattr unlink watch watch_reads write };
allow mysqld_t mysqld_var_run_t:dir { add_name create link remove_name rename reparent rmdir setattr unlink watch watch_reads write };
allow mysqld_t mysqld_var_run_t:file { append create getattr ioctl link lock open read rename setattr unlink watch watch_reads write };
allow mysqld_t mysqld_var_run_t:sock_file { append create ioctl link lock open read rename setattr unlink write };
allow mysqld_t mysqlmanagerd_t:fd use;
allow mysqld_t mysqlmanagerd_t:fifo_file { append getattr ioctl lock read write };
allow mysqld_t mysqlmanagerd_t:process sigchld;
allow mysqld_t mythtv_script_t:association recvfrom;
allow mysqld_t mythtv_script_t:peer recv;
allow mysqld_t mythtv_script_t:tcp_socket recvfrom;
allow mysqld_t neutron_t:association recvfrom;
allow mysqld_t neutron_t:peer recv;
allow mysqld_t neutron_t:tcp_socket recvfrom;
allow mysqld_t newrole_t:process sigchld;
allow mysqld_t node_t:tcp_socket node_bind;
allow mysqld_t openshift_var_lib_t:file getattr;
allow mysqld_t pam_timestamp_exec_t:file { execute execute_no_trans getattr ioctl lock map open read };
allow mysqld_t pcscd_t:unix_stream_socket connectto;
allow mysqld_t pcscd_var_run_t:file { getattr ioctl lock open read };
allow mysqld_t pcscd_var_run_t:sock_file { append open write };
allow mysqld_t port_type:tcp_socket name_connect; [ mysql_connect_any ]:True
allow mysqld_t port_type:tcp_socket { recv_msg send_msg };
allow mysqld_t port_type:udp_socket { recv_msg send_msg };
allow mysqld_t privfd:fd use;
allow mysqld_t proc_net_t:dir { getattr ioctl lock open read search };
allow mysqld_t proc_net_t:file { getattr ioctl lock open read };
allow mysqld_t proc_net_t:lnk_file { getattr read };
allow mysqld_t radiusd_t:association recvfrom;
allow mysqld_t radiusd_t:peer recv;
allow mysqld_t radiusd_t:tcp_socket recvfrom;
allow mysqld_t random_device_t:chr_file { getattr ioctl lock open read };
allow mysqld_t roundup_t:association recvfrom;
allow mysqld_t roundup_t:peer recv;
allow mysqld_t roundup_t:tcp_socket recvfrom;
allow mysqld_t rpc_port_type:tcp_socket name_bind; [ nis_enabled ]:True
allow mysqld_t rpc_port_type:udp_socket name_bind; [ nis_enabled ]:True
allow mysqld_t rsync_exec_t:file { execute execute_no_trans getattr ioctl lock map open read };
allow mysqld_t security_t:file { append getattr ioctl lock map open read write }; [ kerberos_enabled ]:True
allow mysqld_t security_t:security check_context; [ kerberos_enabled ]:True
allow mysqld_t spamd_t:association recvfrom;
allow mysqld_t spamd_t:peer recv;
allow mysqld_t spamd_t:tcp_socket recvfrom;
allow mysqld_t svc_run_t:fd use;
allow mysqld_t svc_start_t:fd use;
allow mysqld_t svc_start_t:fifo_file { append getattr ioctl lock open read write };
allow mysqld_t svc_start_t:process sigchld;
allow mysqld_t sysctl_kernel_t:dir { getattr ioctl lock open read search };
allow mysqld_t sysctl_kernel_t:file { getattr ioctl lock open read };
allow mysqld_t sysfs_t:file { getattr ioctl lock open read };
allow mysqld_t sysfs_t:lnk_file { getattr read };
allow mysqld_t systemd_logind_sessions_t:fifo_file write;
allow mysqld_t systemd_logind_sessions_t:file { getattr ioctl lock open read };
allow mysqld_t systemd_logind_t:dbus send_msg;
allow mysqld_t systemd_logind_t:fd use;
allow mysqld_t systemd_socket_proxyd_t:unix_stream_socket connectto;
allow mysqld_t tram_port_t:tcp_socket { name_bind name_connect };
allow mysqld_t udev_var_run_t:file { getattr ioctl lock open read };
allow mysqld_t udev_var_run_t:lnk_file { getattr read };
allow mysqld_t ulogd_t:association recvfrom;
allow mysqld_t ulogd_t:peer recv;
allow mysqld_t ulogd_t:tcp_socket recvfrom;
allow mysqld_t updpwd_exec_t:file { execute getattr ioctl map open read };
allow mysqld_t updpwd_t:process transition;
allow mysqld_t var_lib_t:dir { add_name remove_name write };
allow mysqld_t var_log_t:dir { add_name remove_name write };
allow mysqld_t var_run_t:dir { add_name remove_name write };
allow mysqld_t wtmp_t:file { open read };
allow netlabel_peer_type netlabel_peer_t:dccp_socket recvfrom;
allow netlabel_peer_type netlabel_peer_t:rawip_socket recvfrom;
allow netlabel_peer_type netlabel_peer_t:udp_socket recvfrom;
allow nsswitch_domain avahi_t:unix_stream_socket connectto;
allow nsswitch_domain avahi_var_run_t:sock_file { append getattr open write };
allow nsswitch_domain cert_t:dir { getattr ioctl lock open read search };
allow nsswitch_domain cert_t:file { getattr ioctl lock map open read };
allow nsswitch_domain cert_t:lnk_file { getattr read };
allow nsswitch_domain cgroup_t:dir { getattr open search };
allow nsswitch_domain cgroup_t:file { getattr ioctl lock open read };
allow nsswitch_domain cgroup_t:lnk_file { getattr read };
allow nsswitch_domain client_packet_t:packet recv; [ nis_enabled ]:True
allow nsswitch_domain client_packet_t:packet send; [ nis_enabled ]:True
allow nsswitch_domain dbusd_etc_t:dir { getattr ioctl lock open read search };
allow nsswitch_domain dbusd_etc_t:file { getattr ioctl lock open read };
allow nsswitch_domain dbusd_unconfined:dbus send_msg;
allow nsswitch_domain default_context_t:dir { getattr open search };
allow nsswitch_domain dirsrv_t:unix_stream_socket connectto; [ authlogin_nsswitch_use_ldap ]:True
allow nsswitch_domain dirsrv_var_run_t:sock_file { append getattr open write }; [ authlogin_nsswitch_use_ldap ]:True
allow nsswitch_domain dns_client_packet_t:packet { recv send };
allow nsswitch_domain dns_port_t:tcp_socket { name_connect recv_msg send_msg };
allow nsswitch_domain dns_port_t:udp_socket { recv_msg send_msg };
allow nsswitch_domain dnssec_port_t:tcp_socket name_connect;
allow nsswitch_domain ephemeral_port_t:tcp_socket name_bind; [ nis_enabled ]:True
allow nsswitch_domain ephemeral_port_t:tcp_socket name_connect; [ nis_enabled ]:True
allow nsswitch_domain ephemeral_port_t:udp_socket name_bind; [ nis_enabled ]:True
allow nsswitch_domain file_context_t:dir { getattr ioctl lock open read search };
allow nsswitch_domain file_context_t:file { getattr ioctl lock map open read };
allow nsswitch_domain file_context_t:lnk_file { getattr read };
allow nsswitch_domain hostname_etc_t:file { getattr ioctl lock open read };
allow nsswitch_domain init_t:dbus send_msg;
allow nsswitch_domain init_t:unix_stream_socket connectto;
allow nsswitch_domain init_var_run_t:lnk_file { getattr read };
allow nsswitch_domain kerberos_client_packet_t:packet recv; [ kerberos_enabled ]:True
allow nsswitch_domain kerberos_client_packet_t:packet send; [ kerberos_enabled ]:True
allow nsswitch_domain kerberos_port_t:tcp_socket name_connect; [ kerberos_enabled ]:True
allow nsswitch_domain kerberos_port_t:tcp_socket { recv_msg send_msg }; [ kerberos_enabled ]:True
allow nsswitch_domain kerberos_port_t:udp_socket recv_msg; [ kerberos_enabled ]:True
allow nsswitch_domain kerberos_port_t:udp_socket send_msg; [ kerberos_enabled ]:True
allow nsswitch_domain krb5_conf_t:dir { getattr ioctl lock open read search };
allow nsswitch_domain krb5_conf_t:file { getattr ioctl lock open read };
allow nsswitch_domain krb5_host_rcache_t:dir { add_name getattr ioctl lock open read remove_name search write };
allow nsswitch_domain krb5_host_rcache_t:file { create link open rename setattr unlink watch watch_reads write };
allow nsswitch_domain ldap_client_packet_t:packet recv; [ authlogin_nsswitch_use_ldap ]:True
allow nsswitch_domain ldap_client_packet_t:packet send; [ authlogin_nsswitch_use_ldap ]:True
allow nsswitch_domain ldap_port_t:tcp_socket name_connect; [ authlogin_nsswitch_use_ldap ]:True
allow nsswitch_domain ldap_port_t:tcp_socket { recv_msg send_msg }; [ authlogin_nsswitch_use_ldap ]:True
allow nsswitch_domain likewise_var_lib_t:dir { getattr open search };
allow nsswitch_domain lsassd_t:unix_stream_socket connectto;
allow nsswitch_domain lsassd_var_socket_t:sock_file { append getattr open write };
allow nsswitch_domain net_conf_t:dir { getattr ioctl lock open read search };
allow nsswitch_domain net_conf_t:file { getattr ioctl lock open read };
allow nsswitch_domain net_conf_t:lnk_file { getattr read };
allow nsswitch_domain netif_t:netif { egress ingress tcp_recv tcp_send udp_recv udp_send };
allow nsswitch_domain nmbd_t:unix_stream_socket connectto;
allow nsswitch_domain nmbd_var_run_t:sock_file { append getattr open write };
allow nsswitch_domain node_t:node { recvfrom sendto tcp_recv tcp_send udp_recv udp_send };
allow nsswitch_domain node_t:tcp_socket node_bind; [ kerberos_enabled ]:True
allow nsswitch_domain node_t:tcp_socket node_bind; [ nis_enabled ]:True
allow nsswitch_domain node_t:udp_socket node_bind; [ kerberos_enabled ]:True
allow nsswitch_domain node_t:udp_socket node_bind; [ nis_enabled ]:True
allow nsswitch_domain nscd_t:fd use; [ nscd_use_shm ]:True
allow nsswitch_domain nscd_t:fd use; [ nscd_use_shm ]:True
allow nsswitch_domain nscd_t:nscd { getgrp gethost getpwd };
allow nsswitch_domain nscd_t:nscd { getnetgrp getserv }; [ nscd_use_shm ]:True
allow nsswitch_domain nscd_t:nscd { getnetgrp getserv }; [ nscd_use_shm ]:True
allow nsswitch_domain nscd_t:nscd { shmemgrp shmemhost shmemnetgrp shmempwd shmemserv }; [ nscd_use_shm ]:True
allow nsswitch_domain nscd_t:nscd { shmemgrp shmemhost shmemnetgrp shmempwd shmemserv }; [ nscd_use_shm ]:True
allow nsswitch_domain nscd_t:unix_stream_socket { append bind connect connectto create getattr getopt ioctl lock read setattr setopt shutdown write };
allow nsswitch_domain nscd_var_run_t:dir { ioctl lock read }; [ nscd_use_shm ]:True
allow nsswitch_domain nscd_var_run_t:dir { ioctl lock read }; [ nscd_use_shm ]:True
allow nsswitch_domain nscd_var_run_t:file map;
allow nsswitch_domain nscd_var_run_t:sock_file read; [ nscd_use_shm ]:True
allow nsswitch_domain nscd_var_run_t:sock_file read; [ nscd_use_shm ]:True
allow nsswitch_domain nscd_var_run_t:sock_file { append getattr open write };
allow nsswitch_domain ocsp_client_packet_t:packet recv; [ kerberos_enabled ]:True
allow nsswitch_domain ocsp_client_packet_t:packet send; [ kerberos_enabled ]:True
allow nsswitch_domain ocsp_port_t:tcp_socket name_connect; [ kerberos_enabled ]:True
allow nsswitch_domain passwd_file_t:file { getattr ioctl lock map open read };
allow nsswitch_domain pcscd_t:unix_stream_socket connectto; [ kerberos_enabled ]:True
allow nsswitch_domain pcscd_var_run_t:sock_file { append getattr open write }; [ kerberos_enabled ]:True
allow nsswitch_domain pidfile:dir { getattr open search };
allow nsswitch_domain port_t:tcp_socket name_bind; [ nis_enabled ]:True
allow nsswitch_domain port_t:tcp_socket name_connect; [ nis_enabled ]:True
allow nsswitch_domain port_t:udp_socket name_bind; [ nis_enabled ]:True
allow nsswitch_domain port_type:tcp_socket { recv_msg send_msg }; [ nis_enabled ]:True
allow nsswitch_domain port_type:udp_socket recv_msg; [ nis_enabled ]:True
allow nsswitch_domain port_type:udp_socket send_msg; [ nis_enabled ]:True
allow nsswitch_domain portmap_client_packet_t:packet recv; [ nis_enabled ]:True
allow nsswitch_domain portmap_client_packet_t:packet send; [ nis_enabled ]:True
allow nsswitch_domain random_device_t:chr_file { getattr ioctl lock open read }; [ authlogin_nsswitch_use_ldap ]:True
allow nsswitch_domain reserved_port_type:tcp_socket name_connect; [ nis_enabled ]:True
allow nsswitch_domain samba_etc_t:dir { getattr ioctl lock open read search };
allow nsswitch_domain samba_etc_t:file { getattr ioctl lock open read };
allow nsswitch_domain samba_var_t:dir { getattr open search };
allow nsswitch_domain samba_var_t:file { getattr ioctl lock open read };
allow nsswitch_domain server_packet_t:packet recv; [ nis_enabled ]:True
allow nsswitch_domain server_packet_t:packet send; [ nis_enabled ]:True
allow nsswitch_domain slapd_cert_t:dir { getattr ioctl lock open read search }; [ authlogin_nsswitch_use_ldap ]:True
allow nsswitch_domain slapd_cert_t:dir { getattr open search }; [ authlogin_nsswitch_use_ldap ]:True
allow nsswitch_domain slapd_cert_t:dir { getattr open search }; [ authlogin_nsswitch_use_ldap ]:True
allow nsswitch_domain slapd_cert_t:file { getattr ioctl lock open read }; [ authlogin_nsswitch_use_ldap ]:True
allow nsswitch_domain slapd_cert_t:lnk_file { getattr read }; [ authlogin_nsswitch_use_ldap ]:True
allow nsswitch_domain slapd_t:unix_stream_socket connectto; [ authlogin_nsswitch_use_ldap ]:True
allow nsswitch_domain slapd_var_run_t:sock_file { append getattr open write }; [ authlogin_nsswitch_use_ldap ]:True
allow nsswitch_domain sssd_public_t:dir { ioctl lock read };
allow nsswitch_domain sssd_public_t:file { getattr ioctl lock map open read };
allow nsswitch_domain sssd_t:key { create read setattr view write };
allow nsswitch_domain sssd_t:unix_stream_socket connectto;
allow nsswitch_domain sssd_var_lib_t:dir { getattr open search };
allow nsswitch_domain sssd_var_lib_t:file { getattr ioctl lock open read };
allow nsswitch_domain sssd_var_lib_t:lnk_file { getattr read };
allow nsswitch_domain sssd_var_lib_t:sock_file { append getattr open write };
allow nsswitch_domain sssd_var_run_t:sock_file { append getattr open write };
allow nsswitch_domain system_dbusd_t:dbus send_msg;
allow nsswitch_domain system_dbusd_t:unix_stream_socket connectto;
allow nsswitch_domain system_dbusd_var_lib_t:dir { getattr open search };
allow nsswitch_domain system_dbusd_var_lib_t:file { getattr ioctl lock open read };
allow nsswitch_domain system_dbusd_var_lib_t:lnk_file { getattr read };
allow nsswitch_domain system_dbusd_var_run_t:sock_file { append getattr open write };
allow nsswitch_domain systemd_machined_t:unix_stream_socket connectto;
allow nsswitch_domain systemd_userdbd_runtime_t:dir { ioctl lock read };
allow nsswitch_domain systemd_userdbd_runtime_t:lnk_file { getattr read };
allow nsswitch_domain systemd_userdbd_runtime_t:sock_file { append getattr open write };
allow nsswitch_domain systemd_userdbd_t:unix_stream_socket connectto;
allow nsswitch_domain tmp_t:dir { add_name ioctl lock read remove_name write };
allow nsswitch_domain unreserved_port_t:tcp_socket name_bind; [ nis_enabled ]:True
allow nsswitch_domain unreserved_port_t:tcp_socket name_connect; [ nis_enabled ]:True
allow nsswitch_domain unreserved_port_t:udp_socket name_bind; [ nis_enabled ]:True
allow nsswitch_domain userdomain:key { create read setattr view write };
allow nsswitch_domain var_lib_t:dir { ioctl lock read };
allow nsswitch_domain var_yp_t:dir { getattr ioctl lock open read search }; [ nis_enabled ]:True
allow nsswitch_domain var_yp_t:file { getattr ioctl lock open read }; [ nis_enabled ]:True
allow nsswitch_domain var_yp_t:lnk_file { getattr read }; [ nis_enabled ]:True
allow nsswitch_domain virt_var_lib_t:dir { getattr ioctl lock open read search };
allow nsswitch_domain virt_var_lib_t:file { getattr ioctl lock open read };
allow nsswitch_domain virt_var_lib_t:lnk_file { getattr read };
allow nsswitch_domain winbind_t:unix_stream_socket connectto;
allow nsswitch_domain winbind_var_run_t:sock_file { append getattr open write };
allow syslog_client_type console_device_t:chr_file { append getattr ioctl lock open write };
allow syslog_client_type devlog_t:lnk_file { getattr read };
allow syslog_client_type devlog_t:sock_file { append getattr open write };
allow syslog_client_type kernel_t:unix_dgram_socket sendto;
allow syslog_client_type kernel_t:unix_stream_socket { connectto getattr };
allow syslog_client_type syslogd_t:unix_dgram_socket sendto;
allow syslog_client_type syslogd_t:unix_stream_socket connectto;
allow syslog_client_type syslogd_var_run_t:dir { getattr open search };
allow syslog_client_type syslogd_var_run_t:sock_file { append getattr open write };