(typealias rsync_var_run_t)
(typealiasactual rsync_var_run_t rsync_runtime_t)
(roleattribute rsync_roles)
(roletype rsync_roles rsync_t)
(type rsync_t)
(roletype object_r rsync_t)
(type rsync_exec_t)
(roletype object_r rsync_exec_t)
(type rsync_etc_t)
(roletype object_r rsync_etc_t)
(type rsync_data_t)
(roletype object_r rsync_data_t)
(type rsync_log_t)
(roletype object_r rsync_log_t)
(type rsync_runtime_t)
(roletype object_r rsync_runtime_t)
(type rsync_tmp_t)
(roletype object_r rsync_tmp_t)
(boolean rsync_use_cifs false)
(boolean rsync_use_fusefs false)
(boolean rsync_use_nfs false)
(boolean rsync_client false)
(boolean rsync_export_all_ro false)
(boolean allow_rsync_anon_write false)
(roleattributeset cil_gen_require system_r)
(roletype system_r rsync_t)
(typeattributeset cil_gen_require initrc_t)
(typeattributeset cil_gen_require daemon)
(typeattributeset daemon (rsync_t ))
(typeattributeset cil_gen_require domain)
(typeattributeset domain (rsync_t ))
(typeattributeset cil_gen_require init_t)
(typeattributeset cil_gen_require entry_type)
(typeattributeset entry_type (rsync_exec_t ))
(typeattributeset cil_gen_require exec_type)
(typeattributeset exec_type (rsync_exec_t ))
(typeattributeset cil_gen_require file_type)
(typeattributeset file_type (rsync_exec_t rsync_etc_t rsync_data_t rsync_log_t rsync_runtime_t rsync_tmp_t ))
(typeattributeset cil_gen_require non_security_file_type)
(typeattributeset non_security_file_type (rsync_exec_t rsync_etc_t rsync_data_t rsync_log_t rsync_runtime_t rsync_tmp_t ))
(typeattributeset cil_gen_require non_auth_file_type)
(typeattributeset non_auth_file_type (rsync_exec_t rsync_etc_t rsync_data_t rsync_log_t rsync_runtime_t rsync_tmp_t ))
(typeattributeset cil_gen_require init_domain_type)
(typeattributeset init_domain_type (rsync_t ))
(typeattributeset cil_gen_require application_domain_type)
(typeattributeset application_domain_type (rsync_t ))
(typeattributeset cil_gen_require application_exec_type)
(typeattributeset application_exec_type (rsync_exec_t ))
(typeattributeset cil_gen_require configfile)
(typeattributeset configfile (rsync_etc_t ))
(typeattributeset cil_gen_require logfile)
(typeattributeset logfile (rsync_log_t ))
(typeattributeset cil_gen_require tmp_t)
(typeattributeset cil_gen_require tmpfs_t)
(typeattributeset cil_gen_require pidfile)
(typeattributeset pidfile (rsync_runtime_t ))
(typeattributeset cil_gen_require tmpfile)
(typeattributeset tmpfile (rsync_tmp_t ))
(typeattributeset cil_gen_require polymember)
(typeattributeset polymember (rsync_tmp_t ))
(typeattributeset cil_gen_require var_log_t)
(typeattributeset cil_gen_require var_t)
(typeattributeset cil_gen_require var_run_t)
(typeattributeset cil_gen_require proc_t)
(typeattributeset cil_gen_require sysctl_t)
(typeattributeset cil_gen_require sysctl_kernel_t)
(typeattributeset cil_gen_require proc_net_t)
(typeattributeset cil_gen_require netlabel_peer_t)
(typeattributeset cil_gen_require netif_t)
(typeattributeset cil_gen_require node_t)
(typeattributeset cil_gen_require rsync_server_packet_t)
(typeattributeset cil_gen_require rsync_port_t)
(typeattributeset cil_gen_require device_t)
(typeattributeset cil_gen_require urandom_device_t)
(typeattributeset cil_gen_require filesystem_type)
(typeattributeset cil_gen_require autofs_t)
(typeattributeset cil_gen_require home_root_t)
(typeattributeset cil_gen_require can_read_shadow_passwords)
(typeattributeset can_read_shadow_passwords (rsync_t ))
(typeattributeset cil_gen_require nsswitch_domain)
(typeattributeset nsswitch_domain (rsync_t ))
(typeattributeset cil_gen_require syslogd_t)
(typeattributeset cil_gen_require syslogd_runtime_t)
(typeattributeset cil_gen_require devlog_t)
(typeattributeset cil_gen_require init_runtime_t)
(typeattributeset cil_gen_require console_device_t)
(typeattributeset cil_gen_require kernel_t)
(typeattributeset cil_gen_require locale_t)
(typeattributeset cil_gen_require etc_t)
(typeattributeset cil_gen_require usr_t)
(typeattributeset cil_gen_require public_content_t)
(typeattributeset cil_gen_require public_content_rw_t)
(typeattributeset cil_gen_require rsync_client_packet_t)
(typeattributeset cil_gen_require ssh_client_packet_t)
(typeattributeset cil_gen_require ssh_port_t)
(typeattributeset cil_gen_require noxattrfs)
(typeattributeset cil_gen_require nfs_t)
(typeattributeset cil_gen_require fusefs_t)
(typeattributeset cil_gen_require cifs_t)
(typeattributeset cil_gen_require shadow_t)
(allow rsync_t rsync_exec_t (file (entrypoint)))
(allow rsync_t rsync_exec_t (file (ioctl read getattr lock map execute open)))
(allow initrc_t rsync_exec_t (file (ioctl read getattr map execute open)))
(allow initrc_t rsync_t (process (transition)))
(dontaudit initrc_t rsync_t (process (noatsecure siginh rlimitinh)))
(typetransition initrc_t rsync_exec_t process rsync_t)
(allow rsync_t initrc_t (fd (use)))
(allow rsync_t initrc_t (fifo_file (ioctl read write getattr lock append)))
(allow rsync_t initrc_t (process (sigchld)))
(allow rsync_t rsync_exec_t (file (entrypoint)))
(allow rsync_t rsync_exec_t (file (ioctl read getattr lock map execute open)))
(allow init_t rsync_exec_t (file (ioctl read getattr map execute open)))
(allow init_t rsync_t (process (transition)))
(dontaudit init_t rsync_t (process (noatsecure siginh rlimitinh)))
(typetransition init_t rsync_exec_t process rsync_t)
(allow rsync_t init_t (fd (use)))
(allow rsync_t init_t (fifo_file (ioctl read write getattr lock append)))
(allow rsync_t init_t (process (sigchld)))
(allow rsync_t rsync_exec_t (file (entrypoint)))
(allow rsync_t rsync_exec_t (file (ioctl read getattr lock map execute open)))
(allow rsync_log_t tmp_t (filesystem (associate)))
(allow rsync_log_t tmpfs_t (filesystem (associate)))
(allow rsync_t self (capability (chown dac_override dac_read_search fowner fsetid setgid setuid sys_chroot)))
(allow rsync_t self (process (sigchld sigkill sigstop signull signal)))
(allow rsync_t self (fifo_file (ioctl read write getattr lock append open)))
(allow rsync_t self (tcp_socket (listen accept)))
(allow rsync_t rsync_etc_t (file (ioctl read getattr lock open)))
(allow rsync_t rsync_data_t (dir (ioctl read getattr lock open search)))
(allow rsync_t rsync_data_t (file (ioctl read getattr lock open)))
(allow rsync_t rsync_data_t (lnk_file (read getattr)))
(allow rsync_t rsync_log_t (file (ioctl create getattr setattr lock append open)))
(allow rsync_t var_t (dir (getattr open search)))
(allow rsync_t var_log_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition rsync_t var_log_t file rsync_log_t)
(allow rsync_t var_log_t (lnk_file (read getattr)))
(allow rsync_t rsync_tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow rsync_t rsync_tmp_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
(allow rsync_t rsync_tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow rsync_t rsync_tmp_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow rsync_t tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition rsync_t tmp_t dir rsync_tmp_t)
(typetransition rsync_t tmp_t file rsync_tmp_t)
(allow rsync_t rsync_runtime_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow rsync_t rsync_runtime_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow rsync_t var_t (dir (getattr open search)))
(allow rsync_t var_run_t (lnk_file (read getattr)))
(allow rsync_t var_run_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition rsync_t var_run_t file rsync_runtime_t)
(allow rsync_t proc_t (dir (getattr open search)))
(allow rsync_t sysctl_t (dir (getattr open search)))
(allow rsync_t sysctl_kernel_t (dir (getattr open search)))
(allow rsync_t sysctl_kernel_t (file (ioctl read getattr lock open)))
(allow rsync_t proc_t (dir (getattr open search)))
(allow rsync_t sysctl_t (dir (getattr open search)))
(allow rsync_t sysctl_kernel_t (dir (ioctl read getattr lock open search)))
(allow rsync_t proc_t (dir (getattr open search)))
(allow rsync_t proc_t (file (ioctl read getattr lock open)))
(allow rsync_t proc_t (dir (getattr open search)))
(allow rsync_t proc_t (lnk_file (read getattr)))
(allow rsync_t proc_t (dir (getattr open search)))
(allow rsync_t proc_t (dir (ioctl read getattr lock open search)))
(allow rsync_t proc_t (dir (getattr open search)))
(allow rsync_t proc_net_t (dir (getattr open search)))
(allow rsync_t proc_net_t (file (ioctl read getattr lock open)))
(allow rsync_t proc_t (dir (getattr open search)))
(allow rsync_t proc_net_t (dir (getattr open search)))
(allow rsync_t proc_net_t (lnk_file (read getattr)))
(allow rsync_t proc_t (dir (getattr open search)))
(allow rsync_t proc_net_t (dir (ioctl read getattr lock open search)))
(allow rsync_t netlabel_peer_t (peer (recv)))
(allow rsync_t netlabel_peer_t (tcp_socket (recvfrom)))
(allow rsync_t netlabel_peer_t (udp_socket (recvfrom)))
(allow rsync_t netlabel_peer_t (rawip_socket (recvfrom)))
(allow rsync_t netif_t (netif (ingress egress)))
(allow rsync_t node_t (node (recvfrom sendto)))
(allow rsync_t node_t (tcp_socket (node_bind)))
(allow rsync_t rsync_server_packet_t (packet (send)))
(allow rsync_t rsync_server_packet_t (packet (recv)))
(allow rsync_t rsync_port_t (tcp_socket (name_bind)))
(allow rsync_t self (capability (net_bind_service)))
(allow rsync_t device_t (dir (getattr open search)))
(allow rsync_t urandom_device_t (chr_file (ioctl read getattr lock open)))
(allow rsync_t filesystem_type (filesystem (getattr)))
(allow rsync_t file_type (filesystem (getattr)))
(allow rsync_t autofs_t (dir (getattr open search)))
(allow rsync_t file_type (dir (ioctl read getattr lock open search)))
(allow rsync_t file_type (dir (getattr open search)))
(allow rsync_t file_type (fifo_file (getattr)))
(allow rsync_t file_type (dir (ioctl read getattr lock open search)))
(allow rsync_t file_type (dir (getattr open search)))
(allow rsync_t file_type (sock_file (getattr)))
(allow rsync_t home_root_t (dir (getattr open search)))
(allow rsync_t home_root_t (lnk_file (read getattr)))
(allow rsync_t devlog_t (sock_file (write getattr append open)))
(allow rsync_t var_run_t (lnk_file (read getattr)))
(allow rsync_t var_t (dir (getattr open search)))
(allow rsync_t var_run_t (dir (getattr open search)))
(allow rsync_t init_runtime_t (dir (getattr open search)))
(allow rsync_t syslogd_runtime_t (dir (getattr open search)))
(allow rsync_t syslogd_t (unix_dgram_socket (sendto)))
(allow rsync_t syslogd_t (unix_stream_socket (connectto)))
(allow rsync_t self (unix_dgram_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow rsync_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow rsync_t device_t (dir (getattr open search)))
(allow rsync_t device_t (dir (ioctl read getattr lock open search)))
(allow rsync_t device_t (dir (getattr open search)))
(allow rsync_t device_t (lnk_file (read getattr)))
(allow rsync_t console_device_t (chr_file (ioctl write getattr lock append open)))
(dontaudit rsync_t console_device_t (chr_file (ioctl read getattr lock open)))
(allow syslogd_t rsync_t (process (signull)))
(allow rsync_t kernel_t (unix_dgram_socket (sendto)))
(allow rsync_t kernel_t (unix_stream_socket (connectto)))
(allow rsync_t etc_t (dir (getattr open search)))
(allow rsync_t etc_t (lnk_file (read getattr)))
(allow rsync_t usr_t (dir (getattr open search)))
(allow rsync_t locale_t (dir (ioctl read getattr lock open search)))
(allow rsync_t locale_t (dir (getattr open search)))
(allow rsync_t locale_t (file (ioctl read getattr lock open)))
(allow rsync_t locale_t (dir (getattr open search)))
(allow rsync_t locale_t (lnk_file (read getattr)))
(allow rsync_t locale_t (file (map)))
(allow rsync_t public_content_t (dir (ioctl read getattr lock open search)))
(allow rsync_t public_content_rw_t (dir (ioctl read getattr lock open search)))
(allow rsync_t public_content_t (dir (getattr open search)))
(allow rsync_t public_content_rw_t (dir (getattr open search)))
(allow rsync_t public_content_t (file (ioctl read getattr lock open)))
(allow rsync_t public_content_rw_t (file (ioctl read getattr lock open)))
(allow rsync_t public_content_t (dir (getattr open search)))
(allow rsync_t public_content_rw_t (dir (getattr open search)))
(allow rsync_t public_content_t (lnk_file (read getattr)))
(allow rsync_t public_content_rw_t (lnk_file (read getattr)))
(booleanif (rsync_use_nfs)
    (true
        (allow rsync_t nfs_t (lnk_file (read getattr)))
        (allow rsync_t nfs_t (dir (getattr open search)))
        (allow rsync_t nfs_t (dir (ioctl read getattr lock open search)))
        (allow rsync_t nfs_t (file (ioctl read getattr lock open)))
        (allow rsync_t nfs_t (dir (getattr open search)))
        (allow rsync_t nfs_t (dir (ioctl read getattr lock open search)))
        (allow rsync_t nfs_t (dir (ioctl read getattr lock open search)))
    )
)
(booleanif (rsync_use_fusefs)
    (true
        (allow rsync_t fusefs_t (lnk_file (read getattr)))
        (allow rsync_t fusefs_t (dir (getattr open search)))
        (allow rsync_t fusefs_t (dir (ioctl read getattr lock open search)))
        (allow rsync_t fusefs_t (file (ioctl read getattr lock open)))
        (allow rsync_t fusefs_t (dir (getattr open search)))
        (allow rsync_t fusefs_t (dir (getattr open search)))
    )
)
(booleanif (rsync_use_cifs)
    (true
        (allow rsync_t cifs_t (lnk_file (read getattr)))
        (allow rsync_t cifs_t (dir (getattr open search)))
        (allow rsync_t cifs_t (dir (ioctl read getattr lock open search)))
        (allow rsync_t cifs_t (file (ioctl read getattr lock open)))
        (allow rsync_t cifs_t (dir (getattr open search)))
        (allow rsync_t cifs_t (dir (ioctl read getattr lock open search)))
        (allow rsync_t cifs_t (dir (ioctl read getattr lock open search)))
    )
)
(booleanif (rsync_export_all_ro)
    (true
        (allow rsync_t shadow_t (file (ioctl read getattr lock open)))
        (allow rsync_t etc_t (dir (ioctl read getattr lock open search)))
        (allow rsync_t non_auth_file_type (lnk_file (read getattr)))
        (allow rsync_t non_auth_file_type (dir (getattr open search)))
        (allow rsync_t non_auth_file_type (file (ioctl read getattr lock open)))
        (allow rsync_t non_auth_file_type (dir (getattr open search)))
        (allow rsync_t non_auth_file_type (dir (ioctl read getattr lock open search)))
        (allow rsync_t cifs_t (file (ioctl read getattr lock open)))
        (allow rsync_t cifs_t (dir (getattr open search)))
        (allow rsync_t cifs_t (dir (ioctl read getattr lock open search)))
        (allow rsync_t fusefs_t (file (ioctl read getattr lock open)))
        (allow rsync_t fusefs_t (dir (getattr open search)))
        (allow rsync_t nfs_t (file (ioctl read getattr lock open)))
        (allow rsync_t nfs_t (dir (getattr open search)))
        (allow rsync_t nfs_t (dir (ioctl read getattr lock open search)))
        (allow rsync_t noxattrfs (file (ioctl read getattr lock open)))
        (allow rsync_t noxattrfs (dir (getattr open search)))
        (allow rsync_t noxattrfs (dir (ioctl read getattr lock open search)))
    )
)
(booleanif (rsync_client)
    (true
        (allow rsync_t rsync_data_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
        (allow rsync_t rsync_data_t (dir (ioctl read write getattr lock open add_name remove_name search)))
        (allow rsync_t rsync_data_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
        (allow rsync_t rsync_data_t (dir (ioctl read write getattr lock open add_name remove_name search)))
        (allow rsync_t rsync_data_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
        (allow rsync_t rsync_data_t (dir (ioctl read write getattr lock open add_name remove_name search)))
        (allow rsync_t ssh_port_t (tcp_socket (name_connect)))
        (allow rsync_t ssh_client_packet_t (packet (recv)))
        (allow rsync_t ssh_client_packet_t (packet (send)))
        (allow rsync_t rsync_port_t (tcp_socket (name_connect)))
        (allow rsync_t rsync_client_packet_t (packet (recv)))
        (allow rsync_t rsync_client_packet_t (packet (send)))
    )
)
(booleanif (allow_rsync_anon_write)
    (true
        (allow rsync_t public_content_rw_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
        (allow rsync_t public_content_rw_t (dir (ioctl read write getattr lock open add_name remove_name search)))
        (allow rsync_t public_content_rw_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
        (allow rsync_t public_content_rw_t (dir (ioctl read write getattr lock open add_name remove_name search)))
        (allow rsync_t public_content_rw_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
        (allow rsync_t public_content_rw_t (dir (ioctl read write getattr lock open add_name remove_name search)))
    )
)
(optional rsync_optional_2
    (typeattributeset cil_gen_require init_t)
    (allow rsync_t init_t (process (sigchld)))
    (allow rsync_t init_t (process (signull)))
    (optional rsync_optional_3
        (typeattributeset cil_gen_require rpm_t)
        (allow rsync_t rpm_t (fd (use)))
        (allow rsync_t rpm_t (fifo_file (ioctl read getattr lock open)))
    )
    (optional rsync_optional_4
        (typeattributeset cil_gen_require security_t)
        (typeattributeset cil_gen_require sysfs_t)
        (dontaudit rsync_t security_t (filesystem (getattr)))
        (dontaudit rsync_t sysfs_t (filesystem (getattr)))
        (dontaudit rsync_t sysfs_t (dir (getattr open search)))
        (dontaudit rsync_t security_t (dir (getattr open search)))
        (dontaudit rsync_t security_t (file (ioctl read getattr lock open)))
    )
    (optional rsync_optional_5
        (typeattributeset cil_gen_require selinux_config_t)
        (dontaudit rsync_t selinux_config_t (dir (getattr open search)))
        (dontaudit rsync_t selinux_config_t (file (ioctl read getattr lock open)))
    )
    (optional rsync_optional_6
        (typeattributeset cil_gen_require init_t)
        (allow rsync_t init_t (process (sigchld)))
        (allow rsync_t init_t (process (signull)))
        (optional rsync_optional_7
            (typeattributeset cil_gen_require rpm_t)
            (allow rsync_t rpm_t (fd (use)))
            (allow rsync_t rpm_t (fifo_file (ioctl read getattr lock open)))
        )
        (optional rsync_optional_8
            (typeattributeset cil_gen_require security_t)
            (typeattributeset cil_gen_require sysfs_t)
            (dontaudit rsync_t security_t (filesystem (getattr)))
            (dontaudit rsync_t sysfs_t (filesystem (getattr)))
            (dontaudit rsync_t sysfs_t (dir (getattr open search)))
            (dontaudit rsync_t security_t (dir (getattr open search)))
            (dontaudit rsync_t security_t (file (ioctl read getattr lock open)))
        )
        (optional rsync_optional_9
            (typeattributeset cil_gen_require selinux_config_t)
            (dontaudit rsync_t selinux_config_t (dir (getattr open search)))
            (dontaudit rsync_t selinux_config_t (file (ioctl read getattr lock open)))
        )
        (optional rsync_optional_10
            (typeattributeset cil_gen_require init_t)
            (allow rsync_t init_t (process (sigchld)))
            (allow rsync_t init_t (process (signull)))
            (optional rsync_optional_11
                (typeattributeset cil_gen_require rpm_t)
                (allow rsync_t rpm_t (fd (use)))
                (allow rsync_t rpm_t (fifo_file (ioctl read getattr lock open)))
            )
            (optional rsync_optional_12
                (typeattributeset cil_gen_require security_t)
                (typeattributeset cil_gen_require sysfs_t)
                (dontaudit rsync_t security_t (filesystem (getattr)))
                (dontaudit rsync_t sysfs_t (filesystem (getattr)))
                (dontaudit rsync_t sysfs_t (dir (getattr open search)))
                (dontaudit rsync_t security_t (dir (getattr open search)))
                (dontaudit rsync_t security_t (file (ioctl read getattr lock open)))
            )
            (optional rsync_optional_13
                (typeattributeset cil_gen_require selinux_config_t)
                (dontaudit rsync_t selinux_config_t (dir (getattr open search)))
                (dontaudit rsync_t selinux_config_t (file (ioctl read getattr lock open)))
            )
            (optional rsync_optional_14
                (typeattributeset cil_gen_require usr_t)
                (typeattributeset cil_gen_require ssh_exec_t)
                (typeattributeset cil_gen_require bin_t)
                (booleanif (rsync_client)
                    (true
                        (allow rsync_t ssh_exec_t (file (ioctl read getattr lock map execute open execute_no_trans)))
                        (allow rsync_t usr_t (dir (getattr open search)))
                        (allow rsync_t bin_t (lnk_file (read getattr)))
                        (allow rsync_t bin_t (dir (getattr open search)))
                    )
                )
            )
            (optional rsync_optional_15
                (typeattributeset cil_gen_require svc_run_t)
                (typeattributeset cil_gen_require svc_start_t)
                (allow svc_run_t rsync_exec_t (file (ioctl read getattr map execute open)))
                (allow svc_run_t rsync_t (process (transition)))
                (dontaudit svc_run_t rsync_t (process (noatsecure siginh rlimitinh)))
                (typetransition svc_run_t rsync_exec_t process rsync_t)
                (allow rsync_t svc_start_t (process (sigchld)))
                (allow rsync_t svc_start_t (fd (use)))
                (allow rsync_t svc_start_t (fifo_file (ioctl read write getattr lock append open)))
                (allow svc_start_t rsync_t (process (signal)))
                (allow svc_run_t rsync_t (process (signal)))
                (allow rsync_t svc_run_t (fd (use)))
            )
            (optional rsync_optional_16
                (typeattributeset cil_gen_require security_t)
                (typeattributeset cil_gen_require selinux_config_t)
                (typeattributeset cil_gen_require netlabel_peer_t)
                (typeattributeset cil_gen_require netif_t)
                (typeattributeset cil_gen_require node_t)
                (typeattributeset cil_gen_require home_root_t)
                (typeattributeset cil_gen_require etc_t)
                (typeattributeset cil_gen_require krb5kdc_conf_t)
                (typeattributeset cil_gen_require krb5_host_rcache_t)
                (typeattributeset cil_gen_require krb5_conf_t)
                (typeattributeset cil_gen_require krb5_home_t)
                (typeattributeset cil_gen_require user_home_dir_t)
                (typeattributeset cil_gen_require default_context_t)
                (typeattributeset cil_gen_require file_context_t)
                (typeattributeset cil_gen_require kerberos_client_packet_t)
                (typeattributeset cil_gen_require kerberos_port_t)
                (typeattributeset cil_gen_require ocsp_client_packet_t)
                (typeattributeset cil_gen_require ocsp_port_t)
                (allow rsync_t etc_t (dir (getattr open search)))
                (allow rsync_t krb5_conf_t (file (ioctl read getattr lock open)))
                (allow rsync_t user_home_dir_t (dir (getattr open search)))
                (allow rsync_t home_root_t (dir (getattr open search)))
                (allow rsync_t home_root_t (lnk_file (read getattr)))
                (allow rsync_t krb5_home_t (file (ioctl read getattr lock open)))
                (dontaudit rsync_t krb5_conf_t (file (ioctl write getattr lock append open)))
                (dontaudit rsync_t krb5kdc_conf_t (dir (ioctl read getattr lock open search)))
                (dontaudit rsync_t krb5kdc_conf_t (file (ioctl read write getattr lock append open)))
                (dontaudit rsync_t self (process (setfscreate)))
                (dontaudit rsync_t security_t (dir (ioctl read getattr lock open search)))
                (dontaudit rsync_t security_t (file (ioctl read write getattr map open)))
                (dontaudit rsync_t security_t (security (check_context)))
                (dontaudit rsync_t selinux_config_t (dir (getattr open search)))
                (dontaudit rsync_t default_context_t (dir (getattr open search)))
                (dontaudit rsync_t file_context_t (dir (getattr open search)))
                (dontaudit rsync_t file_context_t (file (ioctl read getattr lock open)))
                (dontaudit rsync_t file_context_t (file (map)))
                (booleanif (allow_kerberos)
                    (true
                        (allow rsync_t krb5_host_rcache_t (file (getattr)))
                        (allow rsync_t ocsp_port_t (tcp_socket (name_connect)))
                        (allow rsync_t ocsp_client_packet_t (packet (recv)))
                        (allow rsync_t ocsp_client_packet_t (packet (send)))
                        (allow rsync_t kerberos_port_t (tcp_socket (name_connect)))
                        (allow rsync_t kerberos_client_packet_t (packet (recv)))
                        (allow rsync_t kerberos_client_packet_t (packet (send)))
                        (allow rsync_t node_t (node (recvfrom)))
                        (allow rsync_t node_t (node (sendto)))
                        (allow rsync_t node_t (node (recvfrom sendto)))
                        (allow rsync_t netif_t (netif (ingress)))
                        (allow rsync_t netif_t (netif (egress)))
                        (allow rsync_t netif_t (netif (ingress egress)))
                        (allow rsync_t netlabel_peer_t (tcp_socket (recvfrom)))
                        (allow rsync_t netlabel_peer_t (udp_socket (recvfrom)))
                        (allow rsync_t netlabel_peer_t (rawip_socket (recvfrom)))
                        (allow rsync_t netlabel_peer_t (peer (recv)))
                        (allow rsync_t self (udp_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                        (allow rsync_t self (tcp_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                    )
                )
                (optional rsync_optional_17
                    (typeattributeset cil_gen_require var_t)
                    (typeattributeset cil_gen_require var_run_t)
                    (typeattributeset cil_gen_require pcscd_t)
                    (typeattributeset cil_gen_require pcscd_runtime_t)
                    (booleanif (allow_kerberos)
                        (true
                            (allow pcscd_t rsync_t (file (ioctl read getattr lock open)))
                            (allow pcscd_t rsync_t (dir (ioctl read getattr lock open search)))
                            (allow rsync_t pcscd_t (unix_stream_socket (connectto)))
                            (allow rsync_t pcscd_runtime_t (sock_file (write getattr append open)))
                            (allow rsync_t pcscd_runtime_t (dir (getattr open search)))
                            (allow rsync_t var_run_t (dir (getattr open search)))
                            (allow rsync_t var_t (dir (getattr open search)))
                            (allow rsync_t var_run_t (lnk_file (read getattr)))
                        )
                    )
                )
                (optional rsync_optional_18
                    (typeattributeset cil_gen_require var_t)
                    (typeattributeset cil_gen_require sssd_public_t)
                    (typeattributeset cil_gen_require sssd_var_lib_t)
                    (typeattributeset cil_gen_require var_lib_t)
                    (allow rsync_t sssd_var_lib_t (dir (getattr open search)))
                    (allow rsync_t var_t (dir (getattr open search)))
                    (allow rsync_t var_lib_t (dir (getattr open search)))
                    (allow rsync_t sssd_public_t (dir (ioctl read getattr lock open search)))
                    (allow rsync_t sssd_public_t (dir (getattr open search)))
                    (allow rsync_t sssd_public_t (file (ioctl read getattr lock open)))
                )
            )
            (optional rsync_optional_19
                (roleattributeset cil_gen_require system_r)
                (roletype system_r rsync_t)
                (typeattributeset cil_gen_require domain)
                (typeattributeset domain (rsync_t ))
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (rsync_exec_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (rsync_exec_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (rsync_exec_t rsync_etc_t rsync_data_t rsync_log_t rsync_runtime_t rsync_tmp_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (rsync_exec_t rsync_etc_t rsync_data_t rsync_log_t rsync_runtime_t rsync_tmp_t ))
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (rsync_exec_t rsync_etc_t rsync_data_t rsync_log_t rsync_runtime_t rsync_tmp_t ))
                (typeattributeset cil_gen_require inetd_t)
                (roleattributeset cil_gen_require system_r)
                (roletype system_r rsync_t)
                (typeattributeset cil_gen_require non_auth_file_type)
                (typeattributeset non_auth_file_type (rsync_exec_t ))
                (typeattributeset cil_gen_require file_type)
                (typeattributeset file_type (rsync_exec_t ))
                (typeattributeset cil_gen_require domain)
                (typeattributeset domain (rsync_t ))
                (typeattributeset cil_gen_require entry_type)
                (typeattributeset entry_type (rsync_exec_t ))
                (typeattributeset cil_gen_require exec_type)
                (typeattributeset exec_type (rsync_exec_t ))
                (typeattributeset cil_gen_require non_security_file_type)
                (typeattributeset non_security_file_type (rsync_exec_t ))
                (allow rsync_t rsync_exec_t (file (entrypoint)))
                (allow rsync_t rsync_exec_t (file (ioctl read getattr lock map execute open)))
                (allow inetd_t rsync_exec_t (file (ioctl read getattr map execute open)))
                (allow inetd_t rsync_t (process (transition)))
                (dontaudit inetd_t rsync_t (process (noatsecure siginh rlimitinh)))
                (typetransition inetd_t rsync_exec_t process rsync_t)
                (allow rsync_t inetd_t (fd (use)))
                (allow rsync_t inetd_t (fifo_file (ioctl read write getattr lock append)))
                (allow rsync_t inetd_t (process (sigchld)))
                (allow inetd_t rsync_t (process (sigkill siginh)))
                (allow rsync_t inetd_t (tcp_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                (allow rsync_t inetd_t (udp_socket (ioctl read write getattr setattr append bind connect getopt setopt shutdown)))
                (optional rsync_optional_20
                    (typeattributeset cil_gen_require init_t)
                    (allow rsync_t init_t (process (sigchld)))
                    (allow rsync_t init_t (process (signull)))
                    (optional rsync_optional_21
                        (typeattributeset cil_gen_require rpm_t)
                        (allow rsync_t rpm_t (fd (use)))
                        (allow rsync_t rpm_t (fifo_file (ioctl read getattr lock open)))
                    )
                    (optional rsync_optional_22
                        (typeattributeset cil_gen_require security_t)
                        (typeattributeset cil_gen_require sysfs_t)
                        (dontaudit rsync_t security_t (filesystem (getattr)))
                        (dontaudit rsync_t sysfs_t (filesystem (getattr)))
                        (dontaudit rsync_t sysfs_t (dir (getattr open search)))
                        (dontaudit rsync_t security_t (dir (getattr open search)))
                        (dontaudit rsync_t security_t (file (ioctl read getattr lock open)))
                    )
                    (optional rsync_optional_23
                        (typeattributeset cil_gen_require selinux_config_t)
                        (dontaudit rsync_t selinux_config_t (dir (getattr open search)))
                        (dontaudit rsync_t selinux_config_t (file (ioctl read getattr lock open)))
                    )
                    (optional rsync_optional_24
                        (typeattributeset cil_gen_require stunnel_t)
                        (allow stunnel_t rsync_exec_t (file (ioctl read getattr map execute open)))
                        (allow stunnel_t rsync_t (process (transition)))
                        (dontaudit stunnel_t rsync_t (process (noatsecure siginh rlimitinh)))
                        (typetransition stunnel_t rsync_exec_t process rsync_t)
                        (allow rsync_t stunnel_t (fd (use)))
                        (allow rsync_t stunnel_t (fifo_file (ioctl read write getattr lock append)))
                        (allow rsync_t stunnel_t (process (sigchld)))
                        (allow rsync_t stunnel_t (tcp_socket (ioctl read write getattr setattr append bind connect getopt setopt shutdown)))
                    )
                )
            )
        )
    )
)
(filecon "/etc/rsyncd\.conf" file (system_u object_r rsync_etc_t ((s0) (s0))))
(filecon "/usr/bin/rsync" file (system_u object_r rsync_exec_t ((s0) (s0))))
(filecon "/var/log/rsync\.log.*" file (system_u object_r rsync_log_t ((s0) (s0))))
(filecon "/run/rsyncd\.lock" file (system_u object_r rsync_runtime_t ((s0) (s0))))
