selinux-policy-doc-3.10.0-46.fc16$>AE*=N!>8 }? md $ Ahl       }c Xl(48<A9@A:UAGH<IɸXXY\\l]^hbdltuvwlx de hf kCselinux-policy-doc3.10.046.fc16SELinux policy documentationSELinux policy documentation packageN}0x86-04.phx2.fedoraproject.orghFedora ProjectFedora ProjectGPLv2+Fedora ProjectSystem Environment/Basehttp://oss.tresys.com/repos/refpolicy/linuxnoarch P-+$t )o%"[*'",3Z!3 $(w!2%R#!G!w/*(q].6"e/yn!b!I us[(D((c"s"V7"B\ 46H ,s1M0jQ'l %%;`n$K5Xe'~ٟ?nOb(q . B!Vx) `\ZX[Zi`]`Y4Rbb5}W(hy`4YtTs.WGZC^bTcgRfWVZnT\j;aXpRd-\dTiqG\JTYPRR|cYYs\W8`ag=RY}Ro_(^;iofZTVY(VvRzi[SZXuXTTe^RgeRRasy]YVY)R\gd XeZcgrWphVY7^o<WU6RjGcyg8TqHvcTpV\RfCR]?Waa[Z\bU\RTZdBomh]$]DTU}3Y y9^V\2nRdfRR\cgzTWU=^.TVT`ZgmlVUi~bdTi6Z`*hC\X]Xta>VXb{d~W<WuRj5iUTWI`MT^WRXR^YU}^RV\UcU e^|hv`rRR\XR`_%ZW&e$W! 5d!5*G7#'$;\H4J.@Yb@K0B-}AEA큤A큤N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&N}&f90d6642396bd107eb2bead87e1f4abd10f50053d71665ab6c4dc0292976a653846bbdba1149ef9edd39c6f18d37f29e5ed9cb3670521f142ed6d7d2bf9f2b8342d2c3aa4d008aad3243fd00e4723033e27e253289356cdf2cf9ec46135a8327bceb4f36b0f077b7a232a94e214b3b0a5a85152e4d89c193f92ddaba3ede1ad655e612d7351d6a3201696a393ea6199ce4231fe6e513eb55eb4a84eb5cc85517c6f2d2d408cf36a9ea4431b743d043d4c744808ae920612df3fc71173841eb7048afef5970e92784883c41e961e645ab941903c749f45b2e6d49b9962b2c32b366eaef09745fc83eb15a2d8adb82f8c6c740df13596618234fa928b0e25b0ba729be3e032fd472692ae3c7ee4b4e50109b6cd0dbb431aec258a173ae910885486ea36e67af461bef019f043d03667a234c5eb057f27eba4320c048aaeace93b2015a46d3da774d7c5c83f11389f8e4f46795e26405e15d2b741fb59905273534c39cde4d530a3b038d3542d0a20d2708f376723af57f28706ba4c9cf08fb3a9c43afa933d9d8d346d47c78b88de52ced55aae2b7a352706300d7460e3a53133a1b9ea62b1aa04b57c905dca2da557ae994d3676fd673431e3abf8d657bb152802ed49b3f4d539a65f9c651cd5969859e8e7f2af9d6009bf77d959ded5bfa4cdd33de016dff4e7b9ec98c815ba95b781915c84cdcbbefbd3bd692aa883eb27ead80e14dd4a804426eed6570ceb61fb33d516a45b89176b9fd874a9dc43f7f6c220575e3ff47704a15219c6fa07fa948b14a44a81f4e2f9cc260fae5ca899df521ad168365583db820a74940f7b4e3201c53f56ba56205578856a623534b3b38991c2e5b19c35eb06b654828bd6adee1d241b1a256ae3607721c47d474121af9575143a97a720d9228cd8be66b1a41f01d39454e900b4631161b00be7d357d89ffb8864e519b857b33621ac81c17f39d29dc3a3540d54f33a2efdcfae9f111cf645891d593e7c7c9e0df765d8889b28b2b5f9efb7be1ae6f927bda50275bbb9a62e1cdd696f7e8610f3886676f417442338ce6b2823f0a2deec9f4e5b7ec1f966d26aa4b9afeaa98fc9b7cc95da747f1729b9b001f4b77bd4f09500b562f35b2c45cc7e2fb8fb192264ec954ee8f641c6bf92ca54400cd34daf00b73679d76a7f1a80f2d0c22ae74468f123c70af90a49db52a71d0f9456d87621c3dd8baa5e3f2acdc0dd80b0c2ec0c3984b6ef715a9b374cf6748bd2d6fa56a14bce4153bec948a701e6357c8378e101a6a25ecb28506c7ece8893d86a5d2eb046de300c34692c8d374b15fc63a47f68da640314b24aa6deb1834f412b1596e45098fd2a427cbff1213b3988d3390a3d88ed6228fc4831d94696b5d510ff26c35c00183cd7fcf37e897199e6f2c8ed212fc03c88c983d9101b7073d76193d70ab16a1b21b9f79fa32ac44864784106538a46607297f65d6c73606f004e6d48264e918f1894eabd42431edb5c50ef32965d7901e919801ecbaf2753cf120d2203911bfd790dffd1c70f3953f7e70c363d235b46a81814346e1e52f7ed73ccf100ccd48fe3c4362c57cf65fb22e20b0b7ddfe9785f3d78c331435ea5c0f8326921a2a36c0ee9b90de010acb8a00aac7f5c48a74c854aa39cf210b5267c5a50275b72ebf2ffee741c9a4555bed1a1f539dc62d2caae1cb590be3950c9daed0aa82498efb19078d71f90f0e101005027c4b94baf714c8201ec2101c8e324aa5e8f2f91076b49e7cce914a0deece6e45673eecddda7474252762f2acd483ae914c75734f78cde9b8d2ecfcf9719011a69a851546ec669595658e7eed5adbcc59ae8ed57a4dd78eef428eb2e6a2a9df1e8be2131f4ad324690a59741202b076a912c7f47a4c1f89097243fc865ee75e0397bed890041114b0b9c0f78f69694be253a5ce53097b227855c2eea8acfcfbd78be241068fdffbd31d601ad18f296682a43f1012b864e2367dd32992db6658c61962907da14060d15b7c48da39d9b00303104af8bff83cdca7ca3eb5aa4d83ef117be70a8403d3b54636ea6b71a8f71af474f1a801d7a02484f4a9fbd8229010c0ed491c22553c73ab6fae3c90427b4be3c17ad8bcbe04ad4f576686f3771c8865c2c2a9c87e28a0dcdd444d814afcde22fc812f0760e9534778cf650be0729f2069ec3258b7bb2fb43a42cb860641e96a5075044e577bc8abe19339ead3ef07679f8ecc5d51f4ed42e574e1c6928407b88ee299e2436389d88686854c0776b807865ae60c03622c92c7ed4060d6d6b1886f4867795a0d796826fbacd5745bb49d8f3ceaaefc4697dfab8406ca20d549a0727cdf94ced4fb3ff24057caa366dcf8ab9a032e2e36f5658607edfed2ff680136740456de34340eb9cc98501d06f1018638b2ce41578cb48886687088bcb5868a80c7ffa2c568e1a936d539c96aadf393ce1ee7c159169430a5a63828ee1cbd2f0600c7595ba0a4fe095db1e93b3d77e9e13a4af1670e0a9050f9b27c0980354a72ab11c62bee9912361a03306c93b0ad1647219406a9c8333220ac4a19578a67428e25956023d04c7c1ed429748ab5ee430d7c33437b2802178c3870f300187b94bd0440af9cbbae758efd098bfc34164ce221fa4d2920d8c38b228800de890fa26c0ce3cc8bf95543391de433e71ae8a6a8540e49460b640c9efc25e873fde7bbf0ce65f71eb66e87fb05235f5a4f410b872a50254d7223e535070bb155d4589de221bcdd2193942bc3ed8872cf6937ffce8c5773d41e8c6349c2961f673efba5e22cc5a736d8a5c96e8b6b1924e6cf030f1ef1437d64c13c8f39423349b25cdf9994abc5d5deeb36c597ccd6e00af2fec9c484344b998706fb3e11885f26a46a74aaa74bf00460e798a294abf13357cac67e9b075b39251da7c8d791c69890a65985f4da114be49b3ef074be5e6b3730b014e900cc5101d606c47180a69bfca09af95f9b4cfce323fdd636372bc644dfbc3c804a12093ea697c9a69135c3fdc6ba90a49b682d0965b43233624858a1cacc7a030d2001c090bdbfd4de7affbc9cfea3bc55ba453b237f890c228ceeeb669af5edf986b4ade1561c1cab709db1c23efcfb554c9821630733f770b1fea7043d8b260fba2dc34cdbadb6c8a9fdaeb42cec26180919c98585b809f6ea08dc95a5d0189829cd1844f70a7c859ca1fdbe677a5bfd5da36e46a0b24e2774ee8302f7dcb049d45b3559eceb21910732616c338e4f380a1d8534e0b8e3f6f2a5284fd6732cc897ce581c5b99d5323edcc1b2c412e7e9daf7b7ca1c8585f5aefb183bfd74a4c2a84bb5527c7c35d37bfb00e2b24d165fbfcb6b3a864b13923c4d8a56cf2bc16f1c370ba02b1bb2bf55dd988c2b3aea6271820d231a9ee3e6413407ff07baf276e67175eec9ccc9a37541b31f6dcabb1dbd341be08479ea1604539379d7e80d9951ef6220e3f3f6da57d34bc30a23489a321f00c12727d6f408dd7c8214b284d7d9dc60fcd022e4d7383dbba1283cdc34439883a2ce4e8f8fd837e9271a2f7f263c190d9d1282e19623a99a798b816139f2a1fc57c19c9a9f99dd8865aaf2ba59d2077ea54341760a144988cf6a139369b85816e715e9cc114b20dbb0694c18ca7471504135063d3f08c9114092cd92a6c30c6eeac061ecfa4b7aa79b6dd74a274ac0e71e90959d74fa7d7e31e9c65f2ce4b1573edf35fa518e32b60a49c70ab26070a933386026a22cba8f9c7fcdf8857bff9da474434da254a498b292fe911202195504c92496a9a102f5e8990c5234bc1b0554f884aef615b994194d709094a92f3cdffcda3b311fd17792a432a2177f78f59fa0ce52942727210bb6804e1287032accce23563b67b43e53658edf38cdae80473835c97a07a994d9751139adcbc46423c814ae55693771fc01e53e7545ea0e5b8be8bd6838eba60c897772e0f11a3b93b9add511120bb7b743c15ce9caae8cd10621d032f6c55ee34a08cf6aed10334eb07b5fdc488cf2c0a16e6f8cde8cc8fbcfd771663d7c2284d47d6b0209e62cb41e90fefb5bdaa28e89c3ea4be72d686896d56cba336bbaec94b54823fb45a296ef06fb0c189af9a0858bbbe147e43e5aaf9b809a83bae41eedb603fdc9ac8ec8cc104562f62473fa090e218ac366ffe6db96ea5b122324bf3f26d939eb18d531b2a668683e2b01d9ae11a74d5847f59ec2fd7c8b764520adcd6aeded67e09e91d6aca1fe02e7326b3e02407e8de46e0e4598666eeb98517185d92d88534707b25be0f825181d1390d7ed02e1bd7141b904cde8b95cc281b357e42210f4179571c851bdeecb262f5b79d14c015c5e51cf392d8ab94166c5695fcda300172cd985ce54c5ab4441b51cc95c8807cbefed9d3a9c65c891d86c41132aa7eea563904804ff304d8f854a3b6ea72bce76e14a514a362d3f47a8b64a05ccc0a726ae460b69fe3f7e40ca8a0ac30dc675a270f6069831245d492b7ca94e5491a4ed67723c510692d1dab8100112fb447bdb72c68eef3f74ccbccf3d49ae1defb8f4747a45aa27c0731a7f3bbe5a25407a8ba751d80fdada9c15a2a15848923140947e88c7246b8e2218c8885f1a003ad950c101c4d836f17d3ba0a3a5f8de3245156fa24e0349661d459771940156fa11672944363e95d8b19bcc8a8004794f19cf87bb69df6e38a76c1d6674a2502a0d8a16fd5634d1f932ec37cc605c37b128f13723f69f92e555c86cfedfdfce3b2369618a8acd729e12acefe2e487f067c3b039fd2109a6db80e280db6618efe920f548e84fea27058c97e9980eab573418ec3f3c7698167ee7b0ad3739e8a209b024cf2d2f6b51d1678c2e33ae3def0379d48d433655b870d690d9c9c41ad7afee599a736244caea8f1908e05b1a16246af7901070d79674130e2f2b3c3931f0057b6e5a835e7d60883862be9295b9f48a088977750516f268e7a7f84f9e4258c03aadc230470ef5a8a1ce861f591d1c93c37d71b0bb1f034009fcdbb004d24e73fb772d51603d578020b2c8436142dc28bbc052805408b91ac98dd06005e7885ee6d7c9c2720869d8fc2270d9a2611036808fd10a1a28eb05e0ff95d7a301fcba3858dabb56cba08678be89460a23b3772aebd28fa66203d05a30b547a9332893db67e613d6d9b01571e537bc667df9cff6e5f156101fdbc404b26c53834251b959c9b112788cce04075c7b177b033150b3dc69cfdf7a6cc077dde7a976b9bf88e47a5d893cdb56c8469fcdaba53e611b159df0487a46342e37291ce1a636a1a9f97901cfb8c6b18f310390f5aeaf4ca28bfc9677de5af47937d6458e116e50521603a85d49029b66750493fb2623483894fa09ec6e5d5b92d5d5bb8d7039cdc63ff092333ca7ea0f62cf74667f727d0ace730e4f400b8d82130cdfa001eef49132e2757b1851ecc7aa901eedd7b4ac9f6fabdd3d598e7593b52a1380ff88e4a8acf854da7d57d85e3fedd56914d6ac099b930a75734975449d0f081e9ad92d9b515b48697dbc9acff44c2d153432d54192fc5f48bdc56fe2e9bbb57b87a952c71f5a46cf23005206b4f6778a7544672400261c0f44704aa52cf24405df572024b1cb3090c2ffa3c9acb9c3f402e8ebe0464dee0b847572a2ab8541db56f37c60ed84ee0d47f7915ae96d90ee1526ef067323c31e011a578eaaccbaa9a361068681fa4847233eff9c7aabb8bcf9d8239a47f45c3600d6e221cb3a18da1ab5844466f27073574878549aae60223ac6a14941bfa1211915ad0bceecd11241fdf94e9f36de263bf919a58bc185114dde42c7cd30ca1ab0ee19a409914820d1f5b4a33d8b1a73537fce181e934f9d1d3ae028e038a221929d32245d1f525ba01b4fb025a267da1b1e8492e5d5b58bcc1b579c198f7a8aca4f8d1be3556574b2f6f2b179a2ec1b8cebab418b76d8cd9e417dd24126418eaad629f701b5285434a755b6a369e3ace259da74c43d7961ac9463a90f2fcfab05ebd6ea8cfb7ce6429456f448b0ac9dd7b5f01422b23f0e67c2b649e380c2c4428f75746cd1c685829090ffff3fa9dd04299105793d744dcf377b3ae3ce6376ec9df3f44104fc575f54ae20aefa47b0d68a76613c37b8733fd4bc82c6630f6c1917d2c6e17cb4dbb68a93aea51c34f708f13f504674acda3319a6c1ab27e9884325d3b002f054f708845292c4e71d424885c1c38ce32ae019a6df3f2c152f70b4e5e95aaf8b2ae2da33d7933fdf094e6bb13e1a8ce6d7faf30f138a70a08025b7d44a83fb64c832c8020c5c5ea3a1f320062c2311376a0039f9680747762140604ad1b4c77300f6737f88c86e9cd132e53fa098d667c821ed3c5470400f4e98fbd163e6aaf11b973153f776507e81200dc6e652b29d4ea7683ce920d73562fdcd7f98a36e985a5d98993481fb0f2bfcbbec2cf7e026c07374de4746c04ccff38997cd6fea8cd0a252ace66d1528bc58c187917824bca7167f8ff1da6721af267cb95501aa927f04ceef2a2330093f28cc8f7e78cf3062ee54f677de173c6c59472e86effc84088d9e86260090bb664380472c972d7eb313220de1e693913543048b8e35fac424f82ef62253d86173c8a5d6429630e7db2584b6c3dc4ba5a6267ce4c99ed0884524b7b7c94208ffa760f428a1244afbcb3b002c7ea4236e30988d95b67f98318ea3d3da9c33bbb90d0114aeb637410cd4385d5d411a2852261d4ee231c5e6ecc928fc43d83347b60e1bb735dd2ee488eadfaad2fa3cf55593a28850b6e47e6cf3c230e41c38fb037536883abb34ae7b199453792097a9f7ce9ac6dde42998e94ee93edff2ce25f66853ce14c3d3f911706dca1f9b09115187d0e29fea1b2ec48c79d18488893d9bbc2989b42774f4c376bda437f5f0d696cf1161c0243ec7e237e215e27493c3e0783fec0f7fe9b1cbab56f7e1927c721a361ddacb0500c25932373efb2fae0b424395d93d8e12738154f51e2747e134be2eea0fe2502b95b6c0f4f804e315ef91ea7a0125941e5c31d27d63731354931bd98fb1809d253df9067f9f14b907cc1f0b597ab15b47aa1191f2d62cf54fa20bc0eb94246f94e3c788308bb56923bf32961b5f9564fe1b5ea71d791848be0f3175dea392a627a993198e27825a88309e21551a7c53a45a052f303e6d9395d8333cac74cfae1a4cbcdbbe6fe7d38eb41461f59a1001777083646475d3a4c49b230e010035648f84346d58376b579bc287ed01a47013b2145f13e4cfaa3580d2eba6bf079d6774e5b2b11b97a5ee1f6772db30cd61aa64caa2e65b8f07882f6af6d27b838e4c6dc59742a257e67067a3fd247511296f3fbc1b475f160ae31f44565170cb5bbb7a3ff4c0f39ca5edd0980b6ddd44f1853e2d189397d35e0bbd207122ce2ed8f669f7dbe93d0d35357ace6599ddb9a7289859cef88a621d233317ac4339f65460dd25ce252b2722fdf28a2503b035123278fe8f14412ecf9668c6d0380eed4604ce3d72641dd3203093e9906bdf779ab3a145ef35e7f1c300d2e89849735776168d154fc5d9dda734033039ba74c4907e842d9422d919af382d14687807d4f73389033f808e5724e490dd599b92b88b3a284e8bd900e33132dea59d57df10031a72a68948be0ff60cf3672fd059d7601d859d3dfcee2bed4feaa3276f5964d6b3cfca1f837bb37be73e1cd8a81b754dfece94ea2ff82c99dae87840582889b9571629c8325ae8cf891ee8cc25c9c3d76cf0d1b4dab8d9918c92c6a77a27ebc3117c985e73aec5e0ed91263f97684cc19057116e588e552f1e3473180e0200add0501c690bd5aefb91a0e8a099b541fc2ed0d2b1252058919271b90e8dfd90b3563b355567a525085466af429db724aebc0abd24d9b2d134ebd6a5383b403d045346a843c553d6de1440023d32bcc74a4ca3225dd0aee99b32edbe5805df1bd6f95556ec679ebdf9ac2fe463f924f624b42d522ac4257f58713586da5e26f774136f12c52e45235604c46975d21971820c0173d83e291e3a6e5326cf5fd545c55014874549335e3bec366203125e1064b6cc15794f9b91ded27c84361386cef5d39004bf3f502bafff5ac1e37b5175462e1ed81ea56776794988712488df9ba09551a190d5bd903537204584633abd2fcadcc22ee37c43dfd98a6a2c41f23183a031e3471988c1f379e86798f443ce88792db8b093650297be0b6a39ad88a47d7552af88e65e5834b5d6c76702119b68499c5548acd895e49b8d8032c3c442bcf858fcfad386f05aa23d7723c827fa4b826bf4af4e1c7c2789915312a8a4a8e9f7bf98dba1922f1f6639d2b7f41ad04534d8af9f430b72978b99dd9afd07fccd72dedd0577216f7d06eb64a2101c1ffcd959ef66c38d503e20a74363e38b6302c920df93276cfb2e9633fcd7ea6a3d228ac603eefeaee07d4ad49b0475c358baedfab7007f1219b1a763c1edac4c3f8c5eded056803f912812250525e0a0f562b0cdace194b2459bbfa041e4d0b8a15af20da6923b58b14ef1062d0c0e5447acfbecb60bdd3630b07dd44ef3743504c2dd1ca574fedb327ec9fd91dd33bfd47ece68d25d766f2eb135766b35095c73b0f23a7fabbb69ac710bdf17b603a9665215a774d7ea84dad8ff7e46deabbabe60c59f32de54915e8fea19a59f48b0c2580fede0c49cee62bcd07152d512c707c85828dff6108c897f93e9052955022686f42f2afbf937f644fc70b06a6f7ab74386cfb7b089a87442a5531775b80979de48e5ef994a4507dde685e7c3717bc257fef25081a8e14c36bbb48ccdba0e8de04179452c1cdc70316ab9f448ace75a8e64d614eeb4bc72bd5da773e8b569e9f54bc1b79677000c21ade3422e74bb8560fecab1d9a51b5b285bb1c9b394b153031267b15a17878fc31b9da9e7a0efa55841b14f8c92b60ac551eeb328dc59e7b5d72ae98727dc689541ed2df82f58ebbcc8556a87cfb7fd9bdf52b08c23ab012c884249fadc34d2fa595e56bcf00362a26e2ac33b33243b1bd5d03b97945620cabcadcfa891ca3be298bb4861535fe54737d74c911dc2d4e6eed5c609b777f9351cd2191308f0371dbed40b17ba0ccedce8a8d1163a4790c28a9bc6575f9713cd70fe9963fd8ec631589dd8a3e89b8df17edf8689275da57485af67aa6f1fc0a3546cf15609958e4c9cb274b9ff4a21d4cb3045c2ac9c3ca414deff1d7983b1787485ed9a455678f55c942f650bedb0d1ed375f901a33dff10600e652a228b155c78ea593157da5c10acce466bb7e4144625d30a2c75a5de16dbb9d3504bad2b8ffa407c09aaf6eac34a5365c4a579790a969a8e86f6fcd7249983b8ba7f7cbf54339ff1bf8be4b8967b0cc67190fb2fe7e1fe848b26374cebb1c55f2ed8ee1d1b58d1cd10917d01f64456a8d8acca84ad6772d536127f8c24ca8fcef89fb704a4284fd0c8d9a90a8df159e6b13455cb00d8046b32d8c7691f817b92b20a4d458e8bbe355ce245adede6dae8dd583fd1674dfd7a8201eba1120ddd6c91d8cd2e0d56c1ea67ee6b42103c21111780423ee7cdbd9054e43721414beb341ca6a64b1b65a010d4f3a8f194d66ff928bc911e3458e107293f67c339cbf79f3eb106ef5e2d943cc25bab7c139337db184ebd26ea1cb9716409520b0733e75c4aae0601b4ec9b5fdb577d34fea4e924f3d51a434d12f9ce3b7e389aa64a943f206a1ac93e0af2bcd433f73867c8c08e6e9f21515f3bae3cf775ffedae0aec9e910f15e887f3cd1e3d12140e175f944c7dbadd3f5585d999d943caf40678b5ee1e972f456345cfeed67844c61557598da07a6838beecbea1320bb54ea8d6b8a5f6ec6c7f27d8d804218d4bf9775a6827abe1669d4029b6fbf97451c08a43bd0761f1e9aff4052db5153d43f35aeb0bf14732818b4c12feb03926f71459e6cce7bce425f27bca2592a9c05b9e3f14109dc38c103e2a024be9d2de1290592b804c38fcaf5202b71d729a71fd45b7a2f0acf22572123f22d455954d1d5edd5f17118214154c7e00504949f22427f929587535e4b4b6531525760cde0965e1c46495cc4fe7b74936888ea0973f6f684d06b9f1c03761eee1429d6244cdc55d5da7099df2fef661d97dab1a68e95956b3e7d73eac8f1df81e08846b8b170754608784ef7771e81a12aa5102d4e0916b90f9475f3abce6115e2bbb1e2f5a884dbffb1e6756255ff5d4bd73cacc46b37d63b6d00ea632244474c881aaf40722fbda1c8ac4a445b227585d62f1cc5daeb814f7aecc1be91f3e6fe5e66e3b48c5d6e923a4c4ac25265c7ba73382228cb6c65c15b6d8c28debc315bf9f9f8ce8b637a12333357d2a2a53b6edb0e41bd9abda38c5af880eea8f0147804294dcac83ce3763d2ff6927cbcafffaf89a4c6afbd2405f3feaff919407d905309c3cd56b5061709a4707125e800de4708b598c51ca7fd1a91a4fc2dc1517c1fed02542cc6d197aa63b1738f5ecbcc2c152bd587620c6ef06deb5b101252654c7bbd67b0ad28581b0e07c7232f9148815bd99cd1f4526c9819bbc5e4432b24ecf2970602fc15b9a6428b61ea76c0e1892dda27644c88d9196c991431faee38b828553367fb7b11de274c90ef401389709aa3dab59879affb3a665cce33297734b784a299c3057f1fcdb1472962c556cae129b09916e29a4ca192dcae22cfb772cf68d2e72fe8f24e1cca51406b5a1676876859e443d180d3f984e6ffcca9bea3dfde2cb5583042d40f417ec8b4f357f89945c73e440457dd0ecb75653c247a85d9981800ab6b466179e6628c8c90255e37fc291b7392a0a1540c6207586648b1dd73575c70627deca09d4457560a8729b7e56ce43c25f66b97e13f8d9c731ba951b0fc04d38919f4ff83911e4db44553e9d324b06df71fe4466e8676c354f9dad29c616f020c379b0627035387c8cc6fe4e791f34165b6778a26ac78bb65bb8d35520c74fb8f2ef3ccfa0690bf05dd8284ab637ce6ed675e2fec8e4d23b9ed3d8ecc1f4567fa37b51359437bd037aacda1cf08d0b587326b079bfeec50b09be0bdb5adf95013d40ff3ff177f56c12fefd3235099fa5c38ff3b8f801b569c966891a86f7d98010d7d5e363f1bd3c00ab73e632c53cc564ab8c6da303d853ada3c9c125c2d5b94ea48b824bd084e4c2af59f656a974608466985dd2b6d7a250923f9cb4841bc3c1ce9c73f3ae9810a576f9b4004a999f2c618736b694510c6cc8b0deba84592ee7354572102c37c98c867fb3c1bec4067f4537d3df3a85084e3484363f4b3cfd6d103aebe01c3978af5ec58ca1ccf6608b536987c95e77423541ebf702d4fbec5f277f8cf83e077e444d58a940ed6bc2761a45a1d5d0c170870bef5a7365b28111140e3078193f71582c96152c3c3d9929295c6b7e1080b05c96110f11683902db21402d23f0bc9f42b7de04c0a1f25a2dd9ae395724705ecb5e03bc915973710bdd4ffef2b8fc53b750aa9f4648ae73f2c06771e32a7c3b319e4c55a0d7d7c7884d4506910f8f28a92a8601fb46285b8637ff4f449956fc62fbfaefd76000c4e8cff1c78cbf374620dccd95019beca73159c682234505c77071f0c47f5e623296326b3a612f5bec143516ebf18a73aa8ed604eca2a3aebd776cee970486ae7d630984aec026411873227df0c85c8c548835052c8be51bcc1d1bba144dbbe741e34eb931ee9defacc2e76ba74031164e1f9f2e61b3a2a3c48964998ea096628073c75b86578e8be3484860e884efe02ac499dec8fb7e10fec7a259ca08ce6dfa80302add91ea791c43b9aafaec6c5a1f806e6cbc838b9617226cd6ad69c78a75c30920b42c84c8c864126d9a67663323c95b218ae2333ce91f5abad9840ad9e4a393f439e4f58966aa630f1757bf4fefb3e74aba54b6e568a6efa666660f9816034742ed1ba8ebc166550c493937cfc84a608ccd9d5b67badc77d1f93c6958fab5dab5c7c912ac9c6720b20f7d564340e793502c311fc3f57a4750ddb59ae074c4e66902e0d0a8fedc6284cbf1df83c9205837f61e35754293b20bcd5bee776e1b9d0285947701c2ec2020f722efc2aaa3442292ea62828c38016cb065b68fb7f8291a8ac72f4a8738dede3ec9e5766784a6cbdc054138b1926c6b04126e5574e1f7c0f6477f6544b5cbb5a1f6efdb394e351b559903654776ab38c725c102a5f9043a1be99b757679cdc767b0b38427926f14edb8470c9d0b33a083f13884cbfcced9b68dc9242a0eaed69e7f094bc3454577b415bc06607296c70bce67af072dd0aeef7eeac1af3ff111555d8d3ef1618ad282dd832fd56dc80d5355f0da01e43d5ae3cc5097b568724b50a770a7059068b1b5c8aa6dafbddfbc0e1d6bf9e9c83274d24b4843cc6721d21640dc01e42389b3dbd5c269727cca1a863efd3850962cf1c5fe86de18aa07dda2b71e5a6603db85db9d1fa65e51bdda29c023b17045797c37e1c9e98f29d1e6a00e076ebf2dad3e5e387ced231f5bb9180b6b1c6cdc2608dadcf1c77651d1db0505456ad6cd0df701bdef09e0cfbb658c6c4b178dd745f7aa7bb2b8ae988699b1ae65f04dec04417b34dfd414091c1aab5328ffa97c42d5b6d4cf414ab13f32daeba2d455633856f4706e60ffde668d6d25775e1772c53e626f53c622f12b0377c79c49a6c4f96062bc806addaf399831cb0bfd79cd5d45e4327828cbc617be565553ecb7795d7cdcee6deaba1e0198e0a08ae2f45e51eacbc27d887f2ebd430439f697aab51a613213bf398c49ed986c0204f266cc860796eab5666d59f003b1fce9145c9584dce94f6193125adeb12f7b1ff2816449640d7abbbd9dd9696e4dbdaaadfab51fe6482070c948d402bd1e147a78033aea83ccbc55d9b6a00d7d3499dabe2bf3423898669272306f4b521b7274020ad3f4586bbe7495967eba0b11a826a0863cf3297c41bec3d0fa2b0464dff758c9cde3161c2594d7955ec3a72afbca350c1eb34c4811151f5a224c3d633cf31cc4e917818d1ef35e89c14ac36b3eae258ae765971c62171a45079c02f2ba44b985a9dc9378d7a588dc9c1843f823ad4e22ed13737db8e69d8741b119c191255fec6db641df85de8c1690722bc1af3e2136eae25ae866f0094cb465e9abafb31ada4afa112a9e8002dfa30808ed37848b51ef687fbf269b0883e29193fc0ed9722400e50674bc41da87a94873ad497d7c3dfcae3a0df75d85f91e17c8ae925b86d4cd72f882b033c593524a2d26f1a829260511ef6dd60e28f2c775447d7c5e5d5ca2c2b006e62b9396b2673878ec2b58815608d46b30c5186c1f5338ef801af8436e3c5fd394fb9d5575cf7d52aef63efb7b3b41f8e4318331f12a73b4eaa7e3e44a46ba7feefc652b8c6876e36fa38ce06ae61835f608735a5a242b2cd56850f9159ce41f84e67c3177a3bf5b6f512bc7376e690b8a8870d633ff30ebcfd29a42fe9c84a5ca816b14068b8ea3ed7bdf997e3c99965967de39c8f452ca7fa0a6b1c751a43acb5366f1ded0f02dbccc3ee95b4c6b1bfbb4dc6d68de75afdf75bbc2e5ebf2c8b50ad3b7ba0b8c47e880a99d98cd8f374d2da7b6b35f1455fb61e1dead9bc7ca17ef9686661db6c7d11e0472537055b823c7a3871b1c1fbfb16b4370d2dc3b1969d60e1d9374970e3fc7c32b99ecf2dbd20fa29ba6cb588c6ced129e993f5f5e4d3663b2414b2e01539031f917c6262e20a2fb89c5b37a3c33adb5a6bc508b5ea625b66809097b63eb13717e976c84b038ed68b745a1c71ebba4526165cfaf8e88028440db85ed0209a3126c73dff34d178408f9b9ca1519f2162de55296d0c71848e14eccb3a14202d5a11bbeea3fd7722343b8835e89cc643bacddf3cf59a177f79b737b9cd9d4c8bcfea3298a5b501ac8c4c39f1cc5f027626a623e7f6e8f758332cf87c90be0c8507d06222388c4c498a03b852f4508f0e1cec2abbcd4d487c52ce0bc240bede3a6b7ec5a9846ad1c263a175667331d20d0c6fb4e1326d9868e0614842cb66a1658cb25a0f506c8cb2ed46728b2b0477e8e08c5739d455d38c5722575a76fcb3eff93ddc41a3753fbdf0b92fd4f88c155728b4a5fcdfe18fd804acaef9a7cfc270314c70d0019b408abff11bdae97ca912e6b4d56145a72ad7b1f8f8b141633df1df084503b82f5b2a3372e9dd201a84f78fe587f04f205aea690ad2be26f80415662e877b79646b56832f4c4a9eb23e9fb9232dee59f8b35e78e394503c75064413605ec898d52586f856734cf46f51a843ff8361c6a381587085e4500445d757dc90ad7aee93477ab92f8feac4c4921a1b016275ee5a9519f27584c80e23329003f31a773efac8a6cf15616dbf004cd6450168532ee6d61ed7c78130f0e9210586e4dcf0f89e645183e28f1ebf90c4b18702fd8eca582ce0205ed0a8e40081f175c7b857534d0e02dd3af33d88a3109be0cf0c680021ed6cd6e8a27f7df5a7514892a53268e4ca3d9ca42e60d27f45d067650de69960d9337e6660b7d26e3a29152b95ce9e021a29826d40a40be106754713e265b6bd31e95aa39b7deb283e70e85ae64cf47f08ab97155238ce9f066de49e3102db00f8d4eab476e89cb07945e5f545354c084af8fa6ff2836c240a033face9c23df93dee700b187cc2ae8a3b3bf0b2cb180f6df758a4119f419b0762105693666e856c3ed86d879e0d92daa176f5d97a3fb25c7b4522fd76176004790f92c97d42b720983461fb1a5e49f0b6107a778fa65f51a680e73f11a0fd8ffac2e339fa515bdfe6aedfecb77e9309cbd599585862f109f1ca8099c27b80f7f3be8743f433c04b3fbf54452e4c80ae3901e45e0e6c0056f1428eef64bbeacd8f3da2d8bf1b3570d09935821ea19d09ae4272b7dc8a2042bfeb4a89511b188982d2bbb4ad0e99dc4d444486646b73ae06f6fddf5badcd2c164fe8df7ec5f6788d16d94598fa244aa63090a6d744e0cef4e73acedcfa2903f70d04b5dc12f56c785b999f22d4c5473400d1f475a1a176363ab4222222bf286e4f40df14c882bb30adbd8fd47ad3fc15892e0576b7f9bb0d01e44e44db156602ddcf7564e6e5cd15770f497e446c237b6b6ddd21228c7950458623eda7f60b57ed213063423998fae8a68b3380a3a677676b25e5a9da0e6f3fadcc2a64b7c609fa2b6c3b9c6bacf269e659893b10ed37e8b7f4064f699dffb18bd194c9e854baaff2925fbee422e1b3fccff8d3c27a77ccf6fb8d906147b2a0cb8740242512e8230c669f5bd1b7d2a794468fd475629ee817ffdd350572313f262fd8df27d332eb7cfa86eb7ba76f08779f6df139e94662a6ecbea6196a1671f640885d021c8556b3ed2466f217839f4a6c0600f9e07199e18d58957f6b9af36f9901f25931abd42dbdce39208d624884ecd5f85983ffdfc164d8fe9357d74796c0e1736e0b25dbad3248879906ed2461ac1f4eeedcfc011ea6140fbafc010d1db41dd2aad41ef94c95c14f42379041bdff24a1374e1fa5bebc719716b343053627bbcf72c6d3319e30a8eb984ec4222e3751b1ed8eeeec5be59badbf96f7a6c6c6eef3197f75a1cfa8ef2b9f9d2cae8178c27f7f594995e997df936556f14158081f2ca634237786d020aad60a41892251de3a3688637ff1a7d1e3a4681ade8c25ee203f78a53496b4758e0114ed4e786082d1520ac818f2f61786dbdf47cf19d257ed4ac48b529ed3a308486416709d3e9f3fa60281aa1c27639bdb8427eb123bae52a6186c633312a1c873a9befaada6313608017683a0880beeba08071a3ed715a50a9279219a6943c0c512d7c1843c54f8e4e978ad91b4e6218ad0f4c5ce65c0139f1be779aa77572c9a6fee6fe10ebe7d32810a9b9ab533b6ac1faff468a4f8724bd67f992e8025bfaf9f187c462ced49e7425cba6e8a0b718b4d3d27e21a886ecc57653eaec1c78f661b00991041ff6ea6024e931f80ab4d26802ca496b299c21db8ff9d5b349f2dc4aa44aac456b65466cb8b6f9c8ba1534742ba9f0fa2f5ab3f1a9cd26e91c93aa45941a8ed0fe0a572b9cfe33e2760e94adf2aa2ba43717d3ec5d6bff503e67371cd53e089280b63242ff4a82f8248449499c3044a592b2e287651a494024165a1684eff528e5023d332267a03258bb25012579320cf3ad9f92767a30d7a8b4692c8ccbb4c3fbcc18d135e1319e91f0d122996fac86b69aed987ea0348a76f4da6fcfd84e2a45817c05ed1b9fcdaa432962693ea176414dee9e819a0dca3a1646db1486b1381601ba4210a46dfaffb520b03a91aa0f4d98095c345551d4df064153a7a3e1e631604d463b78d065d087b70e970df59ee046efcb9706a6657f8dc934f38ee7e63e94e5a59936803ea1a5017d4aab82b9f6a3e8cd7c46cbdf1d82a102a57ea78412e6669430c22130acfd79429c63024d4719196f640eb939957850c2a6056a6dd3a39c5c8edc9e96d3bf9b2ff5843a2d8d9542b261934ddefcfeccc4bacc15007705264a01beea6f39b962d57c94d3a22959924f79a1c1cd68d7e12f0f80f9d7e73726c5a436738d70b0016545fd40ba83e31f095304962404e8b81d76173cc0af4d630df7460d9aefecfbab123990ca16fa96bccb78f28252bb7e11923e9f41d488e3b58fae5d8c89982c0e821a0849c03071babc0c9eb21c0ef56854ddb5c1de90f41b1c46c3f07f1a29b5f317d558cebd18a9fb107a61cdc0e1e1507c57d1f68afa65fcc8cbdf9b7152d9536ed8e89c7068a1091fde9bcf54a4c2431e507526f85fcf22b37d3eab16ff368770ade8c7a439123e0958a97336f1b212604ebb02433d450df73f5ac9a20ad04f67255f5e047d040c78b0be10029d15ab1c9d6d60157888159754cdee2f5e140ab6dff1be76a279872883dbb4a9e8b0b65bf47a42b4cf71b8c88dc7787df026c8cc4e1531a565f5aeb9eff31c062dff4cbde6792f7a1e523ba1b2b492790d9ce772e8fa136b1a0ceaa12122fff9b7d0c33ac6e307c18ead53e647a1170331c33f458b1204310bdc6d7ff3e0c4099d3e0a7d1a67d9c591e9167c3bcd4c62e8de4167777f8f3227e3bd555b6920d2a8354e97011b35b9c3de9dbb322d398507d5cc2b41e55e6c538ea1103f6b75896035fc6148ec5c61f664b315954d108934424463f30d86bac7a624eaadd0f5761a45bc55f6da19a1f25d3e73aab0d67f4713e4c9e77eb74cc3a5cdc30c55bdc367355353b825245a5fd3b09a9dcbd442a8787d9d6e6fcb7101ac53ddb4214f63a054e5419ea3de826c16fad726c95d106c39ecea1d7f63c9e9738935d6b5e7a0e47756d743d61359e4f5a430cfe397d6b27e279678565b05563de0f5bf0e489fc1e1a252bef6685af13e74c051cca5f7e5664b79e5d826780e96c3e9371f9f574f8288e8d37911bc368d916e1894d7d4413c0dab3d7c4211a5e469b4869c8f0d09c852fa65de6a83661564ba7df0a3f4a67fd0735949f7a36f600d3124fb1dee9aefff5c0f48079c5e75322121c6feff7458b82c78e591738772a5f7d2d996a08653a5d8b224a3e61f19b16b6b337863818f14fb9d44bfdfd7f770b7ba7597e3e8bd933962373989f12cd6a7c122bad903276245e2d43f24f7043f7dfe206ce4f6ef263b2cc5343ae6d0ce7da5c43ca5b999acfcacfce86d9969f2fa43fc99231cbf39093c749f27b6cf2182c1c0abddded752a2f4bb3398b166cff91e8f54357df979a3419e3dc39a96c13b5a1273a4eb96feef7ddaab5d8de787f4ae8fa6dfb1ee11a4e6f13f04f18fdfecbe67dcfc136beeb80d972377e25d89b4ddc953cf2d8053a7ccea267a33d89cdc6aafa3dc8910a59956a0764ef7e4fc6051c3fe17127fe35592398a88aa5d96639c72745d04e72d56d6093ece133dd5c60ca3d65ee55b0dbec713c47d00f4155c394bb318c9e25831ad7b8e642cf8319238241c6da7cc4aaf03ed84d4fe95a92778aa04f2a6116dc8f0821e78e4268e6cb45af32236eac1c2ffbe4c7f3b9b07795097df2ed26f70dd63221ffd3f5dd6667cd04ff8b8a287f4b5d727fc6e7f842356d57c666a4560341cd9fb7a0d12da65f016ec7e5017e4c2c59666900b78fcb623a2e401b1cff11da13f90350169b04a7e3e7a2260c6c5f62a3bbb77d1e8abc3da0b2c10211698ae3129e7fc91f4e48ff7a6a8eb14665a11c7f0928d96e49bef5a67df237c85d5e369f7cf01717a50370ea8a2313dc1b861a2d7ccec977d263b621cb44e0d0e3cd950b1997dd30e6d2db9687256c0772be948d84e5471be844705645a0aa29f4dcbd444ba70050e4cd3b4d5242ae2554d7f96dd0788a482f329d3203df7238af79e271484e1f7f71c527a3cd3ed398b794efaadb0bb7ea8ae6620a22772b31fec9e5f8c15eb47162da8ffe9d0a4c9caf4840ed2211840e67bd740899183890032e30268f2c95ece54e61993df09714470980816ffc96a59d2102be9e7de1e694ba7f5c4108c549e6f7124166739a78659d8a233d179ea3af3e6cc129c5d228672dc08369622ec29ed8eb52ec8be5968e72ae419282309f2265e0fac3fc1be2252c6ff5635c46cdcb3d75ee9b83fd1d52e580e5c7765faeef95e455b881e27fa7fd65f120a47f4754bfbb0274f91dbb74a9b0867e84d447920397db1c0b173e384080f2591c14380c31aabd2ab2e2f31ca05799a6b05e69ea654f48b48bf28e01c88870649c6188rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootselinux-policy-3.10.0-46.fc16.src.rpmselinux-policy-doc    /usr/bin/xdg-openrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)selinux-policyrpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-13.10.0-46.fc165.2-14.9.1.2N @N @N @N @NNj@Nj@N$@N@NFNFNN]N]N|tNyNx@Nw.Ns:@Ns:@NoENoENiNf @Nf @N\N[@NTNS@NS@NC@NBrN:N98@N7N6@N2N.@N*N)f@N(N%qN$ @N@N7@N e@NpNpM@M@Md@Md@MM{@M@M۝Mc@M@M‘@M@M@M@My@My@M3@M@M@MMM@MMMMTMx@Mx@Mv@MlMbSM[@MRMQ0@MQ0@MJMGMGMA^@M>@M9u@M6@M5M4/@M4/@M0:M,F@M$]@M@M9MMMMM\@M M M@L!L!L@LL8L@L@LOLOL[@L@L@Lr@L L,@L,@Lډ@L7LLLNL@LΫLeL|L@LB@LB@LB@L@LMLL@LdLL{L*@L@L5LLA@L@LLL@LcLzLzLzLzL)@L|L|L{@L{@LvW@LvW@Ls@Ls@LrbLrbLk@LjyLjyLe3Lc@La?@LZLYV@LXLN@LN@LMxLMxLI@LH2LF@LEL=L=L=L;L7@L LT@L@LL@L@L0LLGL@K^K^KKKj@K$@KKK@K@K@K@K]K޺K@KtK#@KKՀ@K:@KK͗@KŮ@K\K\K @KKKKK9@KK@KK@K@KKKKrKK~@K,K,K,K@KK8@KKK@K@KqKqKqK}+K{@K{@KuBKs@KqN@KjKie@Kf@K`*K`*K]KXAKTM@KPXKEKEKEKD{@KC)KA@K;@K2@K0K/c@K+nK*@K(K"4@KK>K>K>JJęJH@JH@JJJ_@JjJjJjJ@Jv@Jv@Jv@Jv@J$J$JJ0@J@J@JG@JG@J@JJ@J@J@JJJ#J@JJJ@J:J@JJQJ@J J J|@JzJyt@Jyt@Jx"JrJrJq@Jn@Jn@JmJf@Jd\@J\s@JW-@JT@JS8JKOJI@JCfJCfJB@J@J@J?r@J<@J;}J:,@J7@J67J2C@J0J/@J,@J%@JJB@JJMJ J dJ@J@J@J@J*@J*@II@IIA@IIII@I@IIIX@IX@IX@II@I@IcIIo@Io@IzI)@I@I@@I@@II@I@I@IԨIд@I̿In@I3I3I@II@I@IV@IIaIm@Im@I@I'@II2III@IIIIIIII@III@I1I@III~@I}Iy@Ix_Iw@IuItk@Itk@Io%@Ik0IeIcGIa@I`IVIO@IJ;@IHIAI>]I= @I7@I6tI3IIIIIIII IP@I@IIg@Ig@HHH@HrH~@H,H@HCHHH @H @Hf@Hf@H@H+H@H׈H׈H7@HBH@HǶH@HH|@HHH@H{@H)HHL@H@H@H@H@H}H|@Ht@HsVHr@Hl@HkmHgy@HcH`H_@H^>HQHQHQHO@HFHFH$@DX@DU@DN@DN@DLDH@DGwDGwDDD@@D?D?D;@D;@D:HD:HD2_D1@D1@D+@D+@D+@D'D!<@D!<@D!<@DDD@D@D@DDDDDD@D@D@D@D uD $@D D @D @DDDFC@C@C@C@CR@CR@CR@CR@CR@CCCCC@Ci@CC@C@CtC@C@CC:@CECCC @C @CعCعCعCعCC@C-C-C-C@C@CCǖ@C@CáCáCP@CP@C@C[C @CCg@Cg@CCC!@C~@C,C@CCCCC@CC@C@C@CZCZC @C @CCCf@Cf@Cf@C@CqC @C @C @C @C @CCC}@C7@C7@C7@CBCBCYCCCC}@CqCqMiroslav Grepl 3.10.0-46Dan Walsh 3.10.0-45.1Miroslav Grepl 3.10.0-45Miroslav Grepl 3.10.0-44Miroslav Grepl 3.10.0-43Miroslav Grepl 3.10.0-42Miroslav Grepl 3.10.0-41Miroslav Grepl 3.10.0-40Miroslav Grepl 3.10.0-39Miroslav Grepl 3.10.0-38Miroslav Grepl 3.10.0-37Miroslav Grepl 3.10.0-36Miroslav Grepl 3.10.0-35Miroslav Grepl 3.10.0-34Miroslav Grepl 3.10.0-33Miroslav Grepl 3.10.0-32Miroslav Grepl 3.10.0-31Miroslav Grepl 3.10.0-30Dan Walsh 3.10.0-29.1Miroslav Grepl 3.10.0-29Miroslav Grepl 3.10.0-28Miroslav Grepl 3.10.0-27Miroslav Grepl 3.10.0-26Miroslav Grepl 3.10.0-25Miroslav Grepl 3.10.0-24Miroslav Grepl 3.10.0-23Miroslav Grepl 3.10.0-22Miroslav Grepl 3.10.0-21Dan Walsh 3.10.0-20Miroslav Grepl 3.10.0-19Miroslav Grepl 3.10.0-18Miroslav Grepl 3.10.0-17Miroslav Grepl 3.10.0-16Miroslav Grepl 3.10.0-14Miroslav Grepl 3.10.0-13Miroslav Grepl 3.10.0-12Miroslav Grepl 3.10.0-11Miroslav Grepl 3.10.0-10Miroslav Grepl 3.10.0-9Miroslav Grepl 3.10.0-8Miroslav Grepl 3.10.0-7Miroslav Grepl 3.10.0-6Miroslav Grepl 3.10.0-5Miroslav Grepl 3.10.0-4Miroslav Grepl 3.10.0-3Miroslav Grepl 3.10.0-2Miroslav Grepl 3.10.0-1Miroslav Grepl 3.9.16-30Dan Walsh 3.9.16-29.1Miroslav Grepl 3.9.16-29Dan Walsh 3.9.16-28.1Miroslav Grepl 3.9.16-27Miroslav Grepl 3.9.16-26Miroslav Grepl 3.9.16-25Miroslav Grepl 3.9.16-24Miroslav Grepl 3.9.16-23Miroslav Grepl 3.9.16-22Miroslav Grepl 3.9.16-21Miroslav Grepl 3.9.16-20Miroslav Grepl 3.9.16-19Miroslav Grepl 3.9.16-18Miroslav Grepl 3.9.16-17Dan Walsh 3.9.16-16.1Miroslav Grepl 3.9.16-16Miroslav Grepl 3.9.16-15Miroslav Grepl 3.9.16-14Miroslav Grepl 3.9.16-13Miroslav Grepl 3.9.16-12Miroslav Grepl 3.9.16-11Miroslav Grepl 3.9.16-10Miroslav Grepl 3.9.16-7Miroslav Grepl 3.9.16-6Miroslav Grepl 3.9.16-5Miroslav Grepl 3.9.16-4Miroslav Grepl 3.9.16-3Miroslav Grepl 3.9.16-2Miroslav Grepl 3.9.16-1Miroslav Grepl 3.9.15-5Miroslav Grepl 3.9.15-2Miroslav Grepl 3.9.15-1Fedora Release Engineering - 3.9.14-2Dan Walsh 3.9.14-1Miroslav Grepl 3.9.13-10Miroslav Grepl 3.9.13-9Dan Walsh 3.9.13-8Miroslav Grepl 3.9.13-7Miroslav Grepl 3.9.13-6Miroslav Grepl 3.9.13-5Miroslav Grepl 3.9.13-4Miroslav Grepl 3.9.13-3Miroslav Grepl 3.9.13-2Miroslav Grepl 3.9.13-1Miroslav Grepl 3.9.12-8Miroslav Grepl 3.9.12-7Miroslav Grepl 3.9.12-6Miroslav Grepl 3.9.12-5Dan Walsh 3.9.12-4Dan Walsh 3.9.12-3Dan Walsh 3.9.12-2Miroslav Grepl 3.9.12-1Dan Walsh 3.9.11-2Miroslav Grepl 3.9.11-1Miroslav Grepl 3.9.10-13Dan Walsh 3.9.10-12Miroslav Grepl 3.9.10-11Miroslav Grepl 3.9.10-10Miroslav Grepl 3.9.10-9Miroslav Grepl 3.9.10-8Miroslav Grepl 3.9.10-7Miroslav Grepl 3.9.10-6Miroslav Grepl 3.9.10-5Dan Walsh 3.9.10-4Miroslav Grepl 3.9.10-3Miroslav Grepl 3.9.10-2Miroslav Grepl 3.9.10-1Miroslav Grepl 3.9.9-4Dan Walsh 3.9.9-3Miroslav Grepl 3.9.9-2Miroslav Grepl 3.9.9-1Miroslav Grepl 3.9.8-7Dan Walsh 3.9.8-6Miroslav Grepl 3.9.8-5Miroslav Grepl 3.9.8-4Dan Walsh 3.9.8-3Dan Walsh 3.9.8-2Dan Walsh 3.9.8-1Dan Walsh 3.9.7-10Dan Walsh 3.9.7-9Dan Walsh 3.9.7-8Dan Walsh 3.9.7-7Dan Walsh 3.9.7-6Dan Walsh 3.9.7-5Dan Walsh 3.9.7-4Dan Walsh 3.9.7-3Dan Walsh 3.9.7-2Dan Walsh 3.9.7-1Dan Walsh 3.9.6-3Dan Walsh 3.9.6-2Dan Walsh 3.9.6-1Dan Walsh 3.9.5-11Dan Walsh 3.9.5-10Dan Walsh 3.9.5-9Dan Walsh 3.9.5-8Dan Walsh 3.9.5-7Dan Walsh 3.9.5-6Dan Walsh 3.9.5-5Dan Walsh 3.9.5-4Dan Walsh 3.9.5-3Dan Walsh 3.9.5-2Dan Walsh 3.9.5-1Dan Walsh 3.9.4-3Dan Walsh 3.9.4-2Dan Walsh 3.9.4-1Dan Walsh 3.9.3-4Dan Walsh 3.9.3-3Dan Walsh 3.9.3-2Dan Walsh 3.9.3-1Dan Walsh 3.9.2-1Dan Walsh 3.9.1-3Dan Walsh 3.9.1-2Dan Walsh 3.9.1-1Dan Walsh 3.9.0-2Dan Walsh 3.9.0-1Dan Walsh 3.8.8-21Dan Walsh 3.8.8-20Dan Walsh 3.8.8-19Dan Walsh 3.8.8-18Dan Walsh 3.8.8-17Dan Walsh 3.8.8-16Dan Walsh 3.8.8-15Dan Walsh 3.8.8-14Dan Walsh 3.8.8-13Dan Walsh 3.8.8-12Dan Walsh 3.8.8-11Dan Walsh 3.8.8-10Dan Walsh 3.8.8-9Dan Walsh 3.8.8-8Dan Walsh 3.8.8-7Dan Walsh 3.8.8-6Dan Walsh 3.8.8-5Dan Walsh 3.8.8-4Dan Walsh 3.8.8-3Dan Walsh 3.8.8-2Dan Walsh 3.8.8-1Dan Walsh 3.8.7-3Dan Walsh 3.8.7-2Dan Walsh 3.8.7-1Dan Walsh 3.8.6-3Miroslav Grepl 3.8.6-2Dan Walsh 3.8.6-1Dan Walsh 3.8.5-1Dan Walsh 3.8.4-1Dan Walsh 3.8.3-4Dan Walsh 3.8.3-3Dan Walsh 3.8.3-2Dan Walsh 3.8.3-1Dan Walsh 3.8.2-1Dan Walsh 3.8.1-5Dan Walsh 3.8.1-4Dan Walsh 3.8.1-3Dan Walsh 3.8.1-2Dan Walsh 3.8.1-1Dan Walsh 3.7.19-22Dan Walsh 3.7.19-21Dan Walsh 3.7.19-20Dan Walsh 3.7.19-19Dan Walsh 3.7.19-17Dan Walsh 3.7.19-16Dan Walsh 3.7.19-15Dan Walsh 3.7.19-14Dan Walsh 3.7.19-13Dan Walsh 3.7.19-12Dan Walsh 3.7.19-11Dan Walsh 3.7.19-10Dan Walsh 3.7.19-9Dan Walsh 3.7.19-8Dan Walsh 3.7.19-7Dan Walsh 3.7.19-6Dan Walsh 3.7.19-5Dan Walsh 3.7.19-4Dan Walsh 3.7.19-3Dan Walsh 3.7.19-2Dan Walsh 3.7.19-1Dan Walsh 3.7.18-3Dan Walsh 3.7.18-2Dan Walsh 3.7.18-1Dan Walsh 3.7.17-6Dan Walsh 3.7.17-5Dan Walsh 3.7.17-4Dan Walsh 3.7.17-3Dan Walsh 3.7.17-2Dan Walsh 3.7.17-1Dan Walsh 3.7.16-2Dan Walsh 3.7.16-1Dan Walsh 3.7.15-4Dan Walsh 3.7.15-3Dan Walsh 3.7.15-2Dan Walsh 3.7.15-1Dan Walsh 3.7.14-5Dan Walsh 3.7.14-4Dan Walsh 3.7.14-3Dan Walsh 3.7.14-2Dan Walsh 3.7.14-1Dan Walsh 3.7.13-4Dan Walsh 3.7.13-3Dan Walsh 3.7.13-2Dan Walsh 3.7.13-1Dan Walsh 3.7.12-1Dan Walsh 3.7.11-1Dan Walsh 3.7.10-5Dan Walsh 3.7.10-4Dan Walsh 3.7.10-3Dan Walsh 3.7.10-2Dan Walsh 3.7.10-1Dan Walsh 3.7.9-4Dan Walsh 3.7.9-3Dan Walsh 3.7.9-2Dan Walsh 3.7.9-1Dan Walsh 3.7.8-11Dan Walsh 3.7.8-9Dan Walsh 3.7.8-8Dan Walsh 3.7.8-7Dan Walsh 3.7.8-6Dan Walsh 3.7.8-5Dan Walsh 3.7.8-4Dan Walsh 3.7.8-3Dan Walsh 3.7.8-2Dan Walsh 3.7.8-1Dan Walsh 3.7.7-3Dan Walsh 3.7.7-2Dan Walsh 3.7.7-1Dan Walsh 3.7.6-1Dan Walsh 3.7.5-8Dan Walsh 3.7.5-7Dan Walsh 3.7.5-6Dan Walsh 3.7.5-5Dan Walsh 3.7.5-4Dan Walsh 3.7.5-3Dan Walsh 3.7.5-2Dan Walsh 3.7.5-1Dan Walsh 3.7.4-4Dan Walsh 3.7.4-3Dan Walsh 3.7.4-2Dan Walsh 3.7.4-1Dan Walsh 3.7.3-1Dan Walsh 3.7.1-1Dan Walsh 3.6.33-2Dan Walsh 3.6.33-1Dan Walsh 3.6.32-17Dan Walsh 3.6.32-16Dan Walsh 3.6.32-15Dan Walsh 3.6.32-13Dan Walsh 3.6.32-12Dan Walsh 3.6.32-11Dan Walsh 3.6.32-10Dan Walsh 3.6.32-9Dan Walsh 3.6.32-8Dan Walsh 3.6.32-7Dan Walsh 3.6.32-6Dan Walsh 3.6.32-5Dan Walsh 3.6.32-4Dan Walsh 3.6.32-3Dan Walsh 3.6.32-2Dan Walsh 3.6.32-1Dan Walsh 3.6.31-5Dan Walsh 3.6.31-4Dan Walsh 3.6.31-3Dan Walsh 3.6.31-2Dan Walsh 3.6.30-6Dan Walsh 3.6.30-5Dan Walsh 3.6.30-4Dan Walsh 3.6.30-3Dan Walsh 3.6.30-2Dan Walsh 3.6.30-1Dan Walsh 3.6.29-2Dan Walsh 3.6.29-1Dan Walsh 3.6.28-9Dan Walsh 3.6.28-8Dan Walsh 3.6.28-7Dan Walsh 3.6.28-6Dan Walsh 3.6.28-5Dan Walsh 3.6.28-4Dan Walsh 3.6.28-3Dan Walsh 3.6.28-2Dan Walsh 3.6.28-1Dan Walsh 3.6.27-1Dan Walsh 3.6.26-11Dan Walsh 3.6.26-10Dan Walsh 3.6.26-9Bill Nottingham 3.6.26-8Dan Walsh 3.6.26-7Dan Walsh 3.6.26-6Dan Walsh 3.6.26-5Dan Walsh 3.6.26-4Dan Walsh 3.6.26-3Dan Walsh 3.6.26-2Dan Walsh 3.6.26-1Dan Walsh 3.6.25-1Dan Walsh 3.6.24-1Dan Walsh 3.6.23-2Dan Walsh 3.6.23-1Dan Walsh 3.6.22-3Dan Walsh 3.6.22-1Dan Walsh 3.6.21-4Dan Walsh 3.6.21-3Tom "spot" Callaway 3.6.21-2Dan Walsh 3.6.21-1Dan Walsh 3.6.20-2Dan Walsh 3.6.20-1Dan Walsh 3.6.19-5Dan Walsh 3.6.19-4Dan Walsh 3.6.19-3Dan Walsh 3.6.19-2Dan Walsh 3.6.19-1Dan Walsh 3.6.18-1Dan Walsh 3.6.17-1Dan Walsh 3.6.16-4Dan Walsh 3.6.16-3Dan Walsh 3.6.16-2Dan Walsh 3.6.16-1Dan Walsh 3.6.14-3Dan Walsh 3.6.14-2Dan Walsh 3.6.14-1Dan Walsh 3.6.13-3Dan Walsh 3.6.13-2Dan Walsh 3.6.13-1Dan Walsh 3.6.12-39Dan Walsh 3.6.12-38Dan Walsh 3.6.12-37Dan Walsh 3.6.12-36Dan Walsh 3.6.12-35Dan Walsh 3.6.12-34Dan Walsh 3.6.12-33Dan Walsh 3.6.12-31Dan Walsh 3.6.12-30Dan Walsh 3.6.12-29Dan Walsh 3.6.12-28Dan Walsh 3.6.12-27Dan Walsh 3.6.12-26Dan Walsh 3.6.12-25Dan Walsh 3.6.12-24Dan Walsh 3.6.12-23Dan Walsh 3.6.12-22Dan Walsh 3.6.12-21Dan Walsh 3.6.12-20Dan Walsh 3.6.12-19Dan Walsh 3.6.12-16Dan Walsh 3.6.12-15Dan Walsh 3.6.12-14Dan Walsh 3.6.12-13Dan Walsh 3.6.12-12Dan Walsh 3.6.12-11Dan Walsh 3.6.12-10Dan Walsh 3.6.12-9Dan Walsh 3.6.12-8Dan Walsh 3.6.12-7Dan Walsh 3.6.12-6Dan Walsh 3.6.12-5Dan Walsh 3.6.12-4Dan Walsh 3.6.12-3Dan Walsh 3.6.12-2Dan Walsh 3.6.12-1Dan Walsh 3.6.11-1Dan Walsh 3.6.10-9Dan Walsh 3.6.10-8Dan Walsh 3.6.10-7Dan Walsh 3.6.10-6Dan Walsh 3.6.10-5Dan Walsh 3.6.10-4Dan Walsh 3.6.10-3Dan Walsh 3.6.10-2Dan Walsh 3.6.10-1Dan Walsh 3.6.9-4Dan Walsh 3.6.9-3Dan Walsh 3.6.9-2Dan Walsh 3.6.9-1Dan Walsh 3.6.8-4Dan Walsh 3.6.8-3Dan Walsh 3.6.8-2Dan Walsh 3.6.8-1Dan Walsh 3.6.7-2Dan Walsh 3.6.7-1Dan Walsh 3.6.6-9Dan Walsh 3.6.6-8Fedora Release Engineering - 3.6.6-7Dan Walsh 3.6.6-6Dan Walsh 3.6.6-5Dan Walsh 3.6.6-4Dan Walsh 3.6.6-3Dan Walsh 3.6.6-2Dan Walsh 3.6.6-1Dan Walsh 3.6.5-3Dan Walsh 3.6.5-1Dan Walsh 3.6.4-6Dan Walsh 3.6.4-5Dan Walsh 3.6.4-4Dan Walsh 3.6.4-3Dan Walsh 3.6.4-2Dan Walsh 3.6.4-1Dan Walsh 3.6.3-13Dan Walsh 3.6.3-12Dan Walsh 3.6.3-11Dan Walsh 3.6.3-10Dan Walsh 3.6.3-9Dan Walsh 3.6.3-8Dan Walsh 3.6.3-7Dan Walsh 3.6.3-6Dan Walsh 3.6.3-3Dan Walsh 3.6.3-2Dan Walsh 3.6.3-1Dan Walsh 3.6.2-5Dan Walsh 3.6.2-4Dan Walsh 3.6.2-3Dan Walsh 3.6.2-2Dan Walsh 3.6.2-1Dan Walsh 3.6.1-15Dan Walsh 3.6.1-14Dan Walsh 3.6.1-13Dan Walsh 3.6.1-12Dan Walsh 3.6.1-11Dan Walsh 3.6.1-10Dan Walsh 3.6.1-9Dan Walsh 3.6.1-8Dan Walsh 3.6.1-7Dan Walsh 3.6.1-4Ignacio Vazquez-Abrams - 3.6.1-2Dan Walsh 3.5.13-19Dan Walsh 3.5.13-18Dan Walsh 3.5.13-17Dan Walsh 3.5.13-16Dan Walsh 3.5.13-15Dan Walsh 3.5.13-14Dan Walsh 3.5.13-13Dan Walsh 3.5.13-12Dan Walsh 3.5.13-11Dan Walsh 3.5.13-9Dan Walsh 3.5.13-8Dan Walsh 3.5.13-7Dan Walsh 3.5.13-6Dan Walsh 3.5.13-5Dan Walsh 3.5.13-4Dan Walsh 3.5.13-3Dan Walsh 3.5.13-2Dan Walsh 3.5.13-1Dan Walsh 3.5.12-3Dan Walsh 3.5.12-2Dan Walsh 3.5.12-1Dan Walsh 3.5.11-1Dan Walsh 3.5.10-3Dan Walsh 3.5.10-2Dan Walsh 3.5.10-1Dan Walsh 3.5.9-4Dan Walsh 3.5.9-3Dan Walsh 3.5.9-2Dan Walsh 3.5.9-1Dan Walsh 3.5.8-7Dan Walsh 3.5.8-6Dan Walsh 3.5.8-5Dan Walsh 3.5.8-4Dan Walsh 3.5.8-3Dan Walsh 3.5.8-1Dan Walsh 3.5.7-2Dan Walsh 3.5.7-1Dan Walsh 3.5.6-2Dan Walsh 3.5.6-1Dan Walsh 3.5.5-4Dan Walsh 3.5.5-3Dan Walsh 3.5.5-2Dan Walsh 3.5.4-2Dan Walsh 3.5.4-1Dan Walsh 3.5.3-1Dan Walsh 3.5.2-2Dan Walsh 3.5.1-5Dan Walsh 3.5.1-4Dan Walsh 3.5.1-3Dan Walsh 3.5.1-2Dan Walsh 3.5.1-1Dan Walsh 3.5.0-1Dan Walsh 3.4.2-14Dan Walsh 3.4.2-13Dan Walsh 3.4.2-12Dan Walsh 3.4.2-11Dan Walsh 3.4.2-10Dan Walsh 3.4.2-9Dan Walsh 3.4.2-8Dan Walsh 3.4.2-7Dan Walsh 3.4.2-6Dan Walsh 3.4.2-5Dan Walsh 3.4.2-4Dan Walsh 3.4.2-3Dan Walsh 3.4.2-2Dan Walsh 3.4.2-1Dan Walsh 3.4.1-5Dan Walsh 3.4.1-3Dan Walsh 3.4.1-2Dan Walsh 3.4.1-1Dan Walsh 3.3.1-48Dan Walsh 3.3.1-47Dan Walsh 3.3.1-46Dan Walsh 3.3.1-45Dan Walsh 3.3.1-44Dan Walsh 3.3.1-43Dan Walsh 3.3.1-42Dan Walsh 3.3.1-41Dan Walsh 3.3.1-39Dan Walsh 3.3.1-37Dan Walsh 3.3.1-36Dan Walsh 3.3.1-33Dan Walsh 3.3.1-32Dan Walsh 3.3.1-31Dan Walsh 3.3.1-30Dan Walsh 3.3.1-29Dan Walsh 3.3.1-28Dan Walsh 3.3.1-27Dan Walsh 3.3.1-26Dan Walsh 3.3.1-25Dan Walsh 3.3.1-24Dan Walsh 3.3.1-23Dan Walsh 3.3.1-22Dan Walsh 3.3.1-21Dan Walsh 3.3.1-20Dan Walsh 3.3.1-19Dan Walsh 3.3.1-18Dan Walsh 3.3.1-17Dan Walsh 3.3.1-16Dan Walsh 3.3.1-15Bill Nottingham 3.3.1-14Dan Walsh 3.3.1-13Dan Walsh 3.3.1-12Dan Walsh 3.3.1-11Dan Walsh 3.3.1-10Dan Walsh 3.3.1-9Dan Walsh 3.3.1-8Dan Walsh 3.3.1-6Dan Walsh 3.3.1-5Dan Walsh 3.3.1-4Dan Walsh 3.3.1-2Dan Walsh 3.3.1-1Dan Walsh 3.3.0-2Dan Walsh 3.3.0-1Dan Walsh 3.2.9-2Dan Walsh 3.2.9-1Dan Walsh 3.2.8-2Dan Walsh 3.2.8-1Dan Walsh 3.2.7-6Dan Walsh 3.2.7-5Dan Walsh 3.2.7-3Dan Walsh 3.2.7-2Dan Walsh 3.2.7-1Dan Walsh 3.2.6-7Dan Walsh 3.2.6-6Dan Walsh 3.2.6-5Dan Walsh 3.2.6-4Dan Walsh 3.2.6-3Dan Walsh 3.2.6-2Dan Walsh 3.2.6-1Dan Walsh 3.2.5-25Dan Walsh 3.2.5-24Dan Walsh 3.2.5-22Dan Walsh 3.2.5-21Dan Walsh 3.2.5-20Dan Walsh 3.2.5-19Dan Walsh 3.2.5-18Dan Walsh 3.2.5-17Dan Walsh 3.2.5-16Dan Walsh 3.2.5-15Dan Walsh 3.2.5-14Dan Walsh 3.2.5-13Dan Walsh 3.2.5-12Dan Walsh 3.2.5-11Dan Walsh 3.2.5-10Dan Walsh 3.2.5-9Dan Walsh 3.2.5-8Dan Walsh 3.2.5-7Dan Walsh 3.2.5-6Dan Walsh 3.2.5-5Dan Walsh 3.2.5-4Dan Walsh 3.2.5-3Dan Walsh 3.2.5-2Dan Walsh 3.2.5-1Dan Walsh 3.2.4-5Dan Walsh 3.2.4-4Dan Walsh 3.2.4-3Dan Walsh 3.2.4-1Dan Walsh 3.2.4-1Dan Walsh 3.2.3-2Dan Walsh 3.2.3-1Dan Walsh 3.2.2-1Dan Walsh 3.2.1-3Dan Walsh 3.2.1-1Dan Walsh 3.1.2-2Dan Walsh 3.1.2-1Dan Walsh 3.1.1-1Dan Walsh 3.1.0-1Dan Walsh 3.0.8-30Dan Walsh 3.0.8-28Dan Walsh 3.0.8-27Dan Walsh 3.0.8-26Dan Walsh 3.0.8-25Dan Walsh 3.0.8-24Dan Walsh 3.0.8-23Dan Walsh 3.0.8-22Dan Walsh 3.0.8-21Dan Walsh 3.0.8-20Dan Walsh 3.0.8-19Dan Walsh 3.0.8-18Dan Walsh 3.0.8-17Dan Walsh 3.0.8-16Dan Walsh 3.0.8-15Dan Walsh 3.0.8-14Dan Walsh 3.0.8-13Dan Walsh 3.0.8-12Dan Walsh 3.0.8-11Dan Walsh 3.0.8-10Dan Walsh 3.0.8-9Dan Walsh 3.0.8-8Dan Walsh 3.0.8-7Dan Walsh 3.0.8-5Dan Walsh 3.0.8-4Dan Walsh 3.0.8-3Dan Walsh 3.0.8-2Dan Walsh 3.0.8-1Dan Walsh 3.0.7-10Dan Walsh 3.0.7-9Dan Walsh 3.0.7-8Dan Walsh 3.0.7-7Dan Walsh 3.0.7-6Dan Walsh 3.0.7-5Dan Walsh 3.0.7-4Dan Walsh 3.0.7-3Dan Walsh 3.0.7-2Dan Walsh 3.0.7-1Dan Walsh 3.0.6-3Dan Walsh 3.0.6-2Dan Walsh 3.0.6-1Dan Walsh 3.0.5-11Dan Walsh 3.0.5-10Dan Walsh 3.0.5-9Dan Walsh 3.0.5-8Dan Walsh 3.0.5-7Dan Walsh 3.0.5-6Dan Walsh 3.0.5-5Dan Walsh 3.0.5-4Dan Walsh 3.0.5-3Dan Walsh 3.0.5-2Dan Walsh 3.0.5-1Dan Walsh 3.0.4-6Dan Walsh 3.0.4-5Dan Walsh 3.0.4-4Dan Walsh 3.0.4-3Dan Walsh 3.0.4-2Dan Walsh 3.0.4-1Dan Walsh 3.0.3-6Dan Walsh 3.0.3-5Dan Walsh 3.0.3-4Dan Walsh 3.0.3-3Dan Walsh 3.0.3-2Dan Walsh 3.0.3-1Dan Walsh 3.0.2-9Dan Walsh 3.0.2-8Dan Walsh 3.0.2-7Dan Walsh 3.0.2-5Dan Walsh 3.0.2-4Dan Walsh 3.0.2-3Dan Walsh 3.0.2-2Dan Walsh 3.0.1-5Dan Walsh 3.0.1-4Dan Walsh 3.0.1-3Dan Walsh 3.0.1-2Dan Walsh 3.0.1-1Dan Walsh 2.6.5-3Dan Walsh 2.6.5-2Dan Walsh 2.6.4-7Dan Walsh 2.6.4-6Dan Walsh 2.6.4-5Dan Walsh 2.6.4-2Dan Walsh 2.6.4-1Dan Walsh 2.6.3-1Dan Walsh 2.6.2-1Dan Walsh 2.6.1-4Dan Walsh 2.6.1-3Dan Walsh 2.6.1-2Dan Walsh 2.6.1-1Dan Walsh 2.5.12-12Dan Walsh 2.5.12-11Dan Walsh 2.5.12-10Dan Walsh 2.5.12-8Dan Walsh 2.5.12-5Dan Walsh 2.5.12-4Dan Walsh 2.5.12-3Dan Walsh 2.5.12-2Dan Walsh 2.5.12-1Dan Walsh 2.5.11-8Dan Walsh 2.5.11-7Dan Walsh 2.5.11-6Dan Walsh 2.5.11-5Dan Walsh 2.5.11-4Dan Walsh 2.5.11-3Dan Walsh 2.5.11-2Dan Walsh 2.5.11-1Dan Walsh 2.5.10-2Dan Walsh 2.5.10-1Dan Walsh 2.5.9-6Dan Walsh 2.5.9-5Dan Walsh 2.5.9-4Dan Walsh 2.5.9-3Dan Walsh 2.5.9-2Dan Walsh 2.5.8-8Dan Walsh 2.5.8-7Dan Walsh 2.5.8-6Dan Walsh 2.5.8-5Dan Walsh 2.5.8-4Dan Walsh 2.5.8-3Dan Walsh 2.5.8-2Dan Walsh 2.5.8-1Dan Walsh 2.5.7-1Dan Walsh 2.5.6-1Dan Walsh 2.5.5-2Dan Walsh 2.5.5-1Dan Walsh 2.5.4-2Dan Walsh 2.5.4-1Dan Walsh 2.5.3-3Dan Walsh 2.5.3-2Dan Walsh 2.5.3-1Dan Walsh 2.5.2-6Dan Walsh 2.5.2-5Dan Walsh 2.5.2-4Dan Walsh 2.5.2-3Dan Walsh 2.5.2-2Dan Walsh 2.5.2-1Dan Walsh 2.5.1-5Dan Walsh 2.5.1-4Dan Walsh 2.5.1-2Dan Walsh 2.5.1-1Dan Walsh 2.4.6-20Dan Walsh 2.4.6-19Dan Walsh 2.4.6-18Dan Walsh 2.4.6-17Dan Walsh 2.4.6-16Dan Walsh 2.4.6-15Dan Walsh 2.4.6-14Dan Walsh 2.4.6-13Dan Walsh 2.4.6-12Dan Walsh 2.4.6-11Dan Walsh 2.4.6-10Dan Walsh 2.4.6-9Dan Walsh 2.4.6-8Dan Walsh 2.4.6-7Dan Walsh 2.4.6-6Dan Walsh 2.4.6-5Dan Walsh 2.4.6-4Dan Walsh 2.4.6-3Dan Walsh 2.4.6-1Dan Walsh 2.4.5-4Dan Walsh 2.4.5-3Dan Walsh 2.4.5-2Dan Walsh 2.4.5-1Dan Walsh 2.4.4-2Dan Walsh 2.4.4-2Dan Walsh 2.4.4-1Dan Walsh 2.4.3-13Dan Walsh 2.4.3-12Dan Walsh 2.4.3-11Dan Walsh 2.4.3-10Dan Walsh 2.4.3-9Dan Walsh 2.4.3-8Dan Walsh 2.4.3-7Dan Walsh 2.4.3-6Dan Walsh 2.4.3-5Dan Walsh 2.4.3-4Dan Walsh 2.4.3-3Dan Walsh 2.4.3-2Dan Walsh 2.4.3-1Dan Walsh 2.4.2-8Dan Walsh 2.4.2-7James Antill 2.4.2-6Dan Walsh 2.4.2-5Dan Walsh 2.4.2-4Dan Walsh 2.4.2-3Dan Walsh 2.4.2-2Dan Walsh 2.4.2-1Dan Walsh 2.4.1-5Dan Walsh 2.4.1-4Dan Walsh 2.4.1-3Dan Walsh 2.4.1-2Dan Walsh 2.4-4Dan Walsh 2.4-3Dan Walsh 2.4-2Dan Walsh 2.4-1Dan Walsh 2.3.19-4Dan Walsh 2.3.19-3Dan Walsh 2.3.19-2Dan Walsh 2.3.19-1James Antill 2.3.18-10James Antill 2.3.18-9Dan Walsh 2.3.18-8Dan Walsh 2.3.18-7Dan Walsh 2.3.18-6Dan Walsh 2.3.18-5Dan Walsh 2.3.18-4Dan Walsh 2.3.18-3Dan Walsh 2.3.18-2Dan Walsh 2.3.18-1Dan Walsh 2.3.17-2Dan Walsh 2.3.17-1Dan Walsh 2.3.16-9Dan Walsh 2.3.16-8Dan Walsh 2.3.16-7Dan Walsh 2.3.16-6Dan Walsh 2.3.16-5Dan Walsh 2.3.16-4Dan Walsh 2.3.16-2Dan Walsh 2.3.16-1Dan Walsh 2.3.15-2Dan Walsh 2.3.15-1Dan Walsh 2.3.14-8Dan Walsh 2.3.14-7Dan Walsh 2.3.14-6Dan Walsh 2.3.14-4Dan Walsh 2.3.14-3Dan Walsh 2.3.14-2Dan Walsh 2.3.14-1Dan Walsh 2.3.13-6Dan Walsh 2.3.13-5Dan Walsh 2.3.13-4Dan Walsh 2.3.13-3Dan Walsh 2.3.13-2Dan Walsh 2.3.13-1Dan Walsh 2.3.12-2Dan Walsh 2.3.12-1Dan Walsh 2.3.11-1Dan Walsh 2.3.10-7Dan Walsh 2.3.10-6Dan Walsh 2.3.10-3Dan Walsh 2.3.10-1Dan Walsh 2.3.9-6Dan Walsh 2.3.9-5Dan Walsh 2.3.9-4Dan Walsh 2.3.9-3Dan Walsh 2.3.9-2Dan Walsh 2.3.9-1Dan Walsh 2.3.8-2Dan Walsh 2.3.7-1Dan Walsh 2.3.6-4Dan Walsh 2.3.6-3Dan Walsh 2.3.6-2Dan Walsh 2.3.6-1Dan Walsh 2.3.5-1Dan Walsh 2.3.4-1Dan Walsh 2.3.3-20Dan Walsh 2.3.3-19Dan Walsh 2.3.3-18Dan Walsh 2.3.3-17Dan Walsh 2.3.3-16Dan Walsh 2.3.3-15Dan Walsh 2.3.3-14Dan Walsh 2.3.3-13Dan Walsh 2.3.3-12Dan Walsh 2.3.3-11Dan Walsh 2.3.3-10Dan Walsh 2.3.3-9Dan Walsh 2.3.3-8Dan Walsh 2.3.3-7Dan Walsh 2.3.3-6Dan Walsh 2.3.3-5Dan Walsh 2.3.3-4Dan Walsh 2.3.3-3Dan Walsh 2.3.3-2Dan Walsh 2.3.3-1Dan Walsh 2.3.2-4Dan Walsh 2.3.2-3Dan Walsh 2.3.2-2Dan Walsh 2.3.2-1Dan Walsh 2.3.1-1Dan Walsh 2.2.49-1Dan Walsh 2.2.48-1Dan Walsh 2.2.47-5Dan Walsh 2.2.47-4Dan Walsh 2.2.47-3Dan Walsh 2.2.47-1Dan Walsh 2.2.46-2Dan Walsh 2.2.46-1Dan Walsh 2.2.45-3Dan Walsh 2.2.45-2Dan Walsh 2.2.45-1Dan Walsh 2.2.44-1Dan Walsh 2.2.43-4Dan Walsh 2.2.43-3Dan Walsh 2.2.43-2Dan Walsh 2.2.43-1Dan Walsh 2.2.42-4Dan Walsh 2.2.42-3Dan Walsh 2.2.42-2Dan Walsh 2.2.42-1Dan Walsh 2.2.41-1Dan Walsh 2.2.40-2Dan Walsh 2.2.40-1Dan Walsh 2.2.39-2Dan Walsh 2.2.39-1Dan Walsh 2.2.38-6Dan Walsh 2.2.38-5Dan Walsh 2.2.38-4Dan Walsh 2.2.38-3Dan Walsh 2.2.38-2Dan Walsh 2.2.38-1Dan Walsh 2.2.37-1Dan Walsh 2.2.36-2Dan Walsh 2.2.36-1James Antill 2.2.35-2Dan Walsh 2.2.35-1Dan Walsh 2.2.34-3Dan Walsh 2.2.34-2Dan Walsh 2.2.34-1Dan Walsh 2.2.33-1Dan Walsh 2.2.32-2Dan Walsh 2.2.32-1Dan Walsh 2.2.31-1Dan Walsh 2.2.30-2Dan Walsh 2.2.30-1Dan Walsh 2.2.29-6Russell Coker 2.2.29-5Dan Walsh 2.2.29-4Dan Walsh 2.2.29-3Dan Walsh 2.2.29-2Dan Walsh 2.2.29-1Dan Walsh 2.2.28-3Dan Walsh 2.2.28-2Dan Walsh 2.2.28-1Dan Walsh 2.2.27-1Dan Walsh 2.2.25-3Dan Walsh 2.2.25-2Dan Walsh 2.2.24-1Dan Walsh 2.2.23-19Dan Walsh 2.2.23-18Dan Walsh 2.2.23-17Karsten Hopp 2.2.23-16Dan Walsh 2.2.23-15Dan Walsh 2.2.23-14Dan Walsh 2.2.23-13Dan Walsh 2.2.23-12Jeremy Katz - 2.2.23-11Jeremy Katz - 2.2.23-10Dan Walsh 2.2.23-9Dan Walsh 2.2.23-8Dan Walsh 2.2.23-7Dan Walsh 2.2.23-5Dan Walsh 2.2.23-4Dan Walsh 2.2.23-3Dan Walsh 2.2.23-2Dan Walsh 2.2.23-1Dan Walsh 2.2.22-2Dan Walsh 2.2.22-1Dan Walsh 2.2.21-9Dan Walsh 2.2.21-8Dan Walsh 2.2.21-7Dan Walsh 2.2.21-6Dan Walsh 2.2.21-5Dan Walsh 2.2.21-4Dan Walsh 2.2.21-3Dan Walsh 2.2.21-2Dan Walsh 2.2.21-1Dan Walsh 2.2.20-1Dan Walsh 2.2.19-2Dan Walsh 2.2.19-1Dan Walsh 2.2.18-2Dan Walsh 2.2.18-1Dan Walsh 2.2.17-2Dan Walsh 2.2.16-1Dan Walsh 2.2.15-4Dan Walsh 2.2.15-3Dan Walsh 2.2.15-1Dan Walsh 2.2.14-2Dan Walsh 2.2.14-1Dan Walsh 2.2.13-1Dan Walsh 2.2.12-1Dan Walsh 2.2.11-2Dan Walsh 2.2.11-1Dan Walsh 2.2.10-1Dan Walsh 2.2.9-2Dan Walsh 2.2.9-1Dan Walsh 2.2.8-2Dan Walsh 2.2.7-1Dan Walsh 2.2.6-3Dan Walsh 2.2.6-2Dan Walsh 2.2.6-1Dan Walsh 2.2.5-1Dan Walsh 2.2.4-1Dan Walsh 2.2.3-1Dan Walsh 2.2.2-1Dan Walsh 2.2.1-1Dan Walsh 2.1.13-1Dan Walsh 2.1.12-3Dan Walsh 2.1.11-1Dan Walsh 2.1.10-1Jeremy Katz - 2.1.9-2Dan Walsh 2.1.9-1Dan Walsh 2.1.8-3Dan Walsh 2.1.8-2Dan Walsh 2.1.8-1Dan Walsh 2.1.7-4Dan Walsh 2.1.7-3Dan Walsh 2.1.7-2Dan Walsh 2.1.7-1Dan Walsh 2.1.6-24Dan Walsh 2.1.6-23Dan Walsh 2.1.6-22Dan Walsh 2.1.6-21Dan Walsh 2.1.6-20Dan Walsh 2.1.6-18Dan Walsh 2.1.6-17Dan Walsh 2.1.6-16Dan Walsh 2.1.6-15Dan Walsh 2.1.6-14Dan Walsh 2.1.6-13Dan Walsh 2.1.6-11Dan Walsh 2.1.6-10Dan Walsh 2.1.6-9Dan Walsh 2.1.6-8Dan Walsh 2.1.6-5Dan Walsh 2.1.6-4Dan Walsh 2.1.6-3Dan Walsh 2.1.6-2Dan Walsh 2.1.6-1Dan Walsh 2.1.4-2Dan Walsh 2.1.4-1Dan Walsh 2.1.3-1Jeremy Katz - 2.1.2-3Dan Walsh 2.1.2-2Dan Walsh 2.1.2-1Dan Walsh 2.1.1-3Dan Walsh 2.1.1-2Dan Walsh 2.1.1-1Dan Walsh 2.1.0-3Dan Walsh 2.1.0-2.Dan Walsh 2.1.0-1.Dan Walsh 2.0.11-2.Dan Walsh 2.0.11-1.Dan Walsh 2.0.9-1.Dan Walsh 2.0.8-1.Dan Walsh 2.0.7-3Dan Walsh 2.0.7-2Dan Walsh 2.0.6-2Dan Walsh 2.0.5-4Dan Walsh 2.0.5-1Dan Walsh 2.0.4-1Dan Walsh 2.0.2-2Dan Walsh 2.0.2-1Dan Walsh 2.0.1-2Dan Walsh 2.0.1-1- Policy update should not modify local contexts- Allow systemd_passwd to talk to sock_files in systemd_passwd_var_run_t directories- Remove tzdata policy- Add labeling for udev - Add cloudform policy - Fixes for bootloader policy- Add policies for nova openstack- Add fixes for nova-stack policy- Allow svirt_lxc_domain to chr_file and blk_file devices if they are in the domain - Allow init process to setrlimit on itself - Take away transition rules for users executing ssh-keygen - Allow setroubleshoot_fixit_t to read /dev/urand - Allow sshd to relbale tunnel sockets - Allow fail2ban domtrans to shorewall in the same way as with iptables - Add support for lnk files in the /var/lib/sssd directory - Allow system mail to connect to courier-authdaemon over an unix stream socket- Dontaudit access checks for all executables, gnome-shell is doing access(EXEC, X_OK) - Make corosync to be able to relabelto cluster lib fies - Allow samba domains to search /var/run/nmbd - Allow dirsrv to use pam - Allow thumb to call getuid - chrome less likely to get mmap_zero bug so removing dontaudit - gimp help-browser has built in javascript - Best guess is that devices named /dev/bsr4096 should be labeled as cpu_device_t - Re-write glance policy- Fixes for bootloader policy - $1_gkeyringd_t needs to read $HOME/%USER/.local/share/keystore - Allow nsplugin to read /usr/share/config - Allow sa-update to update rules - Add use_fusefs_home_dirs for chroot ssh option - Fixes for grub2 - Update systemd_exec_systemctl() interface - Allow gpg to read the mail spool - More fixes for sa-update running out of cron job - Allow ipsec_mgmt_t to read hardware state information - Allow pptp_t to connect to unreserved_port_t - Dontaudit getattr on initctl in /dev from chfn - Dontaudit getattr on kernel_core from chfn - Add systemd_list_unit_dirs to systemd_exec_systemctl call - Fixes for collectd policy - CHange sysadm_t to create content as user_tmp_t under /tmp- Allow virsh to read xenstored pid file - Backport corenetwork fixes from upstream - Do not audit attempts by thumb to search config_home_t dirs (~/.config) - label ~/.cache/telepathy/logger telepathy_logger_cache_home_t - allow thumb to read generic data home files (mime.type)- Allow nmbd to manage sock file in /var/run/nmbd - ricci_modservice send syslog msgs - Stop transitioning from unconfined_t to ldconfig_t, but make sure /etc/ld.so.cache is labeled correctly - Allow systemd_logind_t to manage /run/USER/dconf/user- Allow logrotate setuid and setgid since logrotate is supposed to do it - Fixes for thumb policy by grift - Add new nfsd ports - Added fix to allow confined apps to execmod on chrome - Add labeling for additional vdsm directories - Allow Exim and Dovecot SASL - Add label for /var/run/nmbd - Add fixes to make virsh and xen working together - Colord executes ls - /var/spool/cron is now labeled as user_cron_spool_t- Stop complaining about leaked file descriptors during install- Add support for Clustered Samba commands - Allow ricci_modrpm_t to send log msgs - move permissive virt_qmf_t from virt.te to permissivedomains.te - Allow ssh_t to use kernel keyrings - Add policy for libvirt-qmf and more fixes for linux containers - Initial Polipo - Sanlock needs to run ranged in order to kill svirt processes - Allow smbcontrol to stream connect to ctdbd- Change screen to use screen_domain attribute and allow screen_domains to read all process domain state - Add SELinux support for ssh pre-auth net process in F17 - Add logging_syslogd_can_sendmail boolean- Allow pwupdate to send mail - Fix execmem_execmod() interface - Allow pwupdate to send mail - nfsd is binding to the nfs port 2049 - Add additional gitweb file context labeling - Allow logrotate to set its own keys- Needs to require a new version of checkpolicy - Interface fixes- systemd needs to read lnk files of systemd unit files - FIx userdom filetrans rule to take all params- Make colord unconfined so we can ship RC1- Allow sanlock to manage virt lib files - Add virt_use_sanlock booelan - ksmtuned is trying to resolve uids - Make sure .gvfs is labeled user_home_t in the users home directory - Sanlock sends kill signals and needs the kill capability - Allow mockbuild to work on nfs homedirs - Fix kerberos_manage_host_rcache() interface - Allow exim to read system state- Allow systemd-tmpfiles to set the correct labels on /var/run, /tmp and other files - We want any file type that is created in /tmp by a process running as initrc_t to be labeled initrc_tmp_t- Allow collectd to read hardware state information - Add loop_control_device_t - Allow mdadm to request kernel to load module - Allow domains that start other domains via systemctl to search unit dir - systemd_tmpfiles, needs to list any file systems mounted on /tmp - No one can explain why radius is listing the contents of /tmp, so we will dontaudit - If I can manage etc_runtime files, I should be able to read the links - Dontaudit hostname writing to mock library chr_files - Have gdm_t setup labeling correctly in users home dir - Label content unde /var/run/user/NAME/dconf as config_home_t - Allow sa-update to execute shell - Make ssh-keygen working with fips_enabled - Make mock work for staff_t user - Tighten security on mock_t- removing unconfined_notrans_t no longer necessary - Clean up handling of secure_mode_insmod and secure_mode_policyload - Remove unconfined_mount_t- For some reason chfn tries to stat all devices, dontaudit this - On resume, devicekit_power is resetting X using xmodutil, so it needs to talk to the Xserver - Allow saslauthd to be able to manipulate afs kernel subsystem at login - allow xdm_t to execute content labeled xdm_tmp_t, needed for xdm to be able to run gnome-shell - /etc/passwd.adjunct and /etc/passwd.adjunct.old need to be labeled shadow_t- Add exim_exec_t label for /usr/sbin/exim_tidydb - Call init_dontaudit_rw_stream_socket() interface in mta policy - sssd need to search /var/cache/krb5rcache directory - Allow corosync to relabel own tmp files - Allow zarafa domains to send system log messages - Allow ssh to do tunneling - Allow initrc scripts to sendto init_t unix_stream_socket - Changes to make sure dmsmasq and virt directories are labeled correctly - Changes needed to allow sysadm_t to manage systemd unit files - init is passing file descriptors to dbus and on to system daemons - Allow sulogin additional access Reported by dgrift and Jeremy Miller - Steve Grubb believes that wireshark does not need this access - Fix /var/run/initramfs to stop restorecon from looking at - pki needs another port - Add more labels for cluster scripts - Allow apps that manage cgroup_files to manage cgroup link files - Fix label on nfs-utils scripts directories - Allow gatherd to read /dev/rand and /dev/urand- Add glance policy - Allow mdadm setsched - /var/run/initramfs should not be relabeled with a restorecon run - memcache can be setup to override sys_resource - Allow httpd_t to read tetex data - Allow systemd_tmpfiles to delete kernel modules left in /tmp directory.- Allow Postfix to deliver to Dovecot LMTP socket - Ignore bogus sys_module for lldpad - Allow chrony and gpsd to send dgrams, gpsd needs to write to the real time clock - systemd_logind_t sets the attributes on usb devices - Allow hddtemp_t to read etc_t files - Add permissivedomains module - Move all permissive domains calls to permissivedomain.te - Allow pegasis to send kill signals to other UIDs- Allow insmod_t to use fds leaked from devicekit - dontaudit getattr between insmod_t and init_t unix_stream_sockets - Change sysctl unit file interfaces to use systemctl - Add support for chronyd unit file - Allow mozilla_plugin to read gnome_usr_config - Add policy for new gpsd - Allow cups to create kerberos rhost cache files - Add authlogin_filetrans_named_content, to unconfined_t to make sure shadow and other log files get labeled correctly- Make users_extra and seusers.final into config(noreplace) so semanage users and login does not get overwritten- Add policy for sa-update being run out of cron jobs - Add create perms to postgresql_manage_db - ntpd using a gps has to be able to read/write generic tty_device_t - If you disable unconfined and unconfineduser, rpm needs more privs to manage /dev - fix spec file - Remove qemu_domtrans_unconfined() interface - Make passenger working together with puppet - Add init_dontaudit_rw_stream_socket interface - Fixes for wordpress- Turn on allow_domain_fd_use boolean on F16 - Allow syslog to manage all log files - Add use_fusefs_home_dirs boolean for chrome - Make vdagent working with confined users - Add abrt_handle_event_t domain for ABRT event scripts - Labeled /usr/sbin/rhnreg_ks as rpm_exec_t and added changes related to this change - Allow httpd_git_script_t to read passwd data - Allow openvpn to set its process priority when the nice parameter is used- livecd fixes - spec file fixes- fetchmail can use kerberos - ksmtuned reads in shell programs - gnome_systemctl_t reads the process state of ntp - dnsmasq_t asks the kernel to load multiple kernel modules - Add rules for domains executing systemctl - Bogus text within fc file- Add cfengine policy- Add abrt_domain attribute - Allow corosync to manage cluster lib files - Allow corosync to connect to the system DBUS- Add sblim, uuidd policies - Allow kernel_t dyntrasition to init_t- init_t need setexec - More fixes of rules which cause an explosion in rules by Dan Walsh- Allow rcsmcertd to perform DNS name resolution - Add dirsrvadmin_unconfined_script_t domain type for 389-ds admin scripts - Allow tmux to run as screen - New policy for collectd - Allow gkeyring_t to interact with all user apps - Add rules to allow firstboot to run on machines with the unconfined.pp module removed- Allow systemd_logind to send dbus messages with users - allow accountsd to read wtmp file - Allow dhcpd to get and set capabilities- Fix oracledb_port definition - Allow mount to mounton the selinux file system - Allow users to list /var directories- systemd fixes- Add initial policy for abrt_dump_oops_t - xtables-multi wants to getattr of the proc fs - Smoltclient is connecting to abrt - Dontaudit leaked file descriptors to postdrop - Allow abrt_dump_oops to look at kernel sysctls - Abrt_dump_oops_t reads kernel ring buffer - Allow mysqld to request the kernel to load modules - systemd-login needs fowner - Allow postfix_cleanup_t to searh maildrop- Initial systemd_logind policy - Add policy for systemd_logger and additional proivs for systemd_logind - More fixes for systemd policies- Allow setsched for virsh - Systemd needs to impersonate cups, which means it needs to create tcp_sockets in cups_t domain, as well as manage spool directories - iptables: the various /sbin/ip6?tables.* are now symlinks for /sbin/xtables-multi- A lot of users are running yum -y update while in /root which is causing ldconfig to list the contents, adding dontaudit - Allow colord to interact with the users through the tmpfs file system - Since we changed the label on deferred, we need to allow postfix_qmgr_t to be able to create maildrop_t files - Add label for /var/log/mcelog - Allow asterisk to read /dev/random if it uses TLS - Allow colord to read ini files which are labeled as bin_t - Allow dirsrvadmin sys_resource and setrlimit to use ulimit - Systemd needs to be able to create sock_files for every label in /var/run directory, cupsd being the first. - Also lists /var and /var/spool directories - Add openl2tpd to l2tpd policy - qpidd is reading the sysfs file- Change usbmuxd_t to dontaudit attempts to read chr_file - Add mysld_safe_exec_t for libra domains to be able to start private mysql domains - Allow pppd to search /var/lock dir - Add rhsmcertd policy- Update to upstream- More fixes * http://git.fedorahosted.org/git/?p=selinux-policy.git- Fix spec file to not report Verify errors- Add dspam policy - Add lldpad policy - dovecot auth wants to search statfs #713555 - Allow systemd passwd apps to read init fifo_file - Allow prelink to use inherited terminals - Run cherokee in the httpd_t domain - Allow mcs constraints on node connections - Implement pyicqt policy - Fixes for zarafa policy - Allow cobblerd to send syslog messages- Add policy.26 to the payload - Remove olpc stuff - Remove policygentool- Fixes for zabbix - init script needs to be able to manage sanlock_var_run_... - Allow sandlock and wdmd to create /var/run directories... - mixclip.so has been compiled correctly - Fix passenger policy module name- Add mailscanner policy from dgrift - Allow chrome to optionally be transitioned to - Zabbix needs these rules when starting the zabbix_server_mysql - Implement a type for freedesktop openicc standard (~/.local/share/icc) - Allow system_dbusd_t to read inherited icc_data_home_t files. - Allow colord_t to read icc_data_home_t content. #706975 - Label stuff under /usr/lib/debug as if it was labeled under /- Fixes for sanlock policy - Fixes for colord policy - Other fixes * http://git.fedorahosted.org/git/?p=selinux-policy.git;a=log- Add rhev policy module to modules-targeted.conf- Lot of fixes * http://git.fedorahosted.org/git/?p=selinux-policy.git;a=log- Allow logrotate to execute systemctl - Allow nsplugin_t to getattr on gpmctl - Fix dev_getattr_all_chr_files() interface - Allow shorewall to use inherited terms - Allow userhelper to getattr all chr_file devices - sandbox domains should be able to getattr and dontaudit search of sysctl_kernel_t - Fix labeling for ABRT Retrace Server- Dontaudit sys_module for ifconfig - Make telepathy and gkeyringd daemon working with confined users - colord wants to read files in users homedir - Remote login should be creating user_tmp_t not its own tmp files- Fix label for /usr/share/munin/plugins/munin_* plugins - Add support for zarafa-indexer - Fix boolean description - Allow colord to getattr on /proc/scsi/scsi - Add label for /lib/upstart/init - Colord needs to list /mnt- Forard port changes from F15 for telepathy - NetworkManager should be allowed to use /dev/rfkill - Fix dontaudit messages to say Domain to not audit - Allow telepathy domains to read/write gnome_cache files - Allow telepathy domains to call getpw - Fixes for colord and vnstatd policy- Allow init_t getcap and setcap - Allow namespace_init_t to use nsswitch - aisexec will execute corosync - colord tries to read files off noxattr file systems - Allow init_t getcap and setcap- Add support for ABRT retrace server - Allow user_t and staff_t access to generic scsi to handle locally plugged in scanners - Allow telepath_msn_t to read /proc/PARENT/cmdline - ftpd needs kill capability - Allow telepath_msn_t to connect to sip port - keyring daemon does not work on nfs homedirs - Allow $1_sudo_t to read default SELinux context - Add label for tgtd sock file in /var/run/ - Add apache_exec_rotatelogs interface - allow all zaraha domains to signal themselves, server writes to /tmp - Allow syslog to read the process state - Add label for /usr/lib/chromium-browser/chrome - Remove the telepathy transition from unconfined_t - Dontaudit sandbox domains trying to mounton sandbox_file_t, this is caused by fuse mounts - Allow initrc_t domain to manage abrt pid files - Add support for AEOLUS project - Virt_admin should be allowed to manage images and processes - Allow plymountd to send signals to init - Change labeling of fping6- Add filename transitions- Fixes for zarafa policy - Add support for AEOLUS project - Change labeling of fping6 - Allow plymountd to send signals to init - Allow initrc_t domain to manage abrt pid files - Virt_admin should be allowed to manage images and processes- xdm_t needs getsession for switch user - Every app that used to exec init is now execing systemdctl - Allow squid to manage krb5_host_rcache_t files - Allow foghorn to connect to agentx port - Fixes for colord policy- Add Dan's patch to remove 64 bit variants - Allow colord to use unix_dgram_socket - Allow apps that search pids to read /var/run if it is a lnk_file - iscsid_t creates its own directory - Allow init to list var_lock_t dir - apm needs to verify user accounts auth_use_nsswitch - Add labeling for systemd unit files - Allow gnomeclok to enable ntpd service using systemctl - systemd_systemctl_t domain was added - Add label for matahari-broker.pid file - We want to remove untrustedmcsprocess from ability to read /proc/pid - Fixes for matahari policy - Allow system_tmpfiles_t to delete user_home_t files in the /tmp dir - Allow sshd to transition to sysadm_t if ssh_sysadm_login is turned on- Fix typo- Add /var/run/lock /var/lock definition to file_contexts.subs - nslcd_t is looking for kerberos cc files - SSH_USE_STRONG_RNG is 1 which requires /dev/random - Fix auth_rw_faillog definition - Allow sysadm_t to set attributes on fixed disks - allow user domains to execute lsof and look at application sockets - prelink_cron job calls telinit -u if init is rewritten - Fixes to run qemu_t from staff_t- Fix label for /var/run/udev to udev_var_run_t - Mock needs to be able to read network state- Add file_contexts.subs to handle /run and /run/lock - Add other fixes relating to /run changes from F15 policy- Allow $1_sudo_t and $1_su_t open access to user terminals - Allow initrc_t to use generic terminals - Make Makefile/Rules.modular run sepolgen-ifgen during build to check if files for bugs -systemd is going to be useing /run and /run/lock for early bootup files. - Fix some comments in rlogin.if - Add policy for KDE backlighthelper - sssd needs to read ~/.k5login in nfs, cifs or fusefs file systems - sssd wants to read .k5login file in users homedir - setroubleshoot reads executables to see if they have TEXTREL - Add /var/spool/audit support for new version of audit - Remove kerberos_connect_524() interface calling - Combine kerberos_master_port_t and kerberos_port_t - systemd has setup /dev/kmsg as stderr for apps it executes - Need these access so that init can impersonate sockets on unix_dgram_socket- Remove some unconfined domains - Remove permissive domains - Add policy-term.patch from Dan- Fix multiple specification for boot.log - devicekit leaks file descriptors to setfiles_t - Change all all_nodes to generic_node and all_if to generic_if - Should not use deprecated interface - Switch from using all_nodes to generic_node and from all_if to generic_if - Add support for xfce4-notifyd - Fix file context to show several labels as SystemHigh - seunshare needs to be able to mounton nfs/cifs/fusefs homedirs - Add etc_runtime_t label for /etc/securetty - Fixes to allow xdm_t to start gkeyringd_USERTYPE_t directly - login.krb needs to be able to write user_tmp_t - dirsrv needs to bind to port 7390 for dogtag - Fix a bug in gpg policy - gpg sends audit messages - Allow qpid to manage matahari files- Initial policy for matahari - Add dev_read_watchdog - Allow clamd to connect clamd port - Add support for kcmdatetimehelper - Allow shutdown to setrlimit and sys_nice - Allow systemd_passwd to talk to /dev/log before udev or syslog is running - Purge chr_file and blk files on /tmp - Fixes for pads - Fixes for piranha-pulse - gpg_t needs to be able to encyprt anything owned by the user- mozilla_plugin_tmp_t needs to be treated as user tmp files - More dontaudits of writes from readahead - Dontaudit readahead_t file_type:dir write, to cover up kernel bug - systemd_tmpfiles needs to relabel faillog directory as well as the file - Allow hostname and consoletype to r/w inherited initrc_tmp_t files handline hostname >> /tmp/myhost- Add policykit fixes from Tim Waugh - dontaudit sandbox domains sandbox_file_t:dir mounton - Add new dontaudit rules for sysadm_dbusd_t - Change label for /var/run/faillock * other fixes which relate with this change- Update to upstream - Fixes for telepathy - Add port defition for ssdp port - add policy for /bin/systemd-notify from Dan - Mount command requires users read mount_var_run_t - colord needs to read konject_uevent_socket - User domains connect to the gkeyring socket - Add colord policy and allow user_t and staff_t to dbus chat with it - Add lvm_exec_t label for kpartx - Dontaudit reading the mail_spool_t link from sandbox -X - systemd is creating sockets in avahi_var_run and system_dbusd_var_run- gpg_t needs to talk to gnome-keyring - nscd wants to read /usr/tmp->/var/tmp to generate randomziation in unixchkpwd - enforce MCS labeling on nodes - Allow arpwatch to read meminfo - Allow gnomeclock to send itself signals - init relabels /dev/.udev files on boot - gkeyringd has to transition back to staff_t when it runs commands in bin_t or shell_exec_t - nautilus checks access on /media directory before mounting usb sticks, dontaudit access_check on mnt_t - dnsmasq can run as a dbus service, needs acquire service - mysql_admin should be allowed to connect to mysql service - virt creates monitor sockets in the users home dir- Allow usbhid-ups to read hardware state information - systemd-tmpfiles has moved - Allo cgroup to sys_tty_config - For some reason prelink is attempting to read gconf settings - Add allow_daemons_use_tcp_wrapper boolean - Add label for ~/.cache/wocky to make telepathy work in enforcing mode - Add label for char devices /dev/dasd* - Fix for apache_role - Allow amavis to talk to nslcd - allow all sandbox to read selinux poilcy config files - Allow cluster domains to use the system bus and send each other dbus messages- Update to upstream- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Update to ref policy - cgred needs chown capability - Add /dev/crash crash_dev_t - systemd-readahead wants to use fanotify which means readahead_t needs sys_admin capability- New labeling for postfmulti #675654 - dontaudit xdm_t listing noxattr file systems - dovecot-auth needs to be able to connect to mysqld via the network as well as locally - shutdown is passed stdout to a xdm_log_t file - smartd creates a fixed disk device - dovecot_etc_t contains a lnk_file that domains need to read - mount needs to be able to read etc_runtim_t:lnk_file since in rawhide this is a link created at boot- syslog_t needs syslog capability - dirsrv needs to be able to create /var/lib/snmp - Fix labeling for dirsrv - Fix for dirsrv policy missing manage_dirs_pattern - corosync needs to delete clvm_tmpfs_t files - qdiskd needs to list hugetlbfs - Move setsched to sandbox_x_domain, so firefox can run without network access - Allow hddtemp to read removable devices - Adding syslog and read_policy permissions to policy * syslog Allow unconfined, sysadm_t, secadm_t, logadm_t * read_policy allow unconfined, sysadm_t, secadm_t, staff_t on Targeted allow sysadm_t (optionally), secadm_t on MLS - mdadm application will write into /sys/.../uevent whenever arrays are assembled or disassembled.- Add tcsd policy- ricci_modclusterd_t needs to bind to rpc ports 500-1023 - Allow dbus to use setrlimit to increase resoueces - Mozilla_plugin is leaking to sandbox - Allow confined users to connect to lircd over unix domain stream socket which allow to use remote control - Allow awstats to read squid logs - seunshare needs to manage tmp_t - apcupsd cgi scripts have a new directory- Fix xserver_dontaudit_read_xdm_pid - Change oracle_port_t to oracledb_port_t to prevent conflict with satellite - Allow dovecot_deliver_t to read/write postfix_master_t:fifo_file. * These fifo_file is passed from postfix_master_t to postfix_local_t to dovecot_deliver_t - Allow readahead to manage readahead pid dirs - Allow readahead to read all mcs levels - Allow mozilla_plugin_t to use nfs or samba homedirs- Allow nagios plugin to read /proc/meminfo - Fix for mozilla_plugin - Allow samba_net_t to create /etc/keytab - pppd_t setting up vpns needs to run unix_chkpwd, setsched its process and write wtmp_t - nslcd can read user credentials - Allow nsplugin to delete mozilla_plugin_tmpfs_t - abrt tries to create dir in rpm_var_lib_t - virt relabels fifo_files - sshd needs to manage content in fusefs homedir - mock manages link files in cache dir- nslcd needs setsched and to read /usr/tmp - Invalid call in likewise policy ends up creating a bogus role - Cannon puts content into /var/lib/bjlib that cups needs to be able to write - Allow screen to create screen_home_t in /root - dirsrv sends syslog messages - pinentry reads stuff in .kde directory - Add labels for .kde directory in homedir - Treat irpinit, iprupdate, iprdump services with raid policy- NetworkManager wants to read consolekit_var_run_t - Allow readahead to create /dev/.systemd/readahead - Remove permissive domains - Allow newrole to run namespace_init- Add sepgsql_contexts file- Update to upstream- Add oracle ports and allow apache to connect to them if the connect_db boolean is turned on - Add puppetmaster_use_db boolean - Fixes for zarafa policy - Fixes for gnomeclock poliy - Fix systemd-tmpfiles to use auth_use_nsswitch- gnomeclock executes a shell - Update for screen policy to handle pipe in homedir - Fixes for polyinstatiated homedir - Fixes for namespace policy and other fixes related to polyinstantiation - Add namespace policy - Allow dovecot-deliver transition to sendmail which is needed by sieve scripts - Fixes for init, psad policy which relate with confined users - Do not audit bootloader attempts to read devicekit pid files - Allow nagios service plugins to read /proc- Add firewalld policy - Allow vmware_host to read samba config - Kernel wants to read /proc Fix duplicate grub def in cobbler - Chrony sends mail, executes shell, uses fifo_file and reads /proc - devicekitdisk getattr all file systems - sambd daemon writes wtmp file - libvirt transitions to dmidecode- Add initial policy for system-setup-keyboard which is now daemon - Label /var/lock/subsys/shorewall as shorewall_lock_t - Allow users to communicate with the gpg_agent_t - Dontaudit mozilla_plugin_t using the inherited terminal - Allow sambagui to read files in /usr - webalizer manages squid log files - Allow unconfined domains to bind ports to raw_ip_sockets - Allow abrt to manage rpm logs when running yum - Need labels for /var/run/bittlebee - Label .ssh under amanda - Remove unused genrequires for virt_domain_template - Allow virt_domain to use fd inherited from virtd_t - Allow iptables to read shorewall config- Gnome apps list config_home_t - mpd creates lnk files in homedir - apache leaks write to mail apps on tmp files - /var/stockmaniac/templates_cache contains log files - Abrt list the connects of mount_tmp_t dirs - passwd agent reads files under /dev and reads utmp file - squid apache script connects to the squid port - fix name of plymouth log file - teamviewer is a wine app - allow dmesg to read system state - Stop labeling files under /var/lib/mock so restorecon will not go into this - nsplugin needs to read network state for google talk- Allow xdm and syslog to use /var/log/boot.log - Allow users to communicate with mozilla_plugin and kill it - Add labeling for ipv6 and dhcp- New labels for ghc http content - nsplugin_config needs to read urand, lvm now calls setfscreate to create dev - pm-suspend now creates log file for append access so we remove devicekit_wri - Change authlogin_use_sssd to authlogin_nsswitch_use_ldap - Fixes for greylist_milter policy- Update to upstream - Fixes for systemd policy - Fixes for passenger policy - Allow staff users to run mysqld in the staff_t domain, akonadi needs this - Add bin_t label for /usr/share/kde4/apps/kajongg/kajongg.py - auth_use_nsswitch does not need avahi to read passwords,needed for resolving data - Dontaudit (xdm_t) gok attempting to list contents of /var/account - Telepathy domains need to read urand - Need interface to getattr all file classes in a mock library for setroubleshoot- Update selinux policy to handle new /usr/share/sandbox/start script- Update to upstream - Fix version of policy in spec file- Allow sandbox to run on nfs partitions, fixes for systemd_tmpfs - remove per sandbox domains devpts types - Allow dkim-milter sending signal to itself- Allow domains that transition to ping or traceroute, kill them - Allow user_t to conditionally transition to ping_t and traceroute_t - Add fixes to systemd- tools, including new labeling for systemd-fsck, systemd-cryptsetup- Turn on systemd policy - mozilla_plugin needs to read certs in the homedir. - Dontaudit leaked file descriptors from devicekit - Fix ircssi to use auth_use_nsswitch - Change to use interface without param in corenet to disable unlabelednet packets - Allow init to relabel sockets and fifo files in /dev - certmonger needs dac* capabilities to manage cert files not owned by root - dovecot needs fsetid to change group membership on mail - plymouthd removes /var/log/boot.log - systemd is creating symlinks in /dev - Change label on /etc/httpd/alias to be all cert_t- Fixes for clamscan and boinc policy - Add boinc_project_t setpgid - Allow alsa to create tmp files in /tmp- Push fixes to allow disabling of unlabeled_t packet access - Enable unlabelednet policy- Fixes for lvm to work with systemd- Fix the label for wicd log - plymouthd creates force-display-on-active-vt file - Allow avahi to request the kernel to load a module - Dontaudit hal leaks - Fix gnome_manage_data interface - Add new interface corenet_packet to define a type as being an packet_type. - Removed general access to packet_type from icecast and squid. - Allow mpd to read alsa config - Fix the label for wicd log - Add systemd policy- Fix gnome_manage_data interface - Dontaudit sys_ptrace capability for iscsid - Fixes for nagios plugin policy- Fix cron to run ranged when started by init - Fix devicekit to use log files - Dontaudit use of devicekit_var_run_t for fstools - Allow init to setattr on logfile directories - Allow hald to manage files in /var/run/pm-utils/ dir which is now labeled as devicekit_var_run_t- Fix up handling of dnsmasq_t creating /var/run/libvirt/network - Turn on sshd_forward_ports boolean by default - Allow sysadmin to dbus chat with rpm - Add interface for rw_tpm_dev - Allow cron to execute bin - fsadm needs to write sysfs - Dontaudit consoletype reading /var/run/pm-utils - Lots of new privs fro mozilla_plugin_t running java app, make mozilla_plugin - certmonger needs to manage dirsrv data - /var/run/pm-utils should be labeled as devicekit_var_run_t- fixes to allow /var/run and /var/lock as tmpfs - Allow chrome sandbox to connect to web ports - Allow dovecot to listem on lmtp and sieve ports - Allov ddclient to search sysctl_net_t - Transition back to original domain if you execute the shell- Remove duplicate declaration- Update to upstream - Cleanup for sandbox - Add attribute to be able to select sandbox types- Allow ddclient to fix file mode bits of ddclient conf file - init leaks file descriptors to daemons - Add labels for /etc/lirc/ and - Allow amavis_t to exec shell - Add label for gssd_tmp_t for /var/tmp/nfs_0- Put back in lircd_etc_t so policy will install- Turn on allow_postfix_local_write_mail_spool - Allow initrc_t to transition to shutdown_t - Allow logwatch and cron to mls_read_to_clearance for MLS boxes - Allow wm to send signull to all applications and receive them from users - lircd patch from field - Login programs have to read /etc/samba - New programs under /lib/systemd - Abrt needs to read config files- Update to upstream - Dontaudit leaked sockets from userdomains to user domains - Fixes for mcelog to handle scripts - Apply patch from Ruben Kerkhof - Allow syslog to search spool dirs- Allow nagios plugins to read usr files - Allow mysqld-safe to send system log messages - Fixes fpr ddclient policy - Fix sasl_admin interface - Allow apache to search zarafa config - Allow munin plugins to search /var/lib directory - Allow gpsd to read sysfs_t - Fix labels on /etc/mcelog/triggers to bin_t- Remove saslauthd_tmp_t and transition tmp files to krb5_host_rcache_t - Allow saslauthd_t to create krb5_host_rcache_t files in /tmp - Fix xserver interface - Fix definition of /var/run/lxdm- Turn on mediawiki policy - kdump leaks kdump_etc_t to ifconfig, add dontaudit - uux needs to transition to uucpd_t - More init fixes relabels man,faillog - Remove maxima defs in libraries.fc - insmod needs to be able to create tmpfs_t files - ping needs setcap- Allow groupd transition to fenced domain when executes fence_node - Fixes for rchs policy - Allow mpd to be able to read samba/nfs files- Fix up corecommands.fc to match upstream - Make sure /lib/systemd/* is labeled init_exec_t - mount wants to setattr on all mountpoints - dovecot auth wants to read dovecot etc files - nscd daemon looks at the exe file of the comunicating daemon - openvpn wants to read utmp file - postfix apps now set sys_nice and lower limits - remote_login (telnetd/login) wants to use telnetd_devpts_t and user_devpts_t to work correctly - Also resolves nsswitch - Fix labels on /etc/hosts.* - Cleanup to make upsteam patch work - allow abrt to read etc_runtime_t- Add conflicts for dirsrv package- Update to upstream - Add vlock policy- Fix sandbox to work on nfs homedirs - Allow cdrecord to setrlimit - Allow mozilla_plugin to read xauth - Change label on systemd-logger to syslogd_exec_t - Install dirsrv policy from dirsrv package- Add virt_home_t, allow init to setattr on xserver_tmp_t and relabel it - Udev needs to stream connect to init and kernel - Add xdm_exec_bootloader boolean, which allows xdm to execute /sbin/grub and read files in /boot directory- Allow NetworkManager to read openvpn_etc_t - Dontaudit hplip to write of /usr dirs - Allow system_mail_t to create /root/dead.letter as mail_home_t - Add vdagent policy for spice agent daemon- Dontaudit sandbox sending sigkill to all user domains - Add policy for rssh_chroot_helper - Add missing flask definitions - Allow udev to relabelto removable_t - Fix label on /var/log/wicd.log - Transition to initrc_t from init when executing bin_t - Add audit_access permissions to file - Make removable_t a device_node - Fix label on /lib/systemd/*- Fixes for systemd to manage /var/run - Dontaudit leaks by firstboot- Allow chome to create netlink_route_socket - Add additional MATHLAB file context - Define nsplugin as an application_domain - Dontaudit sending signals from sandboxed domains to other domains - systemd requires init to build /tmp /var/auth and /var/lock dirs - mount wants to read devicekit_power /proc/ entries - mpd wants to connect to soundd port - Openoffice causes a setattr on a lib_t file for normal users, add dontaudit - Treat lib_t and textrel_shlib_t directories the same - Allow mount read access on virtual images- Allow sandbox_x_domains to work with nfs/cifs/fusefs home dirs. - Allow devicekit_power to domtrans to mount - Allow dhcp to bind to udp ports > 1024 to do named stuff - Allow ssh_t to exec ssh_exec_t - Remove telepathy_butterfly_rw_tmp_files(), dev_read_printk() interfaces which are nolonger used - Fix clamav_append_log() intefaces - Fix 'psad_rw_fifo_file' interface- Allow cobblerd to list cobler appache content- Fixup for the latest version of upowed - Dontaudit sandbox sending SIGNULL to desktop apps- Update to upstream-Mount command from a confined user generates setattr on /etc/mtab file, need to dontaudit this access - dovecot-auth_t needs ipc_lock - gpm needs to use the user terminal - Allow system_mail_t to append ~/dead.letter - Allow NetworkManager to edit /etc/NetworkManager/NetworkManager.conf - Add pid file to vnstatd - Allow mount to communicate with gfs_controld - Dontaudit hal leaks in setfiles- Lots of fixes for systemd - systemd now executes readahead and tmpwatch type scripts - Needs to manage random seed- Allow smbd to use sys_admin - Remove duplicate file context for tcfmgr - Update to upstream- Fix fusefs handling - Do not allow sandbox to manage nsplugin_rw_t - Allow mozilla_plugin_t to connecto its parent - Allow init_t to connect to plymouthd running as kernel_t - Add mediawiki policy - dontaudit sandbox sending signals to itself. This can happen when they are running at different mcs. - Disable transition from dbus_session_domain to telepathy for F14 - Allow boinc_project to use shm - Allow certmonger to search through directories that contain certs - Allow fail2ban the DAC Override so it can read log files owned by non root users- Start adding support for use_fusefs_home_dirs - Add /var/lib/syslog directory file context - Add /etc/localtime as locale file context- Turn off default transition to mozilla_plugin and telepathy domains from unconfined user - Turn off iptables from unconfined user - Allow sudo to send signals to any domains the user could have transitioned to. - Passwd in single user mode needs to talk to console_device_t - Mozilla_plugin_t needs to connect to web ports, needs to write to video device, and read alsa_home_t alsa setsup pulseaudio - locate tried to read a symbolic link, will dontaudit - New labels for telepathy-sunshine content in homedir - Google is storing other binaries under /opt/google/talkplugin - bluetooth/kernel is creating unlabeled_t socket that I will allow it to use until kernel fixes bug - Add boolean for unconfined_t transition to mozilla_plugin_t and telepathy domains, turned off in F14 on in F15 - modemmanger and bluetooth send dbus messages to devicekit_power - Samba needs to getquota on filesystems labeld samba_share_t- Dontaudit attempts by xdm_t to write to bin_t for kdm - Allow initrc_t to manage system_conf_t- Fixes to allow mozilla_plugin_t to create nsplugin_home_t directory. - Allow mozilla_plugin_t to create tcp/udp/netlink_route sockets - Allow confined users to read xdm_etc_t files - Allow xdm_t to transition to xauth_t for lxdm program- Rearrange firewallgui policy to be more easily updated to upstream, dontaudit search of /home - Allow clamd to send signals to itself - Allow mozilla_plugin_t to read user home content. And unlink pulseaudio shm. - Allow haze to connect to yahoo chat and messenger port tcp:5050. Bz #637339 - Allow guest to run ps command on its processes by allowing it to read /proc - Allow firewallgui to sys_rawio which seems to be required to setup masqerading - Allow all domains to search through default_t directories, in order to find differnet labels. For example people serring up /foo/bar to be share via samba. - Add label for /var/log/slim.log- Pull in cleanups from dgrift - Allow mozilla_plugin_t to execute mozilla_home_t - Allow rpc.quota to do quotamod- Cleanup policy via dgrift - Allow dovecot_deliver to append to inherited log files - Lots of fixes for consolehelper- Fix up Xguest policy- Add vnstat policy - allow libvirt to send audit messages - Allow chrome-sandbox to search nfs_t- Update to upstream- Add the ability to send audit messages to confined admin policies - Remove permissive domain from cmirrord and dontaudit sys_tty_config - Split out unconfined_domain() calls from other unconfined_ calls so we can d - virt needs to be able to read processes to clearance for MLS- Allow all domains that can use cgroups to search tmpfs_t directory - Allow init to send audit messages- Update to upstream- Allow mdadm_t to create files and sock files in /dev/md/- Add policy for ajaxterm- Handle /var/db/sudo - Allow pulseaudio to read alsa config - Allow init to send initrc_t dbus messagesAllow iptables to read shorewall tmp files Change chfn and passwd to use auth_use_pam so they can send dbus messages to fpr intd label vlc as an execmem_exec_t Lots of fixes for mozilla_plugin to run google vidio chat Allow telepath_msn to execute ldconfig and its own tmp files Fix labels on hugepages Allow mdadm to read files on /dev Remove permissive domains and change back to unconfined Allow freshclam to execute shell and bin_t Allow devicekit_power to transition to dhcpc Add boolean to allow icecast to connect to any port- Merge upstream fix of mmap_zero - Allow mount to write files in debugfs_t - Allow corosync to communicate with clvmd via tmpfs - Allow certmaster to read usr_t files - Allow dbus system services to search cgroup_t - Define rlogind_t as a login pgm- Allow mdadm_t to read/write hugetlbfs- Dominic Grift Cleanup - Miroslav Grepl policy for jabberd - Various fixes for mount/livecd and prelink- Merge with upstream- More access needed for devicekit - Add dbadm policy- Merge with upstream- Allow seunshare to fowner- Allow cron to look at user_cron_spool links - Lots of fixes for mozilla_plugin_t - Add sysv file system - Turn unconfined domains to permissive to find additional avcs- Update policy for mozilla_plugin_t- Allow clamscan to read proc_t - Allow mount_t to write to debufs_t dir - Dontaudit mount_t trying to write to security_t dir- Allow clamscan_t execmem if clamd_use_jit set - Add policy for firefox plugin-container- Fix /root/.forward definition- label dead.letter as mail_home_t- Allow login programs to search /cgroups- Fix cert handling- Fix devicekit_power bug - Allow policykit_auth_t more access.- Fix nis calls to allow bind to ports 512-1024 - Fix smartmon- Allow pcscd to read sysfs - systemd fixes - Fix wine_mmap_zero_ignore boolean- Apply Miroslav munin patch - Turn back on allow_execmem and allow_execmod booleans- Merge in fixes from dgrift repository- Update boinc policy - Fix sysstat policy to allow sys_admin - Change failsafe_context to unconfined_r:unconfined_t:s0- New paths for upstart- New permissions for syslog - New labels for /lib/upstart- Add mojomojo policy- Allow systemd to setsockcon on sockets to immitate other services- Remove debugfs label- Update to latest policy- Fix eclipse labeling from IBMSupportAssasstant packageing- Make boot with systemd in enforcing mode- Update to upstream- Add boolean to turn off port forwarding in sshd.- Add support for ebtables - Fixes for rhcs and corosync policy-Update to upstream-Update to upstream-Update to upstream- Add Zarafa policy- Cleanup of aiccu policy - initial mock policy- Lots of random fixes- Update to upstream- Update to upstream - Allow prelink script to signal itself - Cobbler fixes- Add xdm_var_run_t to xserver_stream_connect_xdm - Add cmorrord and mpd policy from Miroslav Grepl- Fix sshd creation of krb cc files for users to be user_tmp_t- Fixes for accountsdialog - Fixes for boinc- Fix label on /var/lib/dokwiki - Change permissive domains to enforcing - Fix libvirt policy to allow it to run on mls- Update to upstream- Allow procmail to execute scripts in the users home dir that are labeled home_bin_t - Fix /var/run/abrtd.lock label- Allow login programs to read krb5_home_t Resolves: 594833 - Add obsoletes for cachefilesfd-selinux package Resolves: #575084- Allow mount to r/w abrt fifo file - Allow svirt_t to getattr on hugetlbfs - Allow abrt to create a directory under /var/spool- Add labels for /sys - Allow sshd to getattr on shutdown - Fixes for munin - Allow sssd to use the kernel key ring - Allow tor to send syslog messages - Allow iptabels to read usr files - allow policykit to read all domains state- Fix path for /var/spool/abrt - Allow nfs_t as an entrypoint for http_sys_script_t - Add policy for piranha - Lots of fixes for sosreport- Allow xm_t to read network state and get and set capabilities - Allow policykit to getattr all processes - Allow denyhosts to connect to tcp port 9911 - Allow pyranha to use raw ip sockets and ptrace itself - Allow unconfined_execmem_t and gconfsd mechanism to dbus - Allow staff to kill ping process - Add additional MLS rules- Allow gdm to edit ~/.gconf dir Resolves: #590677 - Allow dovecot to create directories in /var/lib/dovecot Partially resolves 590224 - Allow avahi to dbus chat with NetworkManager - Fix cobbler labels - Dontaudit iceauth_t leaks - fix /var/lib/lxdm file context - Allow aiccu to use tun tap devices - Dontaudit shutdown using xserver.log- Fixes for sandbox_x_net_t to match access for sandbox_web_t ++ - Add xdm_etc_t for /etc/gdm directory, allow accountsd to manage this directory - Add dontaudit interface for bluetooth dbus - Add chronyd_read_keys, append_keys for initrc_t - Add log support for ksmtuned Resolves: #586663- Allow boinc to send mail- Allow initrc_t to remove dhcpc_state_t - Fix label on sa-update.cron - Allow dhcpc to restart chrony initrc - Don't allow sandbox to send signals to its parent processes - Fix transition from unconfined_t -> unconfined_mount_t -> rpcd_t Resolves: #589136- Fix location of oddjob_mkhomedir Resolves: #587385 - fix labeling on /root/.shosts and ~/.shosts - Allow ipsec_mgmt_t to manage net_conf_t Resolves: #586760- Dontaudit sandbox trying to connect to netlink sockets Resolves: #587609 - Add policy for piranha- Fixups for xguest policy - Fixes for running sandbox firefox- Allow ksmtuned to use terminals Resolves: #586663 - Allow lircd to write to generic usb devices- Allow sandbox_xserver to connectto unconfined stream Resolves: #585171- Allow initrc_t to read slapd_db_t Resolves: #585476 - Allow ipsec_mgmt to use unallocated devpts and to create /etc/resolv.conf Resolves: #585963- Allow rlogind_t to search /root for .rhosts Resolves: #582760 - Fix path for cached_var_t - Fix prelink paths /var/lib/prelink - Allow confined users to direct_dri - Allow mls lvm/cryptosetup to work- Allow virtd_t to manage firewall/iptables config Resolves: #573585- Fix label on /root/.rhosts Resolves: #582760 - Add labels for Picasa - Allow openvpn to read home certs - Allow plymouthd_t to use tty_device_t - Run ncftool as iptables_t - Allow mount to unmount unlabeled_t - Dontaudit hal leaks- Allow livecd to transition to mount- Update to upstream - Allow abrt to delete sosreport Resolves: #579998 - Allow snmp to setuid and gid Resolves: #582155 - Allow smartd to use generic scsi devices Resolves: #582145- Allow ipsec_t to create /etc/resolv.conf with the correct label - Fix reserved port destination - Allow autofs to transition to showmount - Stop crashing tuned- Add telepathysofiasip policy- Update to upstream - Fix label for /opt/google/chrome/chrome-sandbox - Allow modemmanager to dbus with policykit- Fix allow_httpd_mod_auth_pam to use auth_use_pam(httpd_t) - Allow accountsd to read shadow file - Allow apache to send audit messages when using pam - Allow asterisk to bind and connect to sip tcp ports - Fixes for dovecot 2.0 - Allow initrc_t to setattr on milter directories - Add procmail_home_t for .procmailrc file- Fixes for labels during install from livecd- Fix /cgroup file context - Fix broken afs use of unlabled_t - Allow getty to use the console for s390- Fix cgroup handling adding policy for /cgroup - Allow confined users to write to generic usb devices, if user_rw_noexattrfile boolean set- Merge patches from dgrift- Update upstream - Allow abrt to write to the /proc under any process- Fix ~/.fontconfig label - Add /root/.cert label - Allow reading of the fixed_file_disk_t:lnk_file if you can read file - Allow qemu_exec_t as an entrypoint to svirt_t- Update to upstream - Allow tmpreaper to delete sandbox sock files - Allow chrome-sandbox_t to use /dev/zero, and dontaudit getattr file systems - Fixes for gitosis - No transition on livecd to passwd or chfn - Fixes for denyhosts- Add label for /var/lib/upower - Allow logrotate to run sssd - dontaudit readahead on tmpfs blk files - Allow tmpreaper to setattr on sandbox files - Allow confined users to execute dos files - Allow sysadm_t to kill processes running within its clearance - Add accountsd policy - Fixes for corosync policy - Fixes from crontab policy - Allow svirt to manage svirt_image_t chr files - Fixes for qdisk policy - Fixes for sssd policy - Fixes for newrole policy- make libvirt work on an MLS platform- Add qpidd policy- Update to upstream- Allow boinc to read kernel sysctl - Fix snmp port definitions - Allow apache to read anon_inodefs- Allow shutdown dac_override- Add device_t as a file system - Fix sysfs association- Dontaudit ipsec_mgmt sys_ptrace - Allow at to mail its spool files - Allow nsplugin to search in .pulse directory- Update to upstream- Allow users to dbus chat with xdm - Allow users to r/w wireless_device_t - Dontaudit reading of process states by ipsec_mgmt- Fix openoffice from unconfined_t- Add shutdown policy so consolekit can shutdown system- Update to upstream- Update to upstream- Update to upstream - These are merges of my patches - Remove 389 labeling conflicts - Add MLS fixes found in RHEL6 testing - Allow pulseaudio to run as a service - Add label for mssql and allow apache to connect to this database port if boolean set - Dontaudit searches of debugfs mount point - Allow policykit_auth to send signals to itself - Allow modcluster to call getpwnam - Allow swat to signal winbind - Allow usbmux to run as a system role - Allow svirt to create and use devpts- Add MLS fixes found in RHEL6 testing - Allow domains to append to rpm_tmp_t - Add cachefilesfd policy - Dontaudit leaks when transitioning- Change allow_execstack and allow_execmem booleans to on - dontaudit acct using console - Add label for fping - Allow tmpreaper to delete sandbox_file_t - Fix wine dontaudit mmap_zero - Allow abrt to read var_t symlinks- Additional policy for rgmanager- Allow sshd to setattr on pseudo terms- Update to upstream- Allow policykit to send itself signals- Fix duplicate cobbler definition- Fix file context of /var/lib/avahi-autoipd- Merge with upstream- Allow sandbox to work with MLS- Make Chrome work with staff user- Add icecast policy - Cleanup spec file- Add mcelog policy- Lots of fixes found in F12- Fix rpm_dontaudit_leaks- Add getsched to hald_t - Add file context for Fedora/Redhat Directory Server- Allow abrt_helper to getattr on all filesystems - Add label for /opt/real/RealPlayer/plugins/oggfformat\.so- Add gstreamer_home_t for ~/.gstreamer- Update to upstream- Fix git- Turn on puppet policy - Update to dgrift git policy- Move users file to selection by spec file. - Allow vncserver to run as unconfined_u:unconfined_r:unconfined_t- Update to upstream- Remove most of the permissive domains from F12.- Add cobbler policy from dgrift- add usbmon device - Add allow rulse for devicekit_disk- Lots of fixes found in F12, fixes from Tom London- Cleanups from dgrift- Add back xserver_manage_home_fonts- Dontaudit sandbox trying to read nscd and sssd- Update to upstream- Rename udisks-daemon back to devicekit_disk_t policy- Fixes for abrt calls- Add tgtd policy- Update to upstream release- Add asterisk policy back in - Update to upstream release 2.20091117- Update to upstream release 2.20091117- Fixup nut policy- Update to upstream- Allow vpnc request the kernel to load modules- Fix minimum policy installs - Allow udev and rpcbind to request the kernel to load modules- Add plymouth policy - Allow local_login to sys_admin- Allow cupsd_config to read user tmp - Allow snmpd_t to signal itself - Allow sysstat_t to makedir in sysstat_log_t- Update rhcs policy- Allow users to exec restorecond- Allow sendmail to request kernel modules load- Fix all kernel_request_load_module domains- Fix all kernel_request_load_module domains- Remove allow_exec* booleans for confined users. Only available for unconfined_t- More fixes for sandbox_web_t- Allow sshd to create .ssh directory and content- Fix request_module line to module_request- Fix sandbox policy to allow it to run under firefox. - Dont audit leaks.- Fixes for sandbox- Update to upstream - Dontaudit nsplugin search /root - Dontaudit nsplugin sys_nice- Fix label on /usr/bin/notepad, /usr/sbin/vboxadd-service - Remove policycoreutils-python requirement except for minimum- Fix devicekit_disk_t to getattr on all domains sockets and fifo_files - Conflicts seedit (You can not use selinux-policy-targeted and seedit at the same time.)- Add wordpress/wp-content/uploads label - Fixes for sandbox when run from staff_t- Update to upstream - Fixes for devicekit_disk- More fixes- Lots of fixes for initrc and other unconfined domains- Allow xserver to use netlink_kobject_uevent_socket- Fixes for sandbox- Dontaudit setroubleshootfix looking at /root directory- Update to upsteam- Allow gssd to send signals to users - Fix duplicate label for apache content- Update to upstream- Remove polkit_auth on upgrades- Add back in unconfined.pp and unconfineduser.pp - Add Sandbox unshare- Fixes for cdrecord, mdadm, and others- Add capability setting to dhcpc and gpm- Allow cronjobs to read exim_spool_t- Add ABRT policy- Fix system-config-services policy- Allow libvirt to change user componant of virt_domain- Allow cupsd_config_t to be started by dbus - Add smoltclient policy- Add policycoreutils-python to pre install- Make all unconfined_domains permissive so we can see what AVC's happen- Add pt_chown policy- Add kdump policy for Miroslav Grepl - Turn off execstack boolean- Turn on execstack on a temporary basis (#512845)- Allow nsplugin to connecto the session bus - Allow samba_net to write to coolkey data- Allow devicekit_disk to list inotify- Allow svirt images to create sock_file in svirt_var_run_t- Allow exim to getattr on mountpoints - Fixes for pulseaudio- Allow svirt_t to stream_connect to virtd_t- Allod hald_dccm_t to create sock_files in /tmp- More fixes from upstream- Fix polkit label - Remove hidebrokensymptoms for nss_ldap fix - Add modemmanager policy - Lots of merges from upstream - Begin removing textrel_shlib_t labels, from fixed libraries- Update to upstream- Allow certmaster to override dac permissions- Update to upstream- Fix context for VirtualBox- Update to upstream- Allow clamscan read amavis spool files- Fixes for xguest- fix multiple directory ownership of mandirs- Update to upstream- Add rules for rtkit-daemon- Update to upstream - Fix nlscd_stream_connect- Add rtkit policy- Allow rpcd_t to stream connect to rpcbind- Allow kpropd to create tmp files- Fix last duplicate /var/log/rpmpkgs- Update to upstream * add sssd- Update to upstream * cleanup- Update to upstream - Additional mail ports - Add virt_use_usb boolean for svirt- Fix mcs rules to include chr_file and blk_file- Add label for udev-acl- Additional rules for consolekit/udev, privoxy and various other fixes- New version for upstream- Allow NetworkManager to read inotifyfs- Allow setroubleshoot to run mlocate- Update to upstream- Add fish as a shell - Allow fprintd to list usbfs_t - Allow consolekit to search mountpoints - Add proper labeling for shorewall- New log file for vmware - Allow xdm to setattr on user_tmp_t- Upgrade to upstream- Allow fprintd to access sys_ptrace - Add sandbox policy- Add varnishd policy- Fixes for kpropd- Allow brctl to r/w tun_tap_device_t- Add /usr/share/selinux/packages- Allow rpcd_t to send signals to kernel threads- Fix upgrade for F10 to F11- Add policy for /var/lib/fprint-Remove duplicate line- Allow svirt to manage pci and other sysfs device data- Fix package selection handling- Fix /sbin/ip6tables-save context - Allod udev to transition to mount - Fix loading of mls policy file- Add shorewall policy- Additional rules for fprintd and sssd- Allow nsplugin to unix_read unix_write sem for unconfined_java- Fix uml files to be owned by users- Fix Upgrade path to install unconfineduser.pp when unocnfined package is 3.0.0 or less- Allow confined users to manage virt_content_t, since this is home dir content - Allow all domains to read rpm_script_tmp_t which is what shell creates on redirection- Fix labeling on /var/lib/misc/prelink* - Allow xserver to rw_shm_perms with all x_clients - Allow prelink to execute files in the users home directory- Allow initrc_t to delete dev_null - Allow readahead to configure auditing - Fix milter policy - Add /var/lib/readahead- Update to latest milter code from Paul Howarth- Additional perms for readahead- Allow pulseaudio to acquire_svc on session bus - Fix readahead labeling- Allow sysadm_t to run rpm directly - libvirt needs fowner- Allow sshd to read var_lib symlinks for freenx- Allow nsplugin unix_read and write on users shm and sem - Allow sysadm_t to execute su- Dontaudit attempts to getattr user_tmpfs_t by lvm - Allow nfs to share removable media- Add ability to run postdrop from confined users- Fixes for podsleuth- Turn off nsplugin transition - Remove Konsole leaked file descriptors for release- Allow cupsd_t to create link files in print_spool_t - Fix iscsi_stream_connect typo - Fix labeling on /etc/acpi/actions - Don't reinstall unconfine and unconfineuser on upgrade if they are not installed- Allow audioentroy to read etc files- Add fail2ban_var_lib_t - Fixes for devicekit_power_t- Separate out the ucnonfined user from the unconfined.pp package- Make sure unconfined_java_t and unconfined_mono_t create user_tmpfs_t.- Upgrade to latest upstream - Allow devicekit_disk sys_rawio- Dontaudit binds to ports < 1024 for named - Upgrade to latest upstream- Allow podsleuth to use tmpfs files- Add customizable_types for svirt- Allow setroubelshoot exec* privs to prevent crash from bad libraries - add cpufreqselector- Dontaudit listing of /root directory for cron system jobs- Fix missing ld.so.cache label- Add label for ~/.forward and /root/.forward- Fixes for svirt- Fixes to allow svirt read iso files in homedir- Add xenner and wine fixes from mgrepl- Allow mdadm to read/write mls override- Change to svirt to only access svirt_image_t- Fix libvirt policy- Upgrade to latest upstream- Fixes for iscsid and sssd - More cleanups for upgrade from F10 to Rawhide.- Add pulseaudio, sssd policy - Allow networkmanager to exec udevadm- Add pulseaudio context- Upgrade to latest patches- Fixes for libvirt- Update to Latest upstream- Fix setrans.conf to show SystemLow for s0- Further confinement of qemu images via svirt- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild- Allow NetworkManager to manage /etc/NetworkManager/system-connections- add virtual_image_context and virtual_domain_context files- Allow rpcd_t to send signal to mount_t - Allow libvirtd to run ranged- Fix sysnet/net_conf_t- Fix squidGuard labeling- Re-add corenet_in_generic_if(unlabeled_t)* Tue Feb 10 2009 Dan Walsh 3.6.5-2 - Add git web policy- Add setrans contains from upstream- Do transitions outside of the booleans- Allow xdm to create user_tmp_t sockets for switch user to work- Fix staff_t domain- Grab remainder of network_peer_controls patch- More fixes for devicekit- Upgrade to latest upstream- Add boolean to disallow unconfined_t login- Add back transition from xguest to mozilla- Add virt_content_ro_t and labeling for isos directory- Fixes for wicd daemon- More mls/rpm fixes- Add policy to make dbus/nm-applet work- Remove polgen-ifgen from post and add trigger to policycoreutils-python- Add wm policy - Make mls work in graphics mode- Fixed for DeviceKit- Add devicekit policy- Update to upstream- Define openoffice as an x_domain- Fixes for reading xserver_tmp_t- Allow cups_pdf_t write to nfs_t- Remove audio_entropy policy- Update to upstream- Allow hal_acl_t to getattr/setattr fixed_disk- Change userdom_read_all_users_state to include reading symbolic links in /proc- Fix dbus reading /proc information- Add missing alias for home directory content- Fixes for IBM java location- Allow unconfined_r unconfined_java_t- Add cron_role back to user domains- Fix sudo setting of user keys- Allow iptables to talk to terminals - Fixes for policy kit - lots of fixes for booting.- Cleanup policy- Rebuild for Python 2.6- Fix labeling on /var/spool/rsyslog- Allow postgresl to bind to udp nodes- Allow lvm to dbus chat with hal - Allow rlogind to read nfs_t- Fix cyphesis file context- Allow hal/pm-utils to look at /var/run/video.rom - Add ulogd policy- Additional fixes for cyphesis - Fix certmaster file context - Add policy for system-config-samba - Allow hal to read /var/run/video.rom- Allow dhcpc to restart ypbind - Fixup labeling in /var/run- Add certmaster policy- Fix confined users - Allow xguest to read/write xguest_dbusd_t- Allow openoffice execstack/execmem privs- Allow mozilla to run with unconfined_execmem_t- Dontaudit domains trying to write to .xsession-errors- Allow nsplugin to look at autofs_t directory- Allow kerneloops to create tmp files- More alias for fastcgi- Remove mod_fcgid-selinux package- Fix dovecot access- Policy cleanup- Remove Multiple spec - Add include - Fix makefile to not call per_role_expansion- Fix labeling of libGL- Update to upstream- Update to upstream policy- Fixes for confined xwindows and xdm_t- Allow confined users and xdm to exec wm - Allow nsplugin to talk to fifo files on nfs- Allow NetworkManager to transition to avahi and iptables - Allow domains to search other domains keys, coverup kernel bug- Fix labeling for oracle- Allow nsplugin to comminicate with xdm_tmp_t sock_file- Change all user tmpfs_t files to be labeled user_tmpfs_t - Allow radiusd to create sock_files- Upgrade to upstream- Allow confined users to login with dbus- Fix transition to nsplugin- Add file context for /dev/mspblk.*- Fix transition to nsplugin '- Fix labeling on new pm*log - Allow ssh to bind to all nodes- Merge upstream changes - Add Xavier Toth patches- Add qemu_cache_t for /var/cache/libvirt- Remove gamin policy- Add tinyxs-max file system support- Update to upstream - New handling of init scripts- Allow pcsd to dbus - Add memcache policy- Allow audit dispatcher to kill his children- Update to upstream - Fix crontab use by unconfined user- Allow ifconfig_t to read dhcpc_state_t- Update to upstream- Update to upstream- Allow system-config-selinux to work with policykit- Fix novel labeling- Consolodate pyzor,spamassassin, razor into one security domain - Fix xdm requiring additional perms.- Fixes for logrotate, alsa- Eliminate vbetool duplicate entry- Fix xguest -> xguest_mozilla_t -> xguest_openiffice_t - Change dhclient to be able to red networkmanager_var_run- Update to latest refpolicy - Fix libsemanage initial install bug- Add inotify support to nscd- Allow unconfined_t to setfcap- Allow amanda to read tape - Allow prewikka cgi to use syslog, allow audisp_t to signal cgi - Add support for netware file systems- Allow ypbind apps to net_bind_service- Allow all system domains and application domains to append to any log file- Allow gdm to read rpm database - Allow nsplugin to read mplayer config files- Allow vpnc to run ifconfig- Allow confined users to use postgres - Allow system_mail_t to exec other mail clients - Label mogrel_rails as an apache server- Apply unconfined_execmem_exec_t to haskell programs- Fix prelude file context- allow hplip to talk dbus - Fix context on ~/.local dir- Prevent applications from reading x_device- Add /var/lib/selinux context- Update to upstream- Add livecd policy- Dontaudit search of admin_home for init_system_domain - Rewrite of xace interfaces - Lots of new fs_list_inotify - Allow livecd to transition to setfiles_mac- Begin XAce integration- Merge Upstream- Allow amanada to create data files- Fix initial install, semanage setup- Allow system_r for httpd_unconfined_script_t- Remove dmesg boolean - Allow user domains to read/write game data- Change unconfined_t to transition to unconfined_mono_t when running mono - Change XXX_mono_t to transition to XXX_t when executing bin_t files, so gnome-do will work- Remove old booleans from targeted-booleans.conf file- Add boolean to mmap_zero - allow tor setgid - Allow gnomeclock to set clock- Don't run crontab from unconfined_t- Change etc files to config files to allow users to read them- Lots of fixes for confined domains on NFS_t homedir- dontaudit mrtg reading /proc - Allow iscsi to signal itself - Allow gnomeclock sys_ptrace- Allow dhcpd to read kernel network state- Label /var/run/gdm correctly - Fix unconfined_u user creation- Allow transition from initrc_t to getty_t- Allow passwd to communicate with user sockets to change gnome-keyring- Fix initial install- Allow radvd to use fifo_file - dontaudit setfiles reading links - allow semanage sys_resource - add allow_httpd_mod_auth_ntlm_winbind boolean - Allow privhome apps including dovecot read on nfs and cifs home dirs if the boolean is set- Allow nsplugin to read /etc/mozpluggerrc, user_fonts - Allow syslog to manage innd logs. - Allow procmail to ioctl spamd_exec_t- Allow initrc_t to dbus chat with consolekit.- Additional access for nsplugin - Allow xdm setcap/getcap until pulseaudio is fixed- Allow mount to mkdir on tmpfs - Allow ifconfig to search debugfs- Fix file context for MATLAB - Fixes for xace- Allow stunnel to transition to inetd children domains - Make unconfined_dbusd_t an unconfined domain- Fixes for qemu/virtd- Fix bug in mozilla policy to allow xguest transition - This will fix the libsemanage.dbase_llist_query: could not find record value libsemanage.dbase_llist_query: could not query record value (No such file or directory) bug in xguest- Allow nsplugin to run acroread- Add cups_pdf policy - Add openoffice policy to run in xguest- prewika needs to contact mysql - Allow syslog to read system_map files- Change init_t to an unconfined_domain- Allow init to transition to initrc_t on shell exec. - Fix init to be able to sendto init_t. - Allow syslog to connect to mysql - Allow lvm to manage its own fifo_files - Allow bugzilla to use ldap - More mls fixes- fixes for init policy (#436988) - fix build- Additional changes for MLS policy- Fix initrc_context generation for MLS- Fixes for libvirt- Allow bitlebee to read locale_t- More xselinux rules- Change httpd_$1_script_r*_t to httpd_$1_content_r*_t- Prepare policy for beta release - Change some of the system domains back to unconfined - Turn on some of the booleans- Allow nsplugin_config execstack/execmem - Allow nsplugin_t to read alsa config - Change apache to use user content- Add cyphesis policy- Fix Makefile.devel to build mls modules - Fix qemu to be more specific on labeling- Update to upstream fixes- Allow staff to mounton user_home_t- Add xace support- Add fusectl file system- Fixes from yum-cron - Update to latest upstream- Fix userdom_list_user_files- Merge with upstream- Allow udev to send audit messages- Add additional login users interfaces - userdom_admin_login_user_template(staff)- More fixes for polkit- Eliminate transition from unconfined_t to qemu by default - Fixes for gpg- Update to upstream- Fixes for staff_t- Add policy for kerneloops - Add policy for gnomeclock- Fixes for libvirt- Fixes for nsplugin- More fixes for qemu- Additional ports for vnc and allow qemu and libvirt to search all directories- Update to upstream - Add libvirt policy - add qemu policy- Allow fail2ban to create a socket in /var/run- Allow allow_httpd_mod_auth_pam to work- Add audisp policy and prelude- Allow all user roles to executae samba net command- Allow usertypes to read/write noxattr file systems- Fix nsplugin to allow flashplugin to work in enforcing mode- Allow pam_selinux_permit to kill all processes- Allow ptrace or user processes by users of same type - Add boolean for transition to nsplugin- Allow nsplugin sys_nice, getsched, setsched- Allow login programs to talk dbus to oddjob- Add procmail_log support - Lots of fixes for munin- Allow setroubleshoot to read policy config and send audit messages- Allow users to execute all files in homedir, if boolean set - Allow mount to read samba config- Fixes for xguest to run java plugin- dontaudit pam_t and dbusd writing to user_home_t- Update gpg to allow reading of inotify- Change user and staff roles to work correctly with varied perms- Fix munin log, - Eliminate duplicate mozilla file context - fix wpa_supplicant spec- Fix role transition from unconfined_r to system_r when running rpm - Allow unconfined_domains to communicate with user dbus instances- Fixes for xguest- Let all uncofined domains communicate with dbus unconfined- Run rpm in system_r- Zero out customizable types- Fix definiton of admin_home_t- Fix munin file context- Allow cron to run unconfined apps- Modify default login to unconfined_u- Dontaudit dbus user client search of /root- Update to upstream- Fixes for polkit - Allow xserver to ptrace- Add polkit policy - Symplify userdom context, remove automatic per_role changes- Update to upstream - Allow httpd_sys_script_t to search users homedirs- Allow rpm_script to transition to unconfined_execmem_t- Remove user based home directory separation- Remove user specific crond_t- Merge with upstream - Allow xsever to read hwdata_t - Allow login programs to setkeycreate- Update to upstream- Update to upstream- Allow XServer to read /proc/self/cmdline - Fix unconfined cron jobs - Allow fetchmail to transition to procmail - Fixes for hald_mac - Allow system_mail to transition to exim - Allow tftpd to upload files - Allow xdm to manage unconfined_tmp - Allow udef to read alsa config - Fix xguest to be able to connect to sound port- Fixes for hald_mac - Treat unconfined_home_dir_t as a home dir - dontaudit rhgb writes to fonts and root- Fix dnsmasq - Allow rshd full login privs- Allow rshd to connect to ports > 1023- Fix vpn to bind to port 4500 - Allow ssh to create shm - Add Kismet policy- Allow rpm to chat with networkmanager- Fixes for ipsec and exim mail - Change default to unconfined user- Pass the UNK_PERMS param to makefile - Fix gdm location- Make alsa work- Fixes for consolekit and startx sessions- Dontaudit consoletype talking to unconfined_t- Remove homedir_template- Check asound.state- Fix exim policy- Allow tmpreadper to read man_t - Allow racoon to bind to all nodes - Fixes for finger print reader- Allow xdm to talk to input device (fingerprint reader) - Allow octave to run as java- Allow login programs to set ioctl on /proc- Allow nsswitch apps to read samba_var_t- Fix maxima- Eliminate rpm_t:fifo_file avcs - Fix dbus path for helper app- Fix service start stop terminal avc's- Allow also to search var_lib - New context for dbus launcher- Allow cupsd_config_t to read/write usb_device_t - Support for finger print reader, - Many fixes for clvmd - dbus starting networkmanager- Fix java and mono to run in xguest account- Fix to add xguest account when inititial install - Allow mono, java, wine to run in userdomains- Allow xserver to search devpts_t - Dontaudit ldconfig output to homedir- Remove hplip_etc_t change back to etc_t.- Allow cron to search nfs and samba homedirs- Allow NetworkManager to dbus chat with yum-updated- Allow xfs to bind to port 7100- Allow newalias/sendmail dac_override - Allow bind to bind to all udp ports- Turn off direct transition- Allow wine to run in system role- Fix java labeling- Define user_home_type as home_type- Allow sendmail to create etc_aliases_t- Allow login programs to read symlinks on homedirs- Update an readd modules- Cleanup spec file- Allow xserver to be started by unconfined process and talk to tty- Upgrade to upstream to grab postgressql changes- Add setransd for mls policy- Add ldconfig_cache_t- Allow sshd to write to proc_t for afs login- Allow xserver access to urand- allow dovecot to search mountpoints- Fix Makefile for building policy modules- Fix dhcpc startup of service- Fix dbus chat to not happen for xguest and guest users- Fix nagios cgi - allow squid to communicate with winbind- Fixes for ldconfig- Update from upstream- Add nasd support- Fix new usb devices and dmfm- Eliminate mount_ntfs_t policy, merge into mount_t- Allow xserver to write to ramfs mounted by rhgb- Add context for dbus machine id- Update with latest changes from upstream- Fix prelink to handle execmod- Add ntpd_key_t to handle secret data- Add anon_inodefs - Allow unpriv user exec pam_exec_t - Fix trigger- Allow cups to use generic usb - fix inetd to be able to run random apps (git)- Add proper contexts for rsyslogd- Fixes for xguest policy- Allow execution of gconf- Fix moilscanner update problem- Begin adding policy to separate setsebool from semanage - Fix xserver.if definition to not break sepolgen.if- Add new devices- Add brctl policy- Fix root login to include system_r- Allow prelink to read kernel sysctls- Default to user_u:system_r:unconfined_t- fix squid - Fix rpm running as uid- Fix syslog declaration- Allow avahi to access inotify - Remove a lot of bogus security_t:filesystem avcs- Remove ifdef strict policy from upstream- Remove ifdef strict to allow user_u to login- Fix for amands - Allow semanage to read pp files - Allow rhgb to read xdm_xserver_tmp- Allow kerberos servers to use ldap for backing store- allow alsactl to read kernel state- More fixes for alsactl - Transition from hal and modutils - Fixes for suspend resume. - insmod domtrans to alsactl - insmod writes to hal log- Allow unconfined_t to transition to NetworkManager_t - Fix netlabel policy- Update to latest from upstream- Update to latest from upstream- Update to latest from upstream- Allow pcscd_t to send itself signals-- Fixes for unix_update - Fix logwatch to be able to search all dirs- Upstream bumped the version- Allow consolekit to syslog - Allow ntfs to work with hal- Allow iptables to read etc_runtime_t- MLS Fixes- Fix path of /etc/lvm/cache directory - Fixes for alsactl and pppd_t - Fixes for consolekit- Allow insmod_t to mount kvmfs_t filesystems- Rwho policy - Fixes for consolekit- fixes for fusefs- Fix samba_net to allow it to view samba_var_t- Update to upstream- Fix Sonypic backlight - Allow snmp to look at squid_conf_t- Fixes for pyzor, cyrus, consoletype on everything installs- Fix hald_acl_t to be able to getattr/setattr on usb devices - Dontaudit write to unconfined_pipes for load_policy- Allow bluetooth to read inotifyfs- Fixes for samba domain controller. - Allow ConsoleKit to look at ttys- Fix interface call- Allow syslog-ng to read /var - Allow locate to getattr on all filesystems - nscd needs setcap- Update to upstream- Allow samba to run groupadd- Update to upstream- Allow mdadm to access generic scsi devices- Fix labeling on udev.tbl dirs- Fixes for logwatch- Add fusermount and mount_ntfs policy- Update to upstream - Allow saslauthd to use kerberos keytabs- Fixes for samba_var_t- Allow networkmanager to setpgid - Fixes for hal_acl_t- Remove disable_trans booleans - hald_acl_t needs to talk to nscd- Fix prelink to be able to manage usr dirs.- Allow insmod to launch init scripts- Remove setsebool policy- Fix handling of unlabled_t packets- More of my patches from upstream- Update to latest from upstream - Add fail2ban policy- Update to remove security_t:filesystem getattr problems- Policy for consolekit- Update to latest from upstream- Revert Nemiver change - Set sudo as a corecmd so prelink will work, remove sudoedit mapping, since this will not work, it does not transition. - Allow samba to execute useradd- Upgrade to the latest from upstream- Add sepolgen support - Add bugzilla policy- Fix file context for nemiver- Remove include sym link- Allow mozilla, evolution and thunderbird to read dev_random. Resolves: #227002 - Allow spamd to connect to smtp port Resolves: #227184 - Fixes to make ypxfr work Resolves: #227237- Fix ssh_agent to be marked as an executable - Allow Hal to rw sound device- Fix spamassisin so crond can update spam files - Fixes to allow kpasswd to work - Fixes for bluetooth- Remove some targeted diffs in file context file- Fix squid cachemgr labeling- Add ability to generate webadm_t policy - Lots of new interfaces for httpd - Allow sshd to login as unconfined_t- Continue fixing, additional user domains- Begin adding user confinement to targeted policy- Fixes for prelink, ktalkd, netlabel- Allow prelink when run from rpm to create tmp files Resolves: #221865 - Remove file_context for exportfs Resolves: #221181 - Allow spamassassin to create ~/.spamassissin Resolves: #203290 - Allow ssh access to the krb tickets - Allow sshd to change passwd - Stop newrole -l from working on non securetty Resolves: #200110 - Fixes to run prelink in MLS machine Resolves: #221233 - Allow spamassassin to read var_lib_t dir Resolves: #219234- fix mplayer to work under strict policy - Allow iptables to use nscd Resolves: #220794- Add gconf policy and make it work with strict- Many fixes for strict policy and by extension mls.- Fix to allow ftp to bind to ports > 1024 Resolves: #219349- Allow semanage to exec it self. Label genhomedircon as semanage_exec_t Resolves: #219421 - Allow sysadm_lpr_t to manage other print spool jobs Resolves: #220080- allow automount to setgid Resolves: #219999- Allow cron to polyinstatiate - Fix creation of boot flags Resolves: #207433- Fixes for irqbalance Resolves: #219606- Fix vixie-cron to work on mls Resolves: #207433Resolves: #218978- Allow initrc to create files in /var directories Resolves: #219227- More fixes for MLS Resolves: #181566- More Fixes polyinstatiation Resolves: #216184- More Fixes polyinstatiation - Fix handling of keyrings Resolves: #216184- Fix polyinstatiation - Fix pcscd handling of terminal Resolves: #218149 Resolves: #218350- More fixes for quota Resolves: #212957- ncsd needs to use avahi sockets Resolves: #217640 Resolves: #218014- Allow login programs to polyinstatiate homedirs Resolves: #216184 - Allow quotacheck to create database files Resolves: #212957- Dontaudit appending hal_var_lib files Resolves: #217452 Resolves: #217571 Resolves: #217611 Resolves: #217640 Resolves: #217725- Fix context for helix players file_context #216942- Fix load_policy to be able to mls_write_down so it can talk to the terminal- Fixes for hwclock, clamav, ftp- Move to upstream version which accepted my patches- Fixes for nvidia driver- Allow semanage to signal mcstrans- Update to upstream- Allow modstorage to edit /etc/fstab file- Fix for qemu, /dev/- Fix path to realplayer.bin- Allow xen to connect to xen port- Allow cups to search samba_etc_t directory - Allow xend_t to list auto_mountpoints- Allow xen to search automount- Fix spec of jre files- Fix unconfined access to shadow file- Allow xend to create files in xen_image_t directories- Fixes for /var/lib/hal- Remove ability for sysadm_t to look at audit.log- Fix rpc_port_types - Add aide policy for mls- Merge with upstream- Lots of fixes for ricci- Allow xen to read/write fixed devices with a boolean - Allow apache to search /var/log- Fix policygentool specfile problem. - Allow apache to send signals to it's logging helpers. - Resolves: rhbz#212731- Add perms for swat- Add perms for swat- Allow daemons to dump core files to /- Fixes for ricci- Allow mount.nfs to work- Allow ricci-modstorage to look at lvm_etc_t- Fixes for ricci using saslauthd- Allow mountpoint on home_dir_t and home_t- Update xen to read nfs files- Allow noxattrfs to associate with other noxattrfs- Allow hal to use power_device_t- Allow procemail to look at autofs_t - Allow xen_image_t to work as a fixed device- Refupdate from upstream- Add lots of fixes for mls cups- Lots of fixes for ricci- Fix number of cats- Update to upstream- More iSCSI changes for #209854- Test ISCSI fixes for #209854- allow semodule to rmdir selinux_config_t dir- Fix boot_runtime_t problem on ppc. Should not be creating these files.- Fix context mounts on reboot - Fix ccs creation of directory in /var/log- Update for tallylog- Allow xend to rewrite dhcp conf files - Allow mgetty sys_admin capability- Make xentapctrl work- Don't transition unconfined_t to bootloader_t - Fix label in /dev/xen/blktap- Patch for labeled networking- Fix crond handling for mls- Update to upstream- Remove bluetooth-helper transition - Add selinux_validate for semanage - Require new version of libsemanage- Fix prelink- Fix rhgb- Fix setrans handling on MLS and useradd- Support for fuse - fix vigr- Fix dovecot, amanda - Fix mls- Allow java execheap for itanium- Update with upstream- mls fixes- Update from upstream- More fixes for mls - Revert change on automount transition to mount- Fix cron jobs to run under the correct context- Fixes to make pppd work- Multiple policy fixes - Change max categories to 1023- Fix transition on mcstransd- Add /dev/em8300 defs- Upgrade to upstream- Fix ppp connections from network manager- Add tty access to all domains boolean - Fix gnome-pty-helper context for ia64- Fixed typealias of firstboot_rw_t- Fix location of xel log files - Fix handling of sysadm_r -> rpm_exec_t- Fixes for autofs, lp- Update from upstream- Fixup for test6- Update to upstream- Update to upstream- Fix suspend to disk problems- Lots of fixes for restarting daemons at the console.- Fix audit line - Fix requires line- Upgrade to upstream- Fix install problems- Allow setroubleshoot to getattr on all dirs to gather RPM data- Set /usr/lib/ia32el/ia32x_loader to unconfined_execmem_exec_t for ia32 platform - Fix spec for /dev/adsp- Fix xen tty devices- Fixes for setroubleshoot- Update to upstream- Fixes for stunnel and postgresql - Update from upstream- Update from upstream - More java fixes- Change allow_execstack to default to on, for RHEL5 Beta. This is required because of a Java compiler problem. Hope to turn off for next beta- Misc fixes- More fixes for strict policy- Quiet down anaconda audit messages- Fix setroubleshootd- Update to the latest from upstream- More fixes for xen- Fix anaconda transitions- yet more xen rules- more xen rules- Fixes for Samba- Fixes for xen- Allow setroubleshootd to send mail- Add nagios policy- fixes for setroubleshoot- Added Paul Howarth patch to only load policy packages shipped with this package - Allow pidof from initrc to ptrace higher level domains - Allow firstboot to communicate with hal via dbus- Add policy for /var/run/ldapi- Fix setroubleshoot policy- Fixes for mls use of ssh - named has a new conf file- Fixes to make setroubleshoot work- Cups needs to be able to read domain state off of printer client- add boolean to allow zebra to write config files- setroubleshootd fixes- Allow prelink to read bin_t symlink - allow xfs to read random devices - Change gfs to support xattr- Remove spamassassin_can_network boolean- Update to upstream - Fix lpr domain for mls- Add setroubleshoot policy- Turn off auditallow on setting booleans- Multiple fixes- Update to upstream- Update to upstream - Add new class for kernel key ring- Update to upstream- Update to upstream- Break out selinux-devel package- Add ibmasmfs- Fix policygentool gen_requires- Update from Upstream- Fix spec of realplay- Update to upstream- Fix semanage- Allow useradd to create_home_dir in MLS environment- Update from upstream- Update from upstream- Add oprofilefs- Fix for hplip and Picasus- Update to upstream- Update to upstream- fixes for spamd- fixes for java, openldap and webalizer- Xen fixes- Upgrade to upstream- allow hal to read boot_t files - Upgrade to upstream- allow hal to read boot_t files- Update from upstream- Fixes for amavis- Update from upstream- Allow auditctl to search all directories- Add acquire service for mono.- Turn off allow_execmem boolean - Allow ftp dac_override when allowed to access users homedirs- Clean up spec file - Transition from unconfined_t to prelink_t- Allow execution of cvs command- Update to upstream- Update to upstream- Fix libjvm spec- Update to upstream- Add xm policy - Fix policygentool- Update to upstream - Fix postun to only disable selinux on full removal of the packages- Allow mono to chat with unconfined- Allow procmail to sendmail - Allow nfs to share dosfs- Update to latest from upstream - Allow selinux-policy to be removed and kernel not to crash- Update to latest from upstream - Add James Antill patch for xen - Many fixes for pegasus- Add unconfined_mount_t - Allow privoxy to connect to httpd_cache - fix cups labeleing on /var/cache/cups- Update to latest from upstream- Update to latest from upstream - Allow mono and unconfined to talk to initrc_t dbus objects- Change libraries.fc to stop shlib_t form overriding texrel_shlib_t- Fix samba creating dirs in homedir - Fix NFS so its booleans would work- Allow secadm_t ability to relabel all files - Allow ftp to search xferlog_t directories - Allow mysql to communicate with ldap - Allow rsync to bind to rsync_port_t- Fixed mailman with Postfix #183928 - Allowed semanage to create file_context files. - Allowed amanda_t to access inetd_t TCP sockets and allowed amanda_recover_t to bind to reserved ports. #149030 - Don't allow devpts_t to be associated with tmp_t. - Allow hald_t to stat all mountpoints. - Added boolean samba_share_nfs to allow smbd_t full access to NFS mounts. - Make mount run in mount_t domain from unconfined_t to prevent mislabeling of /etc/mtab. - Changed the file_contexts to not have a regex before the first ^/[a-z]/ whenever possible, makes restorecon slightly faster. - Correct the label of /etc/named.caching-nameserver.conf - Now label /usr/src/kernels/.+/lib(/.*)? as usr_t instead of /usr/src(/.*)?/lib(/.*)? - I don't think we need anything else under /usr/src hit by this. - Granted xen access to /boot, allowed mounting on xend_var_lib_t, and allowed xenstored_t rw access to the xen device node.- More textrel_shlib_t file path fixes - Add ada support- Get auditctl working in MLS policy- Add mono dbus support - Lots of file_context fixes for textrel_shlib_t in FC5 - Turn off execmem auditallow since they are filling log files- Update to upstream- Allow automount and dbus to read cert files- Fix ftp policy - Fix secadm running of auditctl- Update to upstream- Update to upstream- Fix policyhelp- Fix pam_console handling of usb_device - dontaudit logwatch reading /mnt dir- Update to upstream- Get transition rules to create policy.20 at SystemHigh- Allow secadmin to shutdown system - Allow sendmail to exec newalias- MLS Fixes dmidecode needs mls_file_read_up - add ypxfr_t - run init needs access to nscd - udev needs setuid - another xen log file - Dontaudit mount getattr proc_kcore_t- fix buildroot usage (#185391)- Get rid of mount/fsdisk scan of /dev messages - Additional fixes for suspend/resume- Fake make to rebuild enableaudit.pp- Get xen networking running.- Fixes for Xen - enableaudit should not be the same as base.pp - Allow ps to work for all process- more xen policy fixups- more xen fixage (#184393)- Fix blkid specification - Allow postfix to execute mailman_que- Blkid changes - Allow udev access to usb_device_t - Fix post script to create targeted policy config file- Allow lvm tools to create drevice dir- Add Xen support- Fixes for cups - Make cryptosetup work with hal- Load Policy needs translock- Fix cups html interface- Add hal changes suggested by Jeremy - add policyhelp to point at policy html pages- Additional fixes for nvidia and cups- Update to upstream - Merged my latest fixes - Fix cups policy to handle unix domain sockets- NSCD socket is in nscd_var_run_t needs to be able to search dir- Fixes Apache interface file- Fixes for new version of cups- Turn off polyinstatiate util after FC5- Fix problem with privoxy talking to Tor- Turn on polyinstatiation- Don't transition from unconfined_t to fsadm_t- Fix policy update model.- Update to upstream- Fix load_policy to work on MLS - Fix cron_rw_system_pipes for postfix_postdrop_t - Allow audotmount to run showmount- Fix swapon - allow httpd_sys_script_t to be entered via a shell - Allow httpd_sys_script_t to read eventpolfs- Update from upstream- allow cron to read apache files- Fix vpnc policy to work from NetworkManager- Update to upstream - Fix semoudle polcy- Update to upstream - fix sysconfig/selinux link- Add router port for zebra - Add imaze port for spamd - Fixes for amanda and java- Fix bluetooth handling of usb devices - Fix spamd reading of ~/ - fix nvidia spec- Update to upsteam- Add users_extra files- Update to upstream- Add semodule policy- Update from upstream- Fix for spamd to use razor port- Fixes for mcs - Turn on mount and fsadm for unconfined_t- Fixes for the -devel package- Fix for spamd to use ldap- Update to upstream- Update to upstream - Fix rhgb, and other Xorg startups- Update to upstream- Separate out role of secadm for mls- Add inotifyfs handling- Update to upstream - Put back in changes for pup/zen- Many changes for MLS - Turn on strict policy- Update to upstream- Update to upstream - Fixes for booting and logging in on MLS machine- Update to upstream - Turn off execheap execstack for unconfined users - Add mono/wine policy to allow execheap and execstack for them - Add execheap for Xdm policy- Update to upstream - Fixes to fetchmail,- Update to upstream- Fix for procmail/spamassasin - Update to upstream - Add rules to allow rpcd to work with unlabeled_networks.- Update to upstream - Fix ftp Man page- Update to upstream- fix pup transitions (#177262) - fix xen disks (#177599)- Update to upstream- More Fixes for hal and readahead- Fixes for hal and readahead- Update to upstream - Apply- Add wine and fix hal problems- Handle new location of hal scripts- Allow su to read /etc/mtab- Update to upstream- Fix "libsemanage.parse_module_headers: Data did not represent a module." problem- Allow load_policy to read /etc/mtab- Fix dovecot to allow dovecot_auth to look at /tmp- Allow restorecon to read unlabeled_t directories in order to fix labeling.- Add Logwatch policy- Fix /dev/ub[a-z] file context- Fix library specification - Give kudzu execmem privs- Fix hostname in targeted policy- Fix passwd command on mls- Lots of fixes to make mls policy work- Add dri libs to textrel_shlib_t - Add system_r role for java - Add unconfined_exec_t for vncserver - Allow slapd to use kerberos- Add man pages- Add enableaudit.pp- Fix mls policy- Update mls file from old version- Add sids back in - Rebuild with update checkpolicy- Fixes to allow automount to use portmap - Fixes to start kernel in s0-s15:c0.c255- Add java unconfined/execmem policy- Add file context for /var/cvs - Dontaudit webalizer search of homedir- Update from upstream- Clean up spec - range_transition crond to SystemHigh- Fixes for hal - Update to upstream- Turn back on execmem since we need it for java, firefox, ooffice - Allow gpm to stream socket to itself- fix requirements to be on the actual packages so that policy can get created properly at install time- Allow unconfined_t to execmod texrel_shlib_t- Update to upstream - Turn off allow_execmem and allow_execmod booleans - Add tcpd and automount policies- Add two new httpd booleans, turned off by default * httpd_can_network_relay * httpd_can_network_connect_db- Add ghost for policy.20- Update to upstream - Turn off boolean allow_execstack- Change setrans-mls to use new libsetrans - Add default_context rule for xdm- Change Requires to PreReg for requiring of policycoreutils on install- New upstream releaseAdd xdm policyUpdate from upstreamUpdate from upstreamUpdate from upstream- Also trigger to rebuild policy for versions up to 2.0.7.- No longer installing policy.20 file, anaconda handles the building of the app.- Fixes for dovecot and saslauthd- Cleanup pegasus and named - Fix spec file - Fix up passwd changing applications-Update to latest from upstream- Add rules for pegasus and avahi- Start building MLS Policy- Update to upstream- Turn on bash- Initial version                                                                                                                                                                                                                                                                                                                                                                                                                               ?ADCB@ ET  m q 9 G F  "Y S  _ {P  C  z a M (  e   Ij  -  x   nV      x  u > W   rq      V = b  !   f \  _ < NU  y  : 3 ? %  X   4 `S }[  F  ;      ^      w^   D 0k P Z T      d  1 [  ji K U wZvn 7{rgl  2 X Qod   K J| mW t  5 y @ N Qc   s  JI ~ & . 8  o |  h  chR]   i  A   v # \   6 pH   OGa  M   /   O  H $    * )z Y l   b  } R ,  e p `  L g ]        u   ts k E L +f ~ B       ' 3.10.0-46.fc16selinux-policy-3.10.0Makefile.exampleexample.fcexample.ifexample.tehtmladmin.htmladmin_acct.htmladmin_alsa.htmladmin_amanda.htmladmin_amtu.htmladmin_anaconda.htmladmin_apt.htmladmin_backup.htmladmin_bootloader.htmladmin_brctl.htmladmin_certwatch.htmladmin_consoletype.htmladmin_ddcprobe.htmladmin_dmesg.htmladmin_dmidecode.htmladmin_dpkg.htmladmin_firstboot.htmladmin_kdump.htmladmin_kismet.htmladmin_kudzu.htmladmin_logrotate.htmladmin_logwatch.htmladmin_mcelog.htmladmin_mrtg.htmladmin_ncftool.htmladmin_netutils.htmladmin_passenger.htmladmin_permissivedomains.htmladmin_portage.htmladmin_prelink.htmladmin_quota.htmladmin_readahead.htmladmin_rpm.htmladmin_sectoolm.htmladmin_shorewall.htmladmin_shutdown.htmladmin_smoltclient.htmladmin_sosreport.htmladmin_su.htmladmin_sudo.htmladmin_sxid.htmladmin_tmpreaper.htmladmin_tripwire.htmladmin_tzdata.htmladmin_updfstab.htmladmin_usbmodules.htmladmin_usermanage.htmladmin_vbetool.htmladmin_vpn.htmlapps.htmlapps_ada.htmlapps_authbind.htmlapps_awstats.htmlapps_calamaris.htmlapps_cdrecord.htmlapps_chrome.htmlapps_cpufreqselector.htmlapps_evolution.htmlapps_execmem.htmlapps_firewallgui.htmlapps_games.htmlapps_gift.htmlapps_gitosis.htmlapps_gnome.htmlapps_gpg.htmlapps_irc.htmlapps_java.htmlapps_kde.htmlapps_kdumpgui.htmlapps_livecd.htmlapps_loadkeys.htmlapps_lockdev.htmlapps_mono.htmlapps_mozilla.htmlapps_mplayer.htmlapps_namespace.htmlapps_nsplugin.htmlapps_openoffice.htmlapps_podsleuth.htmlapps_ptchown.htmlapps_pulseaudio.htmlapps_qemu.htmlapps_rssh.htmlapps_sambagui.htmlapps_sandbox.htmlapps_screen.htmlapps_seunshare.htmlapps_slocate.htmlapps_telepathy.htmlapps_thumb.htmlapps_thunderbird.htmlapps_tvtime.htmlapps_uml.htmlapps_userhelper.htmlapps_usernetctl.htmlapps_vlock.htmlapps_vmware.htmlapps_webalizer.htmlapps_wine.htmlapps_wireshark.htmlapps_wm.htmlapps_xscreensaver.htmlapps_yam.htmlbooleans.htmlglobal_booleans.htmlglobal_tunables.htmlindex.htmlinterfaces.htmlkernel.htmlkernel_corecommands.htmlkernel_corenetwork.htmlkernel_devices.htmlkernel_domain.htmlkernel_files.htmlkernel_filesystem.htmlkernel_kernel.htmlkernel_mcs.htmlkernel_mls.htmlkernel_selinux.htmlkernel_storage.htmlkernel_terminal.htmlkernel_ubac.htmlkernel_unlabelednet.htmlroles.htmlroles_auditadm.htmlroles_dbadm.htmlroles_guest.htmlroles_logadm.htmlroles_secadm.htmlroles_staff.htmlroles_sysadm.htmlroles_unconfineduser.htmlroles_unprivuser.htmlroles_webadm.htmlroles_xguest.htmlservices.htmlservices_abrt.htmlservices_accountsd.htmlservices_afs.htmlservices_aiccu.htmlservices_aide.htmlservices_aisexec.htmlservices_ajaxterm.htmlservices_amavis.htmlservices_apache.htmlservices_apcupsd.htmlservices_apm.htmlservices_arpwatch.htmlservices_asterisk.htmlservices_audioentropy.htmlservices_automount.htmlservices_avahi.htmlservices_bind.htmlservices_bitlbee.htmlservices_bluetooth.htmlservices_boinc.htmlservices_bugzilla.htmlservices_cachefilesd.htmlservices_callweaver.htmlservices_canna.htmlservices_ccs.htmlservices_certmaster.htmlservices_certmonger.htmlservices_cfengine.htmlservices_cgroup.htmlservices_chronyd.htmlservices_cipe.htmlservices_clamav.htmlservices_clockspeed.htmlservices_clogd.htmlservices_cloudform.htmlservices_cmirrord.htmlservices_cobbler.htmlservices_collectd.htmlservices_colord.htmlservices_comsat.htmlservices_consolekit.htmlservices_corosync.htmlservices_courier.htmlservices_cpucontrol.htmlservices_cron.htmlservices_ctdbd.htmlservices_cups.htmlservices_cvs.htmlservices_cyphesis.htmlservices_cyrus.htmlservices_dante.htmlservices_dbskk.htmlservices_dbus.htmlservices_dcc.htmlservices_ddclient.htmlservices_denyhosts.htmlservices_devicekit.htmlservices_dhcp.htmlservices_dictd.htmlservices_dirsrv-admin.htmlservices_dirsrv.htmlservices_distcc.htmlservices_djbdns.htmlservices_dkim.htmlservices_dnsmasq.htmlservices_dovecot.htmlservices_drbd.htmlservices_dspam.htmlservices_exim.htmlservices_fail2ban.htmlservices_fcoemon.htmlservices_fetchmail.htmlservices_finger.htmlservices_firewalld.htmlservices_fprintd.htmlservices_ftp.htmlservices_gatekeeper.htmlservices_git.htmlservices_glance.htmlservices_gnomeclock.htmlservices_gpm.htmlservices_gpsd.htmlservices_hadoop.htmlservices_hal.htmlservices_hddtemp.htmlservices_howl.htmlservices_i18n_input.htmlservices_icecast.htmlservices_ifplugd.htmlservices_imaze.htmlservices_inetd.htmlservices_inn.htmlservices_ircd.htmlservices_irqbalance.htmlservices_jabber.htmlservices_kerberos.htmlservices_kerneloops.htmlservices_keyboardd.htmlservices_ksmtuned.htmlservices_ktalk.htmlservices_l2tpd.htmlservices_ldap.htmlservices_likewise.htmlservices_lircd.htmlservices_lldpad.htmlservices_lpd.htmlservices_mailman.htmlservices_mailscanner.htmlservices_matahari.htmlservices_mediawiki.htmlservices_memcached.htmlservices_milter.htmlservices_mock.htmlservices_modemmanager.htmlservices_mojomojo.htmlservices_monop.htmlservices_mpd.htmlservices_mta.htmlservices_munin.htmlservices_mysql.htmlservices_nagios.htmlservices_nessus.htmlservices_networkmanager.htmlservices_nis.htmlservices_nova.htmlservices_nscd.htmlservices_nsd.htmlservices_nslcd.htmlservices_ntop.htmlservices_ntp.htmlservices_nut.htmlservices_nx.htmlservices_oav.htmlservices_oddjob.htmlservices_oident.htmlservices_openca.htmlservices_openct.htmlservices_openvpn.htmlservices_pads.htmlservices_pcscd.htmlservices_pegasus.htmlservices_perdition.htmlservices_pingd.htmlservices_piranha.htmlservices_plymouthd.htmlservices_policykit.htmlservices_polipo.htmlservices_portmap.htmlservices_portreserve.htmlservices_portslave.htmlservices_postfix.htmlservices_postfixpolicyd.htmlservices_postgresql.htmlservices_postgrey.htmlservices_ppp.htmlservices_prelude.htmlservices_privoxy.htmlservices_procmail.htmlservices_psad.htmlservices_publicfile.htmlservices_puppet.htmlservices_pxe.htmlservices_pyicqt.htmlservices_pyzor.htmlservices_qmail.htmlservices_qpid.htmlservices_rabbitmq.htmlservices_radius.htmlservices_radvd.htmlservices_razor.htmlservices_rdisc.htmlservices_remotelogin.htmlservices_resmgr.htmlservices_rgmanager.htmlservices_rhcs.htmlservices_rhev.htmlservices_rhgb.htmlservices_rhsmcertd.htmlservices_ricci.htmlservices_rlogin.htmlservices_roundup.htmlservices_rpc.htmlservices_rpcbind.htmlservices_rshd.htmlservices_rsync.htmlservices_rtkit.htmlservices_rwho.htmlservices_samba.htmlservices_samhain.htmlservices_sanlock.htmlservices_sasl.htmlservices_sblim.htmlservices_sendmail.htmlservices_setroubleshoot.htmlservices_slrnpull.htmlservices_smartmon.htmlservices_smokeping.htmlservices_snmp.htmlservices_snort.htmlservices_soundserver.htmlservices_spamassassin.htmlservices_speedtouch.htmlservices_squid.htmlservices_ssh.htmlservices_sssd.htmlservices_stunnel.htmlservices_sysstat.htmlservices_tcpd.htmlservices_tcsd.htmlservices_telnet.htmlservices_tftp.htmlservices_tgtd.htmlservices_timidity.htmlservices_tor.htmlservices_transproxy.htmlservices_tuned.htmlservices_ucspitcp.htmlservices_ulogd.htmlservices_uptime.htmlservices_usbmuxd.htmlservices_uucp.htmlservices_uuidd.htmlservices_uwimap.htmlservices_varnishd.htmlservices_vdagent.htmlservices_vhostmd.htmlservices_virt.htmlservices_vnstatd.htmlservices_w3c.htmlservices_watchdog.htmlservices_wdmd.htmlservices_xfs.htmlservices_xprint.htmlservices_xserver.htmlservices_zabbix.htmlservices_zarafa.htmlservices_zebra.htmlservices_zosremote.htmlstyle.csssystem.htmlsystem_application.htmlsystem_authlogin.htmlsystem_clock.htmlsystem_daemontools.htmlsystem_fstools.htmlsystem_getty.htmlsystem_hostname.htmlsystem_hotplug.htmlsystem_init.htmlsystem_ipsec.htmlsystem_iptables.htmlsystem_iscsi.htmlsystem_libraries.htmlsystem_locallogin.htmlsystem_logging.htmlsystem_lvm.htmlsystem_miscfiles.htmlsystem_modutils.htmlsystem_mount.htmlsystem_netlabel.htmlsystem_pcmcia.htmlsystem_raid.htmlsystem_selinuxutil.htmlsystem_setrans.htmlsystem_sysnetwork.htmlsystem_systemd.htmlsystem_udev.htmlsystem_unconfined.htmlsystem_userdomain.htmlsystem_xen.htmltemplates.htmltunables.htmlpolicyhelp/usr/share/doc//usr/share/doc/selinux-policy-3.10.0//usr/share/doc/selinux-policy-3.10.0/html//usr/share/selinux/devel/-O2drpmnoarch-redhat-linux-gnuASCII textHTML document, ASCII textSE Linux policy interface sourceSE Linux policy module sourcedirectoryxz2?7zXZ !#,/]"k%QkhubʥWrw(-t}Gt<ӷq'NM5NU2%l]FhVwTQ'?O~unJv(Va( p!.Zg?լ T*P~6=NCӢv{X~y#K#3dV-n?X1;˚GI4iRdoq>G 9HN;Чƿb}&/#B ri#Z'wNIBѴ??c0f0g B:i/3kV6(p9J1'2ێpxa>g`ja~(m_EtmXIkܮ&yA_H9T2e<,C.G1f$.Kb,Yt6rtA>p/l-˭3Rx}yOxY`Y^va ؿѪ8dʑf5E !ּnkfdjPAaMy$yZ'RP)k=M[jx;Rڍ |>@~*rau%BAfNBU$7\rd%>*l3m .J/Qq)d8+m#`: N'dUauZñ=L2 cfn-'fbҎ!(cUR2 {<)K86q(΃:>G#HR L\='R&)(+RQR 6AvקI𨂭^-.Rzw k9^gSNsFBjeٸrƤWQ`XR867B8{U8ehyśf kM yc]i5򝹡9jcd)D7w>T'oNrh3+zU 9^(_{|)E|?ւIk$lJ=$l\64ۼQIҕw\PH[֑JߍB[aKW{CSXmn"ܔvYFl< @œ5Io#=\O>-S ẁ@*73WQ(. ٯ y@uz߱;9ܘ83D pԑ_yExcþg=1 uӽbe%a1xnC6~{FxR«uCd$.3z‌T\ p<3s5lr?(LxDS]]?R\(.:V$LPpSN¤,j$w4=Üx&#EOkAp?IX~&< #aȶm 8Ndю\C67KlJ!b4=JBU9"8s=#0mdLx.u$2{ (O<`uy5j:yG#!ZRMA9G݄SZB\~w1x!:mO]>W K _Zb ԗfr D# 3ޗysmj+y A2dC4ٰvk/#V*T!dzz^|rsMPW?rOn[ƚ¢GԥX Aj3_jO5c/9Ǥ|MVl/$qeEK@Q2LKX|Kk7saTpnߝP.!B64Ɯl2a?Ħj AZ`+^oktHk&e9owy:+<_~x{u%3 .@\(˕ 5oU赧ޟw9=eĘW,-V LA}`:|dL^T֖cUbF5@cJvɘf@o^/ؙEWy/PY3+!K.ӔR9Enp^:qOn$}\CjYsHaׂ~y_(aC8@4Vj]>:Vn"R:^>/]ԌaJjm#w)B: Ɔۘ>k$uXiJUKŝX(GI44l .5m\Gvrs1ǔŒѨ1%PtUz W>4@Hu:ߩV[U*]uRe5IC-Q<:gw}as @`EIv["d7nxuZ0ݤ(N u?r#A&sm^X:^ s^ܶ(`ǚ36|E# .%L:!);opx ©k͇UHbTn$ɼmS^%;p h?|PlycvȉS8y3w*Bd"O'1mamMp納' {9!եD9 {"DjZ\?;;t6V_=N``UȔM9/@~>gk(1)tNpV'g9T^B%K)/)uݒ LR? gY|NGٮ)5j)źVJ%g un7o  D_ ݙJJaRk 󡥌nsbXP.?N42Qxs ӳ^'h:kSa֎+tFyf ;U G^%{m/D\[$t~+ 8|DϦ&ߴVB.Wdݓ9BDYYv%m.[ѣ櫰 JQ- -X7e g.ʪcDzV@5ǩe%G6{ ;jr 7YENQ,I`6YєAQֱ[ߖEHXή 64e$WB^񠊯 Y3zKy i9Pm@5󘤋aA]/Bi/pխ'(͇S 7,Hzb-c (,V6?ym0r rX^QV)wƔ_+B˦81lN~~z+~,`iis*?@Vxh=ӞW9t_1c/ ɡ[}JUp@ޏTf*:zO~鞾,h`ECᥒ1ƍllo'EѲ_.xIlXZUe{WJ=OWA^ۏtŝoU7O'."t%M q:w7p瘑yxb,azng@ :Mu< wxjUQC蛤Km>Fв?KW-Gc8++΄VHRyۓOGG$nXP͍Lu`|2+CՅ@q#2[F>e]8^?nD׮  LQhe1| NIYw5 R\i^+)~]-f[!ޒۆ袌(TzCwC4E^fSp=HlApKjDZyACv| YnA ! %vu&>VڑGG>.%> ;Z:z-ʲ+@MAvʄnM%HwVnf„lؕu caH8f8Wps{Hmu+ga4;հH I[= $G;ėM_pR^&yut9 /He|v2Kgᛇ[:M7A#d\=kJ\K4IpL,s u6oڵVI&DMYh`FsĎ"@n+j8xο"K7Vj@+/L:TXtl^'V`[yNBx)Yv.>`Kxv(%0b^ŷR'p$7U.dQD3h E15\ %؈gygXeM;9:g$Zei1-Z"/iA慘&Z }u4BPb1t rbU%Žץ9ZB/#r ^CZϖ?~iw5E9Ra`i?P~D=6PULY@q -R)qrWg0i4T鰱 Z6AqflcFuc{d^*~e]r ϧZ HĎrg^ G+0i>Q*+2gP>uTNEE&ƅiPVR-9{`sfN~Sf yZh2Y'’F <7[( q F@='B]K!ƀFi  ],;7(^Dtr9zy*Pw>'9c[qֽJHKo:^~-BHwXѽ9qo5jv%%/buǬ $B"KPoGV7Ȗ klj3Dy)f!PW v}gFjrӇ]/:/=J+!Z !3oL*I[ /3wVGc7E: P;'{}yuip`TŠ;VSG]oTw3r+%Z.U$ nD 诠[K8L5zf xt]S/Q׾k&Êˡqԗ\eK1y \_qoյPAu;pFam@X>cVkIxR.(\;T2+Za%x&U:LΖHW^p+5ǎV[T|TӮ'#diH)^YAi^2u?0LY#>snlʵ!87c)L(:TbJ\!^#JICXω1sރx[p$ _i;?ocQ|MڕjD5SGTOa9g3iql2y}9d] n_w~IE1A5v%ҒXv0aG Բ ͆3wseFo-n<(Zq_jx>[$  cxL:4myb33Qa2sjK/JX 5sMog_0)Lʄt7ZӸpYvߍٵ4W2t m0oYpǫ(eJ_<1UJy$V{ H<%Q•h˜}tV7id, 8ت ̽bŇʰpo pȋgۊB9L#[yKI1 JUAb9R]ȭFWk'X=I`[wRM.] rv(gUeVFkPA9au5jc2kR|JS2QOL̉ԦX uIm)O)ox@wdR:;َsjYt  7r1<1"cI$r^MOvujZ'.BSocbPFCm2MȍcTQyNGĩaH` d0Y01I:EI  ./ѧnruU*tzLm0v`W%(b7^ `gk˓ɈȳH( cߓu|48EQmIl Wt^C&Z]w/ ;}ce'DzR['7'a45o~`j]Z2Oϭ%l/LP%f/Gk#XϮB6ӮoU51G`ZF~A_"aw*>f56[_XWGź2v3d@ -P. 4@7{v+~$*3l0 @Ɓ2,,b>1lSLr'lÐL{nZRs>Ua8U~\qI1k([eQt]*(hH KS)a C>QFFzRkgMͮC٤ N 9fz3< ә;ԵEhһ"A ~%G4)+wƉ@r? vaU8|\pV\pFo3cZ8*GN*[U܀<'}E&f0!?vfǭ r#V\wʂ{Ҫ4*\1^n)txY|a߉7Z’6pG;M+fۍD><%Ԓ\?GoOݴ.opʄ縉Si'ae]ypFlq^-iwk:3~kca^Ũ5 ''o}vZ'_i~c{}:; G޿`h|0󲧹 FXswd,;bBSLD| 1XN*zoiQt~0`ͧVӻɐg`[P􈴑)ȖaԨɷoiCnΙ$F& XSuqƄCtl>yj4A40K73-oɚCV-J6aa&NwޜJ\r F[t+Q|rAjŽB$O$Ox" _9D,k ͋{4izs4μ<ߌ ţVFm7Agh!Pq`9vrfY#df&˅*MRcz:F`S1`]|y_,i2_2 qeELINX:|# -p@H4?teNͅV-߁7GS)_@9S-e E8 r<V|-d7 dk䁐\*=?_)O%z!<]f70F}kQ[w (lGt,SOWa/ZV)MeK =|0MaD, 32*Hc'WNfQ OAҫ5D#Щ_aj;g(?4&9@z)\1b=>p^ihfS6=S|#a=jq\-amHH[GZخ3 ww}- ]% fڅu!_(m3/Mmf?5ɷwQ$X9;BgfmܡAA2Y ¯:g^o)rR,諤VwL5 ЖAd/WpkqqK@<\[ }V=pZg0oߛfÖZ64vU_2gZiNvJ2K 6b-Y.' k{qcy+JT|>1hطz=JVGMR9rJ- ؉ 7"a88S~waQS,j:th jJ;Lj3 @.N&['ZnY8{pK%>>]m7ꉁ? Kp_0SP $Obكl.lZcjﺍ9To./3bo'r@_0Uؤcv<J؅CnlךS`<> Yό?EV\t{-3)P,O,;u`]P*y;|QӗdX^(UH ON҇>yh@K գ֞2NBNI,I op4E|ވ8sJ!{iv$ߍ_ϵ L3Mi`l [Bn^BGCr2#xmjI;T@k vS6#aW Ile%6?^v&J̫!:b " AF"1DdJzpfkf7>vrcɿf3C)Q67h'm| *bdE@/߲aOMY!ǷNKmiKr5>M2.yI8/)%S4>m)|9fz薇2)cx9*\Ă j`^vXR$P"Kq?T$[\1y#:zue$ f,`,9,zIgwU.HŜ,=yxRG NϘwJ`/_c@sN@?N<ܛ(5yiUցG7pHpaHpeR6(#@6b{Hj~M#%i;]2G͂dut5F-šSQuװ󾃗BN wW3ݩ_g_CFBj=p̲':Yee qf6EK;Ci_<>K66 'O5%dAqª T.S9 \$Lm$.TriaM8(vc7\EAwXCʖWL`WUWG\0 gD)31*c 5wFc ;8@1l%Vi$rICjHKHs9$jQsD2saKt_Ӈ**`2u YZ