selinux-policy-doc-3.10.0-171.fc17$>8J+2nj>8?ud % Bhl    j   9 u< 4L(89<:z<GpHTI8XY\]^bdl t$uv wxlepfsCselinux-policy-doc3.10.0171.fc17SELinux policy documentationSELinux policy documentation packageQbuildvm-19.phx2.fedoraproject.org*kdFedora ProjectFedora ProjectGPLv2+Fedora ProjectSystem Environment/Basehttp://oss.tresys.com/repos/refpolicy/linuxnoarch P,A-%$)` $>Zj7)'*$<+ Y3p#$\($vR" !( ^6"0Y!! B,w(o"O"#n"C)bB\#7&6 t200 )J m,%k8^:;،e-s,} +BI2nOhu -Xy" K$؞jjbd&b\`lbbfucj;g<jZ`lmkin^cqk`\nz^af j>hUkYo7ZIr^a^dHskSaZJx%mhJnla\%p|c\k`ZZZn#k1aaP1dh^gnZOaZTy4`hefq[wFn?a\^bd^GZZpbbQ`e}'j`{\L\Lm>f8ZDoXmMZ<ZLi]hreKd^dm;`ZBik_bjkJqd|^r^Kdfnv^\ZBqȶjn\hz}\mx<^3d8Z=o`VZId^anidc|acgZ7j ok]XcZ\\rbkwku5szdd\p]`f,^ccv~ZtsZYZ_dk4om:\J^\e\J^X\mh bn`[u1tc^4\|k\CrbVgog_`~Oh\^`Njm^_ZYqesg]d9\b^g\Dl_$^ZnxcZNe]f`ZA^ckM\mep VgZEZGdF`ZB)kmfb8zx_+©e$W! %5d!5*G9#'($;\H691@YdSl0/aTq)7EA큤A큤QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQf90d6642396bd107eb2bead87e1f4abd10f50053d71665ab6c4dc0292976a653846bbdba1149ef9edd39c6f18d37f29e5ed9cb3670521f142ed6d7d2bf9f2b8342d2c3aa4d008aad3243fd00e4723033e27e253289356cdf2cf9ec46135a8327bceb4f36b0f077b7a232a94e214b3b0a5a85152e4d89c193f92ddaba3ede1ad691b8c56b11fd9b655fccca491b40c776d2a10bd1c163fbc5863d0da295c0a3b0e3f010dbcb6a0e29aaa75883dc2a9a105d201432ae20b7bf2d0ad90eda7c67d58813270681a263ef6d5d22bd48dd642bb8bc3bb64e88e2b0a24c4da9bb60cf7c9e1e9730804f268e18809109fa8ea65d1690268a1da3cd843a5e22abefa5dbe874d26950ce2a6f78a519b6f3b7993b795dbe523b16b28588ce750f620de163d5c1661a894c591c0b75f363a893c37aa8103eb9b0202f185136eef34d1e4ede77d2f8401de4716676a24876425d570e24aa3bdaeb0aaee28f9ba97ec1a57dde68af4ac7ec3d3e4b7f090a637207750a41e2cedce8bb1c3eb89377665e73f93b942d093db93405576d06be696dc946d321770501a48c28935d5fdeea79ea2f40812ad5c6d821b50cfc1e6e3eaafe26f64a795c68845f8e73a9581ad187471a06068c34af28548c543ca63c9358710fc04d6eb8f01b3ca5d62981080315d820fb32cfcdb282108f57d971a36936d857fbe087a9fa5a9a45c7706f78e27a8ef8786049d2376d14e0e0ca578c3772e4d2b3fb25a2370ce991916398ce5362a508efc4e72c9960cca8efb1558cfad71cb3fa54a2a2d51483d30b0c925fa8b62e7ad0c35268254f228933ef39d98588f738cfe33c9327db8343cdbd5aef628605dae3b49ecf76da7700f497fd380bdbbb013eb0cc1f040c7a794e5fc780a1e631a93ca636ecda814330e115b589b367fe2615ba439ac4690fb088a328cd03f6d327894044ce8dbdf3b15583e0bbf27708e3b0cc35307847d98fb2b73e60fc589efeba02646912322f3af83690d476dbd14947cbc07aa7a67c8ab9d7f3c5652e2607970a4772b43ffdf2a26ac53d611936ab2ee5a96b805d65d2bab951c064ac5b397bac1ffda3db13dd71a27957c1626bd1f81226a7e4756a9955bd43123073fc433c0d680e923c3957ab017291376d26af7b6a50a4ab6bbf1cbf8b7d4d98e38bc38dabdb5d8309387a40ce6e58a87a938531d4300729cc19db274168258828127e3026cc0231662aef173b252f5b68ca11e4e91f1c1c8868aef58f8b42cb10693dd78d4e1c61661facae8e43e53e3121969c3e819a51363db8d3e6b0147774a25c7b923042fa22ac0e5204258f20894b90408efe66007f23af237256dcf9ab4066ef83503595af7508315b0cacca021a514d62fedd67063779ce85f4262e0cfb715bd50dc4828a6da3ec913726f9c3f3da60fb6831e905877b7cd8b9e51942994c28b0ca8093c57ccc4744714fa884c966fa19868793d398285d4a13ef975cccbc7f2637095111aa2deb699d555e8504ab136c9ba342b6c2869ffff7300250f0db66f6b87938d1fa02a4ae6bdb513b1390a9acccac0ff3d3ab95cf3cdb02c16db510d617e0c67e7379fef218a0ee2bb5b7f11b95bbfca80268ff347a8da2faaa5e642e9bde763a2f189dd0f74c64bd0c28032707a14206702d2302eda67983d4c2034601953d9ca6c2ab3bd5f5f4420189bccbc33fe195ec489e8bfe37116af48fa74a40f7be36e7833cab639c2c314916eca164485a8aa1fbb0dfdde52ca76b21d50809503715b0286114348ba9b5ef1b2721653d989473176f4f45e3bc731a9fff45d9e54aa1baf5c9543cf755407fa44270facd10f0263b4f47f19b478c138897add75e0c3e2f3b282bb2db5515300de7749b5f178d1670bc2b6c91aa5cf572d83cfa689a51c13ecc28676e751a5eb9069dd260394258ffc86a278cc4214bcc517961ef87027db79057d15718f5bdd2fd2d8e51730a411cbce5a4ae3afa738846331a56501d4f5f5cf23f545aa95233bbfb18f42c712388cfcaa85f29b045a312a4d46dd11307a02ffb589a2499625962dda79239af91f56cdbb25637b58be07745b9854e0de0159b89337f916d70ec01a0f4b3f1ee700c5a109bc75fd3d77f6b515eda133c4a7256963cbb53e6c770e90abf2aebb906fcfef1a0be59ff0bab4ad3d73c44a4ca8bf34545106f2e786d030cc873e9aed2dee2f8a1d0ab43d581da08cae41b738f27e4e70128f49f9c52d939192ac2e12d9d11d02852b526c3e19cdda7bac5c75f3f28c30a0e5e7e37e05024f85aef949945198856b01d98a79240d243d4dc3dd3ebbdf156a1f203a879c2d987d3ca6bd74b824683800d527aa0e70ac98c313fa7e7e28976f72a80e42c0107ec7472e2225d5fb011b2513b44717fc83247753066566841be1d24fdd6756619429c36ff27f0cd14eb1444878f45b66a59db5640546c59b1eb51ef5faba287b42bcc03bb02870b2b43bb24ca4ee8b0d019dd9116e854b95cfbf1e44f7bf6217fa43e88f38aaa907cbcd3298db29341b76017edabd4a36bd5b15820515d2eaa4371db8f317c637bde874dd81bd58115ca904e1964861a496ab7a4ef688a773174d758ddf5ebd4dd562f72e9c2123585987b0626547ac0f9603167c097b84b89bb7d7f7472fb1d203c75a0516329323eb6e7d90f2c27dabeee937e8e41fbb92634516ee688bc667955c917cbb18cd4a87f8a95ed8ad7b232e68614e2dce55dad643f60c901e92ae738894240e6c4a4ecac5f229a42609f84d3a2a49fcef0600000b1171840cf5fe7a18befdf594ad6895b4ad5b67ca35f3fc1da5eaf44f9c0e9e23fc127d89d99cda729c652a20b92b8be461b8b354d9df6eaa692d88d4ae937f17895fe75f169ade93c7f101525e412fc56eab35488b17b494fbaf9fd8a8540a31eacd3aa1ee8e9ab644e83fe0edc2224a5678aae9a99d0072430fec40fad81d7f506390b4a675409aafab7ec746c9b95b9f9c66ddb6e0116c388d3214459e28fa511a2c4774ac135d9a98112a90833264125adf7d3143db199573d4e9a76a1e15179f94f52987f701dd14df0c9357918d27f92ed38a352dad6f86ebcd5684b9477ad1e8ab2771aff050e04503f72e446cbdf7083dfa7f6d7c6fdaebbaac4a4ba80d9b715ff3b0bfd0a26fe41de105425c8ac005ce73b39a820399b576bf01e9c3ab15411f045793d81ec1477cf0f7ba001d81e8b1f69da1bad82477c8ab8a762be47c710855e160ae48826a482048fcbcc4a869ec9a0566100ba7abb0014b88644ca25e9ed86635d438b00bbf030b6defb51616c1d26e78df6ef95c5ee5de1cb38991ca068f6e310f07c07fa725ff51065032880af41fd642d29e174774d93a362c21fa7c15f43b8f548836efc1510c394fbb7980f30533fece676a098b4a95c38be6ff040336e3cd9367636ad6c94871aa00c5842833fc996cfa795fb60fa417100c5c419de76bae2617722b7b87ecc4cf2981a829e21a4104197900ddcd241ab12da2724eff89e463752ed9ff0eae2fd042f689a33210698e4c0c495639121ce80ca049a7f350014bab4b65d47a1d26c63684725543fa9331715cfce13978e5bd4318276577db54bf46229b37274bdfb623b65fcf6ced2c440d7d42967d74c5a5972d30c38bc2237cb35bae37c14e51438f49118bab735797983e83f214051595b60f9933875bd49a19e460285dd11005d07de78a07fe06039e07afc37bab4f154f4cb9177d238ad25b6a89536c7e1887af4d75e551448b92ce11d10d922611d5978c7c6945150ff4fe3aa7bbabc8c26253b34c22fb1d6983d007585c550fa8b8257400d48ed9549a76e7427f5ae6ff63b0dd2e94c38fdd61e68d2b4d425fc0042b14068e62de75a296b201e51f815a6be43a49d375f99230f0e8813e32858baea1a4505734a0bc2d491304743bc675f892b7b954be6280958cfef9e88bc76ad464ea771daeded29f05e27a88d26e4431361c4aea9af0716c58e28b73d6c0956ecbc895c52ab075c837a497032792c6298f1e46bdc6549dd1b64833513e689bfa98d5e366b99e76b3f3dcec2f28231185351975085cda2a052417d09640126ac0a3275a9a9bef807587bce9827170b6939a0078098f67416e08fa7ebcf09507e014e65f8af13735f332a43044200db1f0709f17a494bd85e548a446caad350713213adc49f880ecf1e4ee13d9bbda00a52727ebe6be72333f33633228bcc5023c0383b3dcdfe325c92ba29001ff86a4633a5e31c698ae4d76ba456a469c002b2c6fe59914ca56537f7d1632d7ce922b311abe41a568fa8eabab063078187a9e82b031cee0750ef2967fcc1a54a9beeb46b6f8ed4257425167729851bb7642d2ec9eb9188e921948de5d12b66eb928b7ded7865247628691b24b65fddac48287c63c702ab4160b1280abc74cc5c261e8e6619f5a1cd70d7d9e48d11cedee8ea3bcd614960b2b54a23e4feea53ced3283ff81474373327b14ee18b2eb0ef2668940214c39f9adc96e4979acafd7e6632039338cd60c54c5585884be71950a9d7e2fbaf8cbe74f5f563af177f394501567b6e229c00a3fdb2f59b1afa6af9dbe4093918b60ea7aaa8b9e35e67cd03d50dc4aad9ccba36ee44e56c53dab1d2240c659d60fbe72c0f0c173cb7649ab741ac587850166a9dde9521ca6bee3fe6379b83215e81be8c64a6c876c861a2ad1e2004be75c89b8bac6c1bb2d4b11ae93523962a0f5fd57186e743ae1872a44e85fe3262c7b3bb1cb0f30fe0cbdcafa4b02a875f9d6d560f3c3c66052868d7325961210703e77d0698e57328cb9fb8a572b1baadc3a0d7556d7fff823ac4dcad6031207f1bb0af800e3e51c2ad67a63a8680ec5580242fdf1758bbe8a5beaccd027b6636c6a3d33a94519568cee971f0e853b3a7787b6cf4d3c489325d951752a05b8da5e5894f41c8ceb5a630e0c7594a8d4755e4dd9930136aa56761aac94f65970dc95c17979c513087b58e74016b80372182128bab701cdd94633911c3ade0abf05cd3c27883211a175c5cdd494dfb4e8e01f8a9a8d19352fc9068b8eb31e01cc9c2720869d8fc2270d9a2611036808fd10a1a28eb05e0ff95d7a301fcba3858dabb56cba08678be89460a23b3772aebd28fa66203d05a30b547a9332893db67b1788e5f566f01bc895077324810b0c640c0cb09853f960817f2559463735dca0b048af753eb691a5a8487b2dcc288c0439d98104cabd9385a951737254119dfe173e527586c0821b9766a3c9e75d725c00a70e3883f38e76264070e22f377e2cd590c1418362d2fecfd25ae655f3e195179f8741f02820ece46a8de8acb8cfd41efcb29f99bb3ff3cb74afc217c853922caac9d256f816f4406c508eb5d83437284988e89e00e97bb36a12d7c61e33deba11e9cb3e1f0a4ccbf0c7740724769757b1851ecc7aa901eedd7b4ac9f6fabdd3d598e7593b52a1380ff88e4a8acf854da7d57d85e3fedd56914d6ac099b930a75734975449d0f081e9ad92d9b515b48697dbc9acff44c2d153432d54192fc5f48bdc56fe2e9bbb57b87a952c71f5ab749dbc57af10ddd58527a62b1f17659eadafc263decf876fa25cb452043a423b4537aa93a344df6af33c8075db41690c8edd14965e2734400f31b8be1117cf4ee0d47f7915ae96d90ee1526ef067323c31e011a578eaaccbaa9a361068681fa4847233eff9c7aabb8bcf9d8239a47f45c3600d6e221cb3a18da1ab5844466f2f14dc5a19793352527bee1acd9a2dcdad77e08752e37c0925208d2d32f65f8cc81a1903cb713e5634c99c66c4af3959975e20e48630edb43d8a5db63d97ad3a4c78ada49c25d1eea788498eb19c065b13f4517189b5b78c23db8432ddac59bb58f209376d78312242429acaa929c3e06a803c24063505c2935ada9a75259c37396ca384967988ab563cbb8f679b59e0cca24c3091ecd1445ff432ffe3d91c41acea256194f505c91be3f0eb6241e9563669dbbe77763eb27b8c06d824d1d8f6b3d92ddf867eab30c88c77f2784532f7616bf64f74de603c10b6bd581b5c0e0227f8bb22fa5439b7c711f0b18c7b2aa780c5d01320e57a95c8cf8f28802b4d8f084d78f2758d17287d6a9e86621265eb8ca4b352b044e420115373bf6fc6245f60245c9352c852c05305cbf9f20fdc5e63eed8dd3e67efeb0534b2de1fd6283aa3744a7082f9324b2b980ef4ebfaac344c268012fff0cd9a8ffc12e4d221b5fdbb7feb95f1fe1f9e4321ff280fdc36e4ac0ded69f4c6797ff4c6a18945eee715bc6e4c42080fc66a75c36451dc605540e96d4bb42206b8ad85ec616a22b3e4485f8c38aa81733c3caf682a4210eba7067131d8c6ca84dac267ae9c4184103989dcf5518799e295fc79ed9fb13c379b25aea8a963ec831e1ae4f28e6b8beeb162a8f7f89f0b9343c758f37189fd65b42b84c7500c04bfadb70610c8ef4df6b06913bacdfbcb4e031e8314d995160b7b52a105f28d5fa93606ce4828c8f91b4d775e64b0acc5d4223822cc67c488696478d2bac0dbede1858fd4a46dfb7bd7cb089af3e2c4b36a1675d459e016dda007cdb9330584dfd57caa8877eb25ba76deca335abefde8a2eb71ae58bd7f254ff6d30a9a2caa11610b99f9e95d5e11ee28d66c89d17812311635c83df3303c3652fdd5287f31fd5c61e0e2fc33ee0e40852822f82a61c70f94ab996e0364136b83865f06d424a31309c7f6da5054b8e8438fe51f0a2e42b89df753b98244a408f02beaba4c482d46f8ecbf6016b87f2b85d6f5bd97571c328aa67bdc078a6c990f778d18b7f9306ae6400a527bb74cb948c43c74bbf8e84c47f37661e55d51f18734e88114e9e95bd563b203a04bf3b42ebef0c00087bcc328fd17c07ae92ebf722fc4f9cd9539fb3e39bfc7d35f061470f8d8569a410a1b620f9123508ef0eff67eca211c5cd753efe8586e081efe46ac1151de0a1c2ab36eb3493daf78ef94e385cdbfb14969437b73ebfee35094790d1813f40ea029797f49a4f05cea0168d0ce57fffa07360fcf71b8b12b291365640224b460e76b1a74c241321989cb5ff0935c3e7435cd6f4c9c5deb2b33a87999ef745b62d9ec2dfeeeb183f7cac159df4ddac3c8931fbb03b108e37b7b6d9854e6186538eed4e17e2edb40c1f25503af2bb24ff542a3542260fbf2f7b47c0f6755f8b948ef6419e062e5199fccaa5f6ff67369aae271865c7b9209c86e1943e48800e692d352a48720bbed37948514e63a0c5f339ee2e5b637c7192fb6b7756a5cf7ac9b2c18154fbd6e667413799b6a08c9a9c93fb344cd77c49a4394b08d5a7e68aec024593d9a80572205812156ce5429bd8b74f56c55a4f2cbf9cf6fc33720d212ec9c6a03ec3acf7ab1e83be1bbac99acc4629d229e915d33a4b31093ed330a28b8cb7d1ea3b29c0de927a89160f152a2f2c270cb29484791d92ff461d9c230112b804710544d078894059971214aad58425bb186f430c7fb925b0f938d2bddb937d0002fb6fd5c070f4559982ec82706ad75bfd7057c5aa1cf56ad63b12c4172bee746fc67a7ed0e0e467aaf1b0db6d01531ffd93f479c0be17f3fba40c42587cc7c0962b77fafca4956d4cf6c637829013db3d474f128ea8c3ac10a8458b4937083417534e826a4c6513eb3568e8be163b6ae653ec2073304226013a6089c7406cdeaab37ceb5cb03ff8abd5289d044c8e3a99f22c98860aba88a7e061018fb93376ea53daeb182bbe03a28a3a0a97c78b6c734efc7e62b1b0cc69384a4f00e0c4ceaaba40e3dbc0bb2e2417e27c9e87ceb68c603ac505f14492211f0f6082aac52cbde138e05010c7e982fbb524d1768828894df85d9bb1d6d31e63dbe2621a1df721404ad8fcb72caa88564a8c83e4bed9553ad24c99e07af8d9b2884749d90a6f3668a7d91d1ee5de1a5cf46166345bf9ac7bf0fd38e82f968d481751b4b1c9133cb3e1b69f844288226a0c3282c773cb05c3c6a5b0cbe596f01702927b30a6060b8e7ab70202a5bbde01433f84aebffb7d72ef6a7f33affac691d16668d811635061935d82e3d2855fe22243e106d8b44815c34716ea01fa37a9a5cde4bb77cb0ca326bba19b8baf70b163eea79a21071988289ea396041b2a1ccb1a45279ba370c13683581485c953daf4f4871eb88451cc224071e8f50a882e864dec8f6d6fe0df9028bd60cf90d95c78668d68030c2c1c8730f38aa5ac3ed3657ecd2470df3d756514fef07a1c51c8bb6876dfcf2740e37adfa074abdc9cdc688e451c3d651b42dba1f87200a10e2c3f011b0fa092d248740dc5487dc07da0f892c3e8ba23f61bbae4a5b915d737091d4f06d77c90ef638d7b9ad9fdf41682576cbb5227e137f27026605862e04af24cfe2fc8c9fd326ddc3eed57b7d72988356c43efba4be4ab54e70e9f14a40f58706a28ddfa1151a32538cf947c4d4c177cd1fef7e6ed4d0387e8eccee5cc62d88ea9a101dced7c7f89c2cf5f983be17afdd756a619048410fc55340995ae75e99d5673566c4113f4658414ce45ca5ae40c1c6f169766493b007eaff980945c19cc6614c1a4dedf05a24f173d45efaa21516c642263ea66993d667145d2753be8c5e575d2e445e3a1857d985bb8b6e499f57c9f28fe23588adea3402f5121a329417d7d7f0d47073526c82c37a0cb0d581dcd32acb552b0081de32cedf91da2604073a9bbfce722699af9d17996c4c30a67277f2fa04b370b3cc1ba64be021689821db2d9e3a2604a1ed9530901a96649451ea00eafc05b4ce51c7f307b0ffd442c13c620102ca9e495e829a253ccc73468c80ccc370750be594bbd791d301e60ebd3e959961858b59dc5ff6e2b16beb3621c45fd31220f8921027f698423e97ebc15067101d043f51352822316978af2ba9b853ae3241ed5a4ba7f3b3d5eb2091c12f4805b0a97ef03bab1d0e286db729e002a1d3be46cd144ce7f2e01edff940262a36edb30171f6609048bb119b6a0e57867d1bfc72e2336cc8363759cc5afecb7fd5363b6bfb02d8783b6182ed822897e99537975d67dffbe273732fecb5d434e24abfeae529dcb1b43a12fe2b9c061c230977b3d55d4838061912df37d081ef541aa676a4381602fdeffc28bb2dd61eae7519425299d004a5b084feb497904733cb012722e2a08cfae9a98ffbc5645805a25efb3300acb63c1984551f3126d3a273dfb46b0d37f2cfcdead2a05d78f49b3f3d4aa63a47a7c5878229c546843673e56ef45d965be92d1404316366ade4dba9de1c7f5e39101db720dfd2adbde04938ac12b5ff163a1a9c0528d23b2a6b298bd2c90edee7288fc6bc9a40124b18096a631e6e42addb5f3d17e36ffc7a88f452c1436ac451135215e34e951b77ccada03b36bbe3cc52e4e27efcf4d1b2e46dc41c3c3f12db600969f7989f0afcc191c44c78857ce4c6cee357d4738a0667e21a9fdd90a0d470de7968530e98c448857b674cc3023f6b45f3b6287288fd1d5a7de2c169f81c05f9b1d3d3fe2b18ebb11ad6b657ca0385070f856e5f908df5c58c0b7707522924cd9bd254197a2f615304c7b1f3364de6c316ef50fe3ba22499e5903a457e82ac00c37faf8b46e45af1cb47b804371eb23618028a6f192fa3c637bd52464f9677cf4ac85c6f8590124546b1f3f3e9d5881b0c85c8d17e727de56c2b0190f7a51989bedb643e609d89b72fef134912b9c3a63cad5edda216a776f1fb546c9f7d768fb1ade37740a7ae8333d7d59ab90699ff12a387f03966b7c43aa047ef6e6b769154952a1f5803d94733b56d3a887537f77ea87cfb967be8c89746ae987d3b5fed314781d5b59caf68f7701b5ddcc71f1eb5d04e5679493bae1057c04e7917295a23894ed7b3968a2ded1ad145f742ce0c2943002059163b707c95d208ed236e2d302e55f40b144b591238616bba959800c1549410152772d9846b6f73f4a432f935b52cf1bc013bca7524861610a27b00edc5258d2a9b0929a097cec67bac533b8f9873d723b5b158f94c3f96a9e5b5626cda3643b0432171da6d1de19dd12bc9ac280cee199f09ae1fe26cec5406d48e91731d3c623e42bfb04e6bd2043ef749f188b7abbe61f4ddd3b81fbb20fe4c8ffb1fb83636f96f70072dba445475d6d0f36be2f1b912ad3c90a53a7f558ee2a84219a76940f61a8b3496cdf485e9d375d790a60d4f9907bf746f560c078c21cd596b8e68f34ac7b1cc2d55f358bd30bd211badd327a588a8e6da76f57bedc86e66e2e916eccc8a6684fbd55c0c66fa2d9bb2b8467823f09a1b5bc9877bb03c381a8c2b5e7b39ef141d60e47df31d37eb0c6dcb6db5d64da4ce1ae46d90f79287a0eb726306acb98626c73c77c1706bf39e5173f0874d489913195f35bdfeac13b1c34f1ef2ff58334d2c89324141cfe1b077e195285e0b725697ec5de6e1515185202182ad4fb16ff29df700bc50ec33edef9e5884d2b1661d6bc6bec3ff72aaf3c682c665bf848bda5a46b46dc06d3157c94b596cda311acefdb0a68c5c96bcfad7d91bb5aa505828b1a84848738f32aa64f4b53d23a663d98c4e5c941f793af5586701bf4cdfb8e43ced7b5bd97b4e1beb7ee36cb52a568ac2d90da29432da2337a6300cbdc4243a256deab0a99e49a2bf72ded17f2b180560b9506d0bfbae171277ad1ee067d1e8463b62222c8b1548f712a43131eac468888072fc3d4a1e42e03ec0e42226f6cbc4b3ce5aab84a783eb403a30bb09ebb2f345edc919c7ec8bc9b46c8ace34aba75878b6b6ecc7aef80c8fd1a6f5cd32143add105ffde27942a54494b8d294d33d5a57d4e0e21b9a552a8a8616929db9d18239926accc792a6e0278bf53c50a5db5586f5a9a1fc4795dc1c5848e1cd8d50437671d10918402c298a02b32327a63a7f23306e8481a4e3e20824a72c6528a4dc596639d5f624e493dd1cbe1d6f1125a1f6e57648877db591157d3c586e4b28db751649b0d6d96bcd30da3fa23d89fadf3cc9a6d2c5fc2136dd970e0eb09f186173cffe11aebb2673218013f427cab4f696041bc38bd61ec8815977db1203bd1da7e9bfc22221d646f7c48bc9872e6ef61d0d76794e05cc31cfc2b10f8bd11aa05560e856840fc44c115fe48e40b773c51a275471b51b27f3180bb9a0e07d733024078fee1891bd47a51a857db11cd62cf6662fea335b9be2003b2fec14e9473862626862dde2c4d5f33a8f22afb663434b8144c187de497d235f431c1754af4717fac72e0b86750aa454c57b98d9e6da5bd67f0ec68ba6a45d50328756845ecd6c0a39a5701e12d604c1b4f022ce5125f5d2bd8109b3dbfec02fe3209a67ece89c1fe13c7926cf6eed3d04fc376c4ff5fbd85da6bb9a8802e268fb615979db194b765d907ada4c214b6da1dcfbdf1115c8349db136fac9f922b5d26e0b04d5fa0bcfa8498050e90a4becefdefd9b466c882e0cd390c1ec0bd8b502ec167335946495b1b04f758d7b2d9cdedae91b3ddecc3a7b4caf1acc86b050edb8721520b39fae2d342836044828b25c33060ba990e8c1cd3a4e2ab6d185a0815906349b526900542812a3de075590bfaf6b670db998f76a9e7027fc44ca4f6614859cf3168e81d2e78fbdbfb2046bc577a8c8f0c410a3f683641002d02f420f05a6bba777e053bf031b60e5e3aa0e28c32add8c5a45dc7f1eef2310e72955de516f442c4c2cfc50f65573f872a4d17c4a9180691086a351c48550c8a59ac9a68df399298286b5b5076cdb83fc647c7101c1e3fc87b1e95c386aea61584328956ee82241f693ef5cd8a8c96f33cc68515e78c9b826cbc5e697fe270917c5571db7d607b96ccadad02723d5752543a2979f0e38ef752d82d1e917b22a3d849f41418c1c484fe10099c571478d7caef893ee5d8f0f2749630560a4ccb792860a7106b2b10189ceaabe7771adf1b678c6a9cbf7379f62132b6085b34734c4f5e1fa48ea902e4aa7a1403c926a1ef241526795f9a97ecd6bddde6e891e3042db08e7509a143a0affd5ffe9a057f18591f6fd9d2300fd53fd46dd6be36c0a78820e0c8db7bbe08cc18280c3b2de5a47e15eb1d970390ab7ca25925bfb0a02504e239aa828125ab5c845c5e06c277b12351c58bbfd7ff978692f18d476fd79ac8fde7e44d7836f2c50225a585ea9003e8cc8c7eb4c4d55884b40fa44ba1b5e53eab8fe88af18c751a28eb5096a222865d4d4601145792a4a6706a81c4debfc70b19e959a188156892600a235376247f70e76bd371b08db9ecd7cba8ce873ebc1d4293ae24f9a3c8cffa6d7ffb0c75905358fb2ca52c2fefd7c4ec5e4bd5788a993d460fc8c8cb274ace6ef8b3e17cdeb11236b9bb5b9f672090df51a192ea31cd879246c527b175a52bd5ce40e0daffd81bd465a9a3b50938a2dae1bf08f4caa18a5bc1102d21255a759b2153199a66dd6566586d5b22efc702e58834929c29a675c274d2bd86dfa71bd177f49b7ebb3ca6ad050f76db8aaae94b2a721880187cfcc0359050ba2ff5193be3645149357bb46404c8d912cefbb73ea9f4215b140c769ed8ee36bf326edfa79bd10e3465847664a703118e6c5e6addff61e4c71e8d9179557a0d06b6048a38de7880a673342bc36d65d2cc153887a419de9dbec299edb0649b990c1122c2f5d059ad113447efc4fb4bc5fb7a7de76b180891045b96e07c466739da8c141814d087c9014a506cfb73a78ce5ed3a6aa19aba1a2cc990c352967f91295f903601d24edff4418c38a7cc523584764a4a494efeaa7398a8be2951fed5694d4479a126780272084c0857efaebe7675ee069f213cd58fd4f868d583421553777c0bfe594aeab9a817cf583fe3afd7531c1240f77086ea9510c07977dc9d6a59ceea4f0c7f6cee95904ceaf72025e1ec4bb1c7a3abe0b86361fb72acf0ed20019d893ee8666b01e1f15c72f7e58b48f3187141907ebe7f40bcd35705847367f9ab17d08e3fb10206fb31b97f9bfe85eec15a4ba0047671857bf1d8d39629e2135738df8fbc08cac7057079ed5c6a9bb9504586973828a5e2b2923f6b4ea238e8bad3ced1ee2e5cde7e748f786f533057a17c66f716efd62c76ccc53fa0754b03cc7092323368ad394cf3f14d385e5f120d6a7805bb594d7129c33d06b42fe7decdf1988f084d9713611e3a95dc1b508a8ba312bc6dd568aef7e098b1dd7802052e803b2cc24ee78e8459883f8e6ee9430c6f9241cacf629512d46e0b0e465295ab380db271b3a0d840351131ab5e5660d55f42a1536930b1e92414b301165f1ac2bba41d98ce9994b9a32ad558506398a0b2c90fb11e571e5ae7b6f2c497d80c8124aa0656c32e5b85430a7ec4e12e1cc47c9091b73e7220c83cb77723726811a814511dc9a875d3c03857cc05da5c7f24d11fbe1c4983e68e722fd51cfbda834570c97b8bfbe5990a67176f28911e8c862b6e6667186ce42a8b7e67c525a4369ad74b207518cc40ddd4f793fb877be01c1da153e5f800b635104c7f6c8df3319dfe71034e965f96ef19c2d304b5d9065d18ecf74b3ebe5638a65b1aa89cb64875a555104a3aa853ee6852d71fa5defa8872fa77d5201ed0810c4381011dac548eeeb4d83710341de65883daf3fa49b914b8f509d1658c44804ba607fb7cb51c5f1d10e1833cc78e90106939de430087f874c81d0c804e17402d751d568a96659f2cf937db078760d1e48d3850c7824b3ece3de6e6b3e15054ef5cbd6846ec8abdb6b3ac2445e5accae9d1d461a4b76bd0aecbb50f33a69f0f57e8a951ecdc08654850a3037ce26c5fede8f17449715451ac2b40322de7573d3704a52d037106a0af95e35300dd2e33a435d74c5edca8f98f227b3607a79608b335327c153f4d2bfe75a682ab5ad61b5a4d01dc1d10a010ee60bb296cdfd34e227848831b4b4f93eb200372ecc34a06b93ce4c7a9c2c024313c126dfd614536dcab3529c885dc299350b55f05b4dba357f61bf4678229c2d1769c4f485396c1532844a691357a780f221246475444313d01a65eec4ff21b4c592e74d4bdb0c47b691967aa6bcc9d0afad76084103672721721c1c0cfd761d6444838ca6336ded0062ca88e7ccc339b87a088db6a5c8e09df66afb7790f4205b32b716fdbd30b4043b7d5593922e78d9917ad7d9b3b6f09f19454f24d736ea593012a7489664edafb7a4acd361ae7733e183cacc2b918762afc974d650a3879fec818fb9ddf5f396f990db115241c92f3634f61a8e5fe62d3e075cc8f2557222242f8ebda9d68138844b8d9b884b959bab83780cff6b5ff35409292ffac424245547b7f4c12f8785063df3782e72147a7de253f435109b5f4beba3b390c058235aed28a0159cd09ef82cc3200be17d9d28282d362c8984e6f87c43d853ef3f5697344a11a88abff4c36a9061b1dafaef36a0fbe8ab88314d2fff15f41eb2e39613d3b8aa1c4d612a48db5d95f4ddffbc83a358f8c8230b570d0024e051f47bd625e4371f50a623db188c63969fb6d1beb463585b418f4d69b3e76d10e1193b4e982c7f6fca6d950a1db6e9db68faed21267f448bfb01167440a6f39aa1af7f1366009ac3cd79a88e409c4bcd72681c87dee192c3fa885f7123dca1094779adf0ac1341e9dbfdf3fa807b64d826ae50a8ef064ea14d0f91205367d540bbb17174fae3227d5d5b9bc970820f63e8c01c7e2e7a659f4085736b79d6ea29b37d7cfa2e53955026bf78afb1b8bcc1b6635e74c3f0da0d02f5bd78a8015bb5ab9cb4cb2d602d2d1c2a840ca28ae3efafaf8b2a6808dbc93d8826bab2c42a07a0ad23490039632290fdc4cd5fd6d3d089c107575137081c683d908334624faa94d2068b61f023b61d0f66a8702a6201b25faaf19888732f30d5230b2b2f04f03a9079f161fbe083faa27fb62ffcd43cacdd78a3e1ef1f92e296ffc1077de9ab374422d17a3880bc2a05b8f5bea125699169f3c287032d4855cfc0cb28afbd1e96a1815d30bac82c90ba1b5053600035c8a389c927a88739e9ac9d831260718ff95faf58e0552cb182702d8eb37c6485fd75740545356b07a185b9e2280f57a26efc13f38d047862574b1133643133e52cf3e8c7e723adad09735ca1cb53a7746b4d8bb22d4bcae5daa61ab64f0363d89762a3490d1e4d1707c867d214de9d75ac0f69d1dc5bd227d21c0bb85cb67dfa223ef3be71eabb44dec9787c7776123b7f52c58df4a4e995905cc48ac2da2fe4aadddea8d240794477ceebdab4bbd453d7820662f1959dd33f8b2d9b204e2bb4c983365114a723edcb65b092eeab4e50d92f64278fda64740a1e48d18f77252edc0d60390e500dc943fef5c759536e0b6f59ee2d05b9fd547cb53e7681800f8d2c6353742f1e10361cafa5436e585d6e4748fede3841e6b2d34c0214917894601f391e8ca386004a1d47842271826483576912ad9e2bc60c6f7b8ffefd8f4c3f12c9516931d6bff3785013390088b78bc889d38db93a8fa21893ad8fbd200b5ab86897821c8373ad7ff4aaa277ee32c683682db539724e233652e2ddfb20ebe0a32f22d25a203f904746c5831229ac6e18dd2e6f4245ce54b2ed346b93c3a256b5fb3d0220f315f0b3538a80845728bbddefe31cb8b4b2f8029bc366c84d1aa81ec0b5be3d433ca2c48c598e35fe99337878e9d84d3e0a25aabb39af83d0250726f12344dcf72db13c62d3a9a7d249ef92d6afe6c8271c80b41f3af7191423a56e7c14f7c2b4a1e7fc0eb266d4b1f0fd86f5216a6b281812a161f12d04ea199122217adc080dff1d7a81efedb0daafecabab3584853159cca2e641a260a77d49e18c681f457dde8478e7f15511d4fbdb235078d08302554db8e9be53d8a3e8b77b39a985ef1c761d79eec7f0e7525b90a1f1088d865c61f9bf9c88dbcfe7de18025f32829d2003080ed8c3c86977a1bd17d45bae11491b898b86ee071298effd6c64ad0345ccadc334b4bfad00636787b71ccffbebe32ba6ff60ce8695de7076c5221db9cc5951f9e238d51d990975029d316300ffe6fdea99724d8993749c15994dec780e3550541c00db81691b8628f39f34931abd2915dfdaf9dc1d1c3104cfecb7b0246030bece6aaa08571a32be6264085f5022aa7f246adedc92f725d0105cde5cb489865341caf20d5d4b1296e6215dd7f219944bed2c43b7721b276e3235acd1cc2092a624ab59803153754019ce1b001ced792c566c278c75d8a16b81a8a173b6113c07b2c5487a8bef497d6aca27a1c0614c57a3a07c4b5881cb82c92310b5a340840201a4e6c02b0cc8a72dc7b6e31a6b112e7c49074df4eb726a34d6c6089d992e5fcb5f050b8ae5dc3decc9622ff059ace4b043b55ab259221b48c2fbae20df624be2fbf69d40409ec8ceb2cf7bb46c2e3edc6a7752a2411811e44ffd3b54d4868e125aab3c54403f219fb7f645b34ae73e597ee8c7829aa52ee18e16df372833989a144712cf97badca6880fb35e740802b8e4cb62dc9294566fc5b453e53d7dc2c1b8cabeb47db55f49b001905b73d0366a32d71ea105b782100027a44425cc2a033b4fd2b92e273f285c78676d6ab104a59a2dbf4a00f50a0846efbb557b439e5bda77e3ea644231ab4420338ff9c6882ef97dc003719cb93da114d27ebcc6138d6b5c59621a01a6b6659b15e9f08c8dd049cfc9fb36767673d84af436bae2261fd92f1d81e71d5a91dc7c8737b4525c33c0e77f9d6acd886509bf768d9e3e113e36c88c91bf2a6aac2f0898489035069db361c68e77025849be1840bb63d293dc0565fae9bd6f9d5ffb1cb00ec10b8e3027135428c7406af47fa885964101584c73a5f8df3adc6474c0a1560f048e764088b41b9170ba6ca9d3917162fced3a0297c715681ab4d6242dbce3a57f0f878f243b64139e1ece9dc51249c3004e4fe3c382bc8f27be4f73e3d827eeb6c2589947fb09ba5f701bb8f343163505f51ef54b62afb3c55b793cbab9a694c227efab1aeadac76dd5a33f97007051665974973d592324284bf1d9b5bc6fbde7e73d578ee11fb599d542b57da8aa1f1440a05f5831d4b307c73ad081fd332c08378bd7c9e00cb3e9be98f47fa6933bda22f2971a540c853f07bc3031860f490c5ec54e4da9c3210bdd5ccbbead9788b4284ece671153d2359b5d7ebb1934fbc97ffda14be9f0f35d3020262bca8b71184adbb2d21af2bd81f8d8d4fffed0cab777e7fffde4b6d31fd7550d676922dcd29fed269beea8d18f5bbe510643375b0af3f18d3c0754566bd204b197e94f7403550bb1dbc180b04648f4773df4ffac39d4315145625f5b7c750b3b61e99b4ba24d1d152506029d3905c09e9e0b30eb986231dfc2fe90cc4f61f01fe10fe693911a5a68b85e4caaa4538afd55ded196a0cdc5e804919fe279e2bb513f0092e4787bff2a912aef91d605e3ccc4923ea396a280e4b111b33945a98b700bd8de0da61ed230fa01bf4610e6b833035d30be4d1c59215dc7c06527ab25975a974716fee93cc8d838579177a4e34503bf1168cf471aeee2d347bf08a41308e1786d19d100520d59bd53ed4d7b6f91be8cee77ccf382783219bdb98ca97fde544a580f7e5e6715c7f7f7f21e3fcff1b86e460dba605ebc432b11ee387d0ac82eb436db41e302f1a196edaa4b19f440e0695717c0e99497e6d7e86dda5ce3f43b1f23e1ba8b41869cdd071dc85c3681c3484420c7b5092e2176eb561ed1e20a7e10174f572c1f7c731a739379de6c5782a17fa1a06547ef98f5c3d04dc958137c67d6b8ab128503435f64e3c4da339691c8099409c75f2c7845575bb30a3e34995487013da924c136a6de5cc701f5c5851658a1fc4f6227d5fa845050900b995adb21ba986742d555286c2ad597d504dbbe1d344aa89e32251eb095188097109e43075b173d0610d393cac712fad7b129ce6f25785f21ca573ece2f6d19660510bec6c6834c518fb38267f43ecb7afe93cd9058057803f91dcc9d417bf44485abcd1a8184ac6f3c006a4d22427981cad9b41b0393776459b8f3a46f0643037d0c179cd50361de6b6cda38a7d2b33bc32d91d7383fd7bf528fa96f2e92b32a7fc6e021116106a900f064383d0909eb0a16d2bbf902f49de53c7701a1166f303f882fcea71729a31737046dd95a40e89b29f686841f50e388a10d8c042ebafd233301c55745fb6691a1b104583a754ea1103f6b75896035fc6148ec5c61f664b315954d108934424463f30d86bac7a624eaadd0f5761a45bc55f6da19a1f25d3e73aab0d67f4713e4c9e77eb74cc3ac9a2e40987baad2ed9052e0efdfff08492807fa0845958cef9b462a36d77c109fdc4b880b6148928d7d644a030cf87b51592b12a3f364d5c6c11a292b2c8e53e38935d6b5e7a0e47756d743d61359e4f5a430cfe397d6b27e279678565b05563de0f5bf0e489fc1e1a252bef6685af13e74c051cca5f7e5664b79e5d826780e96c3e9371f9f574f8288e8d37911bc368d916e1894d7d4413c0dab3d7c4211a5e469b4869c8f0d09c852fa65de6a83661564ba7df0a3f4a67fd0735949f7a36f600d3124fb1dee9aefff5c0f48079c5e75322121c6feff7458b82c78e591738772a5f7d2d996a08653a5d8b224a3e61f19b16b6b337863818f14fb9d44bfdfd7fda3c731aff603bd7f06b60a23425af68e3b493c4726c2af201a0c552df8e218843f7dfe206ce4f6ef263b2cc5343ae6d0ce7da5c43ca5b999acfcacfce86d9969f2fa43fc99231cbf39093c749f27b6cf2182c1c0abddded752a2f4bb3398b166cff91e8f54357df979a3419e3dc39a96c13b5a1273a4eb96feef7ddaab5d8de176357e1f4aba35ab1318937f01dac1620daf99c3aa748cc85eacfefdceddbe9d89b4ddc953cf2d8053a7ccea267a33d89cdc6aafa3dc8910a59956a0764ef7ed6868c247d6f4f88e8db5ee454ca62fd034e619e7b971e8336e16f95fb6342b7dd5c60ca3d65ee55b0dbec713c47d00f4155c394bb318c9e25831ad7b8e642cf8319238241c6da7cc4aaf03ed84d4fe95a92778aa04f2a6116dc8f0821e78e42e44354362fd35f3f98fdec11a361e3d9f61ee5e0b398eef5add9588b2ffddc6188ea926e760cb4a0894953113a63085abaadf29839dd2c26b37319e46edf608f2da65f016ec7e5017e4c2c59666900b78fcb623a2e401b1cff11da13f90350169b04a7e3e7a2260c6c5f62a3bbb77d1e8abc3da0b2c10211698ae3129e7fc91f4e48ff7a6a8eb14665a11c7f0928d96e49bef5a67df237c85d5e369f7cf0171761b4d772f104c888690a90a903563814de60a70aea093904072bae7bebd4d7e3e6d2db9687256c0772be948d84e5471be844705645a0aa29f4dcbd444ba70050a4e4f5b80a918538a3f16b610e9ebfe31f085fbd6f4817f9843c8d4352248422045ef38826fd28ffe4358c1c35d6c63a290b7aed118edf650a0a8b9a221fd4f462da8ffe9d0a4c9caf4840ed2211840e67bd740899183890032e30268f2c95ece54e61993df09714470980816ffc96a59d2102be9e7de1e694ba7f5c4108c549161072d18ee82e77832ffdc04df81408648d9f1c25a4360f9784fd89a67edd84c3c03f54489706cd127e035e1c129280bf24c014d7ed11d502deb4995c9d6d91942f3412adb0b51fc612c7328b8824bdc727f1d1779f48ce06ea2575f1cb3b8eb4d7eb4b74926bd1b7eb4029d5f9b20474b74ba1aa46034dc89155e78f8bd8bfb70c4fd455fbd6649d36f54adb32a85ed69d81552ddf2e2878f85120b57279c6ebb62263989ca03cf2896f6bfc2ea76d9f75be810d8599b59677d9e389deff3e0c31aabd2ab2e2f31ca05799a6b05e69ea654f48b48bf28e01c88870649c6188rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootselinux-policy-3.10.0-171.fc17.src.rpmselinux-policy-doc    /usr/bin/xdg-openrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)selinux-policyrpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-13.10.0-171.fc175.2-14.9.1.3Q5QyQ]k@Q5@QPrP @PP@P7@P@P6@P@P@PP~P}L@PtPqnPnPd?P`K@PWP@NNU@NNl@N@N@NåN@NNNN@N%@N%@NN@NGNGNGN@N@NNS@NS@N^N^N @N @NNj@Nj@NN$@NN@N/N@N@NFNFNNNN]N]N]N]Ni@Ni@Ni@N|tNx@Nx@Ns:@NoENoENiNf @N^"@N\N[@NTNS@NS@NC@NBrN:N98@N7N6@N2N.@N*N)f@N(N%qN$ @N@N7@N e@NpNpM@M@Md@Md@MM{@M@M۝Mc@M@M‘@M@M@M@My@My@M3@M@M@MMM@MMMMTMx@Mx@Mv@MlMbSM[@MRMQ0@MQ0@MJMGMGMA^@M>@M9u@M6@M5M4/@M4/@M0:M,F@M$]@M@M9MMMMM\@M M M@L!L!L@LL8L@L@LOLOL[@L@L@Lr@L L,@L,@Lډ@L7LLLNL@LΫLeL|L@LB@LB@LB@L@LMLL@LdLL{L*@L@L5LLA@L@LLL@LcLzLzLzLzL)@L|L|L{@L{@LvW@LvW@Ls@Ls@LrbLrbLk@LjyLjyLe3Lc@La?@LZLYV@LXLN@LN@LMxLMxLI@LH2LF@LEL=L=L=L;L7@L LT@L@LL@L@L0LLGL@K^K^KKKj@K$@KKK@K@K@K@K]K޺K@KtK#@KKՀ@K:@KK͗@KŮ@K\K\K @KKKKK9@KK@KK@K@KKKKrKK~@K,K,K,K@KK8@KKK@K@KqKqKqK}+K{@K{@KuBKs@KqN@KjKie@Kf@K`*K`*K]KXAKTM@KPXKEKEKEKD{@KC)KA@K;@K2@K0K/c@K+nK*@K(K"4@KK>K>K>JJęJH@JH@JJJ_@JjJjJjJ@Jv@Jv@Jv@Jv@J$J$JJ0@J@J@JG@JG@J@JJ@J@J@JJJ#J@JJJ@J:J@JJQJ@J J J|@JzJyt@Jyt@Jx"JrJrJq@Jn@Jn@JmJf@Jd\@J\s@JW-@JT@JS8JKOJI@JCfJCfJB@J@J@J?r@J<@J;}J:,@J7@J67J2C@J0J/@J,@J%@JJB@JJMJ J dJ@J@J@J@J*@J*@II@IIA@IIII@I@IIIX@IX@IX@II@I@IcIIo@Io@IzI)@I@I@@I@@II@I@I@IԨIд@I̿In@I3I3I@II@I@IV@IIaIm@Im@I@I'@II2III@IIIIIIII@III@I1I@III~@I}Iy@Ix_Iw@IuItk@Itk@Io%@Ik0IeIcGIa@I`IVIO@IJ;@IHIAI>]I= @I7@I6tI3IIIIIIII IP@I@IIg@Ig@HHH@HrH~@H,H@HCHHH @H @Hf@Hf@H@H+H@H׈H׈H7@HBH@HǶH@HH|@HHH@H{@H)HHL@H@H@H@H@H}H|@Ht@HsVHr@Hl@HkmHgy@HcH`H_@H^>HQHQHQHO@HFHFH$@DX@DU@DN@DN@DLDH@DGwDGwDDD@@D?D?D;@D;@D:HD:HD2_D1@D1@D+@D+@D+@D'D!<@D!<@D!<@DDD@D@D@DDDDDD@D@D@D@D uD $@D D @D @DDDFC@C@C@C@CR@CR@CR@CR@CR@CCCCC@Ci@CC@C@CtC@C@CC:@CECCC @C @CعCعCعCعCC@C-C-C-C@C@CCǖ@C@CáCáCP@CP@C@C[C @CCg@Cg@CCC!@C~@C,C@CCCCC@CC@C@C@CZCZC @C @CCCf@Cf@Cf@C@CqC @C @C @C @C @CCC}@C7@C7@C7@CBCBCYCCCC}@CqCqMiroslav Grepl 3.10.0-171Miroslav Grepl 3.10.0-170Miroslav Grepl 3.10.0-169Miroslav Grepl 3.10.0-168Miroslav Grepl 3.10.0-167Miroslav Grepl 3.10.0-166Miroslav Grepl 3.10.0-165Miroslav Grepl 3.10.0-164Miroslav Grepl 3.10.0-163Miroslav Grepl 3.10.0-162Miroslav Grepl 3.10.0-161Miroslav Grepl 3.10.0-160Miroslav Grepl 3.10.0-159Miroslav Grepl 3.10.0-158Miroslav Grepl 3.10.0-157Miroslav Grepl 3.10.0-156Miroslav Grepl 3.10.0-155Miroslav Grepl 3.10.0-154Miroslav Grepl 3.10.0-153Miroslav Grepl 3.10.0-152Miroslav Grepl 3.10.0-151Miroslav Grepl 3.10.0-150Miroslav Grepl 3.10.0-149Miroslav Grepl 3.10.0-148Miroslav Grepl 3.10.0-147Miroslav Grepl 3.10.0-146Miroslav Grepl 3.10.0-145Miroslav Grepl 3.10.0-144Miroslav Grepl 3.10.0-143Miroslav Grepl 3.10.0-142Miroslav Grepl 3.10.0-141Miroslav Grepl 3.10.0-140Miroslav Grepl 3.10.0-139Miroslav Grepl 3.10.0-138Miroslav Grepl 3.10.0-137Miroslav Grepl 3.10.0-136Miroslav Grepl 3.10.0-135Miroslav Grepl 3.10.0-134Miroslav Grepl 3.10.0-133Miroslav Grepl 3.10.0-132Miroslav Grepl 3.10.0-131Miroslav Grepl 3.10.0-130Miroslav Grepl 3.10.0-129Miroslav Grepl 3.10.0-128Miroslav Grepl 3.10.0-127Miroslav Grepl 3.10.0-126Miroslav Grepl 3.10.0-125Miroslav Grepl 3.10.0-124Miroslav Grepl 3.10.0-123Miroslav Grepl 3.10.0-122Miroslav Grepl 3.10.0-121Miroslav Grepl 3.10.0-120Miroslav Grepl 3.10.0-119Miroslav Grepl 3.10.0-118Miroslav Grepl 3.10.0-117Miroslav Grepl 3.10.0-116Miroslav Grepl 3.10.0-115Miroslav Grepl 3.10.0-114Miroslav Grepl 3.10.0-113Miroslav Grepl 3.10.0-112Miroslav Grepl 3.10.0-111Miroslav Grepl 3.10.0-110Miroslav Grepl 3.10.0-109Miroslav Grepl 3.10.0-108Miroslav Grepl 3.10.0-107Miroslav Grepl 3.10.0-106Miroslav Grepl 3.10.0-105Miroslav Grepl 3.10.0-104Miroslav Grepl 3.10.0-103Miroslav Grepl 3.10.0-102Miroslav Grepl 3.10.0-101Miroslav Grepl 3.10.0-100Miroslav Grepl 3.10.0-99Miroslav Grepl 3.10.0-98Miroslav Grepl 3.10.0-97Miroslav Grepl 3.10.0-96Miroslav Grepl 3.10.0-95Miroslav Grepl 3.10.0-94Miroslav Grepl 3.10.0-93Miroslav Grepl 3.10.0-92Miroslav Grepl 3.10.0-91Miroslav Grepl 3.10.0-90Miroslav Grepl 3.10.0-89Miroslav Grepl 3.10.0-88Miroslav Grepl 3.10.0-87Miroslav Grepl 3.10.0-86Miroslav Grepl 3.10.0-85Miroslav Grepl 3.10.0-84Miroslav Grepl 3.10.0-83Miroslav Grepl 3.10.0-82Dan Walsh 3.10.0-81.2Miroslav Grepl 3.10.0-81Miroslav Grepl 3.10.0-80Miroslav Grepl 3.10.0-79Miroslav Grepl 3.10.0-78Miroslav Grepl 3.10.0-77Miroslav Grepl 3.10.0-76Miroslav Grepl 3.10.0-75Dan Walsh 3.10.0-74.2Miroslav Grepl 3.10.0-74Miroslav Grepl 3.10.0-73Miroslav Grepl 3.10.0-72Miroslav Grepl 3.10.0-71Miroslav Grepl 3.10.0-70Miroslav Grepl 3.10.0-69Miroslav Grepl 3.10.0-68Miroslav Grepl 3.10.0-67Miroslav Grepl 3.10.0-66Miroslav Grepl 3.10.0-65Miroslav Grepl 3.10.0-64Miroslav Grepl 3.10.0-63Miroslav Grepl 3.10.0-59Miroslav Grepl 3.10.0-58Dan Walsh 3.10.0-57Dan Walsh 3.10.0-56Dan Walsh 3.10.0-55.2Dan Walsh 3.10.0-55.1Miroslav Grepl 3.10.0-55Dan Walsh 3.10.0-54.1Miroslav Grepl 3.10.0-54Dan Walsh 3.10.0-53.1Miroslav Grepl 3.10.0-53Miroslav Grepl 3.10.0-52Miroslav Grepl 3.10.0-51Dan Walsh 3.10.0-50.2Dan Walsh 3.10.0-50.1Miroslav Grepl 3.10.0-50Miroslav Grepl 3.10.0-49Miroslav Grepl 3.10.0-48Miroslav Grepl 3.10.0-47Dan Walsh 3.10.0-46.1Miroslav Grepl 3.10.0-46Dan Walsh 3.10.0-45.1Miroslav Grepl 3.10.0-45Miroslav Grepl 3.10.0-43Miroslav Grepl 3.10.0-42Miroslav Grepl 3.10.0-41Dan Walsh 3.10.0-40.2Miroslav Grepl 3.10.0-40Dan Walsh 3.10.0-39.3Dan Walsh 3.10.0-39.2Dan Walsh 3.10.0-39.1Miroslav Grepl 3.10.0-39Dan Walsh 3.10.0-38.1Miroslav Grepl 3.10.0-38Miroslav Grepl 3.10.0-37Dan Walsh 3.10.0-36.1Miroslav Grepl 3.10.0-36Dan Walsh 3.10.0-35Dan Walsh 3.10.0-34.7Dan Walsh 3.10.0-34.6Dan Walsh 3.10.0-34.4Miroslav Grepl 3.10.0-34.3Dan Walsh 3.10.0-34.2Dan Walsh 3.10.0-34.1Miroslav Grepl 3.10.0-34Miroslav Grepl 3.10.0-33Dan Walsh 3.10.0-31.1Miroslav Grepl 3.10.0-31Miroslav Grepl 3.10.0-29Miroslav Grepl 3.10.0-28Miroslav Grepl 3.10.0-27Miroslav Grepl 3.10.0-26Miroslav Grepl 3.10.0-25Miroslav Grepl 3.10.0-24Miroslav Grepl 3.10.0-23Miroslav Grepl 3.10.0-22Miroslav Grepl 3.10.0-21Dan Walsh 3.10.0-20Miroslav Grepl 3.10.0-19Miroslav Grepl 3.10.0-18Miroslav Grepl 3.10.0-17Miroslav Grepl 3.10.0-16Miroslav Grepl 3.10.0-14Miroslav Grepl 3.10.0-13Miroslav Grepl 3.10.0-12Miroslav Grepl 3.10.0-11Miroslav Grepl 3.10.0-10Miroslav Grepl 3.10.0-9Miroslav Grepl 3.10.0-8Miroslav Grepl 3.10.0-7Miroslav Grepl 3.10.0-6Miroslav Grepl 3.10.0-5Miroslav Grepl 3.10.0-4Miroslav Grepl 3.10.0-3Miroslav Grepl 3.10.0-2Miroslav Grepl 3.10.0-1Miroslav Grepl 3.9.16-30Dan Walsh 3.9.16-29.1Miroslav Grepl 3.9.16-29Dan Walsh 3.9.16-28.1Miroslav Grepl 3.9.16-27Miroslav Grepl 3.9.16-26Miroslav Grepl 3.9.16-25Miroslav Grepl 3.9.16-24Miroslav Grepl 3.9.16-23Miroslav Grepl 3.9.16-22Miroslav Grepl 3.9.16-21Miroslav Grepl 3.9.16-20Miroslav Grepl 3.9.16-19Miroslav Grepl 3.9.16-18Miroslav Grepl 3.9.16-17Dan Walsh 3.9.16-16.1Miroslav Grepl 3.9.16-16Miroslav Grepl 3.9.16-15Miroslav Grepl 3.9.16-14Miroslav Grepl 3.9.16-13Miroslav Grepl 3.9.16-12Miroslav Grepl 3.9.16-11Miroslav Grepl 3.9.16-10Miroslav Grepl 3.9.16-7Miroslav Grepl 3.9.16-6Miroslav Grepl 3.9.16-5Miroslav Grepl 3.9.16-4Miroslav Grepl 3.9.16-3Miroslav Grepl 3.9.16-2Miroslav Grepl 3.9.16-1Miroslav Grepl 3.9.15-5Miroslav Grepl 3.9.15-2Miroslav Grepl 3.9.15-1Fedora Release Engineering - 3.9.14-2Dan Walsh 3.9.14-1Miroslav Grepl 3.9.13-10Miroslav Grepl 3.9.13-9Dan Walsh 3.9.13-8Miroslav Grepl 3.9.13-7Miroslav Grepl 3.9.13-6Miroslav Grepl 3.9.13-5Miroslav Grepl 3.9.13-4Miroslav Grepl 3.9.13-3Miroslav Grepl 3.9.13-2Miroslav Grepl 3.9.13-1Miroslav Grepl 3.9.12-8Miroslav Grepl 3.9.12-7Miroslav Grepl 3.9.12-6Miroslav Grepl 3.9.12-5Dan Walsh 3.9.12-4Dan Walsh 3.9.12-3Dan Walsh 3.9.12-2Miroslav Grepl 3.9.12-1Dan Walsh 3.9.11-2Miroslav Grepl 3.9.11-1Miroslav Grepl 3.9.10-13Dan Walsh 3.9.10-12Miroslav Grepl 3.9.10-11Miroslav Grepl 3.9.10-10Miroslav Grepl 3.9.10-9Miroslav Grepl 3.9.10-8Miroslav Grepl 3.9.10-7Miroslav Grepl 3.9.10-6Miroslav Grepl 3.9.10-5Dan Walsh 3.9.10-4Miroslav Grepl 3.9.10-3Miroslav Grepl 3.9.10-2Miroslav Grepl 3.9.10-1Miroslav Grepl 3.9.9-4Dan Walsh 3.9.9-3Miroslav Grepl 3.9.9-2Miroslav Grepl 3.9.9-1Miroslav Grepl 3.9.8-7Dan Walsh 3.9.8-6Miroslav Grepl 3.9.8-5Miroslav Grepl 3.9.8-4Dan Walsh 3.9.8-3Dan Walsh 3.9.8-2Dan Walsh 3.9.8-1Dan Walsh 3.9.7-10Dan Walsh 3.9.7-9Dan Walsh 3.9.7-8Dan Walsh 3.9.7-7Dan Walsh 3.9.7-6Dan Walsh 3.9.7-5Dan Walsh 3.9.7-4Dan Walsh 3.9.7-3Dan Walsh 3.9.7-2Dan Walsh 3.9.7-1Dan Walsh 3.9.6-3Dan Walsh 3.9.6-2Dan Walsh 3.9.6-1Dan Walsh 3.9.5-11Dan Walsh 3.9.5-10Dan Walsh 3.9.5-9Dan Walsh 3.9.5-8Dan Walsh 3.9.5-7Dan Walsh 3.9.5-6Dan Walsh 3.9.5-5Dan Walsh 3.9.5-4Dan Walsh 3.9.5-3Dan Walsh 3.9.5-2Dan Walsh 3.9.5-1Dan Walsh 3.9.4-3Dan Walsh 3.9.4-2Dan Walsh 3.9.4-1Dan Walsh 3.9.3-4Dan Walsh 3.9.3-3Dan Walsh 3.9.3-2Dan Walsh 3.9.3-1Dan Walsh 3.9.2-1Dan Walsh 3.9.1-3Dan Walsh 3.9.1-2Dan Walsh 3.9.1-1Dan Walsh 3.9.0-2Dan Walsh 3.9.0-1Dan Walsh 3.8.8-21Dan Walsh 3.8.8-20Dan Walsh 3.8.8-19Dan Walsh 3.8.8-18Dan Walsh 3.8.8-17Dan Walsh 3.8.8-16Dan Walsh 3.8.8-15Dan Walsh 3.8.8-14Dan Walsh 3.8.8-13Dan Walsh 3.8.8-12Dan Walsh 3.8.8-11Dan Walsh 3.8.8-10Dan Walsh 3.8.8-9Dan Walsh 3.8.8-8Dan Walsh 3.8.8-7Dan Walsh 3.8.8-6Dan Walsh 3.8.8-5Dan Walsh 3.8.8-4Dan Walsh 3.8.8-3Dan Walsh 3.8.8-2Dan Walsh 3.8.8-1Dan Walsh 3.8.7-3Dan Walsh 3.8.7-2Dan Walsh 3.8.7-1Dan Walsh 3.8.6-3Miroslav Grepl 3.8.6-2Dan Walsh 3.8.6-1Dan Walsh 3.8.5-1Dan Walsh 3.8.4-1Dan Walsh 3.8.3-4Dan Walsh 3.8.3-3Dan Walsh 3.8.3-2Dan Walsh 3.8.3-1Dan Walsh 3.8.2-1Dan Walsh 3.8.1-5Dan Walsh 3.8.1-4Dan Walsh 3.8.1-3Dan Walsh 3.8.1-2Dan Walsh 3.8.1-1Dan Walsh 3.7.19-22Dan Walsh 3.7.19-21Dan Walsh 3.7.19-20Dan Walsh 3.7.19-19Dan Walsh 3.7.19-17Dan Walsh 3.7.19-16Dan Walsh 3.7.19-15Dan Walsh 3.7.19-14Dan Walsh 3.7.19-13Dan Walsh 3.7.19-12Dan Walsh 3.7.19-11Dan Walsh 3.7.19-10Dan Walsh 3.7.19-9Dan Walsh 3.7.19-8Dan Walsh 3.7.19-7Dan Walsh 3.7.19-6Dan Walsh 3.7.19-5Dan Walsh 3.7.19-4Dan Walsh 3.7.19-3Dan Walsh 3.7.19-2Dan Walsh 3.7.19-1Dan Walsh 3.7.18-3Dan Walsh 3.7.18-2Dan Walsh 3.7.18-1Dan Walsh 3.7.17-6Dan Walsh 3.7.17-5Dan Walsh 3.7.17-4Dan Walsh 3.7.17-3Dan Walsh 3.7.17-2Dan Walsh 3.7.17-1Dan Walsh 3.7.16-2Dan Walsh 3.7.16-1Dan Walsh 3.7.15-4Dan Walsh 3.7.15-3Dan Walsh 3.7.15-2Dan Walsh 3.7.15-1Dan Walsh 3.7.14-5Dan Walsh 3.7.14-4Dan Walsh 3.7.14-3Dan Walsh 3.7.14-2Dan Walsh 3.7.14-1Dan Walsh 3.7.13-4Dan Walsh 3.7.13-3Dan Walsh 3.7.13-2Dan Walsh 3.7.13-1Dan Walsh 3.7.12-1Dan Walsh 3.7.11-1Dan Walsh 3.7.10-5Dan Walsh 3.7.10-4Dan Walsh 3.7.10-3Dan Walsh 3.7.10-2Dan Walsh 3.7.10-1Dan Walsh 3.7.9-4Dan Walsh 3.7.9-3Dan Walsh 3.7.9-2Dan Walsh 3.7.9-1Dan Walsh 3.7.8-11Dan Walsh 3.7.8-9Dan Walsh 3.7.8-8Dan Walsh 3.7.8-7Dan Walsh 3.7.8-6Dan Walsh 3.7.8-5Dan Walsh 3.7.8-4Dan Walsh 3.7.8-3Dan Walsh 3.7.8-2Dan Walsh 3.7.8-1Dan Walsh 3.7.7-3Dan Walsh 3.7.7-2Dan Walsh 3.7.7-1Dan Walsh 3.7.6-1Dan Walsh 3.7.5-8Dan Walsh 3.7.5-7Dan Walsh 3.7.5-6Dan Walsh 3.7.5-5Dan Walsh 3.7.5-4Dan Walsh 3.7.5-3Dan Walsh 3.7.5-2Dan Walsh 3.7.5-1Dan Walsh 3.7.4-4Dan Walsh 3.7.4-3Dan Walsh 3.7.4-2Dan Walsh 3.7.4-1Dan Walsh 3.7.3-1Dan Walsh 3.7.1-1Dan Walsh 3.6.33-2Dan Walsh 3.6.33-1Dan Walsh 3.6.32-17Dan Walsh 3.6.32-16Dan Walsh 3.6.32-15Dan Walsh 3.6.32-13Dan Walsh 3.6.32-12Dan Walsh 3.6.32-11Dan Walsh 3.6.32-10Dan Walsh 3.6.32-9Dan Walsh 3.6.32-8Dan Walsh 3.6.32-7Dan Walsh 3.6.32-6Dan Walsh 3.6.32-5Dan Walsh 3.6.32-4Dan Walsh 3.6.32-3Dan Walsh 3.6.32-2Dan Walsh 3.6.32-1Dan Walsh 3.6.31-5Dan Walsh 3.6.31-4Dan Walsh 3.6.31-3Dan Walsh 3.6.31-2Dan Walsh 3.6.30-6Dan Walsh 3.6.30-5Dan Walsh 3.6.30-4Dan Walsh 3.6.30-3Dan Walsh 3.6.30-2Dan Walsh 3.6.30-1Dan Walsh 3.6.29-2Dan Walsh 3.6.29-1Dan Walsh 3.6.28-9Dan Walsh 3.6.28-8Dan Walsh 3.6.28-7Dan Walsh 3.6.28-6Dan Walsh 3.6.28-5Dan Walsh 3.6.28-4Dan Walsh 3.6.28-3Dan Walsh 3.6.28-2Dan Walsh 3.6.28-1Dan Walsh 3.6.27-1Dan Walsh 3.6.26-11Dan Walsh 3.6.26-10Dan Walsh 3.6.26-9Bill Nottingham 3.6.26-8Dan Walsh 3.6.26-7Dan Walsh 3.6.26-6Dan Walsh 3.6.26-5Dan Walsh 3.6.26-4Dan Walsh 3.6.26-3Dan Walsh 3.6.26-2Dan Walsh 3.6.26-1Dan Walsh 3.6.25-1Dan Walsh 3.6.24-1Dan Walsh 3.6.23-2Dan Walsh 3.6.23-1Dan Walsh 3.6.22-3Dan Walsh 3.6.22-1Dan Walsh 3.6.21-4Dan Walsh 3.6.21-3Tom "spot" Callaway 3.6.21-2Dan Walsh 3.6.21-1Dan Walsh 3.6.20-2Dan Walsh 3.6.20-1Dan Walsh 3.6.19-5Dan Walsh 3.6.19-4Dan Walsh 3.6.19-3Dan Walsh 3.6.19-2Dan Walsh 3.6.19-1Dan Walsh 3.6.18-1Dan Walsh 3.6.17-1Dan Walsh 3.6.16-4Dan Walsh 3.6.16-3Dan Walsh 3.6.16-2Dan Walsh 3.6.16-1Dan Walsh 3.6.14-3Dan Walsh 3.6.14-2Dan Walsh 3.6.14-1Dan Walsh 3.6.13-3Dan Walsh 3.6.13-2Dan Walsh 3.6.13-1Dan Walsh 3.6.12-39Dan Walsh 3.6.12-38Dan Walsh 3.6.12-37Dan Walsh 3.6.12-36Dan Walsh 3.6.12-35Dan Walsh 3.6.12-34Dan Walsh 3.6.12-33Dan Walsh 3.6.12-31Dan Walsh 3.6.12-30Dan Walsh 3.6.12-29Dan Walsh 3.6.12-28Dan Walsh 3.6.12-27Dan Walsh 3.6.12-26Dan Walsh 3.6.12-25Dan Walsh 3.6.12-24Dan Walsh 3.6.12-23Dan Walsh 3.6.12-22Dan Walsh 3.6.12-21Dan Walsh 3.6.12-20Dan Walsh 3.6.12-19Dan Walsh 3.6.12-16Dan Walsh 3.6.12-15Dan Walsh 3.6.12-14Dan Walsh 3.6.12-13Dan Walsh 3.6.12-12Dan Walsh 3.6.12-11Dan Walsh 3.6.12-10Dan Walsh 3.6.12-9Dan Walsh 3.6.12-8Dan Walsh 3.6.12-7Dan Walsh 3.6.12-6Dan Walsh 3.6.12-5Dan Walsh 3.6.12-4Dan Walsh 3.6.12-3Dan Walsh 3.6.12-2Dan Walsh 3.6.12-1Dan Walsh 3.6.11-1Dan Walsh 3.6.10-9Dan Walsh 3.6.10-8Dan Walsh 3.6.10-7Dan Walsh 3.6.10-6Dan Walsh 3.6.10-5Dan Walsh 3.6.10-4Dan Walsh 3.6.10-3Dan Walsh 3.6.10-2Dan Walsh 3.6.10-1Dan Walsh 3.6.9-4Dan Walsh 3.6.9-3Dan Walsh 3.6.9-2Dan Walsh 3.6.9-1Dan Walsh 3.6.8-4Dan Walsh 3.6.8-3Dan Walsh 3.6.8-2Dan Walsh 3.6.8-1Dan Walsh 3.6.7-2Dan Walsh 3.6.7-1Dan Walsh 3.6.6-9Dan Walsh 3.6.6-8Fedora Release Engineering - 3.6.6-7Dan Walsh 3.6.6-6Dan Walsh 3.6.6-5Dan Walsh 3.6.6-4Dan Walsh 3.6.6-3Dan Walsh 3.6.6-2Dan Walsh 3.6.6-1Dan Walsh 3.6.5-3Dan Walsh 3.6.5-1Dan Walsh 3.6.4-6Dan Walsh 3.6.4-5Dan Walsh 3.6.4-4Dan Walsh 3.6.4-3Dan Walsh 3.6.4-2Dan Walsh 3.6.4-1Dan Walsh 3.6.3-13Dan Walsh 3.6.3-12Dan Walsh 3.6.3-11Dan Walsh 3.6.3-10Dan Walsh 3.6.3-9Dan Walsh 3.6.3-8Dan Walsh 3.6.3-7Dan Walsh 3.6.3-6Dan Walsh 3.6.3-3Dan Walsh 3.6.3-2Dan Walsh 3.6.3-1Dan Walsh 3.6.2-5Dan Walsh 3.6.2-4Dan Walsh 3.6.2-3Dan Walsh 3.6.2-2Dan Walsh 3.6.2-1Dan Walsh 3.6.1-15Dan Walsh 3.6.1-14Dan Walsh 3.6.1-13Dan Walsh 3.6.1-12Dan Walsh 3.6.1-11Dan Walsh 3.6.1-10Dan Walsh 3.6.1-9Dan Walsh 3.6.1-8Dan Walsh 3.6.1-7Dan Walsh 3.6.1-4Ignacio Vazquez-Abrams - 3.6.1-2Dan Walsh 3.5.13-19Dan Walsh 3.5.13-18Dan Walsh 3.5.13-17Dan Walsh 3.5.13-16Dan Walsh 3.5.13-15Dan Walsh 3.5.13-14Dan Walsh 3.5.13-13Dan Walsh 3.5.13-12Dan Walsh 3.5.13-11Dan Walsh 3.5.13-9Dan Walsh 3.5.13-8Dan Walsh 3.5.13-7Dan Walsh 3.5.13-6Dan Walsh 3.5.13-5Dan Walsh 3.5.13-4Dan Walsh 3.5.13-3Dan Walsh 3.5.13-2Dan Walsh 3.5.13-1Dan Walsh 3.5.12-3Dan Walsh 3.5.12-2Dan Walsh 3.5.12-1Dan Walsh 3.5.11-1Dan Walsh 3.5.10-3Dan Walsh 3.5.10-2Dan Walsh 3.5.10-1Dan Walsh 3.5.9-4Dan Walsh 3.5.9-3Dan Walsh 3.5.9-2Dan Walsh 3.5.9-1Dan Walsh 3.5.8-7Dan Walsh 3.5.8-6Dan Walsh 3.5.8-5Dan Walsh 3.5.8-4Dan Walsh 3.5.8-3Dan Walsh 3.5.8-1Dan Walsh 3.5.7-2Dan Walsh 3.5.7-1Dan Walsh 3.5.6-2Dan Walsh 3.5.6-1Dan Walsh 3.5.5-4Dan Walsh 3.5.5-3Dan Walsh 3.5.5-2Dan Walsh 3.5.4-2Dan Walsh 3.5.4-1Dan Walsh 3.5.3-1Dan Walsh 3.5.2-2Dan Walsh 3.5.1-5Dan Walsh 3.5.1-4Dan Walsh 3.5.1-3Dan Walsh 3.5.1-2Dan Walsh 3.5.1-1Dan Walsh 3.5.0-1Dan Walsh 3.4.2-14Dan Walsh 3.4.2-13Dan Walsh 3.4.2-12Dan Walsh 3.4.2-11Dan Walsh 3.4.2-10Dan Walsh 3.4.2-9Dan Walsh 3.4.2-8Dan Walsh 3.4.2-7Dan Walsh 3.4.2-6Dan Walsh 3.4.2-5Dan Walsh 3.4.2-4Dan Walsh 3.4.2-3Dan Walsh 3.4.2-2Dan Walsh 3.4.2-1Dan Walsh 3.4.1-5Dan Walsh 3.4.1-3Dan Walsh 3.4.1-2Dan Walsh 3.4.1-1Dan Walsh 3.3.1-48Dan Walsh 3.3.1-47Dan Walsh 3.3.1-46Dan Walsh 3.3.1-45Dan Walsh 3.3.1-44Dan Walsh 3.3.1-43Dan Walsh 3.3.1-42Dan Walsh 3.3.1-41Dan Walsh 3.3.1-39Dan Walsh 3.3.1-37Dan Walsh 3.3.1-36Dan Walsh 3.3.1-33Dan Walsh 3.3.1-32Dan Walsh 3.3.1-31Dan Walsh 3.3.1-30Dan Walsh 3.3.1-29Dan Walsh 3.3.1-28Dan Walsh 3.3.1-27Dan Walsh 3.3.1-26Dan Walsh 3.3.1-25Dan Walsh 3.3.1-24Dan Walsh 3.3.1-23Dan Walsh 3.3.1-22Dan Walsh 3.3.1-21Dan Walsh 3.3.1-20Dan Walsh 3.3.1-19Dan Walsh 3.3.1-18Dan Walsh 3.3.1-17Dan Walsh 3.3.1-16Dan Walsh 3.3.1-15Bill Nottingham 3.3.1-14Dan Walsh 3.3.1-13Dan Walsh 3.3.1-12Dan Walsh 3.3.1-11Dan Walsh 3.3.1-10Dan Walsh 3.3.1-9Dan Walsh 3.3.1-8Dan Walsh 3.3.1-6Dan Walsh 3.3.1-5Dan Walsh 3.3.1-4Dan Walsh 3.3.1-2Dan Walsh 3.3.1-1Dan Walsh 3.3.0-2Dan Walsh 3.3.0-1Dan Walsh 3.2.9-2Dan Walsh 3.2.9-1Dan Walsh 3.2.8-2Dan Walsh 3.2.8-1Dan Walsh 3.2.7-6Dan Walsh 3.2.7-5Dan Walsh 3.2.7-3Dan Walsh 3.2.7-2Dan Walsh 3.2.7-1Dan Walsh 3.2.6-7Dan Walsh 3.2.6-6Dan Walsh 3.2.6-5Dan Walsh 3.2.6-4Dan Walsh 3.2.6-3Dan Walsh 3.2.6-2Dan Walsh 3.2.6-1Dan Walsh 3.2.5-25Dan Walsh 3.2.5-24Dan Walsh 3.2.5-22Dan Walsh 3.2.5-21Dan Walsh 3.2.5-20Dan Walsh 3.2.5-19Dan Walsh 3.2.5-18Dan Walsh 3.2.5-17Dan Walsh 3.2.5-16Dan Walsh 3.2.5-15Dan Walsh 3.2.5-14Dan Walsh 3.2.5-13Dan Walsh 3.2.5-12Dan Walsh 3.2.5-11Dan Walsh 3.2.5-10Dan Walsh 3.2.5-9Dan Walsh 3.2.5-8Dan Walsh 3.2.5-7Dan Walsh 3.2.5-6Dan Walsh 3.2.5-5Dan Walsh 3.2.5-4Dan Walsh 3.2.5-3Dan Walsh 3.2.5-2Dan Walsh 3.2.5-1Dan Walsh 3.2.4-5Dan Walsh 3.2.4-4Dan Walsh 3.2.4-3Dan Walsh 3.2.4-1Dan Walsh 3.2.4-1Dan Walsh 3.2.3-2Dan Walsh 3.2.3-1Dan Walsh 3.2.2-1Dan Walsh 3.2.1-3Dan Walsh 3.2.1-1Dan Walsh 3.1.2-2Dan Walsh 3.1.2-1Dan Walsh 3.1.1-1Dan Walsh 3.1.0-1Dan Walsh 3.0.8-30Dan Walsh 3.0.8-28Dan Walsh 3.0.8-27Dan Walsh 3.0.8-26Dan Walsh 3.0.8-25Dan Walsh 3.0.8-24Dan Walsh 3.0.8-23Dan Walsh 3.0.8-22Dan Walsh 3.0.8-21Dan Walsh 3.0.8-20Dan Walsh 3.0.8-19Dan Walsh 3.0.8-18Dan Walsh 3.0.8-17Dan Walsh 3.0.8-16Dan Walsh 3.0.8-15Dan Walsh 3.0.8-14Dan Walsh 3.0.8-13Dan Walsh 3.0.8-12Dan Walsh 3.0.8-11Dan Walsh 3.0.8-10Dan Walsh 3.0.8-9Dan Walsh 3.0.8-8Dan Walsh 3.0.8-7Dan Walsh 3.0.8-5Dan Walsh 3.0.8-4Dan Walsh 3.0.8-3Dan Walsh 3.0.8-2Dan Walsh 3.0.8-1Dan Walsh 3.0.7-10Dan Walsh 3.0.7-9Dan Walsh 3.0.7-8Dan Walsh 3.0.7-7Dan Walsh 3.0.7-6Dan Walsh 3.0.7-5Dan Walsh 3.0.7-4Dan Walsh 3.0.7-3Dan Walsh 3.0.7-2Dan Walsh 3.0.7-1Dan Walsh 3.0.6-3Dan Walsh 3.0.6-2Dan Walsh 3.0.6-1Dan Walsh 3.0.5-11Dan Walsh 3.0.5-10Dan Walsh 3.0.5-9Dan Walsh 3.0.5-8Dan Walsh 3.0.5-7Dan Walsh 3.0.5-6Dan Walsh 3.0.5-5Dan Walsh 3.0.5-4Dan Walsh 3.0.5-3Dan Walsh 3.0.5-2Dan Walsh 3.0.5-1Dan Walsh 3.0.4-6Dan Walsh 3.0.4-5Dan Walsh 3.0.4-4Dan Walsh 3.0.4-3Dan Walsh 3.0.4-2Dan Walsh 3.0.4-1Dan Walsh 3.0.3-6Dan Walsh 3.0.3-5Dan Walsh 3.0.3-4Dan Walsh 3.0.3-3Dan Walsh 3.0.3-2Dan Walsh 3.0.3-1Dan Walsh 3.0.2-9Dan Walsh 3.0.2-8Dan Walsh 3.0.2-7Dan Walsh 3.0.2-5Dan Walsh 3.0.2-4Dan Walsh 3.0.2-3Dan Walsh 3.0.2-2Dan Walsh 3.0.1-5Dan Walsh 3.0.1-4Dan Walsh 3.0.1-3Dan Walsh 3.0.1-2Dan Walsh 3.0.1-1Dan Walsh 2.6.5-3Dan Walsh 2.6.5-2Dan Walsh 2.6.4-7Dan Walsh 2.6.4-6Dan Walsh 2.6.4-5Dan Walsh 2.6.4-2Dan Walsh 2.6.4-1Dan Walsh 2.6.3-1Dan Walsh 2.6.2-1Dan Walsh 2.6.1-4Dan Walsh 2.6.1-3Dan Walsh 2.6.1-2Dan Walsh 2.6.1-1Dan Walsh 2.5.12-12Dan Walsh 2.5.12-11Dan Walsh 2.5.12-10Dan Walsh 2.5.12-8Dan Walsh 2.5.12-5Dan Walsh 2.5.12-4Dan Walsh 2.5.12-3Dan Walsh 2.5.12-2Dan Walsh 2.5.12-1Dan Walsh 2.5.11-8Dan Walsh 2.5.11-7Dan Walsh 2.5.11-6Dan Walsh 2.5.11-5Dan Walsh 2.5.11-4Dan Walsh 2.5.11-3Dan Walsh 2.5.11-2Dan Walsh 2.5.11-1Dan Walsh 2.5.10-2Dan Walsh 2.5.10-1Dan Walsh 2.5.9-6Dan Walsh 2.5.9-5Dan Walsh 2.5.9-4Dan Walsh 2.5.9-3Dan Walsh 2.5.9-2Dan Walsh 2.5.8-8Dan Walsh 2.5.8-7Dan Walsh 2.5.8-6Dan Walsh 2.5.8-5Dan Walsh 2.5.8-4Dan Walsh 2.5.8-3Dan Walsh 2.5.8-2Dan Walsh 2.5.8-1Dan Walsh 2.5.7-1Dan Walsh 2.5.6-1Dan Walsh 2.5.5-2Dan Walsh 2.5.5-1Dan Walsh 2.5.4-2Dan Walsh 2.5.4-1Dan Walsh 2.5.3-3Dan Walsh 2.5.3-2Dan Walsh 2.5.3-1Dan Walsh 2.5.2-6Dan Walsh 2.5.2-5Dan Walsh 2.5.2-4Dan Walsh 2.5.2-3Dan Walsh 2.5.2-2Dan Walsh 2.5.2-1Dan Walsh 2.5.1-5Dan Walsh 2.5.1-4Dan Walsh 2.5.1-2Dan Walsh 2.5.1-1Dan Walsh 2.4.6-20Dan Walsh 2.4.6-19Dan Walsh 2.4.6-18Dan Walsh 2.4.6-17Dan Walsh 2.4.6-16Dan Walsh 2.4.6-15Dan Walsh 2.4.6-14Dan Walsh 2.4.6-13Dan Walsh 2.4.6-12Dan Walsh 2.4.6-11Dan Walsh 2.4.6-10Dan Walsh 2.4.6-9Dan Walsh 2.4.6-8Dan Walsh 2.4.6-7Dan Walsh 2.4.6-6Dan Walsh 2.4.6-5Dan Walsh 2.4.6-4Dan Walsh 2.4.6-3Dan Walsh 2.4.6-1Dan Walsh 2.4.5-4Dan Walsh 2.4.5-3Dan Walsh 2.4.5-2Dan Walsh 2.4.5-1Dan Walsh 2.4.4-2Dan Walsh 2.4.4-2Dan Walsh 2.4.4-1Dan Walsh 2.4.3-13Dan Walsh 2.4.3-12Dan Walsh 2.4.3-11Dan Walsh 2.4.3-10Dan Walsh 2.4.3-9Dan Walsh 2.4.3-8Dan Walsh 2.4.3-7Dan Walsh 2.4.3-6Dan Walsh 2.4.3-5Dan Walsh 2.4.3-4Dan Walsh 2.4.3-3Dan Walsh 2.4.3-2Dan Walsh 2.4.3-1Dan Walsh 2.4.2-8Dan Walsh 2.4.2-7James Antill 2.4.2-6Dan Walsh 2.4.2-5Dan Walsh 2.4.2-4Dan Walsh 2.4.2-3Dan Walsh 2.4.2-2Dan Walsh 2.4.2-1Dan Walsh 2.4.1-5Dan Walsh 2.4.1-4Dan Walsh 2.4.1-3Dan Walsh 2.4.1-2Dan Walsh 2.4-4Dan Walsh 2.4-3Dan Walsh 2.4-2Dan Walsh 2.4-1Dan Walsh 2.3.19-4Dan Walsh 2.3.19-3Dan Walsh 2.3.19-2Dan Walsh 2.3.19-1James Antill 2.3.18-10James Antill 2.3.18-9Dan Walsh 2.3.18-8Dan Walsh 2.3.18-7Dan Walsh 2.3.18-6Dan Walsh 2.3.18-5Dan Walsh 2.3.18-4Dan Walsh 2.3.18-3Dan Walsh 2.3.18-2Dan Walsh 2.3.18-1Dan Walsh 2.3.17-2Dan Walsh 2.3.17-1Dan Walsh 2.3.16-9Dan Walsh 2.3.16-8Dan Walsh 2.3.16-7Dan Walsh 2.3.16-6Dan Walsh 2.3.16-5Dan Walsh 2.3.16-4Dan Walsh 2.3.16-2Dan Walsh 2.3.16-1Dan Walsh 2.3.15-2Dan Walsh 2.3.15-1Dan Walsh 2.3.14-8Dan Walsh 2.3.14-7Dan Walsh 2.3.14-6Dan Walsh 2.3.14-4Dan Walsh 2.3.14-3Dan Walsh 2.3.14-2Dan Walsh 2.3.14-1Dan Walsh 2.3.13-6Dan Walsh 2.3.13-5Dan Walsh 2.3.13-4Dan Walsh 2.3.13-3Dan Walsh 2.3.13-2Dan Walsh 2.3.13-1Dan Walsh 2.3.12-2Dan Walsh 2.3.12-1Dan Walsh 2.3.11-1Dan Walsh 2.3.10-7Dan Walsh 2.3.10-6Dan Walsh 2.3.10-3Dan Walsh 2.3.10-1Dan Walsh 2.3.9-6Dan Walsh 2.3.9-5Dan Walsh 2.3.9-4Dan Walsh 2.3.9-3Dan Walsh 2.3.9-2Dan Walsh 2.3.9-1Dan Walsh 2.3.8-2Dan Walsh 2.3.7-1Dan Walsh 2.3.6-4Dan Walsh 2.3.6-3Dan Walsh 2.3.6-2Dan Walsh 2.3.6-1Dan Walsh 2.3.5-1Dan Walsh 2.3.4-1Dan Walsh 2.3.3-20Dan Walsh 2.3.3-19Dan Walsh 2.3.3-18Dan Walsh 2.3.3-17Dan Walsh 2.3.3-16Dan Walsh 2.3.3-15Dan Walsh 2.3.3-14Dan Walsh 2.3.3-13Dan Walsh 2.3.3-12Dan Walsh 2.3.3-11Dan Walsh 2.3.3-10Dan Walsh 2.3.3-9Dan Walsh 2.3.3-8Dan Walsh 2.3.3-7Dan Walsh 2.3.3-6Dan Walsh 2.3.3-5Dan Walsh 2.3.3-4Dan Walsh 2.3.3-3Dan Walsh 2.3.3-2Dan Walsh 2.3.3-1Dan Walsh 2.3.2-4Dan Walsh 2.3.2-3Dan Walsh 2.3.2-2Dan Walsh 2.3.2-1Dan Walsh 2.3.1-1Dan Walsh 2.2.49-1Dan Walsh 2.2.48-1Dan Walsh 2.2.47-5Dan Walsh 2.2.47-4Dan Walsh 2.2.47-3Dan Walsh 2.2.47-1Dan Walsh 2.2.46-2Dan Walsh 2.2.46-1Dan Walsh 2.2.45-3Dan Walsh 2.2.45-2Dan Walsh 2.2.45-1Dan Walsh 2.2.44-1Dan Walsh 2.2.43-4Dan Walsh 2.2.43-3Dan Walsh 2.2.43-2Dan Walsh 2.2.43-1Dan Walsh 2.2.42-4Dan Walsh 2.2.42-3Dan Walsh 2.2.42-2Dan Walsh 2.2.42-1Dan Walsh 2.2.41-1Dan Walsh 2.2.40-2Dan Walsh 2.2.40-1Dan Walsh 2.2.39-2Dan Walsh 2.2.39-1Dan Walsh 2.2.38-6Dan Walsh 2.2.38-5Dan Walsh 2.2.38-4Dan Walsh 2.2.38-3Dan Walsh 2.2.38-2Dan Walsh 2.2.38-1Dan Walsh 2.2.37-1Dan Walsh 2.2.36-2Dan Walsh 2.2.36-1James Antill 2.2.35-2Dan Walsh 2.2.35-1Dan Walsh 2.2.34-3Dan Walsh 2.2.34-2Dan Walsh 2.2.34-1Dan Walsh 2.2.33-1Dan Walsh 2.2.32-2Dan Walsh 2.2.32-1Dan Walsh 2.2.31-1Dan Walsh 2.2.30-2Dan Walsh 2.2.30-1Dan Walsh 2.2.29-6Russell Coker 2.2.29-5Dan Walsh 2.2.29-4Dan Walsh 2.2.29-3Dan Walsh 2.2.29-2Dan Walsh 2.2.29-1Dan Walsh 2.2.28-3Dan Walsh 2.2.28-2Dan Walsh 2.2.28-1Dan Walsh 2.2.27-1Dan Walsh 2.2.25-3Dan Walsh 2.2.25-2Dan Walsh 2.2.24-1Dan Walsh 2.2.23-19Dan Walsh 2.2.23-18Dan Walsh 2.2.23-17Karsten Hopp 2.2.23-16Dan Walsh 2.2.23-15Dan Walsh 2.2.23-14Dan Walsh 2.2.23-13Dan Walsh 2.2.23-12Jeremy Katz - 2.2.23-11Jeremy Katz - 2.2.23-10Dan Walsh 2.2.23-9Dan Walsh 2.2.23-8Dan Walsh 2.2.23-7Dan Walsh 2.2.23-5Dan Walsh 2.2.23-4Dan Walsh 2.2.23-3Dan Walsh 2.2.23-2Dan Walsh 2.2.23-1Dan Walsh 2.2.22-2Dan Walsh 2.2.22-1Dan Walsh 2.2.21-9Dan Walsh 2.2.21-8Dan Walsh 2.2.21-7Dan Walsh 2.2.21-6Dan Walsh 2.2.21-5Dan Walsh 2.2.21-4Dan Walsh 2.2.21-3Dan Walsh 2.2.21-2Dan Walsh 2.2.21-1Dan Walsh 2.2.20-1Dan Walsh 2.2.19-2Dan Walsh 2.2.19-1Dan Walsh 2.2.18-2Dan Walsh 2.2.18-1Dan Walsh 2.2.17-2Dan Walsh 2.2.16-1Dan Walsh 2.2.15-4Dan Walsh 2.2.15-3Dan Walsh 2.2.15-1Dan Walsh 2.2.14-2Dan Walsh 2.2.14-1Dan Walsh 2.2.13-1Dan Walsh 2.2.12-1Dan Walsh 2.2.11-2Dan Walsh 2.2.11-1Dan Walsh 2.2.10-1Dan Walsh 2.2.9-2Dan Walsh 2.2.9-1Dan Walsh 2.2.8-2Dan Walsh 2.2.7-1Dan Walsh 2.2.6-3Dan Walsh 2.2.6-2Dan Walsh 2.2.6-1Dan Walsh 2.2.5-1Dan Walsh 2.2.4-1Dan Walsh 2.2.3-1Dan Walsh 2.2.2-1Dan Walsh 2.2.1-1Dan Walsh 2.1.13-1Dan Walsh 2.1.12-3Dan Walsh 2.1.11-1Dan Walsh 2.1.10-1Jeremy Katz - 2.1.9-2Dan Walsh 2.1.9-1Dan Walsh 2.1.8-3Dan Walsh 2.1.8-2Dan Walsh 2.1.8-1Dan Walsh 2.1.7-4Dan Walsh 2.1.7-3Dan Walsh 2.1.7-2Dan Walsh 2.1.7-1Dan Walsh 2.1.6-24Dan Walsh 2.1.6-23Dan Walsh 2.1.6-22Dan Walsh 2.1.6-21Dan Walsh 2.1.6-20Dan Walsh 2.1.6-18Dan Walsh 2.1.6-17Dan Walsh 2.1.6-16Dan Walsh 2.1.6-15Dan Walsh 2.1.6-14Dan Walsh 2.1.6-13Dan Walsh 2.1.6-11Dan Walsh 2.1.6-10Dan Walsh 2.1.6-9Dan Walsh 2.1.6-8Dan Walsh 2.1.6-5Dan Walsh 2.1.6-4Dan Walsh 2.1.6-3Dan Walsh 2.1.6-2Dan Walsh 2.1.6-1Dan Walsh 2.1.4-2Dan Walsh 2.1.4-1Dan Walsh 2.1.3-1Jeremy Katz - 2.1.2-3Dan Walsh 2.1.2-2Dan Walsh 2.1.2-1Dan Walsh 2.1.1-3Dan Walsh 2.1.1-2Dan Walsh 2.1.1-1Dan Walsh 2.1.0-3Dan Walsh 2.1.0-2.Dan Walsh 2.1.0-1.Dan Walsh 2.0.11-2.Dan Walsh 2.0.11-1.Dan Walsh 2.0.9-1.Dan Walsh 2.0.8-1.Dan Walsh 2.0.7-3Dan Walsh 2.0.7-2Dan Walsh 2.0.6-2Dan Walsh 2.0.5-4Dan Walsh 2.0.5-1Dan Walsh 2.0.4-1Dan Walsh 2.0.2-2Dan Walsh 2.0.2-1Dan Walsh 2.0.1-2Dan Walsh 2.0.1-1- Latest F17 fixes before EOL- Back port to allow l2tpd to read NM conf file - Add labeling for /run/nm-xl2tpd.conf - Add mozilla_plugin_use_gps boolean - Label /usr/bin/razor-lightdm-greeter as xdm_exec_t instead of spamc_exec_t - Add labeling for HOMEDIR/.icedtea - Allow openvpn to add own log files - Allow cobblerd to read network state - Allow abrt to read utmp_t file- Allow cupsd to read hplip lib files - Allow NM to create rawip socket - Allow ping to read network state. - Add tcp/8891 as milter port - New directories under ~/.cache- Add files_dontaudit_read_all_sockets interface - Add gnome_dontaudit_rw_inherited_config interface - Allow httpd_collectd_script to read /etc/passwd - Allow milter domains to read /dev/random - Backport readahead fixes from F18 - Allow collectd to read utmp - /usr/share/munin/plugins/plugin.sh should be labeled as bin_t - Fix svnserve policy - Add additional fixes for ecrypts - Add additional interface for ecryptfs - Dontaudit leak fd for mozilla_plugin_config - Allow pppd to send signull- Fix dup decl for munin plugins - Allow logwatch to domtrans to mdadm - Backport blueman policy from F18 - Allow mozilla-plugin-config to read power_supply info - Allow fsdaemon to read virt images - Allow useradd to create homedirs in /run. ircd-ratbox does this and we should just allow it - Allow sa-update to search admin home for /root/.spamassassin - Dontaudit attempts from thumb_t to connect to sssd - Add labeling and filename transition for .grl-podcasts - Allow mozilla_plugin_t to read files on hugetlbfs - Allow gnomesystemmm_t caps because of ioprio_set - Allow logrotate to domtrans to mdadm_t - Allow sectoolm to sys_ptrace since it is looking at other proceses /proc data. - Allow gpg_t to manage all gnome files - Add filename transition for .quakelive - Add unconfined_munin_plugin_t - Allow httpd_t to read munin conf files - Add additional labeling for munin cgi scripts - Add labeling for texlive bash scripts - Allow NM to transition to l2tpd - Add interface for postgesql_filetrans_name_content to make sure log directories get created with the correct label.- Allow gpsd_t to setattr on usbtty_device - Allow mail_munin_plugins domain to run postconf - Dontaudit reading of domain states for mozilla-plugin-config - Backport corenetwork.te.in fixes related to http and keystone ports - Backport cloudform policy from F18 - ALlow logrotate sys_ptrace capability - Allow mscan to read /etc/MailScanner/conf.d directory - Add support for HOME_DIR/.lyx - Add support for rt4 - Back rhsmcertd policy from F18 - zoneminder needs to connect to httpd ports where remote cameras are listening - Add ntp_exec() interface - Dontaudit settatr on user tmp files for mozilla plugins - Allow colord-sane to read proc/sys/kernel/osrelease - Allow setroubleshoot_fixit to execute rpm - Allow logwatch to getattr on all dirs - Allow chrome and mozilla_plugin to create msgq and semaphores - systemd_logind_t is looking at all files under /run/user/apache - Allow confine users to ptrace screen- Add php-fpm support - Allow munin disk plugins to get attributes of all directories - Fix gnome_manage_config() to allow to manage sock_file- Add labeling for /var/www/openshift/{broker,console} - Allow openshift_initrc domain to dbus chat with systemd_logind - Allow httpd to getattr passenger log file if run_stickshift - Add passenger_getattr_log_files interface - Backport svirt_tcg policy - munint wants to send sigkill to ping - Allow munin plugins to send a signal to itself - Allow munin to send signal to ping- Allow openshift domain to read /dev/urand - Add labeling for /var/www/openshift/console/{tmp,log} dirs - gems seems to be placed in lots of places - Add labeling for /usr/bin/pg_ctl - Add labeling for HOME_DIR/irclogs - Allow systemd-logind to manage keyring user tmp dirs. We allow it for user_tmp_t dirs. - Add gnome_manage_gkeyringd_tmp_dirs() interface - Allow spamd_update to create spamd_var_lib_t directories and ignore DAC when searching for directories - Allow xend to run scsi_id - Allow rhsmcertd-worker to read "physical_package_id" - Allow lpr to read /usr/share/fonts - Allow open file from CD/DVD drive on domU - Dontaudit attempts by openshift to read apache logs - Add sntp support to ntp policy - Allow tor to read /proc/sys/kernel/random/uuid- Backport openvswitch policy from F18 - Allow logrotate to transition to openvswitch domain - opendkim should be a part of milter - Add filename transition for /etc/tuned/active_profile - Allow condor_master to send mails - Allow condor_master to create /tmp files/dirs - Allow condor_mater to send sigkill to other condor domains - Allow condor_procd sigkill capability - tuned-adm wants to talk with tuned daemon - Allow all application domains to use fifo_files passed in from userdomains - pppd wants sys_nice by nmcli because of "syscall=sched_setscheduler" - Fix mozilla_plugin_can_network_connect to allow to connect to all ports - The host and a virtual machine can share the same printer on a usb device - Backport thumb.te from F18 - Dontaudit leaks of locks or generic log files to systemprocesses - Allow blueman to transition to ifconfig, dnsmasq - Backport virt_lock_t from F18 - Allow syslogd to request the kernel to load a module - Allow syslogd_t to read the network state information - Add awstats_purge_apache_log boolean - Allow ksysguardproces to read /.config/Trolltech.conf - Allow passenger to create and append puppet log files - Add puppet_append_log and puppet_create_log interfaces - Allow rhsmcertd to send signal to itself- Add commands needed to get mock to build from staff_t in enforcing mode - Allow dbus-daemon to read/write inherited removable devices - Add storage_rw_inherited_removable_device() interface - fetchmail reads /etc/passwd - Allow rhnsd to execute bin_t in the caller rhnsd_t domain - Allow all daemons and systemprocesses to use inherited initrc_tmp_t files - Allow enabling Network Access Point service using blueman - Make vmware_host_t as unconfined domain - Allow authenticate users in webaccess via squid, using mysql as backend - Allow firewalld to read /etc/hosts - Backport openshift.te from F18 - Dontaudit xdm_t to getattr on BOINC lib files - Allow chrome and mozilla plugin to connect to msnp ports- Allow BOINC client to use an HTTP proxy for all connections - Add labeling for /var/lib/zarafa-webapp - Allow mozilla plugins to read /dev/hpet - Allow MPD to read /dev/radnom - Allow dnsmasq to read /etc/NetworkManager - Fix storage_rw_inherited_fixed_disk_dev() to cover also blk_file - httpd needs to send signull to openshift init script - Fix tftp_read_content() interface- More fixes for passwd/group labeling - New ypbind pkg wants to search /var/run which is caused by sd_notify - dbus needs to be able to read/write inherited fixed disk device_t passed through it - Allow NM to read certs on NFS/CIFS using use_nfs_*, use_samba_* booleans - Add interface to make sure rpcbind.sock is created with the correct label - Add support for OpenShift sbin labeling- Fix labeling for passwd*- logwatch wants sys_nice/setsched - Add labeling for mcollectived - Allow openshift domains to read localization - Allow smokeping to execute fping in the neutils_t domain - Allow support for notifyclamd option in /etc/freshclam.conf - Allow mozilla-plugin-config to getattr on all fs - Add tftp_homedir boolean - Allow nslcd to connect to ldap port without boolean - policykit-auth wants sys_nice - openshift user domains wants to r/w ssh tcp sockets- Allow nfsd to write to mount_var_run_t - Allow smokeping to execute bin_t - Allow sshd_t to execute login program - Allow prelink to read power_supply - Allow alsa to r/w alsa config files - Allow tuned to setsched kernel - Add labeling for /usr/sbin/mkhomedir_helper - Allow initrc_t to readl all systemd unit files - Allow mozilla_plugin_t to create .mplayer in users homedir - Allow sshd to send syslog msgs - Allow varnish execmem - Allow mongodb_t to getattr on all file systems - Allow pyzor running as spamc to manage amavis spool - Allow rhnsd to read /usr/lib/locale- Allow all openshift domains to read sysfs info - Allow openshift domains to getattr on all domains - Update httpd_run_stickshift boolean - Allow hplip to execute bin_t- fix opeshift labeling - Allow groupadd to read SELinux file context- Add openshift policy - Add changes needed by openshift policy - Allow vmnet-natd to request the kernel to load a module - Allown winbind to read /usr/share/samba/codepages/lowcase.dat - Access needed to allow hplip to send faxes - abrt_dump_oops needs to read debugfs - Add support for HTTPProxy* in /etc/freshclam.conf- Add file transition for mongodb lib dirs - Add labeling for /var/lib/mongo, /var/run/mongo - Allow gpg to write to /etc/mail/spamassassiin directories - Add support for hplip logs stored in /var/log/hp/tmp - Allow winbind to read usr_t - Add rhnsd policy - Add labeling for /etc/owncloud/config.php- Allow winbind to connect do ldap without a boolean - Allow mozilla-plugin to connect to commplex port - Fix tomcat template interface - Allow thumb to use user fonts- Backport tomcat fixes from F18 - Add filename transition for mongod.log - Dontaudit jockey to search /root/.local - Fix passenger labeling - fix corenetwork interfaces which needs to require ephemeral_port_t - Allow user domains to use tmpfs_t when it is created by the kernel and inherited by the app, IE No Open- Add sanlock_use_fusefs boolean - Add stapserver policy from F18 - Allow rhnsd to send syslog msgs - ABRT wants to read Xorg.0.log if if it detects problem with Xorg - ALlow chrome_sandbox to leak unix_dram_socket into chrome_sandbox_nacl_t - Allow postalias to read postfix config files - Allow tmpreaper to cleanup all files in /tmp - Allow chown capability for zarafa domains - Allow xauth to read /dev/urandom - Allow tmpreaper to list admin_home dir - Allow clamd to write/delete own pid file with clamd_var_run_t label - Add support for gitolite3 - Allow virsh_t to getattr on virtd_exec_t - Allow virsh can_exec on virsh_exec_t - Look up group name by spamass-milter-postfix - Add mozilla_plugin_can_network_connect boolean - Fix /var/lib/sqlgrey labeling - Add support for a new path for passenger- Allow virsh to stream connect to virtd - Add support for $HOME/.cache/libvirt - Allow groupadd_t to search default_context - Allow xdm_t to search dirs with xdm_unconfined_exec_t label - Allow ksysguardproces to read/write config_usr_t - Backport passenger policy from F18 - Allow wdmd to create wdmd_tmpfs_t- Fix passenger labeling - Add thumb_tmpfs_t files type - Add file name transitions for ttyACM0 - Allow virtd to send dbus messages to firewalld- Allow tmpreaper to delete unlabeled files - Backport selinux_login_config fixes from F18 for sssd - Allow thumb drives to create shared memory and semaphores - Make "snmpwalk -mREDHAT-CLUSTER-MIB ...." working - Allow dlm_controld to execute dlm_stonith labeled as bin_t - Allow GFS2 working on F17 - Allow thumb to gettatr on all fs - Allow condor domains to read kernel sysctls - Allow condor_master to connect to amqp - Allow abrt to read mozilla_plugin config files - Backport squid policy with support for lightsquid - Allow useradd to modify /etc/default/useradd - dovecot_auth_t uses ldap for user auth - Dontaudit mozilla_plugin attempts to ipc_lock - Allow tmpreaper to search unlabeled /tmp/kdecache-root - Allow jockey to list the contents of modeprobe.d - Allow web plugins to connect to the asterisk ports- Allow Chrome_ChildIO to read dosfs_t - Fix svirt to be allowed to use fusefs file system - Sanlock needs to send Kill Signals to non root process - Allow sendmail to read/write postfix_delivery_t- Allow sendmail to read/write postfix_delivery_t - Update sanlock policy to solve all AVC's - Change virt interface so confined users can optionally manage virt content - setroubleshoot was trying to getattr on sysctl and proc stuff - Need to allow svirt_t ability to getattr on nfs_t file system - Allow staff users to run svirt_t processes - Add new booleans to allow staff user and unprivuser to use boxes- Alias firstboot_tmp_t to tmp_t - Add support for sqlgre - Allow postfix to connect to spampd - Add support for spampd and treat it as spamd_t policy - Allow munin mail plugin to read exim.log - Fix mta_mailserver_delivery() interface - Allow logrotate to getattr on systemd unit files - Allow tor to read kernel sysctls - Add new man pages - Fix labeling for pingus- Regenerate man pages - Dontaudit mysqld_safe sending signull to random domains - Add interface for mysqld to dontaudit signull to all processes - Allow editparams.cgi running as httpd_bugzilla_script_t to read /etc/group - Allow smbd to read cluster config - Add additional labelinf for passenger - Add labeling for /var/motion - Add amavis_use_jit boolean - Allow mongod to connet to postgresql port- Allow samba_net to read /proc/net - Allow hplip_t to send notification dbus messages to users - Allow mailserver_deliver to read/write own pip - Allow munin-plugin domains to read /etc/passwd - Allow postfix_cleanup to use sockets create for smtpd - Dovecot seems to be searching directories of every mountpoint, lets just dontaudit this - Allow mozilla-plugin to read all kernel sysctls - Allow jockey to read random/urandom - Dontaudit dovecot to search all dirs - Add aditional params to allow cachedfiles to manage its content - gpg agent needs to read /dev/random - Add labelling and allow rules based on avc's from RHEL6 for amavis- Add support for rhnsd daemon - Allow cgclear to read cgconfig - Allow sys_ptrace capability for snmp - Allow freshclam to read /proc - Fix rhsmcertd pid filetrans - Allow NM to execute wpa_cli - Allow procmail to manage /home/user/Maildir content - Allow amavis to read clamd system state - Allow postdrop to use unix_stream_sockets leaked into it - Allow uucpd_t to uucpd port- Add support for ecryptfs * ecryptfs does not support xattr - Allow lpstat.cups to read fips_enabled file - Allow pyzor running as spamc_t to create /root/.pyzor directory - Add labeling for amavisd-snmp init script - Add support for amavisd-snmp - Allow fprintd sigkill self - Allow xend (w/o libvirt) to start virtual machines - Allow aiccu to read /etc/passwd - accountsd needs to fchown some files/directories - Add ICACLient and zibrauserdata as mozilla_filetrans_home_content - Allow xend_t to read the /etc/passwd file - Allow freshclam to update databases thru HTTP proxy - Add init_access_check() interface - Allow s-m-config to access check on systemd - Allow abrt to read public files by default - Fix amavis_create_pid_files() interface - Allow tuned sys_nice, sys_admin caps - Allow amavisd to execute fsav - Allow system_dbusd_t to stream connect to bluetooth, and use its socket- Add labeling for aeolus-configserver-thinwrapper - Allow thin domains to execute shell - Allow OpenMPI job running as condor_startd_ssh_t to manage condor lib files - Allow OpenMPI job to use kerberos - Make deltacloudd_t as nsswitch_domain - Allow xend_t to run lsscsi - Allow qemu-dm running as xend_t to create tun_socket - Allow jockey-backend to read pyconfig-64.h labeled as usr_t - Fix alsa_manage_home_files interface - Fix clamscan_can_scan_system boolean - Allow lpr to connectto to /run/user/$USER/keyring-22uREb/pkcs11- Fixes for passenger running within openshift - Add labeling for all tomcat6 dirs - Allow cobblerd to read /etc/passwd - Allow jockey to read sysfs and and execute binaries with bin_t - Allow thum to use user terminals - Allow systemd_logind_t to read/write /dev/input0- Fixes to make minimal policy to be installed- abrt_watch_log should be abrt_domain - add ptrace_child access to process - Allow mozilla_plugin to connect to gatekeeper port - Allow dbomatic to execute ruby - Allow boinc domains to manage boinc_lib_t lnk_files - Add support for boinc-client.service unit file - add support for boinc.log - Allow httpd_smokeping_cgi_script_t to read /etc/passwd- Allow mozilla_plugin execmod on mozilla home files if allow_execmod - Allow dovecot_deliver_t to read dovecot_var_run_t - Add tomcat policy from F18 - Allow ldconfig and insmod to manage kdumpctl tmp files - Add kdumpctl policy - Move thin policy out from cloudform.pp and add a new thin policy files - pacemaker needs to communicate with corosync streams - abrt is now started on demand by dbus - Allow certmonger to talk directly to Dogtag servers - Change labeling for /var/lib/cobbler/webui_sessions to httpd_cobbler_rw_content_t - Allow mozila_plugin to execute gstreamer home files - Allow useradd to delete all file types stored in the users homedir - rhsmcertd reads the rpm database - Add support for lightdm- Dontaudit thumb to setattr on xdm_tmp dirs - Allow wicd to execute ldconfig - Add /var/run/cherokee\.pid labeling - Allow snort to create netlink_socket - Allow setpcap for rpcd_t - Firstboot should be just creating tmp_t dirs - Transition xauth files within firstboot_tmp_t - Fix labeling of /run/media to match /media - Allow firstboot to create tmp_t files/directories - Label tuned scripts located in /etc as bin_t - Add port definition for mxi port - Fix labeling for /var/log/lxdm.log.old - Allow ddclient to read /etc/passwd - change dovecot_deliver to manage mail_home_rw_t - Remove razor/pyzor policy - Allow local_login_t to execute tmux - Allow mozilla_plugin_t to execute the dynamic link/loader- apcupsd needs to read /etc/passwd - Sanlock allso sends sigkill - Allow glance_registry to connect to the mysqld port - Dontaudit mozilla_plugin trying to getattr on /dev/gpmctl - Allow firefox plugins/flash to connect to port 1234 - Allow mozilla plugins to delete user_tmp_t files - Add transition name rule for printers.conf.O - Allow virt_lxc_t to read urand - Allow systemd_loigind to list gstreamer_home_dirs - Fix labeling for /usr/bin - Fixes for cloudform services * support FIPS - Allow polipo to work as web caching - Allow chfn to execute tmux- Fix labeling of kerbero host cache files, allow rpc.svcgssd to manage - Allow dovecot to manage Maildir content, fix transitions to Maildir - Allow postfix_local to transition to dovecot_deliver - Dontaudit attempts to setattr on xdm_tmp_t, looks like bogus code - Cleanup interface definitions - Allow apmd to change with the logind daemon - Changes required for sanlock in rhel6 - Label /run/user/apache as httpd_tmp_t - Allow thumb to use lib_t as execmod if boolean turned on - Allow squid to create the squid directory in /var with the correct - When staff_t runs libvirt it reads dnsmasq_var_run_t - Mount command now lists user_tmp looking for gvfs - /etc/blkid is moving to /run/blkid - Allow rw_cgroup_files to also read a symlink - Make sure gdm directory in ~/.cache/gdm gets created with the correct label - Add labeling for .cache/gdm in the homedir - Allow mount to mount on user_tmp_t for /run/user/dwalsh/gvfs - xdm now needs to execute xsession_exec_t - Need labels for /var/lib/gdm- Dontaudit logwatch to gettr on /dev/dm-2 - Allow policykit-auth to manage kerberos files - Allow systemd_logind_t to signal, signull, sigkill all processes - Add filetrans rules for etc_runtime files - Allow systemd_login to send signals to devicekit power - Allow systemd_logind to signal initrc scripts to handle third party packages running as initrc_t - Allow virsh to read /etc/passwd - Allow policykit to manage kerberos rcache files - Allow systemd-logind to send a signal to init_t - /usr/sbin/xl2tpd wants to read /etc/group - Allow ncftool to list of content /etc/modprobe.d - Allow dkim-milter to listen own tcp_socke- Allow collectd to read virt config - Allow collectd setsched - Add support for /usr/sbin/mdm* - Fix java binaries labels when installed under /usr/lib/jvm/java - Add labeling for /var/run/mdm - Allow apps that can read net_conf_t files read symlinks - Allow all domains that can search or read tmp_t, able to read a tmp_t link - Dontaudit mozilla_plugin looking at xdm_tmp_t - Looks like collectd needs to change it scheduling priority - Allow uux_t to access nsswitch data - New labeling for samba, pid dirs moved to subdirs of samba - Allow nova_api to use nsswitch - Allow mozilla_plugin to execute files labeled as lib_t - Label content under HOME_DIR/zimbrauserdata as mozilla_home date - abrt is fooled into reading mozilla_plugin content, we want to dontaudit - Allow mozilla_plugin to connect to ircd ports since a plugin might be a irc chat window - Allow winbind to create content in smbd_var_run_t directories - Allow setroubleshoot_fixit to read the selinux policy store. No reason to deny it - Support libvirt plugin for collectd- Fix description of authlogin_nsswitch_use_ldap - Fix transition rule for rhsmcertd_t needed for RHEL7 - Allow useradd to list nfs state data - Allow openvpn to manage its log file and directory - We want vdsm to transition to mount_t when executing mount command to make sure /etc/mtab remains labeled correctly - Allow thumb to use nvidia devices - Allow local_login to create user_tmp_t files for kerberos - Pulseaudio needs to read systemd_login /var/run content - virt should only transition named system_conf_t config files - Allow munin to execute its plugins - Allow nagios system plugin to read /etc/passwd - Allow plugin to connect to soundd port - Fix httpd_passwd to be able to ask passwords - Radius servers can use ldap for backing store - Seems to need to mount on /var/lib for xguest polyinstatiation to work. - Allow systemd_logind to list the contents of gnome keyring - VirtualGL need xdm to be able to manage content in /etc/opt/VirtualGL - Add policy for isns-utils- Add policy for subversion daemon - Allow boinc to read passwd - Allow pads to read kernel network state - Fix man2html interface for sepolgen-ifgen - Remove extra /usr/lib/systemd/system/smb - Remove all /lib/systemd and replace with /usr/lib/systemd - Add policy for man2html - Fix the label of kerberos_home_t to krb5_home_t - Allow mozilla plugins to use Citrix - Allow tuned to read /proc/sys/kernel/nmi_watchdog - Allow tune /sys options via systemd's tmpfiles.d "w" type- Dontaudit lpr_t to read/write leaked mozilla tmp files - Add file name transition for .grl-podcasts directory - Allow corosync to read user tmp files - Allow fenced to create snmp lib dirs/files - More fixes for sge policy - Allow mozilla_plugin_t to execute any application - Allow dbus to read/write any open file descriptors to any non security file on the system that it inherits to that it can pass them to another domain - Allow mongod to read system state information - Fix wrong type, we should dontaudit sys_admin for xdm_t not xserver_t - Allow polipo to manage polipo_cache dirs - Add jabbar_client port to mozilla_plugin_t - Cleanup procmail policy - system bus will pass around open file descriptors on files that do not have labels on them - Allow l2tpd_t to read system state - Allow tuned to run ls /dev - Allow sudo domains to read usr_t files - Add label to machine-id - Fix corecmd_read_bin_symlinks cut and paste error- Fix pulseaudio port definition - Add labeling for condor_starter - Allow chfn_t to creat user_tmp_files - Allow chfn_t to execute bin_t - Allow prelink_cron_system_t to getpw calls - Allow sudo domains to manage kerberos rcache files - Allow user_mail_domains to work with courie - Port definitions necessary for running jboss apps within openshift - Add support for openstack-nova-metadata-api - Add support for nova-console* - Add support for openstack-nova-xvpvncproxy - Fixes to make privsep+SELinux working if we try to use chage to change passwd - Fix auth_role() interface - Allow numad to read sysfs - Allow matahari-rpcd to execute shell - Add label for ~/.spicec - xdm is executing lspci as root which is requesting a sys_admin priv but seems to succeed without it - Devicekit_disk wants to read the logind sessions file when writing a cd - Add fixes for condor to make condor jobs working correctly - Change label of /var/log/rpmpkgs to cron_log_t - Access requires to allow systemd-tmpfiles --create to work. - Fix obex to be a user application started by the session bus. - Add additional filename trans rules for kerberos - Fix /var/run/heartbeat labeling - Allow apps that are managing rcache to file trans correctly - Allow openvpn to authenticate against ldap server - Containers need to listen to network starting and stopping events- Make systemd unit files less specific- Fix zarafa labeling - Allow guest_t to fix labeling - corenet_tcp_bind_all_unreserved_ports(ssh_t) should be called with the user_tcp_server boolean - add lxc_contexts - Allow accountsd to read /proc - Allow restorecond to getattr on all file sytems - tmpwatch now calls getpw - Allow apache daemon to transition to pwauth domain - Label content under /var/run/user/NAME/keyring* as gkeyringd_tmp_t - The obex socket seems to be a stream socket - dd label for /var/run/nologin- Allow jetty running as httpd_t to read hugetlbfs files - Allow sys_nice and setsched for rhsmcertd - Dontaudit attempts by mozilla_plugin_t to bind to ssdp ports - Allow setfiles to append to xdm_tmp_t - Add labeling for /export as a usr_t directory - Add labels for .grl files created by gstreamer- Add labeling for /usr/share/jetty/bin/jetty.sh - Add jetty policy which contains file type definitios - Allow jockey to use its own fifo_file and make this the default for all domains - Allow mozilla_plugins to use spice (vnc_port/couchdb) - asterisk wants to read the network state - Blueman now uses /var/lib/blueman- Add label for nodejs_debug - Allow mozilla_plugin_t to create ~/.pki directory and content- Add clamscan_can_scan_system boolean - Allow mysqld to read kernel network state - Allow sshd to read/write condor lib files - Allow sshd to read/write condor-startd tcp socket - Fix description on httpd_graceful_shutdown - Allow glance_registry to communicate with mysql - dbus_system_domain is using systemd to lauch applications - add interfaces to allow domains to send kill signals to user mail agents - Remove unnessary access for svirt_lxc domains, add privs for virtd_lxc_t - Lots of new access required for secure containers - Corosync needs sys_admin capability - ALlow colord to create shm - .orc should be allowed to be created by any app that can create gstream home content, thumb_t to be specific - Add boolean to control whether or not mozilla plugins can create random content in the users homedir - Add new interface to allow domains to list msyql_db directories, needed for libra - shutdown has to be allowed to delete etc_runtime_t - Fail2ban needs to read /etc/passwd - Allow ldconfig to create /var/cache/ldconfig - Allow tgtd to read hardware state information - Allow collectd to create packet socket - Allow chronyd to send signal to itself - Allow collectd to read /dev/random - Allow collectd to send signal to itself - firewalld needs to execute restorecon - Allow restorecon and other login domains to execute restorecon- Allow logrotate to getattr on systemd unit files - Add support for tor systemd unit file - Allow apmd to create /var/run/pm-utils with the correct label - Allow l2tpd to send sigkill to pppd - Allow pppd to stream connect to l2tpd - Add label for scripts in /etc/gdm/ - Allow systemd_logind_t to ignore mcs constraints on sigkill - Fix files_filetrans_system_conf_named_files() interface - Add labels for /usr/share/wordpress/wp-includes/*.php - Allow cobbler to get SELinux mode and booleans- Add unconfined_execmem_exec_t as an alias to bin_t - Allow fenced to read snmp var lib files, also allow it to read usr_t - ontaudit access checks on all executables from mozilla_plugin - Allow all user domains to setexec, so that sshd will work properly if it call setexec(NULL) while running withing a user mode - Allow systemd_tmpfiles_t to getattr all pipes and sockets - Allow glance-registry to send system log messages - semanage needs to manage mock lib files/dirs- Add policy for abrt-watch-log - Add definitions for jboss_messaging ports - Allow systemd_tmpfiles to manage printer devices - Allow oddjob to use nsswitch - Fix labeling of log files for postgresql - Allow mozilla_plugin_t to execmem and execstack by default - Allow firewalld to execute shell - Fix /etc/wicd content files to get created with the correct label - Allow mcelog to exec shell - Add ~/.orc as a gstreamer_home_t - /var/spool/postfix/lib64 should be labeled lib_t - mpreaper should be able to list all file system labeled directories - Add support for apache to use openstack - Add labeling for /etc/zipl.conf and zipl binary - Turn on allow_execstack and turn off telepathy transition for final release- More access required for virt_qmf_t - Additional assess required for systemd-logind to support multi-seat - Allow mozilla_plugin to setrlimit - Revert changes to fuse file system to stop deadlock- Allow condor domains to connect to ephemeral ports - More fixes for condor policy - Allow keystone to stream connect to mysqld - Allow mozilla_plugin_t to read generic USB device to support GPS devices - Allow thum to file name transition gstreamer home content - Allow thum to read all non security files - Allow glance_api_t to connect to ephemeral ports - Allow nagios plugins to read /dev/urandom - Allow syslogd to search postfix spool to support postfix chroot env - Fix labeling for /var/spool/postfix/dev - Allow wdmd chown - Label .esd_auth as pulseaudio_home_t - Have no idea why keyring tries to write to /run/user/dwalsh/dconf/user, but we can dontaudit for now- Add support for clamd+systemd - Allow fresclam to execute systemctl to handle clamd - Change labeling for /usr/sbin/rpc.ypasswd.env - Allow yppaswd_t to execute yppaswd_exec_t - Allow yppaswd_t to read /etc/passwd - Gnomekeyring socket has been moved to /run/user/USER/ - Allow samba-net to connect to ldap port - Allow signal for vhostmd - allow mozilla_plugin_t to read user_home_t socket - New access required for secure Linux Containers - zfs now supports xattrs - Allow quantum to execute sudo and list sysfs - Allow init to dbus chat with the firewalld - Allow zebra to read /etc/passwd- Allow svirt_t to create content in the users homedir under ~/.libvirt - Fix label on /var/lib/heartbeat - Allow systemd_logind_t to send kill signals to all processes started by a user - Fuse now supports Xattr Support- upowered needs to setsched on the kernel - Allow mpd_t to manage log files - Allow xdm_t to create /var/run/systemd/multi-session-x - Add rules for missedfont.log to be used by thumb.fc - Additional access required for virt_qmf_t - Allow dhclient to dbus chat with the firewalld - Add label for lvmetad - Allow systemd_logind_t to remove userdomain sock_files - Allow cups to execute usr_t files - Fix labeling on nvidia shared libraries - wdmd_t needs access to sssd and /etc/passwd - Add boolean to allow ftp servers to run in passive mode - Allow namepspace_init_t to relabelto/from a different user system_u from the user the namespace_init running with - Fix using httpd_use_fusefs - Allow chrome_sandbox_nacl to write inherited user tmp files as we allow it for chrome_sandbox- Rename rdate port to time port, and allow gnomeclock to connect to it - We no longer need to transition to ldconfig from rpm, rpm_script, or anaconda - /etc/auto.* should be labeled bin_t - Add httpd_use_fusefs boolean - Add fixes for heartbeat - Allow sshd_t to signal processes that it transitions to - Add condor policy - Allow svirt to create monitors in ~/.libvirt - Allow dovecot to domtrans sendmail to handle sieve scripts - Lot of fixes for cfengine- /var/run/postmaster.* labeling is no longer needed - Alllow drbdadmin to read /dev/urandom - l2tpd_t seems to use ptmx - group+ and passwd+ should be labeled as /etc/passwd - Zarafa-indexer is a socket- Ensure lastlog is labeled correctly - Allow accountsd to read /proc data about gdm - Add fixes for tuned - Add bcfg2 fixes which were discovered during RHEL6 testing - More fixes for gnome-keyring socket being moved - Run semanage as a unconfined domain, and allow initrc_t to create tmpfs_t sym links on shutdown - Fix description for files_dontaudit_read_security_files() interface- Add new policy and man page for bcfg2 - cgconfig needs to use getpw calls - Allow domains that communicate with the keyring to use cache_home_t instead of gkeyringd_tmpt - gnome-keyring wants to create a directory in cache_home_t - sanlock calls getpw- Add numad policy and numad man page - Add fixes for interface bugs discovered by SEWatch - Add /tmp support for squid - Add fix for #799102 * change default labeling for /var/run/slapd.* sockets - Make thumb_t as userdom_home_reader - label /var/lib/sss/mc same as pubconf, so getpw domains can read it - Allow smbspool running as cups_t to stream connect to nmbd - accounts needs to be able to execute passwd on behalf of users - Allow systemd_tmpfiles_t to delete boot flags - Allow dnssec_trigger to connect to apache ports - Allow gnome keyring to create sock_files in ~/.cache - google_authenticator is using .google_authenticator - sandbox running from within firefox is exposing more leaks - Dontaudit thumb to read/write /dev/card0 - Dontaudit getattr on init_exec_t for gnomeclock_t - Allow certmonger to do a transition to certmonger_unconfined_t - Allow dhcpc setsched which is caused by nmcli - Add rpm_exec_t for /usr/sbin/bcfg2 - system cronjobs are sending dbus messages to systemd_logind - Thumnailers read /dev/urand- Allow auditctl getcap - Allow vdagent to use libsystemd-login - Allow abrt-dump-oops to search /etc/abrt - Got these avc's while trying to print a boarding pass from firefox - Devicekit is now putting the media directory under /run/media - Allow thumbnailers to create content in ~/.thumbails directory - Add support for proL2TPd by Dominick Grift - Allow all domains to call getcap - wdmd seems to get a random chown capability check that it does not need - Allow vhostmd to read kernel sysctls- Allow chronyd to read unix - Allow hpfax to read /etc/passwd - Add support matahari vios-proxy-* apps and add virtd_exec_t label for them - Allow rpcd to read quota_db_t - Update to man pages to match latest policy - Fix bug in jockey interface for sepolgen-ifgen - Add initial svirt_prot_exec_t policy- More fixes for systemd from Dan Walsh- Add a new type for /etc/firewalld and allow firewalld to write to this directory - Add definition for ~/Maildir, and allow mail deliver domains to write there - Allow polipo to run from a cron job - Allow rtkit to schedule wine processes - Allow mozilla_plugin_t to acquire a bug, and allow it to transition gnome content in the home dir to the proper label - Allow users domains to send signals to consolehelper domains- More fixes for boinc policy - Allow polipo domain to create its own cache dir and pid file - Add systemctl support to httpd domain - Add systemctl support to polipo, allow NetworkManager to manage the service - Add policy for jockey-backend - Add support for motion daemon which is now covered by zoneminder policy - Allow colord to read/write motion tmpfs - Allow vnstat to search through var_lib_t directories - Stop transitioning to quota_t, from init an sysadm_t- Add svirt_lxc_file_t as a customizable type- Add additional fixes for icmp nagios plugin - Allow cron jobs to open fifo_files from cron, since service script opens /dev/stdin - Add certmonger_unconfined_exec_t - Make sure tap22 device is created with the correct label - Allow staff users to read systemd unit files - Merge in previously built policy - Arpwatch needs to be able to start netlink sockets in order to start - Allow cgred_t to sys_ptrace to look at other DAC Processes- Back port some of the access that was allowed in nsplugin_t - Add definitiona for couchdb ports - Allow nagios to use inherited users ttys - Add git support for mock - Allow inetd to use rdate port - Add own type for rdate port - Allow samba to act as a portmapper - Dontaudit chrome_sandbox attempts to getattr on chr_files in /dev - New fixes needed for samba4 - Allow apps that use lib_t to read lib_t symlinks- Add policy for nove-cert - Add labeling for nova-openstack systemd unit files - Add policy for keystoke- Fix man pages fro domains - Add man pages for SELinux users and roles - Add storage_dev_filetrans_named_fixed_disk() and use it for smartmon - Add policy for matahari-rpcd - nfsd executes mount command on restart - Matahari domains execute renice and setsched - Dontaudit leaked tty in mozilla_plugin_config - mailman is changing to a per instance naming - Add 7600 and 4447 as jboss_management ports - Add fixes for nagios event handlers - Label httpd.event as httpd_exec_t, it is an apache daemon- Add labeling for /var/spool/postfix/dev/log - NM reads sysctl.conf - Iscsi log file context specification fix - Allow mozilla plugins to send dbus messages to user domains that transition to it - Allow mysql to read the passwd file - Allow mozilla_plugin_t to create mozilla home dirs in user homedir - Allow deltacloud to read kernel sysctl - Allow postgresql_t to connectto itselfAllow postgresql_t to connectto itself - Allow postgresql_t to connectto itself - Add login_userdomain attribute for users which can log in using terminal- Allow sysadm_u to reach system_r by default #784011 - Allow nagios plugins to use inherited user terminals - Razor labeling is not used no longer - Add systemd support for matahari - Add port_types to man page, move booleans to the top, fix some english - Add support for matahari-sysconfig-console - Clean up matahari.fc - Fix matahari_admin() interfac - Add labels for/etc/ssh/ssh_host_*.pub keys- Allow ksysguardproces to send system log msgs - Allow boinc setpgid and signull - Allow xdm_t to sys_ptrace to run pidof command - Allow smtpd_t to manage spool files/directories and symbolic links - Add labeling for jetty - Needed changes to get unbound/dnssec to work with openswan- Add user_fonts_t alias xfs_tmp_t - Since depmod now runs as insmod_t we need to write to kernel_object_t - Allow firewalld to dbus chat with networkmanager - Allow qpidd to connect to matahari ports - policykit needs to read /proc for uses not owned by it - Allow systemctl apps to connecto the init stream- Turn on deny_ptrace boolean- Remove pam_selinux.8 man page. There was a conflict.- Add proxy class and read access for gssd_proxy - Separate out the sharing public content booleans - Allow certmonger to execute a script and send signals to apache and dirsrv to reload the certificate - Add label transition for gstream-0.10 and 12 - Add booleans to allow rsync to share nfs and cifs file sytems - chrome_sandbox wants to read the /proc/PID/exe file of the program that executed it - Fix filename transitions for cups files - Allow denyhosts to read "unix" - Add file name transition for locale.conf.new - Allow boinc projects to gconf config files - sssd needs to be able to increase the socket limit under certain loads - sge_execd needs to read /etc/passwd - Allow denyhost to check network state - NetworkManager needs to read sessions data - Allow denyhost to check network state - Allow xen to search virt images directories - Add label for /dev/megaraid_sas_ioctl_node - Add autogenerated man pages- Allow boinc project to getattr on fs - Allow init to execute initrc_state_t - rhev-agent package was rename to ovirt-guest-agent - If initrc_t creates /etc/local.conf then we need to make sure it is labeled correctly - sytemd writes content to /run/initramfs and executes it on shutdown - kdump_t needs to read /etc/mtab, should be back ported to F16 - udev needs to load kernel modules in early system boot- Need to add sys_ptrace back in since reading any content in /proc can cause these accesses - Add additional systemd interfaces which are needed fro *_admin interfaces - Fix bind_admin() interface- Allow firewalld to read urand - Alias java, execmem_mono to bin_t to allow third parties - Add label for kmod - /etc/redhat-lsb contains binaries - Add boolean to allow gitosis to send mail - Add filename transition also for "event20" - Allow systemd_tmpfiles_t to delete all file types - Allow collectd to ipc_lock- make consoletype_exec optional, so we can remove consoletype policy - remove unconfined_permisive.patch - Allow openvpn_t to inherit user home content and tmp content - Fix dnssec-trigger labeling - Turn on obex policy for staff_t - Pem files should not be secret - Add lots of rules to fix AVC's when playing with containers - Fix policy for dnssec - Label ask-passwd directories correctly for systemd- sshd fixes seem to be causing unconfined domains to dyntrans to themselves - fuse file system is now being mounted in /run/user - systemd_logind is sending signals to processes that are dbus messaging with it - Add support for winshadow port and allow iscsid to connect to this port - httpd should be allowed to bind to the http_port_t udp socket - zarafa_var_lib_t can be a lnk_file - A couple of new .xsession-errors files - Seems like user space and login programs need to read logind_sessions_files - Devicekit disk seems to be being launched by systemd - Cleanup handling of setfiles so most of rules in te file - Correct port number for dnssec - logcheck has the home dir set to its cache- Add policy for grindengine MPI jobs- Add new sysadm_secadm.pp module * contains secadm definition for sysadm_t - Move user_mail_domain access out of the interface into the te file - Allow httpd_t to create httpd_var_lib_t directories as well as files - Allow snmpd to connect to the ricci_modcluster stream - Allow firewalld to read /etc/passwd - Add auth_use_nsswitch for colord - Allow smartd to read network state - smartdnotify needs to read /etc/group- Allow gpg and gpg_agent to store sock_file in gpg_secret_t directory - lxdm startup scripts should be labeled bin_t, so confined users will work - mcstransd now creates a pid, needs back port to F16 - qpidd should be allowed to connect to the amqp port - Label devices 010-029 as usb devices - ypserv packager says ypserv does not use tmp_t so removing selinux policy types - Remove all ptrace commands that I believe are caused by the kernel/ps avcs - Add initial Obex policy - Add logging_syslogd_use_tty boolean - Add polipo_connect_all_unreserved bolean - Allow zabbix to connect to ftp port - Allow systemd-logind to be able to switch VTs - Allow apache to communicate with memcached through a sock_file- Fix file_context.subs_dist for now to work with pre usrmove- More /usr move fixes- Add zabbix_can_network boolean - Add httpd_can_connect_zabbix boolean - Prepare file context labeling for usrmove functions - Allow system cronjobs to read kernel network state - Add support for selinux_avcstat munin plugin - Treat hearbeat with corosync policy - Allow corosync to read and write to qpidd shared mem - mozilla_plugin is trying to run pulseaudio - Fixes for new sshd patch for running priv sep domains as the users context - Turn off dontaudit rules when turning on allow_ypbind - udev now reads /etc/modules.d directory- Turn on deny_ptrace boolean for the Rawhide run, so we can test this out - Cups exchanges dbus messages with init - udisk2 needs to send syslog messages - certwatch needs to read /etc/passwd- Add labeling for udisks2 - Allow fsadmin to communicate with the systemd process- Treat Bip with bitlbee policy * Bip is an IRC proxy - Add port definition for interwise port - Add support for ipa_memcached socket - systemd_jounald needs to getattr on all processes - mdadmin fixes * uses getpw - amavisd calls getpwnam() - denyhosts calls getpwall()- Setup labeling of /var/rsa and /var/lib/rsa to allow login programs to write there - bluetooth says they do not use /tmp and want to remove the type - Allow init to transition to colord - Mongod needs to read /proc/sys/vm/zone_reclaim_mode - Allow postfix_smtpd_t to connect to spamd - Add boolean to allow ftp to connect to all ports > 1023 - Allow sendmain to write to inherited dovecot tmp files - setroubleshoot needs to be able to execute rpm to see what version of packages- Merge systemd patch - systemd-tmpfiles wants to relabel /sys/devices/system/cpu/online - Allow deltacloudd dac_override, setuid, setgid caps - Allow aisexec to execute shell - Add use_nfs_home_dirs boolean for ssh-keygen- Fixes to make rawhide boot in enforcing mode with latest systemd changes- Add labeling for /var/run/systemd/journal/syslog - libvirt sends signals to ifconfig - Allow domains that read logind session files to list them- Fixed destined form libvirt-sandbox - Allow apps that list sysfs to also read sympolicy links in this filesystem - Add ubac_constrained rules for chrome_sandbox - Need interface to allow domains to use tmpfs_t files created by the kernel, used by libra - Allow postgresql to be executed by the caller - Standardize interfaces of daemons - Add new labeling for mm-handler - Allow all matahari domains to read network state and etc_runtime_t files- New fix for seunshare, requires seunshare_domains to be able to mounton / - Allow systemctl running as logrotate_t to connect to private systemd socket - Allow tmpwatch to read meminfo - Allow rpc.svcgssd to read supported_krb5_enctype - Allow zarafa domains to read /dev/random and /dev/urandom - Allow snmpd to read dev_snmp6 - Allow procmail to talk with cyrus - Add fixes for check_disk and check_nagios plugins- default trans rules for Rawhide policy - Make sure sound_devices controlC* are labeled correctly on creation - sssd now needs sys_admin - Allow snmp to read all proc_type - Allow to setup users homedir with quota.group- Add httpd_can_connect_ldap() interface - apcupsd_t needs to use seriel ports connected to usb devices - Kde puts procmail mail directory under ~/.local/share - nfsd_t can trigger sys_rawio on tests that involve too many mountpoints, dontaudit for now - Add labeling for /sbin/iscsiuio- Add label for /var/lib/iscan/interpreter - Dont audit writes to leaked file descriptors or redirected output for nacl - NetworkManager needs to write to /sys/class/net/ib*/mode- Allow abrt to request the kernel to load a module - Make sure mozilla content is labeled correctly - Allow tgtd to read system state - More fixes for boinc * allow to resolve dns name * re-write boinc policy to use boinc_domain attribute - Allow munin services plugins to use NSCD services- Allow mozilla_plugin_t to manage mozilla_home_t - Allow ssh derived domain to execute ssh-keygen in the ssh_keygen_t domain - Add label for tumblerd- Fixes for xguest package- Fixes related to /bin, /sbin - Allow abrt to getattr on blk files - Add type for rhev-agent log file - Fix labeling for /dev/dmfm - Dontaudit wicd leaking - Allow systemd_logind_t to look at process info of apps that exchange dbus messages with it - Label /etc/locale.conf correctly - Allow user_mail_t to read /dev/random - Allow postfix-smtpd to read MIMEDefang - Add label for /var/log/suphp.log - Allow swat_t to connect and read/write nmbd_t sock_file - Allow systemd-tmpfiles to setattr for /run/user/gdm/dconf - Allow systemd-tmpfiles to change user identity in object contexts - More fixes for rhev_agentd_t consolehelper policy- Use fs_use_xattr for squashf - Fix procs_type interface - Dovecot has a new fifo_file /var/run/dovecot/stats-mail - Dovecot has a new fifo_file /var/run/stats-mail - Colord does not need to connect to network - Allow system_cronjob to dbus chat with NetworkManager - Puppet manages content, want to make sure it labels everything correctly- Change port 9050 to tor_socks_port_t and then allow openvpn to connect to it - Allow all postfix domains to use the fifo_file - Allow sshd_t to getattr on all file systems in order to generate avc on nfs_t - Allow apmd_t to read grub.cfg - Let firewallgui read the selinux config - Allow systemd-tmpfiles to delete content in /root that has been moved to /tmp - Fix devicekit_manage_pid_files() interface - Allow squid to check the network state - Dontaudit colord getattr on file systems - Allow ping domains to read zabbix_tmp_t files- Allow mcelog_t to create dir and file in /var/run and label it correctly - Allow dbus to manage fusefs - Mount needs to read process state when mounting gluster file systems - Allow collectd-web to read collectd lib files - Allow daemons and system processes started by init to read/write the unix_stream_socket passed in from as stdin/stdout/stderr - Allow colord to get the attributes of tmpfs filesystem - Add sanlock_use_nfs and sanlock_use_samba booleans - Add bin_t label for /usr/lib/virtualbox/VBoxManage- Add ssh_dontaudit_search_home_dir - Changes to allow namespace_init_t to work - Add interface to allow exec of mongod, add port definition for mongod port, 27017 - Label .kde/share/apps/networkmanagement/certificates/ as home_cert_t - Allow spamd and clamd to steam connect to each other - Add policy label for passwd.OLD - More fixes for postfix and postfix maildro - Add ftp support for mozilla plugins - Useradd now needs to manage policy since it calls libsemanage - Fix devicekit_manage_log_files() interface - Allow colord to execute ifconfig - Allow accountsd to read /sys - Allow mysqld-safe to execute shell - Allow openct to stream connect to pcscd - Add label for /var/run/nm-dns-dnsmasq\.conf - Allow networkmanager to chat with virtd_t- Pulseaudio changes - Merge patches- Merge patches back into git repository.- Remove allow_execmem boolean and replace with deny_execmem boolean- Turn back on allow_execmem boolean- Add more MCS fixes to make sandbox working - Make faillog MLS trusted to make sudo_$1_t working - Allow sandbox_web_client_t to read passwd_file_t - Add .mailrc file context - Remove execheap from openoffice domain - Allow chrome_sandbox_nacl_t to read cpu_info - Allow virtd to relabel generic usb which is need if USB device - Fixes for virt.if interfaces to consider chr_file as image file type- Remove Open Office policy - Remove execmem policy- MCS fixes - quota fixes- Remove transitions to consoletype- Make nvidia* to be labeled correctly - Fix abrt_manage_cache() interface - Make filetrans rules optional so base policy will build - Dontaudit chkpwd_t access to inherited TTYS - Make sure postfix content gets created with the correct label - Allow gnomeclock to read cgroup - Fixes for cloudform policy- Check in fixed for Chrome nacl support- Begin removing qemu_t domain, we really no longer need this domain. - systemd_passwd needs dac_overide to communicate with users TTY's - Allow svirt_lxc domains to send kill signals within their container- Remove qemu.pp again without causing a crash- Remove qemu.pp, everything should use svirt_t or stay in its current domain- Allow policykit to talk to the systemd via dbus - Move chrome_sandbox_nacl_t to permissive domains - Additional rules for chrome_sandbox_nacl- Change bootstrap name to nacl - Chrome still needs execmem - Missing role for chrome_sandbox_bootstrap - Add boolean to remove execmem and execstack from virtual machines - Dontaudit xdm_t doing an access_check on etc_t directories- Allow named to connect to dirsrv by default - add ldapmap1_0 as a krb5_host_rcache_t file - Google chrome developers asked me to add bootstrap policy for nacl stuff - Allow rhev_agentd_t to getattr on mountpoints - Postfix_smtpd_t needs access to milters and cleanup seems to read/write postfix_smtpd_t unix_stream_sockets- Fixes for cloudform policies which need to connect to random ports - Make sure if an admin creates modules content it creates them with the correct label - Add port 8953 as a dns port used by unbound - Fix file name transition for alsa and confined users- Turn on mock_t and thumb_t for unconfined domains- Policy update should not modify local contexts- Remove ada policy- Remove tzdata policy - Add labeling for udev - Add cloudform policy - Fixes for bootloader policy- Add policies for nova openstack- Add fixes for nova-stack policy- Allow svirt_lxc_domain to chr_file and blk_file devices if they are in the domain - Allow init process to setrlimit on itself - Take away transition rules for users executing ssh-keygen - Allow setroubleshoot_fixit_t to read /dev/urand - Allow sshd to relbale tunnel sockets - Allow fail2ban domtrans to shorewall in the same way as with iptables - Add support for lnk files in the /var/lib/sssd directory - Allow system mail to connect to courier-authdaemon over an unix stream socket- Add passwd_file_t for /etc/ptmptmp- Dontaudit access checks for all executables, gnome-shell is doing access(EXEC, X_OK) - Make corosync to be able to relabelto cluster lib fies - Allow samba domains to search /var/run/nmbd - Allow dirsrv to use pam - Allow thumb to call getuid - chrome less likely to get mmap_zero bug so removing dontaudit - gimp help-browser has built in javascript - Best guess is that devices named /dev/bsr4096 should be labeled as cpu_device_t - Re-write glance policy- Move dontaudit sys_ptrace line from permissive.te to domain.te - Remove policy for hal, it no longer exists- Don't check md5 size or mtime on certain config files- Remove allow_ptrace and replace it with deny_ptrace, which will remove all ptrace from the system - Remove 2000 dontaudit rules between confined domains on transition and replace with single dontaudit domain domain:process { noatsecure siginh rlimitinh } ;- Fixes for bootloader policy - $1_gkeyringd_t needs to read $HOME/%USER/.local/share/keystore - Allow nsplugin to read /usr/share/config - Allow sa-update to update rules - Add use_fusefs_home_dirs for chroot ssh option - Fixes for grub2 - Update systemd_exec_systemctl() interface - Allow gpg to read the mail spool - More fixes for sa-update running out of cron job - Allow ipsec_mgmt_t to read hardware state information - Allow pptp_t to connect to unreserved_port_t - Dontaudit getattr on initctl in /dev from chfn - Dontaudit getattr on kernel_core from chfn - Add systemd_list_unit_dirs to systemd_exec_systemctl call - Fixes for collectd policy - CHange sysadm_t to create content as user_tmp_t under /tmp- Shrink size of policy through use of attributes for userdomain and apache- Allow virsh to read xenstored pid file - Backport corenetwork fixes from upstream - Do not audit attempts by thumb to search config_home_t dirs (~/.config) - label ~/.cache/telepathy/logger telepathy_logger_cache_home_t - allow thumb to read generic data home files (mime.type)- Allow nmbd to manage sock file in /var/run/nmbd - ricci_modservice send syslog msgs - Stop transitioning from unconfined_t to ldconfig_t, but make sure /etc/ld.so.cache is labeled correctly - Allow systemd_logind_t to manage /run/USER/dconf/user- Fix missing patch from F16- Allow logrotate setuid and setgid since logrotate is supposed to do it - Fixes for thumb policy by grift - Add new nfsd ports - Added fix to allow confined apps to execmod on chrome - Add labeling for additional vdsm directories - Allow Exim and Dovecot SASL - Add label for /var/run/nmbd - Add fixes to make virsh and xen working together - Colord executes ls - /var/spool/cron is now labeled as user_cron_spool_t- Stop complaining about leaked file descriptors during install- Remove java and mono module and merge into execmem- Fixes for thumb policy and passwd_file_t- Fixes caused by the labeling of /etc/passwd - Add thumb.patch to transition unconfined_t to thumb_t for Rawhide- Add support for Clustered Samba commands - Allow ricci_modrpm_t to send log msgs - move permissive virt_qmf_t from virt.te to permissivedomains.te - Allow ssh_t to use kernel keyrings - Add policy for libvirt-qmf and more fixes for linux containers - Initial Polipo - Sanlock needs to run ranged in order to kill svirt processes - Allow smbcontrol to stream connect to ctdbd- Add label for /etc/passwd- Change unconfined_domains to permissive for Rawhide - Add definition for the ephemeral_ports- Make mta_role() active - Allow asterisk to connect to jabber client port - Allow procmail to read utmp - Add NIS support for systemd_logind_t - Allow systemd_logind_t to manage /run/user/$USER/dconf dir which is labeled as config_home_t - Fix systemd_manage_unit_dirs() interface - Allow ssh_t to manage directories passed into it - init needs to be able to create and delete unit file directories - Fix typo in apache_exec_sys_script - Add ability for logrotate to transition to awstat domain- Change screen to use screen_domain attribute and allow screen_domains to read all process domain state - Add SELinux support for ssh pre-auth net process in F17 - Add logging_syslogd_can_sendmail boolean- Add definition for ephemeral ports - Define user_tty_device_t as a customizable_type- Needs to require a new version of checkpolicy - Interface fixes- Allow sanlock to manage virt lib files - Add virt_use_sanlock booelan - ksmtuned is trying to resolve uids - Make sure .gvfs is labeled user_home_t in the users home directory - Sanlock sends kill signals and needs the kill capability - Allow mockbuild to work on nfs homedirs - Fix kerberos_manage_host_rcache() interface - Allow exim to read system state- Allow systemd-tmpfiles to set the correct labels on /var/run, /tmp and other files - We want any file type that is created in /tmp by a process running as initrc_t to be labeled initrc_tmp_t- Allow collectd to read hardware state information - Add loop_control_device_t - Allow mdadm to request kernel to load module - Allow domains that start other domains via systemctl to search unit dir - systemd_tmpfiles, needs to list any file systems mounted on /tmp - No one can explain why radius is listing the contents of /tmp, so we will dontaudit - If I can manage etc_runtime files, I should be able to read the links - Dontaudit hostname writing to mock library chr_files - Have gdm_t setup labeling correctly in users home dir - Label content unde /var/run/user/NAME/dconf as config_home_t - Allow sa-update to execute shell - Make ssh-keygen working with fips_enabled - Make mock work for staff_t user - Tighten security on mock_t- removing unconfined_notrans_t no longer necessary - Clean up handling of secure_mode_insmod and secure_mode_policyload - Remove unconfined_mount_t- Add exim_exec_t label for /usr/sbin/exim_tidydb - Call init_dontaudit_rw_stream_socket() interface in mta policy - sssd need to search /var/cache/krb5rcache directory - Allow corosync to relabel own tmp files - Allow zarafa domains to send system log messages - Allow ssh to do tunneling - Allow initrc scripts to sendto init_t unix_stream_socket - Changes to make sure dmsmasq and virt directories are labeled correctly - Changes needed to allow sysadm_t to manage systemd unit files - init is passing file descriptors to dbus and on to system daemons - Allow sulogin additional access Reported by dgrift and Jeremy Miller - Steve Grubb believes that wireshark does not need this access - Fix /var/run/initramfs to stop restorecon from looking at - pki needs another port - Add more labels for cluster scripts - Allow apps that manage cgroup_files to manage cgroup link files - Fix label on nfs-utils scripts directories - Allow gatherd to read /dev/rand and /dev/urand- pki needs another port - Add more labels for cluster scripts - Fix label on nfs-utils scripts directories - Fixes for cluster - Allow gatherd to read /dev/rand and /dev/urand - abrt leaks fifo files- Add glance policy - Allow mdadm setsched - /var/run/initramfs should not be relabeled with a restorecon run - memcache can be setup to override sys_resource - Allow httpd_t to read tetex data - Allow systemd_tmpfiles to delete kernel modules left in /tmp directory.- Allow Postfix to deliver to Dovecot LMTP socket - Ignore bogus sys_module for lldpad - Allow chrony and gpsd to send dgrams, gpsd needs to write to the real time clock - systemd_logind_t sets the attributes on usb devices - Allow hddtemp_t to read etc_t files - Add permissivedomains module - Move all permissive domains calls to permissivedomain.te - Allow pegasis to send kill signals to other UIDs- Allow insmod_t to use fds leaked from devicekit - dontaudit getattr between insmod_t and init_t unix_stream_sockets - Change sysctl unit file interfaces to use systemctl - Add support for chronyd unit file - Allow mozilla_plugin to read gnome_usr_config - Add policy for new gpsd - Allow cups to create kerberos rhost cache files - Add authlogin_filetrans_named_content, to unconfined_t to make sure shadow and other log files get labeled correctly- Make users_extra and seusers.final into config(noreplace) so semanage users and login does not get overwritten- Add policy for sa-update being run out of cron jobs - Add create perms to postgresql_manage_db - ntpd using a gps has to be able to read/write generic tty_device_t - If you disable unconfined and unconfineduser, rpm needs more privs to manage /dev - fix spec file - Remove qemu_domtrans_unconfined() interface - Make passenger working together with puppet - Add init_dontaudit_rw_stream_socket interface - Fixes for wordpress- Turn on allow_domain_fd_use boolean on F16 - Allow syslog to manage all log files - Add use_fusefs_home_dirs boolean for chrome - Make vdagent working with confined users - Add abrt_handle_event_t domain for ABRT event scripts - Labeled /usr/sbin/rhnreg_ks as rpm_exec_t and added changes related to this change - Allow httpd_git_script_t to read passwd data - Allow openvpn to set its process priority when the nice parameter is used- livecd fixes - spec file fixes- fetchmail can use kerberos - ksmtuned reads in shell programs - gnome_systemctl_t reads the process state of ntp - dnsmasq_t asks the kernel to load multiple kernel modules - Add rules for domains executing systemctl - Bogus text within fc file- Add cfengine policy- Add abrt_domain attribute - Allow corosync to manage cluster lib files - Allow corosync to connect to the system DBUS- Add sblim, uuidd policies - Allow kernel_t dyntrasition to init_t- init_t need setexec - More fixes of rules which cause an explosion in rules by Dan Walsh- Allow rcsmcertd to perform DNS name resolution - Add dirsrvadmin_unconfined_script_t domain type for 389-ds admin scripts - Allow tmux to run as screen - New policy for collectd - Allow gkeyring_t to interact with all user apps - Add rules to allow firstboot to run on machines with the unconfined.pp module removed- Allow systemd_logind to send dbus messages with users - allow accountsd to read wtmp file - Allow dhcpd to get and set capabilities- Fix oracledb_port definition - Allow mount to mounton the selinux file system - Allow users to list /var directories- systemd fixes- Add initial policy for abrt_dump_oops_t - xtables-multi wants to getattr of the proc fs - Smoltclient is connecting to abrt - Dontaudit leaked file descriptors to postdrop - Allow abrt_dump_oops to look at kernel sysctls - Abrt_dump_oops_t reads kernel ring buffer - Allow mysqld to request the kernel to load modules - systemd-login needs fowner - Allow postfix_cleanup_t to searh maildrop- Initial systemd_logind policy - Add policy for systemd_logger and additional proivs for systemd_logind - More fixes for systemd policies- Allow setsched for virsh - Systemd needs to impersonate cups, which means it needs to create tcp_sockets in cups_t domain, as well as manage spool directories - iptables: the various /sbin/ip6?tables.* are now symlinks for /sbin/xtables-multi- A lot of users are running yum -y update while in /root which is causing ldconfig to list the contents, adding dontaudit - Allow colord to interact with the users through the tmpfs file system - Since we changed the label on deferred, we need to allow postfix_qmgr_t to be able to create maildrop_t files - Add label for /var/log/mcelog - Allow asterisk to read /dev/random if it uses TLS - Allow colord to read ini files which are labeled as bin_t - Allow dirsrvadmin sys_resource and setrlimit to use ulimit - Systemd needs to be able to create sock_files for every label in /var/run directory, cupsd being the first. - Also lists /var and /var/spool directories - Add openl2tpd to l2tpd policy - qpidd is reading the sysfs file- Change usbmuxd_t to dontaudit attempts to read chr_file - Add mysld_safe_exec_t for libra domains to be able to start private mysql domains - Allow pppd to search /var/lock dir - Add rhsmcertd policy- Update to upstream- More fixes * http://git.fedorahosted.org/git/?p=selinux-policy.git- Fix spec file to not report Verify errors- Add dspam policy - Add lldpad policy - dovecot auth wants to search statfs #713555 - Allow systemd passwd apps to read init fifo_file - Allow prelink to use inherited terminals - Run cherokee in the httpd_t domain - Allow mcs constraints on node connections - Implement pyicqt policy - Fixes for zarafa policy - Allow cobblerd to send syslog messages- Add policy.26 to the payload - Remove olpc stuff - Remove policygentool- Fixes for zabbix - init script needs to be able to manage sanlock_var_run_... - Allow sandlock and wdmd to create /var/run directories... - mixclip.so has been compiled correctly - Fix passenger policy module name- Add mailscanner policy from dgrift - Allow chrome to optionally be transitioned to - Zabbix needs these rules when starting the zabbix_server_mysql - Implement a type for freedesktop openicc standard (~/.local/share/icc) - Allow system_dbusd_t to read inherited icc_data_home_t files. - Allow colord_t to read icc_data_home_t content. #706975 - Label stuff under /usr/lib/debug as if it was labeled under /- Fixes for sanlock policy - Fixes for colord policy - Other fixes * http://git.fedorahosted.org/git/?p=selinux-policy.git;a=log- Add rhev policy module to modules-targeted.conf- Lot of fixes * http://git.fedorahosted.org/git/?p=selinux-policy.git;a=log- Allow logrotate to execute systemctl - Allow nsplugin_t to getattr on gpmctl - Fix dev_getattr_all_chr_files() interface - Allow shorewall to use inherited terms - Allow userhelper to getattr all chr_file devices - sandbox domains should be able to getattr and dontaudit search of sysctl_kernel_t - Fix labeling for ABRT Retrace Server- Dontaudit sys_module for ifconfig - Make telepathy and gkeyringd daemon working with confined users - colord wants to read files in users homedir - Remote login should be creating user_tmp_t not its own tmp files- Fix label for /usr/share/munin/plugins/munin_* plugins - Add support for zarafa-indexer - Fix boolean description - Allow colord to getattr on /proc/scsi/scsi - Add label for /lib/upstart/init - Colord needs to list /mnt- Forard port changes from F15 for telepathy - NetworkManager should be allowed to use /dev/rfkill - Fix dontaudit messages to say Domain to not audit - Allow telepathy domains to read/write gnome_cache files - Allow telepathy domains to call getpw - Fixes for colord and vnstatd policy- Allow init_t getcap and setcap - Allow namespace_init_t to use nsswitch - aisexec will execute corosync - colord tries to read files off noxattr file systems - Allow init_t getcap and setcap- Add support for ABRT retrace server - Allow user_t and staff_t access to generic scsi to handle locally plugged in scanners - Allow telepath_msn_t to read /proc/PARENT/cmdline - ftpd needs kill capability - Allow telepath_msn_t to connect to sip port - keyring daemon does not work on nfs homedirs - Allow $1_sudo_t to read default SELinux context - Add label for tgtd sock file in /var/run/ - Add apache_exec_rotatelogs interface - allow all zaraha domains to signal themselves, server writes to /tmp - Allow syslog to read the process state - Add label for /usr/lib/chromium-browser/chrome - Remove the telepathy transition from unconfined_t - Dontaudit sandbox domains trying to mounton sandbox_file_t, this is caused by fuse mounts - Allow initrc_t domain to manage abrt pid files - Add support for AEOLUS project - Virt_admin should be allowed to manage images and processes - Allow plymountd to send signals to init - Change labeling of fping6- Add filename transitions- Fixes for zarafa policy - Add support for AEOLUS project - Change labeling of fping6 - Allow plymountd to send signals to init - Allow initrc_t domain to manage abrt pid files - Virt_admin should be allowed to manage images and processes- xdm_t needs getsession for switch user - Every app that used to exec init is now execing systemdctl - Allow squid to manage krb5_host_rcache_t files - Allow foghorn to connect to agentx port - Fixes for colord policy- Add Dan's patch to remove 64 bit variants - Allow colord to use unix_dgram_socket - Allow apps that search pids to read /var/run if it is a lnk_file - iscsid_t creates its own directory - Allow init to list var_lock_t dir - apm needs to verify user accounts auth_use_nsswitch - Add labeling for systemd unit files - Allow gnomeclok to enable ntpd service using systemctl - systemd_systemctl_t domain was added - Add label for matahari-broker.pid file - We want to remove untrustedmcsprocess from ability to read /proc/pid - Fixes for matahari policy - Allow system_tmpfiles_t to delete user_home_t files in the /tmp dir - Allow sshd to transition to sysadm_t if ssh_sysadm_login is turned on- Fix typo- Add /var/run/lock /var/lock definition to file_contexts.subs - nslcd_t is looking for kerberos cc files - SSH_USE_STRONG_RNG is 1 which requires /dev/random - Fix auth_rw_faillog definition - Allow sysadm_t to set attributes on fixed disks - allow user domains to execute lsof and look at application sockets - prelink_cron job calls telinit -u if init is rewritten - Fixes to run qemu_t from staff_t- Fix label for /var/run/udev to udev_var_run_t - Mock needs to be able to read network state- Add file_contexts.subs to handle /run and /run/lock - Add other fixes relating to /run changes from F15 policy- Allow $1_sudo_t and $1_su_t open access to user terminals - Allow initrc_t to use generic terminals - Make Makefile/Rules.modular run sepolgen-ifgen during build to check if files for bugs -systemd is going to be useing /run and /run/lock for early bootup files. - Fix some comments in rlogin.if - Add policy for KDE backlighthelper - sssd needs to read ~/.k5login in nfs, cifs or fusefs file systems - sssd wants to read .k5login file in users homedir - setroubleshoot reads executables to see if they have TEXTREL - Add /var/spool/audit support for new version of audit - Remove kerberos_connect_524() interface calling - Combine kerberos_master_port_t and kerberos_port_t - systemd has setup /dev/kmsg as stderr for apps it executes - Need these access so that init can impersonate sockets on unix_dgram_socket- Remove some unconfined domains - Remove permissive domains - Add policy-term.patch from Dan- Fix multiple specification for boot.log - devicekit leaks file descriptors to setfiles_t - Change all all_nodes to generic_node and all_if to generic_if - Should not use deprecated interface - Switch from using all_nodes to generic_node and from all_if to generic_if - Add support for xfce4-notifyd - Fix file context to show several labels as SystemHigh - seunshare needs to be able to mounton nfs/cifs/fusefs homedirs - Add etc_runtime_t label for /etc/securetty - Fixes to allow xdm_t to start gkeyringd_USERTYPE_t directly - login.krb needs to be able to write user_tmp_t - dirsrv needs to bind to port 7390 for dogtag - Fix a bug in gpg policy - gpg sends audit messages - Allow qpid to manage matahari files- Initial policy for matahari - Add dev_read_watchdog - Allow clamd to connect clamd port - Add support for kcmdatetimehelper - Allow shutdown to setrlimit and sys_nice - Allow systemd_passwd to talk to /dev/log before udev or syslog is running - Purge chr_file and blk files on /tmp - Fixes for pads - Fixes for piranha-pulse - gpg_t needs to be able to encyprt anything owned by the user- mozilla_plugin_tmp_t needs to be treated as user tmp files - More dontaudits of writes from readahead - Dontaudit readahead_t file_type:dir write, to cover up kernel bug - systemd_tmpfiles needs to relabel faillog directory as well as the file - Allow hostname and consoletype to r/w inherited initrc_tmp_t files handline hostname >> /tmp/myhost- Add policykit fixes from Tim Waugh - dontaudit sandbox domains sandbox_file_t:dir mounton - Add new dontaudit rules for sysadm_dbusd_t - Change label for /var/run/faillock * other fixes which relate with this change- Update to upstream - Fixes for telepathy - Add port defition for ssdp port - add policy for /bin/systemd-notify from Dan - Mount command requires users read mount_var_run_t - colord needs to read konject_uevent_socket - User domains connect to the gkeyring socket - Add colord policy and allow user_t and staff_t to dbus chat with it - Add lvm_exec_t label for kpartx - Dontaudit reading the mail_spool_t link from sandbox -X - systemd is creating sockets in avahi_var_run and system_dbusd_var_run- gpg_t needs to talk to gnome-keyring - nscd wants to read /usr/tmp->/var/tmp to generate randomziation in unixchkpwd - enforce MCS labeling on nodes - Allow arpwatch to read meminfo - Allow gnomeclock to send itself signals - init relabels /dev/.udev files on boot - gkeyringd has to transition back to staff_t when it runs commands in bin_t or shell_exec_t - nautilus checks access on /media directory before mounting usb sticks, dontaudit access_check on mnt_t - dnsmasq can run as a dbus service, needs acquire service - mysql_admin should be allowed to connect to mysql service - virt creates monitor sockets in the users home dir- Allow usbhid-ups to read hardware state information - systemd-tmpfiles has moved - Allo cgroup to sys_tty_config - For some reason prelink is attempting to read gconf settings - Add allow_daemons_use_tcp_wrapper boolean - Add label for ~/.cache/wocky to make telepathy work in enforcing mode - Add label for char devices /dev/dasd* - Fix for apache_role - Allow amavis to talk to nslcd - allow all sandbox to read selinux poilcy config files - Allow cluster domains to use the system bus and send each other dbus messages- Update to upstream- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Update to ref policy - cgred needs chown capability - Add /dev/crash crash_dev_t - systemd-readahead wants to use fanotify which means readahead_t needs sys_admin capability- New labeling for postfmulti #675654 - dontaudit xdm_t listing noxattr file systems - dovecot-auth needs to be able to connect to mysqld via the network as well as locally - shutdown is passed stdout to a xdm_log_t file - smartd creates a fixed disk device - dovecot_etc_t contains a lnk_file that domains need to read - mount needs to be able to read etc_runtim_t:lnk_file since in rawhide this is a link created at boot- syslog_t needs syslog capability - dirsrv needs to be able to create /var/lib/snmp - Fix labeling for dirsrv - Fix for dirsrv policy missing manage_dirs_pattern - corosync needs to delete clvm_tmpfs_t files - qdiskd needs to list hugetlbfs - Move setsched to sandbox_x_domain, so firefox can run without network access - Allow hddtemp to read removable devices - Adding syslog and read_policy permissions to policy * syslog Allow unconfined, sysadm_t, secadm_t, logadm_t * read_policy allow unconfined, sysadm_t, secadm_t, staff_t on Targeted allow sysadm_t (optionally), secadm_t on MLS - mdadm application will write into /sys/.../uevent whenever arrays are assembled or disassembled.- Add tcsd policy- ricci_modclusterd_t needs to bind to rpc ports 500-1023 - Allow dbus to use setrlimit to increase resoueces - Mozilla_plugin is leaking to sandbox - Allow confined users to connect to lircd over unix domain stream socket which allow to use remote control - Allow awstats to read squid logs - seunshare needs to manage tmp_t - apcupsd cgi scripts have a new directory- Fix xserver_dontaudit_read_xdm_pid - Change oracle_port_t to oracledb_port_t to prevent conflict with satellite - Allow dovecot_deliver_t to read/write postfix_master_t:fifo_file. * These fifo_file is passed from postfix_master_t to postfix_local_t to dovecot_deliver_t - Allow readahead to manage readahead pid dirs - Allow readahead to read all mcs levels - Allow mozilla_plugin_t to use nfs or samba homedirs- Allow nagios plugin to read /proc/meminfo - Fix for mozilla_plugin - Allow samba_net_t to create /etc/keytab - pppd_t setting up vpns needs to run unix_chkpwd, setsched its process and write wtmp_t - nslcd can read user credentials - Allow nsplugin to delete mozilla_plugin_tmpfs_t - abrt tries to create dir in rpm_var_lib_t - virt relabels fifo_files - sshd needs to manage content in fusefs homedir - mock manages link files in cache dir- nslcd needs setsched and to read /usr/tmp - Invalid call in likewise policy ends up creating a bogus role - Cannon puts content into /var/lib/bjlib that cups needs to be able to write - Allow screen to create screen_home_t in /root - dirsrv sends syslog messages - pinentry reads stuff in .kde directory - Add labels for .kde directory in homedir - Treat irpinit, iprupdate, iprdump services with raid policy- NetworkManager wants to read consolekit_var_run_t - Allow readahead to create /dev/.systemd/readahead - Remove permissive domains - Allow newrole to run namespace_init- Add sepgsql_contexts file- Update to upstream- Add oracle ports and allow apache to connect to them if the connect_db boolean is turned on - Add puppetmaster_use_db boolean - Fixes for zarafa policy - Fixes for gnomeclock poliy - Fix systemd-tmpfiles to use auth_use_nsswitch- gnomeclock executes a shell - Update for screen policy to handle pipe in homedir - Fixes for polyinstatiated homedir - Fixes for namespace policy and other fixes related to polyinstantiation - Add namespace policy - Allow dovecot-deliver transition to sendmail which is needed by sieve scripts - Fixes for init, psad policy which relate with confined users - Do not audit bootloader attempts to read devicekit pid files - Allow nagios service plugins to read /proc- Add firewalld policy - Allow vmware_host to read samba config - Kernel wants to read /proc Fix duplicate grub def in cobbler - Chrony sends mail, executes shell, uses fifo_file and reads /proc - devicekitdisk getattr all file systems - sambd daemon writes wtmp file - libvirt transitions to dmidecode- Add initial policy for system-setup-keyboard which is now daemon - Label /var/lock/subsys/shorewall as shorewall_lock_t - Allow users to communicate with the gpg_agent_t - Dontaudit mozilla_plugin_t using the inherited terminal - Allow sambagui to read files in /usr - webalizer manages squid log files - Allow unconfined domains to bind ports to raw_ip_sockets - Allow abrt to manage rpm logs when running yum - Need labels for /var/run/bittlebee - Label .ssh under amanda - Remove unused genrequires for virt_domain_template - Allow virt_domain to use fd inherited from virtd_t - Allow iptables to read shorewall config- Gnome apps list config_home_t - mpd creates lnk files in homedir - apache leaks write to mail apps on tmp files - /var/stockmaniac/templates_cache contains log files - Abrt list the connects of mount_tmp_t dirs - passwd agent reads files under /dev and reads utmp file - squid apache script connects to the squid port - fix name of plymouth log file - teamviewer is a wine app - allow dmesg to read system state - Stop labeling files under /var/lib/mock so restorecon will not go into this - nsplugin needs to read network state for google talk- Allow xdm and syslog to use /var/log/boot.log - Allow users to communicate with mozilla_plugin and kill it - Add labeling for ipv6 and dhcp- New labels for ghc http content - nsplugin_config needs to read urand, lvm now calls setfscreate to create dev - pm-suspend now creates log file for append access so we remove devicekit_wri - Change authlogin_use_sssd to authlogin_nsswitch_use_ldap - Fixes for greylist_milter policy- Update to upstream - Fixes for systemd policy - Fixes for passenger policy - Allow staff users to run mysqld in the staff_t domain, akonadi needs this - Add bin_t label for /usr/share/kde4/apps/kajongg/kajongg.py - auth_use_nsswitch does not need avahi to read passwords,needed for resolving data - Dontaudit (xdm_t) gok attempting to list contents of /var/account - Telepathy domains need to read urand - Need interface to getattr all file classes in a mock library for setroubleshoot- Update selinux policy to handle new /usr/share/sandbox/start script- Update to upstream - Fix version of policy in spec file- Allow sandbox to run on nfs partitions, fixes for systemd_tmpfs - remove per sandbox domains devpts types - Allow dkim-milter sending signal to itself- Allow domains that transition to ping or traceroute, kill them - Allow user_t to conditionally transition to ping_t and traceroute_t - Add fixes to systemd- tools, including new labeling for systemd-fsck, systemd-cryptsetup- Turn on systemd policy - mozilla_plugin needs to read certs in the homedir. - Dontaudit leaked file descriptors from devicekit - Fix ircssi to use auth_use_nsswitch - Change to use interface without param in corenet to disable unlabelednet packets - Allow init to relabel sockets and fifo files in /dev - certmonger needs dac* capabilities to manage cert files not owned by root - dovecot needs fsetid to change group membership on mail - plymouthd removes /var/log/boot.log - systemd is creating symlinks in /dev - Change label on /etc/httpd/alias to be all cert_t- Fixes for clamscan and boinc policy - Add boinc_project_t setpgid - Allow alsa to create tmp files in /tmp- Push fixes to allow disabling of unlabeled_t packet access - Enable unlabelednet policy- Fixes for lvm to work with systemd- Fix the label for wicd log - plymouthd creates force-display-on-active-vt file - Allow avahi to request the kernel to load a module - Dontaudit hal leaks - Fix gnome_manage_data interface - Add new interface corenet_packet to define a type as being an packet_type. - Removed general access to packet_type from icecast and squid. - Allow mpd to read alsa config - Fix the label for wicd log - Add systemd policy- Fix gnome_manage_data interface - Dontaudit sys_ptrace capability for iscsid - Fixes for nagios plugin policy- Fix cron to run ranged when started by init - Fix devicekit to use log files - Dontaudit use of devicekit_var_run_t for fstools - Allow init to setattr on logfile directories - Allow hald to manage files in /var/run/pm-utils/ dir which is now labeled as devicekit_var_run_t- Fix up handling of dnsmasq_t creating /var/run/libvirt/network - Turn on sshd_forward_ports boolean by default - Allow sysadmin to dbus chat with rpm - Add interface for rw_tpm_dev - Allow cron to execute bin - fsadm needs to write sysfs - Dontaudit consoletype reading /var/run/pm-utils - Lots of new privs fro mozilla_plugin_t running java app, make mozilla_plugin - certmonger needs to manage dirsrv data - /var/run/pm-utils should be labeled as devicekit_var_run_t- fixes to allow /var/run and /var/lock as tmpfs - Allow chrome sandbox to connect to web ports - Allow dovecot to listem on lmtp and sieve ports - Allov ddclient to search sysctl_net_t - Transition back to original domain if you execute the shell- Remove duplicate declaration- Update to upstream - Cleanup for sandbox - Add attribute to be able to select sandbox types- Allow ddclient to fix file mode bits of ddclient conf file - init leaks file descriptors to daemons - Add labels for /etc/lirc/ and - Allow amavis_t to exec shell - Add label for gssd_tmp_t for /var/tmp/nfs_0- Put back in lircd_etc_t so policy will install- Turn on allow_postfix_local_write_mail_spool - Allow initrc_t to transition to shutdown_t - Allow logwatch and cron to mls_read_to_clearance for MLS boxes - Allow wm to send signull to all applications and receive them from users - lircd patch from field - Login programs have to read /etc/samba - New programs under /lib/systemd - Abrt needs to read config files- Update to upstream - Dontaudit leaked sockets from userdomains to user domains - Fixes for mcelog to handle scripts - Apply patch from Ruben Kerkhof - Allow syslog to search spool dirs- Allow nagios plugins to read usr files - Allow mysqld-safe to send system log messages - Fixes fpr ddclient policy - Fix sasl_admin interface - Allow apache to search zarafa config - Allow munin plugins to search /var/lib directory - Allow gpsd to read sysfs_t - Fix labels on /etc/mcelog/triggers to bin_t- Remove saslauthd_tmp_t and transition tmp files to krb5_host_rcache_t - Allow saslauthd_t to create krb5_host_rcache_t files in /tmp - Fix xserver interface - Fix definition of /var/run/lxdm- Turn on mediawiki policy - kdump leaks kdump_etc_t to ifconfig, add dontaudit - uux needs to transition to uucpd_t - More init fixes relabels man,faillog - Remove maxima defs in libraries.fc - insmod needs to be able to create tmpfs_t files - ping needs setcap- Allow groupd transition to fenced domain when executes fence_node - Fixes for rchs policy - Allow mpd to be able to read samba/nfs files- Fix up corecommands.fc to match upstream - Make sure /lib/systemd/* is labeled init_exec_t - mount wants to setattr on all mountpoints - dovecot auth wants to read dovecot etc files - nscd daemon looks at the exe file of the comunicating daemon - openvpn wants to read utmp file - postfix apps now set sys_nice and lower limits - remote_login (telnetd/login) wants to use telnetd_devpts_t and user_devpts_t to work correctly - Also resolves nsswitch - Fix labels on /etc/hosts.* - Cleanup to make upsteam patch work - allow abrt to read etc_runtime_t- Add conflicts for dirsrv package- Update to upstream - Add vlock policy- Fix sandbox to work on nfs homedirs - Allow cdrecord to setrlimit - Allow mozilla_plugin to read xauth - Change label on systemd-logger to syslogd_exec_t - Install dirsrv policy from dirsrv package- Add virt_home_t, allow init to setattr on xserver_tmp_t and relabel it - Udev needs to stream connect to init and kernel - Add xdm_exec_bootloader boolean, which allows xdm to execute /sbin/grub and read files in /boot directory- Allow NetworkManager to read openvpn_etc_t - Dontaudit hplip to write of /usr dirs - Allow system_mail_t to create /root/dead.letter as mail_home_t - Add vdagent policy for spice agent daemon- Dontaudit sandbox sending sigkill to all user domains - Add policy for rssh_chroot_helper - Add missing flask definitions - Allow udev to relabelto removable_t - Fix label on /var/log/wicd.log - Transition to initrc_t from init when executing bin_t - Add audit_access permissions to file - Make removable_t a device_node - Fix label on /lib/systemd/*- Fixes for systemd to manage /var/run - Dontaudit leaks by firstboot- Allow chome to create netlink_route_socket - Add additional MATHLAB file context - Define nsplugin as an application_domain - Dontaudit sending signals from sandboxed domains to other domains - systemd requires init to build /tmp /var/auth and /var/lock dirs - mount wants to read devicekit_power /proc/ entries - mpd wants to connect to soundd port - Openoffice causes a setattr on a lib_t file for normal users, add dontaudit - Treat lib_t and textrel_shlib_t directories the same - Allow mount read access on virtual images- Allow sandbox_x_domains to work with nfs/cifs/fusefs home dirs. - Allow devicekit_power to domtrans to mount - Allow dhcp to bind to udp ports > 1024 to do named stuff - Allow ssh_t to exec ssh_exec_t - Remove telepathy_butterfly_rw_tmp_files(), dev_read_printk() interfaces which are nolonger used - Fix clamav_append_log() intefaces - Fix 'psad_rw_fifo_file' interface- Allow cobblerd to list cobler appache content- Fixup for the latest version of upowed - Dontaudit sandbox sending SIGNULL to desktop apps- Update to upstream-Mount command from a confined user generates setattr on /etc/mtab file, need to dontaudit this access - dovecot-auth_t needs ipc_lock - gpm needs to use the user terminal - Allow system_mail_t to append ~/dead.letter - Allow NetworkManager to edit /etc/NetworkManager/NetworkManager.conf - Add pid file to vnstatd - Allow mount to communicate with gfs_controld - Dontaudit hal leaks in setfiles- Lots of fixes for systemd - systemd now executes readahead and tmpwatch type scripts - Needs to manage random seed- Allow smbd to use sys_admin - Remove duplicate file context for tcfmgr - Update to upstream- Fix fusefs handling - Do not allow sandbox to manage nsplugin_rw_t - Allow mozilla_plugin_t to connecto its parent - Allow init_t to connect to plymouthd running as kernel_t - Add mediawiki policy - dontaudit sandbox sending signals to itself. This can happen when they are running at different mcs. - Disable transition from dbus_session_domain to telepathy for F14 - Allow boinc_project to use shm - Allow certmonger to search through directories that contain certs - Allow fail2ban the DAC Override so it can read log files owned by non root users- Start adding support for use_fusefs_home_dirs - Add /var/lib/syslog directory file context - Add /etc/localtime as locale file context- Turn off default transition to mozilla_plugin and telepathy domains from unconfined user - Turn off iptables from unconfined user - Allow sudo to send signals to any domains the user could have transitioned to. - Passwd in single user mode needs to talk to console_device_t - Mozilla_plugin_t needs to connect to web ports, needs to write to video device, and read alsa_home_t alsa setsup pulseaudio - locate tried to read a symbolic link, will dontaudit - New labels for telepathy-sunshine content in homedir - Google is storing other binaries under /opt/google/talkplugin - bluetooth/kernel is creating unlabeled_t socket that I will allow it to use until kernel fixes bug - Add boolean for unconfined_t transition to mozilla_plugin_t and telepathy domains, turned off in F14 on in F15 - modemmanger and bluetooth send dbus messages to devicekit_power - Samba needs to getquota on filesystems labeld samba_share_t- Dontaudit attempts by xdm_t to write to bin_t for kdm - Allow initrc_t to manage system_conf_t- Fixes to allow mozilla_plugin_t to create nsplugin_home_t directory. - Allow mozilla_plugin_t to create tcp/udp/netlink_route sockets - Allow confined users to read xdm_etc_t files - Allow xdm_t to transition to xauth_t for lxdm program- Rearrange firewallgui policy to be more easily updated to upstream, dontaudit search of /home - Allow clamd to send signals to itself - Allow mozilla_plugin_t to read user home content. And unlink pulseaudio shm. - Allow haze to connect to yahoo chat and messenger port tcp:5050. Bz #637339 - Allow guest to run ps command on its processes by allowing it to read /proc - Allow firewallgui to sys_rawio which seems to be required to setup masqerading - Allow all domains to search through default_t directories, in order to find differnet labels. For example people serring up /foo/bar to be share via samba. - Add label for /var/log/slim.log- Pull in cleanups from dgrift - Allow mozilla_plugin_t to execute mozilla_home_t - Allow rpc.quota to do quotamod- Cleanup policy via dgrift - Allow dovecot_deliver to append to inherited log files - Lots of fixes for consolehelper- Fix up Xguest policy- Add vnstat policy - allow libvirt to send audit messages - Allow chrome-sandbox to search nfs_t- Update to upstream- Add the ability to send audit messages to confined admin policies - Remove permissive domain from cmirrord and dontaudit sys_tty_config - Split out unconfined_domain() calls from other unconfined_ calls so we can d - virt needs to be able to read processes to clearance for MLS- Allow all domains that can use cgroups to search tmpfs_t directory - Allow init to send audit messages- Update to upstream- Allow mdadm_t to create files and sock files in /dev/md/- Add policy for ajaxterm- Handle /var/db/sudo - Allow pulseaudio to read alsa config - Allow init to send initrc_t dbus messagesAllow iptables to read shorewall tmp files Change chfn and passwd to use auth_use_pam so they can send dbus messages to fpr intd label vlc as an execmem_exec_t Lots of fixes for mozilla_plugin to run google vidio chat Allow telepath_msn to execute ldconfig and its own tmp files Fix labels on hugepages Allow mdadm to read files on /dev Remove permissive domains and change back to unconfined Allow freshclam to execute shell and bin_t Allow devicekit_power to transition to dhcpc Add boolean to allow icecast to connect to any port- Merge upstream fix of mmap_zero - Allow mount to write files in debugfs_t - Allow corosync to communicate with clvmd via tmpfs - Allow certmaster to read usr_t files - Allow dbus system services to search cgroup_t - Define rlogind_t as a login pgm- Allow mdadm_t to read/write hugetlbfs- Dominic Grift Cleanup - Miroslav Grepl policy for jabberd - Various fixes for mount/livecd and prelink- Merge with upstream- More access needed for devicekit - Add dbadm policy- Merge with upstream- Allow seunshare to fowner- Allow cron to look at user_cron_spool links - Lots of fixes for mozilla_plugin_t - Add sysv file system - Turn unconfined domains to permissive to find additional avcs- Update policy for mozilla_plugin_t- Allow clamscan to read proc_t - Allow mount_t to write to debufs_t dir - Dontaudit mount_t trying to write to security_t dir- Allow clamscan_t execmem if clamd_use_jit set - Add policy for firefox plugin-container- Fix /root/.forward definition- label dead.letter as mail_home_t- Allow login programs to search /cgroups- Fix cert handling- Fix devicekit_power bug - Allow policykit_auth_t more access.- Fix nis calls to allow bind to ports 512-1024 - Fix smartmon- Allow pcscd to read sysfs - systemd fixes - Fix wine_mmap_zero_ignore boolean- Apply Miroslav munin patch - Turn back on allow_execmem and allow_execmod booleans- Merge in fixes from dgrift repository- Update boinc policy - Fix sysstat policy to allow sys_admin - Change failsafe_context to unconfined_r:unconfined_t:s0- New paths for upstart- New permissions for syslog - New labels for /lib/upstart- Add mojomojo policy- Allow systemd to setsockcon on sockets to immitate other services- Remove debugfs label- Update to latest policy- Fix eclipse labeling from IBMSupportAssasstant packageing- Make boot with systemd in enforcing mode- Update to upstream- Add boolean to turn off port forwarding in sshd.- Add support for ebtables - Fixes for rhcs and corosync policy-Update to upstream-Update to upstream-Update to upstream- Add Zarafa policy- Cleanup of aiccu policy - initial mock policy- Lots of random fixes- Update to upstream- Update to upstream - Allow prelink script to signal itself - Cobbler fixes- Add xdm_var_run_t to xserver_stream_connect_xdm - Add cmorrord and mpd policy from Miroslav Grepl- Fix sshd creation of krb cc files for users to be user_tmp_t- Fixes for accountsdialog - Fixes for boinc- Fix label on /var/lib/dokwiki - Change permissive domains to enforcing - Fix libvirt policy to allow it to run on mls- Update to upstream- Allow procmail to execute scripts in the users home dir that are labeled home_bin_t - Fix /var/run/abrtd.lock label- Allow login programs to read krb5_home_t Resolves: 594833 - Add obsoletes for cachefilesfd-selinux package Resolves: #575084- Allow mount to r/w abrt fifo file - Allow svirt_t to getattr on hugetlbfs - Allow abrt to create a directory under /var/spool- Add labels for /sys - Allow sshd to getattr on shutdown - Fixes for munin - Allow sssd to use the kernel key ring - Allow tor to send syslog messages - Allow iptabels to read usr files - allow policykit to read all domains state- Fix path for /var/spool/abrt - Allow nfs_t as an entrypoint for http_sys_script_t - Add policy for piranha - Lots of fixes for sosreport- Allow xm_t to read network state and get and set capabilities - Allow policykit to getattr all processes - Allow denyhosts to connect to tcp port 9911 - Allow pyranha to use raw ip sockets and ptrace itself - Allow unconfined_execmem_t and gconfsd mechanism to dbus - Allow staff to kill ping process - Add additional MLS rules- Allow gdm to edit ~/.gconf dir Resolves: #590677 - Allow dovecot to create directories in /var/lib/dovecot Partially resolves 590224 - Allow avahi to dbus chat with NetworkManager - Fix cobbler labels - Dontaudit iceauth_t leaks - fix /var/lib/lxdm file context - Allow aiccu to use tun tap devices - Dontaudit shutdown using xserver.log- Fixes for sandbox_x_net_t to match access for sandbox_web_t ++ - Add xdm_etc_t for /etc/gdm directory, allow accountsd to manage this directory - Add dontaudit interface for bluetooth dbus - Add chronyd_read_keys, append_keys for initrc_t - Add log support for ksmtuned Resolves: #586663- Allow boinc to send mail- Allow initrc_t to remove dhcpc_state_t - Fix label on sa-update.cron - Allow dhcpc to restart chrony initrc - Don't allow sandbox to send signals to its parent processes - Fix transition from unconfined_t -> unconfined_mount_t -> rpcd_t Resolves: #589136- Fix location of oddjob_mkhomedir Resolves: #587385 - fix labeling on /root/.shosts and ~/.shosts - Allow ipsec_mgmt_t to manage net_conf_t Resolves: #586760- Dontaudit sandbox trying to connect to netlink sockets Resolves: #587609 - Add policy for piranha- Fixups for xguest policy - Fixes for running sandbox firefox- Allow ksmtuned to use terminals Resolves: #586663 - Allow lircd to write to generic usb devices- Allow sandbox_xserver to connectto unconfined stream Resolves: #585171- Allow initrc_t to read slapd_db_t Resolves: #585476 - Allow ipsec_mgmt to use unallocated devpts and to create /etc/resolv.conf Resolves: #585963- Allow rlogind_t to search /root for .rhosts Resolves: #582760 - Fix path for cached_var_t - Fix prelink paths /var/lib/prelink - Allow confined users to direct_dri - Allow mls lvm/cryptosetup to work- Allow virtd_t to manage firewall/iptables config Resolves: #573585- Fix label on /root/.rhosts Resolves: #582760 - Add labels for Picasa - Allow openvpn to read home certs - Allow plymouthd_t to use tty_device_t - Run ncftool as iptables_t - Allow mount to unmount unlabeled_t - Dontaudit hal leaks- Allow livecd to transition to mount- Update to upstream - Allow abrt to delete sosreport Resolves: #579998 - Allow snmp to setuid and gid Resolves: #582155 - Allow smartd to use generic scsi devices Resolves: #582145- Allow ipsec_t to create /etc/resolv.conf with the correct label - Fix reserved port destination - Allow autofs to transition to showmount - Stop crashing tuned- Add telepathysofiasip policy- Update to upstream - Fix label for /opt/google/chrome/chrome-sandbox - Allow modemmanager to dbus with policykit- Fix allow_httpd_mod_auth_pam to use auth_use_pam(httpd_t) - Allow accountsd to read shadow file - Allow apache to send audit messages when using pam - Allow asterisk to bind and connect to sip tcp ports - Fixes for dovecot 2.0 - Allow initrc_t to setattr on milter directories - Add procmail_home_t for .procmailrc file- Fixes for labels during install from livecd- Fix /cgroup file context - Fix broken afs use of unlabled_t - Allow getty to use the console for s390- Fix cgroup handling adding policy for /cgroup - Allow confined users to write to generic usb devices, if user_rw_noexattrfile boolean set- Merge patches from dgrift- Update upstream - Allow abrt to write to the /proc under any process- Fix ~/.fontconfig label - Add /root/.cert label - Allow reading of the fixed_file_disk_t:lnk_file if you can read file - Allow qemu_exec_t as an entrypoint to svirt_t- Update to upstream - Allow tmpreaper to delete sandbox sock files - Allow chrome-sandbox_t to use /dev/zero, and dontaudit getattr file systems - Fixes for gitosis - No transition on livecd to passwd or chfn - Fixes for denyhosts- Add label for /var/lib/upower - Allow logrotate to run sssd - dontaudit readahead on tmpfs blk files - Allow tmpreaper to setattr on sandbox files - Allow confined users to execute dos files - Allow sysadm_t to kill processes running within its clearance - Add accountsd policy - Fixes for corosync policy - Fixes from crontab policy - Allow svirt to manage svirt_image_t chr files - Fixes for qdisk policy - Fixes for sssd policy - Fixes for newrole policy- make libvirt work on an MLS platform- Add qpidd policy- Update to upstream- Allow boinc to read kernel sysctl - Fix snmp port definitions - Allow apache to read anon_inodefs- Allow shutdown dac_override- Add device_t as a file system - Fix sysfs association- Dontaudit ipsec_mgmt sys_ptrace - Allow at to mail its spool files - Allow nsplugin to search in .pulse directory- Update to upstream- Allow users to dbus chat with xdm - Allow users to r/w wireless_device_t - Dontaudit reading of process states by ipsec_mgmt- Fix openoffice from unconfined_t- Add shutdown policy so consolekit can shutdown system- Update to upstream- Update to upstream- Update to upstream - These are merges of my patches - Remove 389 labeling conflicts - Add MLS fixes found in RHEL6 testing - Allow pulseaudio to run as a service - Add label for mssql and allow apache to connect to this database port if boolean set - Dontaudit searches of debugfs mount point - Allow policykit_auth to send signals to itself - Allow modcluster to call getpwnam - Allow swat to signal winbind - Allow usbmux to run as a system role - Allow svirt to create and use devpts- Add MLS fixes found in RHEL6 testing - Allow domains to append to rpm_tmp_t - Add cachefilesfd policy - Dontaudit leaks when transitioning- Change allow_execstack and allow_execmem booleans to on - dontaudit acct using console - Add label for fping - Allow tmpreaper to delete sandbox_file_t - Fix wine dontaudit mmap_zero - Allow abrt to read var_t symlinks- Additional policy for rgmanager- Allow sshd to setattr on pseudo terms- Update to upstream- Allow policykit to send itself signals- Fix duplicate cobbler definition- Fix file context of /var/lib/avahi-autoipd- Merge with upstream- Allow sandbox to work with MLS- Make Chrome work with staff user- Add icecast policy - Cleanup spec file- Add mcelog policy- Lots of fixes found in F12- Fix rpm_dontaudit_leaks- Add getsched to hald_t - Add file context for Fedora/Redhat Directory Server- Allow abrt_helper to getattr on all filesystems - Add label for /opt/real/RealPlayer/plugins/oggfformat\.so- Add gstreamer_home_t for ~/.gstreamer- Update to upstream- Fix git- Turn on puppet policy - Update to dgrift git policy- Move users file to selection by spec file. - Allow vncserver to run as unconfined_u:unconfined_r:unconfined_t- Update to upstream- Remove most of the permissive domains from F12.- Add cobbler policy from dgrift- add usbmon device - Add allow rulse for devicekit_disk- Lots of fixes found in F12, fixes from Tom London- Cleanups from dgrift- Add back xserver_manage_home_fonts- Dontaudit sandbox trying to read nscd and sssd- Update to upstream- Rename udisks-daemon back to devicekit_disk_t policy- Fixes for abrt calls- Add tgtd policy- Update to upstream release- Add asterisk policy back in - Update to upstream release 2.20091117- Update to upstream release 2.20091117- Fixup nut policy- Update to upstream- Allow vpnc request the kernel to load modules- Fix minimum policy installs - Allow udev and rpcbind to request the kernel to load modules- Add plymouth policy - Allow local_login to sys_admin- Allow cupsd_config to read user tmp - Allow snmpd_t to signal itself - Allow sysstat_t to makedir in sysstat_log_t- Update rhcs policy- Allow users to exec restorecond- Allow sendmail to request kernel modules load- Fix all kernel_request_load_module domains- Fix all kernel_request_load_module domains- Remove allow_exec* booleans for confined users. Only available for unconfined_t- More fixes for sandbox_web_t- Allow sshd to create .ssh directory and content- Fix request_module line to module_request- Fix sandbox policy to allow it to run under firefox. - Dont audit leaks.- Fixes for sandbox- Update to upstream - Dontaudit nsplugin search /root - Dontaudit nsplugin sys_nice- Fix label on /usr/bin/notepad, /usr/sbin/vboxadd-service - Remove policycoreutils-python requirement except for minimum- Fix devicekit_disk_t to getattr on all domains sockets and fifo_files - Conflicts seedit (You can not use selinux-policy-targeted and seedit at the same time.)- Add wordpress/wp-content/uploads label - Fixes for sandbox when run from staff_t- Update to upstream - Fixes for devicekit_disk- More fixes- Lots of fixes for initrc and other unconfined domains- Allow xserver to use netlink_kobject_uevent_socket- Fixes for sandbox- Dontaudit setroubleshootfix looking at /root directory- Update to upsteam- Allow gssd to send signals to users - Fix duplicate label for apache content- Update to upstream- Remove polkit_auth on upgrades- Add back in unconfined.pp and unconfineduser.pp - Add Sandbox unshare- Fixes for cdrecord, mdadm, and others- Add capability setting to dhcpc and gpm- Allow cronjobs to read exim_spool_t- Add ABRT policy- Fix system-config-services policy- Allow libvirt to change user componant of virt_domain- Allow cupsd_config_t to be started by dbus - Add smoltclient policy- Add policycoreutils-python to pre install- Make all unconfined_domains permissive so we can see what AVC's happen- Add pt_chown policy- Add kdump policy for Miroslav Grepl - Turn off execstack boolean- Turn on execstack on a temporary basis (#512845)- Allow nsplugin to connecto the session bus - Allow samba_net to write to coolkey data- Allow devicekit_disk to list inotify- Allow svirt images to create sock_file in svirt_var_run_t- Allow exim to getattr on mountpoints - Fixes for pulseaudio- Allow svirt_t to stream_connect to virtd_t- Allod hald_dccm_t to create sock_files in /tmp- More fixes from upstream- Fix polkit label - Remove hidebrokensymptoms for nss_ldap fix - Add modemmanager policy - Lots of merges from upstream - Begin removing textrel_shlib_t labels, from fixed libraries- Update to upstream- Allow certmaster to override dac permissions- Update to upstream- Fix context for VirtualBox- Update to upstream- Allow clamscan read amavis spool files- Fixes for xguest- fix multiple directory ownership of mandirs- Update to upstream- Add rules for rtkit-daemon- Update to upstream - Fix nlscd_stream_connect- Add rtkit policy- Allow rpcd_t to stream connect to rpcbind- Allow kpropd to create tmp files- Fix last duplicate /var/log/rpmpkgs- Update to upstream * add sssd- Update to upstream * cleanup- Update to upstream - Additional mail ports - Add virt_use_usb boolean for svirt- Fix mcs rules to include chr_file and blk_file- Add label for udev-acl- Additional rules for consolekit/udev, privoxy and various other fixes- New version for upstream- Allow NetworkManager to read inotifyfs- Allow setroubleshoot to run mlocate- Update to upstream- Add fish as a shell - Allow fprintd to list usbfs_t - Allow consolekit to search mountpoints - Add proper labeling for shorewall- New log file for vmware - Allow xdm to setattr on user_tmp_t- Upgrade to upstream- Allow fprintd to access sys_ptrace - Add sandbox policy- Add varnishd policy- Fixes for kpropd- Allow brctl to r/w tun_tap_device_t- Add /usr/share/selinux/packages- Allow rpcd_t to send signals to kernel threads- Fix upgrade for F10 to F11- Add policy for /var/lib/fprint-Remove duplicate line- Allow svirt to manage pci and other sysfs device data- Fix package selection handling- Fix /sbin/ip6tables-save context - Allod udev to transition to mount - Fix loading of mls policy file- Add shorewall policy- Additional rules for fprintd and sssd- Allow nsplugin to unix_read unix_write sem for unconfined_java- Fix uml files to be owned by users- Fix Upgrade path to install unconfineduser.pp when unocnfined package is 3.0.0 or less- Allow confined users to manage virt_content_t, since this is home dir content - Allow all domains to read rpm_script_tmp_t which is what shell creates on redirection- Fix labeling on /var/lib/misc/prelink* - Allow xserver to rw_shm_perms with all x_clients - Allow prelink to execute files in the users home directory- Allow initrc_t to delete dev_null - Allow readahead to configure auditing - Fix milter policy - Add /var/lib/readahead- Update to latest milter code from Paul Howarth- Additional perms for readahead- Allow pulseaudio to acquire_svc on session bus - Fix readahead labeling- Allow sysadm_t to run rpm directly - libvirt needs fowner- Allow sshd to read var_lib symlinks for freenx- Allow nsplugin unix_read and write on users shm and sem - Allow sysadm_t to execute su- Dontaudit attempts to getattr user_tmpfs_t by lvm - Allow nfs to share removable media- Add ability to run postdrop from confined users- Fixes for podsleuth- Turn off nsplugin transition - Remove Konsole leaked file descriptors for release- Allow cupsd_t to create link files in print_spool_t - Fix iscsi_stream_connect typo - Fix labeling on /etc/acpi/actions - Don't reinstall unconfine and unconfineuser on upgrade if they are not installed- Allow audioentroy to read etc files- Add fail2ban_var_lib_t - Fixes for devicekit_power_t- Separate out the ucnonfined user from the unconfined.pp package- Make sure unconfined_java_t and unconfined_mono_t create user_tmpfs_t.- Upgrade to latest upstream - Allow devicekit_disk sys_rawio- Dontaudit binds to ports < 1024 for named - Upgrade to latest upstream- Allow podsleuth to use tmpfs files- Add customizable_types for svirt- Allow setroubelshoot exec* privs to prevent crash from bad libraries - add cpufreqselector- Dontaudit listing of /root directory for cron system jobs- Fix missing ld.so.cache label- Add label for ~/.forward and /root/.forward- Fixes for svirt- Fixes to allow svirt read iso files in homedir- Add xenner and wine fixes from mgrepl- Allow mdadm to read/write mls override- Change to svirt to only access svirt_image_t- Fix libvirt policy- Upgrade to latest upstream- Fixes for iscsid and sssd - More cleanups for upgrade from F10 to Rawhide.- Add pulseaudio, sssd policy - Allow networkmanager to exec udevadm- Add pulseaudio context- Upgrade to latest patches- Fixes for libvirt- Update to Latest upstream- Fix setrans.conf to show SystemLow for s0- Further confinement of qemu images via svirt- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild- Allow NetworkManager to manage /etc/NetworkManager/system-connections- add virtual_image_context and virtual_domain_context files- Allow rpcd_t to send signal to mount_t - Allow libvirtd to run ranged- Fix sysnet/net_conf_t- Fix squidGuard labeling- Re-add corenet_in_generic_if(unlabeled_t)* Tue Feb 10 2009 Dan Walsh 3.6.5-2 - Add git web policy- Add setrans contains from upstream- Do transitions outside of the booleans- Allow xdm to create user_tmp_t sockets for switch user to work- Fix staff_t domain- Grab remainder of network_peer_controls patch- More fixes for devicekit- Upgrade to latest upstream- Add boolean to disallow unconfined_t login- Add back transition from xguest to mozilla- Add virt_content_ro_t and labeling for isos directory- Fixes for wicd daemon- More mls/rpm fixes- Add policy to make dbus/nm-applet work- Remove polgen-ifgen from post and add trigger to policycoreutils-python- Add wm policy - Make mls work in graphics mode- Fixed for DeviceKit- Add devicekit policy- Update to upstream- Define openoffice as an x_domain- Fixes for reading xserver_tmp_t- Allow cups_pdf_t write to nfs_t- Remove audio_entropy policy- Update to upstream- Allow hal_acl_t to getattr/setattr fixed_disk- Change userdom_read_all_users_state to include reading symbolic links in /proc- Fix dbus reading /proc information- Add missing alias for home directory content- Fixes for IBM java location- Allow unconfined_r unconfined_java_t- Add cron_role back to user domains- Fix sudo setting of user keys- Allow iptables to talk to terminals - Fixes for policy kit - lots of fixes for booting.- Cleanup policy- Rebuild for Python 2.6- Fix labeling on /var/spool/rsyslog- Allow postgresl to bind to udp nodes- Allow lvm to dbus chat with hal - Allow rlogind to read nfs_t- Fix cyphesis file context- Allow hal/pm-utils to look at /var/run/video.rom - Add ulogd policy- Additional fixes for cyphesis - Fix certmaster file context - Add policy for system-config-samba - Allow hal to read /var/run/video.rom- Allow dhcpc to restart ypbind - Fixup labeling in /var/run- Add certmaster policy- Fix confined users - Allow xguest to read/write xguest_dbusd_t- Allow openoffice execstack/execmem privs- Allow mozilla to run with unconfined_execmem_t- Dontaudit domains trying to write to .xsession-errors- Allow nsplugin to look at autofs_t directory- Allow kerneloops to create tmp files- More alias for fastcgi- Remove mod_fcgid-selinux package- Fix dovecot access- Policy cleanup- Remove Multiple spec - Add include - Fix makefile to not call per_role_expansion- Fix labeling of libGL- Update to upstream- Update to upstream policy- Fixes for confined xwindows and xdm_t- Allow confined users and xdm to exec wm - Allow nsplugin to talk to fifo files on nfs- Allow NetworkManager to transition to avahi and iptables - Allow domains to search other domains keys, coverup kernel bug- Fix labeling for oracle- Allow nsplugin to comminicate with xdm_tmp_t sock_file- Change all user tmpfs_t files to be labeled user_tmpfs_t - Allow radiusd to create sock_files- Upgrade to upstream- Allow confined users to login with dbus- Fix transition to nsplugin- Add file context for /dev/mspblk.*- Fix transition to nsplugin '- Fix labeling on new pm*log - Allow ssh to bind to all nodes- Merge upstream changes - Add Xavier Toth patches- Add qemu_cache_t for /var/cache/libvirt- Remove gamin policy- Add tinyxs-max file system support- Update to upstream - New handling of init scripts- Allow pcsd to dbus - Add memcache policy- Allow audit dispatcher to kill his children- Update to upstream - Fix crontab use by unconfined user- Allow ifconfig_t to read dhcpc_state_t- Update to upstream- Update to upstream- Allow system-config-selinux to work with policykit- Fix novel labeling- Consolodate pyzor,spamassassin, razor into one security domain - Fix xdm requiring additional perms.- Fixes for logrotate, alsa- Eliminate vbetool duplicate entry- Fix xguest -> xguest_mozilla_t -> xguest_openiffice_t - Change dhclient to be able to red networkmanager_var_run- Update to latest refpolicy - Fix libsemanage initial install bug- Add inotify support to nscd- Allow unconfined_t to setfcap- Allow amanda to read tape - Allow prewikka cgi to use syslog, allow audisp_t to signal cgi - Add support for netware file systems- Allow ypbind apps to net_bind_service- Allow all system domains and application domains to append to any log file- Allow gdm to read rpm database - Allow nsplugin to read mplayer config files- Allow vpnc to run ifconfig- Allow confined users to use postgres - Allow system_mail_t to exec other mail clients - Label mogrel_rails as an apache server- Apply unconfined_execmem_exec_t to haskell programs- Fix prelude file context- allow hplip to talk dbus - Fix context on ~/.local dir- Prevent applications from reading x_device- Add /var/lib/selinux context- Update to upstream- Add livecd policy- Dontaudit search of admin_home for init_system_domain - Rewrite of xace interfaces - Lots of new fs_list_inotify - Allow livecd to transition to setfiles_mac- Begin XAce integration- Merge Upstream- Allow amanada to create data files- Fix initial install, semanage setup- Allow system_r for httpd_unconfined_script_t- Remove dmesg boolean - Allow user domains to read/write game data- Change unconfined_t to transition to unconfined_mono_t when running mono - Change XXX_mono_t to transition to XXX_t when executing bin_t files, so gnome-do will work- Remove old booleans from targeted-booleans.conf file- Add boolean to mmap_zero - allow tor setgid - Allow gnomeclock to set clock- Don't run crontab from unconfined_t- Change etc files to config files to allow users to read them- Lots of fixes for confined domains on NFS_t homedir- dontaudit mrtg reading /proc - Allow iscsi to signal itself - Allow gnomeclock sys_ptrace- Allow dhcpd to read kernel network state- Label /var/run/gdm correctly - Fix unconfined_u user creation- Allow transition from initrc_t to getty_t- Allow passwd to communicate with user sockets to change gnome-keyring- Fix initial install- Allow radvd to use fifo_file - dontaudit setfiles reading links - allow semanage sys_resource - add allow_httpd_mod_auth_ntlm_winbind boolean - Allow privhome apps including dovecot read on nfs and cifs home dirs if the boolean is set- Allow nsplugin to read /etc/mozpluggerrc, user_fonts - Allow syslog to manage innd logs. - Allow procmail to ioctl spamd_exec_t- Allow initrc_t to dbus chat with consolekit.- Additional access for nsplugin - Allow xdm setcap/getcap until pulseaudio is fixed- Allow mount to mkdir on tmpfs - Allow ifconfig to search debugfs- Fix file context for MATLAB - Fixes for xace- Allow stunnel to transition to inetd children domains - Make unconfined_dbusd_t an unconfined domain- Fixes for qemu/virtd- Fix bug in mozilla policy to allow xguest transition - This will fix the libsemanage.dbase_llist_query: could not find record value libsemanage.dbase_llist_query: could not query record value (No such file or directory) bug in xguest- Allow nsplugin to run acroread- Add cups_pdf policy - Add openoffice policy to run in xguest- prewika needs to contact mysql - Allow syslog to read system_map files- Change init_t to an unconfined_domain- Allow init to transition to initrc_t on shell exec. - Fix init to be able to sendto init_t. - Allow syslog to connect to mysql - Allow lvm to manage its own fifo_files - Allow bugzilla to use ldap - More mls fixes- fixes for init policy (#436988) - fix build- Additional changes for MLS policy- Fix initrc_context generation for MLS- Fixes for libvirt- Allow bitlebee to read locale_t- More xselinux rules- Change httpd_$1_script_r*_t to httpd_$1_content_r*_t- Prepare policy for beta release - Change some of the system domains back to unconfined - Turn on some of the booleans- Allow nsplugin_config execstack/execmem - Allow nsplugin_t to read alsa config - Change apache to use user content- Add cyphesis policy- Fix Makefile.devel to build mls modules - Fix qemu to be more specific on labeling- Update to upstream fixes- Allow staff to mounton user_home_t- Add xace support- Add fusectl file system- Fixes from yum-cron - Update to latest upstream- Fix userdom_list_user_files- Merge with upstream- Allow udev to send audit messages- Add additional login users interfaces - userdom_admin_login_user_template(staff)- More fixes for polkit- Eliminate transition from unconfined_t to qemu by default - Fixes for gpg- Update to upstream- Fixes for staff_t- Add policy for kerneloops - Add policy for gnomeclock- Fixes for libvirt- Fixes for nsplugin- More fixes for qemu- Additional ports for vnc and allow qemu and libvirt to search all directories- Update to upstream - Add libvirt policy - add qemu policy- Allow fail2ban to create a socket in /var/run- Allow allow_httpd_mod_auth_pam to work- Add audisp policy and prelude- Allow all user roles to executae samba net command- Allow usertypes to read/write noxattr file systems- Fix nsplugin to allow flashplugin to work in enforcing mode- Allow pam_selinux_permit to kill all processes- Allow ptrace or user processes by users of same type - Add boolean for transition to nsplugin- Allow nsplugin sys_nice, getsched, setsched- Allow login programs to talk dbus to oddjob- Add procmail_log support - Lots of fixes for munin- Allow setroubleshoot to read policy config and send audit messages- Allow users to execute all files in homedir, if boolean set - Allow mount to read samba config- Fixes for xguest to run java plugin- dontaudit pam_t and dbusd writing to user_home_t- Update gpg to allow reading of inotify- Change user and staff roles to work correctly with varied perms- Fix munin log, - Eliminate duplicate mozilla file context - fix wpa_supplicant spec- Fix role transition from unconfined_r to system_r when running rpm - Allow unconfined_domains to communicate with user dbus instances- Fixes for xguest- Let all uncofined domains communicate with dbus unconfined- Run rpm in system_r- Zero out customizable types- Fix definiton of admin_home_t- Fix munin file context- Allow cron to run unconfined apps- Modify default login to unconfined_u- Dontaudit dbus user client search of /root- Update to upstream- Fixes for polkit - Allow xserver to ptrace- Add polkit policy - Symplify userdom context, remove automatic per_role changes- Update to upstream - Allow httpd_sys_script_t to search users homedirs- Allow rpm_script to transition to unconfined_execmem_t- Remove user based home directory separation- Remove user specific crond_t- Merge with upstream - Allow xsever to read hwdata_t - Allow login programs to setkeycreate- Update to upstream- Update to upstream- Allow XServer to read /proc/self/cmdline - Fix unconfined cron jobs - Allow fetchmail to transition to procmail - Fixes for hald_mac - Allow system_mail to transition to exim - Allow tftpd to upload files - Allow xdm to manage unconfined_tmp - Allow udef to read alsa config - Fix xguest to be able to connect to sound port- Fixes for hald_mac - Treat unconfined_home_dir_t as a home dir - dontaudit rhgb writes to fonts and root- Fix dnsmasq - Allow rshd full login privs- Allow rshd to connect to ports > 1023- Fix vpn to bind to port 4500 - Allow ssh to create shm - Add Kismet policy- Allow rpm to chat with networkmanager- Fixes for ipsec and exim mail - Change default to unconfined user- Pass the UNK_PERMS param to makefile - Fix gdm location- Make alsa work- Fixes for consolekit and startx sessions- Dontaudit consoletype talking to unconfined_t- Remove homedir_template- Check asound.state- Fix exim policy- Allow tmpreadper to read man_t - Allow racoon to bind to all nodes - Fixes for finger print reader- Allow xdm to talk to input device (fingerprint reader) - Allow octave to run as java- Allow login programs to set ioctl on /proc- Allow nsswitch apps to read samba_var_t- Fix maxima- Eliminate rpm_t:fifo_file avcs - Fix dbus path for helper app- Fix service start stop terminal avc's- Allow also to search var_lib - New context for dbus launcher- Allow cupsd_config_t to read/write usb_device_t - Support for finger print reader, - Many fixes for clvmd - dbus starting networkmanager- Fix java and mono to run in xguest account- Fix to add xguest account when inititial install - Allow mono, java, wine to run in userdomains- Allow xserver to search devpts_t - Dontaudit ldconfig output to homedir- Remove hplip_etc_t change back to etc_t.- Allow cron to search nfs and samba homedirs- Allow NetworkManager to dbus chat with yum-updated- Allow xfs to bind to port 7100- Allow newalias/sendmail dac_override - Allow bind to bind to all udp ports- Turn off direct transition- Allow wine to run in system role- Fix java labeling- Define user_home_type as home_type- Allow sendmail to create etc_aliases_t- Allow login programs to read symlinks on homedirs- Update an readd modules- Cleanup spec file- Allow xserver to be started by unconfined process and talk to tty- Upgrade to upstream to grab postgressql changes- Add setransd for mls policy- Add ldconfig_cache_t- Allow sshd to write to proc_t for afs login- Allow xserver access to urand- allow dovecot to search mountpoints- Fix Makefile for building policy modules- Fix dhcpc startup of service- Fix dbus chat to not happen for xguest and guest users- Fix nagios cgi - allow squid to communicate with winbind- Fixes for ldconfig- Update from upstream- Add nasd support- Fix new usb devices and dmfm- Eliminate mount_ntfs_t policy, merge into mount_t- Allow xserver to write to ramfs mounted by rhgb- Add context for dbus machine id- Update with latest changes from upstream- Fix prelink to handle execmod- Add ntpd_key_t to handle secret data- Add anon_inodefs - Allow unpriv user exec pam_exec_t - Fix trigger- Allow cups to use generic usb - fix inetd to be able to run random apps (git)- Add proper contexts for rsyslogd- Fixes for xguest policy- Allow execution of gconf- Fix moilscanner update problem- Begin adding policy to separate setsebool from semanage - Fix xserver.if definition to not break sepolgen.if- Add new devices- Add brctl policy- Fix root login to include system_r- Allow prelink to read kernel sysctls- Default to user_u:system_r:unconfined_t- fix squid - Fix rpm running as uid- Fix syslog declaration- Allow avahi to access inotify - Remove a lot of bogus security_t:filesystem avcs- Remove ifdef strict policy from upstream- Remove ifdef strict to allow user_u to login- Fix for amands - Allow semanage to read pp files - Allow rhgb to read xdm_xserver_tmp- Allow kerberos servers to use ldap for backing store- allow alsactl to read kernel state- More fixes for alsactl - Transition from hal and modutils - Fixes for suspend resume. - insmod domtrans to alsactl - insmod writes to hal log- Allow unconfined_t to transition to NetworkManager_t - Fix netlabel policy- Update to latest from upstream- Update to latest from upstream- Update to latest from upstream- Allow pcscd_t to send itself signals-- Fixes for unix_update - Fix logwatch to be able to search all dirs- Upstream bumped the version- Allow consolekit to syslog - Allow ntfs to work with hal- Allow iptables to read etc_runtime_t- MLS Fixes- Fix path of /etc/lvm/cache directory - Fixes for alsactl and pppd_t - Fixes for consolekit- Allow insmod_t to mount kvmfs_t filesystems- Rwho policy - Fixes for consolekit- fixes for fusefs- Fix samba_net to allow it to view samba_var_t- Update to upstream- Fix Sonypic backlight - Allow snmp to look at squid_conf_t- Fixes for pyzor, cyrus, consoletype on everything installs- Fix hald_acl_t to be able to getattr/setattr on usb devices - Dontaudit write to unconfined_pipes for load_policy- Allow bluetooth to read inotifyfs- Fixes for samba domain controller. - Allow ConsoleKit to look at ttys- Fix interface call- Allow syslog-ng to read /var - Allow locate to getattr on all filesystems - nscd needs setcap- Update to upstream- Allow samba to run groupadd- Update to upstream- Allow mdadm to access generic scsi devices- Fix labeling on udev.tbl dirs- Fixes for logwatch- Add fusermount and mount_ntfs policy- Update to upstream - Allow saslauthd to use kerberos keytabs- Fixes for samba_var_t- Allow networkmanager to setpgid - Fixes for hal_acl_t- Remove disable_trans booleans - hald_acl_t needs to talk to nscd- Fix prelink to be able to manage usr dirs.- Allow insmod to launch init scripts- Remove setsebool policy- Fix handling of unlabled_t packets- More of my patches from upstream- Update to latest from upstream - Add fail2ban policy- Update to remove security_t:filesystem getattr problems- Policy for consolekit- Update to latest from upstream- Revert Nemiver change - Set sudo as a corecmd so prelink will work, remove sudoedit mapping, since this will not work, it does not transition. - Allow samba to execute useradd- Upgrade to the latest from upstream- Add sepolgen support - Add bugzilla policy- Fix file context for nemiver- Remove include sym link- Allow mozilla, evolution and thunderbird to read dev_random. Resolves: #227002 - Allow spamd to connect to smtp port Resolves: #227184 - Fixes to make ypxfr work Resolves: #227237- Fix ssh_agent to be marked as an executable - Allow Hal to rw sound device- Fix spamassisin so crond can update spam files - Fixes to allow kpasswd to work - Fixes for bluetooth- Remove some targeted diffs in file context file- Fix squid cachemgr labeling- Add ability to generate webadm_t policy - Lots of new interfaces for httpd - Allow sshd to login as unconfined_t- Continue fixing, additional user domains- Begin adding user confinement to targeted policy- Fixes for prelink, ktalkd, netlabel- Allow prelink when run from rpm to create tmp files Resolves: #221865 - Remove file_context for exportfs Resolves: #221181 - Allow spamassassin to create ~/.spamassissin Resolves: #203290 - Allow ssh access to the krb tickets - Allow sshd to change passwd - Stop newrole -l from working on non securetty Resolves: #200110 - Fixes to run prelink in MLS machine Resolves: #221233 - Allow spamassassin to read var_lib_t dir Resolves: #219234- fix mplayer to work under strict policy - Allow iptables to use nscd Resolves: #220794- Add gconf policy and make it work with strict- Many fixes for strict policy and by extension mls.- Fix to allow ftp to bind to ports > 1024 Resolves: #219349- Allow semanage to exec it self. Label genhomedircon as semanage_exec_t Resolves: #219421 - Allow sysadm_lpr_t to manage other print spool jobs Resolves: #220080- allow automount to setgid Resolves: #219999- Allow cron to polyinstatiate - Fix creation of boot flags Resolves: #207433- Fixes for irqbalance Resolves: #219606- Fix vixie-cron to work on mls Resolves: #207433Resolves: #218978- Allow initrc to create files in /var directories Resolves: #219227- More fixes for MLS Resolves: #181566- More Fixes polyinstatiation Resolves: #216184- More Fixes polyinstatiation - Fix handling of keyrings Resolves: #216184- Fix polyinstatiation - Fix pcscd handling of terminal Resolves: #218149 Resolves: #218350- More fixes for quota Resolves: #212957- ncsd needs to use avahi sockets Resolves: #217640 Resolves: #218014- Allow login programs to polyinstatiate homedirs Resolves: #216184 - Allow quotacheck to create database files Resolves: #212957- Dontaudit appending hal_var_lib files Resolves: #217452 Resolves: #217571 Resolves: #217611 Resolves: #217640 Resolves: #217725- Fix context for helix players file_context #216942- Fix load_policy to be able to mls_write_down so it can talk to the terminal- Fixes for hwclock, clamav, ftp- Move to upstream version which accepted my patches- Fixes for nvidia driver- Allow semanage to signal mcstrans- Update to upstream- Allow modstorage to edit /etc/fstab file- Fix for qemu, /dev/- Fix path to realplayer.bin- Allow xen to connect to xen port- Allow cups to search samba_etc_t directory - Allow xend_t to list auto_mountpoints- Allow xen to search automount- Fix spec of jre files- Fix unconfined access to shadow file- Allow xend to create files in xen_image_t directories- Fixes for /var/lib/hal- Remove ability for sysadm_t to look at audit.log- Fix rpc_port_types - Add aide policy for mls- Merge with upstream- Lots of fixes for ricci- Allow xen to read/write fixed devices with a boolean - Allow apache to search /var/log- Fix policygentool specfile problem. - Allow apache to send signals to it's logging helpers. - Resolves: rhbz#212731- Add perms for swat- Add perms for swat- Allow daemons to dump core files to /- Fixes for ricci- Allow mount.nfs to work- Allow ricci-modstorage to look at lvm_etc_t- Fixes for ricci using saslauthd- Allow mountpoint on home_dir_t and home_t- Update xen to read nfs files- Allow noxattrfs to associate with other noxattrfs- Allow hal to use power_device_t- Allow procemail to look at autofs_t - Allow xen_image_t to work as a fixed device- Refupdate from upstream- Add lots of fixes for mls cups- Lots of fixes for ricci- Fix number of cats- Update to upstream- More iSCSI changes for #209854- Test ISCSI fixes for #209854- allow semodule to rmdir selinux_config_t dir- Fix boot_runtime_t problem on ppc. Should not be creating these files.- Fix context mounts on reboot - Fix ccs creation of directory in /var/log- Update for tallylog- Allow xend to rewrite dhcp conf files - Allow mgetty sys_admin capability- Make xentapctrl work- Don't transition unconfined_t to bootloader_t - Fix label in /dev/xen/blktap- Patch for labeled networking- Fix crond handling for mls- Update to upstream- Remove bluetooth-helper transition - Add selinux_validate for semanage - Require new version of libsemanage- Fix prelink- Fix rhgb- Fix setrans handling on MLS and useradd- Support for fuse - fix vigr- Fix dovecot, amanda - Fix mls- Allow java execheap for itanium- Update with upstream- mls fixes- Update from upstream- More fixes for mls - Revert change on automount transition to mount- Fix cron jobs to run under the correct context- Fixes to make pppd work- Multiple policy fixes - Change max categories to 1023- Fix transition on mcstransd- Add /dev/em8300 defs- Upgrade to upstream- Fix ppp connections from network manager- Add tty access to all domains boolean - Fix gnome-pty-helper context for ia64- Fixed typealias of firstboot_rw_t- Fix location of xel log files - Fix handling of sysadm_r -> rpm_exec_t- Fixes for autofs, lp- Update from upstream- Fixup for test6- Update to upstream- Update to upstream- Fix suspend to disk problems- Lots of fixes for restarting daemons at the console.- Fix audit line - Fix requires line- Upgrade to upstream- Fix install problems- Allow setroubleshoot to getattr on all dirs to gather RPM data- Set /usr/lib/ia32el/ia32x_loader to unconfined_execmem_exec_t for ia32 platform - Fix spec for /dev/adsp- Fix xen tty devices- Fixes for setroubleshoot- Update to upstream- Fixes for stunnel and postgresql - Update from upstream- Update from upstream - More java fixes- Change allow_execstack to default to on, for RHEL5 Beta. This is required because of a Java compiler problem. Hope to turn off for next beta- Misc fixes- More fixes for strict policy- Quiet down anaconda audit messages- Fix setroubleshootd- Update to the latest from upstream- More fixes for xen- Fix anaconda transitions- yet more xen rules- more xen rules- Fixes for Samba- Fixes for xen- Allow setroubleshootd to send mail- Add nagios policy- fixes for setroubleshoot- Added Paul Howarth patch to only load policy packages shipped with this package - Allow pidof from initrc to ptrace higher level domains - Allow firstboot to communicate with hal via dbus- Add policy for /var/run/ldapi- Fix setroubleshoot policy- Fixes for mls use of ssh - named has a new conf file- Fixes to make setroubleshoot work- Cups needs to be able to read domain state off of printer client- add boolean to allow zebra to write config files- setroubleshootd fixes- Allow prelink to read bin_t symlink - allow xfs to read random devices - Change gfs to support xattr- Remove spamassassin_can_network boolean- Update to upstream - Fix lpr domain for mls- Add setroubleshoot policy- Turn off auditallow on setting booleans- Multiple fixes- Update to upstream- Update to upstream - Add new class for kernel key ring- Update to upstream- Update to upstream- Break out selinux-devel package- Add ibmasmfs- Fix policygentool gen_requires- Update from Upstream- Fix spec of realplay- Update to upstream- Fix semanage- Allow useradd to create_home_dir in MLS environment- Update from upstream- Update from upstream- Add oprofilefs- Fix for hplip and Picasus- Update to upstream- Update to upstream- fixes for spamd- fixes for java, openldap and webalizer- Xen fixes- Upgrade to upstream- allow hal to read boot_t files - Upgrade to upstream- allow hal to read boot_t files- Update from upstream- Fixes for amavis- Update from upstream- Allow auditctl to search all directories- Add acquire service for mono.- Turn off allow_execmem boolean - Allow ftp dac_override when allowed to access users homedirs- Clean up spec file - Transition from unconfined_t to prelink_t- Allow execution of cvs command- Update to upstream- Update to upstream- Fix libjvm spec- Update to upstream- Add xm policy - Fix policygentool- Update to upstream - Fix postun to only disable selinux on full removal of the packages- Allow mono to chat with unconfined- Allow procmail to sendmail - Allow nfs to share dosfs- Update to latest from upstream - Allow selinux-policy to be removed and kernel not to crash- Update to latest from upstream - Add James Antill patch for xen - Many fixes for pegasus- Add unconfined_mount_t - Allow privoxy to connect to httpd_cache - fix cups labeleing on /var/cache/cups- Update to latest from upstream- Update to latest from upstream - Allow mono and unconfined to talk to initrc_t dbus objects- Change libraries.fc to stop shlib_t form overriding texrel_shlib_t- Fix samba creating dirs in homedir - Fix NFS so its booleans would work- Allow secadm_t ability to relabel all files - Allow ftp to search xferlog_t directories - Allow mysql to communicate with ldap - Allow rsync to bind to rsync_port_t- Fixed mailman with Postfix #183928 - Allowed semanage to create file_context files. - Allowed amanda_t to access inetd_t TCP sockets and allowed amanda_recover_t to bind to reserved ports. #149030 - Don't allow devpts_t to be associated with tmp_t. - Allow hald_t to stat all mountpoints. - Added boolean samba_share_nfs to allow smbd_t full access to NFS mounts. - Make mount run in mount_t domain from unconfined_t to prevent mislabeling of /etc/mtab. - Changed the file_contexts to not have a regex before the first ^/[a-z]/ whenever possible, makes restorecon slightly faster. - Correct the label of /etc/named.caching-nameserver.conf - Now label /usr/src/kernels/.+/lib(/.*)? as usr_t instead of /usr/src(/.*)?/lib(/.*)? - I don't think we need anything else under /usr/src hit by this. - Granted xen access to /boot, allowed mounting on xend_var_lib_t, and allowed xenstored_t rw access to the xen device node.- More textrel_shlib_t file path fixes - Add ada support- Get auditctl working in MLS policy- Add mono dbus support - Lots of file_context fixes for textrel_shlib_t in FC5 - Turn off execmem auditallow since they are filling log files- Update to upstream- Allow automount and dbus to read cert files- Fix ftp policy - Fix secadm running of auditctl- Update to upstream- Update to upstream- Fix policyhelp- Fix pam_console handling of usb_device - dontaudit logwatch reading /mnt dir- Update to upstream- Get transition rules to create policy.20 at SystemHigh- Allow secadmin to shutdown system - Allow sendmail to exec newalias- MLS Fixes dmidecode needs mls_file_read_up - add ypxfr_t - run init needs access to nscd - udev needs setuid - another xen log file - Dontaudit mount getattr proc_kcore_t- fix buildroot usage (#185391)- Get rid of mount/fsdisk scan of /dev messages - Additional fixes for suspend/resume- Fake make to rebuild enableaudit.pp- Get xen networking running.- Fixes for Xen - enableaudit should not be the same as base.pp - Allow ps to work for all process- more xen policy fixups- more xen fixage (#184393)- Fix blkid specification - Allow postfix to execute mailman_que- Blkid changes - Allow udev access to usb_device_t - Fix post script to create targeted policy config file- Allow lvm tools to create drevice dir- Add Xen support- Fixes for cups - Make cryptosetup work with hal- Load Policy needs translock- Fix cups html interface- Add hal changes suggested by Jeremy - add policyhelp to point at policy html pages- Additional fixes for nvidia and cups- Update to upstream - Merged my latest fixes - Fix cups policy to handle unix domain sockets- NSCD socket is in nscd_var_run_t needs to be able to search dir- Fixes Apache interface file- Fixes for new version of cups- Turn off polyinstatiate util after FC5- Fix problem with privoxy talking to Tor- Turn on polyinstatiation- Don't transition from unconfined_t to fsadm_t- Fix policy update model.- Update to upstream- Fix load_policy to work on MLS - Fix cron_rw_system_pipes for postfix_postdrop_t - Allow audotmount to run showmount- Fix swapon - allow httpd_sys_script_t to be entered via a shell - Allow httpd_sys_script_t to read eventpolfs- Update from upstream- allow cron to read apache files- Fix vpnc policy to work from NetworkManager- Update to upstream - Fix semoudle polcy- Update to upstream - fix sysconfig/selinux link- Add router port for zebra - Add imaze port for spamd - Fixes for amanda and java- Fix bluetooth handling of usb devices - Fix spamd reading of ~/ - fix nvidia spec- Update to upsteam- Add users_extra files- Update to upstream- Add semodule policy- Update from upstream- Fix for spamd to use razor port- Fixes for mcs - Turn on mount and fsadm for unconfined_t- Fixes for the -devel package- Fix for spamd to use ldap- Update to upstream- Update to upstream - Fix rhgb, and other Xorg startups- Update to upstream- Separate out role of secadm for mls- Add inotifyfs handling- Update to upstream - Put back in changes for pup/zen- Many changes for MLS - Turn on strict policy- Update to upstream- Update to upstream - Fixes for booting and logging in on MLS machine- Update to upstream - Turn off execheap execstack for unconfined users - Add mono/wine policy to allow execheap and execstack for them - Add execheap for Xdm policy- Update to upstream - Fixes to fetchmail,- Update to upstream- Fix for procmail/spamassasin - Update to upstream - Add rules to allow rpcd to work with unlabeled_networks.- Update to upstream - Fix ftp Man page- Update to upstream- fix pup transitions (#177262) - fix xen disks (#177599)- Update to upstream- More Fixes for hal and readahead- Fixes for hal and readahead- Update to upstream - Apply- Add wine and fix hal problems- Handle new location of hal scripts- Allow su to read /etc/mtab- Update to upstream- Fix "libsemanage.parse_module_headers: Data did not represent a module." problem- Allow load_policy to read /etc/mtab- Fix dovecot to allow dovecot_auth to look at /tmp- Allow restorecon to read unlabeled_t directories in order to fix labeling.- Add Logwatch policy- Fix /dev/ub[a-z] file context- Fix library specification - Give kudzu execmem privs- Fix hostname in targeted policy- Fix passwd command on mls- Lots of fixes to make mls policy work- Add dri libs to textrel_shlib_t - Add system_r role for java - Add unconfined_exec_t for vncserver - Allow slapd to use kerberos- Add man pages- Add enableaudit.pp- Fix mls policy- Update mls file from old version- Add sids back in - Rebuild with update checkpolicy- Fixes to allow automount to use portmap - Fixes to start kernel in s0-s15:c0.c255- Add java unconfined/execmem policy- Add file context for /var/cvs - Dontaudit webalizer search of homedir- Update from upstream- Clean up spec - range_transition crond to SystemHigh- Fixes for hal - Update to upstream- Turn back on execmem since we need it for java, firefox, ooffice - Allow gpm to stream socket to itself- fix requirements to be on the actual packages so that policy can get created properly at install time- Allow unconfined_t to execmod texrel_shlib_t- Update to upstream - Turn off allow_execmem and allow_execmod booleans - Add tcpd and automount policies- Add two new httpd booleans, turned off by default * httpd_can_network_relay * httpd_can_network_connect_db- Add ghost for policy.20- Update to upstream - Turn off boolean allow_execstack- Change setrans-mls to use new libsetrans - Add default_context rule for xdm- Change Requires to PreReg for requiring of policycoreutils on install- New upstream releaseAdd xdm policyUpdate from upstreamUpdate from upstreamUpdate from upstream- Also trigger to rebuild policy for versions up to 2.0.7.- No longer installing policy.20 file, anaconda handles the building of the app.- Fixes for dovecot and saslauthd- Cleanup pegasus and named - Fix spec file - Fix up passwd changing applications-Update to latest from upstream- Add rules for pegasus and avahi- Start building MLS Policy- Update to upstream- Turn on bash- Initial version  Iy:ivE$ A!S|)1Mtc7x~ bCwRFr &?m>.VZ% T6M=}8(?o`59_ ;vWHXbL\C(]+@d hE*fQO*"TG4N4BHc+x}<Un#%D;\@59oPO#k<Q17f'Jg!`l&GnJ28FXeWu/AKa:6k'^g.$tDRs/q,VeY"d~NrSUmLjI)y>[p2{K |P{p3B0,s^-zlh]qz-i0_=Ywu3[ajZ3.10.0-171.fc17selinux-policy-3.10.0Makefile.exampleexample.fcexample.ifexample.tehtmladmin.htmladmin_acct.htmladmin_alsa.htmladmin_amanda.htmladmin_amtu.htmladmin_anaconda.htmladmin_apt.htmladmin_backup.htmladmin_bootloader.htmladmin_brctl.htmladmin_certwatch.htmladmin_consoletype.htmladmin_ddcprobe.htmladmin_dmesg.htmladmin_dmidecode.htmladmin_dpkg.htmladmin_firstboot.htmladmin_kdump.htmladmin_kismet.htmladmin_kudzu.htmladmin_logrotate.htmladmin_logwatch.htmladmin_mcelog.htmladmin_mrtg.htmladmin_ncftool.htmladmin_netutils.htmladmin_passenger.htmladmin_portage.htmladmin_prelink.htmladmin_quota.htmladmin_readahead.htmladmin_rpm.htmladmin_sectoolm.htmladmin_shorewall.htmladmin_shutdown.htmladmin_smoltclient.htmladmin_sosreport.htmladmin_su.htmladmin_sudo.htmladmin_sxid.htmladmin_tmpreaper.htmladmin_tripwire.htmladmin_tzdata.htmladmin_updfstab.htmladmin_usbmodules.htmladmin_usermanage.htmladmin_vbetool.htmladmin_vpn.htmlapps.htmlapps_ada.htmlapps_authbind.htmlapps_awstats.htmlapps_calamaris.htmlapps_cdrecord.htmlapps_chrome.htmlapps_cpufreqselector.htmlapps_evolution.htmlapps_firewallgui.htmlapps_games.htmlapps_gift.htmlapps_gitosis.htmlapps_gnome.htmlapps_gpg.htmlapps_irc.htmlapps_java.htmlapps_jockey.htmlapps_kde.htmlapps_kdumpgui.htmlapps_livecd.htmlapps_loadkeys.htmlapps_lockdev.htmlapps_man2html.htmlapps_mono.htmlapps_mozilla.htmlapps_mplayer.htmlapps_namespace.htmlapps_nsplugin.htmlapps_podsleuth.htmlapps_ptchown.htmlapps_pulseaudio.htmlapps_pwauth.htmlapps_qemu.htmlapps_rssh.htmlapps_sambagui.htmlapps_sandbox.htmlapps_screen.htmlapps_seunshare.htmlapps_slocate.htmlapps_telepathy.htmlapps_thumb.htmlapps_thunderbird.htmlapps_tvtime.htmlapps_uml.htmlapps_userhelper.htmlapps_usernetctl.htmlapps_vlock.htmlapps_vmware.htmlapps_webalizer.htmlapps_wine.htmlapps_wireshark.htmlapps_wm.htmlapps_xscreensaver.htmlapps_yam.htmlbooleans.htmlglobal_booleans.htmlglobal_tunables.htmlindex.htmlinterfaces.htmlkernel.htmlkernel_corecommands.htmlkernel_corenetwork.htmlkernel_devices.htmlkernel_domain.htmlkernel_files.htmlkernel_filesystem.htmlkernel_kernel.htmlkernel_mcs.htmlkernel_mls.htmlkernel_selinux.htmlkernel_storage.htmlkernel_terminal.htmlkernel_ubac.htmlkernel_unlabelednet.htmlroles.htmlroles_auditadm.htmlroles_dbadm.htmlroles_guest.htmlroles_logadm.htmlroles_secadm.htmlroles_staff.htmlroles_sysadm.htmlroles_sysadm_secadm.htmlroles_unconfineduser.htmlroles_unprivuser.htmlroles_webadm.htmlroles_xguest.htmlservices.htmlservices_abrt.htmlservices_accountsd.htmlservices_afs.htmlservices_aiccu.htmlservices_aide.htmlservices_aisexec.htmlservices_ajaxterm.htmlservices_amavis.htmlservices_apache.htmlservices_apcupsd.htmlservices_apm.htmlservices_arpwatch.htmlservices_asterisk.htmlservices_automount.htmlservices_avahi.htmlservices_bcfg2.htmlservices_bind.htmlservices_bitlbee.htmlservices_blueman.htmlservices_bluetooth.htmlservices_boinc.htmlservices_bugzilla.htmlservices_cachefilesd.htmlservices_callweaver.htmlservices_canna.htmlservices_ccs.htmlservices_certmaster.htmlservices_certmonger.htmlservices_cfengine.htmlservices_cgroup.htmlservices_chronyd.htmlservices_cipe.htmlservices_clamav.htmlservices_clockspeed.htmlservices_clogd.htmlservices_cloudform.htmlservices_cmirrord.htmlservices_cobbler.htmlservices_collectd.htmlservices_colord.htmlservices_comsat.htmlservices_condor.htmlservices_consolekit.htmlservices_corosync.htmlservices_couchdb.htmlservices_courier.htmlservices_cpucontrol.htmlservices_cron.htmlservices_ctdbd.htmlservices_cups.htmlservices_cvs.htmlservices_cyphesis.htmlservices_cyrus.htmlservices_dante.htmlservices_dbskk.htmlservices_dbus.htmlservices_dcc.htmlservices_ddclient.htmlservices_denyhosts.htmlservices_devicekit.htmlservices_dhcp.htmlservices_dictd.htmlservices_dirsrv-admin.htmlservices_dirsrv.htmlservices_distcc.htmlservices_djbdns.htmlservices_dkim.htmlservices_dnsmasq.htmlservices_dnssec.htmlservices_dovecot.htmlservices_drbd.htmlservices_dspam.htmlservices_entropyd.htmlservices_exim.htmlservices_fail2ban.htmlservices_fcoemon.htmlservices_fetchmail.htmlservices_finger.htmlservices_firewalld.htmlservices_fprintd.htmlservices_ftp.htmlservices_gatekeeper.htmlservices_git.htmlservices_glance.htmlservices_gnomeclock.htmlservices_gpm.htmlservices_gpsd.htmlservices_hadoop.htmlservices_hal.htmlservices_hddtemp.htmlservices_howl.htmlservices_i18n_input.htmlservices_icecast.htmlservices_ifplugd.htmlservices_imaze.htmlservices_inetd.htmlservices_inn.htmlservices_ircd.htmlservices_irqbalance.htmlservices_isnsd.htmlservices_jabber.htmlservices_jetty.htmlservices_kerberos.htmlservices_kerneloops.htmlservices_keyboardd.htmlservices_keystone.htmlservices_ksmtuned.htmlservices_ktalk.htmlservices_l2tpd.htmlservices_ldap.htmlservices_likewise.htmlservices_lircd.htmlservices_lldpad.htmlservices_lpd.htmlservices_mailman.htmlservices_mailscanner.htmlservices_matahari.htmlservices_mediawiki.htmlservices_memcached.htmlservices_milter.htmlservices_mock.htmlservices_modemmanager.htmlservices_mojomojo.htmlservices_monop.htmlservices_mpd.htmlservices_mta.htmlservices_munin.htmlservices_mysql.htmlservices_nagios.htmlservices_nessus.htmlservices_networkmanager.htmlservices_nis.htmlservices_nova.htmlservices_nscd.htmlservices_nsd.htmlservices_nslcd.htmlservices_ntop.htmlservices_ntp.htmlservices_numad.htmlservices_nut.htmlservices_nx.htmlservices_oav.htmlservices_obex.htmlservices_oddjob.htmlservices_oident.htmlservices_openca.htmlservices_openct.htmlservices_openhpid.htmlservices_openshift-origin.htmlservices_openshift.htmlservices_openvpn.htmlservices_openvswitch.htmlservices_pacemaker.htmlservices_pads.htmlservices_pcscd.htmlservices_pegasus.htmlservices_perdition.htmlservices_pingd.htmlservices_piranha.htmlservices_plymouthd.htmlservices_policykit.htmlservices_polipo.htmlservices_portmap.htmlservices_portreserve.htmlservices_portslave.htmlservices_postfix.htmlservices_postfixpolicyd.htmlservices_postgresql.htmlservices_postgrey.htmlservices_ppp.htmlservices_prelude.htmlservices_privoxy.htmlservices_procmail.htmlservices_psad.htmlservices_publicfile.htmlservices_puppet.htmlservices_pxe.htmlservices_pyicqt.htmlservices_pyzor.htmlservices_qmail.htmlservices_qpid.htmlservices_quantum.htmlservices_rabbitmq.htmlservices_radius.htmlservices_radvd.htmlservices_razor.htmlservices_rdisc.htmlservices_remotelogin.htmlservices_resmgr.htmlservices_rgmanager.htmlservices_rhcs.htmlservices_rhev.htmlservices_rhgb.htmlservices_rhnsd.htmlservices_rhsmcertd.htmlservices_ricci.htmlservices_rlogin.htmlservices_roundup.htmlservices_rpc.htmlservices_rpcbind.htmlservices_rshd.htmlservices_rsync.htmlservices_rtkit.htmlservices_rwho.htmlservices_samba.htmlservices_samhain.htmlservices_sanlock.htmlservices_sasl.htmlservices_sblim.htmlservices_sendmail.htmlservices_setroubleshoot.htmlservices_sge.htmlservices_slrnpull.htmlservices_smartmon.htmlservices_smokeping.htmlservices_snmp.htmlservices_snort.htmlservices_soundserver.htmlservices_spamassassin.htmlservices_speedtouch.htmlservices_squid.htmlservices_ssh.htmlservices_sssd.htmlservices_stapserver.htmlservices_stunnel.htmlservices_svnserve.htmlservices_sysstat.htmlservices_tcpd.htmlservices_tcsd.htmlservices_telnet.htmlservices_tftp.htmlservices_tgtd.htmlservices_thin.htmlservices_timidity.htmlservices_tomcat.htmlservices_tor.htmlservices_transproxy.htmlservices_tuned.htmlservices_ucspitcp.htmlservices_ulogd.htmlservices_uptime.htmlservices_usbmuxd.htmlservices_uucp.htmlservices_uuidd.htmlservices_uwimap.htmlservices_varnishd.htmlservices_vdagent.htmlservices_vhostmd.htmlservices_virt.htmlservices_vnstatd.htmlservices_w3c.htmlservices_watchdog.htmlservices_wdmd.htmlservices_xfs.htmlservices_xprint.htmlservices_xserver.htmlservices_zabbix.htmlservices_zarafa.htmlservices_zebra.htmlservices_zoneminder.htmlservices_zosremote.htmlstyle.csssystem.htmlsystem_application.htmlsystem_authlogin.htmlsystem_clock.htmlsystem_daemontools.htmlsystem_fstools.htmlsystem_getty.htmlsystem_hostname.htmlsystem_hotplug.htmlsystem_init.htmlsystem_ipsec.htmlsystem_iptables.htmlsystem_iscsi.htmlsystem_libraries.htmlsystem_locallogin.htmlsystem_logging.htmlsystem_lvm.htmlsystem_miscfiles.htmlsystem_modutils.htmlsystem_mount.htmlsystem_netlabel.htmlsystem_pcmcia.htmlsystem_raid.htmlsystem_selinuxutil.htmlsystem_setrans.htmlsystem_sysnetwork.htmlsystem_systemd.htmlsystem_udev.htmlsystem_unconfined.htmlsystem_userdomain.htmlsystem_xen.htmltemplates.htmltunables.htmlpolicy.dtdpolicy.xmlpolicyhelp/usr/share/doc//usr/share/doc/selinux-policy-3.10.0//usr/share/doc/selinux-policy-3.10.0/html//usr/share/selinux/devel/-O2drpmnoarch-redhat-linux-gnuASCII textC++ source, ASCII textHTML document, ASCII textSE Linux policy interface sourceSE Linux policy module sourceXML document textassembler source, ASCII textdirectoryxz2?7zXZ !PH6E]"k%khu 9"GHf>.G"(N%wiyڔ:]rma F@;fMdz1 X ~( cvo1G&Q},tdgNM(ro֠-U!gbEEOh5 o 9Po2=Oti /7ht̳7 UM+^ vL\ C YcH20Pl|8NY%>NoRb ZtY S}Z;" )=aM.u +vԛ3M˓/z$sFIFÊOe5y ?"-44{brG#&:SW2F y/,3IM='/1WmEwk_!SoT_3rCF l׺r,X^Rq .5X#-\S118'~8fk=34tPP.gyL桉R56-:uCsPȓJH+uzLؿ+7B :F.-+j|EҽP.PDO?2WPisT;#TWA>c Rs}6e d *;E,#zId3KAzs+0zQv\2VzIO@X IoTw5OgMz>ʼ'zh@ћX9М}$oM==O'zN7,$ezd1MJ=z2 o+1nP &5?,Ut5>-P2dmA,6qC%}'m:RW3b/sm1k~#xW6 FNcdjsWU7keTH0w~\|r|zuIyDWQ7F5BCjJ(8NX9#g|.(pA* 2japm~]Ȼ4 N3쓴BXiƢ@=_O s=cokl,%j'󈫪i(UڀK|#ipCE'b`%˦R1bobʝ?d *3) )k?q6}o80u8:D/o3?;҇bk/>:Z\B*uCjTSq3ʕrU 8HdDVʿB:P=Q-Nlawvqd&s BB_ԟ_C"z%yfg4z;^ M;KNv8B&;/X.(ROo(ݳ.U!e7&vC[Z~0%aq 30oǯ5N1 e{W>YB@;s֪xȅ_3tɢao}L1!*7ި1!*EIJɋK*TgD'?Aj@laaV=(Ga9+M"$YWC8*OIkꗓ~Q8ʩQ{a@: &vS5N'՗x{^4$0a ~3+AupJ8,:nb FXfx#Juc% +WR^P cr0imwYT9BĽV(/T-\E@qM4:vgHr驼[m7 ݘ_X Va>yft8*xŷV2Of? kᄉCT l;063/%ftH-%uπ'o_Ԯ$!Dds FL5lIFL7<4?x_5Kh. T`O>^ªQ -O205Xhwy1G[4XA"2|Ơ'PT.kSvSqL ]"Lmn 4ek̺ RV{siê!À&l@YN-\ ,Q/p#994lh3x7=Ѻ hs'2oK`wcS :H-0ِfJ}c<U(r2t"GbZm(ggڟAl'"cz{t`Loldk㜆%Vבe4P"$ǜPR )"U 6@奾0ahS*Ye!ݐTeU8:f7 j¹68g vNNi:wa菘g7bRVϱ4v )jN9q@NZfAMZh:$u$R YO:\Y Ӝ5o΋P%W`HuQQ $<8J:U:EIZ9/m$D]ƫƑpzHD`ޠv g [B^  T$FڟJx?(ܻ `.Fr9k@w;6YuM;W>c@}H T:hHkU_S7sy& Ř!#h4 m Z!`5'.GN`<&B O6&oBZ|W?.h˃nOM? 4Y]?#ѥE7׷eT{5e{JSb]' 'ھ%2?S}3+|Gms~H^Ȑk3XKoe?:vCf"WhM>>4sIgx&{3Q:6Xq\V_Y糭.&e:̹nX* 6}$ Xd0 x5I%wAL29 `. 82t1HBB[.#Ml. 9آ'_0 пtS|&Sƒ7ƏfTV 5v`]{sfu lιY+2:UMqf i 9|r5 -BAUG跃QCJz'qǾ~q(3[Sݹ.O1} _vDyP{B}llSo>GiJyb03Xu|kc[qI3θj)%A1^Y0]'$h3x5hT5Iuw(h1s*d63ƳBL*Z١idTKg٤pʡju}pjˌmXג m_= O [;A(9NEADoYNVczXU/ʢFRђO _]H%i56s#hJ׳ԭG*k:BqaMTt4QAɔ\)7)~8\WNo-/3YGp<+2ב=㱝*A{x);`-Os o&TYSi 8=`q0|ьŠ U$(یi *OCS^&xS}R2 nyFzs퉒}:`TB;) _5 'nOK+x)m!&_a,=)ďRZɣ8ˎuyKKh!S0 L+` aKκR\jGtiD*+XfL5?Hu %aT_E?iPj2$C r6 :E.; &9g|wLEPQU~ \ KWXTItzFa mؕJףA(=u;Y;<9wy^mh\4zxƒT^%ڪsnɐ ^Ƴi@8!ŚX}Ne-$]Vr,}UEQF#Bgsy Bd'bxsJ@Jo\; Bea8\vC\VKB% p&v#RMB#ӵLbi\WUbVޱX6?S҅ϡeS%p6^W+3h`` 6<)h f#Q3kbu b3YZ6-}N9)WIH[ecO#8;568eT6 CּKD]ą=j5x_R0bl&1|'lAbGTlљ :Bcn!7B/DCk s,/PA O]^Jؕlu)~υFE45V:c+- ']RdDN=BV9Ph6n'TC J]'{WS?Ҽ!jL9(!$%i.HlsAmc#A׽+KJ-۷7zQtȱ M1#B*Ժp#AeLYEP5ߑ3_w-EhLٙeO ?CC*J>RA]OvMX< @ӳgGn U# Xu ( +eQ}]UZ!ؤ]2N $8HjJ[ Hb섧R T"@R|i7@V^Z+/,qg sfFZ@.s%AcbI޺s(`Y#'6VKe,m`S K=ŴdhGvZ 3$2eE_TP97S\UcWrð1I˫`SH]<*iuwrsZ[A^q֯'?'O =VQq@m 'U -[< 0{ՄI__nW">; ^+<iW c@4/vW9k)H4mImb,L#Pjw/>Sxrڰp$㭀.X[9W Ŗ;~! e]*q1jW% cwjA]ApӥnDdȥ^_;vJ!G,_H҉vy'Aw ^G .蠜N \i 9lq9 ϡٲKlOz%ֈf@c Dd)btI HAa$f/,:|#njMz=Gq,*Rĝ'Kf*։lpwRc+ZŸȽ2~;0!K?\"jNm4_Ȳ ocw<nq&,+i Q 8;q/j3qtk1Y@Ţyr/<Y>yZJ5 JuYO B4e;IF@k`qP B!iPȡ1]/0ssdX0t׹.jᨢ/ܡš7K)٤q5IϐD1 :mtCYiXeӮFKy1 2啕e5G;x7zFϴLg#5IѶVʓ Ɯɠ kmJa &9Ԛ7"tn"uzEn@gk(B1|]}J*6\FRosEgYG( ZߐPL<|H[?݃UQԩ7*+q'%ТjI8o X"$ 2%8M희O{,K}Uo0(txئ¯RGӭL(r42K֝/c F| )l(8uR:vے2hcTY7WlѷW`AmB= 7 PAbvl$s2u.lz]<ѿm%qACx;%}@Ve* ~GR n_{ot<dOə'@iUA*p;K헳)n(_r1%j=^JT~zDnj;;{MV!V"[WCBRvćh?CѨ;}s)ib_KiRD;܊9#mŧNظ{"ePX1>::8q.]1~Tz karF՝,' (_ S+詁<Z}4o|q bczmBU^wh脀`V46Ԛ@b9H(otxP(&KkXӀG޿{9T&6I }WOڰh*[㌡JMm!0\\֖$}}&U$-Kcs4+> ^YNY/h GWbkT1zxwbOE!#֟,Z3mWDY.gT=x`YI8)"X\r 9v,[]svO!k^fVpV- 38;}, jgE^!/YA@aH9le<鲠Ѕ޾2!< zqJKYv_ȦO'Wt``}D1\VmyY+| ŗD݇ 5%,vo5 epʊW~(\dV=3mgƈfI-Gvbm[*GNUAz>QD3+P$=EUFԉ/ׇ#yx eRLoADX I*AEْ5שeOx lIh|/1IQV^v̪jSfd8gpȔ&tL߂Y/J"Y4z GN#6 iߕ5ouVz~Ȝr5`הk)ѓwFϸD9S^wL,'%0j|_Yc tښe!ѢE]3}E0 pHsl] 0<:z1Q֩Zg&Miv@9$Px?nc@7}c6OPO51hngԫ$s[vJno# !v=+; ;c;xmkMy3';M4|2 CwZ5ecK!Ur8l.M3rxjaROi `#ao̊o` Ӵ& H&櫾3NYSaSԜ̅ Yn qژx+}܄BIo/ < ڻVpW}6!Oi~<{0L&k8W1iuFmJXe wfrlU4n4jDO:uՖtz:Q!]rh 0p޿?|> ds$_RĢ "p4v]Ӷv~.) I`po^2LS|x"'6ɵ]{^ 6kZ R卽 ųË)&F_%o55.fzƾ`R$KO oՐɏ# 8,־[荽 ,u1YLDLDjWBO6(Ь(h[kWنǫʶ-A`PhLF(Ie 6'~vA%Zu?p$Olu _y(D&o]?gh0v C\"D Xd 8"37X~zON!=nd,zF[X:73Q[Ъ1̈To%]bۦ+Rra62\̱GNطp>FadR',\ Kp>q&5XO;d=UT+qCMeݢAo!7DM#ѿ|-{=%M?&$Olgʃg̺=$f܍-(<_-٨v(H )c`gf=m`ƙl5j^!X#ߕBj38qԨS;;`;(MD*~[Ou+zOFj0\b?̤2Qɺu׎Px xRbrm[,`YŔ~<&rz͟l_R\k'%#}`f6, 4zf<0_R~ EUĎ5p2'A,_޷ؽ`;Y'Viu0;k*(RſҨ2b':.Zz(|%e?vnq7j"4w0}Q? |-;l]c<88AGZLaHgx6svQ/,VJMkV$nmS]$H>2QTSnwnj1´Q|juCD0t26HM JĦyBȦ]B-;LB49*4aOUۋ`li0FEKVT:.oyp\<+jxvoZF"П C/<3zg̰C<ٵQk^Z/|wm?eL`!}Q40e;]2z?.༹|NHaʲGʱCm#N8Ql*ܵ`ᣓѕViLec/N.T-(. 6˜D<ڤ21(p1ǿ# ~5z5ِZJ\`v*foQ˕dz^2f@ȳoS-_oH %*}tJ,_Q M_)AɜϑÝUiJCfvdnàOm -@$6 N1QD!hz. uB&Tle (c³ca5+]B 4>a4I£~ԴJ>tZֶJ;{uKÝbieUGDi룫 4sWi~gl: 6M H }jkyB\"xs~{lU+bN'b_SҒ${91Be*6ѣyYW55)*cKP&5($#`ͩ-5OԺc+9WOD}p.r64{] fΔOe!^ W6om!}Ǎ c2m,]`@4k?u1To\^a\Ҕ}1wa1m˜LtģzU*$pQ/Uץ:;BK[d@O=g; yg:W*m%?>!u\.fNJ8hЭ$znLz 3V:MO{΄$1EyL $vPP\Ϧ{&Y1Z&zs%?C\ Y>(;-z=;quv' r:~T>#b'ͺG-;QX8, ݉XޅmlV1M;iŴ)4(gI^?rWQ<| _zSiB/ ;+v2€GٚfϺIM Ϡ iZ݊\eSH{glQeH)^.rUr/5q50;yRˀ{xxNb+Yl c wk*,V?W[6t8@_𡼗${KDz:Uɝm2|VNv>`B\baXM*׌@P0<0 [PN2rsmJ /=z~b$ Tgx7t ^boTw`}N Ȫ.S=x*ozd"Zjr=^ֿ0د7cT.6<| jR(ՕY{Փ$H5r5$ԼC0y@+/L(Z8g ;(ҵѡu'J?5ZQ#knY.f c8-9-Ӹ2Mc D3r$x^.pi33sbra/m a%GZMN-*%~}cFc$O 0>B%3Im-?b%W OAG@uPK r 7U6E0fIBAK ݷ[duxwc.Lmf&kawΚ-oENQ y \]^|վqDPw/m ÓU9qjawqvJ6df b2$S]=f %s@*l29-D945Tx(ҖUgHUm ݳ$aٍ-, 1_ OCAnTQRpenӖ身9kF7߉Z1l=j{^'^3 5OJ{$7-);Tw}0uXv8l-guI Y\.%/|«}BX F&.^+(x= Zc.PP_GS2)PjFа\=@^jc;15DN]Fc3d_*ݮ ]?0e{^٤埘;w)dOwOp,/~ {r EE#?-7"4׼|4Dv,QʮCZ/="uuJ`VQ&o< 'u1J_VDlōr(]X\.[ƄaDA_K!1mdV-Ȩ}[~*H7s;l?39h@!2H&!wP7lÔlSE.O5@J n>S-1\>=zoN{jElBLZ{v[Qd8oX78bo)Xou"=qdofr]cV:_yşx3}e۱BfL?pTk*by#=I_":zQ<7A ucRw0 -l5$}T˼Sq+Ky r,]Mj ^%Lc{SSW,pŰ`(9n4YߋZAW}=3èKrLJt,{xuݧE0͎enZCAS/cYp"uT)G>>ro}3 JUpzT@lg"@i,ʗ 9`(lJSQ TD8ʄS& Jk>hi*90t/QǀL79TkG'&6Mah)<ٍf'mA#XuB WQFxX9ƎRm@`c욒YU/ ƈm8M o#mQH@~1W "lj%Y>b-/>c*o~ =aM9DH豀>Z@0o.frs*~^p`C=uC0)}D!2;v'>@YM\ ~5XrCmG9J`]$φΙQh1Ք|YDHqH>æ ؝"Tp!`-TWќX 3o?5Sl1i&|7][Ob[.VBr ]pwVDÙY} O#%ķZ8 #qxT-s>_]NBw i N:+ҥk$.ȕoocdR4k3mN,\ЩX2W+[f1Ԟq(TS5}K\sr40)q'MEzxNឿfc__둪3,/7؏<$\r oө0flC*EV)i1ڕĀ-8J$ Hz_k%u”T kV#n:Z#طt>"\`iu z_6W4R1eU ] 8q'H_2Iܭ4Z@$ eR0،lRn YAzsj0JosPŴG,BgH)3L mT>Jgo6t]wGW؏ɠ/ѽK_kB@7v@ HCqQ_å4eg >gT?R#z׸Y"dsVg7(=V ([g# GEՙc8VxxT>@ht{Yz:BhN jE"I0:,%>e(/]DTɌ+ChMSpu\6~Ud;_{`9acpxw>i(*IęgpaA$љمm3 W 0}M@ڮMn FM<U$]߄[3AR{~  Cp,ו%uٝc/ Jy=TTOf1]Lm ȉ̱ PY>KcoJ 9qLWrZgWsO <\ {ؽ % |N{*(oI]n:Cp^f­+YNV p2$QM]}a?-‡O݉ϻ$?9s#GT4>6< _\_r_ SBϯK~VWҸT_=EK?ϫyl%oYקMA Tt*H1RMܺ'~DoW(Wh dSKG0Vռ^ށ1dsڜr t|b mX:Գs_n9kӐ"lk!}W0'@{ŢNIh-ao>6f@*ɭX'!C T'Lm oY$/ɔe!;`k<]b ^R%.Ȱ̠qAuX%HJ볫’/W<>5sh`nD;kaBYgL/R4²DJ1k纉OD6뱎-^S!oheMeϬw`)-{MX?w\[Oe>j\^MƆ偽nb{8gcɽIv7e"V?VY拹`Տq| cG1?x i&kY?%|-E3.`_h ?I,􈘉B0^y}YQ=^߶xAN|_"5,^"2d'cIQ;ͤ|HW˻+IÝGH?ҟo \6d21Guw(9LK#jXϳl>㘧x~^?h3H:ۡOpv~RA= 7Fײk!HGˉY6I ~J`Ny9Ѹ.`C)ęO|@]׎1y]f&Ee,H2H5q}&YBx2^!Sm~y d;4P!y*;Sƀ㩑5qt!i_HM9QX4:(/:0g 1F8x _^q}'(:zE5R-3>(&kŸϐ5ً*jK]SŸEok6\i5_tm 㭰.L pT3SWi;!F50O h}k m?.f ukխ۩'gpRX5N֦`:ml%&8~>!K=떖DU._ LJs+ O7( BT}HZTM"kv^vCC)gUӶ*͓%k+Ɍ#rs$_ۣfg5ӷG|Zh(g&c޾O>űFrw49\s2I+$ j@u26GbOSD/MC6 '5;ܸ|[*8bA%2`3B ˌF48]Y$Ä3 p.qJ^~ MQ|A*\HmfqN\YU,ɰO0[NKB9?XMU,ā4MeIؓلZ@G$0Vatɥ2T2.ْIXZk(i@nUM?Fig,Shz&b{}b隦#2?|<ה^7}nȆ(&UVEdkgC9УZ덬7FvCr8{4H Y7$F܍# PF׽w%®Mr~&ckXl~cOCG[ՙ $*[uMR] qz.)WB``J変is|uImX2d/t~LLjE.q6; J33uiDn\EhG9գJuȬ=v}N c*SrP`e4pVVn}iN!'#bKC!}n Mms\4`L˳hOtffJ|; {fٻ'H߰c0YGmB\y{9 nrHUB|] 6tפ!h eupMh5 @$]>a 6!n掴AlJMzM:bHapǺ@,ժ/%FBN'cVe:A9EH3gؚWvm!(/ :YB`)O]5D:9'WñT3%GqNQ}QZb3ڈk|Ԃn VF*M<<VD'78οǻ6RDՐV @+B M ,v9W.*7b8G;S Ja%3HYOrUCxDQ+"i(sٱ!n%,LR)gKEnxݧû+Ѕ9ܑiPS߹P݅L4<8ov7=a6o%ߤ4ǽ Tؾ)iZCkK60~ƘnK"`oen"fM1Ck έ0OرFp嘆ho}Ml@ &3 TD P /u:ݽ6p^1yYF(){k vm ϶E%?5L1qxWـ#j.Xnl6CƚT4o`G6ß),svO߫i>-w~My]ğa 3]]f|Lya#V+ȭ\8iV첵/F(~*AfoIL}hrMTV"q-\BM`O!ReЃKԥ8ILR3Cyߟ}VgG"AeX.,MT.E$fit~`\t9I0|-qS\4A/1U|j{.^A+l1B3k3px庠}y8K~w ٸ̼C|͵ D# xvO#CyZ:&&T ~V0e]gehg4D&V㩇I/Wp)dٷU9 w)Kb6 mTA}qc\[0ߝ;4R&5XvbQC_; ;_Vo"DXJqWC6 F۝n3cei6iCc밚UjwxQwI#OUkw?&ND7T*/z$48^jAXqa#'Sv*Zn%99-}֒1D9ygW U4)p3oVgDbV%'⯕{{2هS %B23%lo2U5cIp ̡,U[ņ< sPT[GvzS3ˆw[.\-"d=L,>w/6dy$c'bᒏ)ibO[g=QM.ŖFL֘ B6Aך|Lf9ɟYJ*N>=DWbV SGTc.9~F BEfIJL gpoݩPp1g*@0D@v2g}@8tSbgI9R-_,,E{5k0 59zl8SAw;B4GD$\GOY9U6uW@=̡Jlz 6;V.N~X ̜N직k%欷X݂j/2VS5Kw bi6tO<Q3a65¡S%NqV=?NP'lm`Ǫ,;<O !?G[Ib?e-( kN?c&'jb}~E>%kU^ ,à]|fXKbh͆q}/3 lp$1<6BME݂Bڇnf0!GL!لqˎ y1jf4cj8O׏~bPS:ncJ]_-ZWCJ1;vޫ''P'O0c(F4',Jա~s*#hD<:L |j7D582z,#9w5dj˸tE@%O12euHunDžZJbp4ҷpRV }Ra 3-6sT]i⎲w|ϛm I%UqDbW| j+U,c?1[hh^r~2`7)[F~/&T!4yIj$ߴG08p+ix=RQpFobɫh";z+.g@vkW λVD`l=a'"8NQD&3{Ԕ]Kʑ!E"MA3#GaJfp[+6ѭnBaBZ~"רc+\;i퍙jnm.v,==B$4{ wȮy#a2tcFAv> 7em HA7ďpðn5pbad7BrTrLl@AKCe;6ۍh <>Pd?qջhk>fc L>2wjPG"81eq&OJbW8> +k#e=Et'y`_Ů $o1˜vUccK~$,9fQۤC&b&HN9*oey訟A X ͡rSryշdpJ̻[6cܫNwBxUɌ)ǻ,Έ0T\r %+k轟ii>%6Vg9ŽjYSVkYQ^^ Y@ۗ.oMy&I3v[ۼxͽ,J+>栝nGIlECF-폨{="ۋ< sP:UJ9-Cra<5H3'6FЌJ1)`j8&K (ʾʀR_1 a ]˰M [Tee~/[^\ֵU+%u`c0[ӁLʽT ԣcs5}SWj%!PT3lU@&{m8' # vh%X>T%nK)uލ\\:[ )DW!g|i@*KHIӪzNqr71vu\ؘrvII^#~hnދn1z-iS6-dG T{8}rUɞ "j>ZTv3.,]@P t.*C2O&NxyDn\ L-o$ǕNPQM+V㛃xOnsC#{˜P([f=/0B0Q ME LM 4VsC7rU+B#dv_BOF9 i&qf/ni)579=wsKyRu{NхLO>dFO R{滥%>I@qs87KkGG^o7@S4ቲ5$vێa"񼓎*N;;ot74JY 1 n)v<;nje ]-cR>jX LA 6<`WWL)}01mT2u3[97aCFƒ'dzJjL!ұMN3ؐ(7uRޖ6Vx]Num}aBS2C/,I>lHa-P(G?qOG.{AYYơX;J܋}I+ۺJU`hRpXwP$H~ 02uE)fwzJ7HPZE ]V!ZM.bӂ3Qw6Mr>-I̹c-T9Goڼe\`~ߜ׀TEo% +5G~nT-n"OvUτiN2\j}2[}]^_{hO}e] C1!O FnaTLWtN C}2 vdH't5j@B|lsÞ.%þbDwx6*/g.c:[2M=j6Lt0+v]e$I~TX'Q0Iְ5|PDrf t+wg`)m?dŝl~.Bm)h Q0SͪWgdLInTKH<䏲#Jp`)x*+߅$9@ :٤_PN'wT.1-֥}yMhPvI}8&'opsQK ̅r&ȵ t/&$hN#]׎Jg!6|,j严s  %Efa9GI>b:eϨ-vrҐ$LjUIqЂm¹z>Cz ?(?cq(Z (Lvч5e+ qBMN̈\ui[6mNE qɹ#u U!GxShzYK޽ryKԲ/b/Ҩj@TRuqz%汱|B3 x͐N{}8M3O(yqU%״eu 1'4[D _N㗚LXB)@wSp`c1p,pr'n +%1Gg1O, rE@U+fFj6oP<^FzX8<%v@~:7Q,LMn T'ɌTx}v([3g@/)rҰ2cEW;dG?Qip&7wSSxaYhw, 2SE5I>3kqkq|i:6ʬ*q(%k#KDA"È_S:Zy:6gc6?J#?Vt"G> IN4J9 ٣C%VC*r>“ǺzQ"N [Ĵd7 !gN9Uta&ѰLʱr'cAj䖸/Z\Y尶 >,Ww^ 9*yy}?Ugid<*+\QM, SZ 26.Yno,Ą}ud+/7&ƥ֡Z }阻^rS#,վCn鈘8޳H w9plBGikk acXZ:(A^i6ԿD<-)t)L!zN.~O-2ֽ"_Or6hV%TcnFv5]YY_(lۍY,%-BkKb:8Fr%W Ƅ\9Y$ڍW*̻tr(dUCyE tB~&$Α|H0(<5tCd4;0%i7ӗ‚D4|O6"n4%9:USxsr RWT񫗿:JͫWT*4})O=m6&)BĚ> w-|6қ9:p_ G&0Hs>u]7:K޳eVSa#>%RUNLenp㩄,b{_2j=SR3vRd3mh,{CCYj,^o4*״_~Kӕm?ۂan0$APD%??QݗKeU=Xy)ǮBB~[m& |9.l+bK  p4izW77 ܚcjni ]#xN+f>1/2wk1v 'D G|QM, DF @<^*kB iԨI.]bpWb/V@~\4aHӪ<ڠBhc~s#UHy]klk G \1RX̕{?)(YGP!ke7@NP>p|+ 1ns$ϪƲ6][%:*fJpngҶ=s6򢬐39dz$SR)?u[fYʋm.K`]q Ƨ/yB駛 7x,d=H:bTb%|n\MwEvC$_5]lKW]͆]_ 6<6$;3GH;X ƄS]]-zXRU_Buov^?r΢_b3f8Fگ˯ׁ_˽❚K=sq #WM=U?sf4=Hlc1fb]G'G__iJC3t{DP:gBKߕC# RS Eܪٓx7X"B(ZL<HZJOi?OYܽkc]7},O!l gzQ{dwG-S P}ͭG[+xk@&i "p邱B! cЕ܄{0`D -[f}Q/C7u+4YMiWJfz[k%Ym}BR#ySY5 QM2Ixdu38O4vʀnsڔ†owJCt/+\9ǍZW1nxz)5(ET$9q"8`|ka_~w ٘ħ'5]5Opn Jp9,!8)C逍srNpY - ߏx0. VUH~r@HozɛkI&`'LPƒ yKBQSs&X'!Y ᙥ8sBV"Rb .jRhߴ♔')SBr6,K8(upvG&4ni6eqjc o\ ^&#L YF{U0+A7V4!8]!kkr 0cC #bDd)CkÒ5FCSQQ)8RAN EIp:U4iob7B&hmfMB-1ѥjyY04#Q.'A,͠!DL0UU e\]#z`h2',  yo A܅W|= \X븥 w ]ewP^UgR S*C6edRF%į[F(=D[%c EoCBkWIsW9P_ Zϖ(qWM%LWO4u!=I>k D_V$=r]~m8"Qo' kW_ 5{cf}_ܰE!73of .iEΈ6B,͂|"bIz0_Kq:U -@2gb^;Km77/߾mԲ*w2RB1SWVVdʥ%" OENl~wL7ؑEhBʃ?\Ġ GL12"CAߚ<亚!hJ64mW }*g]w fՇ8Ӽ0XeTRnWY>>ɰjl!!2rKsr+m>X,B=& R<-GK%/iƛx',z?DQkdM23d_‰KϤV8z/mqKLTWg؍H꿙oN! ]@d`^ZśRЮ\OP'˵ 6MRw<$`Ȟ[xotEhF7B|tawhrWwAPzX-=:XOG ºK!%1IS)q5w*R '>q r[fVW5?JzfK1JYZO%k{Hd\{Xdā;-U*_޺5=+E%a< hZ# ;w}# ƒ `ITD'U_e0Ir%ETM{ADF gp9.*xg_ bz%h7%ZԔ e8%~ꛑ5w h+ ^]Дxbpne #u1az`\pӣW96)95i MM5iWNݗ%P5K $vs"$!F}TDIl^P&ܞꬅ|$$-ۙ|3=Ry1}|CjcndpaDݘKܟݞF^*`jsipTLeprOF̊ 9SQ{q]yIRm"!`u9[U}XVZ `vMaVk- Kr'_q+"Gyji-!Wԇ\nDFޚ]uQ2όZNFSR6$ I;]_RX"޳cpIf6g-p5YJ c|ia2{,?檗z\6|"WsxuՊ(A,n^Yň|cf,0PZ}%Bk1K Jk^V1ޯ |*> imkڷܸtV5 Ď:xA}nGr+M寅5M <;ѢzK{;} UFsd";혤^2 r:PyF x 2kByu.eYb8QZhRa!HQkL= dWJe"pnY yւ"0iV&&´d>ݹNy@C> &=JYpZ麕cPokGȆcNAQ3F}9]8*y&gCE?1l?5,ܩ͊㊘u~K9QF:Ѧ!Higv1Ǔ]`*:p͡ 99"1C`cރY=Fb]>K1J8H$UMoس晎z\kD5euIqRTE Ws0ܓ!3kT}o&kP8ZR|E86( $輔>n~8DsV.܅Up Uir}2 k})%d}ʹ3"xBqGU* Ek%3k7 ;JA}d8ϓ8;ckyQs>N|ێ.0ǘ,rO5Ŷ~Hq*p$ǣG\nB=ỊEv䱡_k8 WӰkA ̘39Tȿ2Kx[;gêƖK -jS.V:'$"#CNPh`^/C*w`{H6/ိMP $lUm}gT^=p+y'떪 AZ&!tM&u>n޸Qb#G~qk-\o޲߶RC*%*&)AHxG`b}'пGH2+$l"T +':^ ˿plaFc 6HʁhDa0ѵ&M*G.o{Oi-MZjI{! w% /+XbK,d}!>=]mxr#)y}˦:=3=TJ7RD4U6?ە :fw vHjM^!B!1%gۜl {s`߅14f:(H_Tf%^2R'Dvc?[aTV 'y¥% 9^?1YE 3s`A*xQ .ў^xn0½#NIlCh w)BM𗀐+y[od#[By;85lDb#Kd&Vl-P>L5lKyˣB?ffco}}޷PVdPfm{͡;9,{)zvT,F엵(۳`a*b " ~3H 3Xx@9"=2S2_H!{VU{2BU(ιWN޼]=Xm?Ocmvɷx® Xl5: nԍ3fF/UvŖdEW<^HԮ8v7#|pj͊ 4_K;D<딫w T3afނ6D._Sd̈^Dp>Gl2Ln֪Ԭϸjx&d?fK C՟2B"C Pmo$ $TZ,!YwζYp~|WyEکM{>`m[ $|YRuZMK&o !R 6yFՁIY~G`L'J;)s;}g=!G CQˬ@CƏH%M`V [Y[*3?AZmىxT #ۦif#5J AWFEt$#݉"GP`.5xbi#ab+g0|BBB reũGiue-VY{lԽ"SA_Ka_bZȰYZةU]{(rw 7?䨎,Y4G 4!:[wd0.0݀!;oJgq["P[c 8[rY m9.72`7I鮏l̡3ChtdkrP|G%Xs=F)L& rVN^.XRǖ'j̰fڸIrm9| MJ& x Gc {|$[gM\*,`E,. B*cX,EУ991;M74 ?Pn1<:49600@Zl,uE>Nu7^UmPȼ &P)Uzaz.X!ώHD!pK'5j2ucċNI(>@;o.,U>B ʴΗ"e0̘ϭbA6j f0-D'N)e #/T!>C`hľr7 KWe'M5U4!ٜ%mNvx^5pՀ./'|rh#f95QʺkE&7 F 1bUzl7糞~e!K&$C3JHh[y&tfc8%m7>kQ{LS[ `~petur'B&ɛiY`I4_4?PZd0]+Ĕf+8^w;b1޿4G7_9KhQU[CrA eӿŻq^/8rXF4TjѸ>:4lCKJJהnO;F0W~AoNrL)#%8FRY]~rIC*Ltsh0f ]47Wt*_䨥,}?*C9/ n4c7:n &E/Y)ibt;E3 $ji$LTSV|F6UY)HĺjW`+:;8% lY w52 ',bej\ZTyQV K_^=V9f%N "#L&IB2 nHISҬļ`A!]F|,%CPKzM1WugɁ"3 pRe_;{MlzpPi|FX'43W?meTMArUV&nXnqWM\5sz@6X3MpfV%8r^!ZϺ{{*@x+7x[Vպ<os {gYR*T'V7C NHn-ya̖ EQDIv߆):&,5@WY f87z2p/{y>v(:ղ $Z˯a7 gub O25kXJc-.9ŠGj3 gE26F<%&5&LtkNa}>gz3OD:R#8 \4ϵ<ÍTF >,@=l b7*N(̝[<`sznTj%_Nmß 1¸ {ۄ<WS0W!ȮR撖WGQx-V1\x^xuT hC3 z}nqqZ2MuϢ6Qi㶾gVd\FxJa9_u疑 > :hoUbsT~ P4zT5!O0!@K/ۦgIaWFYrT7/EJ4C ʉqؚѳO/=gyc ӾICH-=X}wɱ ,7EN~JvWT6$r 6݋G@+ugIu$>Ք.EQ:`#}1j:(-+kb?'*YFަ[:$uap}?v-8/ !B,%{:]2#ma"]KɏY:[Q9ӇN0N? ʠ4˚ e|ʱa(=ׄ_9w/_j'?;D(JF[`RoƏĬR(8[BOSd= )EANt#9ϰq/ hr"t ~GWQ5,ʹ17Ř^ 8@|<V<$uDz3bak(#j+axe@-`!Ct+~2竈꺞V[Yrab>}Ux(>GmhO/-؎-ĭZһ Lh(tf~/i 3gn-OU3Ix`eB a ʬCr^[I=æ |? EKHO3ItVdFtFEcO^,= i[}5Jk/ [*(puZj݃D4X%SPՃ4IN;}n#xh?.($Ѷ^85̷X'(9GD_Vx^s{*o;wFEPN^_UZc!T^ |_g+ALoX*l´Әp nR q: +!9 e`oFaQR3RbGІ)$bh}>8ݐ[WIeA]毾@gb׶a85\潒Ng;8\7 ٟMch~xHߠQ=^b616t29YQP}s!U4&QD,SZPQ=/;Vj25nP!~^D7oyuRRDP71Eyn^(_}_R 2&h6#*!3_h6z.;Z6C2MÊh\24V_w!KB̡xoxІ+z'$dnпҷ~_1l#="{Ĝ6>@KL6ǶɈT>U}t\Wlr#1M0oF7/KZIܟۭ,ݷ)K ~.(a\/WO5ÏdzWtP4A^WC?}ǜ rĻRMlE϶vE+]vδ3%@^< xN+mg;jފp{9 O=& Y8խ_Vv_O5G}lLz'&e`Rn %q]v Vp#j)D.xQp1P_)&'F)naƪ `+>E[pT"rwJ[H/sP} Rtx${ě`Yu?!@_tGFpN!B = ?]nȋQtDa#m|C2rw E2w05 )[gzm!$g%U92v@ zz. %D\: ~Բl%i=3-vjtʸb Gs|4j[>d񴪨. Ȱ[8Ŵ7}̠ܗf~VXϘlzg T-e_=c;c H~-ҍůg]Ga>N"B`!iei<9Nm-0ϨHٱ9|v/!uoqc`hIG5g-T"k{;!F7peٝ["͎utaH-Y<~y:ƨ-X}{坺cvVMrbG nB΄d& T*Q HQZdH>-d2#fvwl-4q Je14Ą$ O|bHC'=J:h옂kԜN [P> 4ĥ0YHm| }HS>Tُĥ|ݯhHx5"m@ߜKEO~khռYj6 VwLPaSc"reHmM eU7i|Dd>řlj1:vθTp皖!b[4hԔ+=Ֆ?̀kd3g0Y"wA{9wX/$bP{S`Zr. X eY 0ׇɃMJQ@HR+P9(pT|[[=P}./=m(O$[?_a'"e΁9Za!,z2nVCQ_p[AL"]#/։{D+H-qSgCCڤ%Сx98YsZ3ţe?tB~'tbk( dpCNJj+E!nA XX iD={/> 0Є7ϛcg{ C->f9|1o I"(v,V+PO Ev:d)DyƈsT 38dC04]CyVC 1owe3'%SH'}]i69YsfF[5Ԛ@#ua4uw-hR,Jw1X[qA< |  A>LOqS>n͋V`+j9DLgA }^oLF玓/bѦszrݲ,|6E?NKFz ͏5cK8W7q8TT bE |.KR| {>,# ʋ9IyU1G*xVz*Y W:*jeA|9Kκ mT};hfnFQYs}"HιF[#0̔qT-69N3ňi],KMMYxXjkϒbخR8п,>i`y`WJ/`Řɂ 7/5ms,,3=Nsm:H_ ^~|u- ;8gal-ڈcmM* si${5*(CĤ91H7+FO̽rɈZ*`c39[;v8}q^{ 2\K'@yQ=fa=I% FӶyB5u5|~Q;R$Ѵfa3(#L]Z [Ll3=Bi9^z6᷅ T6JWKa_ hg侁aM#YkaL{AR*[!u*9O׺sDhtZ ]w[W)a:dfS̎0]@k|q@ +:e C(%/~Z,hZLNN3 ǐr B:Eϥ2-+@寁.&Ηe<ϩdp3sS$kDyMs\zf*Wmo؏` ?+w k+16YB^rdoPѥZDPSv"wd2ޗlÑuPJ`[RCFbό |G нW^_/-=0WhZJ5siԚugIhۈ9e_ .Co{l_ݱϡAP 7xO| ʆ?9}O1QhJeT(cؗ&+Kjչ2* þA%!yfqo?,₼ct<<{sN\[ q^MC*trs4Omen݃ba&~Hy3Et4&9$ z3ȸs|3Ãbq{:U"F~td!>rMyvDhL6b,ꭎ4=;T]i&]\_CiLaY6a`-FNq!?tƫׇaZs'e$gms7?(_\I8̬ #S|%-[b$N;dF |j:zp[9ja6d&6ȁe~oʺ 1=[Xl<ɢm?:Dܦʼ&}:@{/}R Z}%)JrlIੰO#0'jug{p?>@[SVВ\E :S3ad jV:ZK<xqH)HSL_w!.+i:+r(lH$ S}{*_iFmo>Z!@m4J\q 6;7%hmROztk#pw'ר)OiN'ׂ./^hի6HV{G`%Y/%5U,IXxÓЄ )Ė/*Z1z}R)0&M4R[X27ޯT0K5?^@G>:S917EI_EO`ΌB&Z5fy b&@MVe k2Z>₭7 s!P܀ %D [,8sr<)9u_j۳8Ht{:~IBL z*VMaki~56 44ÙY xJBdG3#tʬlp/mG&Hk6g|ŜD$=݇Ĺw䞵k؈ -ptf`2Pł)p8)SpV /Sey浌5(X7!hфUw#jB)8l.}.NLL8Wu#~z@l8ts(F(u[F)FoL/s${,~2C룜"vr|a? RJeuP( /IJ!\YˣdR6)FѱBVJ+W"C*̮G4\!z&i2ncgHUfWxZM]n*m ۟G9cæ܋ՊOя7 t0ߵ[˶{ ^:0\zA 0V}c1L/N5:O0i4 >M"I2ol|a+>Lfq8=BH1azXuij]vjBzH-̼fX5E>_68NxW\pŹkqn"Noy 141Burw`mIV=ny\b؅Q AW@oqXCκ l`ᵊJuB4r=wU*\| KMX )QEb̳V$Bs,۬oܖN`Z7rQ&ݎ ʤύҞ6Z?>U~bD+^w lw`{dLBv$T!>ڸ{lE_J|JJIp2u6qM@>A,j׽Oy?׻15ʃ1RA5V rnLΘvqy2A[MvrMW6X~ yQ 1:90F$é[[ d1rMJ|tQz|Y+0p|ߴ\-U.qG?`8ĉNU Qc9 0tn9Q٠ Sآ+|hY ѽhb++9S[>a$.vbdUL֯f%5gRU[_%ORDow^IrJ 3-d\wEY@yDn^ifXaCǩ|`rϞ*PGY94*~s2oL<'Ox.@x5 }MDpxKdGi(%)*a 9T;vh".tNo+fsWUN<Îy>w)BXti=kz7E}~ze&T4h~BG3^/P3f4:L#=ډ$F]Pn}ߪ<' $mK:5GN ]ٱ?*)`{w"b8yI/&ּMJ|/Kib'ro?Ћ+fl-Tmuzly{_6C{usw#b$RȐHЎ7Y'Dy&x].OVKrL.2U!St}e!M}j|JE߱ԠHK1H* dDBYfVKT)z?rsX;% 4GJA]A8r(D)oy 6H 7<mG.ۜf[p8X.nmlmc z*k;MpfaSImefBhE9{Y5dmE0CI}Kg yCEnIӦlKA{ڽWsD_qSEfy#¡[Oͭ97o!] HR𐏧bL۝Ʀb7&$U H֒!^,^B]TӮH"&ie} f=6W9rlB엳/ks< ^i+ۜ@ %& ) Lca[6iDGhɫ,ũXﱨDX-Յ4\ ^/!wjhe~ \ ݶa 4 >>ОSENo ^՜{&SXtWE ShrGVd wE\6%܀v#bg%KCMPfӭ3p6 ]PĤ$&S$I"F|}e.*ۑAHHjK:_I~)8=N?S YD6Hm'ngVr19NXVL(̆!*.iyC/u)⎾}K׈/BM2 t*gS5~746z-}S ѓEY, gmkyk *_Rwege7jݍA+ZAeQDHyj:$aR }͈ڤP l)g~qaãM9IF"4f&a t8> 5 MP,a9z_KePhffU*eH`;oQon~cg-i<a1bѶ(,oxnֲz?,pM'EoRl'A!ea7`޿ZaNW_'iVuo3A)X}MO˛K&Rv;[s6m28t94ʥ 7.x{3E`d4f瘀4X4)w\l;:Y,MLnxWF :FP'G/>)OUEw#qCă sUhw\.:aeD&/W.{D/<RZX862cYnkbwLJYo:KpПZO~D崤T^{HE>JcsQcȭo`Y'zh, OGD9L$ mAJIʼn6'1R\mBfNRq߱.b߳gKĺ1XwVqp`^ K>ۆ61=U;2ÙsG N؂6 F`5L(j<+w y|)3L|R n.^MEDI91Wa+tOw.(;ݲe+jf>I_!B6wcY>IVp9!X❋/Ιݳ?]"8iSb)1+EiY0YNY:k'1vҙݰȦvS&ƻ!Jd8q_,C=nJ3XZ?f}f8X{vixٖ!ẁN#l5E`*9@aU1n]`H5өƞ-ªѴ]CVHFۉd_`0;NEOINnXqO!{e(@\#zvm q呋P7~%X*/wRf0f7rXk" sǶm@ wOz#5 @*ӛhUr7!Y}r#E7x(C[/yE}.Ƀ1pvrY Rʏ ѯ`vk~&ݣ̀gVCӿ1]zq8" %ՎUԽa-q_brtT\1nS5N'4*-TpyJ \Ӗ-z:oOh%@SOR Ke_z>rk:5t/BInuUM2϶V7('={J(>9rn+N \6D\I DJ6dKzqvnVtL. x>ka / _˛]l՞Td9 ^ndmCKˎk-oi..ֿlI`;I $ QC*v ÁκqfI35`hOȷLi5oPHvN" \Eïb\G=}\u0Ctn3+l$o.bدI4hcҟx :2u)O\0>A?c4v}ӏS_ V[;$?~Kf~:f,Ux̝2B}إ܉|=mo9e< 8f ?6̬ka*5HjV}j~p Io,ל90?CaNC@{9[@S%j;ϲccN|`c2--;nDUT笌JynbJyQ*iu"(Wua&#;tTQ("qd,ԄS_;Mц4zD?~jd'Aב!f6R~bٰ\-ǰo-V$R)rz(QM`gx"7Ж@%x0> #;73vረu p'f),t հ_^5ʖ&ž9wZi_-;vy3Wp)S;h,0S~E=*6jW ~Ul`B:ٝ:($Iŵ:+;' /_]ga\S*6&s$T!Kf|yL}][JcG"ҔB ͩɗևq0i( `8J;ǁW(gNd)&/A R&FطبG9'PY+{!iAӲp j<*~.Ѡ1ōb ij`,JD AMeZvt'2|GXd_^kn1mcߪ܀˟A> DݶR1iڝ= SqyЊĂr~󆻯*HO9:9'/QmI I~PiLk}0laI){Z(.(`pB|kiyatc~ȁURxEE8ngfnkYtVFT:AD^:U %_.٘ȅ]ag0@AyNc.JW>:!HDZFy|é`h~B(S4;Vл*zb.4 NmL0 Y >#fNq TkYWy$˷1C .+þ߈p٘Ù ;?MɸVbZT\Z Xbh7MO jG2ӔVpbً^ib9K{ Ļ7r o}}Y vݯ$1r2&ZvT6K"H'7qZvK ~Lfn^`LbԼrBÁ?hee.H8^0jw1]2fjJcY:%[#A//|F[nuaÂd\ -_CϟI%2IywVcsŤ@5Gﳲ1R_wV$Fet /MK*[ (Ztse]ߡEhTθm|Ձ@JMάb2<}/iz0{ (T;uN=ڐO77%}'Z5nmCLӜ0qe$:]O [[0b{xtaFYh0jd ]o4cq&uJ 0llu,URw${.!P7Kq KXaEZc6ͦ ݈Kيd1> `3@=$>%,Qp'w'(H8\m~tt5h-d~+u>rLjlD3$JkEY/j]NxBqk@/_TV0BqɠqΙeʍkWq;/.I›p@pO.$t1-  xx Xbn+8R).v+SQ RQĝQdC-CtMW~lRůYyx~YB!if6p. .aqI!&a ܦh3Ypru wy]O*F;H_'VMi@' 04UY(Ík%[]u!yg `ƢHǨ4d ~>DGEK}BL:` X6ft \YonE[T#?cth$)sW9I e}΀\,I^l:pi4R"@>Ƌrmcs+z`,tœb1>}ayϽ1k:,(|t[EDXE/6+FHishL!;o"Jvr\m}dPFF ,# JC[*Wޡ_=wd2I޼>8[ݛKV aӆ0td4{pXܐ 2vu5fY,8yfw7M0e[cCh{/ScwtPDhN8_Ag3<¶Uoɍ5\ŠMhM`p׊ w>vV(yAE?4krNX#3œ⃩]A'C5}ӽ͘;iTK u mf7V(+YoN!TBÛ@щ-/#ȂJgtICn醺I[ cpnD 0 rlkM+vv4N yD#Iem_x"OɆH2.5бF:BYYj3NSwh# Άd*,t.贤lΠgh~cI5u Qn 76aQ+ !݃\cj! (F!3zEQ/£iMLZ[+2h8"}b+Nx DnU?}v"L,`K*Hn wn6eG`IjGDD_ԲL y14/m#{jS迣Be pNTBj@ PgHT(pKd z~ BTRklRqW ]J:@4j^zRk֞y=(sЕE|+@X]<`/ǡ(+HFt "48O3{vrנUJo''ihoDŽBu[khnŻٗص{`tq4NېNjyZNsXʵ"$? |W=ջwcb]͖֝]B"5]O!Ek0M~Io=#:x ڹأi5c%1YFmA!."r+=MD޶,#ECS%=<|hU}ZJyCHXfD WU]X aދI"{{-qŽa_TP6rg=+Noͨ9Vhl ur3)Tp;1Sd۴)<0۱g;1EN_X!Q:-EK4i@Þpϱ;*eP".I-ZʇR9"+e a1}֤!,/ILCoLpjBP[?A݃@ږw4-H$\_1Rjk?GŔ 9jpcUҜevU5S0G~X<},@ jުWsY[LJczN:3}.2݀MYx B]Uc`['?C iN#w3^AU%kxh&v֖%w*?uDckYQE,!;Iլ;4T>f~,ih]  ~A= 믾cR=ߨFz|6K>?TM;+)y.C䘈bq"17%A$3479K E$#0:)\qVU .VCkR4ܦW` a^`7B~K.)}'2Mv` 8Scz#3ky8Bp/-ԝ[Q!)٣:s_j?M }iT"Pp](%g:^YΤTccB2~ʽmDP:46UߜֽaþJlH?VD-a>{vJ##XQDcf v 8n0M2~d ϯʵ9#idmaM FȨC]lÕ:XTGc"b-e5COבu.k,] 'M*YL@qc߮Ԇ]u+ #9 ]2M^Y$BZCgfHw#L'm~O5AꝨ!8r?wrLif ]a]#&'fHsXzn×D!u=pݗ{f#]3zY &a `dr8&ta7ꀷP'!о3GgѶՋˊyQlS6RmUm:Vq(;oZVeP-MI$4 hqџ2F8el7'bqLj<1製fb+؎pA{8пAW[%T9Pq gLHMwǼ-&2|Qi8ܔV,06 K';.}02Kw/f DHfi9≲+v5g??|  tn9HEz$q`fE9=W&Ѥu uu{?;q„< JĬ(! }#GPv mGR&n.2rGq6fNx(t#B!kIC!{Slfq wa aO% I`?lYN1}r0oO, 3fn^!υ)J^78:fԒV>Z܂:si% -Yzff]Hjq/nHl(lUˮ_1'?EFٶ:q%鬋ibxZÙ>E=k@jpa+-q;nO1b [tO4n( bqaK*+ ?Ɖ5WW7gVz?h*$Kl<ܝnQY7*NvM XʄkݵɌݥ>/aTkg4@W2Q:sL&Xt(N& iO4d+8 [! MB=Ń׿JJ'TcMI\#1{Ɛi32XJC1^lG|J=+u+ݕ愆+=S6uj: GM\D>oSV|w!j0九rbiWEgkOcφs bD!T:hcVid&1,\=\q k;:tfmEݮJ ﻻm1hY R, >| G9uφs1fY'-͠AM A.+_ZA8$Ɲ":o?Ƨ?#xFǮH^`uexs*sވ!Xm߂pem SYPoU4yYh݅E4.ʛ?Gm.FS"w-L ǥ"YG&<ܤף 4OTQ+ a؜v*-6B0)l54YOlk {}}$D$VT: [+G9adP라2v]BXZ ;՚Y2c+z^No H^,WU\2G~ToC'w{6ckVZf͖; ~nԂT@x(Dz?Qd@nh)wEј&1ѷh^>\Azes{Hο t>zLVC)ZDFc_]ԕyqE/jwSD:8@h8>0E"AD;烖*MUCc?0Y&(q+Tc#?6a-=o}1i[ y'.br](M$!׉]1 T{B@LkWc, J=Ys@@#烹]mr%v#aA&jxntyePS}hԩOL,ؖ><1:E7,^߼~dWG'DŽU`qa7I/Cr'ə YOsHbE&kfD}걼);ʼ5' ݔbΐGq}<ʅJ0G EbA(QKCJ͌Jg]5[O\iC^Z`:dBeM^5=~0P%D8=e ,ZfJVu0 P`p`?B8 kcn~uEҝ:_殘%@JWguc;"6$?E%zBEۛڲ<* u`đ0w._)OK !t_ѥD1JqoH΂Iޏ-"删$'..7MV#}xcfvQ dk>p]MjPݗ-_м̧P & >#':fe!P;jŻ#|]>F ~<0DZcR`zGG !9ιzCt 8Q㤴+5|#@b3%G#q;N\a3uX5 -RFkE qROW׸?pD~#1 PXbmf¿"ů%T@Ǫ|^+^p|04<¥5t7aHdhi;#8 Y*K_.Ap&tT! {:$VZ W JDAABկ3vЮ+ʼnSp~g<խZ)~3k 5m(6/dq&m7BVrg@W]lƞh> M _] %r=K#QSbȷ&)MDBOaox궶bQ-P' *w';>QI=0ch}ޚí`IsV'2w}e+}&?7M]dJwTwȚh|"!A-yj2h7@b2N9cbӄ IPk}v[RʄC 2C懾26\ Lv=o"3EwM"SU$u`T#ݳDd@R0)C=Lr .je]&v6V{C9+&9KX}#g`{jo[/F GA^Z!􈮔:8*@I}=`TӲa@ٗU(vϜX$SH 6,:rgX&8ӄJ86vbb-ŬAw 578UF!irP1S.;)k>3/LrTL(Ĥ;IQ4ޫw4tvm 0mY޳4;'n˭VhRks~ &FRzK{`=ju(6b`t: k1,Ver=oyKcĤjMֳH2EP U3AZ|Br+ּl).S vX'@L5zS5ʸ/`4ۃ[tQ .laY.mk1{S*mm=ĶrҪ.cǷM-0!#a@6]Lu޻t W 2h[ iQ'AXRqf,JX_$ia.v4Ƭ~ 8kҔj*1Zy~#_n/tk;\E ``&mmOt vuG$%IL+KZiY3eQ۱ =1':}AfMӊ,HkazK <=;݌U,Z{ |ɳG;AdI/+*"#<=FM)Bo>i-UwܠU u]R"> TCHwnX),Cnh=za(Ҷq@Yk0pnY ܸB*nI%ϰjC/9/ -g~ظHCۋ,D rBvwra0@tg8EmC-^6=fތp Ea-A I)a썷q5N`7/ @dz:k6׋KV"E{m^&GQ@.}Ԇ.j6Ɗ Rs *gw(-@`m_gؔx_4[\$G-`4Pn>Iw-'r`!Okb{﻽me˘g\3i2>9nI-wdۜiϥ0n(B@B" cBm23MZat;/pQCNWš喙YعCh= { 6P5#[{m,^Ġw~:Β[ʯte]w#Ƙ]{ :zp.黍ڠwaIi2iR!Zf55mlsu(oVeoKԂ ^Y,-.?-B֐ i_Űih2q蕐4k$]) ϭv?Nno }piƊhyl`^ ^/~X5_HS_Tŝ6r>,0u&}ⷖݕ=$"j HtV*Zf#~12Rl= ro72 WIR;s&EHAh@+޲/1