элю█    selinux-policy-devel-3.13.1-229.el7_6.6                                             Онш          $   >           ш            ь          
ФДж░ФЬ▒VX:O¤мu╖┐A<   >      ╨       Онш       9 
Q<   ?    
Q,      d            ш           щ           ъ           ь   	   *     э   	   ?     ю      p     я      t     ё      М     є      Р     Ў      Ч     ў      Ю     °   	   ╩     №      т     ¤     	     ■                          T  N       М  N  	     !(  N  
     +─  N       @№  N      Ц╩  N      Ь  N      ▒P  N      ╦╓  N      ц\         цИ  N      √└         √╪         №         №═     (    ¤     8    ¤  ~  9      ~  :    $\  ~  >    	i7     G    	i@  N  H    	~x  N  I    	У░  N  X    	Щ      Y    	Щ     \    	Щ  N  ]    	оP  N  ^    	°     b    	∙щ     d    	·╕     e    	·╜     f    	·└     l    	·┬     t    	·▄  N  u    
  N  v    
%L     w    
&╕  N  x    
;Ё  N  У    
Q(   C selinux-policy-devel 3.13.1 229.el7_6.6 SELinux policy devel SELinux policy development and man page package  [ ╟x86-01.bsys.centos.org  oK╚CentOS GPLv2+ CentOS BuildSystem <http://bugs.centos.org> System Environment/Base http://oss.tresys.com/repos/refpolicy/ linux noarch selinuxenabled && /usr/bin/sepolgen-ifgen 2>/dev/null 
exit 0      p   ╣  	    А   R^  q'  "╞  -№  %▌  $к  #о  5  -Щ  3z  +Ж  *╘  I[  +b  $к  "╬  "  "  /H  (7  ?╕  #Ъ  3╦  J2  *G  "Ъ  &Ж  '  Kм  H>  (Р  )З  O┴  63  >  )j  &─  0h  &H  /  /ь     =Ё  /├  :*  8"  -  %м  FX   n  '╓  4$  7н  -╖  #╗  3j  Mw  0О  >w  0м  9Г  !B  4┘  %°  4  ┐  8з  *K  6┤  6m  3-  4▒  (Б  '╝  <П  W   -*   ╝  .&  .z  .^  -╡  2█  .&  3к  &l  !╒  *  %╛  Q║  $╣  $F  Aе  ":  4┘  9д  5╜  5K  *)  -Ф  :p  P╠  9o  /U  G√  6  .▄  @  )й  >п  -(  2  5╒  22  1ж  5╒  <  $╘  ?R  .Л  @г  CЎ  .у  ;E  <?  0Ь  )Й  +П  *6  *Q  %7  )┌  /3  '~  &&  Bн   5  1┘  J[  /╗  qК  :С  *Р  @■  %╛  5э  <  I
  /н  -*  +P  *Э  7Н  4е  7K  0z  6  4F  7N  1  =  6╓  5═  C  <^  7Z  dР  2  Cq  +J  0═  (Ъ  5╣  ;k  #║  !}  >&  7  eШ  +╖  4  7ы  Fl  %Ї  4^  1a  .╔  O  HЯ  $─  .в  >в  6  7У  =b  ,t  2  6п  1  5w  5O  4╫   Ч  ?;  5R  Q╨  #/  @~  !  8}  $q  0А  6┌  (В  4N  6j  4  "╒  -г  &h  7%  =$  6z  La  ,  IЩ  ,g  #1  /  (Є  0И  7З  6E  +~  4ф  7,  8J  CТ  9  5F  %ь  3┼  ╙ї   Q  %╡  !ъ  -S  ;─  Q5  '┴  -╨  &5  %М  8г  ,Ж  +  7  .a ╚h  Aд  ;H  B╣  j╫  HS  6Ю  ,▌  1o  "е  40  )┘  /`  5  Q  9░  ?i  6╖  ./  &9  5┴  7О  5■  4╔  ,!  1}  '$  4ш  .Д  3Я  8  A╔  -ч  ()  +Т  CG  %ф  0п  ./  -Ф  4   >в  6▒  7  9о  ,C  :p  /#  0r  "а   J  >   +w  $2  ;  E{  *y  F`  *c  /Г  0v  >ф  7l  )▀  4Q  Q+  0Ї  1	  0  )Х  -y  8Ї  .╒  '  0Y  8e  >g  ';  6у  (є  :6  0П  +╓  (y  BG  "■  .K  '  )\  .k  =─  6╔  @  ,6  _т  a)  .Т  I  9  4г  7Ф  Gn  *У  I}  /с  2з  ')  q  ╨  !{  2Р   ╛  &Ё  &▀  .Ж  *╖  .╘  LN  (C  $Ы  #В  -М  3U  )█  I  *Ш  AЕ  1о  9  ="  6V  9   <7   ы  2┼  8ё  BF  /ш  <ф  2и  60  '╓  (И  #о  ┐  @_  -ц  .K  :`  6&  SW  .а  &г  ,  9  !∙   &  3X  P╬  0╒  @z  ;╓  1E  3д  1d  $┌  )И  0д  0Ї  3╖  1╩  3|  0ф  1(  1  2  RЯ  <t  ,▀  4;  +F  ;е  1ю  ,=  5╩  -╪  /╒  5╥  2╘  4\  6E  :Е  9╚  Cр  o8  %╔  BЩ  &Ї  CЦ  (M  PP  7  *  %┐  F▒  (Є  9╧  )$  4  +╧  +Q  5╒  )√  4ш  *  +┐  /  )д  *щ  %╨  1B  .╛  3Ю  R№  =@  I▄  5╠  9-  '─  F9  /X  /И  4В  4э  (▌  5й  8Ц  ;┴  5x  2&   в  -K  ,╬  ?]  7М  !│  6~  (щ  4  6    Ї  #э  .5  (s  $a  !  !   ╓     ?  (Є  $  6  .~  1a  B  5╙  Gз  5\  3ї  +╓  +х  :p  .  9x  1о  3Я  2)  B  ).  .+  /┌  ?░  Lэ  3L  7      y  ,G  KП  .  0  6
  ;╦  H\  .Т  ?в  &q  %  =]  >V  '╖  &Н  6^  .й  '╢  0Ы  '╝  2В  2D  "э  2D  )f  2D  )f  2!  (Ц  +J  -Б  =C  7ї  .р  .▌  *h  0x  I!  &   .ф  /┬  .ю  '[  EE  >h  0(  └  ╤  -╩  &Ц  'W  ╤  /  .U  ;  0A  G  0J  ,ъ  $╜  /b  =8  ─  Ez  2О   ¤  M  )└  B┘  'в  (╩  7$  6<  =И  6Ж  7├  7\  6S  6▄  SS  '╤  'g  37  Kю  )я  &╔  0h  Nр  3  !Ж  Y  1╞    I  _  /о  Ъп  (╢  (╫  )4  &  $p  %╞  /н  BQ  5Ў  8З  f  '  $#  !r  #  BZ  -Ш  -п  I  0;  ;  0T  BM  Х  )H  #0  &   $Д  %┌  .ф  /┬  KJ  +∙  6J  2r  .Д  -	  4▐  .У  2б  -╜  03  -б  @V  5  5Я  .х  1.  5й  -ц  7╟  .]  /╟  7j  $S  5i  6Э  ,5  4╜  9q  ,э  ,X  -J  *┘  ,+  =я  F  0к  ="  2╠  7▐  4:  .я  .B  Cr  >═  *╜  A2  5G  ?┼  /з  /щ  -1  8N  %█  0i  '█  2u  (-  *д  (}  )п  +  !∙  +■  y  (├  )   +╕  %°  $\  %▓  B=  BW  #-  '8  ?9  .т  $╠  :┌  0З  4э  4Ц  90  #Я  "У  M╩  .^  (Ь  Fy  2П  7.  'м  <p  ,q  ,╙  B▒  =?  'Й  8т  /г  (  J╡  -y  3|  W╕  =л   m  [+  $░  3s  6U  У  6E  t  -^  .ї  G▌  2Щ  ^╞  (ы  )H  E║  0s  1  /I  -a  Iы  7  ,№  6   4┘  4[  8╖  4┘  7<  4┘  @y  Xл  &  $─     ╗     9ф  и  ?  ▄  Ч  к  E  К     |  	Ъ   ░  @  °u  0I  U  
o  V  2  │    	H  :  3  v  *    
я  '  │▐  А      ]    ╡  	ё  ╕  З       O  <  &▓  Ц  K  	Ц  е  ╗  f  Н  ╢  D  
M  1  
    Д  
x    У  h  Б  н  Ў  ы  И  э  K  ─  k    ╖  	  
  6  h    |   -  !   Y    .Д  Є  с  N  ~  у  ├  P▄  r  '-  
-  U  ь  *  p  Р   R  8П  Э  }  ╞    #╥  
р    @  є  K  р  ╜  м    !  ╝  6  ╦  q  
Ь  е  ;  V  а  Я  *  ┴  c  ╙    [  ╣  .  Ь  │  ╔  √  r  G  ═  N  ■  ▌  	
    ╘  г  Я│  ╧  ├  	Ж  P  И  e  *Т  №  1  .  ;  ╨  ╝    ╢  p  
й   )  
  э  Й  ╩  ч  	н  Н  ┌  B  O  p  л  6  k  	л  N  +  l  │    4  	ў  "  j  ╘  Л  Н  a  c  ░    o  	d      	Г  з    е  у  !  N  ╩  
;  ═  +  (    t  й  ╢  	д  е  Н    Ъ  е  ┐  и  х  +  р    н  ▄  ;═  Q    $  lx  Y  )M  ё  N  \  ё  о  1  9║  з  (f    °  ╞  x  'З  ╛  "    Ъ  	c  █  ─    О  И  
  Ы  ═  ╛     ;ж  П  Y    ▌  п  ╕     Ю  ╝    Y  =  Ш  ┴  /  +    н  .═  Ї  ╒  Ъ  B  #╚    
╪  ╝  P√    ┐  '░  ў  g    Г  ┘  =     T  "├  \  +  Z  f  Ь  ^  е  Т  \  g  j  ¤      ─  є      ╚  *    е  QJ  Э  ├  	л  ╡  ║    8  т  
!  ┼  (И  а  Eb  Ъ  у  +  n    р  Qя   8  д    &S  л  F  	`    \   3  Ў  ╡  У  Y  Ы  
щ  ы  a  ║  u  V   ;  F  
C  <  В  [    ф  $╨  Ь   8    .  Л    	о      1  Е  ▒  ╙  Q  В  н  "r  В    щ  о  
╛     P  Ж  Ч   j  Щ  Q  :  
ь  %  Й  K  E  X  ▒  ▌  ╠  ─  $&  ъ  	Ю  `  ╜    з  *  L  Из  Х  
#  8  г  	П   ,    
E  В  │  c  Х    ╡  I  n   8  W  Ї    "  
a  ╖  ▌   а      #╝╖  eК -q ─y  ГS ═m ▄ <ф  N  Mв  D│  ╢й  ╪Y  н   W     B╕  Х  Б  Я  b  Y   $  5У  u     гd  /  \6  ╙╫     i°     3л  ]  V  └    i  1>  q  )ф  I  I       K  	  ─S  =  s  
+  ▐    шЛ  *  U  /Ь  ╗  Б┬  Ю  V▐  (  "┬  ч  Э  3  ^w  Ъ  ю  ┘ -:  q 6∙    AэБдБдБдБдAэБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдAэБдAэБдБдБдБдБдБдБдБдAэБдБдБдAэБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдAэБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдAэБдБдБдБдБдБдБдБдБдAэБдБдБдБдAэБдБдБдБдБдБдБдБдБдБдБдБдБдБдAэБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдБдА                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             [ О[ 	[ 	[ 	[ 	[ О[ 6[ 6[ 6[ 6[ 6[ 7[ 7[ 7[ 7[ 7[ 7[ 7[ 7[ 7[ 7[ 7[ 8[ 8[ 8[ 8[ 8[ 8[ 8[ 8[ 8[ 9[ 9[ 9[ 9[ 9[ 9[ 9[ 9[ 9[ :[ :[ :[ М[ :[ :[ :[ :[ :[ :[ :[ :[ ;[ ;[ D[ D[ D[ D[ D[ D[ D[ D[ D[ D[ E[ E[ E[ E[ E[ E[ E[ ;[ ;[ ;[ ;[ ;[ ;[ ;[ ;[ <[ <[ <[ <[ <[ <[ <[ <[ <[ <[ =[ =[ =[ =[ =[ =[ =[ =[ =[ =[ >[ >[ >[ >[ >[ >[ >[ >[ >[ ?[ ?[ ?[ ?[ ?[ ?[ ?[ ?[ ?[ @[ @[ @[ @[ @[ @[ @[ @[ @[ A[ A[ A[ A[ A[ A[ A[ A[ A[ B[ B[ B[ B[ B[ B[ B[ B[ B[ B[ C[ C[ C[ C[ C[ C[ C[ C[ М[ F[ F[ F[ F[ F[ F[ F[ F[ G[ G[ G[ G[ G[ G[ G[ G[ G[ H[ H[ H[ H[ H[ H[ H[ H[ H[ H[ I[ I[ I[ I[ I[ I[ I[ I[ J[ E[ E[ E[ F[ M[ M[ M[ M[ M[ M[ M[ M[ N[ N[ N[ N[ N[ N[ N[ N[ N[ O[ O[ J[ J[ J[ J[ J[ J[ J[ J[ J[ K[ K[ K[ K[ K[ K[ K[ K[ K[ K[ L[ L[ L[ L[ L[ L[ L[ L[ L[ M[ M[ М[ R[ R[ R[ R[ R[ R[ R[ R[ S[ S[ S[ S[ S[ S[ S[ S[ S[ O[ O[ O[ О[ O[ O[ O[ P[ P[ P[ P[ P[ P[ P[ P[ P[ P[ Q[ Q[ Q[ Q[ Q[ Q[ Q[ Q[ R[ U[ V[ V[ V[ T[ T[ T[ T[ T[ T[ T[ T[ T[ U[ U[ U[ U[ U[ U[ U[ U[ Z[ Z[ Z[ Z[ Z[ Z[ [[ [[ [[ [[ М[ [[ [[ [[ [[ [[ \[ \[ \[ \[ \[ \[ \[ \[ \[ V[ V[ V[ V[ V[ V[ V[ W[ W[ W[ W[ W[ W[ W[ W[ W[ X[ X[ X[ X[ X[ X[ X[ X[ X[ X[ Y[ Y[ Y[ Y[ Y[ Y[ Y[ Y[ Z[ Z[ Z[ Z[ _[ _[ _[ _[ _[ _[ _[ _[ _[ `[ `[ `[ `[ `[ `[ `[ `[ `[ a[ a[ a[ a[ a[ a[ a[ a[ a[ b[ b[ b[ b[ b[ b[ b[ b[ Н[ b[ ][ ][ ][ ][ ][ ][ ][ ][ ][ ][ ^[ ^[ ^[ ^[ ^[ ^[ ^[ ^[ ^[ _[ d[ d[ d[ d[ d[ e[ e[ e[ e[ e[ e[ e[ e[ e[ f[ f[ f[ f[ f[ f[ f[ f[ f[ g[ g[ g[ g[ g[ g[ g[ g[ g[ h[ h[ h[ h[ h[ h[ h[ h[ h[ h[ i[ i[ i[ i[ i[ i[ i[ i[ i[ j[ j[ j[ j[ j[ j[ j[ j[ j[ j[ k[ k[ k[ k[ k[ k[ k[ k[ k[ l[ l[ l[ l[ l[ l[ l[ l[ l[ m[ m[ m[ m[ m[ m[ b[ c[ c[ c[ c[ c[ c[ c[ c[ c[ c[ c[ d[ d[ d[ d[ d[ {[ {[ {[ {[ {[ |[ |[ |[ |[ |[ |[ |[ |[ |[ }[ }[ }[ }[ }[ }[ }[ }[ }[ ~[ ~[ ~[ ~[ ~[ ~[ ~[ ~[ ~[ [ [ [ [ [ [ [ [ m[ m[ m[ n[ n[ n[ n[ n[ n[ n[ n[ n[ n[ n[ o[ o[ o[ o[ o[ o[ o[ Н[ o[ o[ p[ p[ p[ p[ p[ p[ p[ p[ p[ p[ q[ q[ q[ q[ q[ q[ q[ q[ q[ q[ r[ r[ r[ r[ r[ r[ r[ r[ r[ s[ s[ s[ s[ s[ s[ s[ s[ s[ t[ t[ t[ t[ t[ t[ t[ t[ t[ u[ u[ u[ u[ u[ u[ u[ u[ u[ Н[ v[ v[ v[ v[ v[ v[ v[ v[ v[ w[ О[ w[ w[ w[ w[ w[ w[ w[ w[ w[ x[ x[ x[ Н[ x[ x[ x[ x[ x[ x[ x[ y[ y[ y[ y[ y[ y[ y[ y[ z[ z[ z[ z[ z[ z[ z[ z[ z[ {[ {[ {[ {[ В[ Г[ Г[ Г[ Г[ Г[ Г[ Г[ Г[ Г[ Д[ Д[ Д[ Д[ Д[ Д[ Д[ Д[ Д[ Е[ Е[ Е[ Е[ Е[ Е[ Е[ Е[ [ А[ А[ А[ Н[ А[ А[ А[ А[ А[ А[ Б[ Б[ Б[ Б[ Б[ Н[ Б[ Б[ Б[ Б[ Б[ В[ В[ В[ В[ В[ В[ В[ В[ З[ З[ З[ З[ З[ З[ З[ З[ И[ И[ И[ И[ И[ И[ И[ И[ И[ Й[ Й[ Й[ Й[ Й[ Е[ Ж[ Ж[ Ж[ Н[ Ж[ Ж[ Ж[ Ж[ Ж[ Ж[ З[ К[ К[ К[ К[ К[ К[ О[ К[ К[ К[ Й[ Й[ Й[ Й[ Л[ Л[ Л[ Л[ Л[ Л[ Л[ Л[ М[ М[ М[ М[ М[ М[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ Р[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ П[ П[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ 	[ Р cd065e896d7eb11e238a05b9102359ea370ec75b27785a81935c985899ed2df6 846bbdba1149ef9edd39c6f18d37f29e5ed9cb3670521f142ed6d7d2bf9f2b83 42d2c3aa4d008aad3243fd00e4723033e27e253289356cdf2cf9ec46135a8327 bceb4f36b0f077b7a232a94e214b3b0a5a85152e4d89c193f92ddaba3ede1ad6  5c081409d24564f4f74f7a488fc8fa0da18cea310e12b7b419eb71f9e38a17fd 565b56711615c2aa76b7cf84f52414b638a687c920caac19629026f06b36a4a9 69b6f31e27c5e0aa7f30e4d0581464b572332fb6ea658b7b83ae6e30dab1f450 64162e5fb6a0727d80c5509356640bb6bed05c209c0a9129f2377d4532c9d2ca 9246b319dd0837ef4f6ab7e7337df459b78629de991469c245b8e402f2c43278 092cad07170e3bf6eb7fe9c893c0e5250433705da1be04424f574d83fa1b9a5b e7795d7bb06151c7d1439892ca301506cf76fc374322f65cf47267aab87a2407 d6823148fa4ba2fc488bac7a7c989af62c8a1eef9324049d2689d53363896c4a 86bdde70e29369d66557d758c324d79fd6675e924f044429a0ca6946af05c89b 3df8baf2284ef2eddad932ef4202230ec4701d363e3f4e24763f409cb00e0c84 75a83f47bb2136a9edf6bbc7783e06e85b440258fa037013feb5b789c3f29c4b 2c1b545f6b05803cd893b2e3ef3efd2a1f88ce6192820eae8965e141eacac932 da41c98eb7a9f8c0c20110677e9ac9b15e640f88b0459da57fb56ca82b985739 3e7e0db07206eca4942222164d2c4ac9354903f1acc1d9ad8ca11ad4c46afc80 d1b693f3162dab4d15216f0dbc33edf012ee5b966588b4f4b9cdd5d189feb678 9793c06b11879f224185b4e5b7390ba9d14e1ef2a38e80622fcace7c399b9041 333ad426f694033130b62c375abd4402616cb70aedeb3a8e3506f92af99d0ce0 fda3fa2df087c8bd2d86960fc0f2d44c2faf34f85b01acd5552fd6b692f4231b 35e22d3b8edda6c7778f4265c8bec6a9b4885df9e7150d5ede96d31d893f09a7 7cf80e930c5e7bb71602ad8d9828dec07c182ff33331c126a24e76cfb802f63e 1850d529b5de513dc462b9d198ee3a627c8239804301f31b107628ec8152f35e 361aa950d1322970cfc5f32530b67fa596e8a4edfa9ef0e4fffebb11ff5ce993 f2efd6c20b0ee0ff723da131227e90c8a971f267572cc82e1513be2ba91b08d2 f8bf25a72ca5fa4b609785e6541af425f3d1dd614c0d04bd1f6c921daf5fe1ab ea79aa87e4b74fd780e17bd17285e0144acc3f5f088460e5d21bb51cc99286af ed1f8633ab638fbdc51ed1602e4d21b52edb2422bb7b3b3d977f32d500f0379c 566ac6777de165172a9c17bc823475cd488c1f3ab2de48d8761e50eac4b4f2ac b1c7ea941db91315f55d9574879afa400d83a7589d7cf0973d5cf7f1c2928f5b c7af01c0ff490ce1e5049e8604635ffc7d1b0fc1babfea65940d75e9154de940 acabecff3e50660a7a6301eae8f28f4f339cf74a42a23e899391cd4ca4269153 e0b988288103c897e9e7e95179e8d1ccb78fc508702b46e71cc7c6047db3fd63 09bc3f0e4a4ba4848a2cae2322732f5be84ac89843aff4ccc11be2b1ef283a0d 1e2f31d67ee20b23f57fb479efd9f760a1f9e2ce1f50909d685c072e1cb78bd8 31cc378c624534a0dc2b139101227b60798c0e98aaad98a0a512054df11af901 bd2a100316730fb88191c88589817ad0d05b29b1b10ed5e043a841cc128e2c75 c265c465441a04fd898d4714414918673f11fa8d57dab52bb2efed219dd6892f 2b9568eae102d1296077c8a35a3bc6df0347e657014730c973cb2eb8572d8a2d c745aa5c91a9ab8631ca577a8e1681390a057ed8e7a382af148fd20b37766025 ed47ebd7c71f51d312bb9aba3937aae3fcf724fd7798e259a49a439a952aa2e9 aba9fa3f878d96e3b31a589ebc8bdadd9b8efa995d22988a4f5df2f343c7a2f6 8fca2363a7c87d5f9879c1e1e48c60bdaa23198ec9cffb30f6cd59f57070a5c4 ae126e00cc645e3eb8a4f5a0a0002e24b9fcdb73d270c9596cf35600aa77506e 62b0b575feb0ee62e4d8022ec372aca77ca20e149513a595760bf61fb6ea6761 115487bb765f14f6f52082a670f62e2f9e2fbd092716ca27af83ac241c1c3b16 d451d7f4b52072e541a8cf5d88af96d589f611c003a74269161792196549f971 34d24deb44591fa32ff99c9572864dcf535d20f29dce9e4800edf20b2bb75961 f4d9d299781990d1312689c7b4e846d0ad9da1b8d6203ac7831d7ded4b9569ca 8e33c27ea05ca90bc8331c621329d11096eee8b5eb1039bab005045c3ebe08ca 6400b586768731ca79c4918fbefd2dc7fc530232fdc42f2858fd735ff9a6b4cd 7c978c33e8657d91a1cff11a0b39736caa46c4faac93be1a3b44a5d0783a5382 a23824e262aa5f3df1fc0a1433d58264bed9f784995b80a405dd07f1dbf5f188 c8ef6939aad7a86c845aaaa89fbd2220055b0360ee1c31d70786f617d5eb80a2 9a0ff7f7946289544c6c81b13de3a60f6bf61186d50a158d0ba953bdb423f3cf 80f9b6a67c56e9cbf0960f588cea60d7ecbd1b02b3128eafb48728897b308fed f974392f72119427e3556221b62e3be9992099ac014dbbfac71ff495244ceab1 fa0b09d7b708687eaa9a60be52e362efde03f6607d9f883cf1f507a3f439076e 5e234037551789da8284eeca34beb8a050f602c9685f5d97cbef2550639046f4 86b797c2b27abfe9e5659fdc744a804a23c158b3b13f49244d63982813d7b25a 91e67181e04ad61fc31d71f82d17b05d259ec61673146b7f1be19126d75df2fe f416fb107823e573eefeee74382f1084ecbe373ad11cc4585d228476b16e136a 80789edb2c05b5d88c98d75d509f89fcbd3fb1ac7008af556dd87f89f7356281 46fb7ab9c7e5bdb5e367a37a3a72695984f837afa006ced5b0d70f1160681772 2409f5e500789b572b23bb65ada9cd8cacf84ee156ecc9511c6dc7bd8efb4e4e b1c789f60d7e75f1b2010064f260f429e3891acf9edea0917ccbe408e1e2b5f2 8c2f105915c1905c1c24966a745e771ab67a6513b92fd932cf2877b5cde9fdfa bff7efb75301cbc8c84cbb8ee088941240b61c6c962fc8682b09d06c4b295f0a c6974e82958aea5506dd57e0d6e08d8965154a2c46867db8bdc2bd78105463c2 32013433be3f322d8fd44ea71e3842ce450ad04bf017faedc96c658f6c31bc66 77553ff304bd4ba759f5049c1ef46c2a50a18765f63eade36e9de53c87b06712 65a30f2cfe28c9ba09338d01f94fb29a1397d9b15423b12e292461396d4c1b52 ee7f7ddc4ce0809f3b557484e66546b48953756267b49b6931785a2a21dc5622 5305d444474ddc9e28ae30448cc55491731d83ea1f242494a6bc612b261d9867 98b9d292082c83c065e01f87ab3366a5d6a023f0c7f5cc5acf21f3a83189ab28 cf1b4a36f12b7a499ab825f221b641d7da8ccecb29bf8529caf635ebb0d404ae 2982c726683b9b942017f7a4b16971a4b61584ab0fdcda799644d7b2044b963c 68197010ede2a435b2c36d346eb90a9be347dd2d17acf3fbb43e702f11e3e0d9 b329337f9bfd892fd88f58a09e4236ad2014a531612383292c51fa7b40c381f5 ff8a7d653425452734c8384a97e61c1e96251e37f9fb782987d73f50e28df141 51911e17eacabbcc8662caa18ddfefcd9426ab1209ebb6a5057d8ea5bec94496 2f90d4f6b81bba12c4c7d5e677199450b6000d80df6cf4a65021039e5997c85b 89eaa1e38aa345b59853ef17e25ab4c2e883a50d93b3179bb81ea276a5eb70c5 9fb1ceaa671eb5423c9c758ae7bdfdecf75b366f88c1028efa6b4f2f46ff3653 41021e45a441196a419f5042a1e75a2f11300c97ecd4ff3057e4329d68a68afd 86c9666d222805cbff7ba82836cd2113f43b5da7afde83ca5578fac36d17b1f7 d885302ad08f0d18032a6f612de55fb3a88b61bb35cdd2f145b40c4bd87fb0ac d329d4251c1bc5a481066d139cd21f374966ff4bd2f4556af5cd3566b95cad59 301a26497d511f015f83df3cb7c37735a02daf15fd643cd332c15c35ad5d45ef b5557ea5168356028d6b014837b110086e12bf9d7a3440a20529da115c7a0500 e0e50372edfc4fe6e03dd21f9cfc29cee84c4b8d72b6099f66ea41dfdf15fcdb abe1ce20b778fd56379c6677bb5ea3939c72b1be8a48745ea100789b42221f5c 003d7d213794cf218e4f7178f931144b6e3197e2cefcdf7485fa8911d2eb6719 27696993941817da87e3de213b22fb3f0ad4644bc2e8a80c84ca7d1eeaff7bc0 a4a05d623d7cfa0bd7edebbd8df817afe7f0d89df0f972ba06a4226341f87e78 81098b07e1b2f3dae724296e24f08a95da6d0612a51c4ce5d7a33757a13515d5 ac69c1c3745ff76e5b2dec0ff28a06582a73aa9f2948ebf1d4c848ba1c06f799 3fc80fbaa350242fa527951b9767cb0776e324f3ac5089d4b2d78baca739d1f6 a174a328876d7c0ece33ac8d79508e7d9f10a196deaee0cca72935eff2ef24de 631445865bf6400e85b5f00baecc961893a69446aebe6033a7d301f8d1710d0a 625af65ae84dd18aa8f2a18751abc7116322ae72e6c46d4dfd3c8b0e279ac4ae 0760c4fdbdcb487f844badf9d5ccbd39455878206a6d2de4ffc6e2684125e84e 1e5a99d33e8aebe28b512f47f027ca6e3b52d03ab6f98aeb7711846a32ef0903 f473b9054e258c35776703793e2a9a4f28e1251438dc71f032cce49de1d39989 2e6ad86e023334ddbd8529f08ebd8fb62fe612542162abfb8be7a6f651aa5cfd 46adc81e89d1d51fd70c949b25a4d447601ae040ff1ebdb5aced20825c07aea3 e7600c5749274ad53e2f3b40f3140b5b4a9aa8d9d0797406e72ae51457aba72f d962b477a98b539b95e001323627c670d586ce4cd41a0f735bd5a02fb5ac1c71 47ec51a05a2b9e15e1773f5209f2702366743bd22df13378c590d9fddc312211 41fa69d714955a23551282dda1dd53c1394828c0106afeedf395fb39d277314e 5fdecb63aa96b5a167f9d2f479217e2fcd7f7281d6d9b9a38000d09e8b695cd1 80e097987c09b226f6cd4c2228029380c8a9e9b898ce96031f6ee12a88031447 26407989f3cfe477d00b18e0ef978093fcfae1595e2344efcf9b13d78257ddb2 572e6899b7bb6fcd6335d7c12f449cc8eb4e48b8f7105746e5332019882f4e41 a5b99189fcd6d3003995d38a8dbbba38c67a28db0b10932111e62c61f24ad38a 2dd0776fef11167a257b8fce705b05fec03386d261d8e173e4e84156b33550f7 1f348521f115ebbb38d3f7fb63f7de68fc33433b7d1f020ee6bdcb2c9709c765 628de02718b528845cdbf208ddb1cf39fdc713aae6b6606e1b8a55c2faee3b28 1f40e7f9ad20522e4fd1b001e903a7e416b8fc6134cafc286e37f6ad453eabcf fe0d6c9ca161947d38d1a4722c7540df3840df9461036db265c698d22c46c8c7 c0d00e11782badf911a3f378fe26e4de13d07eae6d4ee3018c1e17764629fc1a 448384a722a857aa1ec34a06b8c531aeac10b68b2f1d23fd9bcd8c99f7e2b571 80a27f6664538fc282662e7cbfef7184f4752a896e8b85be1466c1305384b1b3 097491df7cec4d19b1db4d32190738b17beff0a525d85020aab551a7ad34bac6 a12283c5d6d00c99c7aceb9a6bc36f1c65dbad5aea16ad22eb06c21db05920ef 1f2ad6ef2d8aa5c726981849f959102b066e7a772f0e2820c5e6bf93841ddb53 b3e4823fce8ffbb2730a835c7aa431cc7b2538bb57bdb13aa1bb9bdbc2ba7aad 48dbbd43ea6d2395a50dc7969a36433df81bcf7522fc9b624baabd263a9dcbb5 8d406e21f4a4fed7ccd870ac5001b31bf912cb21c3ca775daad65c2603560f36 1feba5adc855a2c2cc363d9cf8424f8c67d8760a69f8fa0fcaba3e5ede7e9749 01c9ffcd70657ffaa5b586ab86bf296f15c599eced7f508916c94c363118f0a4 04d45d01fc5918b2ff578137510d75c89792cad328e49bed183356a122ce642b 83bf784b03475d87df92aadd2fb14cd04f4ea2029e00aa544a6dbc272f372d5e 74c3cd400271adb43967853f4631d795572fb347793938fecd36e5b94735d908 21abd205c6a7254809905fef7263aa29b85340e3421620d2802034e718067dcc 1e8baa82fd2fe7ed6d389a55df1163c84c19ba5bd74c58395382264cea54d194 f627025bb6e7a7a6387cf3d6a2e54cec12d694b29a00bbafdd4c9f53bf085aca d8a72d7b18956b37e344fe0377e30d76f2c53df40aa8155f4a5c15aca5426423 523208b51ed609d8705c1120dc87cd6b11e0a74d404f8eeb40922e7bd2994afa 18dd3aea79e2507a2f3c0a55f6ba5dca5a8a3d0227ecd53ee9d996db599bf881 5e67111d782383c446c2a955561587986649040eee0b48c0515d4079a218ae2e c586a32dac4d0648ef183c2e044448561a46fd5264cc217857e5211c76fc5c76 d71b9523f955366abd550039c8742cd20192fc28e0578c4cb8c1bf9ab95035c0 44838cb9106c22ffa075fb1e09ea7e9b5559d3667b19e3f5b966b7ce9920b207 3a40a37948e31e883492c72cc448c57d05409890544078b2e5e85bbf13dff349 e6ae6560a1eff3f615daa4806ead43b6aa84c84deca0119bad66cfe812bfa8d0 4e4266e4104d6192cc11c21c246d710fbb5d2e1110aa35451b6c03475ef46b76 b7a97d669ac2525e29ab4163f7d74811d78e1162fd1215b2c0036e3f80288b9f 27d223158ed6504bb5b469a8f563868d7efcb165fdb6b4ded2055580b0b0a4e0 b0e4f87158b915ca9778c927f98cd31437edb94ff0fd357ce3fbc7e423357a06 cc19e166bb0673cf4098de8de13c60d6572371831d51ba972fbdc3d4234dc24a 68ae2ce877bcba71c7aa0a0e37195d5c61052027c9b142300ae30f897641aff9 1f4773b4868507c3d77bddfae53d4109e852d79c85181e7fd841122418091044 41187af19ec0cf6cea86d1ea0a522299a9939dfa5f039e4626ba3a8a3f76e128 712bd3a35b7707290a71598776c8ee8111849fe7e225b2417f5a4d5810d7af8f 8dcc1a97367529e8ab7f357799c69189d452650d5385a302e755c1731c6dc0b3 bf7acd8575777da9cd8adc199ba69bc892be9b86efb4ac3008a23e16590fbdd1 2ae60e32f5b78efb1b0faad599d34ae55b4fb61f837d1f1efdfdeedb03372d52 c013dfeae38cfec50500aa6531cf98a99b98dcb368c3a86eed03929779ff8007 5af586c3d73ca39ed5520254aac74dd1e79f3b9da350c07db0be4989dfe6f2a9 6ba40d583046cac04c3184f31a338bf24204fb5ea0f1d6a3071a803dfcda854e b82d5b3b95f4eb8686aa31e6080cbd74bb9391624e50e2c655eb447d573fe8ee 68359c8e5a258eeaece6a7077272b615125f5cd12fcd0b140b884c303a62306e 2132f77fa5ded7f7ec0cdf9c35e3694ad7f503fb1aed09349e0a651c63e4f7ef b888a73d0f40d51ad1a0739b36287550e7dc4a1a0821a771723206abe2b56e96 8e7f6c09672b094e2ab91f527ed1636e41a965c17a19d469d98af3e17d870c36 f95c5570c9db2e814655ab6413099719f516483eedea702601bbc4c986518397 f9545ffbd9163d2e9f5b2dcf52051eb90c9a569a73a85a6c6a3e61a2d4de4dd7 52948d59322066b0259305e775e834dbc9f488b1e018380e2bc57529b36bcb36 82e61aec44974334a624f434732bc359b9b77a61c18e28039f37fec80e65b1a5 09575c50bfad9cbe66b94eb499d80e8dcd044d2935ddbda25632f6f9f3785099 0e1a7722b8c6660ed228fd646f1b6f63bc708b44c7529e47267679d7a93fda23 0385e52ba245936c933655a2a648e27cd40f7f67486c7b3f359f7d23075973d6 1051d81da8b89cf62d49533fe34c12cd6e9b4fdadc50c0b517106b2a45a12971 dcf693f296998057032b203ed9ce4fca5234e933239c008268e4749345f03a08 5b74403343ab2921b8b8138cc6b3eb236a1988afe953a699e1f1dcb1d59359c0 0d8cd0e35f57248b74127cc7566b97f048afe5c6687882c0849f9e703c900d3f a9f75b245633ab72f4c9113fb6cbbbd8e845d5d4b5eaf86c7921cbf749503007 43ffa2cfcc6590a707d3663ccba453610293d071e1d1500091fc06528e225954 f97e78c038ff7ca9d65d3f11cbefd517db99050693db4b465314ac35a2aa7669 b17112b8e38d60ca56c09e83b9dea7ee118ef7ab42978498ead35f7f1716ddcf 5b0893a79f4f6251dc86e76281feb4094d05af37bd171ad4b7e85265e4476f12 8c2b9f7c93f66b857be7ba2b82c21c551b5649f7769c6fdd764e83511cb09976 b21acc3e8c06f981971bc269a2b482f5eedf3ee275f7d887e135c859a8dc2675 ec76b35f10e4b9945742fa77d500c74d98fa5baee2cbdebe051adf56eab750a0 109771bdceaeb934a3c1e522520141276cbb4be155dc57b1f3efd0cade9c78dd 393cc1aec3fcc8cfacd8bdde54ccd5d77f1ce9c1c420f46f22c77955dc907937 01fe5faa6d2cf1c818409a16e137e9b74173a594335927f0ebfe2be0de3638ca 9fcce693bea886a2494698dcf315a7acf2dc0d1842a5a23c1f434b3a09817144 933311d07dbe0f3535a33b35ae848f93d9de6943f8d4c1691fd8cd7394dffe44 609fef0fa704fe478a7ea86f87f208fff191c1ba903611ada4ca4a3cacc5381e 54210412c6e07b8f6e0a022d920bd8f197a9105f93078475614c0901c94f71f7 54647032b678728017a035d2c2ea540bbfd078965605298cbf66e54a590e4bde 95800524564524140d657818ebc9d90ee9b83059446133d19aa18624eeac4ad5 3371e5cb2f5c7c8ce358fb726fceb9e5f2c5fc1f7e1558b3adabdd52b21cd556 343cc80a53fa1b639556535844ee7a11c39bfb59857efbdb5bfec8c834d6a69c 0fb91e1bc709cb52a51452ab0e75e1e2b8d658995f766d42da9235b427f4425f f5c7cb325b2d9151144d820df7901b42ca5c4a40ab8eb3845151b6121339a286 cedcd6ebab6b66bb43abbdc40cd27508ee4dba8384f6ba3197adc415937698ea a75a64bfa9aed3a1a8f0a75631c7dcfdc786cb97d277e2028df72cdb5d75c02d 82065831ae67a294124839a4b3226765dd112da6a10d66b71bd929e4687239e4 f8990f647ee0cd8bb37a2ff6fa704117199309948cc25bcb8ffaf01ec750fa5a 49970d2464f02c666399fc473392473daf539d5490a19b0bcba381f3a2b56be5 2d8c20a3024d943ddefdefdb8b4ab0c76de5b68a2c36779b20793d6f1dcae650 b75f7d9e34bba0de20cb8f02168600ab984991cd55a987d0eec2d6c6940e6510 a2b4bbaa4e67dce8dc696085468ce6610f0b889b369ff3d75ed7379b94c3201c efb81065c2637c584f9aaf81bb1fa5b1ae48744f4bd5f6bddff6543ee993ed0a 7f720263d572e9af4a422a978d79ebf8e20b7d10d9bb1cbc21232923d8880f9f 6d8f4733a71dd6906445881591b58657ed26e78fd2390bd8fd15656125a9e4ae eff06e5eb49aa801f7d4a759257a94c6a33839b88b35f196a58c6e6141fb3e32 510b491c5136e0d09fca3eb0136136e36eff15e0d7b6568bdfa634b8b9e5950e c4c84c84ce4bb644b99cf1063a2e9ff0380929c5d761d291f0b70d62fc9a0e93 daebb11a9f94ead76262d54291d0e3073740a5b388b4d3330fb515998d0cf2b3 4aa2f001062053b8eeea0965267e0501bc36cfb99f4425437f952b5f783561a6 135b4478d42cca9e71bb62823613b2eba6a2370a779425e4f9e97855788381d3 302ffb09a0b7f57a7ea666f16e68dae175fce1bb03387db4a8dca5b07a251ac2 7399bceebb33c1e13789fa3a1c6990117e22383b203dedb4c041fda287e53765 3abb4c500255824b501b233a36c07f8a518ff7f3e2fa9556f558575c7bccf315 342f11801ff77df010fe7470731ffe6b1697d9c729bb188ba1a951f79ea668f6 2b22a07e800a9f578920ed4f2036f52c10b3300a3f0ac26f8fe6b38d2d2b218e 28191b0a688216e024465b84fda179f8f11f726216f3f5099d25ad211551bc7a 97a6395dcb16a3e281980b78d877b1e49191f3f2820f404001f91bf967f9eafd 5b7a38377c78f4cac73f05d1d09858b2c48b1c38a26624c650ca08f3cfcbf95c fa161e11786e1ef8952059667507ea9005e8c876cba178c0e96a5cca3d997bc1 780559e93e22fae888904b0d4e5030bc932b3a38fd6615cc485ac59e3947c7be ef5979874f5c388db962ada3e605a7d7a0a0d06b4b17d9a477ea9975539d9897 4342fc77ab92cfe42eeee29099d9972cebee52209cd979bfcd3b3eac89e9a73e bef5efb87ac19cb9c90703dd2f324858c458d1ea97a6bac08e4e96dc21ee7e91 1bf4434f46378347e1b418384ab3abb00803b5295c7c9648bda3ad7f8f50fde0 f7b5ff9df5d579fab8c4cb663d050a6f46d63d77b36e0d624b7cab6f73598ad6 35a0b665b0e56f749a41a65ebc13348c6575b40f669a6ecf15cbc374fcce099f 21251a2b0a17a8cad24ae6cd6f253d7bdc93f7b71e21cfba403e36312c6f85da cb206cf9e658ff00aafcf949ef9cdaea7118e5948f1df48355dfb3fc4659a68b f63a705bebff06cc0a8c1a04aad0172453818059ee863d881dbe009690aac268 382ea490dabe197cb543afdead21f8384e7ba788dab9de422fb5a5f8f6586b48 54628b756fc41c13c01d6bd77a03e4faf8875ab9ed09a1b2bb3e5d8a2710cf4a 7acbd07fc5881223fc16c07e4599d993159437795c3af5a6e4ec7a745221e158 808f3bfd31aada683435971ef3f43ae2000437623a32bd46730751aea56d1fff 99be9ebf66c05aad9c65fa5e683c1abe0050495286bbcf75d792caa85bd1bb71 cf68758c2ae635fb616375aa9abcdbb78e3f3a5c356a173bd6f8f0e7603d3f64 e2bd5b5572de178c065baa04595b918723e44b70992819dc558cafa0e2484f66 816534932e26cc8f8341fa5a3efdf0fdd2da39a96e57c10ab0514a55ff1495ed 571180f18071c22bbafc02ca443e56256b23061ecc1bc6d6fdada24adea9b424 21dc02422ccc81c02ef6c6ac089c5646f3e42e144a574780ed1f04361f130a87 f2dac84f045bc07d329c6b537369370c8c59233750a6b93a60477f4795d18f2c 67223aa74a66f85e021a823f0532dbae5ccf4ee4cfe0b9c38008f3ff82b39205 088bd5652e8c4f738f80664d815c97a64bde4e98cc06d906bf64fcac3e96fb18 c27740670b458d45328150c56dfeee2599be167b6478c51bd9902bc530a605c1 2d9c8fd53ef88a9106deec350d6ffecc0bf4c999dc11c6411ded6ab351da0ae9 e396682b189408895c7158b485813e6473b698b867c8b8242a1aeb362a2d4e4d e55fcfad51869bdb66985c35838e2ccc74a5d34503ce81d4af1656ac82e6857a 02da9a23bfdc985c36403d7342907ec1d3c5ef0c7f6b4f318e9571d4e32406a3 78493901cfbcc81b784dc8fc6563e4c1df4e8b6897dfde05634556afef6daa90 d81e4743a8e9d4c3f069326736d47eedb90ab708fa6e91f7750e525454d8012c fa5f82d20de26002c28fd81691ee8be4fb049b958781b96b69376d13c31fbbcb 9d135f34fc2c1e1e432308562ee298a1bb9eea7979847d9e254567f0dd6cda6f 58684eee1931e2a9c63b6f6c2d2877d860cdb293dd9b87939c1b1e41b11a1743 75dbc68f63d6dfc5c94d83dc24fc0424313630c2f6cb520b8c0b3026bc908845 d1bb1f9adbe28ddcc4ee5594cbff721590d5100943c1c59be26a095e32ad6164 90455c50d4bf44dbd2dbf20d0564aa53647089eca232048c63a498f3c6f033ec 62c55cf69624d0ab9b90681b627c0587f9ed819868709ed419038c775ca3bdd2 b899ea23e65393eb50f053be0bdfa19deb768a2bf46bea4ff839780a89ddd654 91bee3f7561544fc2e4ad7f8725fa3a98657d95a4fd6d3a0f088d9f7aa15eb59 43b497ecf96b57a58801624f86c57a3a4550be99abc4fadd42f669ac21872ae7 b5dcfd0b840f2b4c5eb8e9d4d2f8f134d099878a4380d15be1c65d28229a3054 6e33d35315e47c8f55283aaad1b959ed045777ed39dfafad8806b95406bcbb1f 06c1dc4f7b78c320899db3dbaecb3e3668dff6ca6242aae4d9085eb1889721ad 678626d24964d0dddd96904b09928c3454d56e096ef0f69b159fb267661ce46f 892d043522e29c8e65b795b9ce3962c22b4daeb737e2440df7af0357cc5783be 856b6861601611cde249553509a4a9f124fcf2ed69fb70b2fd13db1e53f26593 fc47749336edf4c0bb7decf7f12751ba03c0bf2d58cf729743f3083d7fefddc2 1c72306d39b096efb8e3a5d2a898fab3e9022188ca8f2659ba3821fb2d0436e0 8f559f703b0431431e2e3b647c6e3d87354120b9ce2d71e50174edd6a31dcdd3 52edd256fceee40920de4373057f7a43f86dffada709364af3ceae34fe9578ca dbe52136bdbeeee9f965c01c10a4a8de5447451d265973a904af8c5f665f6c9b d90ef4f6ab118ebe0236e046dbdbd3a1528986385fe5c24ed9ac4b68f957e5bf 91210d37ca3c686294f9c5c48141f2ab4ca2e0d1969998746f39be288e66b0b1 24b10047ca861774538cd1f4fb14e52cb1b4671b748dbdc662266331cace8b1f 4be9fe8e86b73bfef1d3f02a982517add712e7758da8792a98cf1cbdf4710642 fc23431ba2f53d3de95a541efdf7fee3d68c673042a3704a69ff547154b5cc0a 17d807de4df43915b51317bd1bcdb342e458d7e41911a7a325416193e534af8a d7a30870f4a4bf2f5fa2d8a1b5df79b5be70e6f2c04702db9e98c81b94dfe02f 81440b155ddd23d0f56396514cf9a833f7406a31d77601bdbae7ae6ea2a79b50 e3d38539476bb4afa41db743e1cf3ca7c7ede289b1982f4e4f7e6933004f6577 f27e88ef1b9ab3662933d1b0c707cf23d2299aa0428de9b0658fcb36d4a8eda8 19c8a74ed8acf9dd28772a017df731068f97c2b153c7b29801d765a89b71c35f 9ae164423e6a6cc44af6c5fa86c2c0a5f8299ed88a6aa289b36bd349950b3f6e 080db12ac9b25c9b4de883100513a23be77c14b788e79abb94dee62c5d5e59e0 ee1889faf7d13c3b73faa4fbf779775d18a997d2644f0f15fd275231f30bdb6e 87bee0c046e9dcfa27e484a1d1840c1bddf3785b17daeb9cbb9ab965c35e2da7 dc275025e36e1335893ca46d89364e94de0d6f358a891e37effd51de75cb6003 e917c6c801c0a7fbdc0d3931af7e1d63da19adfbb25a205445e7ade8ebc67d07 703306162adc458748ec27b9f7f333a0953791ff6de38369810710afb55e4e58 9ef1fa8f407fb13943527454154717be2b1cf407207c601adc61ed2db8c98e8a f18128251c3ca019235fa3a617867137a0203e51d8050c9aa1c2d22b7168f316 c58ae52a084d04911aec1abb9ec3b29bc89466d538a7c5298206ac2432125e3e fe2e29edbb2dc84935bae6b3244729cd49a3f69eaac4a29cb98738e3ab6bbd27 60b7707c9c8f94a314aadf3033408be4e74bac07b1ad3d2ecc2e3e3aae0f781a a5f6863d5411aa7c328b4ab3593338a440a4d2b1e8ba53f7b21482d2a1281d69 f2572cca2a3eabbf0415932a45ff6382f1fc04d439ef4d2e70539ee15a642abf e08306199fed867fda82d5a211cb7a5fba266df054ccfd68477f4d4d01d020af 4ffbc49a208cbe39f1161ffe7e07458ea4fc73b968dfd8cdeb8af35c83a9ca70 889e5a8dcfea53cab24d4ec15e0ea350b959948d277a46252a2b4ed6f381534b 29cf01ce4d720ae71ebac6b6af0fec329b575fe8479492b6a2ce8b292c0bd236 d402f4e89b3c2cbf46b743a86fb869c9ca8cec89515b28510fd22f5a988620be 29d8833a5ea256b09bdd915c73da3d8ccc2be8046d2424616426e6fb31eeca99 6a19ef2a6c18e7e118e5ae95757e166c76de9e03f24d9d165093f1115d05d319 0ec0d7fd49b13ce51c429a5850242d2e97e6081441dddae4d4d447e74429371e dfce5a9d961e92f9d37caca8e047f9e4420bd651a16463da3fc49b4e0897e228 41333125355dab5a21c92d5f226052e608b3fd5313de48330ae751fffd942166 8597121d4ba4bf2b3e0d2b3f3fb083bb37f95cb4970eb66060c8c967b5696dbe 3342cfdafbfd9ef90c6b8236b81f4f798db294bf62b5dbf5383fcb81488acaa4 d218cdecd2589b612dfa6081a18fcffa9c20bbb7468473221929392590bf36f0 03b6abaef9d2abc2e6aac26c2d9d3761d6fd435daa91bd096fc90e848d75f8df a3cc59aa7596e59fb83c0fa2301a83341edd487b8d35a1018c3c5f9cb5d4995a 44cd581adae3c1a5429b0775ed65f40daa6fb23214d55e79ca86c90b3feb4fb9 ca579585bfebbba942ae13c43b3739dd3dfb1ab7e659337e8a59e98ea82638e5 729ba64878013810f21ce4292debb467cdabc7df39aa0c66c8c339cadf3a9a9d 8bdf753b677d088b59e24e4cd0de3818efaaa8bd4ca462b1ba33b030d862fc62 194d4b852568cd0b77da525b6e3995ca27e2bc7f3a14e76de46497b477276b9b 0a522621e31bea5c7837235899ba23da3986157a3a8edd08dc6e3f1338472bf2 c4ba1a62ae08b72be49a4d2e6edf881e0b1e196082707e4930eba89e3e314cd7 55eea17809b2b47726e6cf29e909d626e5efdbf96e8948e0cc9bfb9bbd6ec880 7afce170740e021fab53cd38c429e7e9c9cd53beb26e2934d0c60fb370dccdbb 0885842b67eef12cb9780a681cc2efef37eb789b6dcc166ed4bddec19426c925 fc01f6cd3dab7e10aab8a6db906befc078eb252ae3e0bcc3fada8a92898337ad a5739fa75bedbf0a7b341606d8efc81c2e09b2103e937baa5072facbcff904d3 c70524508f28d0f286e4329169bac1072c12517e083f4751e48dfc237af38b23 360b8e50ad251791a47e249d47159c84cb2977c4347904993188eac242d18b3f f1b368d0cf14862f7be919025940c00abdf3ef5ef653fce8cb6fea1f2a8d7eec d808e7a49d74330f86ae08a018315b9d73eed07a0ea21d9b83637584276cdf8c 04b094c8ba21340b60293335be1a4c112bed3e53959bc47e2264182228d6cdc1 a1e38df197f97c183df8dbc81853983edbafe061d153940201719d7c9fc1ebff 4aca064fb3258d5025f0124ec20f97ac6650a5915e8d480a7a6650cd502d7876 b96c8c2b0d34cc6ae29a4b78d1982fee62b73274c9a123778bf7cf504cfa00e4 9a85136885017409a57cfa6daeae2ba2be395839414d5a7da31557c98b8bf883 70265644a1da66acf98270771c39fc3224d52f9221dbdcf5de7c1dbf5f1d2506 a5260a0dba08b7139f140e756945a2a71e69924a3cd51e260cff696ba6de47de 9d6cdd66390ee7d78a0a72366d74b7f219695da356626ed10503a68ee834ae63 0253a2e24cf3b989ea521270a8c06345cff5c0fa1f7d98b115d5c1ea5d08c167 13da02b405bcd99ad0284a8deb3a9c9ae1d5fa5c307f9948ff79f5788a99911f 193ad7026d2db251b6c3c36d8815603b9e07bef817520bb3af13684f1cde88ff 8722c95ea3f99058adef4445065b4078cca678d5a944cf75ff588a258822f22b df64bc907c5a1d2b715eacfef340ac42de204070db9fd7784d0d24a2dc4c12b2 4840b0eb6b80bdbf822e7a1f2e9a1cf636bd0ba11d009c0b5b971b56bbe73d57 bfb3688acbe1d4724cc65876772a328ae3a6f0d0b2d368258579d69cdcb0b0db 3c12c6d34f97e750efff7e597bb488875fc80b955741a770c849fcb0748976f5 41d34499659ecdbaa153ce82fa947b5dadc429ed00caa816113659b587c37ef5 3bec16cd6e7f9ce9f23df392f20483f7aa35d14d3ce92eb557454089e1b4555a 4100dd25f8454cf0971ac364d5ec828c18d912ae4c79156d052976983f1ab948 2e64472e77052237594d31c80aedcdc5d217a2618c5245e3abe405b08ce939da 86c9004116c085babb5c7669180a3b194cfb4b6c961379adac499107d09f881f 904737bfd9822a69e1d4e06014144a94063ccc7340d8242848f61771dec84855 209bb85abf283ae89fb9e46110517a90fa84bedc5c9c68d33b2f819bea50082e 76f0bdeed6de82ccd3b0888095c01164f1440fb718cb335f422c9dc06f4d711b 29d38062aae66251dc508328a54cac90b8164c66fa0cee0d2f339b5eac09142a 21f1ed6c68c55ba44998145788a7d77ca398b0db46963a8f055b47641ae54bc2 9d801c03e4f23132479d187d3bb7c03b95279022b87556be3fea1c6d3727d453 c1cac31f1f46289276d8cb299ffb1f6708bb2d306166bb112e4d99b4c5d7c7ba 91dd7b036aca3590b28f8827a5ede2f3284dd93801e95ae3650da8080e82a568 2d061fc08958504e9ae23b3b91408704014df382757b35122edd1a7bc578b1b4 fada789719987520694f54587a9b8f38d7e7efc7698e714c7233253076e6e00f 72c15f48e6732fbedefb706c291f9ba8aae95f716d06797b26e24a5e78bbd3e3 e50ae87c9a9e296f567f351001ea54eef9c05f0f702c30b5b00fe34c7b269a0b 76c67c7e3c29e9bd245c13cd00f1b9445b558288b7b43626b210b06088386cf3 fe556a9bf4eccb01de1d54a3a19fdf334a0fad4a0e109049ceee15054ef261af 9317e2819cccafd387a271bee60b1b1e2861d3c32d54a9afd3943912d589311c ed7e6050c573cbc6f2526c959e791f1e584b3f22d382f6436f947c55d9cc1b3c 8948a2fe40ee65fa9fbc1117310e87f5887eb299027d139ec2aaf88fdefc2d86 52bc5a44d3e02ec581ac09f833bd040923d50424fb3d870858844f9aeaeb2383 049a2f0b865e80250dd986cab0326ef601c2703e2d1f44478f42f5c85fe4aa30 14e6e00da960cadfd011ab438d3349416ecb1856d5629ae7c0a2c24c8535b630 57e5865f38c88d6f6952e1f7842e347bfa82ca05aa2ff9277a8a3d2da6b287fa b2ab68b32026047c5bf97925f5237f7db6907434102180a7080a0a7598830bc0 537e1f7215b248df42b5142630a15e086b2e06072ca3e67df3504c69064290b2 98667611a4ecb87ceec4874145914dd65895f5e64d3e72a5995c1f621d8ff64f 069c7c0195cdd93fdefa20250f60a25570737ada29e29b6c423c2f5a5d8511fc 333a46e3e5fab5b0eb7074d39c812a53721dd82df3cf168e477c20e4d86af866 dc1639716aaaba04556cd9e1d7d7c137820216fd75629107ca96f17237cd1f0f 6d1a643c8ecade79f2da168bf1cfd4fc4404b8d29c3405d445bad9fe21912e1c 8e1deb8504495c28486cd8015d3947f54a636229176ed311194ee8eda3226401 fde3ed3d0c767856a8059d927764dc1304a7c57e6f65df88d7bcd680a24f3281 1bc7a9c4ccfeb730b2d95d88d56bcc8c66114c522b5f59ba6ac21fa7a0282637 e6b2a8524cb3a8d70b4abaef83da8f46066398ba3229d657e08c2e6212c65050 bce57f45ea60a58f8cb546856a672310fd261492dc7e63801dc0440ca6182b72 cc4ed0359f58ad8f3cec4789a369dffd13d60b76253b45fe12f4f92ba2a66948 532cdcce7370eacb5ad9b19b4da4394b41bec02de1f2d2afc8a797f0a349eea3 3c5025e4d076f43731fb8a8dd65b4779dbb0321256027ee289fb63fbb474d029 fc97e476ba167e999d7f3548cb18a15fbb668d202e0dd33b56ba1d51c0e9f939 db5aadf826b7283f4fc84f20664d2756a5d8b3ae0f57d4d041ba81e50a0bfd7e a117352a11cc759b60d37055a70dbc263978242e246b07e7cf7cd9c9beaf6e41 a3667a46a7d7ea7b4ceb35f0adc5d5868201092ac981aabc3f8c96ba8a359281 36f76ef9e99abc234f676b6c5ec4d14d261d8c33926807726247ae32be5ba74a 57fee3ec2405bb761366d6d921f7870598afb7a5c25c04a8ebff94b50181f802 8376e59a1d217cdcf1131a8fcabf8accbf28e0c30f5547cc2c5c14014b6c59e4 052b2856b0b3ab8a911ae3384ee2496867a8a8ddada13f276337d0e418dca9e4 57bf319c03b735fe0370844af9ca4e436e5d0795e64a01b644af369abc48551a 0878440d8b963ea2bf3226358fd8c552054f717e4bfce5924a5d33ce8e4492a0 f974a9026d21a4694356c38d39214aefef787c7856bafeeb4c4277f1be0d1ee1 4f6bac928190b0ebfb46efc9969010191fbdd8feeaad3443ff25f5be4cde58b0 757179963e485ef0556698b62a543ec83d710d469c19259eee5a9ed7c6630bda 66b47e15150e38dce06b4ecae83f10cdc8b5dc2451a9c9f9bba25417eef14f3e cdae8fd332dea86837c5fe42c3b48878f4e60a8b2772c77cfd24e99bf8ce29e6 d535fb5c6bdd50b7c5c96eb2e6fc05c1386f8550f4f5aa05dfca5bb5b2e1a0aa 16f9760da84fbf58a6b965dff018d9b0e703a7f2829e0455c9d6383d8b6dc529 0ea380d5abf3a0912d734c08404a1961cd021ad6d0f12e49a65dd26400dc646f 58913d3c41f6d6b1cd6362e6ca545a4118e0781353b6dae77b11e2c99e757d06 32c93a0dbe72420c04a1bfc9a99bca001c68dc463bd93ed4195ea555cc725d64 092779d9611fa532f3164a6772cfa09ac761340529aa85f8bddd3a042df6ea91 c69ad7874fd3fc705b0f86da857e5e37842e26c27d518b9197af49fa00e1cf18 64e244f58ab01773ad361ed70d0cc9ef85c4658f3293ead56030d1b0d9ce271f 9950cc48b6cf7e7a4c48af77532cfb997c07cf8865e6ec4f2263c6da5374737e d61b5c1e3977172e8768001a8881a910faf3d63780002c2ba8b493e51b8442a7 ccd8b1be55625a896da89df9462ec7517ca882e535b81ff5aa74cc3b321c36aa cce9d9d0665b0857e1aa082490bfa2efa8fed01484c10cfcaa73d32692d2df87 dba1aa3e32d7272618a02115bae84187fcee4d9bab2c2fa6dbfec03c67a9f173 a43b96e8139980ff74eae3e13850932dfc2d738547a5c88f65678fd11bef5a0e e38cccd7d725b326f7580f8504b4a7e5595d9c238bfacd1ae94df3d0f3ab821f c304e03e5cb247a99d2208a20de16382dfc68e592aed3918d7721820077f1b75 832e2522e97606375f748484080c848507bf1549e1a9ca7292af20439b42578a 3eb006d0cf3e98d2d101023df4a35de707fc0a94ddd7db06ce2c505fdb63aab6 c11f03bf9fb5f5cba6fdb66c3071440cd2ac404dc266145f26b9bfc6d1a2eeb9 fd6db040b25043ddbfa3017e35db5d3230bc718ff4b2388a315d25b642be5e78 25dd325fcdc6014f5fdccd1aa074adeed1f883f5b955cc32eafd63c08e85ef20 f9f2c0d6903dd73a02c3b30b9ab1362a68a631701b41792d70368b5f9ed07ab2 d6acb788eb8b6699e45d5a57ffdcba6d13ca8fcbc21cc7e901618aee646f2f47 44bad6365bf86654b3e0be5a984026d79b8d80d26339c89765dec7330300c5b4 df8f0e80790eaa965ee18f873c8c8d8206c33c637dc7b786fc31fa793fb6b2fe 5f5b113cb52ebd8d313d01666248e99f0f9afbc26613dfe0f252439dabb192bb 2a51e6fe73dc35932c3d90a0e0b3d35ce929c86370db4fb1eecb9694742b10f3 f83eb64797fa9889f54f8d0c5f43e1e940cb4f2f36da925ed01cb5f36611db5f 465317ebdb3dd986db510c98c629a0d9d8615549c0b4bbdf8b984b67de5ab2ba 2cbd7e9773f93b70cfa3f52a59371ad3474c6524aefd7e50133843c6da61e070 88f0a9ba9d34410ed779d88a8eda0cd8cfb51305ab47dc27fc8adfa227dd23dd 578869ec3f92568b4355750400f25ddf989ad3c6ceb222c9fc87590e2118f050 2d9c3bd4fa1cc29bdfa2a44001e3419872559e9bba60e1eb1d42661ca02a0782 1c9715e231d16659037bf469e51889e0e27629c627136e79bbc506b5a893f762 e2896026483ca27475c3b314af08f7728ea1458023e215a2af74a02b29c883c9 0ba88131e43813c74fe7e208383fa4406ce988a1e234d137d5a96677a8f18ae3 03c391086606d5288c88803b1b2edf9e1d58bbc93dc6330278c3443b20ef45fa d78cf0383f5d3814c738af4cfc2d2c32273eeb7af2d8cc6023dedc421a944bf7 ab3cfe33c1551601e66e435bdf88cb030787e3bad5a072d9f7cf023104f9769b 5cc1bdf7070af5d1ae2b7404d623952a9d42a7e9f350716c94d8fceeb20ade71 5f14feab9eb09717c056165ce7c1befe2294a8a5a7da2ba384745957bcc2753e 4ad8922b52bb2a7797981120aaa092fa36ae0b53a2f470bdf2f388279c9a2e85 50a818ddbd7544003fbe0142dde74f4932a6e9491eeb817de545a12718c461cc ae0b860101361901e02a8d34cb4cebaa8fba463751660a1752edf7ea378bea4b 0f7ed74d05af9214a36e560b578c2397d911f9a2a90603f440c8a036a6348ccf 3de9cc79da389259cf6ce85eef0aabfe1097cce788d9d5f320915c755fc6bf34 4adf85a5ececac6320d80024d2f094875d5e970d196546f92837978bfb6cf89c 5b2acb7e40303eb32cdec8dc12aabff07b6acbb23c415e88d76c0294ca1de64c 6c2be949bb765b0aa9eeaa9b466f6f159135567e16cd70300576023789b53e4f 6f0cd603c34a0cbda9e632a9bbef95d9dbac6d5105db037359ea6658bc9ec4b3 d4847e9ce576650a8d1ce5a5298eab096a5ef99a687a756cc3d5290a13fe0855 7e0afe27d326485521cf2d5338eb526a4278d54a520aeb3f04b949442e078766 68936526c9a26b8851443961337f2c7c2d49d60934485a64c3c32f69b8b1a93d 9b896dd634e35aef39d110019186ca1e1d33831057ec1a3565685566b92745a9 05000a716f923781eaaf65f5170de522bcbae1ea0dac8fcd93d7e26139c995c4 d67dee6cce6a110804558e49aa8600b872411b01554470bffe128dc152acea48 b7a4e4f84e927db66edb9983ecb66f4a8659f915caef3bd65706a28ec8a8d4e8 38deeba7c159aca2353cf491cce3701c23f0dd63ff4b9123e0e5f9d34d888613 b915218ccebaa22bec4a6dfd101486be42abd8c459e69fa5a0893c7fb524e204 d809acb490d8ae07ff556a5a56bcfef611de8184e19a0a7ae30ce9d394428cf5 5600ec4a2186d1963d6f80bebd6f105385b4210b63371e43183410763415ec27 63339ba75273e0c3403c0f833a2fb579d4d0ea6650623550b480892fc0307100 905f0fdf767b0d9b45e780f92581fc47e087892a7ce67ef783afef705db94406 cef4097accb7b06897fec6688d3b36c94d1d2bc5264206535456dfb5cf4480ce 07879a428d7f3e517b14fd7e3a9b527640530288903e5726dd2ddbfe4ffe08be 4813cf2891149d2f489e01211b12c61f92e8a4295da63955d81a199040f51413 eb68350456acfc7c4c469034d764b2fcee57808e430d750e0621d694d8877a5c 8c8f2967213d5333a21822eaa2e32d6c6cc7d74f8503a6aac8f43ffcee7898b7 a6ad83f65d11d9cec53a70214fe80a8cc472198993a38668445d45f40c587bdc ecbf7556427e8ff303ae0b5483c1612d654c6107747f5a82121e1e5edd4f8062 6fac0642a47042101a30636e768db28b1b9be11485338579b4d404a1ac0304d5 c62f930ee2219f72df53e1ca950e897f964ec406b433eab078b92f994ad1e055 0b0e5df79f00c12a5deff0d46790b19f5d860077f86c8bf069175acd73fbadb4 3f5afb0caeadffceefb0c54386815655215c961e471d611efaf747b0c9c60711 66445d712a4b22c1d499d03d812106ef8c7b3c3ef83203b74a6ac91cf09656af 1a6f7e652240c1cb2047ce0deaeaed443aaedb712d212c4594faaa8dafba5ac7 9d3fa03751fb47a1bad4acf9ef49d5f682e1bcf8a1838ad196373bc5b1171de7 c2be9a6761bcb813e1ed5585eb0007c74017205e7d07b73522b956bbe3e39946 bedfa9414e5ade6d9df431fa9595656057d3174b6c512e79d98c549485865d18 5def152432056b4c081830eae43ac2fabe8759d95658fe5385e2542d4757fc83 a2b708d8b3ccfe3f36a5f1f9f8b54d11550d37ebb60796bcb0ed6fd617673e71 86a1134fd1d20fc8274855e2afdab9a99b20dffada1faa08564296d9e53ebcc8 467b8cf0926519b189b0842e865e710c78cc9d3b8b46373777053aaf07655863 a094b52de175fddcf240a8622332f65f35e39998231a754b9d0f0f574fb39feb b56ba9e1a53d0c0d600314d0f6a2b289645db91a108970437705c4887f070193 a427a57cc4780453b5a9755755e461f3a4af05f3332dbc78f0c582167ae0dadc be816fbe104bf46fdb29d24022dcbad6ea39762964ddb2cb887835dd6fe215eb ab4dd63dd7e94f33d95f64599cf051fe296109d0a682ae5666c895e9153f91e7 d9011d4115b528c4c6ac76cb45cb7ee545394d7903e9fe3ccd15ba1579f2636e 1e31f5e24912c18c7c915d7fe4a41598d3614c5f7243f0d1d4446eeeef1c9194 2ec3af2d4d2ac41c49cd1e008bc1239b22a50cc6fedd184c5f14bc11ad56dc21 8cf4c5a92d9ca8b7de9909fd90f59527e7cb6a1049fc25e61eb388f342a0db66 6e47fbd0822e721b7698d42e0cf51a477946914da0e4cf59a16b92087854e324 92917f9c54e449c2560f8acb004c65b07d90eb29222c6328495206576ee889b6 97be27cae9ae98a6979331aa3de3853531a73b587b8b6dbc9af4fa9f7c335fd3 9d1813ff26ee6686d080d73edbce06590924bed6b2dfcda9c2dc19ceabc5aa62 b9b96dd0b79634a1767287abe3c5e77ff3664a8e63a0d4bc41d9a4abf3fe17cc e0a5749dae973945ad9b56b466baed6ae74b493beff5f23eb51213f2abf033e5 23e85737590f9a2cecbd91d7317837c99b3750b9f4ae838908b218cc2ffb7536 dfdedba685df74c74a9f91fc5a4f3956bb64d57367bd9d94770942ae5fd438f2 10507ed8e3732cdda707b25f841fa4863cfb4c03b60423cf82e8ce5ab34229f6 a3b87d12d564f58a5bf40ecfc43d59cc08ffe5ce01ddba4d6150405365fab7c5 d4c346aa79e446bbe686e1224d99246a57361897e3696b836a8dd1b3a537bad0 f62f6a79adcca6bb259eeab138593f26a99db4c9e9af051680b0e6b53fe76135 a70a6a188b97f409eb1b201e0a9d95ebe8bd36a7bb2eb8e1831ee2039b0594da b169c3fc01b8f3bf94a4da7dee6654986e14d5f67b2949a8be1f8e2629699fa0 f0ff187ec6fe73de80fce1b16c2cb6a995a73b19abfe3915229d8df7c8fc58f5 fa8a3035f2e9c36b8ae024cfba42dff3f4005c7793006b7aaefb5d2b9eaa2244 f99874c4a63934b230af57147a80d425bd24122fa5f7158415d69c4418c4eb00 531f24455879b0ebd09d833c8070f38a132a5f6487f6b2b2649cfbd0ae957e2b 4b567995e2d24b718d556e71bc832fe94e9986b9af155c2e4ba19cebfb8592b2 d843f883332d856fbc2b1ff8409e732cd1b59223072cbe299ad99e9bf23de7d8 b224da2c39363345615e287a012df946c73242cd41582c0d95490959d79d7173 b4619b22ec9759f01fbecc6b0989849608fa9bc835c8f4d27cf94680e83df500 6db289eb108289b04c4187120712e9b6b119b9df60d27cec7fe8549c414b4c04 60c94493a21ad851bfb71c4d4e84e92b340060ee1cd5daa2b5762fd2ae4da59e e3a7b4a9b2dadd0fd89d5337551120915496389a13e4d7f0c903d6b71502c06c b78b57a212632e4a12c04c15af152cda18b2ddfca1c6af3d3eb22915eadc336d 12f4169fdccd973da4dce893297f4a0b78fa116e1da5d8b3287fc942e81b22e1 0c6eee07207cf4900e99f9057a428640f55d651b210a1544c447059d1b1886e2 1ba74a0672ae1897258c13ef5d58e25493b93dccb3be0c544e7f966d96d51c16 ace06952581e391c62029ffa4d216639f3a4f11cd49adcfd18c54f6667b584be 56788776ae833ec99dafca80d631c4c1994b91ae520e9bc46d9635bff619156c 6c183029e327cfcfafc49784d5ef7f447e2ca0a1e6921c2de9d6bbdf4fbe15a5 a6e19819c8a60296640ddb04bc7a32385d09af65c4064fdfdb54c8b16798d84c 3107a3f3f35e24809fefef4b8cbfd54c47dbaa06f1e0333437d8ba91efbffe57 ba3918ae16ed1a1e31aea7c461dd827538ebdf1f9a33dfd2f141364e9a79f408 b1cb6884315ee790aeb7ee67b5989659289281754447472965287039fff2e79d 5873545c397c1e186354625fe08a6a96fab8ee83db1cd25c41170b61e92ab224 e9f19720b68055eb561bcc9c9ecc96dfdc6a7ecf3f41aeec61a014d29e1e0125 3401e521d5836dfa33e4bbc8bc24c6651d5ab9bd8a8e268f0db99cedb4f4d9d4 1cbb590bbff2e0ab4d243cafd06218e139e8698c085a7192e0e0f74be2b721cc 8309ee7a631b8a893209b5e5d6993aed1fa7eb9f6580297f9024f22dcf36768c 096bcfd589237267e58144a12d4a19a5a47c8a672006cd1d6dc08c2afdea6668 f902eca895923fb2897a172cc1596a0e75dcc8445cd51ec9ee33eefc56d9baf3 b4af19daa6f3cb694a608d8fa46653078a6e2edb1ba95412524a6e5ef4fdb089 c3f1d25a53096e378a2c48606106c0bbbffeb32e507f3eca53874b18cf184e8b 65af6b74734943787fc995b9ec87442c4a0d89c33fb29607592968ac887c9359 1636ea8e6b5ead0555f038e8cec63a71ca0edb1324e3867c4d93fc07a3dcedcc 8f256d3c9109b8a0042486849c79626fdd705eb2ad872bead401b5d51bc94b23 ebfecefc41e52a7338ff3cb35db39b71baf89c52b18f4cd347efd9c26563c730 fb69200bfc15e99ab23cb4407a2e05155db30410bb1e610afdb4d0e5e9a463ef 3d2ee52379aa1f3d8004d91eb87d88fae2b7d63876bb59af4653f0be8ec1efea 3472c4f3947e9498ec68b77e099f9477f06ff4493b61829e49e2455ea10cc262 ac7049b3dc2a3ff416af5550ff5ab3fc18aee8b68956c9816bd167e0b4ef3072 e56db383760e7b8c93981f34b3bf8f1b3b8aeab85ff21074a1ec670d489a3192 e6029f433834ae1fe8bad6c474fcec5c569fb043a60deaca10401112c75c3f10 606e6593539b966a14fbe2576493c2c875f368f5083265da7e454012d4f851b8 9c59a335279f54c4fe97446775750061356541fa0c4ec1a638e00bfcea6e7c97 c7466859b2ad5e78a9e73b2b70046c4af71d781799016e3c5d3f896420398e36 8499ab60a7aa2ede0487359416dd13d9c033d869a000d44c548a6ca2622f2e6b e7535b9a2a4fed7d0b089abdbf110aa806c01312d794895e3f6abd2ec43bb48e 6d886618323cb59a024018a0b3dd2d81368f0b6f2c03be8572bdf95bfec4b338 642073244c42fbd960f469db38cb39b688c82f3d0b87a5196302d6f6d63be138 ded2ad1d270280e87e03b8d63ec0a76d6dc8766b364aa3ccafc0de8ddf7ba699 4dab358fa7df15f91685c0f7715424b9831f810b4cbea887bca66c626f9ca91b 7af1a512b4be3643c68b205894700ae86bc3e676ac75511360cbd3efcb08f510 b13b6d9eb793c43514dc492d492f982d0c378ea9a44c845f4d74c8eb31648a54 a75ecd277a7adf4ffde661f46bd584863f99ea9a3d465e2f9fa1de6a99797b92 e8e84b0b29619a39d734ac2e44a0e69601a6b321201206321e8cde3688e7e6ba ed523adfe3ecb4ccab07ff254c824b75620a00153a2f24566b6df1c408d86f37 2e001c1528112068341c1bf9c918236aafdcd91ae0ec24a86d77526e84139d5e a79105d48169bb6ecc9e3280a6cdaa174b5e55804df64b11516ac715a6b11a71 eb4ab0af9f55b8b927a1f34be6537f3a4f402a67087c103aaa791d30728342d2 ee615e4797f4736d6061e5690984d548c23af7ceee753191c405381beccc09c8 395a9b909e9ecc878d84f1a3cfed1431d13c7af66ff95e4a54e2ed6a6696b959 d11f62c15c6e6671972bc4a858f2622384bedd1d741afe83072e294c49dc0b3b b77791a9f250f491e883e2ee09f2e8c165fad1403e8ea3598c4e4270fdc2101c dc2f63a3bba3c0bbcc27789f1f4482066dcf95570c9a0030d18da473bcb8dfdd 58600cf749cea90dc51f0537dda4e02123de3a89c4ac6c10b5de03c89f969207 fdda8fbae8a4669f617a21ff37ee89dc60c8d5009fc7fcb99be25e3f5593972a 20d65cd4122cb98fb033108ad860e1c14d9a2eb64a18e2d4dedee179a9095862 0678d9346ef21e9a09cc9a4ba4b5afc13daf4e96de126e9218b5f159a130977b 46977b71da35fe172a4bfaf8a990373b7a13a55c3a4db1aafcaa7a6f0c3481ae b5f440fb97c5a23702b415ed9685c54ed949666bc1c1d8d67ed15b79129da4c6 7a2df76749c282b64a79979ce8df4a6712b6fd4b2f46ad35c0f89db4adf5198f 50b6a6fd555d94e8e6ae9c8d6fe0a4cf2bb84630ac3e08781e8f5b7aa50598b4 7e71e5a02e539f66657e4dd9ade3a8c0540986b1f23b2c4ef7aacc89028511a7 8cc6c34bc1c972879c4a500ad615f65beccdb32949f61401d42b0dbaafa7cc32 263200e0470cfa05bc0dd2de53aa17786465806421a002a90e7289ca82909b8d 11710b30d2d0155a5dd7890de5502a438b21e50df76058ee3d39e3c305fbce42 2afb935e44d0dfba8e6ad40aab438476ab0e858da922057ce45431a745f97d6a e41977640c36d512c06549bfc4065b8b2f9fdc270d03b1384cb67153b4dcbab3 2102352e523a03ee06dd1c628f3c7cf178508e73dfa4384585ad7dc33fb1b9d7 be532ecf46a935a6e95b30eb42596d62b42cf688f8fbfbcb32f8994101cad07f c51b9bc41641623af483b4df0ba7b3d0e0121169e218e3546f0d070e97bb2bdf 01bef4096bf458885d374cae046288f96ce1c743b7587b01bfb22d01e9945269 7533920e5a79ebddb7936fa5e072620d70404fd5cc40ad5644e28510579f4890 5c6ffecebb90b6da3a9dafb42cbed218389222be2fff9d5d6a48696c0fc819b4 33b81c506c186c9cec27309087d7f5e57c50069fa702ece139e3633d8da40664 3e9cf68dfa9a15931154492100d3b72ddab49a55c1eb277cf5c1268c35ca0490 99f8c1a4285b0ea56c2c0edac82850737f6137657eb1402fb0053096ef9036aa 4c4ecae81c9cbea14e3832a682218c90c78fe5737601c2a4d446c63690115955 d1a1f03e281951ceffdb883ce2a09ccbd6c103d1169572da85e456a96a7a21a5 fb3b49be41fc84f56a3b2fe17455a4ea25a375c1887094e26643704865e5b8e1 51b37ffc561ba732236c37da7c99e1eaca264f0af508b5ea05f6be84933c4e08 6d5f9d6fd5802fe35bedcf678b75b92d3adefc7e7d1a9d3d0a454cf25bfec9e7 aa627259f08b193fd9d4a03fea6ca054e2a4d29928b0ebfb90918f86faeafcf6 bd400640063b613e12b257aee57bc88154754b52f44d3af84926d97d25c1e7f4 5b1f35a091f914a5dcb4c63a6d9092b79aa1157dbfc90c4a0c2f81669eb8e9bb bec752841a2f05925d6c5f756dcb72cd0e496020513c0f966d683da6222e93b5 45130447ec540adb385a5cf8769c016aabbebb7d713f0c33519e38e6739102d7 0dfb25e6af1803599c114cab81ece03b6ca605bde6adb8291395bf06a58b5618 5cdf8a0edacea1cb7b663992ebb029f33e3e98a6531327bfd4b6f95aa6809f48 4ca84e6189a3db608fd836c3006397d37f18ef2cdbb92e9d788656666bd07982 877fb8d96ffb0c575d2763afdce345b8f7c965f402a7239a3feeafd28cd788d2 874921d9877a7dc459c6f70d15c90e8a19cc53f693c6cb9f4a444ba5ab1d747a 672ded3c1b0a249b9aea30097260e3e2b012c0b791b071f14b6e7b74a16bc503 129ba11e7add26b0d7933b55fd27cf638ec8ff577546a48626c09a73eefcbdb0 42f1875ebabf347e2b706f7e1362c9d66b5227285c50cbc49b85f2eb4fe1efa5 8b6bd1337dea5e60e5bc82f1fa660e24fb66eab7553c050e57266d09c707622d 3d016cfa04d42f3c5106ac2ed55e96caa18079c9fcffa33d466c10d8f1249f5a 2a33b0797b806a3e90c7a95c9a1bc9d5c265c81ac918f47ba8ca87a485475710 6155ee84a1aaa76921b2ad367be8870ed65c1254abedb7915a301c718cdff5de c6d42103550be75479d35e47698dd9f165fbe6ab7c0857ca34ea6abfa5450e82 d0431c318073d20e6c2c4d272907872a8f960715b46aa1ba712c57a460c69de4 3ccf1058034a7b8b1203e7bd706df71e519de4ff27bfabd2cfff6e9e33c03e47 ac14734d544af9e66a606de689fd0e8266d565edd3063fefe5077bfd8eaabbc1 f27984ad07150f6c19d8e3270a3a48c5274953edaae382d46f9cae3d1de25e56 d0ade79e4757b88df4f7d218eba0672368648c1b2dd4d06df87048e19994d506 255b4a952187d59f2251ae222d3640f8d0ef4b9351d6d1b175ba9ffa945f2174 4b7019ec1639be61f654f528d127ab375a8f06d2c87a68fbe6599c8e3f1851b1 8b776a8709e0005c9478b7374185d7a1944771ed14b6417c70e80dca498cfef8 087b6dfb6303829a991a440d896bc135a9ba26d52c4d2b214af3fb04a17b1eac 43553828c735c9e16dccd48e47e87736d6473a5df2461f7b150f59769d710d21 5cddba783963f9f83f73465281aec14da07a2bc1e6be5c5d9c89320f3bbc681f 7aadaa1a742279e569100b1e4f2de9cd05b73d471e48c6772f3189a5568bee7b 15007559d114fa0c2b78b67fdf6bf35934b1018336ec38f40e9a964b3ac32922 c68d38d661778a7d5ad354686963f8a23386615a724834fd2ebeee4e4e47844b 71e69c06211f535d8e6276907b70a13a59d2705700437c2ecde191b805feb5ae a52cc18f7c07ef78d23d5f45f08000e92e22491ef1bc38b037da91daf289552e e28fc075263bd792c9bfef70f8aa929dae2389a1945ea3a1460e99404c3d35ab bf49f290f842e5942a2bfc11cbb8f910c3cfa711d1f410ad65d16f8e6593d0aa c3209a8dd6b4fa318e77c993412990d7d4183de503c2ae1929b6d35d13e56906 959e22a4ed485974f9728c11c6c08cdf08b8269b91a1e541e9054aecb119dbf8 4ca1950ba1916ad773d12c773451b9e3cd2509a602087096f8d9a5e6ecb3c510 efb29265f4ecaa0a9f016cee4deba08e7dadae716c07b63eb60dd3a84d562504 49844c0bd6806b1ceb69978340ebd4241170bd612fa00f55d732e7fc0bd52176 b71b2637e4d627f71755420b4d1ed46bff0209dd6bb8e2b630c036c0f203d6e7 b821a4df5396bebe9b17bdf8621d8f89ed82b888a863b48f091c0192829540e8 b80929ee6f3d273097d32fa9a82cb176b05583aecfe6fe0392e23716be73e619 874493b3ec16cfd11b6418af3f9c5ae6ec028b9887ca55838eb797fc539f7898 11a017cb8ad9c0d419259dd240893c615b3fc6359df9c93502fd37a50a863125 31c2914475ff1b9e93b53c72df410a5694a7a97da99ac46580940ae166bad5ef 85fee0e1f40472c701190e55ad63014f80bfebf9d7aee01ff0d59825aec592ae a34acaa5d6991281b641016eb23df78eeb7fd1d5274ab523909735baf1d07bd2 e9843bb6f96d99ddb1f1194183d3705c9c1b8a3006af72cdcabda4695444c8a6 58e42b328fd275c05ed91e3e9f76c448529b22c7084488fbfa2c99297b98648c 160e8961e5d6a45dd50f93f8ef6c384c3a962b97ef1ee264bad4b724f48e3b85 ebe9d4cc6dc20b5c3dd1b415cea0df26ee29763286242f16ffcc21b75adeac94 d7ab27e608896f7b7aa583fee4d030496f9483949ec5ce00c9f4ff4f3b7ff36a 5d52b3d076d4ec0572c37164b9599ef58d993a80811579f9ccb28d0e1f2eebe6 2d4661cff3ab1240606f4184fa6389e30bf097786e25d82b9202630863a84727 626a0549787ca487092ccd5a8269bc9fcaa3288a6e2cba60353a7671bc11d360 5d7d14c471c088755363ad5350ee1dc9b645577dc727ce60a470175841bdbae6 dd6bcd42be09bd017a28d3d97334798677a021afac3e9c4016879a54ee7abf9d 146d75daab8ac3785f60c6e43fbbacca6ed049aefb9d59e1a9033610fa767d7a f3098446bbd87a583ae22000e9d2df3acdd1fa4acdb18f02971c88bec22babc8 47ec60d9d972b1076ec3ced5dcbe92ee73f72c1dc0bad3d9183e567898b37769 6c33adc5f2cf06f3c92d18478afd371113e8eb0c08c43f812696574f2eb0bb99 786d2781fe9105bd755ab53645b988f76a59bb6fee90d3e12186bf4b76e7ead1 d3af3958f949134fdb1c2de4da37ef7747a245a45f2674e73060cc22e842b3f0 c732311f0e937e4baf44d3e2a1f4ab8a69cba866a9a2c95f5426e999f0987449 fe49175f0ad1bd087c536ba4fb8f4c30c1d2cbc49aefa83a7da301819a390342 74e29791a5773610f745f0b3dc75a4db125a97b69f1ba388ad9028739bea2b9e dcf59136fd97f4365f94d69706fc70797300f1c9cb0676731f1326bfacf462c0 9a61bb9271f79396c33dd574e5972321e59801f864ee78813fce0095cf575087 ed896fa024b96fe1c8b85a36cdc2bac0be1e22e2a59dac2f2062f3b800e0c91c e7dab1462e83b1e57b61f570e13930b21e934c5dffc91264a89fedb88ba85cef f1b1fd9fee37598612bec6f1c446a1570192ba5312e3127f499d66bb252681ff 2c8654c5d3789146ac25486efc29031a5c15732e3edfea5b7d68f00425af9bae 9d6055306650c337c49920e492dce9a13f824fe382ca4c17b4f1411a95c03a7b 771afe1c180ea985fdd3d4d2113c0b5934b08f5c0b65f76899dc6f0741e4a29b 944989880861820010b6cc955bdf31b8cd3faf2afa2f8df106ce5d57eda97ec6 b8f1f3a40bc97965db9758e4e75910dcd9af20a36133a1e8c27ec584645a70e6 a71c0f50a6a391767463d18d70d295b8f6902a08291c5f5f613c5bc1b585a6c5 e3a8cdb88a9b6a7aa9b96c987197adcde861d60b0639417149f63fe616cd03ec 97aec1f8e4ad41f977df92dcf56d19766e86c48bff1142e04e26cdc0298360d2 aaf35ddf59cb18df76a09eb8c5cd99000d4505fca0d7d76ac243051597ae6029 22e2a9a98f6188b801eda5f398b490cc524e6b512524c79a2e2e852367eadfb6 39a1676eed45a3d29be0188ea932c40388c9715f7fa6c97e2a9a88421ce63a44 95d4aacdf6f83315514afc095c5e0b3f46860c0fcc8c05cc147781f9fd044491 7d563ff30e4cfe98c363ca33b3631b307087d3e8051c38e407760833095b7708 88ec7513b8e9bed20618dc3d3697dfc51728ac22cac2e2a4918c4c160f3e9158 2cf4a1f61e3f5d0b2cce35bdd6ad7a7190e93be9123349c9aa8570b7e149ad7c f7eab04e83ff3b431e75a7d39464bf3b07dcd76828590efa8e9b1685643427f2 23921a0b4af7005fb8f2f5cee1be614d845bd03fbddabac9ed459e42683f366e 0a438ed142203f9c6de0e38bab901e49e1d5cb8ed34c983fc5c5b4056a0a6f8d bc0c302ee157c4b1953af40328ddd431275d253a4305164a0526de24216fd879 7ae2e9b1756bbb5e8506ddecc305941676c2ee06b8096535ff76d2e63591d711 4923592e909894d1cec6be87fc7a8964d466aab9e8e6fe2d98b1d0b855418b40 5d43b558a8b888857aea66e75bf4aadeb64903416f26f54b0e60106efaaf9897 e47c7dba281d8c1bbc5f0974b3129f5fccc7c42f11e3117c32965a7b70d39a21 dbe1375e5202f785531cbdee8d53ab545de8260df0ca5f4e114fc5f6171e961d 13950c8cf7066844048d0913a7d480cfd6198b49fc9722e6c5ed73ac2737608b 9c7936fa22543d53f9f930b39aa1afa995389a0cca23fcf2aaefc4235b952fb0 24a8c99f44e9bf92222f7c4ed2465d8c829d0cd139c343888bf14b897806d389 aba2542b221b9a2923b0358ed01d80395718c9381ef0c9ff9035761a70393b38 afbe0e27263ca35f00a468bdc42b218c286ae0d365a9d6554d87bb3acdf893d1 a02c8f46fffdb59aef048daf29beca98895e5129f085dddb722464d31ddabb41 6d8e798c9643868e691114fef00b415e9247a49719a667c8133a0da926082cb3 285fa8cce47a0db72f8065bce217aa501c33f409dc0db3ec9cb5d9e76a67752f ec94fe0afdb4a2e9ff8bf98695a6f6572bd313c9313f654f956ac60dbf46849b d5209fb36baf1d51347f50f9719004eebe0dcf7e284ccdab94bdeb8fc45f4dd5 54e871e305acc5b2d935acbf4237033cf7b1d78636badd2a2c606948ce5de05c f0a20bc03d70955814e87a4e03af1271c81ee4c25a5c4de631851b2cafbc480f 5bcbc46723262a8da184fdfc8ea871f287af1cafc1dffa86a0b972df46069e94 528398fbd09b0f02106c0e4e078e90f66978ddee5285a24e7e48508f83640838 18e8bdefd9b5bf5d4540e3861983c9cf617de99832f3525141af9568ecff66f8 65d583c547067071e0d6c690980a2348e0c4432541f4561f8b9d6b88d931aebf 26bb2c8412f539dbac5a944eef9da9bb3dfe57c8daa883ea22e89822871bb35a 1b46e980989093ba3cd8e0bf119e167c46452cfddace22c92932b9f11598c7d7 d34db3641759651e0d8247ea5956be0d85223671ac63f28353ff65cac6ca1413 85d3edca7cd0998dccfe9370db5326c3e697f232084938e4d90742bf51b85609 dc3b26be7ab61ad59b0d3ca04d4c213ea4a9b9abbf12a078ad6b3f0a4cc4bd78 9b3c3eb33cafbfdf6835efc21be68013c9f9b78fbac5b05a3e7dac7c87632835 42e43a4561f6cb8b1ffdff91fb6767df4062e3872291a2bcb86e5731ea0aee0c c8dbf35c2b4a74504a093e86b59f59b8e111e33707975e728a9572890b65804c 2e7599e8b92668fecfe2d00a1d900d9d4fa789adf5a2d8e0bb5fa3e5949406ac a36aaf18865e497ff3c407be711c99f07852f3a9ee435961b21a16e78140d534 d0a9c0b9ed5e636d2506042717e8992c080c3743c628f10bfc0e559137f862d7 5254f07eefc3a1df61642aa173d8eff6bd29841597c030f8f39bce801ee414ac 2ea45dcfde74dae65fb470d4e2a07f7c4688cbf9a5dfaa08cbbab1d63e676f20 b78035661d298cec567ec4c74fbea363b9047d4ca8e5ce4bc0573aeaf319fbdc df3c0ff575c76a269474f386aecbbd724212244bbe003aa9566cd6ed0ee7813a 569d5d41ce5645844d7b1f3d8c56ad1d48e7d73a0c6602f4b31e668dbdbe7f41 c012e9301ba5b687b9fc378fe50c6cacf7e3e5683579ea1bdf083b016e596ca2 4d86db74b4331aea53255287e7855e4801e4b3975948229b312bc0dc907c9e0b 00d24a7ca044dc2f9c5f863fc4726e90c88b097c35a3c2828ac4a59467bef7df c157c37a1c3686aba7b3ef3018c5802b01cb43d339a9d6757c47b74d9774d879 11612a0fed9e6d3aee44b2853eff196fef4ba1a052c62c771dbd739fc76c723b f0be5d74025b99cf627c3da0dbe6751331089b1309b8259df083014cbe2b2860 e144bb4df38d198970fb4ddfa15bfc484581a09198f27287673dc3edb2792cb2 4eb56adf42c2f9657ff025986d1366356a450209627336e7181a3f45bb802983 d9f2e4b733ff0fe80bf8914c78a6ab1f193f954f330bea792c2d3a2d47013d80 9e9d78f5712ef940bcbc39c56ecc82551bc8eac9cb0a73d0ac549b811642c095 88c68782f097be84c49ae0ea6c2dffe96bfb2e17cb300a77285c5e7c1af4e75c 0260998408afe0d48ceeb854caa8cb6c11b1413190a1520778d599d518d8dbc9 414e085b06a15ea2797a707fab92a88971269b889d57cf5322a1e3ed527a419d d7473c3b867a9987770e469c6455dabcd1ef727e7eddd337a65c140af877575a d3fabaf12b7240c8ff7fc3b365c281390fdf497164718e0584967684a328a3e0 ff9eedf4697907066fa7809b82f8859a9bfc30837b22711d45b219ba7273226c 7b5ef1fcb4660e1c99c0b4aa41f61ec99764a9f5bc1e185b530ff6cdc385a9a7 f3b5c0da751d11f3b04a70ab26d79a2d8a6af59cb1de3ace362cac0aa28ca53d 2a47ca387f625388f0e717d58873a46bcfb8bd593394f746fcd690e9f50c96fa eefd9c6b6855c33e43fa91f9fe6b04ad410e7418db92446e778182ea9140fac8 63c5b173ca7d6bceb870412e808af109f01bdf164ccdf344e6436604ed74b499 cd9d67aefbc199e7c79215fbc5b265b0eb617bebc60ea28ff191607e2da516f9 21bc2d85bf29d1055d1462e50de65ff18e14c6165b76761217bf1aca0f11a71b 735dc37f7e0c272395f9db7fe5792ea703bda5f1c277d984ab8d62c617e73d4c fdf847ccc0dd0f60d2ed6dc7a77be6f3a0ba6ed419086502d52c046314447eb8 326e149b86be4eeadff96f377af9e41c23324bbf7dc186546b754efc6c50354a 889e5d20fc379e4064287573c10a67c51cf230d17ada922784ca3a23af51dd32 4022b32f1439652caf3e356de085c653e0de1dfae01cb8535e2aa1d6ced5c871 fd13fa59a317fdfe5d5730779abf715b41b6325a18127b87ec5960685778c89c c0db4a42543966d07e923bfee08ab56ab9152a08c3cd0eb881726308ca706b6e f40d56d54357caf96666fd34de014d79aebc3bb4937559cf392e374395d6c1b3 04c08cf5c0fc527165b6412bbc427c1647766a74fd08f5bcf2c46b1674561286 7f4ae123f4d898cbe9e837f20104c34563c7134dc09536b9ba3a9658a9b68e1e 03ddb96686da623a2b367fbced4388b38efbb8689020d2694b8aedf85e959b96 c70186afcf1890a3c3afb05bb53f12936fa9a8cc90855af81e2fdbc146c47444 1bc78763ceffd3953a9fb7a4edbcbd80e9c1b7ee178a9efcafd35c6eaadcb8fd cd0dfc601a6b4b378a4ef0f06eb13728ee5ff4e1ef363900ee4461048946a890 082d6cff956b73c1054497d428de35f163ee72cc933c8e196c9fd272cf1df210 f26088ed19f2f4f9afb58183e1577c05571f07acb825e76de8eecad61efb7328 9e7a27bfb9579e1172c6f6204e319fa9165b1d78d4e859e1d668a308cd7bb43d 06c954c281bcf0d05536bc59229ae1e351a21b1228add1c0b6df0d9d208e036b 695d03a31317359ce110bffe7fecd2af70d43dfb4f28970ee62f0261a39cfa1d 208a33ed4374eac84d8e7e1000d8ab8f4779e4b0f5074d1e994d0410ead07797 4d13400ccf2cd53bfa72145eaf1097d462e8b3bbe677bf53a5d62f81fbfb2516 af6a2ebc32777b3b3e2d55b51215d946900e18d6082bd2f76f38666e41abc80a a9b43a452399035a5e26c76f15acbad7d39c7e671f509166fdfe0fd5f86c334e f7120a414ace1a4986e0896a8d446f9456ecb63a38e35a21e7e0939f47bec9d6 efce5372b301d1fa5ea76d6409a2922e82ec1829f4dfd941c0aebecfa8778338 587771e22abf7abb4433653a0b145af47dbd403048acba6e23aade55ed25c8d5 17b72f08cacab7b5e285ed779231c7ba5f30a55f20b29de773f08ccbdd8fe045 27650f937200268f7180c08771ce5b0d9727c65cd476bfc89bbbaa350869e56c f7dd49e25c7e3a454050f0bd8c022e60f79c85e3b931e3b685ae4a8bd1a8f798 fe8e9ca6bdb030cfd0b27e3329d1b1a2420e70ac3e7ccff76256ebe0e1673c73 17359545e14ecc76f54711679bcbb39e3267273b8ff6d13d349923258221c0b7 8bd2ff54a767910a51fb0977cd7820e5ced877cf968b7d2fca97661bcb2ad996 e778357016a9a46a127ffbf5007abe13b9f5a22dba1905526f7dfdc7db52841e 49a75714b5ffc27330403bc1e828c529d960ce0c9482348d59cf819ec6f86ec3 e6b21533bb0072118ea7ba25bf76bfc145e35067adadf6c1f1aa4093fc6c55cd a04c6fa1847bec9bfd0de644581f0023ce1d597db878674f4f56ac0b4211b014 f5884b5ee87228164b1fbd733dad27d94dcfae497586d95c35f679dfb48b7c17 b574779ce72edd8598cfdaabc40933a338567ad8900854921cff6ddefe08215b 0d087f0f8cbc2b34f2585c0eccc14f296fb32817d6a60544166d426853f4717e 2396d6e7d43a2370393e1efd3ba61c041ecd6704b3c1bc74460a60b8f1e4fc99 bb8d845f1dde57947bf95819d49bc05d111ae7674ec03ff440ac59bfcf13cac9 50bd6f79cd9fbe95103010313dd298c701d26c836e069388af06dea4d671b655 51c351b40ee19ad8094defca988678c9b54c9a60acea5ecc881fe4b3cd3dce7d e80e87175c440c743438d6953abcb7c246a4b3260badc76ff2634a80ec88a49b ecf6354af2296c885d54a65d9a455681a966ebe22fc039433beed37198100d00 4632d2de6dfcfa7f2744cbb8910387293678b055791511d5532795d434bf93fa df8f5c713d9554ee1be0483f317ffb20a9daa85f5c4693c1dfd05e02e48dbca7 1b0b47ac83d5870cc8f957fa825781b804d08304ee33a6f82c90d6ad098a2aad ada9af947486875a3bef9d617c8dfd16d8023048603618d71d7ae13ee76a5116 8946874928b5d2d59505b2182c99f42cf0fec9d610b7ec0b75faf3456bc25fa2 6265aff213cca275c9d61cbf998679cf2060f94ca34579fe14b719a9c5aff99a a9b269e4049853052aeafcdbc932b53e6194acc06aac8cdd522dc4c0907a54b2 ec944c173bae29c0d3536756c8a73091da12b6e69f9ec00396b1b9dda740c702 79249887e72c1e0f2723aca98e9fd2c21b2911e34b41032bc530f85ee406f1f8 b5927c2ce32df98000dfe78e7bc9b7f60bae3b91dcc7f5005d47a0652df39876 5d662596388b1b164be5b7467e47a1f89f79e9509a888faa908dff1e450cc3ca 05a0d97ce93560008d71240f4b783bfe67c695b91f39a5881caa3c9f3071fd11 982ae533fc7913be0e1a5b7e25bd8401e0efda999f49de953ef192c78f62bb07 3450d2e3e7288382d1fd62fe807bf190659ae0fe13c6b581ef86c25cffb173e5 bc5906b7f1e7763e712807a2df5a4629452b69d37321ed62e5821d89b0746926 d5750f9987b90b8a622b5da49713162dc802bf651bfb670b69b6327fbdb3a427 4edbb9cef45302c7a87d53bcd97e5866968dd1fdfd988d73ddc41087eeb09458 c1a76ba3bdf698ab98ec386ce90e106f67bedee1beec35d3d2c33b71d24eb7ac 817b7f77af4d3df660eedf65ba61eddd4b02f3457cc01b9172e2a3cd5af74128 bcf6fe91c0e61182113ba07576a7d7e1731b8f72ed6d81479199a6fb299e2424 0611dfe05790800f1ffab1fedea14eda254d3d8261e78f5258ec29d4419edfb5  3f5c70eff5a69f3ef5c173c749f502e29a863228a03ad49afa84a7bad6b818d7  41dabb8279ceeeff46a66cdf2dd4c06970a1910ba0f2163a45bca5ed954b03b8 6ada9d114df5adbd67a24bd25d42ddb8e6b21c820786b6a3e836c8e11880096c 88a76e6b3465b2d61fb111456da58dcbccf7b19b300c88db34699a9ca2655993 05c22a780e0e1bed18fec6aa777cbd0e9969533401615f79cacfe402f11629b8 122175a8367c1d105de7f6a1cb88225f778cb322e41f990c6409fe24b6ef4b37 780c99d8068089bb3a4b778ec63c80f6f8d03343ef3770f288c724cbb375f126 9b1c06cc3fb0b9a69c43ee05525c8e2cae1c326fa4713c68d2cfc23641507add d49be3af9d557b0be1597fcb7a681dd73bafa132de4a34ca6486127234bd0ab6  c050df98cf6b0f111f7500652ca14cab4a41fa2d18f1c664626ba70f874a8365 ea64d1e1e8a257a1d313a6b652cf6db617dcd22d74378159ef1ce25258c76e1e 676aad0722a01e30db706e67788d558e44bd0fb600b177d88096f96dacfd78b5  a7997b9a3ae5a4edb6a36cb3618a4cd76d2647302681fdc242673350f2f044f4 cdef91c7a5b0091ee7c195e0268af5ef300a5c9fe1406579ecdcb0915397d14f 82ed2bc55f8de4e5abcecdfbc41f9e80a83a072d01418a2a544f718ec3d4f633 2d1bb2aebb00c6ca66b9999e6bd2bc490523859f0db1dea63779b9f1f84d52cb f3e7dcede8214080c6b54916f512426bc9447266897ad4078118867e0d6746cd 99378ff539066b246ecd123bcb3597c4acc172ea13c1e260468fe12b1696ba73 7e1984e9b593f774c3db1696be6964319b9f9388707bae3ee0858528e3658741 dc271e80974045f3ccdcf5c271fa4458e81023f42761c5eb37375dea4e4d4d8b 1de0b4724631cb35b0043e7ac67c4edf767115670eaf50370af4cd2637de6c76 0e5750b8bda3c5351c16a9a5ebc02e2ea24cd10e9fe31deaf0e250d869f93364 2bcb9da2dd7ae6d92e3c3242c2ca4908bb60f19d68897616973b67dd1f1b037c 460f7181782191858f2003a4146daa41901058972d7baf5088dd5f89f294ddf5 d0b6af191f36df14250213469c2735942e825ae6d36406817d2ec872e739cc1c b9f0bee817e95e37bb38c24b9bab958654afa1a38dc4c3155c37d1310f014a58 60de0637d0a48d23331bf8afc9f5cef164c130ca4a472b360b92d4552f083d6f fc381f8b033bcc0550c42ea706ca15026f0d4171c06e6e3ed636e2d7cfa92856 ef967342076d612e419457b0667c8087f01ebfea10184cb54e7c6df803d8878f c04ec7e45e1705072d1a554a5ead50980fc7dc0443a2f51f64bb73fa10f183be 1e8c4368441ddb9cc5c47845c02ab67194a7f27a109036ef7c44c33ea236f799 350705cf63fa5a8ed6d8075b8d483c41a589c4ef7efb716cf495f839a1f22ae4 33f35d4c5abbe7bbcec3a78ad021babf3e0b9ff84130557125622e93b0795670 617a426fa536430d1dc22c79ef99b0474f5fc4a7812efe5c9e2e9f1a23edfed2 340ce460b118525836600127c410d977d7f2e9a89a6b571289479ee50ec969a0 26d8054077f783ac7038fc45f1d7972c01d4ff6811fb44dbad8a5de90b39b8a8 c055e25ba81b4839725ae5f33875d468fa381a5866ebfa41f21cf2bcd32c0a3e 171ca4cd5ee36fda6a7de9f0c630430e796fcae444eddb481d8c61f7c1c1a6b6 b6df269eb1c69ddb5d6e2c4bde345e22546ca393c69f48b4d52019f1cd025393 fb97d193b53654aa6bf784c660040145a5d5da90092751a9294b526d087323a0 4313b76cbe6447ab73707f48abe7628a2d8e2b0a5de8dc8e7d4baf10cf6fb714 170a8d0e808f9b00d1e3796967ea69bbf899bb84605751b423872250ad5e61d0 162613a0876f1c0aa27c7c9dc629bc9ef8fdbcd6abcd26fcdf55e0bb080028cb 3de1e3785a3320ee1652bc1a553fde8f73da96ace4c55e5d140bc4211918ed86 94dcc5d974ff47276c8c157260e9099cb8042fc9f9a258a6a107023ad1f91a1c ef61a74521564bee71c2c055606b183fb3e5f02c21d21f45d8c3dceb63edb877 9d4e54668ea48b3d283b141db2e76e2cd4f4f609d47125519bb969771a27a129 d82b326cce960126a21be34bcc01bbbda81dbdfc70e2cf40f79d3c7da6f29603 a5e52e7f968c8bfc4709adfad10b5d2901740c54625168f306997e9ff6a4dd6b 3089030fea08c28cf13a58a35e43883a9feaa5b6552041142f20a916a2b4bb0c 0892a4ccf1a8707b3bd537b359cd86f831c655102f69601746ba8a29cd9a089c c3796df03360f77c6727dfe70cf7bd1ee97bd070a1b8ff7798ba8dc2e1ca6f09 c1ac987da350d1929136cd346b5347b4aa00aa08b1707ffd7ed550b167233ae8 83db4791025d4d3f0893cae53d0ee29569290f29b0f73b691f05895c9a2c4035 7ea89b2fdebe78c41e14f014919d17cbe67b0fe6fa854d65c7a2fa0804dd88d8 638caa595e49d2bcb1eb6bb45aa447c4f6ff29d308b7785fa01213a796bf7f61 237c38b7d6fa76cb760315659cb37e2c88a9cfa7d48353a5e160709aa599f17a b5076cf9010a1aff139e7d908e73c96c1eeda61568730981f77f749455f6d4ef a787d9fd40630cae5ce4d302f7cb502afb8a092b1a0447db8c42d95be45ad25c a5db36cd0f24768173e21b968e7f38503c70bfe56101b8152b3e1a32d922a58f e48f8fa01802d578ffce70178b29fcd877d58d2062a166933fc33d52c611c44d 98beefc7a2ddfab7b17a455cabf8acab61554a4c1e649c4d228fea931d303148 49cb63eea6684d5410dc66d24fa96739949aa615777b13a0849df0f9b95023bf b065c29379f515d4eb24965f0da79ebfa7af2b3852ee22611953769bc08b0df1 7def102abf69d9e9d2ab0854760e6ee324c6d35d804f0069d65636227f3004c2 0e2b74a1666b877e0701f933590c14a0693251fb7588d16d011de7e13d98b07a 9935ef81774938d1f8dfb137ef0804e32d54efb3566ef86664a6b8d78d19ff93 8ca4e067e6c9bd56a635ba2884c97a074fd7e5d32a98c6ac2563323e1d7b40da 5cc1f7a66385ef4badc4fb28ea729d6a406b13db81f59251659084f059081828 fbc0a287f21a7481d8dbacdb4cd8714741779ce7f0b10d23bffed168fe6f1529 8797240be1ab25efd139f8f6663e275121659798aa25963f01fb9366b0eea86b 68b02f48c74ddfd8f7d326a5bcdd419a78d76dc27507ab0aa42971abb2fb8f1b 624d62e13980139cfdec46acd5a48fcfc5b86a5e940a9849b14c16368fbd87c5 fb40b8f410d515fd63ddfc55c529e5871a4988f6b1478222f54769ccbe8ee2f3 b735fa774ab209ee535a968e7f5c73ae0b5de7c384522f475b368931a1de116e d780a373343da60ddf436d33d075b54dc44383d1b526a931061cebb55f946b2b 415547f11343fb2be1233678bcf7d349560ff71b11f5ea8eef27435e40088394 228db93f8063dea3693be95fa1569f3b3c91b8b67f0b77d4a7523cf67d842d97 ff491ac1842f40f10eacde168aec22d2d14732daa332ab4a4c30248538e83dd7 afd1ee5d712876feaf7825829e2e7eedfa51679ab1d7c340f9d40420378b49fc 3fc42f72a9a0ef50bf647469bdcf7149a89c14818c0ea9b5fee05682c065ca8a 9032bb556e10a0a2e7d508f1d60276b6a8186759960374cfed62f261cbbe8b3e 77cb01b01c412d961c16cbbff5ec6c655a18f3d99b0b8ba2b4aa9480d626d453 4cf488116b5b194add0074a593366f9f4c8ab554393017f7dbcff227adc4f715 78342e2d84814a1c949f6d51703ab19ba4460a1548b29a5b52b5214a1bed29e9 cc43e8b0590aa3070424a755fbeff2c6ce21c722042d196d7192681845c6f898 923b56e5f3a7370eaa6dde6d978e89f788d512a80fc498c33ff338ec7f0c3c60 0de2bb10c1afe00f096a9ae8df2b5e49cab7828c8b23e925e8b46f8ae63e024d 51c5cce6b972e070373aad3419669fce258a3be7b3bbeee648a0c7caae41e311 bdc63f25a49691a192ed222014d0071e3d7c64e3592feb0806efb75f5e4af2e6 fed4d7d0bd43c4a7c60c815cd80ea50fcf42c7e4f1db51cf0abc3e13f4bf91a4 1a4fc3dc846fd52471628de83030a44e40e76462c6e3bc2cc3561cfc80134e7d 03d955e9d64080cb8010b54d350db79d3f32b95068a570ea03232c72c60631d1 50f317724b11b487dc910d98e2cb9460ddd235a8dc716278e888689c0d5f78ab 3b58c904794b17c4bb64d3d6f28dac34b8a9ee8a1dc6f6bfd1c2e413e4b24ccd 3543f6eb8e1b962cf0657bead354f86f08fb83acf0f2d15cdb76cebfbe9efdde e249045cc81f0360110d2c9c77265cacf1808e1c01c426620d8e9353ff01078b b31d4e49983b38764b57ede033442be57fe2e7eddbafccba9c67435feef3aa64 76bb9f59c22a7186659791f24ea5aa27ff0350e301a756fec499d85eb9faf9d2 30b40f3982dce8192896f6fae40e80b9e7ea12c5f4d0a31070bfca4ab36898d3 3f2d5f351ce8cf7e17db47b09b29b6646db4334883c7dead3bc7d0ee01dcae53 8c3d49b1714f3c113d06102aef49d645173306c4f207ec6eac2475bc8fa26926 eaab8daa466e6c34ab10668fa741b86b382e92b2214397f748cd625ba2b58e69 7d0180c69fda71d034cc0670d4abb988426bd872fd41b642ecbfb6be68dfa4f3 40707a6b6409871faa6e3067219f101d3cb77ddfff917e482730104661cceb73 3c1c8990e16b5508a890bb1f9e8d2487295eee1701bcac5abc493de597d5d9cb a5cd5af580949919869f4f652c32fabbfa516fd7e11158d2757bcdf0f755df17 3d3f8a550f91664ee1fbfd1fe2e59ae2715ff9aeea4f6e5041aa73aea79be007 519d9e80f3fc68f329869d7f478fe0119f2111f54df2cf7b560fb1b47165ffc1 14f5cbe2c2859c07c3564d638cf9c85c5b84afdc9e5adc2978b62752b13878a6 3ee99c68d6b79db08bcbe71bd7d43beac5e3096a2c6a472c0df4bce2087fe04a e6fc39eff4ea505292100fa2e449a20358a447dac2e932e04d7d18ffdbd3f641 16e120f3aae0392e635702f6ab8282c7bedeee6904bc2880bd57531f848c8fa1 36e125585af4a7a7f206ae99a126a67330b01e99d67b16e0f0f06f556418d3ea ebac9ecaf854ac4e450620e22a388b25ae4efdcae411eda11fb962a74e49e12d e23e88b8e6e8c72121502ca28ab80ec0a5022692b0cc5062a8d2bf2cfc2be101 cb922d31a3bb9f5171d85a0a03cc4c51d0a2ce10fea4c1355bb710ada6ec0f11 b69a74187f2b1c63f9ba776ee670eedb92f052f1e90992332cd3d3da29b248ec c997d73887e3ff12e12feb5b1939f61c73c0709582ba97883728722837edd1db 6f102788d29df604047d15a1852a5dd7fc7c74f30d392c0a8534255713cca765 3257ce25fdeced943975bb6ba8593235be0f4f199d174f7843c720ccc6baf021 5e17be990c8d2c9236224392020c2760c7d5610f539f02f2d083e892d69f78c1 8e755a0f356d6c90a8306674d83c32907c66a654183ed03d261ae20ddc26354f 38aa3bdf0760380fc09bd7f12b225901dcc213c71318e05bbebd80f524cf5061 ec623cf5bc895b4a6077976a7ddfb9c0cd3fa783259354b6a2d9f284552ed221 b78d0b55e8eae65c02003e58fb60c50bff4d44d5bbf786a3f5cbd49c3cc914fc 3c602d082d7557c3f7ab7ace38536e001bcf52eb0ef80154322b310e2ea795fe 7333d0ba333dc1a7a853d0b9825e34ff5cc055917311b257cf36bf141a2decab 2f2adcb50466bd0432e09ff47d854ff60e1443cc6d6dacc027bc112c705ab3b6 d6c3de3ef5ce27d4d129fdb066237160be102dc61a8690c459a52b319c974404 180caf42f8620ff20f9681d46a8953f4291f3de9ff279d00cb82789f9f3390a8 3d0f9d38050aec674c5c92bff62cf37d43b50905fbfac7db15ec9b8771850627 e1f9e770c312d2138fe017e607b8c1642c6193e31f193b69ffac55c595da6086 2d4d14c2cfe9a6558b3398ed59bc10b4a1822dd6fb02884f6d44ccefd2acae21 37921c5c0e61af9b6845095b45d27820b326e1306ee3ae43d05624e3e2bb3936 2187700f383b59c51594cb7ae9af7a6e004d2ae29e9ed089968a55efcaa2f352 623448f5c54666a6b57111956291dcd7f5a4d181bca27e3145020dc777335c52 50af53f8800e58796c059c6977c4f1b8cef9b12103cf9c39370af2ebd9ad11b6 6de9ec2d3451247e2f3f3002408fb776a822a58c313e8616d49869e70d2e7926 ab78c4f2c95e286db19b74770a15064005f43ccac5d10198033f1a16ef1b73e2 fd166acebec28a489847a9ec8537747b5c83997872a38527282e648560e37180 d3acab42a72ecac8dc39a281f1c19b64c8c71eb8535c29c8f8b60a4aaad677de 1e20a0f21a524e0bb3e1e91926c4021f3070eb5de9d98a8df57c41452f66e5ce 73d7900307c01ee5e45201abbbf8f49bfeafe78720bb61856e7752389ff5d32b 760488343be6f700a1c9e55fd535ec4584387630c08a2a48f89f1e7efab7c9de 516fa1771def7e4dbac84f8db1de0015aafbd1f2d74e64e65fe58fc43a361506 578af56139aefcae540f5ff015076b7336d5ef721d339c3edb3f54a0bac0f82e 63cf9c1121397fb5abb17febc0e3c0acb838d464681e2ffd6d72819fba2d5632 07621ce08ee5421e74da75fed5eb0c36720ac7bf257418746f2b2c0c9be338ce d8a733833fbeee05906259c4d26b6769ed477ba6133cee26d58d44738fbdaeb8 df99a70d00195f6aa67023b00fa611d4d09cabe9af0010edd6aab27dc4e4815c dd63292e5edb1a572dbf1c307cc0127d6ae1a2edfd548dfbcf3360079f6cb5de 7778ead94d8ea779f40a51468df59c9f68f9b642929d27db1b62b28faa2f2888 9ef015c1b547c2a7fa8b98ceff4c4e721b8d7caac45aec0866c1e62eda03a822 517e99d42a6a679d36aea470b4ae2a2f97fef10c28943ea9861b09ba728bb660 b6bbe5b2f052c88b744bf24caaae05561feb1a5735f213b9bd71892f0188050d d475e72c9740ae547d17dba345b4fafa7aa952bd9e0639a2d3566ee4e9ad1951 5d523d2e4f36d26ff1e7ef1b609eb3b126823314ba667be6d09e7c435b4d6e68 e5a8f1345e55f2a71d50b8b8b105b87c9be2458431d77b36ccd6f89235c8512d bb2d57f8c59f560879332543b473d0d19165422d731c2350156be4658e3d17ab 99a5e2816e0bfeb8868a7cb38627522e5d2d86b7307a41f3ad81341c03ca0d7e 571b4dbebf47d47a90638207314b6b00686d4427b56330750f0121d400e9d590 df382d206d0d812187260693fd726374ab708767b3ff731a9774e56647d00e85 0b4e31e47f422588d47691d26fae2c91a9cec647376c3061b1a41f12ad3ea960 b18424e474d5462a6b43b3b083d7b8eb3cd3e3fb8ad176138ee32c53af44e90c f24ac6d1b3f3a0fc446c2b2d7211c2136b646c59ef7a8ac5a4faf92f20165187 9cab5905e6c5ad9b39ee8b357259ac5051ca342f48cb3b5f641e6cd4b7400956 45d8343e36752b1b57a0f6e303a6a7cf32fc24a3870bc0e3897e96712d82a122 5701f8be67aac7299b091e2048947f23a93c985b761fb16454f89dd5cc893f1f a3aa7bd95015c9da68d57bcc35ea31bf25d69551683c6931093b2aadd0f37ed9 acf6a408ed91f11101f562a2e2c5f16fdecc66dda489676775b1a2d62b09fe66 ff297ccccf99f5aaf8488601f66f11b9cfdd0d91241fed97d3c0088963cfbe07 0f039e5fcac771780e6b2b245be54f17cfe37e425c0de47acc34e25519300a8a fff1f835d63680fd56064190b99b6b0c723e7411d0b183ec38d0aae036bab978 5586d3d50a0d062a3038681769da5820da23528c36df7f3c9a828fb0adb085ad be1892570135b9fcb61d795502f612507a641afe9b2b2b93310408eab6a1a581 f107de5cf9998413d3c68d6243afa58f2dff4bbb6a97c5c6cfb5f9dc23aa7393 ff18ceadaf4bbc3deb8791ab6744ce12d16f90fff60c7d88ad8a30b82042edb1 fb6c6411d873e295d3e86ff5ccb94ca3ae8bd5f6b6f6baef56ff9d9f00356a9e aabc41f2f05d94fb7ec0f69329e3ec74e0900a2d326d76e99ea7707e1ce2b7c9 e6a3f47ee0d8ab2d7f8cc651eb5cbaa2c6b617062a51b3ac075fadbea8b53d0b 781e9091901c608a42fa6a2fb46fa13663a7273defe1808c6027a20202a7fecf 228e09b6dc2cc97221bfd0ac131d90c33861c5b993c7248555c7a15c9d90fe9a 3214a0d3d43efaf8cff196df2dd4d116b18330f422f44364c29c0198437378bd c402c079cf7f67027fa945b4782c2a06ec557cc466964d2bf2cf0ec14ebdfe61 5cfb1133491ccc415e202f1ab98e3c738ea119238f3ccc569ff46181e0b82c4d b4e1d997566979b1005abebc940acb548ae12b96ad19af931e1cad7869c80dd8 228e000126b3b93d629afb1aa9f487a25701d6ee99e4cf2f5b9f207f73e11763 352830ec4e195996180fc56c5d84d0615352894cf5b67f2b1e91974da5e501a8 b09f090edde5e77c5366c947b3a2746ce229b5754f6427e403fcb271e487fccf 3d74e0fe67009ce4d32c4fc1808882f1d4b65436887c30ac2a06f8c8c8f48d1d c75e1446f6e02f13305f0ac1c859912dab3370f14e7959902351550bd14b3d5b 84eacd3998c630db20e49958f0d8366044fc900284d5e8db58504fbd6975535a 2ee1ead79b6cc88bc6831f661b1fee9d97dcd7f598338c12befa546a75c7bc86 c784b367da4df13f70a59c5bf9933e95654b7701b41963d33993a9e0f46e7281 411e4e7a3b97906fca7bb82652c94025930124c911c6dd1333e8f7340448aa6f baa75ba9380a049b41bb86262d4921453133dcce9bd98da9878ff74c6a6ae2b4 0dd06c1d8a963ad52aef1b26f73e9c57fd52286f2bc6ce8df8781d3c4c68912a 05deaf4ef510089374b5a3ea63672190ae97c9a0c79dbd339b36ca5abfece9fb cffc1a6564735f8e5b7ea9ee50b7aa3feee252816e206a7ce1ba545a90f74a20 711c831a4554a7c53288733fecbbbf9f48d272d6b65926e6491c7204b34f7604 8735d6256dc1a9ed16a62193ef707a785456133801b11691fdd576103235c6ba 2978ab05ae19878ccadc36f9574c97ce3a5bc3aab4ed3070dbb7ebfae002d7ea 4c48794deab0502b6dbe03c1a49ee52728fd3ec92389993e7464e8d8040e60b2 11d75bcec5adb4a19ca20af1f2232c652fc25159e12e858f3d07f08910093953 401a8f70c11236df7992bc2e113e51b20b22a2296639fa6133b6015f802d6685 2bb2b4b698f1e8a81a76e67687d0b8508a371a3cfb18254265d57413dd9aaae3 742eaa265f3456bf9dbdfb08fdf6b477a6a10fdad90e7a3355697aec35bf22a8 f84b655ed7fb307d0489142c045faaa914e81c608e59c6f88b82749d9567c46a ca74b4e1978b741a44795d277cf7243127e1597f2e5a3ae676b42c162909e2ac f12f010fb756d886355f41a24888a64d5dd10af3515f3001e6911908bc84e293 c988afbdabb7d440a2ec3de96ec06b56b4b9701e95e5ca10b6589c2733c81269 da2cfc17b3d47fa89dd30503200099ee675147c9e6f97da5e3a7856a4decc4b8 c165c4ef804f41c533835ac27e46741496675a2431086b71971f0d40370dbbb1 19242adaf4e729ddf8d1e04b69a669486aff6a0ee039a66c9961c66e0d6d5f78 f3a1fff5432c41265936aea1995776862f892861c937f5904d376a339dbf99a0 2cc9cff84c27f206c5afe488c953a574c797e99f22b5c917e5fd1a90f3c17a48 68d0688696a13dc911ff02f1ad4b6203e9d92f77bbe78470dca7c72009d61b3d f1e7871b60921a0d54a6ebcaa148260672a3aedff2f9764f8197d9a0b6c934cc eb6820a41476eb1b6a9110af53bb182dbf95046145f6bdf102b1cfa86a5afa8b 08e603fc927f0460fa9563545c88d7ca5916dfdb5c9b6c767d520679e66bf673 ec64502185615b13d9a131fa4651e5c8b40eaa278c771c4fef3acc35ef76d167 f79eb68279911984ac9da9e54eb431dd2340ca6c72e04c2da65412db02aaa324 6250c507eb8ff42c1d25b629f9340317ce8b71eee0aa0c015b2b905cfa739bcb 9db63c6779cbf2a576a132b4028bf070686f89adfaa5ca91fade9b6f6b4df65a 63848c502d2d24b94201e4713ecd2aafce1b7eb28ae4f96ab46476eefc5392d6 ba2fe7220eb3458363b121c138d122a188c3dc60454f7ef6fbe7479cf56d1a20 347d7960a7330ee392fbb02e0d5b59f7881035d8439568b8f438c0d91f38b146 7eb4194f28f7a1558882f831aa7bf0679b0059c10180c66abaff9d238887a05f f23493cb18235efb163adc0a06a2c8099bbda391161ad30f52ab2c7627ab44e1 ec88fcbfa08277e4418a7a2286601e56877d6269595c4885c64ea809e9c121ca a5532d4aaeadb9e9e6651be49f25470bb0dee83448cd59ad75f4cdcdf2d6c334 6d6065ca27b286622eb28fee3ce4399894dfbd1846725fad67fa2b818870e0aa d72f9499e1fc776431e6fa6a6858f5c6f1f0b56126e8f912a126053d445f2742 9a596842da82b1c3b8308ffab9ca5d5c88a2d39b0f44968b0ab67222c6b93f8c afda69183c62918e96bd5d949173c140d1f7d0d256ab50c9fcdc61c725a4a1e1 f4639c8363ea53abc87a8b8696a1b8dfd51814f19a6bbc18f5c567ee8d89e0a8 5879c50fc1ac149cba1e9453d5d262d272c3a76a0e254872e1f54e8fa6da6c8d 2220605305dc398214609f1e31edd55c8185c46fc00880f28beba2b50b042b26 b20d8fd7f26fd662142b0440addcbd3a64e6ee99bb583676f96927d779481a06 47ae6a8cc059d35daea794868326bdb485de1940b2a0c5b90489666a5ad85e2a 4c336c730d0cc6280111fd237f90c67e4f6815889ffd803bd9cce441ac59e2aa dd6e546f9ac17507798d056b2a421d381866b954c30d33a932a629b67e274591 3efa188f9bbce163bb69ed44d12c9167c406883793d6e073e31f74637aa4a17c 5c1e67bc663294b8f573ebade9b593b1f720c74cc001f07f29d1168caf61ed84 f913f70cfa5c6ebbade99e2d4a5a9b2a872a1b1fc75c65337ddb01ea09c027bb 0ab8c5bb00cfe363edbbcaaccd3b997cf926dd2ccdc64d98cdaa4389d8e3c46a 789810929302c1e8d10c233932e1144928018bde47eaef06a82746533c7a4b9f 1b8253c9bdc89e63f7feb3bc7ccc9aee795df2fafc139fc21ea9013ba3a3c248 747fa68bb7210b8557073f3fd7cfbcb3a57eab551aead27af9f716c1d528efcf 4723c5755ddd767ba5543f9a7b1c112d10174ee53670c3efa51b94b73a0922dd 298c2ae4bc7585bafc8404413f0042165cdf82fc68e9466646ef85d2a9b52bf5 23fe8094b7dd275c84288aa10f6fe14c5dd5f3e8b2e30e2f182083b5a1f4b007 2bb58e0004fb9868578a1e1fcb8be370bfec6c5b2d0318eef1e9bb50ab89fd83 4ab0e625af5527a5e6f82f8a3a405eff949692ed2338cb902ca715293b77dade c10b53bf024f432daa9e080dd7f2810c25b850e8c2e0b405d1375275fa5e8323 90fdc7373e6977f682b358897fdf88ccd4f323356b80cc556eba9346d54c0472 b377c06d453348058467141f388a523f6ee723496005e37bbb98d321df49a188 4bc3561c19198cc35f2ff429ea6efe3161f569f92e1da035ff641f28c04a0a80 52136df82f8b0447529ae3e27f8a58912e545514146409666760f5425a3225a4 c26c143794808a9cba3f10821c3a9a6a419e06c57f5a6dff47370620808ab3cf db8f2aeaa4c2eeb90405d1ac832bcc1a55bbffa814c3471d27765a5ed6edb356 6edd96e20e6f108402df41b49faf48b75484ce9d37936b2f26672e8073190174 0049f18de88bd5eb2f58dc4afdd7a8f9198992edbed64c2602373c57e2c06bfd dc03177ac292e562cbab5e054acd21318a4a10a4805330476c9099e3d7660d79 a3b2b8be3c14d05fe246eb1c9964761289d097f71472a6beaa01270236979566 32f8ba77250559a15ce9e7f270e6eb1edb62586cfc31cd4fcbed345891201cb9 f2834761f84bd88f6ab147e6b3f1ff90139f9c6c4fcca9dca67f6f4474b102eb 1d4765f13ddda3746d54e44bdd32806a9a8a179baf0f8d75593777e79ad9eb9a 370db4ce21cf5fc496d6e521ddd7f2e86d2fce6bcd92f1dd8028592154f1a873 4fedac7795d4c039d5ebd66d4ac8475a137ed935f20c7fad6ec11db1f8605894 9a36165489f84d9cda1b1bc1d4e247187d32e953e61716bb585c1d0454f7b965 292fae8b22536dd70cab60356d1dbd744f7011c840ea57f5b80a17340138bbef 39b38a34631fcb4ae8d262656ab1557b3d74e09da980adc68b54c5eb56ba9716 374b1522367425691f578ca5d4cfdf22220b7694610d9eff4fad493158fdef22 d1c936252b49153004e8c5ae8b53fc55dfc7aee6769d559dc6d0a439d4d709b1 16e3abb4ead94bc8cda7b0bd12c0a96a151ff242377453f06983beb82d144028 101cfc7cb7b12abe9a1ce9de7f714f1c7c24357c98d11145b5a768f01b6e6f2b fa3da6a825728ec4d1186fb56378be287c83bb728ac1f2e844241a0d5cc98b9a ab6996b7ecc14b7b499624b294b767111b76681e3bd0002113c7e3206caed1bb aadf9f536c32c97ba20607bd2711ce7fad2a83149529b060620ac3c8be317fcc 60c721d23665f16c9e7eb87b8e591da318ca5d60a8cd6c7acc1d3c2d7a06e448 3f0186f62e2ba305649189c5e53605892ca44ea79e249bc821f3e82e1c1583e7 aadb19f0c574c2e138adaa6efbd425980613fbab36ff49733b6179e15246bc89 971830913c0c225e6fd33bab45f351768e60d9016b5dbe6c9f4cce77d160878d c2a27e19edca99840bc821a66df08234e37b482e1cae6644af512098d2495c11 ecb228a57c43ec86768f732eaa843d810a0faa286e1fbe63bdc46bf9e852e349 d15c0a170c8fffabd3dc7839f6a8190b7184ec66bf453b4eb894885d61e9e214 38073e1729f784790935607c7cfded186c2a6b134916d591421f72aef18288cd 68f97f0998c659a81d73526766309ac0300415da7b642dfe8ba7e3c9c37af67b 4893f119f69985e1e16f4bfc24a1dbb04462575658584d7a752252839e0787f8 18f41901f5080e1d52f35e165003d5c0f8281cca9a45dc44769f5665d33df75f f7ed753aecec1308e456ddfee4dfb559bb6fb36cfa647b5777228cee24821962 f8350ed090a538f12a50724188e273c645315f4da6267f040104edf9029bbb4d a1884407f8437f5d1665d870885f1bfcc6b28d3f367465ef32dae8fdb43ffbde aee77e4193482563fcd3d841e2003850e5a4adfab4a1dab93d42a9d707cc91f5 b78382bd068555baee3664a461831989b94c420c1bfc0b53e8e4a1b26a67764f f9d721bd676265bfd2d76548d3ee2aff5fa8c6f28673111195dd8108568c5bae b5928123cc3c1b07c07cfdfb5d1b71a90bc96b083b75ada40678238949c508ba 6ce3af28e601b3ff5c087f63876b575fd2eb7323053775f5487a6dabf336946e da37230d3afe6a75e16af37a9193bf5ed51d5efbe577c4527d4cf0d0b8fa8a5f 15c3a0c86b2984c2fa556522afdc5cf3989be38b3f1489a775cc80126f4d1a84 41834285954db30d2035e886940aa2254c6a7fa3587c874574b47e8979ae0986 eb3088e01a1a670b2d7b5f7f042960fea80d5a4b7db00cdcb715765d11897aac 6584687657e883a35e36f6bb2e461ef2ffbb4694e11a41c08e8059b623f10c48 f63c62fb5a371680dbcbaefc2f43d32e52de3db301729a1b604cf905eaf28e36 9efd2b04c8a6bb11d60be37de8897e2fd350db4d073e1e0ecdc8d430eadbcce1 c2f9483546647d3dbd75abeb905506182853505c63ed3e3fc8bb6c544a55ec23 58f987e91434db7b3b17e514d2f48f7319c7ef30eff72cab9a0852645eadbe45 f34bd141f5de7b6dd367854ba7fd6658e0ab2ee66dd20f2bbf921f3cc5a0563e c062df41b6c9a4aadd81c262a9683ed1f5beed2cb04acb8ed18581103daeee29 0630e04d67226f6ac86d5c680cd7cf4c79256d383aad62adb72a01eec6d9f098 d5ce17185b645b64c52293358623fcb8c77479dceacd1f35821b2e43b825223e adade6c6fb97aa9226edb450e9c188133f2b5ab21b3600f488f34a18db510c4f b0c894345fc280833c53bb2bcc559bc70effc2b5eca18b6d2a609fba4f8f44f7 7c93b8ef7d642011a633d790ec454d67642a944ad1d2aa5e96bc51819452dbfd 7177f3dd9e1579be6ac226caa88435614d0c29b519def4c5f36f85425bdaf8db f6e858cd02aca16c6c9d82a0f18c5090080164047f2e975e9ffeac708d3a2b8b e97695b2736897676ed49b9dfda9c890da00b0cb6da8a832264cdb48d8779e71 9246a6a830fd4033094135fd6b9e636240a4e0349526f4536b5bd4b736cdfcd4 6a88de2344fa8db7a39fceb5b724a9376f7e51aa417f1a10baf63cf530a4e759 c4be80b251ee82cb392bbd7183039d952a0d4d1ed64f506d9efe23b37f970187 481518b39553343e89b89c2f6dcce66804b8d45e1d55ec1dc36cc679e462ef01 70344a83a53bc23044a873d608da8320ac65e235db368ec238efc73a02035082 52577fec225b42f66ed7935d065051184cc0371494b774893d57f30bcfbd03c7 ab000091123fb60fa23dc7977917000d8e9ddab549cbf957485e17c342807ad6 7edd3919d1d5c4c847c8eb7c6fb1b6b756bbcaac63bd1cdc9f8d96cc9f91fdca 6af5f66e6ddb2355d6387d4229529bedffda6fe0a77c0907cdfcf445c8c720ef f421ee021081d34d0b73b54b3d84781a1ada9dc628a4b59f6253f1a3cff7e82c 31014abdfb9015711302df5363c688e3232679cfe23c0b273f68c0e161f6548b 405e8177ccef5ee92b215d98cc128ec7997bc8f7197c143accb3c720c1f4ed2e 331130e4a70df1d89d4ac6bfc50c642cc8cc1b05040cae31594015470b104163 e85a9f519ec28427b47a3a8a0b92dac1276436acbb54bac573e9b83af6955baa 5e254871e2e681ac5f42219834da9a5411d59f497c6df3a89b46399e8060121f 44b73ac189060dcfdc7e66f426462aeb94eb0d7a16135d140ece4e04fab9f317 cd83c2da92777bb26d75957c8d170caff2d1572dee417551be25c2b0446cb6bb ccead36a25e3a2f523bc9b6fe3537b3fe0aa0918ff2e90d41ab5d8203c9701bc 04cc8b426fbb2b25601df442b472e6b5d3c2dde368e1329c36b3915b82af2137 dbe48a5ab8cf13af4b255dbd31ea11473575a63c08ff3d36ed69a0982b7e2faf 71b27cc091d7944b25c30144c6f1e98e0ff646ca67f3c1eab89ff4d3cfbdcf15 e475bdc50b64f802fd83ffc56f99177e399c256d93b6fe616073e922ccea2b52 b84eb6e9ed064f7acaa2bf7fec7dd2bee3d796bc0744082041a06cf8f1e45dd4 4b8bfc02b1a584fd52817f2c16f6d26828f8fe32f5863cd938c5d2c7cab425f6 c614225dbc671e97634e210c017fa39c3f630c22a6c1ac6673903e55c2f09c09 aad4dabb76072ce6ae8beaf03e48c627465dda54afd436d47f007c5b1c7b52cf 55830d6a3dbcd561bac52be9e131182f46854ba40f55c86c7935413f3c9ebaed 553f9b9fafb964f0c5a03ee454b8a21bcef78881b1dcd9e4f0944f5e0dee6770 f7d32e058739d6a63eb6e264ada03dc9a30d0b1db52bb8d96dc1f7c6265fd93e c0da79c5898fbf9ebb3dc1bb2ffe8ad5eb8ab90e70f448d5fe3fad48c56d1bfc d93dd5b11f413eaeb15c0056ce58e6652cffa6da783774a82e27db165d9d8363 46f72747d8c8d85f9487e22f9fdd22afb05e33f35a5cf7168954bcfb11617d30 de40fa8ad3c2f8f52d1728c2fcf55f6d1ebbd74086b553b14dd513b6350e3a76 8b8678ca52b18189a5b85564134db150477a016b7824e73e59449451b33fddc3 fca5183dc7d9a198d69544c402d09a96e837c02247e4a6130d6eed2a9f2b30c3 f738c35d70c85248c3b057359ed5ea1cd52b3d75eb9d54174e6a28ee2c6111a8 6baa9775f96a245abd0122b84590b748d11e36778668804478853cc95a6b177b e3e89ad0d4dd55cf07353cb8977d3bd98060e117840d167f0db84d406970401c b2938b18074c16b36f9fd560d2658a28f3aee83ffb01f39fd96972dbcddd3201 8d34891143f8288664e979993eba480034fdab02115f30ad476c5814c52236c0 351dce3f0dadbe16ad102d558e58e46f4de316d601f1eb8559fd6e7fa0da2eda a56f5a01fe1666e4700cbc5dc1ef9f7674f1fa53a82de533f9084a762ef55562 b17634c10f12f1430c0c7be8aa9798546cd20c5eff8408a3cb350afaddd7ee63 6cd8ec151e393db773f5bbd9e176a34373d86ef942dd0d79b9e271371ed04fc6 bee281bbcbc2cb0964bfde1e396a4c18625e8e24c29951cbdc14718e6d5109b0 c08565d7735b9bca70a223539dda13c5e09eedc6ac0cfbf99a4807070785cf8d cebbab95d7a05ef72583571f7cf3444111c2d7cf6631862d9975944aad75d712 1705fae35559fcc29c10be0ef7945100115b9f3c54195f6ba9878e79c64132a7 fe77767413faf8cbbecf2ff69e85ec340b5692343cbd35c12b18aabc308b5d49 214f95c8abe9237658b6f43919438f0789c7154d639c21103181eb034aea1657 4d9b6b961ebaa798d75ac2904f37e5a683dbb687f10e0818620bbadd332c64b2 6e0a1f4c6f64cfe00b35e9c5c8265032b1bb6ba5b13d924d0d200a10249cf5b6 9919d56f2f8ee7d0400c4ebf7153181646511f2519b3bca740aec21d724ced7a a4b820ab901cdfea9c89112d9e50021c63c6707ad027f5ca0be19cb4de574ebb afd938b3e9570d8be400d97da0ee86ba610153c7075ffa8b175ef3946454d98d 904b82ce7ca96ff4cbac78721ac8c31f05fbb8e42c55b32556888450385e3540 e73d58af2f6078582f2e941d213a237de856139ef5954f8af94fa85a9ece6f4b 649d63fb0284a9c4fd576ad72a86371c8e8b2f43c27ce93027d0c7593926a6d6 9e87ea5795b61888c1aa80f605d1ba68fb1af27697f8a409f800b9405fc44a2b 70c283d640d237b73b444da8326e7171c2f699e87c63a02d79cc10e62da48ed2 f97597ab3c57c2944b11186e1df36974cc03a7c87606755b499406d36a35de49 66e5a983e8cf04168af815d21fe1af84864fdbc6fc0b1a881b7f266d8cf96c7b 67bd124bb3c785236d119466f2ff51edef931037f4fda1951cc8518579c4fd97 d9e6e43c8848d5ec133e47a9aa5bc6f49295e63884fcb22e77fc54e4941241b8 88a31aa59e107b714f37d474deb8b9a62bd3a6e3867e6b8a972ffcbdd03d0c48 345a50b025da83de2dd8136643c674915030edcdde1db0742a3f69d8dcbe5f87 362de6cad7bb3b395799a1c98d7ab4b909d19699256f2e028fa054ce49aa8645 a150c2dcf0ebbabd87f87c14285b7475ea9fb1a2b772092d94e4a2332122b14c 958c48dc2d147d4f797e5cbb1ade04c953f37555803900b7091ad9c274db66db a1ad056534beb09ff8030ec81d88848d7089d787aaaf897a74f9f91692557e5b 306cbc359b986356bdfe5682a624c554dc42f3e521c76711beaa01733ba25267 0a55910720d4e62e0d294f49c7a5be941ab31619b07f28784a8196105c38585c 29fbdfdf32b29c9dff18edb10cd5d176199bbec3d9c4b2eb6a5ee2867b255ad9 2ba3774d2356ce55e4ffee3c5cf8fceed59dda03fa9cda4bd1fc8f7005e2d9b6 7b2b729af552856a2d69a43380d8e3582bf5a0844ad15b75115a79b3c343c898 164ca54480b7c4111b33949585bd30e2e660344012ad27a9e85fdf6ce509e07e a1ad1d81816db8e485d029101155c57641e2839a65c77e5eb43ccd16f81f626b d74c084bacde9e7716266b39a463ab4a1f2055fbdc00c20ea10db76139a5b90e 106bfa4a51f41d475c303d094b6aa0303775b834388fee4d6677e18deecb5eaf 8c3d591d3cb4c956ae34c7c60fe071f5d3f19cab9a59dd9423c6e88af1fa1223 501da07cc214b18724ec1c587951ba0b1dc970bda7dc0ef804fdefebadee0965 e023312ab274d01ff551753dc0b7afc85e10b68a9f56428cc2267fab541213b3 fbf509cab4daefa4c984e8b1480724e2e399e42086c67fecda7789d5c380e0f2 57e6e475c63c832aa4b17c31f83ba5d7ca5db9fdc57d4dbc9e8affaad3b65d1b 3c4bf0b75df9f602ac32d1ea696219afb6952a294f4b540cce84a33242e065c6 09afa4e97d83aed8fbc70e410bb4ac1e64656c713f72378bfbae088c13d3e8e1 fadbd2f5cfa1718d26c9376cb66449aecd642d476cdd411ab79511ea6608cfc1 686b83d4ea4a0f8f197a759b62753860ab0c47b8caa719338d29ee89c6953ed4 beebf5685b8b2ba9eb59fcefa66329670c5fe2ca4435c41b5ec4bddd9a69aa57 27f8c7026cc337e7f5ea2b85d3e6eadf65d1da59921e9601684cbd6db9817679 3a8a778e4f97171b0a271463c772de46a0436964b32a57a00ff7e9b78ca13c74 3767b460bedf3a1d701196e2a87424a7fcdfaf115afcf9476b7992addc11bf5d d4485153818ddfe711c3fc14fb30aa9336100044e5a37d30d6d246459a6c6c38 a28b0ee36c5f4ded811a115f23d4853e71cfbc48617fc8d469baeafc65234b22 84f93d2a41953de6549f9c41b571867bbb6ff418332d3cbcc109f85d59203bc4 d222a70ef70373f65e9cf0780289af7a3d8d168265f3864c5d2e933bacfa2424 be11948b89596109584ca6e8ee0144c3d99a82cfab8846844f118601ab906b0b 44730d79c9169db3822060b3fe635b51c060ba336c774dd1a5612319c004cd5a 626743a468607a7cce9fd29ece8b85e868444b17ce733e80d2eae2e43585ed70 7a50ce1b2a2173dceff5f35b4dfeb79a69e18ae83d3f8445f0dd7f896096bd7e 10383a59f95db4cd85ed6e54ca1cf899e13cd8fcf8d894fdde52f8598fb1581d b8f2da9bd57d644127db11aec8803135259c6cad21a3a8cb51b86f5832f74d2d 7da4c00ad6e04975e7986d4d7f5182ad6ac51225ea5bf595012f4da7a714ff27 a654cbc5614843c848aaa8d1e71be240742e0225408d964430303d332924cf58 8f4c0bfb75f32c2907095476f00465ce5377a0864ea08f2916a2194b915e61d9 829ba0af574d7d8d4fc61be6557c49d9b1893796a674dcd4a2d0ab1540da2172 1f9ba2889d40d11d15a03f47fb9b4758fb5d396fc3ef09dd2eb17340651bbd4d 4d302171b64a5d134a14c2f5761d69baf6e087645f1569ae3c9430bd62569a77 1c3c9d386357852630d14d59bccaae73e88e79fd335da885dbc26e317a560e88 6b46237a9bf974c90f17e8d1a3193eb8f6a8a4085fe6afcfc6625155f230cf95 e28b02b2aa25a07dd2b9402a7e11a026050b95f200b7f559706d39de6ea5c6a3 290939e06c2dca3293634d1380cbea8776653dcd705517ec2d729f81f6402d57 a065a801fad2f4c318f858e12657835c6477ac3168ca4094abd3e684a49eecb3 f72361e2950d32c7279a81d3d6a36479bb03f1ac6bfca0e129b096f3fc11b1a3 1322a3603bdbcf5f25ef6983aabfde61dbbfb31aebf6a6438c0de64b0fb58146 993c8339ed1575816a6db7850ad758ee3d1b493442e12deb80ae936380c081a6 9dfbe7b86cbb28d5c225733e9c7e7674418cc7696f6bc482688210a51cea3c76 ba11c21c21d75191c1f92f2834c1a9f9c6d1be9ad98508e7b4876621c126d0a3 b9432e15f6aef3241bebfc3cb8f2dab4b96f97a61ee2e7312845d3614d817793 f6c40190d7b17ef2b7bfc8ce665fc927dfd178722fa98d37e58d5c3ea763893f 1f46390b9e412bb7b986e6f26e6b4998a7b7252bee2a919d92a4f63bcbccf52f 7a4236cac4964dce74ba8572e8481de412bb53a0ec1667d3f64526bce5b1d39b 5a49449f20a6d274d55e60b0c722a8c3606a1aed9a73738d634bd51a4b4be812 83351fabfe38d8bc07b96495b56be9c69adf49958224936770455c97be2e8954 76df55af2d69e308a5b1f898d2d60896055b8f95f99cda6c961be77245025b3a ae7411644fea5d5ed7c0f9fb6a9d48af4287b4be060236cee349ec67d4e94f6d a473e30d4d406d95c62c1e7814aafe12b62e4ebfa9b4421b156a67e6743bb98d 4bd17da6eec1e5a6591e5b6215675d6704257ca0cd1f71717e12fb61f365c830 9df3e3e7646cf2ca5bf8fbb0e602e769c5510b11bbf114744ee38b80e0200a05 9a64daa7b699ea04851f976a7ac131cc0e2da1375524def3476375b4c4fc0e8e 9e114f8873394b2ae418d4bff3bb202b523d2b7c897bbbac4f2af74dd5887ca6 f5bfdc6a379332dd8f0a6a3b5792c1f1921642c1498dc23802f39f4e43e8f51f 3415daa93f1985ad00c9e8768cad571d2016f57b05337882a38ad9f4470d205b 1eb895de995fe90369bf0b6c0d73c5923465938cf6750d0a46ef63875d8eb095 8c48459bae7ed3d0e6f1a4ff0c876e86f23f199e98d6fc6810cc76de5161e8c5 d2e502ef34cdae2115a05ce7760248fbf9d29f89d80de97a7c4ce37d6999ed4c 65057c55aa5b6295e0897474a4abd86b58a630b5519e24a96a9c36481adf71ef  c31aec6227002d4c5671641c259859e515e84034740a8fa2decd0cf594aca7cd e73ea9f6beecbfbdac88cac419f91c685e36f599e7419d1b68ee540daf765f22 81a336d8d5994334420ccf21ac60cde19a49d0df073a40445ecdd194aecde7a0 c42d2d896a031477712bf49b2967b5d1a24f133bb7553be28f71887bbc6f8b53 795a1b06c323fab7840c85c24e06f6df3f449c39f7f4cfbc5e74ab0b6f54dd85 d46be27789f44508d7a4e0294ddb7a972022adef1feb4bbf80b6acb41388b29f 99d86196551e89be73d3fda6fbd1cca14dcc0044a97c9e1430600238a4ed27cb 144440da1d6273ec8750b8d8035c7924a123c47777a396502a8ab6b7b98c93fe 28a08d8377a606e099c8ad9f42dcac63554b356a129a9e9573fcfb207b27baa4 36c6d4ddb4f8580d914a1263461e304db5e0815f7dd9b755db529032597b7705 0aa6c653afe3f7d7eac9e3df2d52b926639aa3f51d8cd5471da36ecf408bd859 ce900e439901bd20c3c1bf000f6e62cd234e5fa295118a5b5f55100702fdafd4 3a7398894f4a3dd4f74889d27294143d5f3609d97ac3323c6f3d6ecbe990dcb5 d975358f54153f286e78c8cfbc76cf3e2540614252d267ac9327d13fde8abc4b 282014be61a11450aa26626c478ccab01c380f39cea9dc5d67501ab68b06bdcd  6440d7ece6f784539530afbb27edb7b1a83bf6576ec304ad3538edd4a02e1fe9 ff821eda6d9c8f6eb4ebad0d80fc45576ab4426f0b390ce9fb42312c23430d04 0d85efa8cde8e1a3c47a082d33cbea897edf90b00820032156816c8cc1218b9c bc41108f910a9a072afb6d94c20b5daa083a8c6f1e49570a82b779b06e91e01e eec67ad5fcc586401c91030a8300014a92973e2b4653816cfd1866ebe6a07b7b 9050176f3f0fd7deb7094b96dca67a7fab85f80275b5616414ba3d11bed29542 0cb62860d5a01fe557eba85cab0dfbdd4ed1d7f30cdc0540690d7bfc99ff1e59 15e91fd99a5b94d2d26eaabe72c2e727cb88748e83899ee6f2f6efac8eb7d66b 7578fa17671b4b70ebdf40a36ec697ece2a6d2b170bd083c0efd515b81acdf56  c750064571d635ad50165f1e98519b12655820ef9393b33d71e037d8ae46f6e9 ac84b732b21008111b16796ea62181f264aaa19c362b426516c97bbdbbf0b0da 0e47f805847067261b62d7d699124645c6a6a983565815e6de4fbc31263380b6 dc811fa9d4c1ed15690b2dc7c1afa5a4a810ee69bb8759c898287630273ba24e  e35f314790e09d865d2e82dcacb1ed2ef7614e2bd9aaaf2c7b1fd1cac6b3b560 58d33a13e5d998b5cec54b5968271a32ce79f80118678f2978011bbaa86de2c5 579e966ae17c6dd435279303fcb2d1cfdffafded27c921d1feea042f83e96f01 bff7fc98215044eff87f28e65559c9b030a0676eac25552b5961084f162e8bb6 38d52c81b091ddbdaaf684c6f1cce30ff4c8c60f55148aed8bc5894c22114a2f 37c483bd9d9eb809a483f918cd901f9c48251f8dcb19f35d61bf1105ec96e66f 22601575a5abeedfd08dc5ec6669790c3b47e557d391adfb259ee0c86566ea1c 4a93ad18003cb35a752e91df73a688cd65b92b754071ce3f6328f76c6d6f455e ae1c4cd80e2b05cc183e1dadcd83deab48dcf62d191e0f69e1ea30f050b80640 b70c4fd455fbd6649d36f54adb32a85ed69d81552ddf2e2878f85120b57279c6 45236986f1affba9e034017145436f7519e5681fa5b9940890979fb54be43bbf 437da860f61a59e5d68b7d88764a2eafe69c78d0ec49fd6bf13df87a5b512849 437da860f61a59e5d68b7d88764a2eafe69c78d0ec49fd6bf13df87a5b512849 3edab1ff7eb6bf33f108e9ac1a08eb16c954b88a844e3119adf5950b44014eb6  11cb6f5cf19bc18ac0560bff08c21e5a715d9e488ed7b90715ddbb518fd57060 e234489f88176e66bd858291d9de7054c6bdcedbb9f19ebedfab02d238b3dad7 9ac6a853e324ff7c5e92f5e9bbbfcda63466ec3e8a17fd9b3247f183465e93ca 372fd5afc77f0d7f38658bb86153e8c7472376a5d735412237aea47881eb714a d1ffba188101427d74509d8786310f1e0793a251f31819283664626cbb6286bc dd109bc3de5bef59a8492c6f849e7cf1c2a665d6b5844e749d36a714fc4eb8f6 52fe79b889ef808d2d515a143bd50327674d18780056158238e627e37eaf784b 4505976a7c3561f4c11d3d6507b4c18b802110be70e1266ecd65aa25fca95101 37f5d6822f4308c7525d307bc5aa18c4a8cd6450e22a5d3ff8ec4fd0e0db9602 9b188fe909be6889a961ab6d53b11520bc8ef965b7387b554bd7c482b02b0f4f 80d00110a008aff7aed1c6d66dfb2edfa2605d155c2d97a1c2877fd1bf4d770e 6708988dc83ba66d6a40a20293dfee564ed40c41d5e541c2997e512019841b0b 19fb878199014dea84874d11e319609135d4251944a93718a1549871f86355fe 0d12397a1e4e4db62d46514798e653a11b107fa6d6cbd7c1d4a8795f849809cb f723c6b3654d1ff2ac20fe4e91db0ffb8387d06864cabae9e45d13b197ef3dcc cc6b0296da09999c1156c66710e48fad121d7a7eb3f20a9281c83c7715e7f759 dd2b11d8da24b078973a81d23f56a3cd370391c47ad7ea923f5233254b2c62a4 1ea39a3c45f364074338dbc792fc2c11e46cd8506f84eec2d00b8b7cd076d84a 54a4e74dfb2af63dad0b61ff21f4f95994201c284fe8f586948c544ff57e966e 81d01c4e3d56cb060111b09771b67ad0ce7c76f75907623f84b05a05d45611f5 bc55eab02c151e601843afc2885ab9824b294c7d32e6352066793e8ccf666307 1d70e16fed8696139a12f8dc737261cc47235f1f6043d92c85ee5f87b03e8429 e9657bb9f64a21db6c7e0cca7c1f3ff6a65af73bbecb35b1a93de7ddc539df9a 5eb5dc9143c8d61b9b80d5cf522b829938f539a301cd22e79e52f6213df15534 953e17076aff00521a5402e73915fd843905ff5a92e6db5564e3ddd38febf2dc 5e8b6c7840d556c9d7eed953dea0cf43b01fecc45edfa2a8e9b2cfb89d9914c4 b70c4fd455fbd6649d36f54adb32a85ed69d81552ddf2e2878f85120b57279c6 bbc3dcd02c734b5a033bb15077310fc031a2066afa3e7239c3c5c3fa96044da2                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       @root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root selinux-policy-3.13.1-229.el7_6.6.src.rpm                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          ╪selinux-policy-devel                      
  
  
  
    
/bin/sh /usr/bin/make checkpolicy m4 policycoreutils-devel rpmlib(CompressedFileNames) rpmlib(FileDigests) rpmlib(PartialHardlinkSets) rpmlib(PayloadFilesHavePrefix) selinux-policy rpmlib(PayloadIsXz)   2.5-8  2.5-24 3.0.4-1 4.6.0-1 4.0.4-1 4.0-1 3.13.1-229.el7_6.6 5.2-1 4.11.3  [▄<@[└М└[┐;@[┐;@[╜щ└[╖R@[лt└[к#@[ЯЧ@[ЬЇ@[Ш └[Тh@[Л╨└[ЖК└[Е9@[є@[}P@[{■└[{■└[zн@[m~@[iЙ└[iЙ└[iЙ└[dC└[`O@[]м@[Y╖└[6@[3|@[2*└["X└[d@[╠└[
Э└[	L@[·└[·└[й@[┤└Zрm└Z╚▓└Z╞└ZХH@ZК╝@ZЖ╟└Zzъ@Zzъ@ZyШ└Z_:└ZWQ└ZV @Z.s@Z)-@Z%8└Z├└Z	Й@Zё└Z N└Z N└Yє└Y╩A@Y┴└YеW@YеW@YЮ┐└YСР└YНЬ@YК∙@Ycl@YPў@YJ_└YI@YBv└Y9<@Y6Щ@Y5G└Y1S@Y0└Y.░@Y-^└Y,@Y,@Y%u└YМ└Yщ└YШ@Yп@YА@Y.└Y Л└XўQ@Xї └Xю└Xч@Xф▄@Xф▄@XуК└XуК└X▄є@X█б└X┌P@X╪■└X╥g@X╥g@X╩~@X╟█@X╞Й└X┴C└X┴C└X╛а└X╕	@Xо╬└Xжх└XдB└XбЯ└XЩ╢└Xs{@XY@XW╦└XRЕ└XRЕ└XOт└XJЬ└XAb@X@└X)з@X#└X!╛@X└W√В└WюS└Wъ_@Wъ_@Wтv@W┘;└W╫ъ@W╬п└W╞╞└W╝:└W┤Q└Wл@WЩє└WО@WО@WМ─└WЗ~└WГК@WХ└W~D@W{б@Ws╕@Wrf└Wj}└WbФ└W^а@WYZ@WYZ@WUe└WM|└WBЁ└W9╢@W9╢@W1═@W(Т└W й└VЄЕ@VъЬ@VъЬ@V▐╛└V╘2└Vи▒@Vз_└VФъ└VC└VЄ@VZ└V	@Vq└V
}@V
}@VB└U√№└U√№└U·л@UЄ┬@Uёp└Uцф└U▐√└U╫└U╘o└U╘o└U╦5@U╔у└U╚Т@U─Э└U┴·└U┐W└U║└U╢@Uмт└UжK@Uд∙└UЭ└UХ'└UБa@U~╛@Uz╔└Uv╒@UTО@UМ@T╦r@T╚╧@T╚╧@T┬7└T┐Ф└T┐Ф└T╛C@T│╖@Tп┬└TК╪└T}й└Tto@Ts└Tk4└T`и└T[b└TWn@T?│@T>a└T6x└T6x└T╔@Sї▀@SЪч└SШD└Sg}@SBУ@S>Ю└S;√└S:к@S9X└S5d@S4└S2┴@S0@S,)└S*╪@S)Ж└S)Ж└S&у└S&у└S"я@S!Э└S L@S·└S·└Sй@S┤└Sc@S└Sn└S╫@SЕ└SK@R·└RяД└RыР@RчЫ└RцJ@R▐a@R▌└R╫╔└R╒&└R╒&└R╧р└R╧р└R═=└R╩Ъ└R▓▀└Rйе@Rз@RЯ@RЬv@RЬv@RФН@RНї└RМд@RЖ└RД╗@RВ@R|╥@Rz/@Rz/@RsЧ└RpЇ└RnQ└Ri└Rfh└R_╤@R_╤@R[▄└R[▄└RSє└RNн└RNн└RL
└RIg└RB╨@RB╨@R:ч@R1м└R-╕@R-╕@R(r@R' └R%╧@R7└RФ└RN└Rл└RИ@Q°№@Qўк└QЄd└Qэ└QцЗ@Q▀я└Q▐Ю@Q█√@Q┌й└Q┌й└Q╘@Q═z└Q╩╫└Q╚4└Q─@@Q┴Э@Q└K└Q╗└Q╣┤@Q╖@Q▒╦@QмЕ@Qеэ└QЬ│@QЦ└QР╒└QР╒└QЗЫ@QЗЫ@QГж└QГж└Q▓@Qzl@Qw╔@Qvw└Qoр@Qoр@QnО└Qm=@Qkы└Qfе└Qb▒@Q`@Q^╝└QZ╚@QQН└QIд└QG└Q@j@Q9╥└Q8Б@Q4М└Q0Ш@Q-ї@Q&@Q$║└Q╤└Q▌@Qш└QЇ@Q	@Qh@Qs└P ╨└PЎЦ@Pєє@Pя■└Pюн@Pэ[└Pш└Pф!@P▄8@P╘O@P╧	@P╠f@P╦└P╚q└P╟ @P┼╬└P┐7@P╣ё@P╕Я└P╡№└P│Y└Pк@Pд┘@Pаф└PЫЮ└PЪM@PШ√└PТd@PП┴@PОo└PК{@PК{@PЗ╪@PЖЖ└PЕ5@PБ@└P~Э└P}L@Px@Pv┤└Pv┤└Puc@Puc@Pr└@Pmz@Pmz@Pmz@Pj╫@Pd?└Pd?└Pbю@PaЬ└PaЬ└P[@PXb@PW└PS@PQ╩└PO'└PM╓@PIс└P@з@P>@P8╛@P7l└P2&└P2&└P,р└P,р└P*=└P(ь@P#ж@P#ж@P!@P!@P╜@Pk└Pw@Pw@PВ└P<└P
Щ└P@O¤j└OЄ▐└Oъї└OшR└Oрi└O█#└O╫/@O╙:└O╨Ч└O╞└O├h└O╝╤@O│Ц└Oк\@Oй
└Oз╣@Oг─└Oб!└OЦХ└OХD@OУЄ└OМ	└OМ	└OИ@OД └OД └O~┌└Ozц@Ouа@Or¤@Or¤@Ok@Oi┬└Og└Og└Oc+@O`И@O`И@O]х@OYЁ└OXЯ@OTк└OL┴└OKp@OF*@OD╪└OCЗ@OCЗ@O<я└O:L└O8√@O5└O3╡@O1@O/└└O+╠@O'╫└O&Ж@O!@@OЭ@OK└OK└OW@O@O└Oy└Oy└O?@NЁx└Nя'@NшП└Nч>@Nрж└N▀U@N▐└N╫l@N╘╔@N╠р@N├е└N╜@N╗╝└N╣└N╣└N╖╚@N│╙└N│╙└N▓В@Nп▀@NйG└NйG└NйG└NзЎ@NзЎ@Nжд└NеS@NеS@Nб^└Nб^└Nа@Nа@NЮ╗└NЭj@NЭj@NЬ└NШ$@NЦ╥└NХБ@NФ/└NТ▐@NНШ@NМF└NМF└NКї@NЙг└NЙг└NЕп@NЕп@NЕп@NД]└NАi@NАi@NАi@N|t└Ny╤└NxА@Ns:@NoE└NoE└Ni └Nf@N^"@N\╨└N[@NTч└NSЦ@NSЦ@NC─@NBr└N:Й└N98@N7ц└N6Х@N2а└N.м@N*╖└N)f@N(└N%q└N$ @N┌@N7@Ne@Np└Np└M∙Ё@M∙Ё@Mяd@Mяd@Mю└Mч{@M▐@└M█Э└M╒@M╟╫@M┬С@M┐ю@M╕@M░@Mнy@Mнy@Mи3@Mвэ@MЫ@MЩ▓└MЩ▓└MХ╛@MМГ└MЙр└MБў└MT└Mx╜@Mx╜@Mv@Ml▀└MbS└M[╝@MRБ└MQ0@MQ0@MJШ└MGї└MGї└MA^@M>╗@M9u@M6╥@M5А└M4/@M4/@M0:└M,F@M$]@M╤@M9└MЦ└MЦ└Mн└Mн└M\@M
└M
└M@L■!└L■!└L№╨@L°█└LўК@LЇч@LЇч@LюO└LюO└Lъ[@Lх@Lх@Lтr@Lс └L▌,@L▌,@L┌Й@L┘7└L╙ё└L╙ё└L╤N└L╧¤@L╬л└L╔e└L┴|└L╜И@L╕B@L╕B@L╕B@L╡Я@L┤M└Lп└Lн╢@Lмd└Lй┴└Lд{└Lг*@LаЗ@LЯ5└LЬТ└LЫA@LЩя└LТ└LТ└LР╡@LПc└LИ╠@LИ╠@LИ╠@LЗz└LЖ)@L|ю└L|ю└L|ю└L{Э@LvW@LvW@Ls┤@Ls┤@Lrb└Lrb└Lm└Lk╦@Ljy└Le3└Lcт@La?@LZз└LYV@LX└LN╩@LN╩@LMx└LMx└LIД@LH2└LFс@LEП└L=ж└L=ж└L=ж└L;└L7@L е└LT@L@L╝└LВ@LВ@L0└Lъ└LG└LЎ@K■^└K■^└K√╗└K√╗└K·j@Kї$@Kє╥└Kыщ└KъШ@Kчї@Kф └Kтп@Kс]└K▐║└K┌╞@K┘t└K╪#@K╓╤└K╒А@K╨:@K╬ш└K═Ч@K┼о@K─\└K─\└K├@K╣╨└K╣╨└K┤К└K┤К└K│9@K▒ч└K░Ц@Kмб└Kин@Kин@Kв└Kв└Kв└KЯr└KЬ╧└KЫ~@KЪ,└KЪ,└KЪ,└KШ█@KЧЙ└KЦ8@KПа└KПа└KЛм@KЕ└KГ├@KВq└KВq└K}+└K{┌@K{┌@KuB└Ksё@KqN@Kj╢└Kie@Kf┬@Ka|@K`*└K]З└KXA└KTM@KPX└KE╠└KE╠└KE╠└KD{@KC)└KA╪@K;@└K2@K0┤└K/c@K+n└K*@K(╦└K"4@K∙└K>└K>└K>└J√°└J─Щ└J├H@J├H@J┴Ў└J╝░└J╗_@J╕╝@J╖j└J╖j└J╢@J│v@J│v@J│v@J│v@J▓$└J░╙@JпБ└Jо0@Jиъ@Jиъ@JжG@JжG@Jб@JЯп└JЫ╗@JЫ╗@JЫ╗@JЧ╞└JЧ╞└JХ#└JУ╥@JП▌└JП▌└JОМ@JН:└JЛщ@JКЧ└JЕQ└JД @JА└JА└J|@Jz┼└Jyt@Jyt@Jx"└Jr▄└Jr▄└JqЛ@Jnш@Jnш@JmЦ└JhP└Jeн└J\s@JW-@JTК@JS8└JKO└JI■@JCf└JCf└JB@J@├└J@├└J?r@J<╧@J;}└J:,@J7Й@J67└J2C@J0ё└J/а@J,¤@J%@J┘└JB@JЁ└JM└J└J	d└J@J@J└J═@J *@J *@I■╪└I·ф@I∙Т└I°A@IЎя└IЎя└IЎя└IїЮ@IїЮ@Iёй└Iёй└IЁX@IЁX@IЁX@Iя└Iэ╡@Iэ╡@Iьc└Iщ└└Iшo@Iшo@Iфz└Iу)@I▌у@I▄С└I█@@I┘ю└I╒·@I╒·@I╒·@I╘и└I╨┤@I╠┐└I╦n@I┬3└I┬3└I└т@I┐Р└I╕∙@I╕∙@I╢V@I╡└I▓a└Iп╛└Iоm@Iл╩@Iй'@Iз╒└Iе2└IЭI└IЫ°@IЪж└IЪж└IЪж└IТ╜└IТ╜└IР└IР└IО╔@IК╘└IК╘└IЙГ@IИ1└IЖр@IВы└IВы└I~ў@I}е└Iy▒@Ix_└Iw@Iu╝└Itk@Itk@Io%@Ik0└Ieъ└IcG└IaЎ@I`д└IV└IOБ@IJ;@IHщ└IA └I>]└I=@I7╞@I6t└I3╤└I-└I▄@IК└IК└I9@I9@Iч└I	б└IP@Iн@I╕└I g@I g@H └H └H¤─@H№r└H°~@Hў,└Hї█@HяC└Hьа└Hщ¤└Hц	@Hц	@Hуf@Hуf@Hр├@H┌+└H╪┌@H╫И└H╫И└H╓7@H╥B└H╔@H╟╢└H┴@H┐═└H╛|@H╖ф└H╖ф└H│Ё@Hб{@Hа)└HЪу└HФL@HЙ└@HЙ└@HЙ└@HИn└H}т└H|С@Htи@HsV└Hr@Hl┐@Hkm└Hgy@HcД└H`с└H_Р@H^>└HRa@HQ└HQ└HO╛@HFГ└HFГ└H$<└H$<└H!Щ└H!Щ└H H@H_@H╝@H╝@H╟└Hv@H$└HН@HG@G■@G■@G√^@G√^@Gўi└GЎ@GЄ#└Gю/@GыМ@Gшщ@Gуг@G▀о└G▐]@G┌h└G┌h└G┘@G┘@G╫┼└G╓t@G╓t@G╒"└G╧▄└G╦ш@G╦ш@G╟є└G╞в@G┼P└G├ @G├ @G├ @G├ @G╛╣@G╛╣@G╜g└G╝@G║─└G╡~└GкЄ└GкЄ└GкЄ└GкЄ└GиO└GиO└GиO└Gж■@Gем└Gд[@Gд[@Gг	└Gг	└Gаf└Gаf└GЭ├└GЩ╧@GШ}└GЧ,@GФЙ@GФЙ@GФЙ@GПC@GМа@GЛN└GЙ¤@GВ@GВ@G{|└Gx┘└GoЯ@Gl№@GjY@GjY@Gi└Gi└Gi└Gg╢@Gfd└Ga└G_═@G^{└G^{└GUA@GSя└GO√@GMX@GAz└G5Э@GР└GР└GЬ@GЬ@GJ└GJ└Gз└GV@Ga└G╛└Gm@G
└G╒└G2└G с@F√Ы@F°°@F°°@Fўж└Fўж└Fўж└Fї└Fє▓@Fє▓@FЄ`└Fё@Fё@Fя╜└Fюl@FцГ@FцГ@Fх1└Fс=@Fс=@F▀ы└F▀ы└F╘@F╘@F╥╝└F╬╚@F╬╚@F╠%@F╩╙└F╔В@F╞▀@F╞▀@F┴Щ@F╜д└F╝S@F╝S@F╖@F╖@F▒╟@F░u└F░u└Fн╥└Fн╥└Fещ└Fещ└Fещ└FдШ@Fаг└Fаг└FЯR@FЯR@FЬп@FШ║└FЦ└FФ╞@FУt└FО.└FО.└FИш└FЗЧ@FА └FА └FV╧└FMХ@FMХ@FMХ@FLC└FJЄ@FJЄ@FHO@F; @F5┌@F1х└F/B└F,Я└F'Y└F'Y└F'Y└F&@F$╢└F$╢└Fp└F@F|@F|@F*└F*└Fф└FУ@FA└FA└F╡└F┴@Fo└Fo└F@E ╠└E ╠└E ╠└E■{@E■{@E■{@E∙5@EЎТ@EЎТ@Eї@└Eя·└Eц└@Eхn└E▐╫@E▐╫@E▄4@E┌т└E╘K@E╥∙└E╧@E╟@E┼╩└E┴╓@E╣э@E╕Ы└E╕Ы└E┤з@Eд╒@Eд╒@Eв2@EХ@EУ▒└EН@EЛ╚└EЗ╘@EЖВ└EБ<└EБ<└EБ<└Eы@E~Щ└EyS└Ev░└Ev░└Et└Ep@Ep@En╟└El$└Ebъ@EaШ└EaШ└E[@E[@EYп└EYп└EX^@EX^@EX^@ETi└ETi└ES@ES@EQ╞└EQ╞└EQ╞└EPu@EPu@EO#└EK/@EK/@EI▌└EHМ@EG:└EEщ@EAЇ└EAЇ└EAЇ└E<о└E<о└E<о└E<о└E<о└E8║@E7h└E7h└E6@E3t@E3t@E..@E+Л@E(ш@E&E@E$є└E$є└E$є└E#в@E"P└E"P└E  @E
└E
└E
└E
└E╣@Eg└Eg└E─└E─└E─└E╨@E╨@E-@E█└EК@Eч@E
Х└E
Х└E	D@EЄ└EO└E 	└E 	└D■╕@D¤f└D¤f└D° └D° └DЎ╧@Dї}└DЇ,@DЄ┌└Dюц@DэФ└DэФ└DэФ└DьC@Dъё└D▌┬└D▄q@D█└D┘╬@D╪|└D╫+@D╤х@D╤х@D╤х@D╨У└D╧B@D═Ё└D╦M└D╔№@D╟Y@D╟Y@D╟Y@D─╢@D┬@D└┴└D└┴└D╛└D╛└D╝═@D╗{└D╗{└D╖З@D╖З@DоL└DоL└DоL└DЪЖ@DЩ4└DЧу@DЧу@DТЭ@DСK└DОи└DОи└DОи└DНW@DНW@DИ@DЕn@DЕn@DyР└Dx?@Dvэ└Dvэ└DtJ└Dqз└Dla└Dla└Dk@Di╛└Dhm@Dhm@Ddx└Dc'@Dc'@Da╒└D_2└D[>@DXЫ@DU°@DN@DN@DL╜└DH╔@DGw└DGw└DD╘└D@р@D?О└D?О└D;Ъ@D;Ъ@D:H└D:H└D2_└D1@D1@D-└D+╚@D+╚@D'╙└D!<@D!<@D!<@Dд└D└D░@D░@D░@D└D└D└D└D└D╟@D╟@D╟@D╟@Du└D$@D
╥└D	Б@D	Б@Dщ└Dщ└D F└C■ї@C■ї@C■ї@C■ї@C¤г└C¤г└C¤г└C¤г└C№R@C√ └C√ └C√ └C√ └C∙п@CЇi@Cє└Cё╞@Cё╞@CЁt└CьА@CьА@CшЛ└Cч:@CуE└Cрв└Cрв└C┌@C┌@C╪╣└C╪╣└C╪╣└C╪╣└C╓└C╘┼@C╬-└C╬-└C╬-└C╠▄@C╠▄@C╚ч└C╟Ц@C─є@C├б└C├б└C┬P@C┬P@C╛[└C╜
@C╜
@C╗╕└C║g@C║g@C╣└C╣└C╡!@C▓~@C▒,└CкХ@CйC└CйC└CзЄ@Cжа└Cвм@Cвм@Cвм@CбZ└CбZ└Cа	@Cа	@CЮ╖└CЮ╖└CЭf@CЭf@CЭf@CЬ└CЪ├@CЩq└CЩq└CШ @CШ @CШ @CЦ╬└CЦ╬└CХ}@CР7@CР7@CР7@CМB└CМB└CДY└CГ@CГ@CБ╢└C}┬@Cqф└Cqф└Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-229.6 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-229.5 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-229.4 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-229.3 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-229.2 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-229.1 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-229 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-228 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-227 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-226 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-225 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-224 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-223 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-222 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-221 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-220 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-219 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-218 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-217 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-216 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-215 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-214 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-213 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-212 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-211 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-210 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-209 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-208 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-207 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-206 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-205 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-204 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-203 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-202 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-201 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-200 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-199 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-198 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-197 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-196 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-195 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-194 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-193 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-192 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-191 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-190 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-189 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-188 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-187 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-186 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-185 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-184 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-183 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-182 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-181 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-180 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-179 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-178 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-177 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-176 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-175 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-174 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-173 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-172 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-171 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-170 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-169 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-168 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-167 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-166 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-165 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-164 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-163 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-162 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-161 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-160 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-159 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-158 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-157 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-156 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-155 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-154 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-153 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-152 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-151 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-150 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-149 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-148 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-147 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-146 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-145 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-144 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-143 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-142 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-141 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-140 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-139 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-138 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-137 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-136 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-135 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-134 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-133 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-132 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-131 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-130 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-129 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-128 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-127 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-126 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-125 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-124 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-123 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-122 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-120 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-119 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-118 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-117 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-116 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-115 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-114 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-113 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-112 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-111 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-110 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-109 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-108 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-107 Lukas Vrabec  <lvrabec@redhat.com> - 3.13.1-106 Miroslav Grepl <mgrepl@redhat.com> - 3.13.1-105 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-104 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-103 Dan Walsh <dwalsh@redhat.com> - 3.13.1-102 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-101 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-100 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-99 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-98 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-97 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-96 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-95 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-94 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-93 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-92 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-91 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-90 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-89 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-88 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-87 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-86 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-85 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-84 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-83 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-82 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-81 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-80 Petr Lautrbach <plautrba@redhat.com> - 3.13.1-79 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-78 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-77 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-76 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-75 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-74 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-73 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-72 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-71 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-70 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-69 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-68 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-67 Petr Lautrbach <plautrba@redhat.com> - 3.13.1-66 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-65 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-64 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-63 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-62 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-61 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-60 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-59 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-58 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-57 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-56 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-55 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-54 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-53 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-52 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-51 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-50 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-49 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-48 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-47 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-46 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-45 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-44 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-43 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-42 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-41 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-40 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-39 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-38 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-37 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-36 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-35 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-34 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-33 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-32 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-31 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-30 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-29 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-28 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-27 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-26 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-25 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-24 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-23 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-22 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-21 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-20 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-19 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-18 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-17 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-16 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-15 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-14 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-13 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-12 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-11 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-10 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-9 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-8 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-7 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-6 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-5 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-4 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-3 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-2 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-1 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-156 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-155 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-154 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-153 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-152 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-151 Miroslav Grepl<mgrepl@redhat.com> 3.12.1-149 Miroslav Grepl<mgrepl@redhat.com> 3.12.1-149 Miroslav Grepl<mgrepl@redhat.com> 3.12.1-148 Miroslav Grepl<mgrepl@redhat.com> 3.12.1-147 Miroslav Grepl<mgrepl@redhat.com> 3.12.1-146 Miroslav Grepl<mgrepl@redhat.com> 3.12.1-145 Miroslav Grepl<mgrepl@redhat.com> 3.12.1-144 Lukas Vrabec <lvrabec@redhat.com> 3.12.1-143 Miroslav Grepl<mgrepl@redhat.com> 3.12.1-142 Miroslav Grepl<mgrepl@redhat.com> 3.12.1-141 Miroslav Grepl<mgrepl@redhat.com> 3.12.1-140 Miroslav Grepl<mgrepl@redhat.com> 3.12.1-139 Lukas Vrabec <lvrabec@redhat.com> 3.12.1-138 Miroslav Grepl<mgrepl@redhat.com> 3.12.1-137 Miroslav Grepl<mgrepl@redhat.com> 3.12.1-136 Miroslav Grepl<mgrepl@redhat.com> 3.12.1-135 Miroslav Grepl<mgrepl@redhat.com> 3.12.1-134 Miroslav Grepl<mgrepl@redhat.com> 3.12.1-133 Miroslav Grepl<mgrepl@redhat.com> 3.12.1-132 Miroslav Grepl<mgrepl@redhat.com> 3.12.1-131 Miroslav Grepl<mgrepl@redhat.com> 3.12.1-130 Miroslav Grepl<mgrepl@redhat.com> 3.12.1-129 Miroslav Grepl<mgrepl@redhat.com> 3.12.1-128 Miroslav Grepl<mgrepl@redhat.com> 3.12.1-127 Miroslav Grepl<mgrepl@redhat.com> 3.12.1-126 Miroslav Grepl<mgrepl@redhat.com> 3.12.1-125 Miroslav Grepl<mgrepl@redhat.com> 3.12.1-124 Miroslav Grepl<mgrepl@redhat.com> 3.12.1-123 Miroslav Grepl<mgrepl@redhat.com> 3.12.1-122 Miroslav Grepl<mgrepl@redhat.com> 3.12.1-121 Miroslav Grepl<mgrepl@redhat.com> 3.12.1-120 Miroslav Grepl<mgrepl@redhat.com> 3.12.1-119 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-118 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-117 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-116 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-115 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-114 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-113 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-112 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-111 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-110 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-109 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-108 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-107 Dan Walsh <dwalsh@redhat.com> 3.12.1-106 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-105 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-104 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-103 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-102 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-101 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-100 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-99 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-98 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-97 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-96 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-95 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-94 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-94 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-93 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-92 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-91 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-90 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-89 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-88 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-87 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-86 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-85 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-84 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-83 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-82 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-81 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-80 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-79 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-78 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-77 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-76 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-75 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-74 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-73 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-72 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-71 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-70 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-69 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-68 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-67 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-66 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-65 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-64 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-63 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-62 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-61 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-60 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-59 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-58 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-57 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-56 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-55 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-54 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-53 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-52 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-51 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-50 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-49 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-48 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-47 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-46 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-45 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-44 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-43 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-42 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-41 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-40 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-39 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-38 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-37 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-36 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-35 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-34 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-33 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-32 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-31 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-30 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-29 Dan Walsh <dwalsh@redhat.com> 3.12.1-28 Dan Walsh <dwalsh@redhat.com> 3.12.1-27 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-26 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-25 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-24 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-23 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-22 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-21 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-20 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-19 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-18 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-17 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-16 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-15 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-14 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-13 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-12 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-11 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-10 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-9 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-8 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-7 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-6 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-5 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-4 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-3 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-2 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-1 Dan Walsh <dwalsh@redhat.com> 3.11.1-69.1 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-69 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-68 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-67 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-66 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-65 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-64 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-63 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-62 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-61 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-60 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-59 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-58 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-57 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-56 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-55 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-54 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-53 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-52 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-51 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-50 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-49 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-48 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-47 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-46 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-45 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-44 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-43 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-42 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-41 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-40 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-39 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-38 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-37 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-36 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-35 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-34 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-33 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-32 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-31 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-30 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-29 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-28 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-27 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-26 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-25 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-24 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-23 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-22 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-21 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-20 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-19 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-18 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-17 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-16 Dan Walsh <dwalsh@redhat.com> 3.11.1-15 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-14 Dan Walsh <dwalsh@redhat.com> 3.11.1-13 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-12 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-11 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-10 Dan Walsh <dwalsh@redhat.com> 3.11.1-9 Dan Walsh <dwalsh@redhat.com> 3.11.1-8 Dan Walsh <dwalsh@redhat.com> 3.11.1-7 Dan Walsh <dwalsh@redhat.com> 3.11.1-6 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-5 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-4 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-3 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-2 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-1 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-0 Miroslav Grepl <mgrepl@redhat.com> 3.11.0-15 Miroslav Grepl <mgrepl@redhat.com> 3.11.0-14 Miroslav Grepl <mgrepl@redhat.com> 3.11.0-13 Miroslav Grepl <mgrepl@redhat.com> 3.11.0-12 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.11.0-11 Miroslav Grepl <mgrepl@redhat.com> 3.11.0-10 Miroslav Grepl <mgrepl@redhat.com> 3.11.0-9 Miroslav Grepl <mgrepl@redhat.com> 3.11.0-8 Miroslav Grepl <mgrepl@redhat.com> 3.11.0-7 Miroslav Grepl <mgrepl@redhat.com> 3.11.0-6 Miroslav Grepl <mgrepl@redhat.com> 3.11.0-5 Miroslav Grepl <mgrepl@redhat.com> 3.11.0-4 Miroslav Grepl <mgrepl@redhat.com> 3.11.0-3 Miroslav Grepl <mgrepl@redhat.com> 3.11.0-2 Miroslav Grepl <mgrepl@redhat.com> 3.11.0-1 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-128 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-127 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-126 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-125 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-124 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-123 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-122 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-121 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-120 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-119 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-118 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-117 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-116 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-115 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-114 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-113 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-112 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-111 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-110 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-109 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-108 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-107 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-106 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-105 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-104 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-103 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-102 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-101 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-100 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-99 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-98 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-97 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-96 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-95 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-94 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-93 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-92 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-91 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-90 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-89 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-88 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-87 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-86 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-85 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-84 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-83 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-82 Dan Walsh <dwalsh@redhat.com> 3.10.0-81.2 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-81 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-80 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-79 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-78 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-77 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-76 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-75 Dan Walsh <dwalsh@redhat.com> 3.10.0-74.2 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-74 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-73 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-72 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-71 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-70 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-69 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-68 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-67 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-66 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-65 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-64 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-63 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-59 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-58 Dan Walsh <dwalsh@redhat.com> 3.10.0-57 Dan Walsh <dwalsh@redhat.com> 3.10.0-56 Dan Walsh <dwalsh@redhat.com> 3.10.0-55.2 Dan Walsh <dwalsh@redhat.com> 3.10.0-55.1 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-55 Dan Walsh <dwalsh@redhat.com> 3.10.0-54.1 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-54 Dan Walsh <dwalsh@redhat.com> 3.10.0-53.1 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-53 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-52 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-51 Dan Walsh <dwalsh@redhat.com> 3.10.0-50.2 Dan Walsh <dwalsh@redhat.com> 3.10.0-50.1 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-50 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-49 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-48 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-47 Dan Walsh <dwalsh@redhat.com> 3.10.0-46.1 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-46 Dan Walsh <dwalsh@redhat.com> 3.10.0-45.1 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-45 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-43 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-42 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-41 Dan Walsh <dwalsh@redhat.com> 3.10.0-40.2 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-40 Dan Walsh <dwalsh@redhat.com> 3.10.0-39.3 Dan Walsh <dwalsh@redhat.com> 3.10.0-39.2 Dan Walsh <dwalsh@redhat.com> 3.10.0-39.1 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-39 Dan Walsh <dwalsh@redhat.com> 3.10.0-38.1 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-38 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-37 Dan Walsh <dwalsh@redhat.com> 3.10.0-36.1 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-36 Dan Walsh <dwalsh@redhat.com> 3.10.0-35 Dan Walsh <dwalsh@redhat.com> 3.10.0-34.7 Dan Walsh <dwalsh@redhat.com> 3.10.0-34.6 Dan Walsh <dwalsh@redhat.com> 3.10.0-34.4 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-34.3 Dan Walsh <dwalsh@redhat.com> 3.10.0-34.2 Dan Walsh <dwalsh@redhat.com> 3.10.0-34.1 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-34 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-33 Dan Walsh <dwalsh@redhat.com> 3.10.0-31.1 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-31 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-29 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-28 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-27 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-26 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-25 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-24 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-23 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-22 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-21 Dan Walsh <dwalsh@redhat.com> 3.10.0-20 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-19 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-18 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-17 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-16 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-14 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-13 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-12 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-11 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-10 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-9 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-8 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-7 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-6 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-5 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-4 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-3 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-2 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-1 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-30 Dan Walsh <dwalsh@redhat.com> 3.9.16-29.1 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-29 Dan Walsh <dwalsh@redhat.com> 3.9.16-28.1 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-27 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-26 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-25 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-24 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-23 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-22 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-21 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-20 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-19 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-18 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-17 Dan Walsh <dwalsh@redhat.com> 3.9.16-16.1 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-16 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-15 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-14 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-13 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-12 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-11 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-10 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-7 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-6 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-5 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-4 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-3 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-2 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-1 Miroslav Grepl <mgrepl@redhat.com> 3.9.15-5 Miroslav Grepl <mgrepl@redhat.com> 3.9.15-2 Miroslav Grepl <mgrepl@redhat.com> 3.9.15-1 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.9.14-2 Dan Walsh <dwalsh@redhat.com> 3.9.14-1 Miroslav Grepl <mgrepl@redhat.com> 3.9.13-10 Miroslav Grepl <mgrepl@redhat.com> 3.9.13-9 Dan Walsh <dwalsh@redhat.com> 3.9.13-8 Miroslav Grepl <mgrepl@redhat.com> 3.9.13-7 Miroslav Grepl <mgrepl@redhat.com> 3.9.13-6 Miroslav Grepl <mgrepl@redhat.com> 3.9.13-5 Miroslav Grepl <mgrepl@redhat.com> 3.9.13-4 Miroslav Grepl <mgrepl@redhat.com> 3.9.13-3 Miroslav Grepl <mgrepl@redhat.com> 3.9.13-2 Miroslav Grepl <mgrepl@redhat.com> 3.9.13-1 Miroslav Grepl <mgrepl@redhat.com> 3.9.12-8 Miroslav Grepl <mgrepl@redhat.com> 3.9.12-7 Miroslav Grepl <mgrepl@redhat.com> 3.9.12-6 Miroslav Grepl <mgrepl@redhat.com> 3.9.12-5 Dan Walsh <dwalsh@redhat.com> 3.9.12-4 Dan Walsh <dwalsh@redhat.com> 3.9.12-3 Dan Walsh <dwalsh@redhat.com> 3.9.12-2 Miroslav Grepl <mgrepl@redhat.com> 3.9.12-1 Dan Walsh <dwalsh@redhat.com> 3.9.11-2 Miroslav Grepl <mgrepl@redhat.com> 3.9.11-1 Miroslav Grepl <mgrepl@redhat.com> 3.9.10-13 Dan Walsh <dwalsh@redhat.com> 3.9.10-12 Miroslav Grepl <mgrepl@redhat.com> 3.9.10-11 Miroslav Grepl <mgrepl@redhat.com> 3.9.10-10 Miroslav Grepl <mgrepl@redhat.com> 3.9.10-9 Miroslav Grepl <mgrepl@redhat.com> 3.9.10-8 Miroslav Grepl <mgrepl@redhat.com> 3.9.10-7 Miroslav Grepl <mgrepl@redhat.com> 3.9.10-6 Miroslav Grepl <mgrepl@redhat.com> 3.9.10-5 Dan Walsh <dwalsh@redhat.com> 3.9.10-4 Miroslav Grepl <mgrepl@redhat.com> 3.9.10-3 Miroslav Grepl <mgrepl@redhat.com> 3.9.10-2 Miroslav Grepl <mgrepl@redhat.com> 3.9.10-1 Miroslav Grepl <mgrepl@redhat.com> 3.9.9-4 Dan Walsh <dwalsh@redhat.com> 3.9.9-3 Miroslav Grepl <mgrepl@redhat.com> 3.9.9-2 Miroslav Grepl <mgrepl@redhat.com> 3.9.9-1 Miroslav Grepl <mgrepl@redhat.com> 3.9.8-7 Dan Walsh <dwalsh@redhat.com> 3.9.8-6 Miroslav Grepl <mgrepl@redhat.com> 3.9.8-5 Miroslav Grepl <mgrepl@redhat.com> 3.9.8-4 Dan Walsh <dwalsh@redhat.com> 3.9.8-3 Dan Walsh <dwalsh@redhat.com> 3.9.8-2 Dan Walsh <dwalsh@redhat.com> 3.9.8-1 Dan Walsh <dwalsh@redhat.com> 3.9.7-10 Dan Walsh <dwalsh@redhat.com> 3.9.7-9 Dan Walsh <dwalsh@redhat.com> 3.9.7-8 Dan Walsh <dwalsh@redhat.com> 3.9.7-7 Dan Walsh <dwalsh@redhat.com> 3.9.7-6 Dan Walsh <dwalsh@redhat.com> 3.9.7-5 Dan Walsh <dwalsh@redhat.com> 3.9.7-4 Dan Walsh <dwalsh@redhat.com> 3.9.7-3 Dan Walsh <dwalsh@redhat.com> 3.9.7-2 Dan Walsh <dwalsh@redhat.com> 3.9.7-1 Dan Walsh <dwalsh@redhat.com> 3.9.6-3 Dan Walsh <dwalsh@redhat.com> 3.9.6-2 Dan Walsh <dwalsh@redhat.com> 3.9.6-1 Dan Walsh <dwalsh@redhat.com> 3.9.5-11 Dan Walsh <dwalsh@redhat.com> 3.9.5-10 Dan Walsh <dwalsh@redhat.com> 3.9.5-9 Dan Walsh <dwalsh@redhat.com> 3.9.5-8 Dan Walsh <dwalsh@redhat.com> 3.9.5-7 Dan Walsh <dwalsh@redhat.com> 3.9.5-6 Dan Walsh <dwalsh@redhat.com> 3.9.5-5 Dan Walsh <dwalsh@redhat.com> 3.9.5-4 Dan Walsh <dwalsh@redhat.com> 3.9.5-3 Dan Walsh <dwalsh@redhat.com> 3.9.5-2 Dan Walsh <dwalsh@redhat.com> 3.9.5-1 Dan Walsh <dwalsh@redhat.com> 3.9.4-3 Dan Walsh <dwalsh@redhat.com> 3.9.4-2 Dan Walsh <dwalsh@redhat.com> 3.9.4-1 Dan Walsh <dwalsh@redhat.com> 3.9.3-4 Dan Walsh <dwalsh@redhat.com> 3.9.3-3 Dan Walsh <dwalsh@redhat.com> 3.9.3-2 Dan Walsh <dwalsh@redhat.com> 3.9.3-1 Dan Walsh <dwalsh@redhat.com> 3.9.2-1 Dan Walsh <dwalsh@redhat.com> 3.9.1-3 Dan Walsh <dwalsh@redhat.com> 3.9.1-2 Dan Walsh <dwalsh@redhat.com> 3.9.1-1 Dan Walsh <dwalsh@redhat.com> 3.9.0-2 Dan Walsh <dwalsh@redhat.com> 3.9.0-1 Dan Walsh <dwalsh@redhat.com> 3.8.8-21 Dan Walsh <dwalsh@redhat.com> 3.8.8-20 Dan Walsh <dwalsh@redhat.com> 3.8.8-19 Dan Walsh <dwalsh@redhat.com> 3.8.8-18 Dan Walsh <dwalsh@redhat.com> 3.8.8-17 Dan Walsh <dwalsh@redhat.com> 3.8.8-16 Dan Walsh <dwalsh@redhat.com> 3.8.8-15 Dan Walsh <dwalsh@redhat.com> 3.8.8-14 Dan Walsh <dwalsh@redhat.com> 3.8.8-13 Dan Walsh <dwalsh@redhat.com> 3.8.8-12 Dan Walsh <dwalsh@redhat.com> 3.8.8-11 Dan Walsh <dwalsh@redhat.com> 3.8.8-10 Dan Walsh <dwalsh@redhat.com> 3.8.8-9 Dan Walsh <dwalsh@redhat.com> 3.8.8-8 Dan Walsh <dwalsh@redhat.com> 3.8.8-7 Dan Walsh <dwalsh@redhat.com> 3.8.8-6 Dan Walsh <dwalsh@redhat.com> 3.8.8-5 Dan Walsh <dwalsh@redhat.com> 3.8.8-4 Dan Walsh <dwalsh@redhat.com> 3.8.8-3 Dan Walsh <dwalsh@redhat.com> 3.8.8-2 Dan Walsh <dwalsh@redhat.com> 3.8.8-1 Dan Walsh <dwalsh@redhat.com> 3.8.7-3 Dan Walsh <dwalsh@redhat.com> 3.8.7-2 Dan Walsh <dwalsh@redhat.com> 3.8.7-1 Dan Walsh <dwalsh@redhat.com> 3.8.6-3 Miroslav Grepl <mgrepl@redhat.com> 3.8.6-2 Dan Walsh <dwalsh@redhat.com> 3.8.6-1 Dan Walsh <dwalsh@redhat.com> 3.8.5-1 Dan Walsh <dwalsh@redhat.com> 3.8.4-1 Dan Walsh <dwalsh@redhat.com> 3.8.3-4 Dan Walsh <dwalsh@redhat.com> 3.8.3-3 Dan Walsh <dwalsh@redhat.com> 3.8.3-2 Dan Walsh <dwalsh@redhat.com> 3.8.3-1 Dan Walsh <dwalsh@redhat.com> 3.8.2-1 Dan Walsh <dwalsh@redhat.com> 3.8.1-5 Dan Walsh <dwalsh@redhat.com> 3.8.1-4 Dan Walsh <dwalsh@redhat.com> 3.8.1-3 Dan Walsh <dwalsh@redhat.com> 3.8.1-2 Dan Walsh <dwalsh@redhat.com> 3.8.1-1 Dan Walsh <dwalsh@redhat.com> 3.7.19-22 Dan Walsh <dwalsh@redhat.com> 3.7.19-21 Dan Walsh <dwalsh@redhat.com> 3.7.19-20 Dan Walsh <dwalsh@redhat.com> 3.7.19-19 Dan Walsh <dwalsh@redhat.com> 3.7.19-17 Dan Walsh <dwalsh@redhat.com> 3.7.19-16 Dan Walsh <dwalsh@redhat.com> 3.7.19-15 Dan Walsh <dwalsh@redhat.com> 3.7.19-14 Dan Walsh <dwalsh@redhat.com> 3.7.19-13 Dan Walsh <dwalsh@redhat.com> 3.7.19-12 Dan Walsh <dwalsh@redhat.com> 3.7.19-11 Dan Walsh <dwalsh@redhat.com> 3.7.19-10 Dan Walsh <dwalsh@redhat.com> 3.7.19-9 Dan Walsh <dwalsh@redhat.com> 3.7.19-8 Dan Walsh <dwalsh@redhat.com> 3.7.19-7 Dan Walsh <dwalsh@redhat.com> 3.7.19-6 Dan Walsh <dwalsh@redhat.com> 3.7.19-5 Dan Walsh <dwalsh@redhat.com> 3.7.19-4 Dan Walsh <dwalsh@redhat.com> 3.7.19-3 Dan Walsh <dwalsh@redhat.com> 3.7.19-2 Dan Walsh <dwalsh@redhat.com> 3.7.19-1 Dan Walsh <dwalsh@redhat.com> 3.7.18-3 Dan Walsh <dwalsh@redhat.com> 3.7.18-2 Dan Walsh <dwalsh@redhat.com> 3.7.18-1 Dan Walsh <dwalsh@redhat.com> 3.7.17-6 Dan Walsh <dwalsh@redhat.com> 3.7.17-5 Dan Walsh <dwalsh@redhat.com> 3.7.17-4 Dan Walsh <dwalsh@redhat.com> 3.7.17-3 Dan Walsh <dwalsh@redhat.com> 3.7.17-2 Dan Walsh <dwalsh@redhat.com> 3.7.17-1 Dan Walsh <dwalsh@redhat.com> 3.7.16-2 Dan Walsh <dwalsh@redhat.com> 3.7.16-1 Dan Walsh <dwalsh@redhat.com> 3.7.15-4 Dan Walsh <dwalsh@redhat.com> 3.7.15-3 Dan Walsh <dwalsh@redhat.com> 3.7.15-2 Dan Walsh <dwalsh@redhat.com> 3.7.15-1 Dan Walsh <dwalsh@redhat.com> 3.7.14-5 Dan Walsh <dwalsh@redhat.com> 3.7.14-4 Dan Walsh <dwalsh@redhat.com> 3.7.14-3 Dan Walsh <dwalsh@redhat.com> 3.7.14-2 Dan Walsh <dwalsh@redhat.com> 3.7.14-1 Dan Walsh <dwalsh@redhat.com> 3.7.13-4 Dan Walsh <dwalsh@redhat.com> 3.7.13-3 Dan Walsh <dwalsh@redhat.com> 3.7.13-2 Dan Walsh <dwalsh@redhat.com> 3.7.13-1 Dan Walsh <dwalsh@redhat.com> 3.7.12-1 Dan Walsh <dwalsh@redhat.com> 3.7.11-1 Dan Walsh <dwalsh@redhat.com> 3.7.10-5 Dan Walsh <dwalsh@redhat.com> 3.7.10-4 Dan Walsh <dwalsh@redhat.com> 3.7.10-3 Dan Walsh <dwalsh@redhat.com> 3.7.10-2 Dan Walsh <dwalsh@redhat.com> 3.7.10-1 Dan Walsh <dwalsh@redhat.com> 3.7.9-4 Dan Walsh <dwalsh@redhat.com> 3.7.9-3 Dan Walsh <dwalsh@redhat.com> 3.7.9-2 Dan Walsh <dwalsh@redhat.com> 3.7.9-1 Dan Walsh <dwalsh@redhat.com> 3.7.8-11 Dan Walsh <dwalsh@redhat.com> 3.7.8-9 Dan Walsh <dwalsh@redhat.com> 3.7.8-8 Dan Walsh <dwalsh@redhat.com> 3.7.8-7 Dan Walsh <dwalsh@redhat.com> 3.7.8-6 Dan Walsh <dwalsh@redhat.com> 3.7.8-5 Dan Walsh <dwalsh@redhat.com> 3.7.8-4 Dan Walsh <dwalsh@redhat.com> 3.7.8-3 Dan Walsh <dwalsh@redhat.com> 3.7.8-2 Dan Walsh <dwalsh@redhat.com> 3.7.8-1 Dan Walsh <dwalsh@redhat.com> 3.7.7-3 Dan Walsh <dwalsh@redhat.com> 3.7.7-2 Dan Walsh <dwalsh@redhat.com> 3.7.7-1 Dan Walsh <dwalsh@redhat.com> 3.7.6-1 Dan Walsh <dwalsh@redhat.com> 3.7.5-8 Dan Walsh <dwalsh@redhat.com> 3.7.5-7 Dan Walsh <dwalsh@redhat.com> 3.7.5-6 Dan Walsh <dwalsh@redhat.com> 3.7.5-5 Dan Walsh <dwalsh@redhat.com> 3.7.5-4 Dan Walsh <dwalsh@redhat.com> 3.7.5-3 Dan Walsh <dwalsh@redhat.com> 3.7.5-2 Dan Walsh <dwalsh@redhat.com> 3.7.5-1 Dan Walsh <dwalsh@redhat.com> 3.7.4-4 Dan Walsh <dwalsh@redhat.com> 3.7.4-3 Dan Walsh <dwalsh@redhat.com> 3.7.4-2 Dan Walsh <dwalsh@redhat.com> 3.7.4-1 Dan Walsh <dwalsh@redhat.com> 3.7.3-1 Dan Walsh <dwalsh@redhat.com> 3.7.1-1 Dan Walsh <dwalsh@redhat.com> 3.6.33-2 Dan Walsh <dwalsh@redhat.com> 3.6.33-1 Dan Walsh <dwalsh@redhat.com> 3.6.32-17 Dan Walsh <dwalsh@redhat.com> 3.6.32-16 Dan Walsh <dwalsh@redhat.com> 3.6.32-15 Dan Walsh <dwalsh@redhat.com> 3.6.32-13 Dan Walsh <dwalsh@redhat.com> 3.6.32-12 Dan Walsh <dwalsh@redhat.com> 3.6.32-11 Dan Walsh <dwalsh@redhat.com> 3.6.32-10 Dan Walsh <dwalsh@redhat.com> 3.6.32-9 Dan Walsh <dwalsh@redhat.com> 3.6.32-8 Dan Walsh <dwalsh@redhat.com> 3.6.32-7 Dan Walsh <dwalsh@redhat.com> 3.6.32-6 Dan Walsh <dwalsh@redhat.com> 3.6.32-5 Dan Walsh <dwalsh@redhat.com> 3.6.32-4 Dan Walsh <dwalsh@redhat.com> 3.6.32-3 Dan Walsh <dwalsh@redhat.com> 3.6.32-2 Dan Walsh <dwalsh@redhat.com> 3.6.32-1 Dan Walsh <dwalsh@redhat.com> 3.6.31-5 Dan Walsh <dwalsh@redhat.com> 3.6.31-4 Dan Walsh <dwalsh@redhat.com> 3.6.31-3 Dan Walsh <dwalsh@redhat.com> 3.6.31-2 Dan Walsh <dwalsh@redhat.com> 3.6.30-6 Dan Walsh <dwalsh@redhat.com> 3.6.30-5 Dan Walsh <dwalsh@redhat.com> 3.6.30-4 Dan Walsh <dwalsh@redhat.com> 3.6.30-3 Dan Walsh <dwalsh@redhat.com> 3.6.30-2 Dan Walsh <dwalsh@redhat.com> 3.6.30-1 Dan Walsh <dwalsh@redhat.com> 3.6.29-2 Dan Walsh <dwalsh@redhat.com> 3.6.29-1 Dan Walsh <dwalsh@redhat.com> 3.6.28-9 Dan Walsh <dwalsh@redhat.com> 3.6.28-8 Dan Walsh <dwalsh@redhat.com> 3.6.28-7 Dan Walsh <dwalsh@redhat.com> 3.6.28-6 Dan Walsh <dwalsh@redhat.com> 3.6.28-5 Dan Walsh <dwalsh@redhat.com> 3.6.28-4 Dan Walsh <dwalsh@redhat.com> 3.6.28-3 Dan Walsh <dwalsh@redhat.com> 3.6.28-2 Dan Walsh <dwalsh@redhat.com> 3.6.28-1 Dan Walsh <dwalsh@redhat.com> 3.6.27-1 Dan Walsh <dwalsh@redhat.com> 3.6.26-11 Dan Walsh <dwalsh@redhat.com> 3.6.26-10 Dan Walsh <dwalsh@redhat.com> 3.6.26-9 Bill Nottingham <notting@redhat.com> 3.6.26-8 Dan Walsh <dwalsh@redhat.com> 3.6.26-7 Dan Walsh <dwalsh@redhat.com> 3.6.26-6 Dan Walsh <dwalsh@redhat.com> 3.6.26-5 Dan Walsh <dwalsh@redhat.com> 3.6.26-4 Dan Walsh <dwalsh@redhat.com> 3.6.26-3 Dan Walsh <dwalsh@redhat.com> 3.6.26-2 Dan Walsh <dwalsh@redhat.com> 3.6.26-1 Dan Walsh <dwalsh@redhat.com> 3.6.25-1 Dan Walsh <dwalsh@redhat.com> 3.6.24-1 Dan Walsh <dwalsh@redhat.com> 3.6.23-2 Dan Walsh <dwalsh@redhat.com> 3.6.23-1 Dan Walsh <dwalsh@redhat.com> 3.6.22-3 Dan Walsh <dwalsh@redhat.com> 3.6.22-1 Dan Walsh <dwalsh@redhat.com> 3.6.21-4 Dan Walsh <dwalsh@redhat.com> 3.6.21-3 Tom "spot" Callaway <tcallawa@redhat.com> 3.6.21-2 Dan Walsh <dwalsh@redhat.com> 3.6.21-1 Dan Walsh <dwalsh@redhat.com> 3.6.20-2 Dan Walsh <dwalsh@redhat.com> 3.6.20-1 Dan Walsh <dwalsh@redhat.com> 3.6.19-5 Dan Walsh <dwalsh@redhat.com> 3.6.19-4 Dan Walsh <dwalsh@redhat.com> 3.6.19-3 Dan Walsh <dwalsh@redhat.com> 3.6.19-2 Dan Walsh <dwalsh@redhat.com> 3.6.19-1 Dan Walsh <dwalsh@redhat.com> 3.6.18-1 Dan Walsh <dwalsh@redhat.com> 3.6.17-1 Dan Walsh <dwalsh@redhat.com> 3.6.16-4 Dan Walsh <dwalsh@redhat.com> 3.6.16-3 Dan Walsh <dwalsh@redhat.com> 3.6.16-2 Dan Walsh <dwalsh@redhat.com> 3.6.16-1 Dan Walsh <dwalsh@redhat.com> 3.6.14-3 Dan Walsh <dwalsh@redhat.com> 3.6.14-2 Dan Walsh <dwalsh@redhat.com> 3.6.14-1 Dan Walsh <dwalsh@redhat.com> 3.6.13-3 Dan Walsh <dwalsh@redhat.com> 3.6.13-2 Dan Walsh <dwalsh@redhat.com> 3.6.13-1 Dan Walsh <dwalsh@redhat.com> 3.6.12-39 Dan Walsh <dwalsh@redhat.com> 3.6.12-38 Dan Walsh <dwalsh@redhat.com> 3.6.12-37 Dan Walsh <dwalsh@redhat.com> 3.6.12-36 Dan Walsh <dwalsh@redhat.com> 3.6.12-35 Dan Walsh <dwalsh@redhat.com> 3.6.12-34 Dan Walsh <dwalsh@redhat.com> 3.6.12-33 Dan Walsh <dwalsh@redhat.com> 3.6.12-31 Dan Walsh <dwalsh@redhat.com> 3.6.12-30 Dan Walsh <dwalsh@redhat.com> 3.6.12-29 Dan Walsh <dwalsh@redhat.com> 3.6.12-28 Dan Walsh <dwalsh@redhat.com> 3.6.12-27 Dan Walsh <dwalsh@redhat.com> 3.6.12-26 Dan Walsh <dwalsh@redhat.com> 3.6.12-25 Dan Walsh <dwalsh@redhat.com> 3.6.12-24 Dan Walsh <dwalsh@redhat.com> 3.6.12-23 Dan Walsh <dwalsh@redhat.com> 3.6.12-22 Dan Walsh <dwalsh@redhat.com> 3.6.12-21 Dan Walsh <dwalsh@redhat.com> 3.6.12-20 Dan Walsh <dwalsh@redhat.com> 3.6.12-19 Dan Walsh <dwalsh@redhat.com> 3.6.12-16 Dan Walsh <dwalsh@redhat.com> 3.6.12-15 Dan Walsh <dwalsh@redhat.com> 3.6.12-14 Dan Walsh <dwalsh@redhat.com> 3.6.12-13 Dan Walsh <dwalsh@redhat.com> 3.6.12-12 Dan Walsh <dwalsh@redhat.com> 3.6.12-11 Dan Walsh <dwalsh@redhat.com> 3.6.12-10 Dan Walsh <dwalsh@redhat.com> 3.6.12-9 Dan Walsh <dwalsh@redhat.com> 3.6.12-8 Dan Walsh <dwalsh@redhat.com> 3.6.12-7 Dan Walsh <dwalsh@redhat.com> 3.6.12-6 Dan Walsh <dwalsh@redhat.com> 3.6.12-5 Dan Walsh <dwalsh@redhat.com> 3.6.12-4 Dan Walsh <dwalsh@redhat.com> 3.6.12-3 Dan Walsh <dwalsh@redhat.com> 3.6.12-2 Dan Walsh <dwalsh@redhat.com> 3.6.12-1 Dan Walsh <dwalsh@redhat.com> 3.6.11-1 Dan Walsh <dwalsh@redhat.com> 3.6.10-9 Dan Walsh <dwalsh@redhat.com> 3.6.10-8 Dan Walsh <dwalsh@redhat.com> 3.6.10-7 Dan Walsh <dwalsh@redhat.com> 3.6.10-6 Dan Walsh <dwalsh@redhat.com> 3.6.10-5 Dan Walsh <dwalsh@redhat.com> 3.6.10-4 Dan Walsh <dwalsh@redhat.com> 3.6.10-3 Dan Walsh <dwalsh@redhat.com> 3.6.10-2 Dan Walsh <dwalsh@redhat.com> 3.6.10-1 Dan Walsh <dwalsh@redhat.com> 3.6.9-4 Dan Walsh <dwalsh@redhat.com> 3.6.9-3 Dan Walsh <dwalsh@redhat.com> 3.6.9-2 Dan Walsh <dwalsh@redhat.com> 3.6.9-1 Dan Walsh <dwalsh@redhat.com> 3.6.8-4 Dan Walsh <dwalsh@redhat.com> 3.6.8-3 Dan Walsh <dwalsh@redhat.com> 3.6.8-2 Dan Walsh <dwalsh@redhat.com> 3.6.8-1 Dan Walsh <dwalsh@redhat.com> 3.6.7-2 Dan Walsh <dwalsh@redhat.com> 3.6.7-1 Dan Walsh <dwalsh@redhat.com> 3.6.6-9 Dan Walsh <dwalsh@redhat.com> 3.6.6-8 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.6.6-7 Dan Walsh <dwalsh@redhat.com> 3.6.6-6 Dan Walsh <dwalsh@redhat.com> 3.6.6-5 Dan Walsh <dwalsh@redhat.com> 3.6.6-4 Dan Walsh <dwalsh@redhat.com> 3.6.6-3 Dan Walsh <dwalsh@redhat.com> 3.6.6-2 Dan Walsh <dwalsh@redhat.com> 3.6.6-1 Dan Walsh <dwalsh@redhat.com> 3.6.5-3 Dan Walsh <dwalsh@redhat.com> 3.6.5-1 Dan Walsh <dwalsh@redhat.com> 3.6.4-6 Dan Walsh <dwalsh@redhat.com> 3.6.4-5 Dan Walsh <dwalsh@redhat.com> 3.6.4-4 Dan Walsh <dwalsh@redhat.com> 3.6.4-3 Dan Walsh <dwalsh@redhat.com> 3.6.4-2 Dan Walsh <dwalsh@redhat.com> 3.6.4-1 Dan Walsh <dwalsh@redhat.com> 3.6.3-13 Dan Walsh <dwalsh@redhat.com> 3.6.3-12 Dan Walsh <dwalsh@redhat.com> 3.6.3-11 Dan Walsh <dwalsh@redhat.com> 3.6.3-10 Dan Walsh <dwalsh@redhat.com> 3.6.3-9 Dan Walsh <dwalsh@redhat.com> 3.6.3-8 Dan Walsh <dwalsh@redhat.com> 3.6.3-7 Dan Walsh <dwalsh@redhat.com> 3.6.3-6 Dan Walsh <dwalsh@redhat.com> 3.6.3-3 Dan Walsh <dwalsh@redhat.com> 3.6.3-2 Dan Walsh <dwalsh@redhat.com> 3.6.3-1 Dan Walsh <dwalsh@redhat.com> 3.6.2-5 Dan Walsh <dwalsh@redhat.com> 3.6.2-4 Dan Walsh <dwalsh@redhat.com> 3.6.2-3 Dan Walsh <dwalsh@redhat.com> 3.6.2-2 Dan Walsh <dwalsh@redhat.com> 3.6.2-1 Dan Walsh <dwalsh@redhat.com> 3.6.1-15 Dan Walsh <dwalsh@redhat.com> 3.6.1-14 Dan Walsh <dwalsh@redhat.com> 3.6.1-13 Dan Walsh <dwalsh@redhat.com> 3.6.1-12 Dan Walsh <dwalsh@redhat.com> 3.6.1-11 Dan Walsh <dwalsh@redhat.com> 3.6.1-10 Dan Walsh <dwalsh@redhat.com> 3.6.1-9 Dan Walsh <dwalsh@redhat.com> 3.6.1-8 Dan Walsh <dwalsh@redhat.com> 3.6.1-7 Dan Walsh <dwalsh@redhat.com> 3.6.1-4 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 3.6.1-2 Dan Walsh <dwalsh@redhat.com> 3.5.13-19 Dan Walsh <dwalsh@redhat.com> 3.5.13-18 Dan Walsh <dwalsh@redhat.com> 3.5.13-17 Dan Walsh <dwalsh@redhat.com> 3.5.13-16 Dan Walsh <dwalsh@redhat.com> 3.5.13-15 Dan Walsh <dwalsh@redhat.com> 3.5.13-14 Dan Walsh <dwalsh@redhat.com> 3.5.13-13 Dan Walsh <dwalsh@redhat.com> 3.5.13-12 Dan Walsh <dwalsh@redhat.com> 3.5.13-11 Dan Walsh <dwalsh@redhat.com> 3.5.13-9 Dan Walsh <dwalsh@redhat.com> 3.5.13-8 Dan Walsh <dwalsh@redhat.com> 3.5.13-7 Dan Walsh <dwalsh@redhat.com> 3.5.13-6 Dan Walsh <dwalsh@redhat.com> 3.5.13-5 Dan Walsh <dwalsh@redhat.com> 3.5.13-4 Dan Walsh <dwalsh@redhat.com> 3.5.13-3 Dan Walsh <dwalsh@redhat.com> 3.5.13-2 Dan Walsh <dwalsh@redhat.com> 3.5.13-1 Dan Walsh <dwalsh@redhat.com> 3.5.12-3 Dan Walsh <dwalsh@redhat.com> 3.5.12-2 Dan Walsh <dwalsh@redhat.com> 3.5.12-1 Dan Walsh <dwalsh@redhat.com> 3.5.11-1 Dan Walsh <dwalsh@redhat.com> 3.5.10-3 Dan Walsh <dwalsh@redhat.com> 3.5.10-2 Dan Walsh <dwalsh@redhat.com> 3.5.10-1 Dan Walsh <dwalsh@redhat.com> 3.5.9-4 Dan Walsh <dwalsh@redhat.com> 3.5.9-3 Dan Walsh <dwalsh@redhat.com> 3.5.9-2 Dan Walsh <dwalsh@redhat.com> 3.5.9-1 Dan Walsh <dwalsh@redhat.com> 3.5.8-7 Dan Walsh <dwalsh@redhat.com> 3.5.8-6 Dan Walsh <dwalsh@redhat.com> 3.5.8-5 Dan Walsh <dwalsh@redhat.com> 3.5.8-4 Dan Walsh <dwalsh@redhat.com> 3.5.8-3 Dan Walsh <dwalsh@redhat.com> 3.5.8-1 Dan Walsh <dwalsh@redhat.com> 3.5.7-2 Dan Walsh <dwalsh@redhat.com> 3.5.7-1 Dan Walsh <dwalsh@redhat.com> 3.5.6-2 Dan Walsh <dwalsh@redhat.com> 3.5.6-1 Dan Walsh <dwalsh@redhat.com> 3.5.5-4 Dan Walsh <dwalsh@redhat.com> 3.5.5-3 Dan Walsh <dwalsh@redhat.com> 3.5.5-2 Dan Walsh <dwalsh@redhat.com> 3.5.4-2 Dan Walsh <dwalsh@redhat.com> 3.5.4-1 Dan Walsh <dwalsh@redhat.com> 3.5.3-1 Dan Walsh <dwalsh@redhat.com> 3.5.2-2 Dan Walsh <dwalsh@redhat.com> 3.5.1-5 Dan Walsh <dwalsh@redhat.com> 3.5.1-4 Dan Walsh <dwalsh@redhat.com> 3.5.1-3 Dan Walsh <dwalsh@redhat.com> 3.5.1-2 Dan Walsh <dwalsh@redhat.com> 3.5.1-1 Dan Walsh <dwalsh@redhat.com> 3.5.0-1 Dan Walsh <dwalsh@redhat.com> 3.4.2-14 Dan Walsh <dwalsh@redhat.com> 3.4.2-13 Dan Walsh <dwalsh@redhat.com> 3.4.2-12 Dan Walsh <dwalsh@redhat.com> 3.4.2-11 Dan Walsh <dwalsh@redhat.com> 3.4.2-10 Dan Walsh <dwalsh@redhat.com> 3.4.2-9 Dan Walsh <dwalsh@redhat.com> 3.4.2-8 Dan Walsh <dwalsh@redhat.com> 3.4.2-7 Dan Walsh <dwalsh@redhat.com> 3.4.2-6 Dan Walsh <dwalsh@redhat.com> 3.4.2-5 Dan Walsh <dwalsh@redhat.com> 3.4.2-4 Dan Walsh <dwalsh@redhat.com> 3.4.2-3 Dan Walsh <dwalsh@redhat.com> 3.4.2-2 Dan Walsh <dwalsh@redhat.com> 3.4.2-1 Dan Walsh <dwalsh@redhat.com> 3.4.1-5 Dan Walsh <dwalsh@redhat.com> 3.4.1-3 Dan Walsh <dwalsh@redhat.com> 3.4.1-2 Dan Walsh <dwalsh@redhat.com> 3.4.1-1 Dan Walsh <dwalsh@redhat.com> 3.3.1-48 Dan Walsh <dwalsh@redhat.com> 3.3.1-47 Dan Walsh <dwalsh@redhat.com> 3.3.1-46 Dan Walsh <dwalsh@redhat.com> 3.3.1-45 Dan Walsh <dwalsh@redhat.com> 3.3.1-44 Dan Walsh <dwalsh@redhat.com> 3.3.1-43 Dan Walsh <dwalsh@redhat.com> 3.3.1-42 Dan Walsh <dwalsh@redhat.com> 3.3.1-41 Dan Walsh <dwalsh@redhat.com> 3.3.1-39 Dan Walsh <dwalsh@redhat.com> 3.3.1-37 Dan Walsh <dwalsh@redhat.com> 3.3.1-36 Dan Walsh <dwalsh@redhat.com> 3.3.1-33 Dan Walsh <dwalsh@redhat.com> 3.3.1-32 Dan Walsh <dwalsh@redhat.com> 3.3.1-31 Dan Walsh <dwalsh@redhat.com> 3.3.1-30 Dan Walsh <dwalsh@redhat.com> 3.3.1-29 Dan Walsh <dwalsh@redhat.com> 3.3.1-28 Dan Walsh <dwalsh@redhat.com> 3.3.1-27 Dan Walsh <dwalsh@redhat.com> 3.3.1-26 Dan Walsh <dwalsh@redhat.com> 3.3.1-25 Dan Walsh <dwalsh@redhat.com> 3.3.1-24 Dan Walsh <dwalsh@redhat.com> 3.3.1-23 Dan Walsh <dwalsh@redhat.com> 3.3.1-22 Dan Walsh <dwalsh@redhat.com> 3.3.1-21 Dan Walsh <dwalsh@redhat.com> 3.3.1-20 Dan Walsh <dwalsh@redhat.com> 3.3.1-19 Dan Walsh <dwalsh@redhat.com> 3.3.1-18 Dan Walsh <dwalsh@redhat.com> 3.3.1-17 Dan Walsh <dwalsh@redhat.com> 3.3.1-16 Dan Walsh <dwalsh@redhat.com> 3.3.1-15 Bill Nottingham <notting@redhat.com> 3.3.1-14 Dan Walsh <dwalsh@redhat.com> 3.3.1-13 Dan Walsh <dwalsh@redhat.com> 3.3.1-12 Dan Walsh <dwalsh@redhat.com> 3.3.1-11 Dan Walsh <dwalsh@redhat.com> 3.3.1-10 Dan Walsh <dwalsh@redhat.com> 3.3.1-9 Dan Walsh <dwalsh@redhat.com> 3.3.1-8 Dan Walsh <dwalsh@redhat.com> 3.3.1-6 Dan Walsh <dwalsh@redhat.com> 3.3.1-5 Dan Walsh <dwalsh@redhat.com> 3.3.1-4 Dan Walsh <dwalsh@redhat.com> 3.3.1-2 Dan Walsh <dwalsh@redhat.com> 3.3.1-1 Dan Walsh <dwalsh@redhat.com> 3.3.0-2 Dan Walsh <dwalsh@redhat.com> 3.3.0-1 Dan Walsh <dwalsh@redhat.com> 3.2.9-2 Dan Walsh <dwalsh@redhat.com> 3.2.9-1 Dan Walsh <dwalsh@redhat.com> 3.2.8-2 Dan Walsh <dwalsh@redhat.com> 3.2.8-1 Dan Walsh <dwalsh@redhat.com> 3.2.7-6 Dan Walsh <dwalsh@redhat.com> 3.2.7-5 Dan Walsh <dwalsh@redhat.com> 3.2.7-3 Dan Walsh <dwalsh@redhat.com> 3.2.7-2 Dan Walsh <dwalsh@redhat.com> 3.2.7-1 Dan Walsh <dwalsh@redhat.com> 3.2.6-7 Dan Walsh <dwalsh@redhat.com> 3.2.6-6 Dan Walsh <dwalsh@redhat.com> 3.2.6-5 Dan Walsh <dwalsh@redhat.com> 3.2.6-4 Dan Walsh <dwalsh@redhat.com> 3.2.6-3 Dan Walsh <dwalsh@redhat.com> 3.2.6-2 Dan Walsh <dwalsh@redhat.com> 3.2.6-1 Dan Walsh <dwalsh@redhat.com> 3.2.5-25 Dan Walsh <dwalsh@redhat.com> 3.2.5-24 Dan Walsh <dwalsh@redhat.com> 3.2.5-22 Dan Walsh <dwalsh@redhat.com> 3.2.5-21 Dan Walsh <dwalsh@redhat.com> 3.2.5-20 Dan Walsh <dwalsh@redhat.com> 3.2.5-19 Dan Walsh <dwalsh@redhat.com> 3.2.5-18 Dan Walsh <dwalsh@redhat.com> 3.2.5-17 Dan Walsh <dwalsh@redhat.com> 3.2.5-16 Dan Walsh <dwalsh@redhat.com> 3.2.5-15 Dan Walsh <dwalsh@redhat.com> 3.2.5-14 Dan Walsh <dwalsh@redhat.com> 3.2.5-13 Dan Walsh <dwalsh@redhat.com> 3.2.5-12 Dan Walsh <dwalsh@redhat.com> 3.2.5-11 Dan Walsh <dwalsh@redhat.com> 3.2.5-10 Dan Walsh <dwalsh@redhat.com> 3.2.5-9 Dan Walsh <dwalsh@redhat.com> 3.2.5-8 Dan Walsh <dwalsh@redhat.com> 3.2.5-7 Dan Walsh <dwalsh@redhat.com> 3.2.5-6 Dan Walsh <dwalsh@redhat.com> 3.2.5-5 Dan Walsh <dwalsh@redhat.com> 3.2.5-4 Dan Walsh <dwalsh@redhat.com> 3.2.5-3 Dan Walsh <dwalsh@redhat.com> 3.2.5-2 Dan Walsh <dwalsh@redhat.com> 3.2.5-1 Dan Walsh <dwalsh@redhat.com> 3.2.4-5 Dan Walsh <dwalsh@redhat.com> 3.2.4-4 Dan Walsh <dwalsh@redhat.com> 3.2.4-3 Dan Walsh <dwalsh@redhat.com> 3.2.4-1 Dan Walsh <dwalsh@redhat.com> 3.2.4-1 Dan Walsh <dwalsh@redhat.com> 3.2.3-2 Dan Walsh <dwalsh@redhat.com> 3.2.3-1 Dan Walsh <dwalsh@redhat.com> 3.2.2-1 Dan Walsh <dwalsh@redhat.com> 3.2.1-3 Dan Walsh <dwalsh@redhat.com> 3.2.1-1 Dan Walsh <dwalsh@redhat.com> 3.1.2-2 Dan Walsh <dwalhh@redhat.com> 3.1.2-1 Dan Walsh <dwalsh@redhat.com> 3.1.1-1 Dan Walsh <dwalsh@redhat.com> 3.1.0-1 Dan Walsh <dwalsh@redhat.com> 3.0.8-30 Dan Walsh <dwalsh@redhat.com> 3.0.8-28 Dan Walsh <dwalsh@redhat.com> 3.0.8-27 Dan Walsh <dwalsh@redhat.com> 3.0.8-26 Dan Walsh <dwalsh@redhat.com> 3.0.8-25 Dan Walsh <dwalsh@redhat.com> 3.0.8-24 Dan Walsh <dwalsh@redhat.com> 3.0.8-23 Dan Walsh <dwalsh@redhat.com> 3.0.8-22 Dan Walsh <dwalsh@redhat.com> 3.0.8-21 Dan Walsh <dwalsh@redhat.com> 3.0.8-20 Dan Walsh <dwalsh@redhat.com> 3.0.8-19 Dan Walsh <dwalsh@redhat.com> 3.0.8-18 Dan Walsh <dwalsh@redhat.com> 3.0.8-17 Dan Walsh <dwalsh@redhat.com> 3.0.8-16 Dan Walsh <dwalsh@redhat.com> 3.0.8-15 Dan Walsh <dwalsh@redhat.com> 3.0.8-14 Dan Walsh <dwalsh@redhat.com> 3.0.8-13 Dan Walsh <dwalsh@redhat.com> 3.0.8-12 Dan Walsh <dwalsh@redhat.com> 3.0.8-11 Dan Walsh <dwalsh@redhat.com> 3.0.8-10 Dan Walsh <dwalsh@redhat.com> 3.0.8-9 Dan Walsh <dwalsh@redhat.com> 3.0.8-8 Dan Walsh <dwalsh@redhat.com> 3.0.8-7 Dan Walsh <dwalsh@redhat.com> 3.0.8-5 Dan Walsh <dwalsh@redhat.com> 3.0.8-4 Dan Walsh <dwalsh@redhat.com> 3.0.8-3 Dan Walsh <dwalsh@redhat.com> 3.0.8-2 Dan Walsh <dwalsh@redhat.com> 3.0.8-1 Dan Walsh <dwalsh@redhat.com> 3.0.7-10 Dan Walsh <dwalsh@redhat.com> 3.0.7-9 Dan Walsh <dwalsh@redhat.com> 3.0.7-8 Dan Walsh <dwalsh@redhat.com> 3.0.7-7 Dan Walsh <dwalsh@redhat.com> 3.0.7-6 Dan Walsh <dwalsh@redhat.com> 3.0.7-5 Dan Walsh <dwalsh@redhat.com> 3.0.7-4 Dan Walsh <dwalsh@redhat.com> 3.0.7-3 Dan Walsh <dwalsh@redhat.com> 3.0.7-2 Dan Walsh <dwalsh@redhat.com> 3.0.7-1 Dan Walsh <dwalsh@redhat.com> 3.0.6-3 Dan Walsh <dwalsh@redhat.com> 3.0.6-2 Dan Walsh <dwalsh@redhat.com> 3.0.6-1 Dan Walsh <dwalsh@redhat.com> 3.0.5-11 Dan Walsh <dwalsh@redhat.com> 3.0.5-10 Dan Walsh <dwalsh@redhat.com> 3.0.5-9 Dan Walsh <dwalsh@redhat.com> 3.0.5-8 Dan Walsh <dwalsh@redhat.com> 3.0.5-7 Dan Walsh <dwalsh@redhat.com> 3.0.5-6 Dan Walsh <dwalsh@redhat.com> 3.0.5-5 Dan Walsh <dwalsh@redhat.com> 3.0.5-4 Dan Walsh <dwalsh@redhat.com> 3.0.5-3 Dan Walsh <dwalsh@redhat.com> 3.0.5-2 Dan Walsh <dwalsh@redhat.com> 3.0.5-1 Dan Walsh <dwalsh@redhat.com> 3.0.4-6 Dan Walsh <dwalsh@redhat.com> 3.0.4-5 Dan Walsh <dwalsh@redhat.com> 3.0.4-4 Dan Walsh <dwalsh@redhat.com> 3.0.4-3 Dan Walsh <dwalsh@redhat.com> 3.0.4-2 Dan Walsh <dwalsh@redhat.com> 3.0.4-1 Dan Walsh <dwalsh@redhat.com> 3.0.3-6 Dan Walsh <dwalsh@redhat.com> 3.0.3-5 Dan Walsh <dwalsh@redhat.com> 3.0.3-4 Dan Walsh <dwalsh@redhat.com> 3.0.3-3 Dan Walsh <dwalsh@redhat.com> 3.0.3-2 Dan Walsh <dwalsh@redhat.com> 3.0.3-1 Dan Walsh <dwalsh@redhat.com> 3.0.2-9 Dan Walsh <dwalsh@redhat.com> 3.0.2-8 Dan Walsh <dwalsh@redhat.com> 3.0.2-7 Dan Walsh <dwalsh@redhat.com> 3.0.2-5 Dan Walsh <dwalsh@redhat.com> 3.0.2-4 Dan Walsh <dwalsh@redhat.com> 3.0.2-3 Dan Walsh <dwalsh@redhat.com> 3.0.2-2 Dan Walsh <dwalsh@redhat.com> 3.0.1-5 Dan Walsh <dwalsh@redhat.com> 3.0.1-4 Dan Walsh <dwalsh@redhat.com> 3.0.1-3 Dan Walsh <dwalsh@redhat.com> 3.0.1-2 Dan Walsh <dwalsh@redhat.com> 3.0.1-1 Dan Walsh <dwalsh@redhat.com> 2.6.5-3 Dan Walsh <dwalsh@redhat.com> 2.6.5-2 Dan Walsh <dwalsh@redhat.com> 2.6.4-7 Dan Walsh <dwalsh@redhat.com> 2.6.4-6 Dan Walsh <dwalsh@redhat.com> 2.6.4-5 Dan Walsh <dwalsh@redhat.com> 2.6.4-2 Dan Walsh <dwalsh@redhat.com> 2.6.4-1 Dan Walsh <dwalsh@redhat.com> 2.6.3-1 Dan Walsh <dwalsh@redhat.com> 2.6.2-1 Dan Walsh <dwalsh@redhat.com> 2.6.1-4 Dan Walsh <dwalsh@redhat.com> 2.6.1-2 Dan Walsh <dwalsh@redhat.com> 2.6.1-1 Dan Walsh <dwalsh@redhat.com> 2.5.12-12 Dan Walsh <dwalsh@redhat.com> 2.5.12-11 Dan Walsh <dwalsh@redhat.com> 2.5.12-10 Dan Walsh <dwalsh@redhat.com> 2.5.12-8 Dan Walsh <dwalsh@redhat.com> 2.5.12-5 Dan Walsh <dwalsh@redhat.com> 2.5.12-4 Dan Walsh <dwalsh@redhat.com> 2.5.12-3 Dan Walsh <dwalsh@redhat.com> 2.5.12-2 Dan Walsh <dwalsh@redhat.com> 2.5.12-1 Dan Walsh <dwalsh@redhat.com> 2.5.11-8 Dan Walsh <dwalsh@redhat.com> 2.5.11-7 Dan Walsh <dwalsh@redhat.com> 2.5.11-6 Dan Walsh <dwalsh@redhat.com> 2.5.11-5 Dan Walsh <dwalsh@redhat.com> 2.5.11-4 Dan Walsh <dwalsh@redhat.com> 2.5.11-3 Dan Walsh <dwalsh@redhat.com> 2.5.11-2 Dan Walsh <dwalsh@redhat.com> 2.5.11-1 Dan Walsh <dwalsh@redhat.com> 2.5.10-2 Dan Walsh <dwalsh@redhat.com> 2.5.10-1 Dan Walsh <dwalsh@redhat.com> 2.5.9-6 Dan Walsh <dwalsh@redhat.com> 2.5.9-5 Dan Walsh <dwalsh@redhat.com> 2.5.9-4 Dan Walsh <dwalsh@redhat.com> 2.5.9-3 Dan Walsh <dwalsh@redhat.com> 2.5.9-2 Dan Walsh <dwalsh@redhat.com> 2.5.8-8 Dan Walsh <dwalsh@redhat.com> 2.5.8-7 Dan Walsh <dwalsh@redhat.com> 2.5.8-6 Dan Walsh <dwalsh@redhat.com> 2.5.8-5 Dan Walsh <dwalsh@redhat.com> 2.5.8-4 Dan Walsh <dwalsh@redhat.com> 2.5.8-3 Dan Walsh <dwalsh@redhat.com> 2.5.8-2 Dan Walsh <dwalsh@redhat.com> 2.5.8-1 Dan Walsh <dwalsh@redhat.com> 2.5.7-1 Dan Walsh <dwalsh@redhat.com> 2.5.6-1 Dan Walsh <dwalsh@redhat.com> 2.5.5-2 Dan Walsh <dwalsh@redhat.com> 2.5.5-1 Dan Walsh <dwalsh@redhat.com> 2.5.4-2 Dan Walsh <dwalsh@redhat.com> 2.5.4-1 Dan Walsh <dwalsh@redhat.com> 2.5.3-3 Dan Walsh <dwalsh@redhat.com> 2.5.3-2 Dan Walsh <dwalsh@redhat.com> 2.5.3-1 Dan Walsh <dwalsh@redhat.com> 2.5.2-6 Dan Walsh <dwalsh@redhat.com> 2.5.2-5 Dan Walsh <dwalsh@redhat.com> 2.5.2-4 Dan Walsh <dwalsh@redhat.com> 2.5.2-3 Dan Walsh <dwalsh@redhat.com> 2.5.2-2 Dan Walsh <dwalsh@redhat.com> 2.5.2-1 Dan Walsh <dwalsh@redhat.com> 2.5.1-5 Dan Walsh <dwalsh@redhat.com> 2.5.1-4 Dan Walsh <dwalsh@redhat.com> 2.5.1-2 Dan Walsh <dwalsh@redhat.com> 2.5.1-1 Dan Walsh <dwalsh@redhat.com> 2.4.6-20 Dan Walsh <dwalsh@redhat.com> 2.4.6-19 Dan Walsh <dwalsh@redhat.com> 2.4.6-18 Dan Walsh <dwalsh@redhat.com> 2.4.6-17 Dan Walsh <dwalsh@redhat.com> 2.4.6-16 Dan Walsh <dwalsh@redhat.com> 2.4.6-15 Dan Walsh <dwalsh@redhat.com> 2.4.6-14 Dan Walsh <dwalsh@redhat.com> 2.4.6-13 Dan Walsh <dwalsh@redhat.com> 2.4.6-12 Dan Walsh <dwalsh@redhat.com> 2.4.6-11 Dan Walsh <dwalsh@redhat.com> 2.4.6-10 Dan Walsh <dwalsh@redhat.com> 2.4.6-9 Dan Walsh <dwalsh@redhat.com> 2.4.6-8 Dan Walsh <dwalsh@redhat.com> 2.4.6-7 Dan Walsh <dwalsh@redhat.com> 2.4.6-6 Dan Walsh <dwalsh@redhat.com> 2.4.6-5 Dan Walsh <dwalsh@redhat.com> 2.4.6-4 Dan Walsh <dwalsh@redhat.com> 2.4.6-3 Dan Walsh <dwalsh@redhat.com> 2.4.6-1 Dan Walsh <dwalsh@redhat.com> 2.4.5-4 Dan Walsh <dwalsh@redhat.com> 2.4.5-3 Dan Walsh <dwalsh@redhat.com> 2.4.5-2 Dan Walsh <dwalsh@redhat.com> 2.4.5-1 Dan Walsh <dwalsh@redhat.com> 2.4.4-2 Dan Walsh <dwalsh@redhat.com> 2.4.4-2 Dan Walsh <dwalsh@redhat.com> 2.4.4-1 Dan Walsh <dwalsh@redhat.com> 2.4.3-13 Dan Walsh <dwalsh@redhat.com> 2.4.3-12 Dan Walsh <dwalsh@redhat.com> 2.4.3-11 Dan Walsh <dwalsh@redhat.com> 2.4.3-10 Dan Walsh <dwalsh@redhat.com> 2.4.3-9 Dan Walsh <dwalsh@redhat.com> 2.4.3-8 Dan Walsh <dwalsh@redhat.com> 2.4.3-7 Dan Walsh <dwalsh@redhat.com> 2.4.3-6 Dan Walsh <dwalsh@redhat.com> 2.4.3-5 Dan Walsh <dwalsh@redhat.com> 2.4.3-4 Dan Walsh <dwalsh@redhat.com> 2.4.3-3 Dan Walsh <dwalsh@redhat.com> 2.4.3-2 Dan Walsh <dwalsh@redhat.com> 2.4.3-1 Dan Walsh <dwalsh@redhat.com> 2.4.2-8 Dan Walsh <dwalsh@redhat.com> 2.4.2-7 James Antill <james.antill@redhat.com> 2.4.2-6 Dan Walsh <dwalsh@redhat.com> 2.4.2-5 Dan Walsh <dwalsh@redhat.com> 2.4.2-4 Dan Walsh <dwalsh@redhat.com> 2.4.2-3 Dan Walsh <dwalsh@redhat.com> 2.4.2-2 Dan Walsh <dwalsh@redhat.com> 2.4.2-1 Dan Walsh <dwalsh@redhat.com> 2.4.1-5 Dan Walsh <dwalsh@redhat.com> 2.4.1-4 Dan Walsh <dwalsh@redhat.com> 2.4.1-3 Dan Walsh <dwalsh@redhat.com> 2.4.1-2 Dan Walsh <dwalsh@redhat.com> 2.4-4 Dan Walsh <dwalsh@redhat.com> 2.4-3 Dan Walsh <dwalsh@redhat.com> 2.4-2 Dan Walsh <dwalsh@redhat.com> 2.4-1 Dan Walsh <dwalsh@redhat.com> 2.3.19-4 Dan Walsh <dwalsh@redhat.com> 2.3.19-3 Dan Walsh <dwalsh@redhat.com> 2.3.19-2 Dan Walsh <dwalsh@redhat.com> 2.3.19-1 James Antill <jantill@redhat.com> 2.3.18-10 James Antill <jantill@redhat.com> 2.3.18-9 Dan Walsh <dwalsh@redhat.com> 2.3.18-8 Dan Walsh <dwalsh@redhat.com> 2.3.18-7 Dan Walsh <dwalsh@redhat.com> 2.3.18-6 Dan Walsh <dwalsh@redhat.com> 2.3.18-5 Dan Walsh <dwalsh@redhat.com> 2.3.18-4 Dan Walsh <dwalsh@redhat.com> 2.3.18-3 Dan Walsh <dwalsh@redhat.com> 2.3.18-2 Dan Walsh <dwalsh@redhat.com> 2.3.18-1 Dan Walsh <dwalsh@redhat.com> 2.3.17-2 Dan Walsh <dwalsh@redhat.com> 2.3.17-1 Dan Walsh <dwalsh@redhat.com> 2.3.16-9 Dan Walsh <dwalsh@redhat.com> 2.3.16-8 Dan Walsh <dwalsh@redhat.com> 2.3.16-7 Dan Walsh <dwalsh@redhat.com> 2.3.16-6 Dan Walsh <dwalsh@redhat.com> 2.3.16-5 Dan Walsh <dwalsh@redhat.com> 2.3.16-4 Dan Walsh <dwalsh@redhat.com> 2.3.16-2 Dan Walsh <dwalsh@redhat.com> 2.3.16-1 Dan Walsh <dwalsh@redhat.com> 2.3.15-2 Dan Walsh <dwalsh@redhat.com> 2.3.15-1 Dan Walsh <dwalsh@redhat.com> 2.3.14-8 Dan Walsh <dwalsh@redhat.com> 2.3.14-7 Dan Walsh <dwalsh@redhat.com> 2.3.14-6 Dan Walsh <dwalsh@redhat.com> 2.3.14-4 Dan Walsh <dwalsh@redhat.com> 2.3.14-3 Dan Walsh <dwalsh@redhat.com> 2.3.14-2 Dan Walsh <dwalsh@redhat.com> 2.3.14-1 Dan Walsh <dwalsh@redhat.com> 2.3.13-6 Dan Walsh <dwalsh@redhat.com> 2.3.13-5 Dan Walsh <dwalsh@redhat.com> 2.3.13-4 Dan Walsh <dwalsh@redhat.com> 2.3.13-3 Dan Walsh <dwalsh@redhat.com> 2.3.13-2 Dan Walsh <dwalsh@redhat.com> 2.3.13-1 Dan Walsh <dwalsh@redhat.com> 2.3.12-2 Dan Walsh <dwalsh@redhat.com> 2.3.12-1 Dan Walsh <dwalsh@redhat.com> 2.3.11-1 Dan Walsh <dwalsh@redhat.com> 2.3.10-7 Dan Walsh <dwalsh@redhat.com> 2.3.10-6 Dan Walsh <dwalsh@redhat.com> 2.3.10-3 Dan Walsh <dwalsh@redhat.com> 2.3.10-1 Dan Walsh <dwalsh@redhat.com> 2.3.9-6 Dan Walsh <dwalsh@redhat.com> 2.3.9-5 Dan Walsh <dwalsh@redhat.com> 2.3.9-4 Dan Walsh <dwalsh@redhat.com> 2.3.9-3 Dan Walsh <dwalsh@redhat.com> 2.3.9-2 Dan Walsh <dwalsh@redhat.com> 2.3.9-1 Dan Walsh <dwalsh@redhat.com> 2.3.8-2 Dan Walsh <dwalsh@redhat.com> 2.3.7-1 Dan Walsh <dwalsh@redhat.com> 2.3.6-4 Dan Walsh <dwalsh@redhat.com> 2.3.6-3 Dan Walsh <dwalsh@redhat.com> 2.3.6-2 Dan Walsh <dwalsh@redhat.com> 2.3.6-1 Dan Walsh <dwalsh@redhat.com> 2.3.5-1 Dan Walsh <dwalsh@redhat.com> 2.3.4-1 Dan Walsh <dwalsh@redhat.com> 2.3.3-20 Dan Walsh <dwalsh@redhat.com> 2.3.3-19 Dan Walsh <dwalsh@redhat.com> 2.3.3-18 Dan Walsh <dwalsh@redhat.com> 2.3.3-17 Dan Walsh <dwalsh@redhat.com> 2.3.3-16 Dan Walsh <dwalsh@redhat.com> 2.3.3-15 Dan Walsh <dwalsh@redhat.com> 2.3.3-14 Dan Walsh <dwalsh@redhat.com> 2.3.3-13 Dan Walsh <dwalsh@redhat.com> 2.3.3-12 Dan Walsh <dwalsh@redhat.com> 2.3.3-11 Dan Walsh <dwalsh@redhat.com> 2.3.3-10 Dan Walsh <dwalsh@redhat.com> 2.3.3-9 Dan Walsh <dwalsh@redhat.com> 2.3.3-8 Dan Walsh <dwalsh@redhat.com> 2.3.3-7 Dan Walsh <dwalsh@redhat.com> 2.3.3-6 Dan Walsh <dwalsh@redhat.com> 2.3.3-5 Dan Walsh <dwalsh@redhat.com> 2.3.3-4 Dan Walsh <dwalsh@redhat.com> 2.3.3-3 Dan Walsh <dwalsh@redhat.com> 2.3.3-2 Dan Walsh <dwalsh@redhat.com> 2.3.3-1 Dan Walsh <dwalsh@redhat.com> 2.3.2-4 Dan Walsh <dwalsh@redhat.com> 2.3.2-3 Dan Walsh <dwalsh@redhat.com> 2.3.2-2 Dan Walsh <dwalsh@redhat.com> 2.3.2-1 Dan Walsh <dwalsh@redhat.com> 2.3.1-1 Dan Walsh <dwalsh@redhat.com> 2.2.49-1 Dan Walsh <dwalsh@redhat.com> 2.2.48-1 Dan Walsh <dwalsh@redhat.com> 2.2.47-5 Dan Walsh <dwalsh@redhat.com> 2.2.47-4 Dan Walsh <dwalsh@redhat.com> 2.2.47-3 Dan Walsh <dwalsh@redhat.com> 2.2.47-1 Dan Walsh <dwalsh@redhat.com> 2.2.46-2 Dan Walsh <dwalsh@redhat.com> 2.2.46-1 Dan Walsh <dwalsh@redhat.com> 2.2.45-3 Dan Walsh <dwalsh@redhat.com> 2.2.45-2 Dan Walsh <dwalsh@redhat.com> 2.2.45-1 Dan Walsh <dwalsh@redhat.com> 2.2.44-1 Dan Walsh <dwalsh@redhat.com> 2.2.43-4 Dan Walsh <dwalsh@redhat.com> 2.2.43-3 Dan Walsh <dwalsh@redhat.com> 2.2.43-2 Dan Walsh <dwalsh@redhat.com> 2.2.43-1 Dan Walsh <dwalsh@redhat.com> 2.2.42-4 Dan Walsh <dwalsh@redhat.com> 2.2.42-3 Dan Walsh <dwalsh@redhat.com> 2.2.42-2 Dan Walsh <dwalsh@redhat.com> 2.2.42-1 Dan Walsh <dwalsh@redhat.com> 2.2.41-1 Dan Walsh <dwalsh@redhat.com> 2.2.40-2 Dan Walsh <dwalsh@redhat.com> 2.2.40-1 Dan Walsh <dwalsh@redhat.com> 2.2.39-2 Dan Walsh <dwalsh@redhat.com> 2.2.39-1 Dan Walsh <dwalsh@redhat.com> 2.2.38-6 Dan Walsh <dwalsh@redhat.com> 2.2.38-5 Dan Walsh <dwalsh@redhat.com> 2.2.38-4 Dan Walsh <dwalsh@redhat.com> 2.2.38-3 Dan Walsh <dwalsh@redhat.com> 2.2.38-2 Dan Walsh <dwalsh@redhat.com> 2.2.38-1 Dan Walsh <dwalsh@redhat.com> 2.2.37-1 Dan Walsh <dwalsh@redhat.com> 2.2.36-2 Dan Walsh <dwalsh@redhat.com> 2.2.36-1 James Antill <jantill@redhat.com> 2.2.35-2 Dan Walsh <dwalsh@redhat.com> 2.2.35-1 Dan Walsh <dwalsh@redhat.com> 2.2.34-3 Dan Walsh <dwalsh@redhat.com> 2.2.34-2 Dan Walsh <dwalsh@redhat.com> 2.2.34-1 Dan Walsh <dwalsh@redhat.com> 2.2.33-1 Dan Walsh <dwalsh@redhat.com> 2.2.32-2 Dan Walsh <dwalsh@redhat.com> 2.2.32-1 Dan Walsh <dwalsh@redhat.com> 2.2.31-1 Dan Walsh <dwalsh@redhat.com> 2.2.30-2 Dan Walsh <dwalsh@redhat.com> 2.2.30-1 Dan Walsh <dwalsh@redhat.com> 2.2.29-6 Russell Coker <rcoker@redhat.com> 2.2.29-5 Dan Walsh <dwalsh@redhat.com> 2.2.29-4 Dan Walsh <dwalsh@redhat.com> 2.2.29-3 Dan Walsh <dwalsh@redhat.com> 2.2.29-2 Dan Walsh <dwalsh@redhat.com> 2.2.29-1 Dan Walsh <dwalsh@redhat.com> 2.2.28-3 Dan Walsh <dwalsh@redhat.com> 2.2.28-2 Dan Walsh <dwalsh@redhat.com> 2.2.28-1 Dan Walsh <dwalsh@redhat.com> 2.2.27-1 Dan Walsh <dwalsh@redhat.com> 2.2.25-3 Dan Walsh <dwalsh@redhat.com> 2.2.25-2 Dan Walsh <dwalsh@redhat.com> 2.2.24-1 Dan Walsh <dwalsh@redhat.com> 2.2.23-19 Dan Walsh <dwalsh@redhat.com> 2.2.23-18 Dan Walsh <dwalsh@redhat.com> 2.2.23-17 Karsten Hopp <karsten@redhat.de> 2.2.23-16 Dan Walsh <dwalsh@redhat.com> 2.2.23-15 Dan Walsh <dwalsh@redhat.com> 2.2.23-14 Dan Walsh <dwalsh@redhat.com> 2.2.23-13 Dan Walsh <dwalsh@redhat.com> 2.2.23-12 Jeremy Katz <katzj@redhat.com> - 2.2.23-11 Jeremy Katz <katzj@redhat.com> - 2.2.23-10 Dan Walsh <dwalsh@redhat.com> 2.2.23-9 Dan Walsh <dwalsh@redhat.com> 2.2.23-8 Dan Walsh <dwalsh@redhat.com> 2.2.23-7 Dan Walsh <dwalsh@redhat.com> 2.2.23-5 Dan Walsh <dwalsh@redhat.com> 2.2.23-4 Dan Walsh <dwalsh@redhat.com> 2.2.23-3 Dan Walsh <dwalsh@redhat.com> 2.2.23-2 Dan Walsh <dwalsh@redhat.com> 2.2.23-1 Dan Walsh <dwalsh@redhat.com> 2.2.22-2 Dan Walsh <dwalsh@redhat.com> 2.2.22-1 Dan Walsh <dwalsh@redhat.com> 2.2.21-9 Dan Walsh <dwalsh@redhat.com> 2.2.21-8 Dan Walsh <dwalsh@redhat.com> 2.2.21-7 Dan Walsh <dwalsh@redhat.com> 2.2.21-6 Dan Walsh <dwalsh@redhat.com> 2.2.21-5 Dan Walsh <dwalsh@redhat.com> 2.2.21-4 Dan Walsh <dwalsh@redhat.com> 2.2.21-3 Dan Walsh <dwalsh@redhat.com> 2.2.21-2 Dan Walsh <dwalsh@redhat.com> 2.2.21-1 Dan Walsh <dwalsh@redhat.com> 2.2.20-1 Dan Walsh <dwalsh@redhat.com> 2.2.19-2 Dan Walsh <dwalsh@redhat.com> 2.2.19-1 Dan Walsh <dwalsh@redhat.com> 2.2.18-2 Dan Walsh <dwalsh@redhat.com> 2.2.18-1 Dan Walsh <dwalsh@redhat.com> 2.2.17-2 Dan Walsh <dwalsh@redhat.com> 2.2.16-1 Dan Walsh <dwalsh@redhat.com> 2.2.15-4 Dan Walsh <dwalsh@redhat.com> 2.2.15-3 Dan Walsh <dwalsh@redhat.com> 2.2.15-1 Dan Walsh <dwalsh@redhat.com> 2.2.14-2 Dan Walsh <dwalsh@redhat.com> 2.2.14-1 Dan Walsh <dwalsh@redhat.com> 2.2.13-1 Dan Walsh <dwalsh@redhat.com> 2.2.12-1 Dan Walsh <dwalsh@redhat.com> 2.2.11-2 Dan Walsh <dwalsh@redhat.com> 2.2.11-1 Dan Walsh <dwalsh@redhat.com> 2.2.10-1 Dan Walsh <dwalsh@redhat.com> 2.2.9-2 Dan Walsh <dwalsh@redhat.com> 2.2.9-1 Dan Walsh <dwalsh@redhat.com> 2.2.8-2 Dan Walsh <dwalsh@redhat.com> 2.2.7-1 Dan Walsh <dwalsh@redhat.com> 2.2.6-3 Dan Walsh <dwalsh@redhat.com> 2.2.6-2 Dan Walsh <dwalsh@redhat.com> 2.2.6-1 Dan Walsh <dwalsh@redhat.com> 2.2.5-1 Dan Walsh <dwalsh@redhat.com> 2.2.4-1 Dan Walsh <dwalsh@redhat.com> 2.2.3-1 Dan Walsh <dwalsh@redhat.com> 2.2.2-1 Dan Walsh <dwalsh@redhat.com> 2.2.1-1 Dan Walsh <dwalsh@redhat.com> 2.1.13-1 Dan Walsh <dwalsh@redhat.com> 2.1.12-3 Dan Walsh <dwalsh@redhat.com> 2.1.11-1 Dan Walsh <dwalsh@redhat.com> 2.1.10-1 Jeremy Katz <katzj@redhat.com> - 2.1.9-2 Dan Walsh <dwalsh@redhat.com> 2.1.9-1 Dan Walsh <dwalsh@redhat.com> 2.1.8-3 Dan Walsh <dwalsh@redhat.com> 2.1.8-2 Dan Walsh <dwalsh@redhat.com> 2.1.8-1 Dan Walsh <dwalsh@redhat.com> 2.1.7-4 Dan Walsh <dwalsh@redhat.com> 2.1.7-3 Dan Walsh <dwalsh@redhat.com> 2.1.7-2 Dan Walsh <dwalsh@redhat.com> 2.1.7-1 Dan Walsh <dwalsh@redhat.com> 2.1.6-24 Dan Walsh <dwalsh@redhat.com> 2.1.6-23 Dan Walsh <dwalsh@redhat.com> 2.1.6-22 Dan Walsh <dwalsh@redhat.com> 2.1.6-21 Dan Walsh <dwalsh@redhat.com> 2.1.6-20 Dan Walsh <dwalsh@redhat.com> 2.1.6-18 Dan Walsh <dwalsh@redhat.com> 2.1.6-17 Dan Walsh <dwalsh@redhat.com> 2.1.6-16 Dan Walsh <dwalsh@redhat.com> 2.1.6-15 Dan Walsh <dwalsh@redhat.com> 2.1.6-14 Dan Walsh <dwalsh@redhat.com> 2.1.6-13 Dan Walsh <dwalsh@redhat.com> 2.1.6-11 Dan Walsh <dwalsh@redhat.com> 2.1.6-10 Dan Walsh <dwalsh@redhat.com> 2.1.6-9 Dan Walsh <dwalsh@redhat.com> 2.1.6-8 Dan Walsh <dwalsh@redhat.com> 2.1.6-5 Dan Walsh <dwalsh@redhat.com> 2.1.6-4 Dan Walsh <dwalsh@redhat.com> 2.1.6-3 Dan Walsh <dwalsh@redhat.com> 2.1.6-2 Dan Walsh <dwalsh@redhat.com> 2.1.6-1 Dan Walsh <dwalsh@redhat.com> 2.1.4-2 Dan Walsh <dwalsh@redhat.com> 2.1.4-1 Dan Walsh <dwalsh@redhat.com> 2.1.3-1 Jeremy Katz <katzj@redhat.com> - 2.1.2-3 Dan Walsh <dwalsh@redhat.com> 2.1.2-2 Dan Walsh <dwalsh@redhat.com> 2.1.2-1 Dan Walsh <dwalsh@redhat.com> 2.1.1-3 Dan Walsh <dwalsh@redhat.com> 2.1.1-2 Dan Walsh <dwalsh@redhat.com> 2.1.1-1 Dan Walsh <dwalsh@redhat.com> 2.1.0-3 Dan Walsh <dwalsh@redhat.com> 2.1.0-2. Dan Walsh <dwalsh@redhat.com> 2.1.0-1. Dan Walsh <dwalsh@redhat.com> 2.0.11-2. Dan Walsh <dwalsh@redhat.com> 2.0.11-1. Dan Walsh <dwalsh@redhat.com> 2.0.9-1. Dan Walsh <dwalsh@redhat.com> 2.0.8-1. Dan Walsh <dwalsh@redhat.com> 2.0.7-3 Dan Walsh <dwalsh@redhat.com> 2.0.7-2 Dan Walsh <dwalsh@redhat.com> 2.0.6-2 Dan Walsh <dwalsh@redhat.com> 2.0.5-4 Dan Walsh <dwalsh@redhat.com> 2.0.5-1 Dan Walsh <dwalsh@redhat.com> 2.0.4-1 Dan Walsh <dwalsh@redhat.com> 2.0.2-2 Dan Walsh <dwalsh@redhat.com> 2.0.2-1 Dan Walsh <dwalsh@redhat.com> 2.0.1-2 Dan Walsh <dwalsh@redhat.com> 2.0.1-1 - Allow nova_t domain to use pam
Resolves: rhbz:#1645270
- sysstat: grant sysstat_t the search_dir_perms set
Resolves: rhbz#1645271 - Remove disabling ganesha module in pre install phase of installation new selinux-policy package where ganesha is again standalone module
Resolves: rhbz#1638257 - Allow staff_t userdomain and confined_admindomain attribute to allow use generic ptys because of new sudo feature 'io logging'
Resolves: rhbz#1638427 - Run ganesha as ganesha_t domain again, revert changes where ganesha is running as nfsd_t
Resolves: rhbz#1638257 - Fix missing patch in spec file
Resolves: rhbz#1635704 - Allow cinder_volume_t domain to dbus chat with systemd_logind_t domain
Resolves: rhbz#1635704 - Allow neutron domain to read/write /var/run/utmp
Resolves: rhbz#1630318 - Allow tomcat_domain to read /dev/random
Resolves: rhbz#1631666
- Allow neutron_t domain to use pam
Resolves: rhbz#1630318 - Add interface apache_read_tmp_dirs()
- Allow dirsrvadmin_script_t domain to list httpd_tmp_t dirs
Resolves: rhbz#1622602 - Allow tomcat servers to manage usr_t files
Resolves: rhbz#1625678
- Dontaudit tomcat serves to append to /dev/random device
Resolves: rhbz#1625678
- Allow sys_nice capability to mysqld_t domain
- Allow dirsrvadmin_script_t domain to read httpd tmp files
Resolves: rhbz#1622602
- Allow syslogd_t domain to manage cert_t files
Resolves: rhbz#1615995 - Allow sbd_t domain to getattr of all char files in /dev and read sysfs_t files and dirs
Resolves: rhbz#1627114
- Expand virt_read_lib_files() interface to allow list dirs with label virt_var_lib_t
Resolves: rhbz#1567753 - Allow tomcat Tomcat to delete a temporary file used when compiling class files for JSPs.
Resolves: rhbz#1625678
- Allow chronyd_t domain to read virt_var_lib_t files
- Allow virtual machines to use dri devices. This allows use openCL GPU calculations. BZ(1337333)
Resolves: rhbz#1625613
- Allow tomcat services create link file in /tmp
Resolves: rhbz#1624289
- Add boolean: domain_can_mmap_files.
Resolves: rhbz#1460322 - Make working SELinux sandbox with Wayland.
Resolves: rhbz#1624308
- Allow svirt_t domain to mmap svirt_image_t block files
Resolves: rhbz#1624224
- Add caps dac_read_search and dav_override to pesign_t domain
- Allow iscsid_t domain to mmap userio chr files
Resolves: rhbz#1623589
- Add boolean: domain_can_mmap_files.
Resolves: rhbz#1460322
- Add execute_no_trans permission to mmap_exec_file_perms pattern
- Allow sudodomain to search caller domain proc info
- Allow xdm_t domain to mmap and read cert_t files
- Replace optional policy blocks to make dbus interfaces effective
Resolves: rhbz#1624414
- Add interface dev_map_userio_dev() - Allow readhead_t domain to mmap own pid files
Resolves: rhbz#1614169 - Allow ovs-vswitchd labeled as openvswitch_t domain communicate with qemu-kvm via UNIX stream socket
- Allow httpd_t domain to mmap tmp files
Resolves: rhbz#1608355
- Update dirsrv_read_share() interface to allow caller domain to mmap dirsrv_share_t files
- Update dirsrvadmin_script_t policy to allow read httpd_tmp_t symlinks
- Label /dev/tpmrm[0-9]* as tpm_device_t
- Allow semanage_t domain mmap usr_t files
Resolves: rhbz#1622607
- Update dev_filetrans_all_named_dev() to allow create event22-30 character files with label event_device_t - Allow nagios_script_t domain to mmap nagios_log_t files
Resolves: rhbz#1620013
- Allow nagios_script_t domain to mmap nagios_spool_t files
Resolves: rhbz#1620013
- Update userdom_security_admin() and userdom_security_admin_template() to allow use auditctl
Resolves: rhbz#1622197
- Update selinux_validate_context() interface to allow caller domain to mmap security_t files
Resolves: rhbz#1622061 - Allow virtd_t domain to create netlink_socket
- Allow rpm_t domain to write to audit
- Allow rpm domain to mmap rpm_var_lib_t files
Resolves: rhbz#1619785
- Allow nagios_script_t domain to mmap nagios_etc_t files
Resolves: rhbz#1620013
- Update nscd_socket_use() to allow caller domain to stream connect to nscd_t
Resolves: rhbz#1460715
- Allow secadm_t domain to mmap audit config and log files
- Allow insmod_t domain to read iptables pid files
- Allow systemd to mounton /etc
Resolves: rhbz#1619785 - Allow kdumpctl_t domain to getattr fixed disk device in mls
Resolves: rhbz#1615342
- Allow initrc_domain to mmap all binaries labeled as systemprocess_entry
Resolves: rhbz#1615342 - Allow virtlogd to execute itself
Resolves: rhbz#1598392 - Allow kdumpctl_t domain to manage kdumpctl_tmp_t fifo files
Resolves: rhbz#1615342
- Allow kdumpctl to write to files on all levels
Resolves: rhbz#1615342
- Fix typo in radius policy
Resolves: rhbz#1619197
- Allow httpd_t domain to mmap httpd_config_t files
Resolves: rhbz#1615894
- Add interface dbus_acquire_svc_system_dbusd()
- Allow sanlock_t domain to connectto to unix_stream_socket
Resolves: rhbz#1614965
- Update nfsd_t policy because of ganesha features
Resolves: rhbz#1511489
- Allow conman to getattr devpts_t
Resolves: rhbz#1377915
- Allow tomcat_domain to connect to smtp ports
Resolves: rhbz#1253502
- Allow tomcat_t domain to mmap tomcat_var_lib_t files
Resolves: rhbz#1618519
- Allow slapd_t domain to mmap slapd_var_run_t files
Resolves: rhbz#1615319
- Allow nagios_t domain to mmap nagios_log_t files
Resolves: rhbz#1618675
- Allow nagios to exec itself and mmap nagios spool files BZ(1559683)
- Allow nagios to mmap nagios config files BZ(1559683)
- Allow kpropd_t domain to mmap krb5kdc_principal_t files
Resolves: rhbz#1619252
- Update syslogd policy to make working elasticsearch
- Label tcp and udp ports 9200 as wap_wsp_port
- Allow few domains to rw inherited kdumpctl tmp pipes
Resolves: rhbz#1615342 - Allow systemd_dbusd_t domain read/write to nvme devices
Resolves: rhbz#1614236
- Allow mysqld_safe_t do execute itself
- Allow smbd_t domain to chat via dbus with avahi daemon
Resolves: rhbz#1600157
- cupsd_t domain will create /etc/cupsd/ppd as cupsd_etc_rw_t
Resolves: rhbz#1452595
- Allow amanda_t domain to getattr on tmpfs filesystem BZ(1527645)
Resolves: rhbz#1452444
- Update screen_role_template to allow caller domain to have screen_exec_t as entrypoint do new domain
Resolves: rhbz#1384769
- Add alias httpd__script_t to _script_t to make sepolicy generate working
Resolves: rhbz#1271324
- Allow kprop_t domain to read network state
Resolves: rhbz#1600705
- Allow sysadm_t domain to accept socket
Resolves: rhbz#1557299
- Allow sshd_t domain to mmap user_tmp_t files
Resolves: rhbz#1613437 - Allow sshd_t domain to mmap user_tmp_t files
Resolves: rhbz#1613437 - Allow kprop_t domain to read network state
Resolves: rhbz#1600705 - Allow kpropd domain to exec itself
Resolves: rhbz#1600705
- Allow ipmievd_t to mmap kernel modules BZ(1552535)
- Allow hsqldb_t domain to mmap own temp files
Resolves: rhbz#1612143
- Allow hsqldb_t domain to read cgroup files
Resolves: rhbz#1612143
- Allow rngd_t domain to read generic certs
Resolves: rhbz#1612456
- Allow innd_t domain to mmap own var_lib_t files
Resolves: rhbz#1600591
- Update screen_role_temaplate interface
Resolves: rhbz#1384769
- Allow cupsd_t to create cupsd_etc_t dirs
Resolves: rhbz#1452595
- Allow chronyd_t domain to mmap own tmpfs files
Resolves: rhbz#1596563
- Allow cyrus domain to mmap own var_lib_t and var_run files
Resolves: rhbz#1610374
- Allow sysadm_t domain to create rawip sockets
Resolves: rhbz#1571591
- Allow sysadm_t domain to listen on socket
Resolves: rhbz#1557299
- Update sudo_role_template() to allow caller domain also setattr generic ptys
Resolves: rhbz#1564470
- Allow netutils_t domain to create bluetooth sockets
Resolves: rhbz#1600586 - Allow innd_t domain to mmap own var_lib_t files
Resolves: rhbz#1600591
- Update screen_role_temaplate interface
Resolves: rhbz#1384769
- Allow cupsd_t to create cupsd_etc_t dirs
Resolves: rhbz#1452595
- Allow chronyd_t domain to mmap own tmpfs files
Resolves: rhbz#1596563
- Allow cyrus domain to mmap own var_lib_t and var_run files
Resolves: rhbz#1610374
- Allow sysadm_t domain to create rawip sockets
Resolves: rhbz#1571591
- Allow sysadm_t domain to listen on socket
Resolves: rhbz#1557299
- Update sudo_role_template() to allow caller domain also setattr generic ptys
Resolves: rhbz#1564470
- Allow netutils_t domain to create bluetooth sockets
Resolves: rhbz#1600586 - Allow virtlogd_t domain to chat via dbus with systemd_logind
Resolves: rhbz#1593740 - Allow sblim_sfcbd_t domain to mmap own tmpfs files
Resolves: rhbz#1609384
- Update logging_manage_all_logs() interface to allow caller domain map all logfiles
Resolves: rhbz#1592028 - Dontaudit oracleasm_t domain to request sys_admin capability
- Allow iscsid_t domain to load kernel module
Resolves: rhbz#1589295
- Update rhcs contexts to reflects the latest fenced changes
- Allow httpd_t domain to rw user_tmp_t files
Resolves: rhbz#1608355
- /usr/libexec/udisks2/udisksd should be labeled as devicekit_disk_exec_t
Resolves: rhbz#1521063
- Allow tangd_t dac_read_search
Resolves: rhbz#1607810
- Allow glusterd_t domain to mmap user_tmp_t files
- Allow mongodb_t domain to mmap own var_lib_t files
Resolves: rhbz#1607729
- Allow iscsid_t domain to mmap sysfs_t files
Resolves: rhbz#1602508
- Allow tomcat_domain to search cgroup dirs
Resolves: rhbz#1600188
- Allow httpd_t domain to mmap own cache files
Resolves: rhbz#1603505
- Allow cupsd_t domain to mmap cupsd_etc_t files
Resolves: rhbz#1599694
- Allow kadmind_t domain to mmap krb5kdc_principal_t
Resolves: rhbz#1601004
- Allow virtlogd_t domain to read virt_etc_t link files
Resolves: rhbz#1598593
- Allow dirsrv_t domain to read crack db
Resolves: rhbz#1599726
- Dontaudit pegasus_t to require sys_admin capability
Resolves: rhbz#1374570
- Allow mysqld_t domain to exec mysqld_exec_t binary files
- Allow abrt_t odmain to read rhsmcertd lib files
Resolves: rhbz#1601389
- Allow winbind_t domain to request kernel module loads
Resolves: rhbz#1599236
- Allow gpsd_t domain to getsession and mmap own tmpfs files
Resolves: rhbz#1598388
- Allow smbd_t send to nmbd_t via dgram sockets BZ(1563791)
Resolves: rhbz#1600157
- Allow tomcat_domain to read cgroup_t files
Resolves: rhbz#1601151
- Allow varnishlog_t domain to mmap varnishd_var_lib_t files
Resolves: rhbz#1600704
- Allow dovecot_auth_t domain to manage also dovecot_var_run_t fifo files. BZ(1320415)
Resolves: rhbz#1600692
- Fix ntp SELinux module
- Allow innd_t domain to mmap news_spool_t files
Resolves: rhbz#1600591
- Allow haproxy daemon to reexec itself. BZ(1447800)
Resolves: rhbz#1600578
- Label HOME_DIR/mozilla.pdf file as mozilla_home_t instead of user_home_t
Resolves: rhbz#1559859
- Allow pkcs_slotd_t domain to mmap own tmpfs files
Resolves: rhbz#1600434
- Allow fenced_t domain to reboot
Resolves: rhbz#1293384
- Allow bluetooth_t domain listen on bluetooth sockets BZ(1549247)
Resolves: rhbz#1557299
- Allow lircd to use nsswitch. BZ(1401375)
- Allow targetd_t domain mmap lvm config files
Resolves: rhbz#1546671
- Allow amanda_t domain to read network system state
Resolves: rhbz#1452444
- Allow abrt_t domain to read rhsmcertd logs
Resolves: rhbz#1492059
- Allow application_domain_type also mmap inherited user temp files BZ(1552765)
Resolves: rhbz#1608421
- Allow ipsec_t domain to read l2tpd pid files
Resolves: rhbz#1607994
- Allow systemd_tmpfiles_t do mmap system db files
- Improve domain_transition_pattern to allow mmap entrypoint bin file.
Resolves: rhbz#1460322
- Allow nsswitch_domain to mmap passwd_file_t files BZ(1518655)
Resolves: rhbz#1600528
- Dontaudit syslogd to watching top llevel dirs when imfile module is enabled
Resolves: rhbz#1601928
- Allow ipsec_t can exec ipsec_exec_t
Resolves: rhbz#1600684
- Allow netutils_t domain to mmap usmmon device
Resolves: rhbz#1600586
- Allow netlabel_mgmt_t domain to read sssd public files, stream connect to sssd_t BZ(1483655)
- Allow userdomain sudo domains to use generic ptys
Resolves: rhbz#1564470
- Allow traceroute to create icmp packets
Resolves: rhbz#1548350
- Allow systemd domain to mmap lvm config files BZ(1594584)
- Add new interface lvm_map_config
- refpolicy: Update for kernel sctp support Resolves: rhbz#1597111 Add additional entries to support the kernel SCTP implementation introduced in kernel 4.16 - Update oddjob_domtrans_mkhomedir() interface to allow caller domain also mmap oddjob_mkhomedir_exec_t files
Resolves: rhbz#1596306
- Update rhcs_rw_cluster_tmpfs() interface to allow caller domain to mmap cluster_tmpfs_t files
Resolves: rhbz#1589257
- Allow radiusd_t domain to read network sysctls
Resolves: rhbz#1516233
- Allow chronyc_t domain to use nscd shm
Resolves: rhbz#1596563
- Label /var/lib/tomcats dir as tomcat_var_lib_t
Resolves: rhbz#1596367
- Allow lsmd_t domain to mmap lsmd_plugin_exec_t files
Resolves: rhbz#bea0c8174
- Label /usr/sbin/rhn_check-[0-9]+.[0-9]+ as rpm_exec_t
Resolves: rhbz#1596509
- Update seutil_exec_loadpolicy() interface to allow caller domain to mmap load_policy_exec_t files
Resolves: rhbz#1596072
- Allow xdm_t to read systemd hwdb
Resolves: rhbz#1596720
- Allow dhcpc_t domain to mmap files labeled as ping_exec_t
Resolves: rhbz#1596065 - Allow tangd_t domain to create tcp sockets
Resolves: rhbz#1595775
- Update postfix policy to allow postfix_master_t domain to mmap all postfix* binaries
Resolves: rhbz#1595328
- Allow amanda_t domain to have setgid capability
Resolves: rhbz#1452444
- Update usermanage_domtrans_useradd() to allow caller domain to mmap useradd_exec_t files
Resolves: rhbz#1595667 - Allow abrt_watch_log_t domain to mmap binaries with label abrt_dump_oops_exec_t 
Resolves: rhbz#1591191
- Update cups_filetrans_named_content() to allow caller domain create ppd directory with cupsd_etc_rw_t label
Resolves: rhbz#1452595
- Allow abrt_t domain to write to rhsmcertd pid files
Resolves: rhbz#1492059
- Allow pegasus_t domain to eexec lvm binaries and allow read/write access to lvm control
Resolves: rhbz#1463470
- Add vhostmd_t domain to read/write to svirt images
Resolves: rhbz#1465276
- Dontaudit action when abrt-hook-ccpp is writing to nscd sockets
Resolves: rhbz#1460715
- Update openvswitch policy
Resolves: rhbz#1594729
- Update kdump_manage_kdumpctl_tmp_files() interface to allow caller domain also mmap kdumpctl_tmp_t files
Resolves: rhbz#1583084
- Allow sssd_t and slpad_t domains to mmap generic certs
Resolves: rhbz#1592016
Resolves: rhbz#1592019
- Allow oddjob_t domain to mmap binary files as oddjob_mkhomedir_exec_t files
Resolves: rhbz#1592022
- Update dbus_system_domain() interface to allow system_dbusd_t domain to mmap binary file from second parameter
Resolves: rhbz#1583080
- Allow chronyc_t domain use inherited user ttys
Resolves: rhbz#1593267
- Allow stapserver_t domain to mmap own tmp files
Resolves: rhbz#1593122
- Allow sssd_t domain to mmap files labeled as sssd_selinux_manager_exec_t
Resolves: rhbz#1592026
- Update policy for ypserv_t domain
Resolves: rhbz#1592032
- Allow abrt_dump_oops_t domain to mmap all non security files
Resolves: rhbz#1593728
- Allow svirt_t domain mmap svirt_image_t files
Resolves: rhbz#1592688
- Allow virtlogd_t domain to write inhibit systemd pipes.
Resolves: rhbz#1593740
- Allow sysadm_t and staff_t domains to use sudo io logging
Resolves: rhbz#1564470
- Allow sysadm_t domain create sctp sockets
Resolves: rhbz#1571591
- Update mount_domtrans() interface to allow caller domain mmap mount_exec_t
Resolves: rhbz#1592025
- Allow dhcpc_t to mmap all binaries with label hostname_exec_t, ifconfig_exec_t and netutils_exec_t
Resolves: rhbz#1594661 - Fix typo in logwatch interface file
- Allow spamd_t to manage logwatch_cache_t files/dirs
- Allow dnsmasw_t domain to create own tmp files and manage mnt files
- Allow fail2ban_client_t to inherit rlimit information from parent process
Resolves: rhbz#1513100
- Allow nscd_t to read kernel sysctls
Resolves: rhbz#1512852
- Label /var/log/conman.d as conman_log_t
Resolves: rhbz#1538363
- Add dac_override capability to tor_t domain
Resolves: rhbz#1540711
- Allow certmonger_t to readwrite to user_tmp_t dirs
Resolves: rhbz#1543382
- Allow abrt_upload_watch_t domain to read general certs
Resolves: rhbz#1545098
- Update postfix_domtrans_master() interface to allow caller domain also mmap postfix_master_exec_t binary
Resolves: rhbz#1583087
- Allow postfix_domain to mmap postfix_qmgr_exec_t binaries
Resolves: rhbz#1583088
- Allow postfix_domain to mmap postfix_pickup_exec_t binaries
Resolves: rhbz#1583091
- Allow chornyd_t read phc2sys_t shared memory
Resolves: rhbz#1578883
- Allow virt_qemu_ga_t read utmp
Resolves: rhbz#1571202
- Add several allow rules for pesign policy: Resolves: rhbz#1468744 - Allow pesign domain to read /dev/random - Allow pesign domain to create netlink_kobject_uevent_t sockets - Allow pesign domain create own tmp files
- Add setgid and setuid capabilities to mysqlfd_safe_t domain
Resolves: rhbz#1474440
- Add tomcat_can_network_connect_db boolean
Resolves: rhbz#1477948
- Update virt_use_sanlock() boolean to read sanlock state
Resolves: rhbz#1448799
- Add sanlock_read_state() interface
- Allow postfix_cleanup_t domain to stream connect to all milter sockets BZ(1436026)
Resolves: rhbz#1563423
- Update abrt_domtrans and abrt_exec() interfaces to allow caller domain to mmap binary file
Resolves:rhbz#1583080
- Update nscd_domtrans and nscd_exec interfaces to allow caller domain also mmap nscd binaries
Resolves: rhbz#1583086
- Update snapperd_domtrans() interface to allow caller domain to mmap snapperd_exec_t file
Resolves: rhbz#1583802
- Allow zoneminder_t to getattr of fs_t
Resolves: rhbz#1585328
- Fix denials during ipa-server-install process on F27+
Resolves: rhbz#1586029
- Allow ipa_dnskey_t to exec ipa_dnskey_exec_t files
Resolves: rhbz#1586033
- Allow rhsmcertd_t domain to send signull to postgresql_t domain
Resolves: rhbz#1588119
- Allow policykit_t domain to dbus chat with dhcpc_t
Resolves: rhbz#1364513
- Adding new boolean keepalived_connect_any()
Resolves: rhbz#1443473
- Allow amanda to create own amanda_tmpfs_t files
Resolves: rhbz#1452444
- Add amanda_tmpfs_t label. BZ(1243752)
- Allow gdomap_t domain to connect to qdomap_port_t
Resolves: rhbz#1551944
- Fix typos in sge
- Fix typo in openvswitch policy
- /usr/libexec/bluetooth/obexd should have only obexd_exec_t instead of bluetoothd_exec_t type
- Allow sshd_keygen_t to execute plymouthd
Resolves: rhbz#1583531
- Update seutil_domtrans_setfiles() interface to allow caller domain to do mmap on setfiles_exec_t binary
Resolves: rhbz#1583090
- Allow systemd_networkd_t create and relabel tun sockets
Resolves: rhbz#1583830
- Allow map audisp_exec_t files fordomains executing this binary
Resolves: rhbz#1586042
- Add new interface postgresql_signull()
- Add fs_read_xenfs_files() interface. - /usr/libexec/bluetooth/obexd should have only obexd_exec_t instead of bluetoothd_exec_t type
- Allow dac override capability to mandb_t domain BZ(1529399)
Resolves: rhbz#1423361
- Allow inetd_child process to chat via dbus with abrt
Resolves: rhbz#1428805
- Allow zabbix_agent_t domain to connect to redis_port_t
Resolves: rhbz#1418860
- Allow rhsmcertd_t domain to read xenfs_t files
Resolves: rhbz#1405870
- Allow zabbix_agent_t to run zabbix scripts
Resolves: rhbz#1380697
- Allow rabbitmq_t domain to create own tmp files/dirs
Resolves: rhbz#1546897
- Allow policykit_t mmap policykit_auth_exec_t files
Resolves: rhbz#1583082
- Allow ipmievd_t domain to read general certs
Resolves: rhbz#1514591
- Add sys_ptrace capability to pcp_pmie_t domain
- Allow squid domain to exec ldconfig
Resolves: rhbz#1532017
- Make working gpg agent in gpg_agent_t domain
Resolves: rhbz#1535109
- Update gpg SELinux policy module
- Allow kexec to read kernel module files in /usr/lib/modules.
Resolves: rhbz#1536690
- Allow mailman_domain to read system network state
Resolves: rhbz#1413510
- Allow mailman_mail_t domain to search for apache configs
Resolves: rhbz#1413510
- Allow openvswitch_t domain to read neutron state and read/write fixed disk devices
Resolves: rhbz#1499208
- Allow antivirus_domain to read all domain system state
Resolves: rhbz#1560986
- Allow targetd_t domain to red gconf_home_t files/dirs
Resolves: rhbz#1546671
- Allow freeipmi domain to map sysfs_t files
Resolves: rhbz#1575918
- Label /usr/libexec/bluetooth/obexd as obexd_exec_t
Resolves: rhbz#1351750
- Update rhcs SELinux module
Resolves: rhbz#1589257
- Allow iscsid_t domain mmap kernel modules
Resolves: rhbz#1589295
- Allow iscsid_t domain mmap own tmp files
Resolves: rhbz#1589295
- Update iscsid_domtrans() interface to allow mmap iscsid_exec_t binary
Resolves: rhbz#1589295
- Update nscd_socket_use interface to allow caller domain also mmap nscd_var_run_t files.
Resolves: rhbz#1589271
- Allow nscd_t domain to mmap system_db_t files
Resolves: rhbz#1589271
- Add interface nagios_unconfined_signull()
- Allow lircd_t domain read sssd public files Add setgid capability to lircd_t domain
Resolves: rhbz#1550700
- Add missing requires
- Allow tomcat domain sends email
Resolves: rhbz#1585184
- Allow memcached_t domain nnp_transition becuase of systemd security features BZ(1514867)
Resolves: rhbz#1585714
- Allow kdump_t domain to map /boot files
Resolves: rhbz#1588884
- Fix typo in netutils policy
- Allow confined users get AFS tokens
Resolves: rhbz#1417671
- Allow sysadm_t domain to chat via dbus
Resolves: rhbz#1582146
- Associate sysctl_kernel_t type with filesystem attribute
- Allow confined users to use new socket classes for bluetooth, alg and tcpdiag sockets
Resolves: rhbz#1557299
- Allow user_t and staff_t domains create netlink tcpdiag sockets
Resolves: rhbz#1557281
- Add interface dev_map_sysfs
- Allow xdm_t domain to execute xdm_var_lib_t files
Resolves: rhbz#1589139
- Allow syslogd_t domain to send signull to nagios_unconfined_plugin_t
Resolves: rhbz#1569344
- Label /dev/vhost-vsock char device as vhost_device_t
- Add files_map_boot_files() interface
Resolves: rhbz#1588884
- Update traceroute_t domain to allow create dccp sockets
Resolves: rhbz#1548350 - Update ctdb domain to support gNFS setup 
Resolves: rhbz#1576818
- Allow authconfig_t dbus chat with policykit
Resolves: rhbz#1551241
- Allow lircd_t domain to read passwd_file_t
Resolves: rhbz:#1550700
- Allow lircd_t domain to read system state
Resolves: rhbz#1550700
- Allow smbcontrol_t to mmap samba_var_t files and allow winbind create sockets BZ(1559795)
Resolves: rhbz#1574521
- Allow tangd_t domain read certs
Resolves: rhbz#1509055
- Allow httpd_sys_script_t to connect to mongodb_port_t if boolean httpd_can_network_connect_db  is turned on
Resolves: rhbz:#1579219
- Allow chronyc_t to redirect ourput to /var/lib /var/log and /tmp
Resolves: rhbz#1574418
- Allow ctdb_t domain modify ctdb_exec_t files
Resolves: rhbz#1572584
- Allow chrome_sandbox_t to mmap tmp files
Resolves: rhbz#1574392
- Allow ulogd_t to create netlink_netfilter sockets.
Resolves: rhbz#1575924
- Update ulogd SELinux security policy
- Allow rhsmcertd_t domain send signull to apache processes
Resolves: rhbz#1576555
- Allow freeipmi domain to read sysfs_t files
Resolves: rhbz#1575918
- Allow smbcontrol_t to create dirs with samba_var_t label
Resolves: rhbz#1574521
- Allow swnserve_t domain to stream connect to sasl domain
Resolves: rhbz#1574537
- Allow SELinux users (except guest and xguest) to using bluetooth sockets
Resolves: rhbz#1557299
- Allow confined users to use new socket classes for bluetooth, alg and tcpdiag sockets
Resolves: rhbz#1557299
- Fix broken sysadm SELinux module
Resolves: rhbz#1557311
- Allow user_t and staff_t domains create netlink tcpdiag sockets
Resolves: rhbz#1557281
- Update ssh_domtrans_keygen interface to allow mmap ssh_keygen_exec_t binary file
Resolves: rhbz#1583089
- Allow systemd_networkd_t to read/write tun tap devices
Resolves: rhbz#1583830
- Add bridge_socket, dccp_socket, ib_socket and mpls_socket to socket_class_set
Resolves: rhbz#1583771
- Allow audisp_t domain to mmap audisp_exec_t binary
Resolves: rhbz#1583551
- Fix duplicates in sysadm.te file
Resolves: rhbz#1307183
- Allow sysadm_u use xdm
Resolves: rhbz#1307183
- Fix typo in sysnetwork.if file
Resolves: rhbz#1581551 - Fix duplicates in sysadm.te file
Resolves: rhbz#1307183 - Allow sysadm_u use xdm
Resolves: rhbz#1307183 - Allow httpd_sys_script_t to connect to mongodb_port_t if boolean httpd_can_network_connect_db  is turned on
Resolves: rhbz:#1579219
- Allow chronyc_t to redirect ourput to /var/lib /var/log and /tmp
Resolves: rhbz#1574418
- Allow chrome_sandbox_t to mmap tmp files
Resolves: rhbz#1574392
- Allow ulogd_t to create netlink_netfilter sockets.
Resolves: rhbz#1575924
- Update ulogd SELinux security policy
- Allow rhsmcertd_t domain send signull to apache processes
Resolves: rhbz#1576555
- Allow freeipmi domain to read sysfs_t files
Resolves: rhbz#1575918
- Allow smbcontrol_t to create dirs with samba_var_t label
Resolves: rhbz#1574521
- Allow swnserve_t domain to stream connect to sasl domain
Resolves: rhbz#1574537
- Fix typo in sysnetwork.if file
Resolves: rhbz#1581551 - Fix typo in sysnetwork.if file
Resolves: rhbz#1581551 - Improve procmail_domtrans() to allow mmaping procmail_exec_t
- Allow hypervvssd_t domain to read fixed disk devices
Resolves: rhbz#1581225
- Improve modutils_domtrans_insmod() interface to mmap insmod_exec_t binaries
Resolves: rhbz#1581551
- Improve iptables_domtrans() interface to allow mmaping iptables_exec_t binary
Resolves: rhbz#1581551
- Improve auth_domtrans_login_programinterface to allow also mmap login_exec_t binaries
Resolves: rhbz#1581551
- Improve auth_domtrans_chk_passwd() interface to allow also mmaping chkpwd_exec_t binaries.
Resolves: rhbz#1581551
- Allow mmap dhcpc_exec_t binaries in sysnet_domtrans_dhcpc interface - Add dbus_stream_connect_system_dbusd() interface.
- Allow pegasus_t domain to mount tracefs_t filesystem
Resolves:rhbz#1374570
- Allow psad_t domain to read all domains state
Resolves: rhbz#1558439
- Add net_raw capability to named_t domain BZ(1545586)
- Allow tomcat_t domain to connect to mongod_t tcp port
Resolves:rhbz#1539748
- Allow dovecot and postfix to connect to systemd stream sockets
Resolves: rhbz#1368642
- Label /usr/libexec/bluetooth/obexd as bluetoothd_exec_t to run process as bluetooth_t
Resolves:rhbz#1351750
- Rename tang policy to tangd
- Add interface systemd_rfkill_domtrans()
- Allow users staff and sysadm to run wireshark on own domain
Resolves:rhbz#1546362
- Allow systemd-bootchart to create own tmpfs files
Resolves:rhbz#1510412 - Rename tang policy to tangd
- Allow virtd_t domain to relabel virt_var_lib_t files 
Resolves: rhbz#1558121
- Allow logrotate_t domain to stop services via systemd
Resolves: rhbz#1527522
- Add tang policy
Resolves: rhbz#1509055
- Allow mozilla_plugin_t to create mozilla.pdf file in user homedir with label mozilla_home_t
Resolves: rhbz#1559859
- Improve snapperd SELinux policy
Resolves: rhbz#1365555
- Allow snapperd_t daemon to create unlabeled dirs.
Resolves: rhbz#1365555
- We have inconsistency in cgi templates with upstream, we use _content_t, but refpolicy use httpd__content_t. Created aliasses to make it consistence
Resolves: rhbz#1271324
- Allow Openvswitch adding netdev bridge ovs 2.7.2.10 FDP
Resolves: rhbz#1503835
- Add new Boolean tomcat_use_execmem
Resolves: rhbz#1565226
- Allow domain transition from logrotate_t to chronyc_t
Resolves: rhbz#1568281
- Allow nfsd_t domain to read/write sysctl fs files
Resolves: rhbz#1516593
- Allow conman to read system state
Resolves: rhbz#1377915
- Allow lircd_t to exec shell and add capabilities dac_read_search and dac_override
Resolves: rhbz#1550700
- Allow usbmuxd to access /run/udev/data/+usb:*.
Resolves: rhbz#1521054
- Allow abrt_t domain to manage kdump crash files 
Resolves: rhbz#1491585
- Allow systemd to use virtio console
Resolves: rhbz#1558121
- Allow transition from sysadm role into mdadm_t domain.
Resolves: rhbz#1551568
- Label /dev/op_panel and /dev/opal-prd as opal_device_t
Resolves: rhbz#1537618
- Label /run/ebtables.lock as iptables_var_run_t
Resolves: rhbz#1511437
- Allow udev_t domain to manage udev_rules_t char files.
Resolves: rhbz#1545094
- Allow nsswitch_domain to read virt_var_lib_t files, because of libvirt NSS plugin.
Resolves: rhbz#1567753
- Fix filesystem inteface file, we don't have nsfs_fs_t type, just nsfs_t
Resolves: rhbz#1547700
- Allow iptables_t domain to create dirs in etc_t with system_conf_t labels - Add new boolean redis_enable_notify()
Resolves: rhbz#1421326
- Label  /var/log/shibboleth-www(/.*) as httpd_sys_rw_content_t
Resolves: rhbz#1549514
- Add new label for vmtools scripts and label it as vmtools_unconfined_t stored in /etc/vmware-tools/
Resolves: rbhz#1463593
- Remove labeling for /etc/vmware-tools to bin_t it should be vmtools_unconfined_exec_t
Resolves: rbhz#1463593 - Backport several changes for snapperdfrom Fedora Rawhide
Resolves: rhbz#1556798
- Allow snapperd_t to set priority for kernel processes
Resolves: rhbz#1556798
- Make ganesha nfs server.
Resolves: rhbz#1511489
- Allow vxfs filesystem to use SELinux labels
Resolves: rhbz#1482880
- Add map permission to selinux-policy
Resolves: rhbz#1460322 - Label /usr/libexec/dbus-1/dbus-daemon-launch-helper  as dbusd_exec_t to have systemd dbus services running in the correct domain instead of unconfined_service_t if unconfined.pp module is enabled.
Resolves: rhbz#1546721 - Allow openvswitch_t stream connect svirt_t
Resolves: rhbz#1540702 - Allow openvswitch domain to manage svirt_tmp_t sock files
Resolves: rhbz#1540702
- Fix broken systemd_tmpfiles_run() interface - Allow dirsrv_t domain to create tmp link files
Resolves: rhbz#1536011
- Label /usr/sbin/ldap-agent as dirsrv_snmp_exec_t
Resolves: rhbz#1428568
- Allow ipsec_mgmt_t execute ifconfig_exec_t binaries
- Allow ipsec_mgmt_t nnp domain transition to ifconfig_t
Resolves: rhbz#1539416 - Allow svirt_domain to create socket files in /tmp with label svirt_tmp_t
Resolves: rhbz#1540702
- Allow keepalived_t domain getattr proc filesystem
Resolves: rhbz#1477542
- Rename svirt_sandbox_file_t to container_file_t and svirt_lxc_net_t to container_t
Resolves: rhbz#1538544
- Allow ipsec_t nnp transistions to domains ipsec_mgmt_t and ifconfig_t
Resolves: rhbz:#1539416
- Allow systemd_logind_t domain to bind on dhcpd_port_t,pki_ca_port_t,flash_port_t
Resolves: rhbz#1479350 - Allow openvswitch_t domain to read cpuid, write to sysfs files and creating openvswitch_tmp_t sockets
Resolves: rhbz#1535196
- Add new interface ppp_filetrans_named_content()
Resolves: rhbz#1530601
- Allow keepalived_t read sysctl_net_t files
Resolves: rhbz#1477542
- Allow puppetmaster_t domtran to puppetagent_t
Resolves: rhbz#1376893
- Allow kdump_t domain to read kernel ring buffer
Resolves: rhbz#1540004
- Allow ipsec_t domain to exec ifconfig_exec_t binaries.
Resolves: rhbz#1539416
- Allow unconfined_domain_typ to create pppd_lock_t directory in /var/lock
Resolves: rhbz#1530601
- Allow updpwd_t domain to create files in /etc with shadow_t label
Resolves: rhbz#1412838
- Allow iptables sysctl load list support with SELinux enforced
Resolves: rhbz#1535572 - Allow virt_domains to acces infiniband pkeys.
Resolves: rhbz#1533183
- Label /usr/libexec/ipsec/addconn as ipsec_exec_t to run this script as ipsec_t instead of init_t
Resolves: rhbz#1535133
- Allow audisp_remote_t domain write to files on all levels
Resolves: rhbz#1534924 - Allow vmtools_t domain creating vmware_log_t files
Resolves: rhbz#1507048
- Allow openvswitch_t domain to acces infiniband devices
Resolves: rhbz#1532705 - Allow chronyc_t domain to manage chronyd_keys_t files.
Resolves: rhbz#1530525
- Make virtlog_t domain system dbus client
Resolves: rhbz#1481109
- Update openvswitch SELinux module
Resolves: rhbz#1482682
- Allow virtd_t to create also sock_files with label virt_var_run_t
Resolves: rhbz#1484075 - Allow domains that manage logfiles to man logdirs
Resolves: rhbz#1523811 - Label /dev/drm_dp_aux* as xserver_misc_device_t
Resolves: rhbz#1520897
- Allow sysadm_t to run puppet_exec_t binaries as puppet_t
Resolves: rhbz#1255745 - Allow tomcat_t to manage pki_tomcat pid files
Resolves: rhbz#1478371
- networkmanager: allow talking to openvswitch
Resolves: rhbz#1517247
- Allow networkmanager_t and opensm_t to manage subned endports for IPoIB VLANs
Resolves: rhbz#1517895
- Allow domains networkmanager_t and opensm_t to control IPoIB VLANs
Resolves: rhbz#1517744
- Fix typo in guest interface file
Resolves: rhbz#1468254
- Allow isnsd_t domain to accept tcp connections.
Resolves: rhbz#1390208 - Allow getty to use usbttys
Resolves: rhbz#1514235 - Allow ldap_t domain to manage also slapd_tmp_t lnk files
Resolves: rhbz#1510883
- Allow cluster_t domain creating bundles directory with label var_log_t instead of cluster_var_log_t
Resolves: rhbz:#1508360
- Add dac_read_search and dac_override capabilities to ganesha
Resolves: rhbz#1483451 - Add dependency for policycoreutils-2.5.18 becuase of new cgroup_seclabel policy capability
Resolves: rhbz#1510145 - Allow jabber domains to connect to postgresql ports
Resolves: rhbz#1438489
- Dontaudit accountsd domain creating dirs in /root
Resolves: rhbz#1456760 
- Dontaudit slapd_t to block suspend system
Resolves: rhbz: #1479759 
- Allow spamc_t to stream connect to cyrus.
Resolves: rhbz#1382955 
- allow imapd to read /proc/net/unix file
Resolves: rhbz#1393030 
- Allow passenger to connect to mysqld_port_t
Resolves: rhbz#1433464 - Allow chronyc_t domain to use user_ptys
Resolves: rhbz#1470150
- allow ptp4l to read /proc/net/unix file
- Allow conmand to use usb ttys.
Resolves: rhbz#1505121
- Label all files /var/log/opensm.* as opensm_log_t because opensm creating new log files with name opensm-subnet.lst
Resolves: rhbz#1505845
- Allow chronyd daemon to execute chronyc.
Resolves: rhbz#1508486
- Allow firewalld exec ldconfig.
Resolves: rhbz#1375576
- Allow mozilla_plugin_t domain to dbus chat with devicekit
Resolves: rhbz#1460477
- Dontaudit leaked logwatch pipes
Resolves: rhbz#1450119
- Label /usr/bin/VGAuthService as vmtools_exec_t to confine this daemon.
Resolves: rhbz#1507048
- Allow httpd_t domain to execute hugetlbfs_t files
Resolves: rhbz#1507682
- Allow nfsd_t domain to read configfs_t files/dirs
Resolves: rhbz#1439442
- Hide all allow rules with ptrace inside deny_ptrace boolean
Resolves: rhbz#1421075
- Allow tgtd_t domain to read generic certs
Resolves: rhbz#1438532
- Allow ptp4l to send msgs via dgram socket to unprivileged user domains
Resolves: rhbz#1429853
- Allow dirsrv_snmp_t to use inherited user ptys and read system state
Resolves: rhbz#1428568
- Allow glusterd_t domain to create own tmpfs dirs/files
Resolves: rhbz#1411310
- Allow keepalived stream connect to snmp
Resolves: rhbz#1401556
- After fix in kernel where LSM hooks for dac_override and dac_search_read capability was swaped we need to fix it also in policy
Resolves: rhbz#1507089 - Allow pegasus_openlmi_services_t to read generic certs
Resolves: rhbz#1462292
- Allow ganesha_t domain to read random device
Resolves: rhbz#1494382
- Allow zabbix_t domain to change its resource limits
Resolves: rhbz:#1504074
- Add new boolean nagios_use_nfs
Resolves: rhbz#1504826
- Allow system_mail_t to search network sysctls
Resolves: rhbz#1505779
- Add samba_manage_var_dirs() interface
- Fix typo bug in virt filecontext file
- Allow nagios_script_t to read nagios_spool_t files
Resolves: rhbz#1426824
- Allow samba to manage var dirs/files
Resolves: rhbz#1415088
- Allow sbd_t to create own sbd_tmpfs_t dirs/files
Resolves: rhbz#1380795
- Allow firewalld and networkmanager to chat with hypervkvp via dbus
Resolves: rhbz#1377276
- Allow dmidecode to read rhsmcert_log_t files
Resolves: rhbz#1300799
- Allow mail system to connect mariadb sockets.
Resolves: rhbz#1368642
- Allow logrotate_t to change passwd and reloead services
Resolves: rhbz#1450789
- Allow mail system to connect mariadb sockets.
Resolves: rhbz#1368642
- Allow logrotate_t to change passwd and reloead services
Resolves: rhbz#1450789
- Allow pegasus_openlmi_services_t to read generic certs
Resolves: rhbz#1462292
- Allow ganesha_t domain to read random device
Resolves: rhbz#1494382
- Allow zabbix_t domain to change its resource limits
Resolves: rhbz:#1504074
- Add new boolean nagios_use_nfs
Resolves: rhbz#1504826
- Allow system_mail_t to search network sysctls
Resolves: rhbz#1505779
- Add samba_manage_var_dirs() interface
- Fix typo bug in virt filecontext file
- Allow nagios_script_t to read nagios_spool_t files
Resolves: rhbz#1426824
- Allow samba to manage var dirs/files
Resolves: rhbz#1415088
- Allow sbd_t to create own sbd_tmpfs_t dirs/files
Resolves: rhbz#1380795
- Allow firewalld and networkmanager to chat with hypervkvp via dbus
Resolves: rhbz#1377276
- Allow dmidecode to read rhsmcert_log_t files
Resolves: rhbz#1300799
- Allow mail system to connect mariadb sockets.
Resolves: rhbz#1368642
- Allow logrotate_t to change passwd and reloead services
Resolves: rhbz#1450789
- Allow chronyd_t do request kernel module and block_suspend capability
Resolves: rhbz#1350765
- Allow system_cronjob_t to create /var/lib/letsencrypt dir with right label
Resolves: rhbz#1447278
- Allow httpd_t also read httpd_user_content_type dirs when httpd_enable_homedirs is enables
Resolves: rhbz#1491994
- Allow svnserve to use kerberos
Resolves: rhbz#1475271
- Allow conman to use ptmx. Add conman_use_nfs boolean
Resolves: rhbz#1377915
- Add nnp transition for services using: NoNewPrivileges systemd security feature
Resolves: rhbz#1311430
- Add SELinux support for chronyc
Resolves: rhbz#1470150
- Add dac_read_search capability to openvswitch_t domain
Resolves: rhbz#1501336
- Allow svnserve to manage own svnserve_log_t files/dirs
Resolves: rhbz#1480741
- Allow keepalived_t to search network sysctls
Resolves: rhbz#1477542
- Allow puppetagent_t domain dbus chat with rhsmcertd_t domain
Resolves: rhbz#1446777
- Add dccp_socket into socker_class_set subset
Resolves: rhbz#1459941
- Allow iptables_t to run setfiles to restore context on system
Resolves: rhbz#1489118
- Label 20514 tcp/udp ports as syslogd_port_t Label 10514 tcp/udp portas as syslog_tls_port_t
Resolves: rhbz:#1411400
- Make nnp transition Active
Resolves: rhbz#1480518
- Label tcp 51954 as isns_port_t
Resolves: rhbz#1390208
- Add dac_read_search capability chkpwd_t
Resolves: rhbz#1376991
- Add support for running certbot(letsencrypt) in crontab
Resolves: rhbz#1447278
- Add init_nnp_daemon_domain interface
- Allow xdm_t to gettattr /dev/loop-control device
Resolves: rhbz#1462925
- Allow nnp trasintion for unconfined_service_t
Resolves: rhbz#1311430
- Allow unpriv user domains and unconfined_service_t to use chronyc
Resolves: rhbz#1470150
- Allow iptables to exec plymouth.
Resolves: rhbz#1480374
- Fix typo in fs_unmount_tracefs interface.
Resolves: rhbz#1371057
- Label postgresql-check-db-dir as postgresql_exec_t
Resolves: rhbz#1490956 - We should not ship selinux-policy with permissivedomains enabled.
Resolves: rhbz#1494172
- Fix order of installing selinux-policy-sandbox, because of depedencied in sandbox module, selinux-policy-targeted needs to be installed before selinux-policy-sandbox
Resolves: rhbz#1492606 - Allow tomcat to setsched 
Resolves: rhbz#1492730
- Fix rules blocking ipa-server upgrade process
Resolves: rhbz#1478371
- Add new boolean tomcat_read_rpm_db()
Resolves: rhbz#1477887
- Allow tomcat to connect on mysqld tcp ports
- Add ctdbd_t domain sys_source capability and allow setrlimit
Resolves: rhbz#1491235
- Fix keepalived SELinux module
- Allow automount domain to manage mount pid files
Resolves: rhbz#1482381
- Allow stunnel_t domain setsched
Resolves: rhbz#1479383
- Add keepalived domain setpgid capability
Resolves: rhbz#1486638
- Allow tomcat domain to connect to mssql port
Resolves: rhbz#1484572
- Remove snapperd_t from unconfined domaines
Resolves: rhbz#1365555
- Fix typo bug in apache module
Resolves: rhbz#1397311
- Dontaudit that system_mail_t is trying to read /root/ files
Resolves: rhbz#1147945
- Make working webadm_t userdomain
Resolves: rhbz#1323792
- Allow redis domain to execute shell scripts.
Resolves: rhbz#1421326
- Allow system_cronjob_t to create redhat-access-insights.log with var_log_t
Resolves: rhbz#1473303
- Add couple capabilities to keepalived domain and allow get attributes of all domains
Resolves: rhbz#1429327
- Allow dmidecode read rhsmcertd lock files
Resolves: rhbz#1300799
- Add new interface rhsmcertd_rw_lock_files()
Resolves: rhbz#1300799
- Label all plymouthd archives as plymouthd_var_log_t
Resolves: rhbz#1478323
- Allow cloud_init_t to dbus chat with systemd_timedated_t
Resolves: rhbz#1440730
- Allow logrotate_t to write to kmsg
Resolves: rhbz#1397744
- Add capability kill to rhsmcertd_t
Resolves: rhbz#1398338
- Disable mysqld_safe_t secure mode environment cleansing.
Resolves: rhbz#1464063
- Allow winbind to manage smbd_tmp_t files
Resolves: rhbz#1475566
- Dontaudit that system_mail_t is trying to read /root/ files
Resolves: rhbz#1147945
- Make working webadm_t userdomain
Resolves: rhbz#1323792
- Allow redis domain to execute shell scripts.
Resolves: rhbz#1421326
- Allow system_cronjob_t to create redhat-access-insights.log with var_log_t
Resolves: rhbz#1473303
- Add couple capabilities to keepalived domain and allow get attributes of all domains
Resolves: rhbz#1429327
- Allow dmidecode read rhsmcertd lock files
Resolves: rhbz#1300799
- Add new interface rhsmcertd_rw_lock_files()
Resolves: rhbz#1300799
- Label all plymouthd archives as plymouthd_var_log_t
Resolves: rhbz#1478323 
- Allow cloud_init_t to dbus chat with systemd_timedated_t
Resolves: rhbz#1440730
- Allow logrotate_t to write to kmsg
Resolves: rhbz#1397744
- Add capability kill to rhsmcertd_t
Resolves: rhbz#1398338
- Disable mysqld_safe_t secure mode environment cleansing.
Resolves: rhbz#1464063
- Allow winbind to manage smbd_tmp_t files
Resolves: rhbz#1475566
- Add interface systemd_tmpfiles_run
- End of file cannot be in comment
- Allow systemd-logind to use ypbind
Resolves: rhbz#1479350
- Add creating opasswd file with shadow_t SELinux label in auth_manage_shadow() interface
Resolves: rhbz#1412838
- Allow sysctl_irq_t assciate with proc_t
Resolves: rhbz#1485909
- Enable cgourp sec labeling
Resolves: rhbz#1485947
- Add cgroup_seclabel policycap.
Resolves: rhbz#1485947
- Allow sshd_t domain to send signull to xdm_t processes
Resolves: rhbz#1448959
- Allow updpwd_t domain auth file name trans
Resolves: rhbz#1412838
- Allow sysadm user to run systemd-tmpfiles
Resolves: rbhz#1325364
- Add support labeling for vmci and vsock device
Resolves: rhbz#1451358
- Add userdom_dontaudit_manage_admin_files() interface
Resolves: rhbz#1323792
- Allow iptables_t domain to read files with modules_conf_t label
Resolves: rhbz#1373220
- init: Add NoNewPerms support for systemd.
Resolves: rhbz#1480518
- Add nnp_nosuid_transition policycap and related class/perm definitions.
Resolves: rhbz#1480518
- refpolicy: Infiniband pkeys and endports
Resolves: rhbz#1464484 - Allow certmonger using systemctl on pki_tomcat unit files
Resolves: rhbz#1481388 - Allow targetd_t to create own tmp files.
- Dontaudit targetd_t to exec rpm binary file.
Resolves: rhbz#1373860
Resolves: rhbz#1424621 - Add few rules to make working targetd daemon with SELinux
Resolves: rhbz#1373860
- Allow ipmievd_t domain to load kernel modules
Resolves: rhbz#1441081
- Allow logrotate to reload transient systemd unit
Resolves: rhbz#1440515
- Add certwatch_t domain dac_override and dac_read_search capabilities
Resolves: rhbz#1422000
- Allow postgrey to execute bin_t files and add postgrey into nsswitch_domain
Resolves: rhbz#1412072
- Allow nscd_t domain to search network sysctls
Resolves: rhbz#1432361
- Allow iscsid_t domain to read mount pid files
Resolves: rhbz#1482097
- Allow ksmtuned_t domain manage sysfs_t files/dirs
Resolves: rhbz#1413865
- Allow keepalived_t domain domtrans into iptables_t
Resolves: rhbz#1477719
- Allow rshd_t domain reads net sysctls
Resolves: rhbz#1477908
- Add interface seutil_dontaudit_read_module_store()
- Update interface lvm_rw_pipes() by adding also open permission
- Label /dev/clp device as vfio_device_t
Resolves: rhbz#1477624
- Allow ifconfig_t domain unmount fs_t
Resolves: rhbz#1477445
- Label /dev/gpiochip* devices as gpio_device_t
Resolves: rhbz#1477618
- Add interface  dev_manage_sysfs()
Resolves: rhbz#1474989 - Label /usr/libexec/sudo/sesh as shell_exec_t
Resolves: rhbz#1480791 - Allow tomcat_t domain couple capabilities to make working tomcat-jsvc
Resolves: rhbz#1470735 - Allow llpdad send dgram to libvirt
Resolves: rhbz#1472722 - Add new boolean gluster_use_execmem
Resolves: rhbz#1469027
- Allow cluster_t and glusterd_t domains to dbus chat with ganesha service
Resolves: rhbz#1468581 - Dontaudit staff_t user read admin_home_t files.
Resolves: rhbz#1290633 - Allow couple rules needed to start targetd daemon with SELinux in enforcing mode
Resolves: rhbz#1424621
- Add interface lvm_manage_metadata
Resolves: rhbz#1424621 - Allow sssd_t to read realmd lib files.
Resolves: rhbz#1436689
- Add permission open to files_read_inherited_tmp_files() interface
Resolves: rhbz#1290633
Resolves: rhbz#1457106 - Allow unconfined_t user all user namespace capabilties.
Resolves: rhbz#1461488 - Allow httpd_t to read realmd_var_lib_t files Resolves: rhbz#1436689 - Allow named_t to bind on udp 4321 port
Resolves: rhbz#1312972
- Allow systemd-sysctl cap. sys_ptrace
Resolves: rhbz#1458999 - Allow pki_tomcat_t execute ldconfig.
Resolves: rhbz#1436689 - Allow iscsi domain load kernel module.
Resolves: rhbz#1457874
- Allow keepalived domain connect to squid tcp port
Resolves: rhbz#1457455
- Allow krb5kdc_t domain read realmd lib files.
Resolves: rhbz#1436689
- xdm_t should view kernel keys
Resolves: rhbz#1432645 - Allow tomcat to connect on all unreserved ports
- Allow ganesha to connect to all rpc ports
Resolves: rhbz#1448090
- Update ganesha with another fixes.
Resolves: rhbz#1448090
- Update rpc_read_nfs_state_data() interface to allow read also lnk_files.
Resolves: rhbz#1448090
- virt_use_glusterd boolean should be in optional block Update ganesha module to allow create tmp files
Resolves: rhbz#1448090
- Hide broken symptoms when machine is configured with network bounding. - Add new boolean virt_use_glusterd
Resolves: rhbz#1455994
- Add capability sys_boot for sbd_t domain
- Allow sbd_t domain to create rpc sysctls.
Resolves: rhbz#1455631
- Allow ganesha_t domain to manage glusterd_var_run_t pid files.
Resolves: rhbz#1448090 - Create new interface: glusterd_read_lib_files()
- Allow ganesha read glusterd lib files.
- Allow ganesha read network sysctls
Resolves: rhbz#1448090 - Add few allow rules to ganesha module
Resolves: rhbz#1448090
- Allow condor_master_t to read sysctls.
Resolves: rhbz#1277506
- Add dac_override cap to ctdbd_t domain
Resolves: rhbz#1435708
- Label 8750 tcp/udp port as dey_keyneg_port_t
Resolves: rhbz#1448090 - Add ganesha_use_fusefs boolean.
Resolves: rhbz#1448090 - Allow httpd_t reading kerberos kdc config files
Resolves: rhbz#1452215
- Allow tomcat_t domain connect to ibm_dt_2 tcp port.
Resolves: rhbz#1447436
- Allow stream connect to initrc_t domains
Resolves: rhbz#1447436
- Allow  dnsmasq_t domain to read systemd-resolved pid files.
Resolves: rhbz#1453114
- Allow tomcat domain name_bind on tcp bctp_port_t
Resolves: rhbz#1451757
- Allow smbd_t domain generate debugging files under /var/run/gluster. These files are created through the libgfapi.so library that provides integration of a GlusterFS client in the Samba (vfs_glusterfs) process.
Resolves: rhbz#1447669
- Allow condor_master_t write to sysctl_net_t
Resolves: rhbz#1277506
- Allow nagios check disk plugin read /sys/kernel/config/
Resolves: rhbz#1277718
- Allow pcp_pmie_t domain execute systemctl binary
Resolves: rhbz#1271998
- Allow nagios to connect to stream sockets. Allow nagios start httpd via systemctl
Resolves: rhbz#1247635
- Label tcp/udp port 1792 as ibm_dt_2_port_t
Resolves: rhbz#1447436
- Add interface fs_read_configfs_dirs()
- Add interface fs_read_configfs_files()
- Fix systemd_resolved_read_pid interface
- Add interface systemd_resolved_read_pid()
Resolves: rhbz#1453114
- Allow sshd_net_t domain read/write into crypto devices
Resolves: rhbz#1452759
- Label 8999 tcp/udp as bctp_port_t
Resolves: rhbz#1451757 - nmbd_t needs net_admin capability like smbd
Resolves: rhbz#1431859
- Dontaudit net_admin capability for domains postfix_master_t and postfix_qmgr_t
Resolves: rhbz#1431859
- Allow rngd domain read sysfs_t
Resolves: rhbz#1451735
- Add interface pki_manage_common_files()
Resolves: rhbz#1447436
- Allow tomcat_t domain to manage pki_common_t files and dirs
Resolves: rhbz#1447436
- Use stricter fc rules for sssd sockets in /var/run
Resolves: rhbz#1448060
- Allow certmonger reads httpd_config_t files
Resolves: rhbz#1436689
- Allow keepalived_t domain creating netlink_netfilter_socket.
Resolves: rhbz#1451684
- Allow tomcat domain read rpm_var_lib_t files Allow tomcat domain exec rpm_exec_t files Allow tomcat domain name connect on oracle_port_t Allow tomcat domain read cobbler_var_lib_t files.
Resolves: rhbz#1451318
- Make able deply overcloud via neutron_t to label nsfs as fs_t
Resolves: rhbz#1373321 - Allow tomcat domain read rpm_var_lib_t files Allow tomcat domain exec rpm_exec_t files Allow tomcat domain name connect on oracle_port_t Allow tomcat domain read cobbler_var_lib_t files.
Resolves: rhbz#1451318
- Allow sssd_t domain creating sock files labeled as sssd_var_run_t in /var/run/
Resolves: rhbz#1448056 Resolves: rhbz#1448060
- Allow tomcat_domain connect to    * postgresql_port_t    * amqp_port_t Allow tomcat_domain read network sysctls
Resolves: rhbz#1450819
- Make able deply overcloud via neutron_t to label nsfs as fs_t
Resolves: rhbz#1373321
- Allow netutils setpcap capability
Resolves:1444438 - Update targetd policy to accommodate changes in the service
Resolves: rhbz#1424621
- Allow tomcat_domain connect to    * postgresql_port_t    * amqp_port_t Allow tomcat_domain read network sysctls
Resolves: rhbz#1450819
- Update virt_rw_stream_sockets_svirt() interface to allow confined users set socket options.
Resolves: rhbz#1415841
- Allow radius domain stream connec to postgresql
Resolves: rhbz#1446145
- Allow virt_domain to read raw fixed_disk_device_t to make working blockcommit
Resolves: rhbz#1449977
- Allow glusterd_t domain start ganesha service
Resolves: rhbz#1448090
- Made few cosmetic changes in sssd SELinux module
Resolves: rhbz#1448060
- sssd-kcm should not run as unconfined_service_t BZ(1447411)
Resolves: rhbz#1448060
- Add sssd_secrets labeling Also add named_filetrans interface to make sure all labels are correct
Resolves: rhbz#1448056
- Allow keepalived_t domain read usermodehelper_t
Resolves: rhbz#1449769
- Allow tomcat_t domain read pki_common_t files
Resolves: rhbz#1447436
- Add interface pki_read_common_files()
Resolves: rhbz#1447436 - Allow hypervkvp_t domain execute hostname
Resolves: rhbz#1449064
- Dontaudit sssd_selinux_manager_t use of net_admin capability
Resolves: rhbz#1444955
- Allow tomcat_t stream connect to pki_common_t
Resolves: rhbz#1447436
- Dontaudit xguest_t's attempts to listen to its tcp_socket
- Allow sssd_selinux_manager_t to ioctl init_t sockets
Resolves: rhbz#1436689
- Allow <role>_su_t to create netlink_selinux_socket
Resolves rhbz#1146987
- Allow unconfined_t to module_load any file
Resolves rhbz#1442994 - Improve ipa_cert_filetrans_named_content() interface to also allow caller domain manage ipa_cert_t type.
Resolves: rhbz#1436689 - Allow pki_tomcat_t domain read /etc/passwd.
Resolves: rhbz#1436689
- Allow tomcat_t domain read ipa_tmp_t files
Resolves: rhbz#1436689
- Label new path for ipa-otpd
Resolves: rhbz#1446353
- Allow radiusd_t domain stream connect to postgresql_t
Resolves: rhbz#1446145
- Allow rhsmcertd_t to execute hostname_exec_t binaries.
Resolves: rhbz#1445494
- Allow virtlogd to append nfs_t files when virt_use_nfs=1
Resolves: rhbz#1402561 - Update tomcat policy to adjust for removing unconfined_domain attr.
Resolves: rhbz#1432083
- Allow httpd_t domain read also httpd_user_content_type lnk_files.
Resolves: rhbz#1383621
- Allow httpd_t domain create /etc/httpd/alias/ipaseesion.key with label ipa_cert_t
Resolves: rhbz#1436689
- Dontaudit <user>_gkeyringd_t stream connect to system_dbusd_t
Resolves: rhbz#1052880
- Label /var/www/html/nextcloud/data as httpd_sys_rw_content_t
Resolves: rhbz#1425530
- Add interface ipa_filetrans_named_content()
Resolves: rhbz#1432115
- Allow tomcat use nsswitch
Resolves: rhbz#1436689
- Allow certmonger_t start/status generic services
Resolves: rhbz#1436689
- Allow dirsrv read cgroup files.
Resolves: rhbz#1436689
- Allow ganesha_t domain read/write infiniband devices.
Resolves: rhbz#1383784
- Allow sendmail_t domain sysctl_net_t files
Resolves: rhbz#1369376
- Allow targetd_t domain read network state and getattr on loop_control_device_t
Resolves: rhbz#1373860
- Allow condor_schedd_t domain send mails.
Resolves: rhbz#1277506
- Alow certmonger to create own systemd unit files.
Resolves: rhbz#1436689
- Allow staff to systemctl virt server when staff_use_svirt=1
Resolves: rhbz#1415841
- Allow unconfined_t create /tmp/ca.p12 file with ipa_tmp_t context
Resolves: rhbz#1432115
- Label /sysroot/ostree/deploy/rhel-atomic-host/* as root_t
Resolves: rhbz#1428112 - Alow certmonger to create own systemd unit files.
Resolves: rhbz#1436689 - Hide broken symptoms when using kernel 3.10.0-514+ with network bonding. Postfix_picup_t domain requires NET_ADMIN capability which is not really needed.
Resolves: rhbz#1431859
- Fix policy to reflect all changes in new IPA release
Resolves: rhbz#1432115
Resolves: rhbz#1436689 - Allow sbd_t to read/write fixed disk devices
Resolves: rhbz#1440165
- Add sys_ptrace capability to radiusd_t domain
Resolves: rhbz#1426641
- Allow cockpit_session_t domain connects to ssh tcp ports.
Resolves: rhbz#1413509 - Update tomcat policy to make working ipa install process
Resolves: rhbz#1436689 - Allow pcp_pmcd_t net_admin capability.
- Allow pcp_pmcd_t read net sysctls
- Allow system_cronjob_t create /var/run/pcp with pcp_var_run_t
Resolves: rhbz#1336211 - Fix all AVC denials during pkispawn of CA
Resolves: rhbz#1436383
- Update pki interfaces and tomcat module
Resolves: rhbz#1436689 - Update pki interfaces and tomcat module
Resolves: rhbz#1436689 - Dontaudit firewalld wants write to /root
Resolves: rhbz#1438708
- Dontaudit firewalld to create dirs in /root/
Resolves: rhbz#1438708
- Allow sendmail to search network sysctls
Resolves: rhbz#1369376
- Add interface gssd_noatsecure()
Resolves: rhbz#1438036
- Add interface gssproxy_noatsecure()
Resolves: rhbz#1438036
- Dontaudit pcp_pmlogger_t search for xserver logs. Allow pcp_pmlogger_t to send signals to unconfined doamins Allow pcp_pmlogger_t to send logs to journals
Resolves: rhbz#1379371
- Allow chronyd_t net_admin capability to allow support HW timestamping.
Resolves: rhbz#1416015
- Update tomcat policy
Resolves: rhbz#1436689
Resolves: rhbz#1436383
- Allow certmonger to start haproxy service
Resolves: rhbz#1349394
- Allow init noatsecure for gssd and gssproxy
Resolves: rhbz#1438036 - geoclue wants to dbus chat with avahi
Resolves: rhbz#1434286
- Allow iptables get list of kernel modules
Resolves: rhbz#1367520
- Allow unconfined_domain_type to enable/disable transient unit
Resolves: rhbz#1337041
- Add interfaces init_enable_transient_unit() and init_disable_transient_unit
- Revert "Allow sshd setcap capability. This is needed due to latest changes in sshd"
Resolves: rhbz#1435264
- Label sysroot dir under ostree as root_t
Resolves: rhbz#1428112 - Remove ganesha_t domain from permissive domains.
Resolves: rhbz#1436988 - Allow named_t domain bind on several udp ports
Resolves: rhbz#1312972
- Update nscd_use() interface
Resolves: rhbz#1281716
- Allow radius_t domain ptrace
Resolves: rhbz#1426641
- Update nagios to allos exec systemctl
Resolves: rhbz#1247635
- Update pcp SELinux module to reflect all pcp changes
Resolves: rhbz#1271998
- Label /var/lib/ssl_db as squid_cache_t Label /etc/squid/ssl_db as squid_cache_t
Resolves: rhbz#1325527
- Allow pcp_pmcd_t domain search for network sysctl Allow pcp_pmcd_t domain sys_ptrace capability Resolves: rhbz#1336211 - Allow drbd load modules
Resolves: rhbz#1134883
- Revert "Add sys_module capability for drbd
Resolves: rhbz#1134883"
- Allow stapserver list kernel modules
Resolves: rhbz#1325976
- Update targetd policy
Resolves: rhbz#1373860
- Add sys_admin capability to amanda
Resolves: rhbz#1371561
- Allow hypervvssd_t to read all dirs.
Resolves: rhbz#1331309
- Label /run/haproxy.sock socket as haproxy_var_run_t
Resolves: rhbz#1386233
- Allow oddjob_mkhomedir_t to mamange autofs_t dirs.
Resolves: rhbz#1408819
- Allow tomcat to connect on http_cache_port_t
Resolves: rhbz#1432083
- Allow geoclue to send msgs to syslog.
Resolves: rhbz#1434286
- Allow condor_master_t domain capability chown.
Resolves: rhbz#1277506
- Update mta_filetrans_named_content() interface to allow calling domain create files labeled as etc_aliases_t in dir labeled as etc_mail_t.
Resolves: rhbz#1167468
- Allow nova domain search for httpd configuration.
Resolves: rhbz#1190761
- Add sys_module capability for drbd
Resolves: rhbz#1134883
- Allow user_u users stream connect to dirsrv, Allow sysadm_u and staff_u users to manage dirsrv files
Resolves: rhbz#1286474
- Allow systemd_networkd_t communicate with systemd_networkd_t via dbus
Resolves: rhbz#1278010 - Add haproxy_t domain fowner capability
Resolves: rhbz#1386233
- Allow domain transition from ntpd_t to hwclock_t domains
Resolves: rhbz#1375624
- Allow cockpit_session_t setrlimit and sys_resource
Resolves: rhbz#1402316
- Dontaudit svirt_t read state of libvirtd domain
Resolves: rhbz#1426106
- Update httpd and gssproxy modules to reflects latest changes in freeipa
Resolves: rhbz#1432115
- Allow iptables read modules_conf_t
Resolves: rhbz#1367520 - Remove tomcat_t domain from unconfined domains
Resolves: rhbz#1432083
- Create new boolean: sanlock_enable_home_dirs()
Resolves: rhbz#1432783
- Allow mdadm_t domain to read/write nvme_device_t
Resolves: rhbz#1431617
- Remove httpd_user_*_content_t domains from user_home_type attribute. This tighten httpd policy and acces to user data will be more strinct, and also fix mutual influente between httpd_enable_homedirs and httpd_read_user_content
Resolves: rhbz#1383621
- Dontaudit domain to create any file in /proc. This is kernel bug.
Resolves: rhbz#1412679
- Add interface dev_rw_nvme
Resolves: rhbz#1431617 - Allow gssproxy to get attributes on all filesystem object types.
Resolves: rhbz#1430295
- Allow ganesha to chat with unconfined domains via dbus
Resolves: rhbz#1426554
- add the policy required for nextcloud
Resolves: rhbz#1425530
- Add nmbd_t capability2 block_suspend
Resolves: rhbz#1425357
- Label /var/run/chrony as chronyd_var_run_t
Resolves: rhbz#1416015
- Add domain transition from sosreport_t to iptables_t
Resolves: rhbz#1359789
- Fix path to /usr/lib64/erlang/erts-5.10.4/bin/epmd
Resolves: rhbz:#1332803 - Update rpm macros
Resolves: rhbz#1380854 - Add handling booleans via selinux-policy macros in custom policy spec files.
Resolves: rhbz#1380854 - Allow openvswitch to load kernel modules
Resolves: rhbz#1405479 - Allow openvswitch read script state.
Resolves: rhbz#1405479 - Update ganesha policy
Resolves: rhbz#1426554
Resolves: rhbz#1383784
- Allow chronyd to read adjtime
Resolves: rhbz#1416015
- Fixes for chrony version 2.2
Resolves: rhbz#1416015
- Add interface virt_rw_stream_sockets_svirt()
Resolves: rhbz#1415841
- Label /dev/ss0 as gpfs_device_t
Resolves: rhbz#1383784
- Allow staff to rw svirt unix stream sockets.
Resolves: rhbz#1415841
- Label /rhev/data-center/mnt as mnt_t
Resolves: rhbz#1408275
- Associate sysctl_rpc_t with proc filesystems
Resolves: rhbz#1350927
- Add new boolean: domain_can_write_kmsg
Resolves: rhbz#1415715 - Allow rhsmcertd_t dbus chat with system_cronjob_t
Resolves: rhbz#1405341
- Allow openvswitch exec hostname and readinitrc_t files
Resolves: rhbz#1405479
- Improve SELinux context for mysql_db_t objects.
Resolves: rhbz#1391521
- Allow postfix_postdrop to communicate with postfix_master via pipe.
Resolves: rhbz#1379736
- Add radius_use_jit boolean
Resolves: rhbz#1426205
- Label /var/lock/subsys/iptables as iptables_lock_t
Resolves: rhbz#1405441
- Label /usr/lib64/erlang/erts-5.10.4/bin/epmd as lib_t
Resolves: rhbz#1332803
- Allow can_load_kernmodule to load kernel modules.
Resolves: rhbz#1423427
Resolves: rhbz#1424621 - Allow nfsd_t domain to create sysctls_rpc_t files
Resolves: rhbz#1405304
- Allow openvswitch to create netlink generic sockets.
Resolves: rhbz#1397974
- Create kernel_create_rpc_sysctls() interface
Resolves: rhbz#1405304 - Allow nfsd_t domain rw sysctl_rpc_t dirs
Resolves: rhbz#1405304
- Allow cgdcbxd_t to manage cgroup files.
Resolves: rhbz#1358493
- Allow cmirrord_t domain to create netlink_connector sockets
Resolves: rhbz#1412670
- Allow fcoemon to create netlink scsitransport sockets
Resolves: rhbz#1362496
- Allow quota_nld_t create netlink_generic sockets
Resolves: rhbz#1358679
- Allow cgred_t create netlink_connector sockets
Resolves: rhbz#1376357
- Add dhcpd_t domain fowner capability
Resolves: rhbz#1358485
- Allow acpid to attempt to connect to the Linux kernel via generic netlink socket.
Resolves: rhbz#1358478
- Rename docker module to container module
Resolves: rhbz#1386916
- Allow setflies to mount tracefs
Resolves: rhbz#1376357
- Allow iptables to read nsfs files.
Resolves: rhbz#1411316
- Allow systemd_bootchart_t domain create dgram sockets.
Resolves: rhbz#1365953
- Rename docker interfaces to container
Resolves: rhbz#1386916 - Allow initrc_t domain to run rhel-autorelabel script properly during boot process
Resolves: rhbz#1379722
- Allow systemd_initctl_t to create and connect unix_dgram sockets
Resolves: rhbz#1365947
- Allow ifconfig_t to mount/unmount nsfs_t filesystem
Resolves: rhbz#1349814
- Add interfaces allowing mount/unmount nsfs_t filesystem
Resolves: rhbz#1349814 - Add interface init_stream_connectto()
Resolves:rhbz#1365947
- Allow rhsmcertd domain signull kernel.
Resolves: rhbz#1379781
- Allow kdumpgui domain to read nvme device
- Allow insmod_t to load kernel modules
Resolves: rhbz#1421598
- Add interface files_load_kernel_modules()
Resolves: rhbz#1421598
- Add SELinux support for systemd-initctl daemon
Resolves:rhbz#1365947
- Add SELinux support for systemd-bootchart
Resolves: rhbz#1365953 - Allow firewalld to getattr open search read modules_object_t:dir
Resolves: rhbz#1418391
- Fix label for nagios plugins in nagios file conxtext file
Resolves: rhbz#1277718
- Add sys_ptrace capability to pegasus domain
Resolves: rhbz#1381238
- Allow sssd_t domain setpgid
Resolves:rhbz#1416780
- After the latest changes in nfsd. We should allow nfsd_t to read raw fixed disk.
Resolves: rhbz#1350927
- Allow kdumpgui domain to read nvme device
Resolves: rhbz#1415084
- su using libselinux and creating netlink_selinux socket is needed to allow libselinux initialization.
Resolves: rhbz#1146987
- Add user namespace capability object classes.
Resolves: rhbz#1368057
- Add module_load permission to class system
Resolves:rhbz#1368057
- Add the validate_trans access vector to the security class 
Resolves: rhbz#1368057
- Add "binder" security class and access vectors
Resolves: rhbz#1368057
- Allow ifconfig_t domain read nsfs_t
Resolves: rhbz#1349814
- Allow ping_t domain to load kernel modules.
Resolves: rhbz#1388363 - Allow systemd container to read/write usermodehelperstate
Resolves: rhbz#1403254
- Label udp ports in range 24007-24027 as gluster_port_t
Resolves: rhbz#1404152 - Allow glusterd_t to bind on glusterd_port_t udp ports.
Resolves: rhbz#1404152
- Revert: Allow glusterd_t to bind on med_tlp port. - Allow glusterd_t to bind on med_tlp port.
Resolves: rhbz#1404152
- Update ctdbd_t policy to reflect all changes.
Resolves: rhbz#1402451
- Label tcp port 24009 as med_tlp_port_t
Resolves: rhbz#1404152
-  Issue appears during update directly from RHEL-7.0 to RHEL-7.3 or above. Modules pkcsslotd and vbetools missing in selinux-policy package for RHEL-7.3 which causing warnings during SELinux policy store migration process. Following patch fixes issue by skipping pkcsslotd and vbetools modules migration. - Allow ctdbd_t domain transition to rpcd_t
Resolves:rhbz#1402451 - Fixes for containers Allow containers to attempt to write to unix_sysctls. Allow cotainers to use the FD's leaked to them from parent processes.
Resolves: rhbz#1403254 - Allow glusterd_t send signals to userdomain. Label new glusterd binaries as glusterd_exec_t
Resolves: rhbz#1404152
- Allow systemd to stop glusterd_t domains.
Resolves: rhbz#1400493 - Make working CTDB:NFS: CTDB failover from selinux-policy POV
Resolves: rhbz#1402451 - Add kdump_t domain sys_admin capability
Resolves: rhbz#1375963 - Allow puppetagent_t to access timedated dbus. Use the systemd_dbus_chat_timedated interface to allow puppetagent_t the access.
Resolves: rhbz#1399250 - Update systemd on RHEL-7.2 box to version from RHEL-7.3 and then as a separate yum command update the selinux policy systemd will start generating USER_AVC denials and will start returning "Access Denied" errors to DBus clients
Resolves: rhbz#1393505 - Allow cluster_t communicate to fprintd_t via dbus
Resolves: rhbz#1349798 - Fix error message during update from RHEL-7.2 to RHEL-7.3, when /usr/sbin/semanage command is not installed and selinux-policy-migrate-local-changes.sh script is executed in %post install phase of selinux-policy package
Resolves: rhbz#1392010 - Allow GlusterFS with RDMA transport to be started correctly. It requires ipc_lock capability together with rw permission on rdma_cm device.
Resolves: rhbz#1384488
- Allow glusterd to get attributes on /sys/kernel/config directory.
Resolves: rhbz#1384483 - Use selinux-policy-migrate-local-changes.sh instead of migrateStore* macros
- Add selinux-policy-migrate-local-changes service
Resolves: rhbz#1381588 - Allow sssd_selinux_manager_t to manage also dir class.
Resolves: rhbz#1368097
- Add interface seutil_manage_default_contexts_dirs()
Resolves: rhbz#1368097 - Add virt_sandbox_use_nfs -> virt_use_nfs boolean substitution.
Resolves: rhbz#1355783 - Allow pcp_pmcd_t domain transition to lvm_t Add capability kill and sys_ptrace to pcp_pmlogger_t
Resolves: rhbz#1309883 - Allow ftp daemon to manage apache_user_content
Resolves: rhbz#1097775
- Label /etc/sysconfig/oracleasm as oracleasm_conf_t
Resolves: rhbz#1331383
- Allow oracleasm to rw inherited fixed disk device
Resolves: rhbz#1331383
- Allow collectd to connect on unix_stream_socket
Resolves: rhbz#1377259 - Allow iscsid create netlink iscsid sockets.
Resolves: rhbz#1358266
- Improve regexp for power_unit_file_t files. To catch just systemd power unit files.
Resolves: rhbz#1375462 - Update oracleasm SELinux module that can manage oracleasmfs_t blk files. Add dac_override cap to oracleasm_t domain.
Resolves: rhbz#1331383
- Add few rules to pcp SELinux module to make ti able to start pcp_pmlogger service
Resolves: rhbz#1206525 - Add oracleasm_conf_t type and allow oracleasm_t to create /dev/oracleasm
Resolves: rhbz#1331383
- Label /usr/share/pcp/lib/pmie as pmie_exec_t and /usr/share/pcp/lib/pmlogger as pmlogger_exec_t
Resolves: rhbz#1206525
- Allow mdadm_t to getattr all device nodes
Resolves: rhbz#1365171
- Add interface dbus_dontaudit_stream_connect_system_dbusd()
Resolves:rhbz#1052880
- Add virt_stub_* interfaces for docker policy which is no longer a part of our base policy.
Resolves: rhbz#1372705
- Allow guest-set-user-passwd to set users password.
Resolves: rhbz#1369693
- Allow samdbox domains to use msg class
Resolves: rhbz#1372677
- Allow domains using kerberos to read also kerberos config dirs
Resolves: rhbz#1368492
- Allow svirt_sandbox_domains to r/w onload sockets
Resolves: rhbz#1342930
- Add interface fs_manage_oracleasm()
Resolves: rhbz#1331383
- Label /dev/kfd as hsa_device_t
Resolves: rhbz#1373488
- Update seutil_manage_file_contexts() interface that caller domain can also manage file_context_t dirs
Resolves: rhbz#1368097
- Add interface to write to nsfs inodes
Resolves: rhbz#1372705
- Allow systemd services to use PrivateNetwork feature
Resolves: rhbz#1372705
- Add a type and genfscon for nsfs.
Resolves: rhbz#1372705
- Allow run sulogin_t in range mls_systemlow-mls_systemhigh.
Resolves: rhbz#1290400 - Allow arpwatch to create netlink netfilter sockets. Resolves: rhbz#1358261
- Fix file context for /etc/pki/pki-tomcat/ca/
- new interface oddjob_mkhomedir_entrypoint()
- Move label for /var/lib/docker/vfs/ to proper SELinux module
- Allow mdadm to get attributes from all devices.
- Label /etc/puppetlabs as puppet_etc_t.
- Allow systemd-machined to communicate to lxc container using dbus
- Allow systemd_resolved to send dbus msgs to userdomains Resolves: rhbz#1236579
- Allow systemd-resolved to read network sysctls Resolves: rhbz#1236579
- Allow systemd_resolved to connect on system bus. Resolves: rhbz#1236579
- Make entrypoint oddjob_mkhomedir_exec_t for unconfined_t
- Label all files in /dev/oracleasmfs/ as oracleasmfs_t Resolves: rhbz#1331383 - Label /etc/pki/pki-tomcat/ca/ as pki_tomcat_cert_t
Resolves:rhbz#1366915
- Allow certmonger to manage all systemd unit files
Resolves:rhbz#1366915
- Grant certmonger "chown" capability
Resolves:rhbz#1366915
- Allow ipa_helper_t stream connect to dirsrv_t domain
Resolves: rhbz#1368418
- Update oracleasm SELinux module
Resolves: rhbz#1331383
- label /var/lib/kubelet as svirt_sandbox_file_t
Resolves: rhbz#1369159
- Add few interfaces to cloudform.if file
Resolves: rhbz#1367834
- Label /var/run/corosync-qnetd and /var/run/corosync-qdevice as cluster_var_run_t. Note: corosync policy is now par of rhcs module
Resolves: rhbz#1347514
- Allow krb5kdc_t to read krb4kdc_conf_t dirs.
Resolves: rhbz#1368492
- Update networkmanager_filetrans_named_content() interface to allow source domain to create also temad dir in /var/run.
Resolves: rhbz#1365653
- Allow teamd running as NetworkManager_t to access netlink_generic_socket to allow multiple network interfaces to be teamed together.
Resolves: rhbz#1365653
- Label /dev/oracleasmfs as oracleasmfs_t. Add few interfaces related to oracleasmfs_t type
Resolves: rhbz#1331383
- A new version of cloud-init that supports the effort to provision RHEL Atomic on Microsoft Azure requires some a new rules that allows dhclient/dhclient hooks to call cloud-init.
Resolves: rhbz#1367834
- Allow iptables to creating netlink generic sockets.
Resolves: rhbz#1364359 - Allow ipmievd domain to create lock files in /var/lock/subsys/
Resolves:rhbz#1349058
- Update policy for ipmievd daemon.
Resolves:rhbz#1349058
- Dontaudit hyperkvp to getattr on non security files.
Resolves: rhbz#1349356
- Label /run/corosync-qdevice and /run/corosync-qnetd as corosync_var_run_t
Resolves: rhbz#1347514
- Fixed lsm SELinux module
- Add sys_admin capability to sbd domain
Resolves: rhbz#1322725
- Allow vdagent to comunnicate with systemd-logind via dbus
Resolves: rhbz#1366731
- Allow lsmd_plugin_t domain to create fixed_disk device.
Resolves: rhbz#1238066
- Allow opendnssec domain to create and manage own tmp dirs/files
Resolves: rhbz#1366649
- Allow opendnssec domain to read system state
Resolves: rhbz#1366649
- Update opendnssec_manage_config() interface to allow caller domain also manage opendnssec_conf_t dirs
Resolves: rhbz#1366649
- Allow rasdaemon to mount/unmount tracefs filesystem.
Resolves: rhbz#1364380
- Label /usr/libexec/iptables/iptables.init as iptables_exec_t Allow iptables creating lock file in /var/lock/subsys/
Resolves: rhbz#1367520
- Modify interface den_read_nvme() to allow also read nvme_device_t block files.
Resolves: rhbz#1362564
- Label /var/run/storaged as lvm_var_run_t.
Resolves: rhbz#1264390
- Allow unconfineduser to run ipa_helper_t.
Resolves: rhbz#1361636 - Dontaudit mock to write to generic certs.
Resolves: rhbz#1271209
- Add labeling for corosync-qdevice and corosync-qnetd daemons, to run as cluster_t
Resolves: rhbz#1347514
- Revert "Label corosync-qnetd and corosync-qdevice as corosync_t domain"
- Allow modemmanager to write to systemd inhibit pipes
Resolves: rhbz#1365214
- Label corosync-qnetd and corosync-qdevice as corosync_t domain
Resolves: rhbz#1347514
- Allow ipa_helper to read network state
Resolves: rhbz#1361636
- Label oddjob_reqiest as oddjob_exec_t
Resolves: rhbz#1361636
- Add interface oddjob_run()
Resolves: rhbz#1361636
- Allow modemmanager chat with systemd_logind via dbus
Resolves: rhbz#1362273
- Allow NetworkManager chat with puppetagent via dbus
Resolves: rhbz#1363989
- Allow NetworkManager chat with kdumpctl via dbus
Resolves: rhbz#1363977
- Allow sbd send msgs to syslog Allow sbd create dgram sockets. Allow sbd to communicate with kernel via dgram socket Allow sbd r/w kernel sysctls.
Resolves: rhbz#1322725
- Allow ipmievd_t domain to re-create ipmi devices Label /usr/libexec/openipmi-helper as ipmievd_exec_t
Resolves: rhbz#1349058
- Allow rasdaemon to use tracefs filesystem.
Resolves: rhbz#1364380
- Fix typo bug in dirsrv policy
- Some logrotate scripts run su and then su runs unix_chkpwd. Allow logrotate_t domain to check passwd.
Resolves: rhbz#1283134
- Add ipc_lock capability to sssd domain. Allow sssd connect to http_cache_t
Resolves: rhbz#1362688
- Allow dirsrv to read dirsrv_share_t content
Resolves: rhbz#1363662
- Allow virtlogd_t to append svirt_image_t files.
Resolves: rhbz#1358140
- Allow hypervkvp domain to read hugetlbfs dir/files.
Resolves: rhbz#1349356
- Allow mdadm daemon to read nvme_device_t blk files
Resolves: rhbz#1362564
- Allow selinuxusers and unconfineduser to run oddjob_request
Resolves: rhbz#1361636
- Allow sshd server to acces to Crypto Express 4 (CEX4) devices.
Resolves: rhbz#1362539
- Fix labeling issue in init.fc file. Path /usr/lib/systemd/fedora-* changed to /usr/lib/systemd/rhel-*.
Resolves: rhbz#1363769
- Fix typo in device interfaces
Resolves: rhbz#1349058
- Add interfaces for managing ipmi devices
Resolves: rhbz#1349058
- Add interfaces to allow mounting/umounting tracefs filesystem
Resolves: rhbz#1364380
- Add interfaces to allow rw tracefs filesystem
Resolves: rhbz#1364380
- Add interface dev_read_nvme() to allow reading Non-Volatile Memory Host Controller devices.
Resolves: rhbz#1362564
- Label /sys/kernel/debug/tracing filesystem
Resolves: rhbz#1364380
- Allow sshd setcap capability. This is needed due to latest changes in sshd
Resolves: rhbz#1357857 - Dontaudit mock_build_t can list all ptys.
Resolves: rhbz#1271209
- Allow ftpd_t to mamange userhome data without any boolean.
Resolves: rhbz#1097775
- Add logrotate permissions for creating netlink selinux sockets.
Resolves: rhbz#1283134
- Allow lsmd_plugin_t to exec ldconfig.
Resolves: rhbz#1238066
- Allow vnstatd domain to read /sys/class/net/ files
Resolves: rhbz#1358243
- Remove duplicate allow rules in spamassassin SELinux module
Resolves:rhbz#1358175
- Allow spamc_t and spamd_t domains create .spamassassin file in user homedirs
Resolves:rhbz#1358175
- Allow sshd setcap capability. This is needed due to latest changes in sshd
Resolves: rhbz#1357857
- Add new MLS attribute to allow relabeling objects higher than system low. This exception is needed for package managers when processing sensitive data.
Resolves: rhbz#1330464
- Allow gnome-keyring also manage user_tmp_t sockets.
Resolves: rhbz#1257057
- corecmd: Remove fcontext for /etc/sysconfig/libvirtd
Resolves:rhbz#1351382 - Allow ipa_dnskey domain to search cache dirs
Resolves: rhbz#1350957 - Allow ipa-dnskey read system state.
Reasolves: rhbz#1350957
- Allow dogtag-ipa-ca-renew-agent-submit labeled as certmonger_t to create /var/log/ipa/renew.log file
Resolves: rhbz#1350957 - Allow firewalld to manage net_conf_t files.
Resolves:rhbz#1304723
- Allow logrotate read logs inside containers.
Resolves: rhbz#1303514
- Allow sssd to getattr on fs_t
Resolves: rhbz#1356082
- Allow opendnssec domain to manage bind chace files
Resolves: rhbz#1350957
- Fix typo in rhsmcertd  policy module
Resolves: rhbz#1329475
- Allow systemd to get status of systemd-logind daemon
Resolves: rhbz#1356141
- Label more ndctl devices not just ndctl0
Resolves: rhbz#1355809 - Allow rhsmcertd to copy certs into /etc/docker/cert.d
- Add interface docker_rw_config()
Resolves: rhbz#1344500
- Fix logrotate fc file to label also /var/lib/logrotate/ dir as logrotate_var_lib_t
Resolves: rhbz#1355632
- Allow rhsmcertd to read network sysctls
Resolves: rhbz#1329475
- Label /var/log/graphite-web dir as httpd_log_t
Resolves: rhbz#1310898
- Allow mock to use generic ptys
Resolves: rhbz#1271209
- Allow adcli running as sssd_t to write krb5.keytab file.
Resolves: rhbz#1356082
- Allow openvswitch connect to openvswitch_port_t type.
Resolves: rhbz#1335024
- Add SELinux policy for opendnssec service.
Resolves: rhbz#1350957
- Create new SELinux type for /usr/libexec/ipa/ipa-dnskeysyncd
Resolves: rhbz#1350957
- label /dev/ndctl0 device as nvram_device_t
Resolves: rhbz#1355809 - Allow lttng tools to block suspending
Resolves: rhbz#1256374
- Allow creation of vpnaas in openstack
Resolves: rhbz#1352710
- virt: add strict policy for virtlogd daemon
Resolves:rhbz#1311606
- Update makefile to support snapperd_contexts file
Resolves: rhbz#1352681 - Allow udev to manage systemd-hwdb files
- Add interface systemd_hwdb_manage_config()
Resolves: rhbz#1350756
- Fix paths to infiniband devices. This allows use more then two infiniband interfaces.
Resolves: rhbz#1210263 - Allow virtual machines to rw infiniband devices.
Resolves: rhbz#1210263
- Allow opensm daemon to rw infiniband_mgmt_device_t
Resolves: rhbz#1210263
- Allow systemd_hwdb_t to relabel /etc/udev/hwdb.bin file.
Resolves: rhbz#1350756
- Make label for new infiniband_mgmt deivices
Resolves: rhbz#1210263 - Fix typo in brltty SELinux module
- Add new SELinux module sbd
Resolves: rhbz#1322725
- Allow pcp dmcache metrics collection
Resolves: rhbz#1309883
- Allow pkcs_slotd_t to create dir in /var/lock Add label pkcs_slotd_log_t
Resolves: rhbz#1350782
- Allow openvpn to create sock files labeled as openvpn_var_run_t
Resolves: rhbz#1328246
- Allow hypervkvp daemon to getattr on  all filesystem types.
Resolves: rhbz#1349356
- Allow firewalld to create net_conf_t files
Resolves: rhbz#1304723
- Allow mock to use lvm
Resolves: rhbz#1271209
- Allow keepalived to create netlink generic sockets.
Resolves: rhbz#1349809
- Allow mirromanager creating log files in /tmp
Resolves:rhbz#1328818
- Rename few modules to make it consistent with source files
Resolves: rhbz#1351445
- Allow vmtools_t to transition to rpm_script domain
Resolves: rhbz#1342119
- Allow nsd daemon to manage nsd_conf_t dirs and files
Resolves: rhbz#1349791
- Allow cluster to create dirs in /var/run labeled as cluster_var_run_t
Resolves: rhbz#1346900
- Allow sssd read also sssd_conf_t dirs
Resolves: rhbz#1350535
- Dontaudit su_role_template interface to getattr /proc/kcore Dontaudit su_role_template interface to getattr /dev/initctl
Resolves: rhbz#1086240
- Add interface lvm_getattr_exec_files()
Resolves: rhbz#1271209
- Fix typo Compliling vs. Compiling
Resolves: rhbz#1351445 - Allow krb5kdc_t to communicate with sssd
Resolves: rhbz#1319933
- Allow prosody to bind on prosody ports
Resolves: rhbz#1304664
- Add dac_override caps for fail2ban-client
Resolves: rhbz#1316678
- dontaudit read access for svirt_t on the file /var/db/nscd/group
Resolves: rhbz#1301637
- Allow inetd child process to communicate via dbus with systemd-logind
Resolves: rhbz#1333726
- Add label for brltty log file
Resolves: rhbz#1328818
- Allow dspam to read the passwd file
Resolves: rhbz#1286020
- Allow snort_t to communicate with sssd
Resolves: rhbz#1284908
- svirt_sandbox_domains need to be able to execmod for badly built libraries.
Resolves: rhbz#1206339
- Add policy for lttng-tools package.
Resolves: rhbz#1256374
- Make mirrormanager as application domain.
Resolves: rhbz#1328234
- Add support for the default lttng-sessiond port - tcp/5345.  This port is used by LTTng 2.x central tracing registry session daemon.
- Add prosody ports
Resolves: rhbz#1304664
- Allow sssd read also sssd_conf_t dirs
Resolves: rhbz#1350535 - Label /var/lib/softhsm as named_cache_t. Allow named_t to manage named_cache_t dirs.
Resolves:rhbz#1331315
- Label named-pkcs11 binary as named_exec_t.
Resolves: rhbz#1331315
- Allow glusterd daemon to get systemd status
Resolves: rhbz#1321785
- Allow logrotate dbus-chat with system_logind daemon
Resolves: rhbz#1283134
- Allow pcp_pmlogger to read kernel network state Allow pcp_pmcd to read cron pid files
Resolves: rhbz#1336211
- Add interface cron_read_pid_files()
Resolves: rhbz#1336211
- Allow pcp_pmlogger to create unix dgram sockets
Resolves: rhbz#1336211
- Add hwloc-dump-hwdata SELinux policy
Resolves: rhbz#1344054
- Remove non-existing jabberd_spool_t() interface and add new jabbertd_var_spool_t.
Resolves: rhbz#1121171
- Remove non-existing interface salk_resetd_systemctl() and replace it with sanlock_systemctl_sanlk_resetd()
Resolves: rhbz#1259764
- Create label for openhpid log files. 
esolves: rhbz#1259764
- Label /var/lib/ganglia as httpd_var_lib_t
Resolves: rhbz#1260536
- Allow firewalld_t to create entries in net_conf_t dirs.
Resolves: rhbz#1304723
- Allow journalctl to read syslogd_var_run_t files. This allows to staff_t and sysadm_t to read journals
Resolves: rhbz#1288255
- Include patch from distgit repo: policy-RHEL-7.1-flask.patch.
Resolves: rhbz#1329560
- Update refpolicy to handle hwloc
Resolves: rhbz#1344054
- Label /etc/dhcp/scripts dir as bin_t
- Allow sysadm_role to run journalctl_t domain. This allows sysadm user to read journals.
Resolves: rhbz#1288255 - Allow firewalld_t to create entries in net_conf_t dirs.
Resolves: rhbz#1304723
- Allow journalctl to read syslogd_var_run_t files. This allows to staff_t and sysadm_t to read journals
Resolves: rhbz#1288255
- Allow mongod log to syslog.
Resolves: rhbz#1306995
- Allow rhsmcertd connect to port tcp 9090
Resolves: rhbz#1337319
- Label for /bin/mail(x) was removed but /usr/bin/mail(x) not. This path is also needed to remove. 
Resolves: rhbz#1262483
Resolves: rhbz#1277506
- Label /usr/libexec/mimedefang-wrapper as spamd_exec_t.
Resolves: rhbz#1301516
- Add new boolean spamd_update_can_network.
Resolves: rhbz#1305469
- Allow rhsmcertd connect to tcp netport_port_t
Resolves: rhbz#1329475
- Fix SELinux context for /usr/share/mirrormanager/server/mirrormanager to Label all binaries under dir as mirrormanager_exec_t.
Resolves: rhbz#1328234
- Allow prosody to bind to fac_restore tcp port.
Resolves: rhbz#1321787
- Allow ninfod to read raw packets
Resolves: rhbz#1317964
- Allow pegasus get attributes from qemu binary files.
Resolves: rhbz#1260835
- Allow pegasus get attributes from qemu binary files.
Resolves: rhbz#1271159
- Allow tuned to use policykit. This change is required by cockpit.
Resolves: rhbz#1346464
- Allow conman_t to read dir with conman_unconfined_script_t binary files.
Resolves: rhbz#1297323
- Allow pegasus to read /proc/sysinfo.
Resolves: rhbz#1265883
- Allow sysadm_role to run journalctl_t domain. This allows sysadm user to read journals.
Resolves: rhbz#1288255
- Label tcp ports:16379, 26379 as redis_port_t
Resolves: rhbz#1348471
- Allow systemd to relabel /var and /var/lib directories during boot.
- Add files_relabel_var_dirs() and files_relabel_var_dirs() interfaces.
- Add files_relabelto_var_lib_dirs() interface.
- Label tcp port 2004 as mailbox_port_t.
Resolves: rhbz#1332843
- Label tcp and udp port 5582 as fac_restore_port_t
Resolves: rhbz#1321787
- Allow sysadm_t user to run postgresql-setup.
Resolves: rhbz#1282543
- Allow sysadm_t user to dbus chat with oddjob_t. This allows confined admin run oddjob mkhomedirfor script.
Resolves: rhbz#1297480
- Update netlink socket classes. - Allow conman to kill conman_unconfined_script.
Resolves: rhbz#1297323
- Make conman_unconfined_script_t as init_system_domain.
Resolves:rhbz#1297323
- Allow init dbus chat with apmd.
Resolves:rhbz#995898
- Patch /var/lib/rpm is symlink to /usr/share/rpm on Atomic, due to this change we need to label also /usr/share/rpm as rpm_var_lib_t.
Resolves: rhbz#1233252
- Dontaudit xguest_gkeyringd_t stream connect to system_dbusd_t
Resolves: rhbz#1052880
- Add mediawiki rules to proper scope
Resolves: rhbz#1301186
- Dontaudit xguest_gkeyringd_t stream connect to system_dbusd_t
Resolves: rhbz#1052880
- Allow mysqld_safe to inherit rlimit information from mysqld
Resolves: rhbz#1323673
- Allow collectd_t to stream connect to postgresql.
Resolves: rhbz#1344056
- Allow mediawiki-script to read /etc/passwd file.
Resolves: rhbz#1301186
- Add filetrans rule that NetworkManager_t can create net_conf_t files in /etc.
Resolves: rhbz#1344505
- Add labels for mediawiki123
Resolves: rhbz#1293872
- Fix label for all fence_scsi_check scripts
- Allow ip netns to mounton root fs and unmount proc_t fs.
Resolves: rhbz#1343776
Resolves: rhbz#1286851
- Allow sysadm_t to run newaliases command.
Resolves: rhbz#1344828
- Add interface sysnet_filetrans_named_net_conf()
Resolves: rhbz#1344505 - Fix several issues related to the SELinux Userspace changes - Allow glusterd domain read krb5_keytab_t files.
Resolves: rhbz#1343929
- Fix typo in files_setattr_non_security_dirs.
Resolves: rhbz#1115987 - Allow tmpreaper_t to read/setattr all non_security_file_type dirs
Resolves: rhbz#1115987
- Allow firewalld to create firewalld_var_run_t directory.
Resolves: rhbz#1304723
- Add interface firewalld_read_pid_files()
Resolves: rhbz#1304723
- Label /usr/libexec/rpm-ostreed as rpm_exec_t.
Resolves: rhbz#1340542
- Allow sanlock service to read/write cephfs_t files.
Resolves: rhbz#1315332
- Fixed to make SELinux work with docker and prctl(NO_NEW_PRIVS)
- Added missing docker interfaces:  - docker_typebounds  - docker_entrypoint
Resolves: rhbz#1236580
- Add interface files_setattr_non_security_dirs()
Resolves: rhbz#1115987
- Add support for onloadfs
- Allow iptables to read firewalld pid files.
Resolves: rhbz#1304723
- Add SELinux support for ceph filesystem.
Resolves: rhbz#1315332
- Fixed to make SELinux work with docker and prctl(NO_NEW_PRIVS)
Resolves: rhbz#1236580 - Fixed to make SELinux work with docker and prctl(NO_NEW_PRIVS)
- Added missing docker interfaces:  - docker_typebounds  - docker_entrypoint
Resolves: rhbz#1236580
- New interfaces needed for systemd-machinectl
Resolves: rhbz#1236580
- New interfaces needed by systemd-machine
Resolves: rhbz#1236580
- Add interface allowing sending and receiving messages from virt over dbus.
Resolves: rhbz#1236580
- Backport docker policy from Fedora.
Related: #1303123
Resolves: #1341257
- Allow NetworkManager_t and policykit_t read access to systemd-machined pid files.
Resolves: rhbz#1236580
- Fixed to make SELinux work with docker and prctl(NO_NEW_PRIVS)
- Added interfaces needed by new docker policy.
Related: rhbz#1303123
- Add support for systemd-machined daemon
Resolves: rhbz#1236580
- Allow rpm-ostree domain transition to install_t domain from init_t.
Resolves: rhbz#1340542 - dnsmasq: allow NetworkManager to control dnsmasq via D-Bus
Resolves: rhbz#1336722
- Directory Server (389-ds-base) has been updated to use systemd-ask-password. In order to function correctly we need the following added to dirsrv.te
Resolves: rhbz#1333198
- sftpd_* booleans are functionless these days.
Resolves: rhbz#1335656
- Label /var/log/ganesha.log as gluster_log_t Allow glusterd_t domain to create glusterd_log_t files. Label /var/run/ganesha.pid as gluster_var_run_t.
Resolves: rhbz#1335828
- Allow ganesha-ha.sh script running under unconfined_t domain communicate with glusterd_t domains via dbus.
Resolves: rhbz#1336760
- Allow ganesha daemon labeled as glusterd_t create /var/lib/nfs/ganesha dir labeled as var_lib_nfs_t.
Resolves: rhbz#1336737
- Label /usr/libexec/storaged/storaged as lvm_exec_t to run storaged daemon in lvm_t SELinux domain.
Resolves: rhbz#1264390
- Allow systemd_hostanmed_t to read /proc/sysinfo labeled as sysctl_t.
Resolves: rhbz#1337061
- Revert "Allow all domains some process flags."
Resolves: rhbz#1303644
- Revert "Remove setrlimit to all domains."
Resolves: rhbz#1303644
- Label /usr/sbin/xrdp* files as bin_t
Resolves: rhbz#1276777
- Add mls support for some db classes
Resolves: rhbz#1303651
- Allow systemd_resolved_t to check if ipv6 is disabled.
Resolves: rhbz#1236579
- Allow systemd_resolved to read systemd_networkd run files.
Resolves: rhbz#1236579 - Allow ganesha-ha.sh script running under unconfined_t domain communicate with glusterd_t domains via dbus.
Resolves: rhbz#1336760
- Allow ganesha daemon labeled as glusterd_t create /var/lib/nfs/ganesha dir labeled as var_lib_nfs_t.
Resolves: rhbz#1336737 - Allow logwatch to domtrans to postqueue
Resolves: rhbz#1331542
- Label /var/log/ganesha.log as gluster_log_t
- Allow glusterd_t domain to create glusterd_log_t files.
- Label /var/run/ganesha.pid as gluster_var_run_t.
Resolves: rhbz#1335828
- Allow zabbix to connect to postgresql port
Resolves: rhbz#1330479
- Add userdom_destroy_unpriv_user_shared_mem() interface.
Related: rhbz#1306403
- systemd-logind remove all IPC objects owned by a user on a logout. This covers also SysV memory. This change allows to destroy unpriviledged user SysV shared memory segments.
Resolves: rhbz#1306403 - We need to restore contexts on /etc/passwd*,/etc/group*,/etc/*shadow* during install phase to get proper labeling for these files until selinux-policy pkgs are installed.
Resolves: rhbz#1333952 - Add interface glusterd_dontaudit_read_lib_dirs()
Resolves: rhbz#1295680
- Dontaudit Occasionally observing AVC's while running geo-rep automation
Resolves: rhbz#1295680
- Allow glusterd to manage socket files labeled as glusterd_brick_t.
Resolves: rhbz#1331561
- Create new apache content template for files stored in user homedir. This change is needed to make working booleans: - httpd_enable_homedirs - httpd_read_user_content 
Resolves: rhbz#1246522
- Allow stunnel create log files. 
Resolves: rhbz#1296851
- Label tcp port 8181 as intermapper_port_t.
Resolves: rhbz#1334783
- Label tcp/udp port 2024 as xinuexpansion4_port_t
Resolves: rhbz#1334783
- Label tcp port 7002 as afs_pt_port_t Label tcp/udp port 2023 as xinuexpansion3_port_t
Resolves: rhbz#1334783
- Dontaudit ldconfig read gluster lib files.
Resolves: rhbz#1295680
- Add interface auth_use_nsswitch() to systemd_domain_template.
Resolves: rhbz#1236579 - Label /usr/bin/ganesha.nfsd as glusterd_exec_t to run ganesha as glusterd_t. Allow glusterd_t stream connect to rpbind_t. Allow cluster_t to create symlink /var/lib/nfs labeled as var_lib_nfs_t. Add interface rpc_filetrans_var_lib_nfs_content() Add new boolean: rpcd_use_fusefs to allow rpcd daemon use fusefs.
 Resolves: rhbz#1312809
 Resolves: rhbz#1323947
- Allow dbus chat between httpd_t and oddjob_t. Resolves: rhbz#1324144
- Label /usr/libexec/ipa/oddjob/org.freeipa.server.conncheck as ipa_helper_exec_t.
Resolves: rhbz#1324144
- Label /var/log/ipareplica-conncheck.log file as ipa_log_t Allow ipa_helper_t domain to manage logs labeledas ipa_log_t Allow ipa_helper_t to connect on http and kerberos_passwd ports.
Resolves: rhbz#1324144
- Allow prosody to listen on port 5000 for mod_proxy65.
Resolves: rhbz#1316918
- Allow pcp_pmcd_t domain to manage docker lib files. This rule is needed to allow pcp to collect container information when SELinux is enabled.
Resolves: rhbz#1309454 - Allow runnig php7 in fpm mode. From selinux-policy side, we need to allow httpd to read/write hugetlbfs.
Resolves: rhbz#1319442
- Allow openvswitch daemons to run under openvswitch Linux user instead of root. This change needs allow set capabilities: chwon, setgid, setuid, setpcap.
Resolves: rhbz#1296640
- Remove ftpd_home_dir() boolean from distro policy. Reason is that we cannot make this working due to m4 macro language limits.
Resolves: rhbz#1097775
- /bin/mailx is labeled sendmail_exec_t, and enters the sendmail_t domain on execution.  If /usr/sbin/sendmail does not have its own domain to transition to, and is not one of several products whose behavior is allowed by the sendmail_t policy, execution will fail. In this case we need to label /bin/mailx as bin_t.
Resolves: rhbz#1262483
- Allow nsd daemon to create log file in /var/log as nsd_log_t
Resolves: rhbz#1293140
- Sanlock policy update.   - New sub-domain for sanlk-reset daemon
Resolves: rhbz#1212324
- Label all run tgtd files, not just socket files
Resolves: rhbz#1280280
- Label all run tgtd files, not just socket files.
Resolves: rhbz#1280280
- Allow prosody to stream connect to sasl. This will allow using cyrus authentication in prosody.
Resolves: rhbz#1321049
- unbound wants to use ephemeral ports as a default configuration. Allow to use also udp sockets.
Resolves: rhbz#1318224
- Allow prosody to listen on port 5000 for mod_proxy65.
Resolves: rhbz#1316918
- Allow targetd to read/write to /dev/mapper/control device.
Resolves: rhbz#1063714
- Allow KDM to get status about power services. This change allow kdm to be able do shutdown.
Resolves: rhbz#1316724
- Allow systemd-resolved daemon creating netlink_route sockets.
Resolves:rhbz#1236579
- Allow systemd_resolved_t to read /etc/passwd file. Allow systemd_resolved_t to write to kmsg_device_t when 'systemd.log_target=kmsg' option is used
Resolves: rhbz#1065362
- Label /etc/selinux/(minimum|mls|targeted)/active/ as semanage_store_t
Resolves: rhbz#1321943
- Label all nvidia binaries as xserver_exec_t
Resolves: rhbz#1322283 - Create new permissivedomains CIL module and make it active.
Resolves: rhbz#1320451
- Add support for new mock location - /usr/libexec/mock/mock.
Resolves: rhbz#1271209
- Allow bitlee to create bitlee_var_t dirs.
Resolves: rhbz#1268651
- Allow CIM provider to read sssd public files.
Resolves: rhbz#1263339
- Fix some broken interfaces in distro policy.
Resolves: rhbz#1121171
- Allow power button to shutdown the laptop.
Resolves: rhbz#995898
- Allow lsm plugins to create named fixed disks.
Resolves: rhbz#1238066
- Add default labeling for /etc/Pegasus/cimserver_current.conf. It is a correct patch instead of the current /etc/Pegasus/pegasus_current.confResolves: rhbz#1278777
- Allow hyperv domains to rw hyperv devices.
Resolves: rhbz#1309361
- Label /var/www/html(/.*)?/wp_backups(/.*)? as httpd_sys_rw_content_t.Resolves: rhbz#1246780
- Create conman_unconfined_script_t type for conman script stored in /use/share/conman/exec/
Resolves: rhbz#1297323
- Fix rule definitions for httpd_can_sendmail boolean. We need to distinguish between base and contrib.
- Add support for /dev/mptctl device used to check RAID status.
 Resolves: rhbz#1258029
- Create hyperv* devices and create rw interfaces for this devices.
Resolves: rhbz#1309361
- Add fixes for selinux userspace moving the policy store to /var/lib/selinux.
- Remove optional else block for dhcp ping - Allow rsync_export_all_ro boolean to read also non_auth_dirs/files/symlinks.
Resolves: rhbz#1263770
- Fix context of "/usr/share/nginx/html".
Resolves: rhbz#1261857
- Allow pmdaapache labeled as pcp_pmcd_t access to port 80 for apache diagnostics
Resolves: rhbz#1270344
- Allow pmlogger to create pmlogger.primary.socket link file.
 Resolves: rhbz#1270344
- Label nagios scripts as httpd_sys_script_exec_t.
Resolves: rhbz#1260306
- Add dontaudit interface for kdumpctl_tmp_t
Resolves: rhbz#1156442
- Allow mdadm read files in EFI partition.
Resolves: rhbz#1291801
- Allow nsd_t to bind on nsf_control tcp port. Allow nsd_crond_t to read nsd pid.
Resolves: rhbz#1293140
- Label some new nsd binaries as nsd_exec_t Allow nsd domain net_admin cap. Create label nsd_tmp_t for nsd tmp files/dirs
Resolves: rhbz#1293140
- Add filename transition that /etc/princap will be created with cupsd_rw_etc_t label in cups_filetrans_named_content() interface.
Resolves: rhbz#1265102
- Add missing labeling for /usr/libexec/abrt-hook-ccpp.
Resolves: rhbz#1213409
- Allow pcp_pmie and pcp_pmlogger to read all domains state.
Resolves: rhbz#1206525
- Label /etc/redis-sentinel.conf as redis_conf_t. Allow redis_t write to redis_conf_t. Allow redis_t to connect on redis tcp port.
Resolves: rhbz#1275246
- cockpit has grown content in /var/run directory
Resolves: rhbz#1279429
- Allow collectd setgid capability
Resolves:#1310898
- Remove declaration of empty booleans in virt policy.
Resolves: rhbz#1103153
- Fix typo in drbd policy
- Add new drbd file type: drbd_var_run_t. Allow drbd_t to manage drbd_var_run_t files/dirs. Allow drbd_t create drbd_tmp_t files in /tmp.
Resolves: rhbz#1134883
- Label /etc/ctdb/events.d/* as ctdb_exec_t. Allow ctdbd_t to setattr on ctdbd_exec_t files.
Resolves: rhbz#1293788
- Allow abrt-hook-ccpp to get attributes of all processes because of core_pattern.
Resolves: rhbz#1254188
- Allow abrt_t to read sysctl_net_t files.
Resolves: rhbz#1254188
- The ABRT coredump handler has code to emulate default core file creation The handler runs in a separate process with abrt_dump_oops_t SELinux process type. abrt-hook-ccpp also saves the core dump file in the very same way as kernel does and a user can specify CWD location for a coredump. abrt-hook-ccpp has been made as a SELinux aware apps to create this coredumps with correct labeling and with this commit the policy rules have been updated to allow access all non security files on a system.
- Allow abrt-hook-ccpp to getattr on all executables.
- Allow setuid/setgid capabilities for abrt-hook-ccpp.
 Resolves: rhbz#1254188
- abrt-hook-ccpp needs to have setfscreate access because it is SELinux aware and compute a target labeling.
 Resolves: rhbz#1254188
- Allow abrt-hook-ccpp to change SELinux user identity for created objects.
 Resolves: rhbz#1254188
- Dontaudit write access to inherited kdumpctl tmp files.
 Resolves: rbhz#1156442
- Add interface to allow reading files in efivarfs - contains Linux Kernel configuration options for UEFI systems (UEFI Runtime Variables)
 Resolves: rhbz#1291801
- Label 8952 tcp port as nsd_control.
 Resolves: rhbz#1293140
- Allow ipsec to use pam.
 Resolves: rhbz#1315700
- Allow to log out to gdm after screen was resized in session via vdagent.
Resolves: rhbz#1249020
- Allow setrans daemon to read /proc/meminfo.
 Resolves: rhbz#1316804
- Allow systemd_networkd_t to write kmsg, when kernel was started with following params: systemd.debug systemd.log_level=debug systemd.log_target=kmsg
Resolves: rhbz#1298151
- Label tcp port 5355 as llmnr-> Link-Local Multicast Name Resolution
Resolves: rhbz#1236579
- Add new selinux policy for systemd-resolved dawmon.
Resolves: rhbz#1236579
- Add interface ssh_getattr_server_keys() interface.
Resolves: rhbz#1306197
- Allow run sshd-keygen on second boot if first boot fails after some reason and content is not syncedon the disk. These changes are reflecting this commit in sshd. http://pkgs.fedoraproject.org/cgit/rpms/openssh.git/commit/?id=af94f46861844cbd6ba4162115039bebcc8f78ba rhbz#1299106
Resolves: rhbz#1306197
- Allow systemd_notify_t to write to kmsg_device_t when 'systemd.log_target=kmsg' option is used.
Resolves: rhbz#1309417
- Remove bin_t label for /etc/ctdb/events.d/. We need to label this scripts as ctdb_exec_t.
Resolves: rhbz#1293788 - Prepare selinux-policy package for userspace release 2016-02-23. Resolves: rhbz#1305982 - Allow sending dbus msgs between firewalld and system_cronjob domains. Resolves: rhbz#1284902
- Allow zabbix-agentd to connect to following tcp sockets. One of zabbix-agentd functions is get service status of ftp,http,innd,pop,smtp protocols.
Resolves:  rhbz#1242506
- Add new boolean tmpreaper_use_cifs() to allow tmpreaper to run on local directories being shared with Samba.
Resolves: rhbz#1284972
- Add support for systemd-hwdb daemon.
 Resolves: rhbz#1257940
- Add interface fs_setattr_cifs_dirs().
 Resolves: rhbz#1284972 - Add new SELinux policy fo targetd daemon.
Resolves: rhbz#1063714
- Add new SELinux policy fo ipmievd daemon.
Resolves: rhbz#1083031
- Add new SELinux policy fo hsqldb daemon.
Resolves: rhbz#1083171
- Add new SELinux policy for blkmapd daemon.
Resolves: rhbz#1072997
- Allow p11-child to connect to apache ports.
- Label /usr/sbin/lvmlockd binary file as lvm_exec_t.
Resolves: rhbz#1278028
- Add interface "lvm_manage_lock" to lvm policy.
Resolves: rhbz#1063714 - Allow openvswitch domain capability sys_rawio.
Resolves: rhbz#1278495 - Allow openvswitch to manage hugetlfs files and dirs.
Resolves: rhbz#1278495
- Add fs_manage_hugetlbfs_files() interface.
Resolves: rhbz#1278495 - Allow smbcontrol domain to send sigchld to ctdbd domain.
Resolves: #1293784
- Allow openvswitch read/write hugetlb filesystem.
Resolves: #1278495 Allow hypervvssd to list all mountpoints to have VSS live backup working correctly.
Resolves:#1247880 - Revert Add missing labeling for /usr/libexec/abrt-hook-ccpp patch
Resolves: #1254188 - Allow search dirs in sysfs types in kernel_read_security_state.
Resolves: #1254188
- Fix kernel_read_security_state interface that source domain of this interface can search sysctl_fs_t dirs.
Resolves: #1254188 - Add missing labeling for /usr/libexec/abrt-hook-ccpp as a part of #1245477 and #1242467 bugs
Resolves: #1254188
- We need allow connect to xserver for all sandbox_x domain because we have one type for all sandbox processes.
Resolves:#1261938 - Remove labeling for modules_dep_t file contexts to have labeled them as modules_object_t.
- Update files_read_kernel_modules() to contain modutils_read_module_deps_files() calling because module deps labeling could remain and it allows to avoid regressions.
Resolves:#1266928 - We need to require sandbox_web_type attribute in sandbox_x_domain_template(). 
Resolves: #1261938
- ipsec: The NM helper needs to read the SAs
Resolves: #1259786
- ipsec: Allow ipsec management to create ptys
Resolves: #1259786 - Add temporary fixes for sandbox related to #1103622. It allows to run everything under one sandbox type.
Resolves:#1261938
- Allow abrt_t domain to write to kernel msg device.
Resolves: #1257828
- Allow rpcbind_t domain to change file owner and group
Resolves: #1265266 - Allow smbcontrol to create a socket in /var/samba which uses for a communication with smbd, nmbd and winbind. 
Resolves: #1256459 - Allow dirsrv-admin script to read passwd file. Allow dirsrv-admin script to read httpd pid files. Label dirsrv-admin unit file and allow dirsrv-admin domains to use it.
Resolves: #1230300
- Allow qpid daemon to connect on amqp tcp port.
Resolves: #1261805 - Label /etc/ipa/nssdb dir as cert_t
Resolves:#1262718
- Do not provide docker policy files which is shipped by docker-selinux.rpm
Resolves:#1262812 - Add labels for afs binaries: dafileserver, davolserver, salvageserver, dasalvager 
Resolves: #1192338
- Add lsmd_plugin_t sys_admin capability, Allow lsmd_plugin_t getattr from sysfs filesystem.
 Resolves: #1238079
- Allow rhsmcertd_t send signull to unconfined_service_t domains. 
Resolves: #1176078
- Remove file transition from snmp_manage_var_lib_dirs() interface which created snmp_var_lib_t dirs in var_lib_t.
- Allow openhpid_t daemon to manage snmp files and dirs. 
Resolves: #1243902
- Allow mdadm_t domain read/write to general ptys and unallocated ttys. 
Resolves: #1073314
- Add interface unconfined_server_signull() to allow domains send signull to unconfined_service_t
 Resolves: #1176078 - Allow systemd-udevd to access netlink_route_socket to change names for network interfaces without unconfined.pp module. It affects also MLS. 
Resolves:#1250456 - Fix labeling for fence_scsi_check script
Resolves: #1255020
- Allow openhpid to read system state Allow openhpid to connect to tcp http port.
 Resolves: #1244248
- Allow openhpid to read snmp var lib files.
 Resolves: #1243902
- Allow openvswitch_t domains read kernel dependencies due to openvswitch run modprobe
- Allow unconfined_t domains to create /var/run/xtables.lock with iptables_var_run_t
Resolves: #1243403
- Remove bin_t label for /usr/share/cluster/fence_scsi_check\.pl 
Resolves: #1255020 - Fix regexp in chronyd.fc file
Resolves: #1243764
- Allow passenger to getattr filesystem xattr
Resolves: #1196555
- Label mdadm.conf.anackbak as mdadm_conf_t file.
Resolves: #1088904
- Revert "Allow pegasus_openlmi_storage_t create mdadm.conf.anacbak file in /etc."
- Allow watchdog execute fenced python script.
Resolves: #1255020
- Added inferface watchdog_unconfined_exec_read_lnk_files()
- Remove labeling for /var/db/.*\.db as etc_t to label db files as system_db_t.
Resolves: #1230877 - Allow watchdog execute fenced python script. Resolves: #1255020
- Added inferface watchdog_unconfined_exec_read_lnk_files()
- Label /var/run/chrony-helper dir as chronyd_var_run_t. Resolves: #1243764
- Allow dhcpc_t domain transition to chronyd_t Resolves: #1243764 - Fix postfix_spool_maildrop_t,postfix_spool_flush_t contexts in postfix.fc file.
Resolves: #1252442 - Allow exec pidof under hypervkvp domain.
Resolves: #1254870
- Allow hypervkvp daemon create connection to the system DBUS
Resolves: #1254870 - Allow openhpid_t to read system state.
Resolves: #1244248
- Added labels for files provided by rh-nginx18 collection
Resolves: #1249945
- Dontaudit block_suspend capability for ipa_helper_t, this is kernel bug. Allow ipa_helper_t capability net_admin. Allow ipa_helper_t to list /tmp. Allow ipa_helper_t to read rpm db.
Resolves: #1252968
- Allow rhsmcertd exec rhsmcertd_var_run_t files and rhsmcerd_tmp_t files. This rules are in hide_broken_sympthons until we find better solution.
Resolves: #1243431
- Allow abrt_dump_oops_t to read proc_security_t files.
- Allow abrt_dump_oops to signull all domains Allow abrt_dump_oops to read all domains state Allow abrt_dump_oops to ptrace all domains
- Add interface abrt_dump_oops_domtrans()
- Add mountpoint dontaudit access check in rhsmcertd policy.
Resolves: #1243431
- Allow samba_net_t to manage samba_var_t sock files.
Resolves: #1252937
- Allow chrome setcap to itself.
Resolves: #1251996
- Allow httpd daemon to manage httpd_var_lib_t lnk_files.
Resolves: #1253706
- Allow chronyd exec systemctl
Resolves: #1243764
- Add inteface chronyd_signal Allow timemaster_t send generic signals to chronyd_t.
Resolves: #1243764
- Added interface fs_dontaudit_write_configfs_dirs
- Add label for kernel module dep files in /usr/lib/modules
Resolves:#916635
- Allow kernel_t domtrans to abrt_dump_oops_t
- Added to files_dontaudit_write_all_mountpoints intefface new dontaudit rule, that domain included this interface dontaudit capability dac_override.
- Allow systemd-networkd to send logs to systemd-journald.
Resolves: #1236616 - Fix label on /var/tmp/kiprop_0
Resolves:#1220763
- Allow lldpad_t to getattr tmpfs_t.
Resolves: #1246220
- Label /dev/shm/lldpad.* as lldapd_tmpfs_t
Resolves: #1246220
- Allow audisp client to read system state. - Allow pcp_domain to manage pcp_var_lib_t lnk_files.
Resolves: #1252341
- Label /var/run/xtables.* as iptables_var_run_t
Resolves: #1243403 - Add interface to read/write watchdog device
- Add labels for /dev/memory_bandwith and /dev/vhci. Thanks ssekidde
Resolves:#1210237
- Allow apcupsd_t to read /sys/devices 
Resolves:#1189185
- Allow logrotate to reload services.
Resolves: #1242453
- Allow openhpid use libwatchdog plugin. (Allow openhpid_t rw watchdog device)
Resolves: #1244260
- Allow openhpid liboa_soap plugin to read generic certs.
Resolves: #1244248
- Allow openhpid liboa_soap plugin to read resolv.conf file.
Resolves: #1244248
- Label /usr/libexec/chrony-helper as chronyd_exec_t
- Allow chronyd_t to read dhcpc state.
- Allow chronyd to execute mkdir command. - Allow mdadm to access /dev/random and add support to create own files/dirs as mdadm_tmpfs_t.
Resolves:#1073314
- Allow udev, lvm and fsadm to access systemd-cat in /var/tmp/dracut if 'dracut -fv' is executed in MLS.
- Allow admin SELinu users to communicate with kernel_t. It is needed to access /run/systemd/journal/stdout if 'dracut -vf' is executed. We allow it for other SELinux users.
- Allow sysadm to execute systemd-sysctl in the sysadm_t domain. It is needed for ifup command in MLS mode.
- Add fstools_filetrans_named_content_fsadm() and call it for named_filetrans_domain domains. We need to be sure that /run/blkid is created with correct labeling.
Resolves:#1183503
- Add support for /etc/sanlock which is writable by sanlock daemon.
Resolves:#1231377
- Allow useradd add homedir located in /var/lib/kdcproxy in ipa-server RPM scriplet.
Resolves:#1243775 
- Allow snapperd to pass data (one way only) via pipe negotiated over dbus
Resolves:#1250550
- Allow lsmd also setuid capability. Some commands need to executed under root privs. Other commands are executed under unprivileged user. - Allow openhpid to use libsnmp_bc plugin (allow read snmp lib files).
  Resolves: #1243902
- Allow lsm_plugin_t to read sysfs, read hwdata, rw to scsi_generic_device
  Resolves: #1238079
- Allow lsm_plugin_t to rw raw_fixed_disk.
  Resolves:#1238079
- Allow rhsmcertd to send signull to unconfined_service. - Allow httpd_suexec_t to read and write Apache stream sockets 
Resolves: #1243569
- Allow qpid to create lnk_files in qpid_var_lib_t
Resolves: #1247279 - Allow drbd to get attributes from filesystems.
- Allow redis to read kernel parameters.
Resolves: #1209518
- Allow virt_qemu_ga_t domtrans to passwd_t
- Allow audisp_remote_t to start power unit files domain to allow halt system.
Resolves: #1186780
- Allow audisp_remote_t to read/write user domain pty.
Resolves: #1186780
- Label /usr/sbin/chpasswd as passwd_exec_t.
- Allow sysadm to administrate ldap environment and allow to bind ldap port to allow to setup an LDAP server (389ds).
Resolves:#1221121 - gnome_dontaudit_search_config() needs to be a part of optinal_policy in pegasus.te
- Allow pcp_pmcd daemon to read postfix config files.
- Allow pcp_pmcd daemon to search postfix spool dirs.
Resolves: #1213740
- Added Booleans: pcp_read_generic_logs.
Resolves: #1213740
- Allow drbd to read configuration options used when loading modules.
Resolves: #1134883
- Allow glusterd to manage nfsd and rpcd services.
- Allow glusterd to communicate with cluster domains over stream socket.
- glusterd call pcs utility which calls find for cib.* files and runs pstree under glusterd. Dontaudit access to security files and update gluster boolean to reflect these changes. - Allow glusterd to manage nfsd and rpcd services.
- Allow networkmanager to  communicate via dbus with systemd_hostanmed. 
Resolves: #1234954
- Allow stream connect logrotate to prosody.
- Add prosody_stream_connect() interface.
-  httpd should be able to send signal/signull to httpd_suexec_t, instead of httpd_suexec_exec_t.
- Allow prosody to create own tmp files/dirs.
Resolves:#1212498 - Allow networkmanager read rfcomm port.
Resolves:#1212498
- Remove non exists label.
- Fix *_admin intefaces where body is not consistent with header.
- Label /usr/afs/ as afs_files_t, Allow afs_bosserver_t create afs_config_t and afs_dbdir_t dirs under afs_files_t, Allow afs_bosserver_t read kerberos config
- Remove non exits nfsd_ro_t label.
- Make all interfaces related to openshift_cache_t as deprecated.
- Add rpm_var_run_t label to rpm_admin header
- Add jabberd_lock_t label to jabberd_admin header.
- Add samba_unconfined_script_exec_t to samba_admin header.
- inn daemon should create innd_log_t objects in var_log_t instead of innd_var_run_t
- Fix ctdb policy
- Add samba_signull_winbind()
- Add samba_signull_unconfined_net()
- Allow ctdbd_t send signull to samba_unconfined_net_t.
- Allow openshift_initrc_t to communicate with firewalld over dbus 
Resolves:#1221326 - Allow gluster to connect to all ports. It is required by random services executed by gluster.
- Add interfaces winbind_signull(), samba_unconfined_net_signull().
- Dontaudit smbd_t block_suspend capability. This is kernel bug.
- Allow ctdbd sending signull to process winbind, samba_unconfined_net, to
    checking if processes exists.
- Add tmpreaper booleans to use nfs_t and samba_share_t.
- Fix path from /usr/sbin/redis-server to /usr/bin/redis-server
- Allow connect ypserv to portmap_port_t
- Fix paths in inn policy, Allow innd read innd_log_t dirs, Allow innd execute innd_etc_t files
- Add support for openstack-nova-* packages
- Allow NetworkManager_t send signull to dnssec_trigger_t.
- Allow glusterd to execute showmount in the showmount domain.
- Label swift-container-reconciler binary as swift_t.
- Allow dnssec_trigger_t relabelfrom dnssec_trigger_var_run_t files.
- Add cobbler_var_lib_t to "/var/lib/tftpboot/boot(/.*)?"
Resolves:#1213540
- Merge all nova_* labels under one nova_t. - Add logging_syslogd_run_nagios_plugins boolean for rsyslog to allow transition to nagios unconfined plugins
Resolves:#1233550
- Allow dnssec_trigger_t create dnssec_trigger_tmp_t files in /var/tmp/
- Add support for oddjob based helper in FreeIPA.
- Add new boolean - httpd_run_ipa to allow httpd process to run IPA helper and dbus chat with oddjob.
- Add nagios_domtrans_unconfined_plugins() interface.
- Update mta_filetrans_named_content() interface to cover more db files. 
Resolves:#1167468
- Add back ftpd_use_passive_mode boolean with fixed description.
- Allow pmcd daemon stream connect to mysqld.
- Allow pcp domains to connect to own process using unix_stream_socket. 
Resolves:#1213709
- Allow  abrt-upload-watch service to dbus chat with ABRT daemon and fsetid capability to allow run reporter-upload correctly.
- Add new boolean - httpd_run_ipa to allow httpd process to run IPA helper and dbus chat with oddjob.
- Add support for oddjob based helper in FreeIPA.
- Allow dnssec_trigger_t create dnssec_trigger_tmp_t files in /var/tmp/ - Allow iptables to read ctdbd lib files.
Resolves:#1224879
- Add systemd_networkd_t to nsswitch domains.
- Allow drbd_t write to fixed_disk_device. Reason: drbdmeta needs write to fixed_disk_device during initialization. 
Resolves:#1130675
- Allow NetworkManager write to sysfs. 
- Fix cron_system_cronjob_use_shares boolean to call fs interfaces which contain only entrypoint permission.
- Add cron_system_cronjob_use_shares boolean to allow system cronjob to be executed from shares - NFS, CIFS, FUSE. It requires "entrypoint" permissios on nfs_t, cifs_t and fusefs_t SELinux types.
- Allow NetworkManager write to sysfs. 
- Allow ctdb_t sending signull to smbd_t, for checking if smbd process exists. 
- Dontaudit apache to manage snmpd_var_lib_t files/dirs. 
- Add interface snmp_dontaudit_manage_snmp_var_lib_files().
- Dontaudit mozilla_plugin_t cap. sys_ptrace. 
- Rename xodbc-connect port to xodbc_connect
- Allow ovsdb-server to connect on xodbc-connect and ovsdb tcp ports. 
- Allow iscsid write to fifo file kdumpctl_tmp_t. Appears when kdump generates the initramfs during the kernel boot. 
- Dontaudit chrome to read passwd file. 
- nrpe needs kill capability to make gluster moniterd nodes working. 
Resolves:#1235587 - We allow can_exec() on ssh_keygen on gluster. But there is a transition defined by init_initrc_domain() because we need to allow execute unconfined services by glusterd. So ssh-keygen ends up with ssh_keygen_t and we need to allow to manage /var/lib/glusterd/geo-replication/secret.pem.
- Allow sshd to execute gnome-keyring if there is configured pam_gnome_keyring.so.
- Allow gnome-keyring executed by passwd to access /run/user/UID/keyring to change a password. 
- Label gluster python hooks also as bin_t.
- Allow glusterd to interact with gluster tools running in a user domain
- Add glusterd_manage_lib_files() interface.
- ntop reads /var/lib/ntop/macPrefix.db and it needs dac_override. It has setuid/setgid. 
- Allow samba_t net_admin capability to make CIFS mount working.
- S30samba-start gluster hooks wants to search audit logs. Dontaudit it.
Resolves:#1224879 - Allow glusterd to send generic signals to systemd_passwd_agent processes.
- Allow glusterd to access init scripts/units without defined policy
- Allow glusterd to run init scripts.
- Allow glusterd to execute /usr/sbin/xfs_dbin glusterd_t domain.
Resolves:#1224879 - Calling cron_system_entry() in pcp_domain_template needs to be a part of optional_policy block.
- Allow samba-net to access /var/lib/ctdbd dirs/files.
- Allow glusterd to send a signal to smbd.
- Make ctdbd as home manager to access also FUSE.
- Allow glusterd to use geo-replication gluster tool.
- Allow glusterd to execute ssh-keygen.
- Allow glusterd to interact with cluster services.
- Allow glusterd to connect to the system DBUS for service (acquire_svc).
- Label /dev/log correctly.
Resolves:#1230932 - Back port the latest F22 changes to RHEL7. It should fix most of RHEL7.2 bugs
- Add cgdcbxd policy 
Resolves:#1072493
- Fix ftp_homedir boolean
Resolve:#1097775
- Dontaudit ifconfig writing inhertited /var/log/pluto.log.
- Allow cluster domain to dbus chat with systemd-logind.
Resolves:#1145215
- Dontaudit write access to inherited kdumpctl tmp files
Resolves:#1156442
- Allow isnsd_t to communicate with sssd
Resolves:#1167702
- Allow rwho_t to communicate with sssd
Resolves:#1167718
- Allow sblim_gatherd_t to communicate with sssd
Resolves:#1167732
- Allow pkcs_slotd_t to communicate with sssd
Resolves:#1167737
- Allow openvswitch_t to communicate with sssd
Resolves:#1167816
- Allow mysqld_safe_t to communicate with sssd
Resolves:#1167832
- Allow sshd_keygen_t to communicate with sssd
Resolves:#1167840
- Add support for iprdbg logging files in /var/log.
Resolves:#1174363
- Allow tmpreaper_t to manage ntp log content
Resolves:#1176965
- Allow gssd_t to manage ssh keyring
Resolves:#1184791
- Allow httpd_sys_script_t to send system log messages
Resolves:#1185231
- Allow apcupsd_t to read /sys/devices
Resolves:#1189185
- Allow dovecot_t sys_resource capability
Resolves:#1191143
- Add support for mongod/mongos systemd unit files.
Resolves:#1197038
- Add bacula fixes
- Added label mysqld_etc_t for /etc/my.cnf.d/ dir.
Resolves:#1203991 - Label /usr/libexec/postgresql-ctl as postgresql_exec_t. 
- Add more restriction on entrypoint for unconfined domains.
- Only allow semanage_t to be able to setenforce 0, no all domains that use selinux_semanage interface
- Allow all domains to read /dev/urandom. It is needed by all apps/services linked to libgcrypt. There is no harm to allow it by default.
- Update policy/mls for sockets related to access perm. Rules were contradictory.
- Add nagios_run_pnp4nagios and nagios_run_sudo booleans to allow r
un sudo from NRPE utils scripts and allow run nagios in conjunction w
ith PNP4Nagios.
Resolves:#1201054
- Don't use deprecated userdom_manage_tmpfs_role() interface calliing and use userdom_manage_tmp_role() instead.
- Update virt_read_pid_files() interface to allow read also symlinks with virt_var_run_t type
- Label /var/lib/tftpboot/aarch64(/.*)? and /var/lib/tftpboot/images2(/.*)?
- Add support for iprdbg logging files in /var/log.
- Add fixes to rhsmcertd_t
- Allow puppetagent_t to transfer firewalld messages over dbus
- Add support for /usr/libexec/mongodb-scl-helper RHSCL helper script.
- Added label mysqld_etc_t for /etc/my.cnf.d/ dir.
- Add support for mongod/mongos systemd unit files.
- cloudinit and rhsmcertd need to communicate with dbus
- Allow dovecot_t sys_resource capability - ALlow mongod execmem by default.
- Update policy/mls for sockets. Rules were contradictory.
Resolves:#1207133
- Allow a user to login with different security level via ssh. - Update seutil_manage_config() interface.
Resolves:#1185962
- Allow pki-tomcat relabel pki_tomcat_etc_rw_t.
- Turn on docker_transition_unconfined by default - Allow virtd to list all mountpoints.
Resolves:#1180713 - pkcsslotd_lock_t should be an alias for pkcs_slotd_lock_t.
- Allow fowner capability for sssd because of selinux_child handling.
- ALlow bind to read/write inherited ipsec pipes
- Allow hypervkvp to read /dev/urandom and read  addition states/config files.
- Allow gluster rpm scripletto create glusterd socket with correct labeling. This is a workaround until we get fix in glusterd.
- Add glusterd_filetrans_named_pid() interface
- Allow radiusd to connect to radsec ports.
- Allow setuid/setgid for selinux_child
- Allow lsmd plugin to connect to tcp/5988 by default.
- Allow lsmd plugin to connect to tcp/5989 by default.
- Update ipsec_manage_pid() interface.
Resolves:#1184978 - Update ipsec_manage_pid() interface.
Resolves:#1184978 - Allow ntlm_auth running in winbind_helper_t to access /dev/urandom. - Add auditing support for ipsec.
Resolves:#1182524
- Label /ostree/deploy/rhel-atomic-host/deploy directory as system_conf_t
- Allow netutils chown capability to make tcpdump working with -w - Allow ipsec to execute _updown.netkey script to run unbound-control.
- Allow neutron to read rpm DB.
- Add additional fixes for hyperkvp
 * creates new ifcfg-{name} file
 * Runs hv_set_ifconfig.sh, which does the following
 * Copies ifcfg-{name} to /etc/sysconfig/network-scripts
- Allow svirt to read symbolic links in /sys/fs/cgroups labeled as tmpfs_t
- Add labeling for pacemaker.log.
- Allow radius to connect/bind radsec ports.
- Allow pm-suspend running as virt_qemu_ga to read /var/log/pm-suspend.log
- Allow  virt_qemu_ga to dbus chat with rpm.
- Update virt_read_content() interface to allow read also char devices.
- Allow glance-registry to connect to keystone port.
Resolves:#1181818 - Allow sssd to send dbus all user domains.
Resolves:#1172291
- Allow lsm plugin to read certificates.
- Fix labeling for keystone CGI scripts.
- Make snapperd back as unconfined domain. - Fix bugs in interfaces discovered by sepolicy.
- Allow slapd to read /usr/share/cracklib/pw_dict.hwm.
- Allow lsm plugins to connect to tcp/18700 by default.
- Allow brltty mknod capability to allow create /var/run/brltty/vcsa.
- Fix pcp_domain_template() interface.
- Fix conman.te.
- Allow mon_fsstatd to read /proc/sys/fs/binfmt_misc
- Allow glance-scrubber to connect tcp/9191.
- Add missing setuid capability for sblim-sfcbd.
- Allow pegasus ioctl() on providers.
- Add conman_can_network.
- Allow chronyd to read chrony conf files located in /run/timemaster/.
- Allow radius to bind on tcp/1813 port.
- dontaudit block suspend access for openvpn_t 
- Allow conman to create files/dirs in /tmp.
- Update xserver_rw_xdm_keys() interface to have 'setattr'.
Resolves:#1172291 
- Allow sulogin to read /dev/urandom and /dev/random.
- Update radius port definition to have also tcp/18121
- Label prandom as random_device_t.
- Allow charon to manage files in /etc/strongimcv labeled as ipsec_conf_t. - Allow virt_qemu_ga_t to execute kmod.
- Add missing files_dontaudit_list_security_dirs() for smbd_t in samba_export_all_ro boolean.
- Add additionnal MLS attribute for oddjob_mkhomedir to create homedirs.
Resolves:#1113725
- Enable OpenStack cinder policy
- Add support for /usr/share/vdsm/daemonAdapter
- Add support for /var/run/gluster - Remove old pkcsslotd.pp from minimum package
- Allow rlogind to use also rlogin ports.
- Add support for /usr/libexec/ntpdate-wrapper. Label it as ntpdate_exec_t.
- Allow bacula to connect also to postgresql.
- Label /usr/libexec/tomcat/server as tomcat_exec_t
- Add support for /usr/sbin/ctdbd_wrapper
- Add support for /usr/libexec/ppc64-diag/rtas_errd
- Allow rpm_script_roles to access system_mail_t
- Allow brltty to create /var/run/brltty
- Allow lsmd plugin to access netlink_route_socket
- Allow smbcontrol to read passwd
- Add support for /usr/libexec/sssd/selinux_child and create sssd_selinux_manager_t domain for it
Resolves:#1140106
- Allow osad to execute rhn_check
- Allow load_policy to rw inherited sssd pipes because of selinux_child
- Allow admin SELinux users mounting / as private within a new mount namespace as root in MLS
- Add additional fixes for su_restricted_domain_template to make moving to sysadm_r and trying to su working correctly
- Add additional booleans substitions - Add seutil_dontaudit_access_check_semanage_module_store() interface
Resolves:#1140106
- Update to have all _systemctl() interface also init_reload_services().
- Dontaudit access check on SELinux module store for sssd.
- Add labeling for /sbin/iw.
- Allow named_filetrans_domain to create ibus directory with correct labeling. - Allow radius to bind tcp/1812 radius port.
- Dontaudit list user_tmp files for system_mail_t.
- Label virt-who as virtd_exec_t.
- Allow rhsmcertd to send a null signal to virt-who running as virtd_t.
- Add missing alias for _content_rw_t.
Resolves:#1089177
- Allow spamd to access razor-agent.log.
- Add fixes for sfcb from libvirt-cim TestOnly bug.
- Allow NetworkManager stream connect on openvpn.
- Make /usr/bin/vncserver running as unconfined_service_t.
- getty_t should be ranged in MLS. Then also local_login_t runs as ranged domain.
- Label /etc/docker/certs.d as cert_t. - Label /etc/strongimcv as ipsec_conf_file_t.
- Add support for /usr/bin/start-puppet-ca helper script
Resolves:#1160727
- Allow rpm scripts to enable/disable transient systemd units.
Resolves:#1154613 
- Make kpropdas nsswitch domain
Resolves:#1153561
- Make all glance domain as nsswitch domains
Resolves:#1113281
- Allow selinux_child running as sssd access check on /etc/selinux/targeted/modules/active
- Allow access checks on setfiles/load_policy/semanage_lock for selinux_child running as sssd_t
Resolves:#1140106 - Dontaudit access check on setfiles/load_policy for sssd_t.
Resolves:#1140106
- Add kdump_rw_inherited_kdumpctl_tmp_pipes()
Resolves:#1156442
- Make linuxptp services as unconfined.
- Added new policy linuxptp.
Resolves:#1149693
- Label keystone cgi files as keystone_cgi_script_exec_t.
Resolves:#1138424
- Make tuned as unconfined domain - Allow guest to connect to libvirt using unix_stream_socket.
- Allow all bus client domains to dbus chat with unconfined_service_t.
- Allow inetd service without own policy to run in inetd_child_t which is unconfined domain.
- Make opensm as nsswitch domain to make it working with sssd.
- Allow brctl to read meminfo.
- Allow winbind-helper to execute ntlm_auth in the caller domain.
Resolves:#1160339
- Make plymouthd as nsswitch domain to make it working with sssd.
Resolves:#1160196
- Make drbd as nsswitch domain to make it working with sssd.
- Make conman as nsswitch domain to make ipmitool.exp runing as conman_t working.
- Add support for /var/lib/sntp directory.
- Add fixes to allow docker to create more content in tmpfs ,and donaudit reading /proc
- Allow winbind to read usermodehelper
- Allow telepathy domains to execute shells and bin_t
- Allow gpgdomains to create netlink_kobject_uevent_sockets
- Allow mongodb to bind to the mongo port and mongos to run as mongod_t
- Allow abrt to read software raid state.
- Allow nslcd to execute netstat.
- Allow dovecot to create user's home directory when they log into IMAP.
- Allow login domains to create kernel keyring with different level. - Allow modemmanger to connectto itself
Resolves:#1120152 
- Allow pki_tomcat to create link files in /var/lib/pki-ca.
Resolves:#1121744 
- varnishd needs to have fsetid capability
Resolves:#1125165
- Allow snapperd to dbus chat with system cron jobs.
Resolves:#1152447
- Allow dovecot to create user's home directory when they log into IMAP 
Resolves:#1152773   
- Add labeling for /usr/sbin/haproxy-systemd-wrapper wrapper to make haproxy running haproxy_t.
- ALlow listen and accept on tcp socket for init_t in MLS. Previously it was for xinetd_t. 
- Allow nslcd to execute netstat.
- Add suppor for keepalived unconfined scripts and allow keepalived to read all domain state and kill capability.
- Allow nslcd to read /dev/urandom. - Add back kill permisiion for system class
Resolves:#1150011 - Add back kill permisiion for service class
Resolves:#1150011
- Make rhsmcertd_t also as dbus domain.
- Allow named to create DNS_25 with correct labeling.
- Add cloudform_dontaudit_write_cloud_log()
- Call auth_use_nsswitch to apache to read/write cloud-init keys.
- Allow cloud-init to dbus chat with certmonger.
- Fix path to mon_statd_initrc_t script.
- Allow all RHCS services to read system state.
- Allow dnssec_trigger_t to execute unbound-control in own domain.
- kernel_read_system_state needs to be called with type. Moved it to antivirus.if.
- Added policy for mon_statd and mon_procd services. BZ (1077821)
- Allow opensm_t to read/write /dev/infiniband/umad1.
- Allow mongodb to manage own log files.
- Allow neutron connections to system dbus.
- Add support for /var/lib/swiftdirectory.
- Allow nova-scheduler to read certs.
- Allow openvpn to access /sys/fs/cgroup dir.
- Allow openvpn to execute  systemd-passwd-agent in  systemd_passwd_agent_t to make openvpn working with systemd.
- Fix samba_export_all_ro/samba_export_all_rw booleans to dontaudit search/read security files.
- Add auth_use_nsswitch for portreserve to make it working with sssd.
- automount policy is non-base module so it needs to be called in optional block.
- ALlow sensord to getattr on sysfs.
- Label /usr/share/corosync/corosync as cluster_exec_t.
- Allow lmsd_plugin to read passwd file. BZ(1093733)
- Allow read antivirus domain all kernel sysctls.
- Allow mandb to getattr on file systems
- Allow nova-console to connect to mem_cache port.
- Make sosreport as unconfined domain.
- Allow mondogdb to  'accept' accesses on the tcp_socket port.
- ALlow sanlock to send a signal to virtd_t. - Build also MLS policy
Resolves:#1138424 - Add back kill permisiion for system class
- Allow iptables read fail2ban logs.
- Fix radius labeled ports
- Add userdom_manage_user_tmpfs_files interface
- Allow libreswan to connect to VPN via NM-libreswan.
- Label 4101 tcp port as brlp port
- fix dev_getattr_generic_usb_dev interface
- Allow all domains to read fonts
- Make sure /run/systemd/generator and system is labeled correctly on creation.
- Dontaudit aicuu to search home config dir. 
- Make keystone_cgi_script_t domain. 
Resolves:#1138424
- Fix bug in drbd policy, 
- Added support for cpuplug. 
- ALlow sanlock_t to read sysfs_t.
- Added sendmail_domtrans_unconfined interface
- Fix broken interfaces
- radiusd wants to write own log files.
- Label /usr/libexec/rhsmd as rhsmcertd_exec_t
- Allow rhsmcertd send signull to setroubleshoot. 
- Allow rhsmcertd manage rpm db. 
- Added policy for blrtty. 
- Fix keepalived policy
- Allow rhev-agentd dbus chat with systemd-logind.
- Allow keepalived manage snmp var lib sock files.
- Add support for /var/lib/graphite-web
- Allow NetworkManager to create Bluetooth SDP sockets
- It's going to do the the discovery for DUN service for modems with Bluez 5.
- Allow swift to connect to all ephemeral ports by default.
- Allow sssd to read selinux config to add SELinux user mapping.
- Allow lsmd to search own plguins.
- Allow abrt to read /dev/memto generate an unique machine_id and uses  sosuploader's algorithm based off dmidecode[1] fields.
- ALlow zebra for user/group look-ups.
- Allow nova domains to getattr on all filesystems.
- Allow collectd sys_ptrace and dac_override caps because of reading of /proc/%i/io for several processes.
- Allow pppd to connect to /run/sstpc/sstpc-nm-sstp-service-28025 over unix stream socket.
- Allow rhnsd_t to manage also rhnsd config symlinks.
- ALlow user mail domains to create dead.letter.
- Allow rabbitmq_t read rabbitmq_var_lib_t lnk files. 
- Allow pki-tomcat to change SELinux object identity.
- Allow radious to connect to apache ports to do OCSP check
- Allow git cgi scripts to create content in /tmp
- Allow cockpit-session to do GSSAPI logins.
- Allow sensord read in /proc 
- Additional access required by usbmuxd - Allow locate to look at files/directories without labels, and chr_file and blk_file on non dev file systems
- Label /usr/lib/erlang/erts.*/bin files as bin_t
- Add files_dontaudit_access_check_home_dir() inteface.
- Allow udev_t mounton udev_var_run_t dirs #(1128618)
- Add systemd_networkd_var_run_t labeling for /var/run/systemd/netif and allow systemd-networkd to manage it.
- Add init_dontaudit_read_state() interface.
- Add label for ~/.local/share/fonts
- Allow unconfined_r to access unconfined_service_t.
- Allow init to read all config files
- Add new interface to allow creation of file with lib_t type
- Assign rabbitmq port.
- Allow unconfined_service_t to dbus chat with all dbus domains
- Add new interfaces to access users keys.
- Allow domains to are allowed to mounton proc to mount on files as well as dirs
- Fix labeling for HOME_DIR/tmp and HOME_DIR/.tmp directories.
- Add a port definition for shellinaboxd
- Label ~/tmp and ~/.tmp directories in user tmp dirs as user_tmp_t
- Allow userdomains to stream connect to pcscd for smart cards
- Allow programs to use pam to search through user_tmp_t dires (/tmp/.X11-unix)
- Update to rawhide-contrib changes
Resolves:#1123844 - Rebase to 3.13.1 which we have in Fedora21
Resolves:#1128284 - Back port fixes from Fedora. Mainly OpenStack and Docker fixes - Add policy-rhel-7.1-{base,contrib} patches - Add support for us_cli ports
- Fix labeling for /var/run/user/<UID>/gvfs
- add support for tcp/9697
- Additional rules required by openstack,  needs backport to F20 and RHEL7
- Additional access required by docker
- ALlow motion to use tcp/8082 port
- Allow init_t to setattr/relabelfrom dhcp state files
- Dontaudit antivirus domains read access on all security files by default
- Add missing alias for old amavis_etc_t type
- Allow block_suspend cap for haproxy
- Additional fixes for  instack overcloud
- Allow OpenStack to read mysqld_db links and connect to MySQL
- Remove dup filename rules in gnome.te
- Allow sys_chroot cap for httpd_t and setattr on httpd_log_t
- Allow iscsid to handle own unit files
- Add iscsi_systemctl()
- Allow mongod to create also sock_files in /run with correct labeling
- Allow httpd to send signull to apache script domains and don't audit leaks
- Allow rabbitmq_beam to connect to httpd port
- Allow aiccu stream connect to pcscd
- Allow dmesg to read hwdata and memory dev
- Allow all freeipmi domains to read/write ipmi devices
- Allow sblim_sfcbd to use also pegasus-https port
- Allow rabbitmq_epmd to manage rabbit_var_log_t files
- Allow chronyd to read /sys/class/hwmon/hwmon1/device/temp2_input
- Allow docker to status any unit file and allow it to start generic unit files - Change hsperfdata_root to have as user_tmp_t
Resolves:#1076523 - Fix Multiple same specifications for /var/named/chroot/dev/zero
- Add labels for /var/named/chroot_sdb/dev devices
- Add support for strongimcv
- Use kerberos_keytab_domains in auth_use_nsswitch
- Update auth_use_nsswitch to make all these types as kerberos_keytab_domain to
- Allow net_raw cap for neutron_t and send sigkill to dnsmasq
- Fix ntp_filetrans_named_content for sntp-kod file
- Add httpd_dbus_sssd boolean
- Dontaudit exec insmod in boinc policy
- Rename kerberos_keytab_domain to kerberos_keytab_domains
- Add kerberos_keytab_domain()
- Fix kerberos_keytab_template()
- Make all domains which use kerberos as kerberos_keytab_domain
Resolves:#1083670
- Allow kill capability to winbind_t - varnishd wants chown capability
- update ntp_filetrans_named_content() interface
- Add additional fixes for neutron_t. #1083335
- Dontaudit getattr on proc_kcore_t
- Allow pki_tomcat_t to read ipa lib files
- Allow named_filetrans_domain to create /var/cache/ibus with correct labelign
- Allow init_t run /sbin/augenrules
- Add dev_unmount_sysfs_fs and sysnet_manage_ifconfig_run interfaces
- Allow unpriv SELinux user to use sandbox
- Add default label for /tmp/hsperfdata_root - Add file subs also for /var/home - Allow xauth_t to read user_home_dir_t lnk_file
- Add labeling for lightdm-data
- Allow certmonger to manage ipa lib files
- Add support for /var/lib/ipa
- Allow pegasus to getattr virt_content
- Added some new rules to pcp policy
- Allow chrome_sandbox to execute config_home_t
- Add support for ABRT FAF - Allow kdm to send signull to remote_login_t process
- Add gear policy
- Turn on gear_port_t
- Allow cgit to read gitosis lib files by default
- Allow vdagent to read xdm state
- Allow NM and fcoeadm to talk together over unix_dgram_socket - Back port fixes for pegasus_openlmi_admin_t from rawhide
Resolves:#1080973
- Add labels for ostree
- Add SELinux awareness for NM
- Label /usr/sbin/pwhistory_helper as updpwd_exec_t - add gnome_append_home_config()
- Allow thumb to append GNOME config home files
- Allow rasdaemon to rw /dev/cpu//msr
- fix /var/log/pki file spec
- make bacula_t as auth_nsswitch domain
- Identify pki_tomcat_cert_t as a cert_type
- Define speech-dispater_exec_t as an application executable
- Add a new file context for /var/named/chroot/run directory
- update storage_filetrans_all_named_dev for sg* devices
- Allow auditctl_t  to getattr on all removeable devices
- Allow nsswitch_domains to stream connect to nmbd
- Allow unprivusers to connect to memcached
- label /var/lib/dirsrv/scripts-INSTANCE as bin_t - Allow also unpriv user to run vmtools
- Allow secadm to read /dev/urandom and meminfo
Resolves:#1079250
- Add booleans to allow docker processes to use nfs and samba
- Add mdadm_tmpfs support
- Dontaudit net_amdin for /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.51-2.4.5.1.el7.x86_64/jre-abrt/bin/java running as pki_tomcat_t
- Allow vmware-user-sui to use user ttys
- Allow talk 2 users logged via console too
- Allow ftp services to manage xferlog_t
- Make all pcp domanis as unconfined for RHEL7.0 beucause of new policies
- allow anaconda to dbus chat with systemd-localed - allow anaconda to dbus chat with systemd-localed
- Add fixes for haproxy based on bperkins@redhat.com
- Allow cmirrord to make dmsetup working
- Allow NM to execute arping
- Allow users to send messages through talk
- Add userdom_tmp_role for secadm_t - Add additional fixes for rtas_errd
- Fix transitions for tmp/tmpfs in rtas.te
- Allow rtas_errd to readl all sysctls - Add support for /var/spool/rhsm/debug
- Make virt_sandbox_use_audit as True by default
- Allow svirt_sandbox_domains to ptrace themselves - Allow docker containers to manage /var/lib/docker content - Allow docker to read tmpfs_t symlinks
- Allow sandbox svirt_lxc_net_t to talk to syslog and to sssd over stream sockets - Allow collectd to talk to libvirt
- Allow chrome_sandbox to use leaked unix_stream_sockets
- Dontaudit leaks of sockets into chrome_sandbox_t
- If you create a cups directory in /var/cache then it should be labeled cups_rw_etc_t
- Run vmtools as unconfined domains
- Allow snort to manage its log files
- Allow systemd_cronjob_t to be entered via bin_t
- Allow procman to list doveconf_etc_t
- allow keyring daemon to create content in tmpfs directories
- Add proper labelling for icedtea-web
- vpnc is creating content in networkmanager var run directory
- Label sddm as xdm_exec_t to make KDE working again
- Allow postgresql to read network state
- Allow java running as pki_tomcat to read network sysctls
- Fix cgroup.te to allow cgred to read cgconfig_etc_t
- Allow beam.smp to use ephemeral ports
- Allow winbind to use the nis to authenticate passwords - Make rtas_errd_t as unconfined domain for F20.It needs additional fixes. It runs rpm at least.
- Allow net_admin cap for fence_virtd running as fenced_t
- Make  abrt-java-connector working
- Make cimtest script 03_defineVS.py of ComputerSystem group working
- Fix git_system_enable_homedirs boolean
- Allow munin mail plugins to read network systcl - Allow vmtools_helper_t to execute bin_t
- Add support for /usr/share/joomla
- /var/lib/containers should be labeled as openshift content for now
- Allow docker domains to talk to the login programs, to allow a process to login into the container
- Allow install_t do dbus chat with NM
- Fix interface names in anaconda.if
- Add install_t for anaconda. A new type is a part of anaconda policy
- sshd to read network sysctls - Allow zabbix to send system log msgs
- Allow init_t to stream connect to ipsec
Resolves:#1060775 - Add docker_connect_any boolean - Allow unpriv SELinux users to dbus chat with firewalld
- Add lvm_write_metadata()
- Label /etc/yum.reposd dir as system_conf_t. Should be safe because system_conf_t is base_ro_file_type
- Allow pegasus_openlmi_storage_t to write lvm metadata
- Add hide_broken_symptoms for kdumpgui because of systemd bug
- Make kdumpgui_t as unconfined domain
Resolves:#1044299
- Allow docker to connect to tcp/5000 - Allow numad to write scan_sleep_millisecs
- Turn on entropyd_use_audio boolean by default
- Allow cgred to read /etc/cgconfig.conf because it contains templates used together with rules from /etc/cgrules.conf.
- Allow lscpu running as rhsmcertd_t to read /proc/sysinfo
- Fix label on irclogs in the homedir
- Allow kerberos_keytab_domain domains to manage keys until we get sssd fix
- Allow postgresql to use ldap
- Add missing syslog-conn port
- Add support for /dev/vmcp and /dev/sclp
Resolves:#1069310 - Modify xdm_write_home to allow create files/links in /root with xdm_home_
- Allow virt domains to read network state
Resolves:#1072019 - Added pcp rules
- dontaudit openshift_cron_t searching random directories, should be back ported to RHEL6
- clean up ctdb.te
- Allow ctdbd to connect own ports
- Fix samba_export_all_rw booleanto cover also non security dirs
- Allow swift to exec rpm in swift_t and allow to create tmp files/dirs
- Allow neutron to create /run/netns with correct labeling
- Allow certmonger to list home dirs - Change userdom_use_user_inherited_ttys to userdom_use_user_ttys for systemd-tty-ask
- Add sysnet_filetrans_named_content_ifconfig() interface
- Allow ctdbd to connect own ports
- Fix samba_export_all_rw booleanto cover also non security dirs
- Allow swift to exec rpm in swift_t and allow to create tmp files/dirs
- Allow neutron to create /run/netns with correct labeling
- Allow kerberos keytab domains to manage sssd/userdomain keys"
- Allow to run ip cmd in neutron_t domain - Allow block_suspend cap2 for systemd-logind and rw dri device
- Add labeling for /usr/libexec/nm-libreswan-service
- Allow locallogin to rw xdm key to make Virtual Terminal login providing smartcard pin working
- Add xserver_rw_xdm_keys()
- Allow rpm_script_t to dbus chat also with systemd-located
- Fix ipa_stream_connect_otpd()
- update lpd_manage_spool() interface
- Allow krb5kdc to stream connect to ipa-otpd
- Add ipa_stream_connect_otpd() interface
- Allow vpnc to unlink NM pids
- Add networkmanager_delete_pid_files()
- Allow munin plugins to access unconfined plugins
- update abrt_filetrans_named_content to cover /var/spool/debug
- Label /var/spool/debug as abrt_var_cache_t
- Allow rhsmcertd to connect to squid port
- Make docker_transition_unconfined as optional boolean
- Allow certmonger to list home dirs - Make snapperd as unconfined domain and add additional fixes for it
- Remove nsplugin.pp module on upgrade - Add snapperd_home_t for HOME_DIR/.snapshots directory
- Make sosreport as unconfined domain
- Allow sosreport to execute grub2-probe
- Allow NM to manage hostname config file
- Allow systemd_timedated_t to dbus chat with rpm_script_t
- Allow lsmd plugins to connect to http/ssh/http_cache ports by default
- Add lsmd_plugin_connect_any boolean
- Allow mozilla_plugin to attempt to set capabilities
- Allow lsdm_plugins to use tcp_socket
- Dontaudit mozilla plugin from getattr on /proc or /sys
- Dontaudit use of the keyring by the services in a sandbox
- Dontaudit attempts to sys_ptrace caused by running ps for mysqld_safe_t
- Allow rabbitmq_beam to connect to jabber_interserver_port
- Allow logwatch_mail_t to transition to qmail_inject and queueu
- Added new rules to pcp policy
- Allow vmtools_helper_t to change role to system_r
- Allow NM to dbus chat with vmtools
- Fix couchdb_manage_files() to allow manage couchdb conf files
- Add support for /var/run/redis.sock
- dontaudit gpg trying to use audit
- Allow consolekit to create log directories and files
- Fix vmtools policy to allow user roles to access vmtools_helper_t
- Allow block_suspend cap2 for ipa-otpd
- Allow pkcsslotd to read users state
- Add ioctl to init_dontaudit_rw_stream_socket
- Add systemd_hostnamed_manage_config() interface
- Remove transition for temp dirs created by init_t
- gdm-simple-slave uses use setsockopt
- sddm-greater is a xdm type program - Add lvm_read_metadata()
- Allow auditadm to search /var/log/audit dir
- Add lvm_read_metadata() interface
- Allow confined users to run vmtools helpers
- Fix userdom_common_user_template()
- Generic systemd unit scripts do write check on /
- Allow init_t to create init_tmp_t in /tmp.This is for temporary content created by generic unit files
- Add additional fixes needed for init_t and setup script running in generic unit files
- Allow general users to create packet_sockets
- added connlcli port
- Add init_manage_transient_unit() interface
- Allow init_t (generic unit files) to manage rpc state date as we had it for initrc_t
- Fix userdomain.te to require passwd class
- devicekit_power sends out a signal to all processes on the message bus when power is going down
- Dontaudit rendom domains listing /proc and hittping system_map_t
- Dontauit leaks of var_t into ifconfig_t
- Allow domains that transition to ssh_t to manipulate its keyring
- Define oracleasm_t as a device node
- Change to handle /root as a symbolic link for os-tree
- Allow sysadm_t to create packet_socket, also move some rules to attributes
- Add label for openvswitch port
- Remove general transition for files/dirs created in /etc/mail which got etc_aliases_t label.
- Allow postfix_local to read .forward in pcp lib files
- Allow pegasus_openlmi_storage_t to read lvm metadata
- Add additional fixes for pegasus_openlmi_storage_t
- Allow bumblebee to manage debugfs
- Make bumblebee as unconfined domain
- Allow snmp to read etc_aliases_t
- Allow lscpu running in pegasus_openlmi_storage_t to read /dev/mem
- Allow pegasus_openlmi_storage_t to read /proc/1/environ
- Dontaudit read gconf files for cupsd_config_t
- make vmtools as unconfined domain
- Add vmtools_helper_t for helper scripts. Allow vmtools shutdonw a host and run ifconfig.
- Allow collectd_t to use a mysql database
- Allow ipa-otpd to perform DNS name resolution
- Added new policy for keepalived
- Allow openlmi-service provider to manage transitient units and allow stream connect to sssd
- Add additional fixes new pscs-lite+polkit support
- Add labeling for /run/krb5kdc
- Change w3c_validator_tmp_t to httpd_w3c_validator_tmp_t in F20
- Allow pcscd to read users proc info
- Dontaudit smbd_t sending out random signuls
- Add boolean to allow openshift domains to use nfs
- Allow w3c_validator to create content in /tmp
- zabbix_agent uses nsswitch
- Allow procmail and dovecot to work together to deliver mail
- Allow spamd to execute files in homedir if boolean turned on
- Allow openvswitch to listen on port 6634
- Add net_admin capability in collectd policy
- Fixed snapperd policy
- Fixed bugsfor pcp policy
- Allow dbus_system_domains to be started by init
- Fixed some interfaces
- Add kerberos_keytab_domain attribute
- Fix snapperd_conf_t def - Addopt corenet rules for unbound-anchor to rpm_script_t
- Allow runuser to send send audit messages.
- Allow postfix-local to search .forward in munin lib dirs
- Allow udisks to connect to D-Bus
- Allow spamd to connect to spamd port
- Fix syntax error in snapper.te
- Dontaudit osad to search gconf home files
- Allow rhsmcertd to manage /etc/sysconf/rhn director
- Fix pcp labeling to accept /usr/bin for all daemon binaries
- Fix mcelog_read_log() interface
- Allow iscsid to manage iscsi lib files
- Allow snapper domtrans to lvm_t. Add support for /etc/snapper and allow snapperd to manage it.
- Make tuned_t as unconfined domain for RHEL7.0
- Allow ABRT to read puppet certs
- Add sys_time capability for virt-ga
- Allow gemu-ga to domtrans to hwclock_t
- Allow additional access for virt_qemu_ga_t processes to read system clock and send audit messages
- Fix some AVCs in pcp policy
- Add to bacula capability setgid and setuid and allow to bind to bacula ports
- Changed label from rhnsd_rw_conf_t to rhnsd_conf_t
- Add access rhnsd and osad to /etc/sysconfig/rhn
- drbdadm executes drbdmeta
- Fixes needed for docker
- Allow epmd to manage /var/log/rabbitmq/startup_err file
- Allow beam.smp connect to amqp port
- Modify xdm_write_home to allow create also links as xdm_home_t if the boolean is on true
- Allow init_t to manage pluto.ctl because of init_t instead of initrc_t
- Allow systemd_tmpfiles_t to manage all non security files on the system
- Added labels for bacula ports
- Fix label on /dev/vfio/vfio
- Add kernel_mounton_messages() interface
- init wants to manage lock files for iscsi - Added osad policy
- Allow postfix to deliver to procmail
- Allow bumblebee to seng kill signal to xserver
- Allow vmtools to execute /usr/bin/lsb_release
- Allow docker to write system net ctrls
- Add support for rhnsd unit file
- Add dbus_chat_session_bus() interface
- Add dbus_stream_connect_session_bus() interface
- Fix pcp.te
- Fix logrotate_use_nfs boolean
- Add lot of pcp fixes found in RHEL7
- fix labeling for pmie for pcp pkg
- Change thumb_t to be allowed to chat/connect with session bus type
- Allow call renice in mlocate
- Add logrotate_use_nfs boolean
- Allow setroubleshootd to read rpc sysctl - Turn on bacula, rhnsd policy
- Add support for rhnsd unit file
- Add dbus_chat_session_bus() interface
- Add dbus_stream_connect_session_bus() interface
- Fix logrotate_use_nfs boolean
- Add lot of pcp fixes found in RHEL7
- fix labeling for pmie for pcp pkg
- Change thumb_t to be allowed to chat/connect with session bus type
- Allow call renice in mlocate
- Add logrotate_use_nfs boolean
- Allow setroubleshootd to read rpc sysctl
- Fixes for *_admin interfaces
- Add pegasus_openlmi_storage_var_run_t type def
- Add support for /var/run/openlmi-storage
- Allow tuned to create syslog.conf with correct labeling
- Add httpd_dontaudit_search_dirs boolean
- Add support for winbind.service
- ALlow also fail2ban-client to read apache logs
- Allow vmtools to getattr on all fs
- Add support for dey_sapi port
- Add logging_filetrans_named_conf()
- Allow passwd_t to use ipc_lock, so that it can change the password in gnome-keyring - Update snapper policy
- Allow domains to append rkhunter lib files
- Allow snapperd to getattr on all fs
- Allow xdm to create /var/gdm with correct labeling
- Add label for snapper.log
- Allow fail2ban-client to read apache log files
- Allow thumb_t to execute dbus-daemon in thumb_t - Allow gdm to create /var/gdm with correct labeling
- Allow domains to append rkhunterl lib files. #1057982
- Allow systemd_tmpfiles_t net_admin to communicate with journald
- Add interface to getattr on an isid_type for any type of file
- Update libs_filetrans_named_content() to have support for /usr/lib/debug directory
- Allow initrc_t domtrans to authconfig if unconfined is enabled
- Allow docker and mount on devpts chr_file
- Allow docker to transition to unconfined_t if boolean set
- init calling needs to be optional in domain.te
- Allow uncofined domain types to handle transient unit files
- Fix labeling for vfio devices
- Allow net_admin capability and send system log msgs
- Allow lldpad send dgram to NM
- Add networkmanager_dgram_send()
- rkhunter_var_lib_t is correct type
- Back port pcp policy from rawhide
- Allow openlmi-storage to read removable devices
- Allow system cron jobs to manage rkhunter lib files
- Add rkhunter_manage_lib_files()
- Fix ftpd_use_fusefs boolean to allow manage also symlinks
- Allow smbcontrob block_suspend cap2
- Allow slpd to read network and system state info
- Allow NM domtrans to iscsid_t if iscsiadm is executed
- Allow slapd to send a signal itself
- Allow sslget running as pki_ra_t to contact port 8443, the secure port of the CA.
- Fix plymouthd_create_log() interface
- Add rkhunter policy with files type definition for /var/lib/rkhunter until it is fixed in rkhunter package
- Add mozilla_plugin_exec_t for /usr/lib/firefox/plugin-container
- Allow postfix and cyrus-imapd to work out of box
- Allow fcoemon to talk with unpriv user domain using unix_stream_socket
- Dontaudit domains that are calling into journald to net_admin
- Add rules to allow vmtools to do what it does
- snapperd is D-Bus service
- Allow OpenLMI PowerManagement to call 'systemctl --force reboot'
- Add haproxy_connect_any boolean
- Allow haproxy also to use http cache port by default
Resolves:#1058248 - Allow apache to write to the owncloud data directory in /var/www/html...
- Allow consolekit to create log dir
- Add support for icinga CGI scripts
- Add support for icinga
- Allow kdumpctl_t to create kdump lock file
Resolves:#1055634
- Allow kdump to create lnk lock file
- Allow nscd_t block_suspen capability
- Allow unconfined domain types to manage own transient unit file
- Allow systemd domains to handle transient init unit files
- Add interfaces to handle transient - Add cron unconfined role support for uncofined SELinux user
- Call corenet_udp_bind_all_ports() in milter.te
- Allow fence_virtd to connect to zented port
- Fix header for mirrormanager_admin()
- Allow dkim-milter to bind udp ports
- Allow milter domains to send signull itself
- Allow block_suspend for yum running as mock_t
- Allow beam.smp to manage couchdb files
- Add couchdb_manage_files()
- Add labeling for /var/log/php_errors.log
- Allow bumblebee to stream connect to xserver
- Allow bumblebee to send a signal to xserver
- gnome-thumbnail to stream connect to bumblebee
- Allow xkbcomp running as bumblebee_t to execute  bin_t
- Allow logrotate to read squid.conf
- Additional rules to get docker and lxc to play well with SELinux
- Allow bumbleed to connect to xserver port
- Allow pegasus_openlmi_storage_t to read hwdata - Allow init_t to work on transitient and snapshot unit files
- Add logging_manage_syslog_config()
- Update sysnet_dns_name_resolve() to allow connect to dnssec por
- Allow pegasus_openlmi_storage_t to read hwdata
Resolves:#1031721
- Fix rhcs_rw_cluster_tmpfs()
- Allow fenced_t to bind on zented udp port
- Added policy for vmtools
- Fix mirrormanager_read_lib_files()
- Allow mirromanager scripts running as httpd_t to manage mirrormanager pid files
- Allow ctdb to create sock files in /var/run/ctdb
- Add sblim_filetrans_named_content() interface
- Allow rpm scritplets to create /run/gather with correct labeling
- Allow gnome keyring domains to create gnome config dirs
- Dontaudit read/write to init stream socket for lsmd_plugin_t
- Allow automount to read nfs link files
- Allow lsm plugins to read/write lsmd stream socket
- Allow certmonger to connect ldap port to make IPA CA certificate renewal working.
- Add also labeling for /var/run/ctdb
- Add missing labeling for /var/lib/ctdb
- ALlow tuned to manage syslog.conf. Should be fixed in tuned. #1030446
- Dontaudit hypervkvp to search homedirs
- Dontaudit hypervkvp to search admin homedirs
- Allow hypervkvp to execute bin_t and ifconfig in the caller domain
- Dontaudit xguest_t to read ABRT conf files
- Add abrt_dontaudit_read_config()
- Allow namespace-init to getattr on fs
- Add thumb_role() also for xguest
- Add filename transitions to create .spamassassin with correct labeling
- Allow apache domain to read mirrormanager pid files
- Allow domains to read/write shm and sem owned by mozilla_plugin_t
- Allow alsactl to send a generic signal to kernel_t - Add back rpm_run() for unconfined user - Add missing files_create_var_lib_dirs()
- Fix typo in ipsec.te
- Allow passwd to create directory in /var/lib
- Add filename trans also for event21
- Allow iptables command to read /dev/rand
- Add sigkill capabilityfor ipsec_t
- Add filename transitions for bcache devices
- Add additional rules to create /var/log/cron by syslogd_t with correct labeling
- Add give everyone full access to all key rings
- Add default lvm_var_run_t label for /var/run/multipathd
- Fix log labeling to have correct default label for them after logrotate
- Labeled ~/.nv/GLCache as being gstreamer output
- Allow nagios_system_plugin to read mrtg lib files
- Add mrtg_read_lib_files()
- Call rhcs_rw_cluster_tmpfs for dlm_controld
- Make authconfing as named_filetrans domain
- Allow virsh to connect to user process using stream socket
- Allow rtas_errd to read rand/urand devices and add chown capability
- Fix labeling from /var/run/net-snmpd to correct /var/run/net-snmp
Resolves:#1051497
- Add also chown cap for abrt_upload_watch_t. It already has dac_override
- Allow sosreport to manage rhsmcertd pid files
- Add rhsmcertd_manage_pid_files()
- Allow also setgid cap for rpc.gssd
- Dontaudit access check for abrt on cert_t
- Allow pegasus_openlmi_system providers to dbus chat with systemd-logind - Fix semanage import handling in spec file - Add default lvm_var_run_t label for /var/run/multipathd
Resolves:#1051430
- Fix log labeling to have correct default label for them after logrotate
- Add files_write_root_dirs
- Add new openflow port label for 6653/tcp and 6633/tcp
- Add xserver_manage_xkb_libs()
- Label tcp/8891 as milter por
- Allow gnome_manage_generic_cache_files also create cache_home_t files
- Fix aide.log labeling
- Fix log labeling to have correct default label for them after logrotate
- Allow mysqld-safe write access on /root to make mysqld working
- Allow sosreport domtrans to prelikn
- Allow OpenvSwitch to connec to openflow ports
- Allow NM send dgram to lldpad
- Allow hyperv domains to execute shell
- Allow lsmd plugins stream connect to lsmd/init
- Allow sblim domains to create /run/gather with correct labeling
- Allow httpd to read ldap certs
- Allow cupsd to send dbus msgs to process with different MLS level
- Allow bumblebee to stream connect to apmd
- Allow bumblebee to run xkbcomp
- Additional allow rules to get libvirt-lxc containers working with docker
- Additional allow rules to get libvirt-lxc containers working with docker
- Allow docker to getattr on itself
- Additional rules needed for sandbox apps
- Allow mozilla_plugin to set attributes on usb device if use_spice boolean enabled
- httpd should be able to send signal/signull to httpd_suexec_t
- Add more fixes for neturon. Domtrans to dnsmasq, iptables. Make neutron as filenamtrans domain. - Add neutron fixes - Allow sshd to write to all process levels in order to change passwd when running at a level
- Allow updpwd_t to downgrade /etc/passwd file to s0, if it is not running with this range
- Allow apcuspd_t to status and start the power unit file
- Allow udev to manage kdump unit file
- Added new interface modutils_dontaudit_exec_insmod
- Allow cobbler to search dhcp_etc_t directory
- systemd_systemctl needs sys_admin capability
- Allow sytemd_tmpfiles_t to delete all directories
- passwd to create gnome-keyring passwd socket
- Add missing zabbix_var_lib_t type
- Fix filename trans for zabbixsrv in zabbix.te
- Allow fprintd_t to send syslog messages
- Add  zabbix_var_lib_t for /var/lib/zabbixsrv, also allow zabix to connect to smtp port
- Allow mozilla plugin to chat with policykit, needed for spice
- Allow gssprozy to change user and gid, as well as read user keyrings
- Label upgrades directory under /var/www as httpd_sys_rw_content_t, add other filetrans rules to label content correctly
- Allow polipo to connect to http_cache_ports
- Allow cron jobs to manage apache var lib content
- Allow yppassword to manage the passwd_file_t
- Allow showall_t to send itself signals
- Allow cobbler to restart dhcpc, dnsmasq and bind services
- Allow certmonger to manage home cert files
- Add userdom filename trans for user mail domains
- Allow apcuspd_t to status and start the power unit file
- Allow cgroupdrulesengd to create content in cgoups directories
- Allow smbd_t to signull cluster
- Allow gluster daemon to create fifo files in glusterd_brick_t and sock_file in glusterd_var_lib_t
- Add label for /var/spool/cron.aquota.user
- Allow sandbox_x domains to use work with the mozilla plugin semaphore
- Added new policy for speech-dispatcher
- Added dontaudit rule for insmod_exec_t  in rasdaemon policy
- Updated rasdaemon policy
- Allow system_mail_t to transition to postfix_postdrop_t
- Clean up mirrormanager policy
- Allow virt_domains to read cert files, needs backport to RHEL7
- Allow sssd to read systemd_login_var_run_t
- Allow irc_t to execute shell and bin-t files:
- Add new access for mythtv
- Allow rsync_t to manage all non auth files
- allow modemmanger to read /dev/urand
- Allow sandbox apps to attempt to set and get capabilties - Add labeling for /var/lib/servicelog/servicelog.db-journal
- Add support for freeipmi port
- Add sysadm_u_default_contexts
- Make new type to texlive files in homedir
- Allow subscription-manager running as sosreport_t to manage rhsmcertd
- Additional fixes for docker.te
- Remove ability to do mount/sys_admin by default in virt_sandbox domains
- New rules required to run docker images within libivrt
- Add label for ~/.cvsignore
- Change mirrormanager to be run by cron
- Add mirrormanager policy
- Fixed bumblebee_admin() and mip6d_admin()
- Add log support for sensord
- Fix typo in docker.te
- Allow amanda to do backups over UDP
- Allow bumblebee to read /etc/group and clean up bumblebee.te
- type transitions with a filename not allowed inside conditionals
- Don't allow virt-sandbox tools to use netlink out of the box, needs back port to RHEL7
- Make new type to texlive files in homedir - Allow freeipmi_ipmidetectd_t to use freeipmi port
- Update freeipmi_domain_template()
- Allow journalctl running as ABRT to read /run/log/journal
- Allow NM to read dispatcher.d directory
- Update freeipmi policy
- Type transitions with a filename not allowed inside conditionals
- Allow tor to bind to hplip port
- Make new type to texlive files in homedir
- Allow zabbix_agent to transition to dmidecode
- Add rules for docker
- Allow sosreport to send signull to unconfined_t
- Add virt_noatsecure and virt_rlimitinh interfaces
- Fix labeling in thumb.fc to add support for /usr/lib64/tumbler-1/tumblerddd support for freeipmi port
- Add sysadm_u_default_contexts
- Add logging_read_syslog_pid()
- Fix userdom_manage_home_texlive() interface
- Make new type to texlive files in homedir
- Add filename transitions for /run and /lock links
- Allow virtd to inherit rlimit information
Resolves:#975358 - Change labeling for /usr/libexec/nm-dispatcher.action to NetworkManager_exec_t
Resolves:#1039879
- Add labeling for /usr/lib/systemd/system/mariadb.service
- Allow hyperv_domain to read sysfs
- Fix ldap_read_certs() interface to allow acess also link files
- Add support for /usr/libexec/pegasus/cmpiLMI_Journald-cimprovagt
- Allow tuned to run modprobe
- Allow portreserve to search /var/lib/sss dir
- Add SELinux support for the teamd package contains team network device control daemon.
- Dontaudit access check on /proc for bumblebee
- Bumblebee wants to load nvidia modules
- Fix rpm_named_filetrans_log_files and wine.te
- Add conman policy for rawhide
- DRM master and input event devices are used by  the TakeDevice API
- Clean up bumblebee policy
- Update pegasus_openlmi_storage_t policy
- Add freeipmi_stream_connect() interface
- Allow logwatch read madm.conf to support RAID setup
- Add raid_read_conf_files() interface
- Allow up2date running as rpm_t create up2date log file with rpm_log_t labeling
- add rpm_named_filetrans_log_files() interface
- Allow dkim-milter to create files/dirs in /tmp
- update freeipmi policy
- Add policy for freeipmi services
- Added rdisc_admin and rdisc_systemctl interfaces
- opensm policy clean up
- openwsman policy clean up
- ninfod policy clean up
- Added new policy for ninfod
- Added new policy for openwsman
- Added rdisc_admin and rdisc_systemctl interfaces
- Fix kernel_dontaudit_access_check_proc()
- Add support for /dev/uhid
- Allow sulogin to get the attributes of initctl and sys_admin cap
- Add kernel_dontaudit_access_check_proc()
- Fix dev_rw_ipmi_dev()
- Fix new interface in devices.if
- DRM master and input event devices are used by  the TakeDevice API
- add dev_rw_inherited_dri() and dev_rw_inherited_input_dev()
- Added support for default conman port
- Add interfaces for ipmi devices - Allow sosreport to send a signal to ABRT
- Add proper aliases for pegasus_openlmi_service_exec_t and pegasus_openlmi_service_t
- Label /usr/sbin/htcacheclean as httpd_exec_t
Resolves:#1037529
- Added support for rdisc unit file
- Add antivirus_db_t labeling for /var/lib/clamav-unofficial-sigs
- Allow runuser running as logrotate connections to system DBUS
- Label bcache devices as fixed_disk_device_t
- Allow systemctl running in ipsec_mgmt_t to access /usr/lib/systemd/system/ipsec.service
- Label /usr/lib/systemd/system/ipsec.service as ipsec_mgmt_unit_file_t - Add back setpgid/setsched for sosreport_t - Added fix for clout_init to transition to rpm_script_t (dwalsh@redhat.com) - Dontaudit openshift domains trying to use rawip_sockets, this is caused by a bad check in the kernel.
- Allow git_system_t to read git_user_content if the git_system_enable_homedirs boolean is turned on
- Add lsmd_plugin_t for lsm plugins
- Allow dovecot-deliver to search mountpoints
- Add labeling for /etc/mdadm.conf
- Allow opelmi admin providers to dbus chat with init_t
- Allow sblim domain to read /dev/urandom and /dev/random
- Allow apmd to request the kernel load modules
- Add glusterd_brick_t type
- label mate-keyring-daemon with gkeyringd_exec_t
- Add plymouthd_create_log()
- Dontaudit leaks from openshift domains into mail domains, needs back port to RHEL6
- Allow sssd to request the kernel loads modules
- Allow gpg_agent to use ssh-add
- Allow gpg_agent to use ssh-add
- Dontaudit access check on /root for myslqd_safe_t
- Allow ctdb to getattr on al filesystems
- Allow abrt to stream connect to syslog
- Allow dnsmasq to list dnsmasq.d directory
- Watchdog opens the raw socket
- Allow watchdog to read network state info
- Dontaudit access check on lvm lock dir
- Allow sosreport to send signull to setroubleshootd
- Add setroubleshoot_signull() interface
- Fix ldap_read_certs() interface
- Allow sosreport all signal perms
- Allow sosreport to run systemctl
- Allow sosreport to dbus chat with rpm
- Add glusterd_brick_t files type
- Allow zabbix_agentd to read all domain state
- Clean up rtas.if
- Allow smoltclient to execute ldconfig
- Allow sosreport to request the kernel to load a module
- Fix userdom_confined_admin_template()
- Add back exec_content boolean for secadm, logadm, auditadm
- Fix files_filetrans_system_db_named_files() interface
- Allow sulogin to getattr on /proc/kcore
- Add filename transition also for servicelog.db-journal
- Add files_dontaudit_access_check_root()
- Add lvm_dontaudit_access_check_lock() interface - Allow watchdog to read /etc/passwd
- Allow browser plugins to connect to bumblebee
- New policy for bumblebee and freqset
- Add new policy for mip6d daemon
- Add new policy for opensm daemon
- Allow condor domains to read/write condor_master udp_socket
- Allow openshift_cron_t to append to openshift log files, label /var/log/openshift
- Add back file_pid_filetrans for /var/run/dlm_controld
- Allow smbd_t to use inherited tmpfs content
- Allow mcelog to use the /dev/cpu device
- sosreport runs rpcinfo
- sosreport runs subscription-manager
- Allow staff_t to run frequency command
- Allow systemd_tmpfiles to relabel log directories
- Allow staff_t to read xserver_log file
- Label hsperfdata_root as tmp_t - More sosreport fixes to make ABRT working - Fix files_dontaudit_unmount_all_mountpoints()
- Add support for 2608-2609 tcp/udp ports
- Should allow domains to lock the terminal device
- More fixes for user config files to make crond_t running in userdomain
- Add back disable/reload/enable permissions for system class
- Fix manage_service_perms macro
- We need to require passwd rootok
- Fix zebra.fc
- Fix dnsmasq_filetrans_named_content() interface
- Allow all sandbox domains create content in svirt_home_t
- Allow zebra domains also create zebra_tmp_t files in /tmp
- Add support for new zebra services:isisd,babeld. Add systemd support for zebra services.
- Fix labeling on neutron and remove transition to iconfig_t
- abrt needs to read mcelog log file
- Fix labeling on dnsmasq content
- Fix labeling on /etc/dnsmasq.d
- Allow glusterd to relabel own lib files
- Allow sandbox domains to use pam_rootok, and dontaudit attempts to unmount file systems, this is caused by a bug in systemd
- Allow ipc_lock for abrt to run journalctl - Fix config.tgz - Fix passenger_stream_connect interface
- setroubleshoot_fixit wants to read network state
- Allow procmail_t to connect to dovecot stream sockets
- Allow cimprovagt service providers to read network states
- Add labeling for /var/run/mariadb
- pwauth uses lastlog() to update system's lastlog
- Allow account provider to read login records
- Add support for texlive2013
- More fixes for user config files to make crond_t running in userdomain
- Add back disable/reload/enable permissions for system class
- Fix manage_service_perms macro
- Allow passwd_t to connect to gnome keyring to change password
- Update mls config files to have cronjobs in the user domains
- Remove access checks that systemd does not actually do - Add support for yubikey in homedir
- Add support for upd/3052 port
- Allow apcupsd to use PowerChute Network Shutdown
- Allow lsmd to execute various lsmplugins
- Add labeling also for /etc/watchdog\.d where are watchdog scripts located too
- Update gluster_export_all_rw boolean to allow relabel all base file types
- Allow x86_energy_perf  tool to modify the MSR
- Fix /var/lib/dspam/data labeling - Add files_relabel_base_file_types() interface
- Allow netlabel-config to read passwd
- update gluster_export_all_rw boolean to allow relabel all base file types caused by lsetxattr()
- Allow x86_energy_perf  tool to modify the MSR
- Fix /var/lib/dspam/data labeling
- Allow pegasus to domtrans to mount_t
- Add labeling for unconfined scripts in /usr/libexec/watchdog/scripts
- Add support for unconfined watchdog scripts
- Allow watchdog to manage own log files - Add label only for redhat.repo instead of /etc/yum.repos.d. But probably we will need to switch for the directory.
- Label /etc/yum.repos.d as system_conf_t
- Use sysnet_filetrans_named_content in udev.te instead of generic transition for net_conf_t
- Allow dac_override for sysadm_screen_t
- Allow init_t to read ipsec_conf_t as we had it for initrc_t. Needed by ipsec unit file.
- Allow netlabel-config to read meminfo
- Add interface to allow docker to mounton file_t
- Add new interface to exec unlabeled files
- Allow lvm to use docker semaphores
- Setup transitons for .xsessions-errors.old
- Change labels of files in /var/lib/*/.ssh to transition properly
- Allow staff_t and user_t to look at logs using journalctl
- pluto wants to manage own log file
- Allow pluto running as ipsec_t to create pluto.log
- Fix alias decl in corenetwork.te.in
- Add support for fuse.glusterfs
- Allow dmidecode to read/write /run/lock/subsys/rhsmcertd
- Allow rhsmcertd to manage redhat.repo which is now labeled as system.conf. Allow rhsmcertd to manage all log files.
- Additional access for docker
- Added more rules to sblim policy
- Fix kdumpgui_run_bootloader boolean
- Allow dspam to connect to lmtp port
- Included sfcbd service into sblim policy
- rhsmcertd wants to manaage /etc/pki/consumer dir
- Add kdumpgui_run_bootloader boolean
- Add support for /var/cache/watchdog
- Remove virt_domain attribute for virt_qemu_ga_unconfined_t
- Fixes for handling libvirt containes
- Dontaudit attempts by mysql_safe to write content into /
- Dontaudit attempts by system_mail to modify network config
- Allow dspam to bind to lmtp ports
- Add new policy to allow staff_t and user_t to look at logs using journalctl
- Allow apache cgi scripts to list sysfs
- Dontaudit attempts to write/delete user_tmp_t files
- Allow all antivirus domains to manage also own log dirs
- Allow pegasus_openlmi_services_t to stream connect to sssd_t - Add missing permission checks for nscd - Fix alias decl in corenetwork.te.in
- Add support for fuse.glusterfs
- Add file transition rules for content created by f5link
- Rename quantum_port information to neutron
- Allow all antivirus domains to manage also own log dirs
- Rename quantum_port information to neutron
- Allow pegasus_openlmi_services_t to stream connect to sssd_t - Allow sysadm_t to read login information
- Allow systemd_tmpfiles to setattr on var_log_t directories
- Udpdate Makefile to include systemd_contexts
- Add systemd_contexts
- Add fs_exec_hugetlbfs_files() interface
- Add daemons_enable_cluster_mode boolean
- Fix rsync_filetrans_named_content()
- Add rhcs_read_cluster_pid_files() interface
- Update rhcs.if with additional interfaces from RHEL6
- Fix rhcs_domain_template() to not create run dirs with cluster_var_run_t
- Allow glusterd_t to mounton glusterd_tmp_t
- Allow glusterd to unmout al filesystems
- Allow xenstored to read virt config
- Add label for swift_server.lock and make add filetrans_named_content to make sure content gets created with the correct label
- Allow mozilla_plugin_t to mmap hugepages as an executable - Add back userdom_security_admin_template() interface and use it for sysadm_t if sysadm_secadm.pp - Allow sshd_t to read openshift content, needs backport to RHEL6.5
- Label /usr/lib64/sasl2/libsasldb.so.3.0.0 as textrel_shlib_t
- Make sur kdump lock is created with correct label if kdumpctl is executed
- gnome interface calls should always be made within an optional_block
- Allow syslogd_t to connect to the syslog_tls port
- Add labeling for /var/run/charon.ctl socket
- Add kdump_filetrans_named_content()
- Allo setpgid for fenced_t
- Allow setpgid and r/w cluster tmpfs for fenced_t
- gnome calls should always be within optional blocks
- wicd.pid should be labeled as networkmanager_var_run_t
- Allow sys_resource for lldpad - Add rtas policy - Allow mailserver_domains to manage and transition to mailman data
- Dontaudit attempts by mozilla plugin to relabel content, caused by using mv and cp commands
- Allow mailserver_domains to manage and transition to mailman data
- Allow svirt_domains to read sysctl_net_t
- Allow thumb_t to use tmpfs inherited from the user
- Allow mozilla_plugin to bind to the vnc port if running with spice
- Add new attribute to discover confined_admins and assign confined admin to it
- Fix zabbix to handle attributes in interfaces
- Fix zabbix to read system states for all zabbix domains
- Fix piranha_domain_template()
- Allow ctdbd to create udp_socket. Allow ndmbd to access ctdbd var files.
- Allow lldpad sys_rouserce cap due to #986870
- Allow dovecot-auth to read nologin
- Allow openlmi-networking to read /proc/net/dev
- Allow smsd_t to execute scripts created on the fly labeled as smsd_spool_t
- Add zabbix_domain attribute for zabbix domains to treat them together
- Add labels for zabbix-poxy-* (#1018221)
- Update openlmi-storage policy to reflect #1015067
- Back port piranha tmpfs fixes from RHEL6
- Update httpd_can_sendmail boolean to allow read/write postfix spool maildrop
- Add postfix_rw_spool_maildrop_files interface
- Call new userdom_admin_user_templat() also for sysadm_secadm.pp
- Fix typo in userdom_admin_user_template()
- Allow SELinux users to create coolkeypk11sE-Gate in /var/cache/coolkey
- Add new attribute to discover confined_admins
- Fix labeling for /etc/strongswan/ipsec.d
- systemd_logind seems to pass fd to anyone who dbus communicates with it
- Dontaudit leaked write descriptor to dmesg - Activate motion policy - Fix gnome_read_generic_data_home_files()
- allow openshift_cgroup_t to read/write inherited openshift file types
- Remove httpd_cobbler_content * from cobbler_admin interface
- Allow svirt sandbox domains to setattr on chr_file and blk_file svirt_sandbox_file_t, so sshd will work within a container
- Allow httpd_t to read also git sys content symlinks
- Allow init_t to read gnome home data
- Dontaudit setroubleshoot_fixit_t execmem, since it does not seem to really need it.
- Allow virsh to execute systemctl
- Fix for nagios_services plugins
- add type defintion for ctdbd_var_t
- Add support for /var/ctdb. Allow ctdb block_suspend and read /etc/passwd file
- Allow net_admin/netlink_socket all hyperv_domain domains
- Add labeling for zarafa-search.log and zarafa-search.pid
- Fix hypervkvp.te
- Fix nscd_shm_use()
- Add initial policy for /usr/sbin/hypervvssd in hypervkvp policy which should be renamed to hyperv. Also add hyperv_domain attribute to treat these HyperV services.
- Add hypervkvp_unit_file_t type
- Fix logging policy
- Allow syslog to bind to tls ports
- Update labeling for /dev/cdc-wdm
- Allow to su_domain to read init states
- Allow init_t to read gnome home data
- Make sure if systemd_logind creates nologin file with the correct label
- Clean up ipsec.te - Add auth_exec_chkpwd interface
- Fix port definition for ctdb ports
- Allow systemd domains to read /dev/urand
- Dontaudit attempts for mozilla_plugin to append to /dev/random
- Add label for /var/run/charon.*
- Add labeling for /usr/lib/systemd/system/lvm2.*dd policy for motion service
- Fix for nagios_services plugins
- Fix some bugs in zoneminder policy
- add type defintion for ctdbd_var_t
- Add support for /var/ctdb. Allow ctdb block_suspend and read /etc/passwd file
- Allow net_admin/netlink_socket all hyperv_domain domains
- Add labeling for zarafa-search.log and zarafa-search.pid
- glusterd binds to random unreserved ports
- Additional allow rules found by testing glusterfs
- apcupsd needs to send a message to all users on the system so needs to look them up
- Fix the label on ~/.juniper_networks
- Dontaudit attempts for mozilla_plugin to append to /dev/random
- Allow polipo_daemon to connect to flash ports
- Allow gssproxy_t to create replay caches
- Fix nscd_shm_use()
- Add initial policy for /usr/sbin/hypervvssd in hypervkvp policy which should be renamed to hyperv. Also add hyperv_domain attribute to treat these HyperV services.
- Add hypervkvp_unit_file_t type - init reload  from systemd_localed_t
- Allow domains that communicate with systemd_logind_sessions to use systemd_logind_t fd
- Allow systemd_localed_t to ask systemd to reload the locale.
- Add systemd_runtime_unit_file_t type for unit files that systemd creates in memory
- Allow readahead to read /dev/urand
- Fix lots of avcs about tuned
- Any file names xenstored in /var/log should be treated as xenstored_var_log_t
- Allow tuned to inderact with hugepages
- Allow condor domains to list etc rw dirs - Fix nscd_shm_use()
- Add initial policy for /usr/sbin/hypervvssd in hypervkvp policy which should be renamed to hyperv. Also add hyperv_domain attribute to treat these HyperV services.
- Add hypervkvp_unit_file_t type
- Add additional fixes forpegasus_openlmi_account_t
- Allow mdadm to read /dev/urand
- Allow pegasus_openlmi_storage_t to create mdadm.conf and write it
- Add label/rules for /etc/mdadm.conf
- Allow pegasus_openlmi_storage_t to transition to fsadm_t
- Fixes for interface definition problems
- Dontaudit dovecot-deliver to gettatr on all fs dirs
- Allow domains to search data_home_t directories
- Allow cobblerd to connect to mysql
- Allow mdadm to r/w kdump lock files
- Add support for kdump lock files
- Label zarafa-search as zarafa-indexer
- Openshift cgroup wants to read /etc/passwd
- Add new sandbox domains for kvm
- Allow mpd to interact with pulseaudio if mpd_enable_homedirs is turned on
- Fix labeling for /usr/lib/systemd/system/lvm2.*
- Add labeling for /usr/lib/systemd/system/lvm2.*
- Fix typos to get a new build. We should not cover filename trans rules to prevent duplicate rules
- Add sshd_keygen_t policy for sshd-keygen
- Fix alsa_home_filetrans interface name and definition
- Allow chown for ssh_keygen_t
- Add fs_dontaudit_getattr_all_dirs()
- Allow init_t to manage etc_aliases_t and read xserver_var_lib_t and chrony keys
- Fix up patch to allow systemd to manage home content
- Allow domains to send/recv unlabeled traffic if unlabelednet.pp is enabled
- Allow getty to exec hostname to get info
- Add systemd_home_t for ~/.local/share/systemd directory - Fix lxc labels in config.tgz - Fix labeling for /usr/libexec/kde4/kcmdatetimehelper
- Allow tuned to search all file system directories
- Allow alsa_t to sys_nice, to get top performance for sound management
- Add support for MySQL/PostgreSQL for amavis
- Allow openvpn_t to manage openvpn_var_log_t files.
- Allow dirsrv_t to create tmpfs_t directories
- Allow dirsrv to create dirs in /dev/shm with dirsrv_tmpfs label
- Dontaudit leaked unix_stream_sockets into gnome keyring
- Allow telepathy domains to inhibit pipes on telepathy domains
- Allow cloud-init to domtrans to rpm
- Allow abrt daemon to manage abrt-watch tmp files
- Allow abrt-upload-watcher to search /var/spool directory
- Allow nsswitch domains to manage own process key
- Fix labeling for mgetty.* logs
- Allow systemd to dbus chat with upower
- Allow ipsec to send signull to itself
- Allow setgid cap for ipsec_t
- Match upstream labeling - Do not build sanbox pkg on MLS - wine_tmp is no longer needed
- Allow setroubleshoot to look at /proc
- Allow telepathy domains to dbus with systemd logind
- Fix handling of fifo files of rpm
- Allow mozilla_plugin to transition to itself
- Allow certwatch to write to cert_t directories
- New abrt application
- Allow NetworkManager to set the kernel scheduler
- Make wine_domain shared by all wine domains
- Allow mdadm_t to read images labeled svirt_image_t
- Allow amanda to read /dev/urand
- ALlow my_print_default to read /dev/urand
- Allow mdadm to write to kdumpctl fifo files
- Allow nslcd to send signull to itself
- Allow yppasswd to read /dev/urandom
- Fix zarafa_setrlimit
- Add support for /var/lib/php/wsdlcache
- Add zarafa_setrlimit boolean
- Allow fetchmail to send mails
- Add additional alias for user_tmp_t because wine_tmp_t is no longer used
- More handling of ther kernel keyring required by kerberos
- New privs needed for init_t when running without transition to initrc_t over bin_t, and without unconfined domain installed - Dontaudit attempts by sosreport to read shadow_t
- Allow browser sandbox plugins to connect to cups to print
- Add new label mpd_home_t
- Label /srv/www/logs as httpd_log_t
- Add support for /var/lib/php/wsdlcache
- Add zarafa_setrlimit boolean
- Allow fetchmail to send mails
- Add labels for apache logs under miq package
- Allow irc_t to use tcp sockets
- fix labels in puppet.if
- Allow tcsd to read utmp file
- Allow openshift_cron_t to run ssh-keygen in ssh_keygen_t to access host keys
- Define svirt_socket_t as a domain_type
- Take away transition from init_t to initrc_t when executing bin_t, allow init_t to run chk_passwd_t
- Fix label on pam_krb5 helper apps - Allow ldconfig to write to kdumpctl fifo files
- allow neutron to connect to amqp ports
- Allow kdump_manage_crash to list the kdump_crash_t directory
- Allow glance-api to connect to amqp port
- Allow virt_qemu_ga_t to read meminfo
- Add antivirus_home_t type for antivirus date in HOMEDIRS
- Allow mpd setcap which is needed by pulseaudio
- Allow smbcontrol to create content in /var/lib/samba
- Allow mozilla_exec_t to be used as a entrypoint to mozilla_domtrans_spec
- Add additional labeling for qemu-ga/fsfreeze-hook.d scripts
- amanda_exec_t needs to be executable file
- Allow block_suspend cap for samba-net
- Allow apps that read ipsec_mgmt_var_run_t to search ipsec_var_run_t
- Allow init_t to run crash utility
- Treat usr_t just like bin_t for transitions and executions
- Add port definition of pka_ca to port 829 for openshift
- Allow selinux_store to use symlinks - Allow block_suspend cap for samba-net
- Allow t-mission-control to manage gabble cache files
- Allow nslcd to read /sys/devices/system/cpu
- Allow selinux_store to use symlinks - Allow xdm_t to transition to itself
- Call neutron interfaces instead of quantum
- Allow init to change targed role to make uncofined services (xrdp which now has own systemd unit file) working. We want them to have in unconfined_t
- Make sure directories in /run get created with the correct label
- Make sure /root/.pki gets created with the right label
- try to remove labeling for motion from zoneminder_exec_t to bin_t
- Allow inetd_t to execute shell scripts
- Allow cloud-init to read all domainstate
- Fix to use quantum port
- Add interface netowrkmanager_initrc_domtrans
- Fix boinc_execmem
- Allow t-mission-control to read gabble cache home
- Add labeling for ~/.cache/telepathy/avatars/gabble
- Allow memcache to read sysfs data
- Cleanup antivirus policy and add additional fixes
- Add boolean boinc_enable_execstack
- Add support for couchdb in rabbitmq policy
- Add interface couchdb_search_pid_dirs
- Allow firewalld to read NM state
- Allow systemd running as git_systemd to bind git port
- Fix mozilla_plugin_rw_tmpfs_files() - Split out rlogin ports from inetd
- Treat files labeld as usr_t like bin_t when it comes to transitions
- Allow staff_t to read login config
- Allow ipsec_t to read .google authenticator data
- Allow systemd running as git_systemd to bind git port
- Fix mozilla_plugin_rw_tmpfs_files()
- Call the correct interface - corenet_udp_bind_ktalkd_port()
- Allow all domains that can read gnome_config to read kde config
- Allow sandbox domain to read/write mozilla_plugin_tmpfs_t so pulseaudio will work
- Allow mdadm to getattr any file system
- Allow a confined domain to executes mozilla_exec_t via dbus
- Allow cupsd_lpd_t to bind to the printer port
- Dontaudit attempts to bind to ports < 1024 when nis is turned on
- Allow apache domain to connect to gssproxy socket
- Allow rlogind to bind to the rlogin_port
- Allow telnetd to bind to the telnetd_port
- Allow ktalkd to bind to the ktalkd_port
- Allow cvs to bind to the cvs_port - Cleanup related to init_domain()+inetd_domain fixes
- Use just init_domain instead of init_daemon_domain in inetd_core_service_domain
- svirt domains neeed to create kobject_uevint_sockets
- Lots of new access required for sosreport
- Allow tgtd_t to connect to isns ports
- Allow init_t to transition to all inetd domains:
- openct needs to be able to create netlink_object_uevent_sockets
- Dontaudit leaks into ldconfig_t
- Dontaudit su domains getattr on /dev devices, move su domains to attribute based calls
- Move kernel_stream_connect into all Xwindow using users
- Dontaudit inherited lock files in ifconfig o dhcpc_t - Also sock_file trans rule is needed in lsm
- Fix labeling for fetchmail pid files/dirs
- Add additional fixes for abrt-upload-watch
- Fix polipo.te
- Fix transition rules in asterisk policy
- Add fowner capability to networkmanager policy
- Allow polipo to connect to tor ports
- Cleanup lsmd.if
- Cleanup openhpid policy
- Fix kdump_read_crash() interface
- Make more domains as init domain
- Fix cupsd.te
- Fix requires in rpm_rw_script_inherited_pipes
- Fix interfaces in lsm.if
- Allow munin service plugins to manage own tmpfs files/dirs
- Allow virtd_t also relabel unix stream sockets for virt_image_type
- Make ktalk as init domain
- Fix to define ktalkd_unit_file_t correctly
- Fix ktalk.fc
- Add systemd support for talk-server
- Allow glusterd to create sock_file in /run
- Allow xdm_t to delete gkeyringd_tmp_t files on logout
- Add fixes for hypervkvp policy
- Add logwatch_can_sendmail boolean
- Allow mysqld_safe_t to handle also symlinks in /var/log/mariadb
- Allow xdm_t to delete gkeyringd_tmp_t files on logout - Add selinux-policy-sandbox pkg 0 
- Allow rhsmcertd to read init state
- Allow fsetid for pkcsslotd
- Fix labeling for /usr/lib/systemd/system/pkcsslotd.service
- Allow fetchmail to create own pid with correct labeling
- Fix rhcs_domain_template()
- Allow roles which can run mock to read mock lib files to view results
- Allow rpcbind to use nsswitch
- Fix lsm.if summary
- Fix collectd_t can read /etc/passwd file
- Label systemd unit files under dracut correctly
- Add support for pam_mount to mount user's encrypted home When a user logs in and logs out using ssh
- Add support for .Xauthority-n
- Label umount.crypt as lvm_exec_t
- Allow syslogd to search psad lib files
- Allow ssh_t to use /dev/ptmx
- Make sure /run/pluto dir is created with correct labeling
- Allow syslog to run shell and bin_t commands
- Allow ip to relabel tun_sockets
- Allow mount to create directories in files under /run
- Allow processes to use inherited fifo files - Add policy for lsmd
- Add support for /var/log/mariadb dir and allow mysqld_safe to list this directory
- Update condor_master rules to allow read system state info and allow logging
- Add labeling for /etc/condor and allow condor domain to write it (bug)
- Allow condor domains to manage own logs
- Allow glusterd to read domains state
- Fix initial hypervkvp policy
- Add policy for hypervkvpd
- Fix redis.if summary - Allow boinc to connect to  @/tmp/.X11-unix/X0
- Allow beam.smp to connect to tcp/5984
- Allow named to manage own log files
- Add label for /usr/libexec/dcc/start-dccifd  and domtrans to dccifd_t
- Add virt_transition_userdomain boolean decl
- Allow httpd_t to sendto unix_dgram sockets on its children
- Allow nova domains to execute ifconfig
- bluetooth wants to create fifo_files in /tmp
- exim needs to be able to manage mailman data
- Allow sysstat to getattr on all file systems
- Looks like bluetoothd has moved
- Allow collectd to send ping packets
- Allow svirt_lxc domains to getpgid
- Remove virt-sandbox-service labeling as virsh_exec_t, since it no longer does virsh_t stuff
- Allow frpintd_t to read /dev/urandom
- Allow asterisk_t to create sock_file in /var/run
- Allow usbmuxd to use netlink_kobject
- sosreport needs to getattr on lots of devices, and needs access to netlink_kobject_uevent_socket
- More cleanup of svirt_lxc policy
- virtd_lxc_t now talks to dbus
- Dontaudit leaked ptmx_t
- Allow processes to use inherited fifo files
- Allow openvpn_t to connect to squid ports
- Allow prelink_cron_system_t to ask systemd to reloaddd miscfiles_dontaudit_access_check_cert()
- Allow ssh_t to use /dev/ptmx
- Make sure /run/pluto dir is created with correct labeling
- Allow syslog to run shell and bin_t commands
- Allow ip to relabel tun_sockets
- Allow mount to create directories in files under /run
- Allow processes to use inherited fifo files
- Allow user roles to connect to the journal socket - selinux_set_enforce_mode needs to be used with type
- Add append to the dontaudit for unix_stream_socket of xdm_t leak
- Allow xdm_t to create symlinks in log direcotries
- Allow login programs to read afs config
- Label 10933 as a pop port, for dovecot
- New policy to allow selinux_server.py to run as semanage_t as a dbus service
- Add fixes to make netlabelctl working on MLS
- AVCs required for running sepolicy gui as staff_t
- Dontaudit attempts to read symlinks, sepolicy gui is likely to cause this type of AVC
- New dbus server to be used with new gui
- After modifying some files in /etc/mail, I saw this needed on the next boot
- Loading a vm from /usr/tmp with virt-manager
- Clean up oracleasm policy for Fedora
- Add oracleasm policy written by rlopez@redhat.com
- Make postfix_postdrop_t as mta_agent to allow domtrans to system mail if it is executed by apache
- Add label for /var/crash
- Allow fenced to domtrans to sanclok_t
- Allow nagios to manage nagios spool files
- Make tfptd as home_manager
- Allow kdump to read kcore on MLS system
- Allow mysqld-safe sys_nice/sys_resource caps
- Allow apache to search automount tmp dirs if http_use_nfs is enabled
- Allow crond to transition to named_t, for use with unbound
- Allow crond to look at named_conf_t, for unbound
- Allow mozilla_plugin_t to transition its home content
- Allow dovecot_domain to read all system and network state
- Allow httpd_user_script_t to call getpw
- Allow semanage to read pid files
- Dontaudit leaked file descriptors from user domain into thumb
- Make PAM authentication working if it is enabled in ejabberd
- Add fixes for rabbit to fix ##992920,#992931
- Allow glusterd to mount filesystems
- Loading a vm from /usr/tmp with virt-manager
- Trying to load a VM I got an AVC from devicekit_disk for loopcontrol device
- Add fix for pand service
- shorewall touches own log
- Allow nrpe to list /var
- Mozilla_plugin_roles can not be passed into lpd_run_lpr
- Allow afs domains to read afs_config files
- Allow login programs to read afs config
- Allow virt_domain to read virt_var_run_t symlinks
- Allow smokeping to send its process signals
- Allow fetchmail to setuid
- Add kdump_manage_crash() interface
- Allow abrt domain to write abrt.socket - Add more aliases in pegasus.te
- Add more fixes for *_admin interfaces
- Add interface fixes
- Allow nscd to stream connect to nmbd
- Allow gnupg apps to write to pcscd socket
- Add more fixes for openlmi provides. Fix naming and support for additionals
- Allow fetchmail to resolve host names
- Allow firewalld to interact also with lnk files labeled as firewalld_etc_rw_t
- Add labeling for cmpiLMI_Fan-cimprovagt
- Allow net_admin for glusterd
- Allow telepathy domain to create dconf with correct labeling in /home/userX/.cache/
- Add pegasus_openlmi_system_t
- Fix puppet_domtrans_master() to make all puppet calling working in passenger.te
- Fix corecmd_exec_chroot()
- Fix logging_relabel_syslog_pid_socket interface
- Fix typo in unconfineduser.te
- Allow system_r to access unconfined_dbusd_t to run hp_chec - Allow xdm_t to act as a dbus client to itsel
- Allow fetchmail to resolve host names
- Allow gnupg apps to write to pcscd socket
- Add labeling for cmpiLMI_Fan-cimprovagt
- Allow net_admin for glusterd
- Allow telepathy domain to create dconf with correct labeling in /home/userX/.cache/
- Add pegasus_openlmi_system_t
- Fix puppet_domtrans_master() to make all puppet calling working in passenger.te
-httpd_t does access_check on certs - Add support for cmpiLMI_Service-cimprovagt
- Allow pegasus domtrans to rpm_t to make pycmpiLMI_Software-cimprovagt running as rpm_t
- Label pycmpiLMI_Software-cimprovagt as rpm_exec_t
- Add support for pycmpiLMI_Storage-cimprovagt
- Add support for cmpiLMI_Networking-cimprovagt
- Allow system_cronjob_t to create user_tmpfs_t to make pulseaudio working
- Allow virtual machines and containers to run as user doains, needed for virt-sandbox
- Allow buglist.cgi to read cpu info - Allow systemd-tmpfile to handle tmp content in print spool dir
- Allow systemd-sysctl to send system log messages
- Add support for RTP media ports and fmpro-internal
- Make auditd working if audit is configured to perform SINGLE action on disk error
- Add interfaces to handle systemd units
- Make systemd-notify working if pcsd is used
- Add support for netlabel and label /usr/sbin/netlabelctl as iptables_exec_t
- Instead of having all unconfined domains get all of the named transition rules,
- Only allow unconfined_t, init_t, initrc_t and rpm_script_t by default.
- Add definition for the salt ports
- Allow xdm_t to create link files in xdm_var_run_t
- Dontaudit reads of blk files or chr files leaked into ldconfig_t
- Allow sys_chroot for useradd_t
- Allow net_raw cap for ipsec_t
- Allow sysadm_t to reload services
- Add additional fixes to make strongswan working with a simple conf
- Allow sysadm_t to enable/disable init_t services
- Add additional glusterd perms
- Allow apache to read lnk files in the /mnt directory
- Allow glusterd to ask the kernel to load a module
- Fix description of ftpd_use_fusefs boolean
- Allow svirt_lxc_net_t to sys_chroot, modify policy to tighten up svirt_lxc_domain capabilties and process controls, but add them to svirt_lxc_net_t
- Allow glusterds to request load a kernel module
- Allow boinc to stream connect to xserver_t
- Allow sblim domains to read /etc/passwd
- Allow mdadm to read usb devices
- Allow collectd to use ping plugin
- Make foghorn working with SNMP
- Allow sssd to read ldap certs
- Allow haproxy to connect to RTP media ports
- Add additional trans rules for aide_db
- Add labeling for /usr/lib/pcsd/pcsd
- Add labeling for /var/log/pcsd
- Add support for pcs which is a corosync and pacemaker configuration tool - Label /var/lib/ipa/pki-ca/publish as pki_tomcat_cert_t
- Add labeling for /usr/libexec/kde4/polkit-kde-authentication-agent-1
- Allow all domains that can domtrans to shutdown, to start the power services script to shutdown
- consolekit needs to be able to shut down system
- Move around interfaces
- Remove nfsd_rw_t and nfsd_ro_t, they don't do anything
- Add additional fixes for rabbitmq_beam to allow getattr on mountpoints
- Allow gconf-defaults-m to read /etc/passwd
- Fix pki_rw_tomcat_cert() interface to support lnk_files - Add support for gluster ports
- Make sure that all keys located in /etc/ssh/ are labeled correctly
- Make sure apcuspd lock files get created with the correct label
- Use getcap in gluster.te
- Fix gluster policy
- add additional fixes to allow beam.smp to interact with couchdb files
- Additional fix for #974149
- Allow gluster to user gluster ports
- Allow glusterd to transition to rpcd_t and add additional fixes for #980683
- Allow tgtd working when accessing to the passthrough device
- Fix labeling for mdadm unit files - Add mdadm fixes - Fix definition of sandbox.disabled to sandbox.pp.disabled - Allow mdamd to execute systemctl
- Allow mdadm to read /dev/kvm
- Allow ipsec_mgmt_t to read l2tpd pid content - Allow nsd_t to read /dev/urand
- Allow mdadm_t to read framebuffer
- Allow rabbitmq_beam_t to read process info on rabbitmq_epmd_t
- Allow mozilla_plugin_config_t to create tmp files
- Cleanup openvswitch policy
- Allow mozilla plugin to getattr on all executables
- Allow l2tpd_t to create fifo_files in /var/run
- Allow samba to touch/manage fifo_files or sock_files in a samba_share_t directory
- Allow mdadm to connecto its own unix_stream_socket
- FIXME: nagios changed locations to /log/nagios which is wrong. But we need to have this workaround for now.
- Allow apache to access smokeping pid files
- Allow rabbitmq_beam_t to getattr on all filesystems
- Add systemd support for iodined
- Allow nup_upsdrvctl_t to execute its entrypoint
- Allow fail2ban_client to write to fail2ban_var_run_t, Also allow it to use nsswitch
- add labeling for ~/.cache/libvirt-sandbox
- Add interface to allow domains transitioned to by confined users to send sigchld to screen program
- Allow sysadm_t to check the system status of files labeled etc_t, /etc/fstab
- Allow systemd_localed to start /usr/lib/systemd/system/systemd-vconsole-setup.service
- Allow an domain that has an entrypoint from a type to be allowed to execute the entrypoint without a transition,  I can see no case where this is  a bad thing, and elminiates a whole class of AVCs.
- Allow staff to getsched all domains, required to run htop
- Add port definition for redis port
- fix selinuxuser_use_ssh_chroot boolean - Add prosody policy written by Michael Scherer
- Allow nagios plugins to read /sys info
- ntpd needs to manage own log files
- Add support for HOME_DIR/.IBMERS
- Allow iptables commands to read firewalld config
- Allow consolekit_t to read utmp
- Fix filename transitions on .razor directory
- Add additional fixes to make DSPAM with LDA working
- Allow snort to read /etc/passwd
- Allow fail2ban to communicate with firewalld over dbus
- Dontaudit openshift_cgreoup_file_t read/write leaked dev
- Allow nfsd to use mountd port
- Call th proper interface
- Allow openvswitch to read sys and execute plymouth
- Allow tmpwatch to read /var/spool/cups/tmp
- Add support for /usr/libexec/telepathy-rakia
- Add systemd support for zoneminder
- Allow mysql to create files/directories under /var/log/mysql
- Allow zoneminder apache scripts to rw zoneminder tmpfs
- Allow httpd to manage zoneminder lib files
- Add zoneminder_run_sudo boolean to allow to start zoneminder
- Allow zoneminder to send mails
- gssproxy_t sock_file can be under /var/lib
- Allow web domains to connect to whois port.
- Allow sandbox_web_type to connect to the same ports as mozilla_plugin_t.
- We really need to add an interface to corenet to define what a web_client_domain is and
- then define chrome_sandbox_t, mozilla_plugin_t and sandbox_web_type to that domain.
- Add labeling for cmpiLMI_LogicalFile-cimprovagt
- Also make pegasus_openlmi_logicalfile_t as unconfined to have unconfined_domain attribute for filename trans rules
- Update policy rules for pegasus_openlmi_logicalfile_t
- Add initial types for logicalfile/unconfined OpenLMI providers
- mailmanctl needs to read own log
- Allow logwatch manage own lock files
- Allow nrpe to read meminfo
- Allow httpd to read certs located in pki-ca
- Add pki_read_tomcat_cert() interface
- Add support for nagios openshift plugins
- Add port definition for redis port
- fix selinuxuser_use_ssh_chroot boolean - Shrink the size of policy by moving to attributes, also add dridomain so that mozilla_plugin can follow selinuxuse_dri boolean. 
- Allow bootloader to manage generic log files 
- Allow ftp to bind to port 989 
- Fix label of new gear directory 
- Add support for new directory /var/lib/openshift/gears/ 
- Add openshift_manage_lib_dirs() 
- allow virtd domains to manage setrans_var_run_t 
- Allow useradd to manage all openshift content 
- Add support so that mozilla_plugin_t can use dri devices 
- Allow chronyd to change the scheduler 
- Allow apmd to shut downthe system 
- Devicekit_disk_t needs to manage /etc/fstab - Make DSPAM to act as a LDA working
- Allow ntop to create netlink socket
- Allow policykit to send a signal to policykit-auth
- Allow stapserver to dbus chat with avahi/systemd-logind
- Fix labeling on haproxy unit file
- Clean up haproxy policy
- A new policy for haproxy and placed it to rhcs.te
- Add support for ldirectord and treat it with cluster_t
- Make sure anaconda log dir is created with var_log_t - Allow lvm_t to create default targets for filesystem handling
- Fix labeling for razor-lightdm binaries
- Allow insmod_t to read any file labeled var_lib_t
- Add policy for pesign
- Activate policy for cmpiLMI_Account-cimprovagt
- Allow isnsd syscall=listen
- /usr/libexec/pegasus/cimprovagt needs setsched caused by sched_setscheduler
- Allow ctdbd to use udp/4379
- gatherd wants sys_nice and setsched
- Add support for texlive2012
- Allow NM to read file_t (usb stick with no labels used to transfer keys for example)
- Allow cobbler to execute apache with domain transition - condor_collector uses tcp/9000
- Label /usr/sbin/virtlockd as virtd_exec_t for now
- Allow cobbler to execute ldconfig
- Allow NM to execute ssh
- Allow mdadm to read /dev/crash
- Allow antivirus domains to connect to snmp port
- Make amavisd-snmp working correctly
- Allow nfsd_t to mounton nfsd_fs_t
- Add initial snapper policy
- We still need to have consolekit policy
- Dontaudit firefox attempting to connect to the xserver_port_t if run within sandbox_web_t
- Dontaudit sandbox apps attempting to open user_devpts_t
- Allow dirsrv to read network state
- Fix pki_read_tomcat_lib_files
- Add labeling for /usr/libexec/nm-ssh-service
- Add label cert_t for /var/lib/ipa/pki-ca/publish
- Lets label /sys/fs/cgroup as cgroup_t for now, to keep labels consistant
- Allow nfsd_t to mounton nfsd_fs_t
- Dontaudit sandbox apps attempting to open user_devpts_t
- Allow passwd_t to change role to system_r from unconfined_r - Don't audit access checks by sandbox xserver on xdb var_lib
- Allow ntop to read usbmon devices
- Add labeling for new polcykit authorizor
- Dontaudit access checks from fail2ban_client
- Don't audit access checks by sandbox xserver on xdb var_lib
- Allow apps that connect to xdm stream to conenct to xdm_dbusd_t stream
- Fix labeling for all /usr/bim/razor-lightdm-* binaries
- Add filename trans for /dev/md126p1 - Make vdagent able to request loading kernel module
- Add support for cloud-init make it as unconfined domain
- Allow snmpd to run smartctl in fsadm_t domain
- remove duplicate openshift_search_lib() interface
- Allow mysqld to search openshift lib files
- Allow openshift cgroup to interact with passedin file descriptors
- Allow colord to list directories inthe users homedir
- aide executes prelink to check files
- Make sure cupsd_t creates content in /etc/cups with the correct label
- Lest dontaudit apache read all domains, so passenger will not cause this avc
- Allow gssd to connect to gssproxy
- systemd-tmpfiles needs to be able to raise the level to fix labeling on /run/setrans in MLS
- Allow systemd-tmpfiles to relabel also lock files
- Allow useradd to add homdir in /var/lib/openshift
- Allow setfiles and semanage to write output to /run/files - Add labeling for /dev/tgt
- Dontaudit leak fd from firewalld for modprobe
- Allow runuser running as rpm_script_t to create netlink_audit socket
- Allow mdadm to read BIOS non-volatile RAM - accountservice watches when accounts come and go in wtmp
- /usr/java/jre1.7.0_21/bin/java needs to create netlink socket
- Add httpd_use_sasl boolean
- Allow net_admin for tuned_t
- iscsid needs sys_module to auto-load kernel modules
- Allow blueman to read bluetooth conf
- Add nova_manage_lib_files() interface
- Fix mplayer_filetrans_home_content()
- Add mplayer_filetrans_home_content()
- mozilla_plugin_config_roles need to be able to access mozilla_plugin_config_t
- Revert "Allow thumb_t to append inherited xdm stream socket"
- Add iscsi_filetrans_named_content() interface
- Allow to create .mplayer with the correct labeling for unconfined
- Allow iscsiadmin to create lock file with the correct labeling - Allow wine to manage wine home content
- Make amanda working with socket actiovation
- Add labeling for /usr/sbin/iscsiadm
- Add support for /var/run/gssproxy.sock
- dnsmasq_t needs to read sysctl_net_t - Fix courier_domain_template() interface
- Allow blueman to write ip_forward
- Allow mongodb to connect to mongodb port
- Allow mongodb to connect to mongodb port
- Allow java to bind jobss_debug port
- Fixes for *_admin interfaces
- Allow iscsid auto-load kernel modules needed for proper iSCSI functionality
- Need to assign attribute for courier_domain to all courier_domains
- Fail2ban reads /etc/passwd
- postfix_virtual will create new files in postfix_spool_t
- abrt triggers sys_ptrace by running pidof
- Label ~/abc as mozilla_home_t, since java apps as plugin want to create it
- Add passenger fixes needed by foreman
- Remove dup interfaces
- Add additional interfaces for quantum
- Add new interfaces for dnsmasq
- Allow  passenger to read localization and send signull to itself
- Allow dnsmasq to stream connect to quantum
- Add quantum_stream_connect()
- Make sure that mcollective starts the service with the correct labeling
- Add labels for ~/.manpath
- Dontaudit attempts by svirt_t to getpw* calls
- sandbox domains are trying to look at parent process data
- Allow courior auth to create its pid file in /var/spool/courier subdir
- Add fixes for beam to have it working with couchdb
- Add labeling for /run/nm-xl2tpd.con
- Allow apache to stream connect to thin
- Add systemd support for amand
- Make public types usable for fs mount points
- Call correct mandb interface in domain.te
- Allow iptables to r/w quantum inherited pipes and send sigchld
- Allow ifconfig domtrans to iptables and execute ldconfig
- Add labels for ~/.manpath
- Allow systemd to read iscsi lib files
- seunshare is trying to look at parent process data - Fix openshift_search_lib
- Add support for abrt-uefioops-oops
- Allow colord to getattr any file system
- Allow chrome processes to look at each other
- Allow sys_ptrace for abrt_t
- Add new policy for gssproxy
- Dontaudit leaked file descriptor writes from firewalld
- openshift_net_type is interface not template
- Dontaudit pppd to search gnome config
- Update openshift_search_lib() interface
- Add fs_list_pstorefs()
- Fix label on libbcm_host.so since it is built incorrectly on raspberry pi, needs back port to F18
- Better labels for raspberry pi devices
- Allow init to create devpts_t directory
- Temporarily label rasbery pi devices as memory_device_t, needs back port to f18
- Allow sysadm_t to build kernels
- Make sure mount creates /var/run/blkid with the correct label, needs back port to F18
- Allow userdomains to stream connect to gssproxy
- Dontaudit leaked file descriptor writes from firewalld
- Allow xserver to read /dev/urandom
- Add additional fixes for ipsec-mgmt
- Make SSHing into an Openshift Enterprise Node working - Add transition rules to unconfined domains and to sysadm_t to create /etc/adjtime
- with the proper label.
- Update files_filetrans_named_content() interface to get right labeling for pam.d conf files
- Allow systemd-timedated to create adjtime
- Add clock_create_adjtime()
- Additional fix ifconfing for #966106
- Allow kernel_t to create boot.log with correct labeling
- Remove unconfined_mplayer for which we don't have rules
- Rename interfaces
- Add userdom_manage_user_home_files/dirs interfaces
- Fix files_dontaudit_read_all_non_security_files
- Fix ipsec_manage_key_file()
- Fix ipsec_filetrans_key_file()
- Label /usr/bin/razor-lightdm-greeter as xdm_exec_t instead of spamc_exec_t
- Fix labeling for ipse.secrets
- Add interfaces for ipsec and labeling for ipsec.info and ipsec_setup.pid
- Add files_dontaudit_read_all_non_security_files() interface
- /var/log/syslog-ng should be labeled var_log_t
- Make ifconfig_var_run_t a mountpoint
- Add transition from ifconfig to dnsmasq
- Allow ifconfig to execute bin_t/shell_exec_t
- We want to have hwdb.bin labeled as etc_t
- update logging_filetrans_named_content() interface
- Allow systemd_timedate_t to manage /etc/adjtime
- Allow NM to send signals to l2tpd
- Update antivirus_can_scan_system boolean
- Allow devicekit_disk_t to sys_config_tty
- Run abrt-harvest programs as abrt_t, and allow abrt_t to list all filesystem directories
- Make printing from vmware working
- Allow php-cgi from php54 collection to access /var/lib/net-snmp/mib_indexes
- Add virt_qemu_ga_data_t for qemu-ga
- Make chrome and mozilla able to connect to same ports, add jboss_management_port_t to both
- Fix typo in virt.te
- Add virt_qemu_ga_unconfined_t for hook scripts
- Make sure NetworkManager files get created with the correct label
- Add mozilla_plugin_use_gps boolean
- Fix cyrus to have support for net-snmp
- Additional fixes for dnsmasq and quantum for #966106
- Add plymouthd_create_log()
- remove httpd_use_oddjob for which we don't have rules
- Add missing rules for httpd_can_network_connect_cobbler
- Add missing cluster_use_execmem boolean
- Call userdom_manage_all_user_home_type_files/dirs
- Additional fix for ftp_home_dir
- Fix ftp_home_dir boolean
- Allow squit to recv/send client squid packet
- Fix nut.te to have nut_domain attribute
- Add support for ejabberd; TODO: revisit jabberd and rabbit policy
- Fix amanda policy
- Add more fixes for domains which use libusb
- Make domains which use libusb working correctly
- Allow l2tpd to create ipsec key files with correct labeling and manage them
- Fix cobbler_manage_lib_files/cobbler_read_lib_files to cover also lnk files
- Allow rabbitmq-beam to bind generic node
- Allow l2tpd to read ipse-mgmt pid files
- more fixes for l2tpd, NM and pppd from #967072 - Dontaudit to getattr on dirs for dovecot-deliver
- Allow raiudusd server connect to postgresql socket
- Add kerberos support for radiusd
- Allow saslauthd to connect to ldap port
- Allow postfix to manage postfix_private_t files
- Add chronyd support for #965457
- Fix labeling for HOME_DIR/\.icedtea
- CHange squid and snmpd to be allowed also write own logs
- Fix labeling for /usr/libexec/qemu-ga
- Allow virtd_t to use virt_lock_t
- Allow also sealert to read the policy from the kernel
- qemu-ga needs to execute scripts in /usr/libexec/qemu-ga and to use /tmp content
- Dontaudit listing of users homedir by sendmail Seems like a leak
- Allow passenger to transition to puppet master
- Allow apache to connect to mythtv
- Add definition for mythtv ports - Add additional fixes for #948073 bug
- Allow sge_execd_t to also connect to sge ports
- Allow openshift_cron_t to manage openshift_var_lib_t sym links
- Allow openshift_cron_t to manage openshift_var_lib_t sym links
- Allow sge_execd to bind sge ports. Allow kill capability and reads cgroup files
- Remove pulseaudio filetrans pulseaudio_manage_home_dirs which is a part of pulseaudio_manage_home_files
- Add networkmanager_stream_connect()
- Make gnome-abrt wokring with staff_t
- Fix openshift_manage_lib_files() interface
- mdadm runs ps command which seems to getattr on random log files
- Allow mozilla_plugin_t to create pulseaudit_home_t directories
- Allow qemu-ga to shutdown virtual hosts
- Add labelling for cupsd-browsed
- Add web browser plugins to connect to aol ports
- Allow nm-dhcp-helper to stream connect to NM
- Add port definition for sge ports - Make sure users and unconfined domains create .hushlogin with the correct label
- Allow pegaus to chat with realmd over DBus
- Allow cobblerd to read network state
- Allow boicn-client to stat on /dev/input/mice
- Allow certwatch to read net_config_t when it executes apache
- Allow readahead to create /run/systemd and then create its own directory with the correct label - Transition directories and files when in a user_tmp_t directory
- Change certwatch to domtrans to apache instead of just execute
- Allow virsh_t to read xen lib files
- update policy rules for pegasus_openlmi_account_t
- Add support for svnserve_tmp_t
- Activate account openlmi policy
- pegasus_openlmi_domain_template needs also require pegasus_t
- One more fix for policykit.te
- Call fs_list_cgroups_dirs() in policykit.te
- Allow nagios service plugin to read mysql config files
- Add labeling for /var/svn
- Fix chrome.te
- Fix pegasus_openlmi_domain_template() interfaces
- Fix dev_rw_vfio_dev definiton, allow virtd_t to read tmpfs_t symlinks
- Fix location of google-chrome data
- Add support for chome_sandbox to store content in the homedir
- Allow policykit to watch for changes in cgroups file system
- Add boolean to allow  mozilla_plugin_t to use spice
- Allow collectd to bind to udp port
- Allow collected_t to read all of /proc
- Should use netlink socket_perms
- Should use netlink socket_perms
- Allow glance domains to connect to apache ports
- Allow apcupsd_t to manage its log files
- Allow chrome objects to rw_inherited unix_stream_socket from callers
- Allow staff_t to execute virtd_exec_t for running vms
- nfsd_t needs to bind mountd port to make nfs-mountd.service working
- Allow unbound net_admin capability because of setsockopt syscall
- Fix fs_list_cgroup_dirs()
- Label /usr/lib/nagios/plugins/utils.pm as bin_t
- Remove uplicate definition of fs_read_cgroup_files()
- Remove duplicate definition of fs_read_cgroup_files()
- Add files_mountpoint_filetrans interface to be used by quotadb_t and snapperd
- Additional interfaces needed to list and read cgroups config
- Add port definition for collectd port
- Add labels for /dev/ptp*
- Allow staff_t to execute virtd_exec_t for running vms - Allow samba-net to also read realmd tmp files
- Allow NUT to use serial ports
- realmd can be started by systemctl now - Remove userdom_home_manager for xdm_t and move all rules to xserver.te directly
- Add new xdm_write_home boolean to allow xdm_t to create files in HOME dirs with xdm_home_t
- Allow postfix-showq to read/write unix.showq in /var/spool/postfix/pid
- Allow virsh to read xen lock file
- Allow qemu-ga to create files in /run with proper labeling
- Allow glusterd to connect to own socket in /tmp
- Allow glance-api to connect to http port to make glance image-create working
- Allow keystonte_t to execute rpm - Fix realmd cache interfaces - Allow tcpd to execute leafnode
- Allow samba-net to read realmd cache files
- Dontaudit sys_tty_config for alsactl
- Fix allow rules for postfix_var_run
- Allow cobblerd to read /etc/passwd
- Allow pegasus to read exports
- Allow systemd-timedate to read xdm state
- Allow mout to stream connect to rpcbind
- Add labeling just for /usr/share/pki/ca-trust-source instead of /usr/share/pki - Allow thumbnails to share memory with apps which run thumbnails
- Allow postfix-postqueue block_suspend
- Add lib interfaces for smsd
- Add support for nginx
- Allow s2s running as jabberd_t to connect to jabber_interserver_port_t
- Allow pki apache domain to create own tmp files and execute httpd_suexec
- Allow procmail to manger user tmp files/dirs/lnk_files
- Add virt_stream_connect_svirt() interface
- Allow dovecot-auth to execute bin_t
- Allow iscsid to request that kernel load a kernel module
- Add labeling support for /var/lib/mod_security
- Allow iw running as tuned_t to create netlink socket
- Dontaudit sys_tty_config for thumb_t
- Add labeling for nm-l2tp-service
- Allow httpd running as certwatch_t to open tcp socket
- Allow useradd to manager smsd lib files
- Allow useradd_t to add homedirs in /var/lib
- Fix typo in userdomain.te
- Cleanup userdom_read_home_certs
- Implement userdom_home_reader_certs_type to allow read certs also on encrypt /home with ecryptfs_t
- Allow staff to stream connect to svirt_t to make gnome-boxes working - Allow lvm to create its own unit files
- Label /var/lib/sepolgen as selinux_config_t
- Add filetrans rules for tw devices
- Add transition from cupsd_config_t to cupsd_t - Add filetrans rules for tw devices
- Cleanup bad transition lines - Fix lockdev_manage_files()
- Allow setroubleshootd to read var_lib_t to make email_alert working
- Add lockdev_manage_files()
- Call proper interface in virt.te
- Allow gkeyring_domain to create /var/run/UID/config/dbus file
- system dbus seems to be blocking suspend
- Dontaudit attemps to sys_ptrace, which I believe gpsd does not need
- When you enter a container from root, you generate avcs with a leaked file descriptor
- Allow mpd getattr on file system directories
- Make sure realmd creates content with the correct label
- Allow systemd-tty-ask to write kmsg
- Allow mgetty to use lockdev library for device locking
- Fix selinuxuser_user_share_music boolean name to selinuxuser_share_music
- When you enter a container from root, you generate avcs with a leaked file descriptor
- Make sure init.fc files are labeled correctly at creation
- File name trans vconsole.conf
- Fix labeling for nagios plugins
- label shared libraries in /opt/google/chrome as testrel_shlib_t - Allow certmonger to dbus communicate with realmd 
- Make realmd working - Fix mozilla specification of homedir content
- Allow certmonger to read network state
- Allow tmpwatch to read tmp in /var/spool/{cups,lpd}
- Label all nagios plugin as unconfined by default
- Add httpd_serve_cobbler_files()
- Allow mdadm to read /dev/sr0 and create tmp files
- Allow certwatch to send mails
- Fix labeling for nagios plugins
- label shared libraries in /opt/google/chrome as testrel_shlib_t - Allow realmd to run ipa, really needs to be an unconfined_domain
- Allow sandbox domains to use inherted terminals
- Allow pscd to use devices labeled svirt_image_t in order to use cat cards.
- Add label for new alsa pid
- Alsa now uses a pid file and needs to setsched 
- Fix oracleasmfs_t definition
- Add support for sshd_unit_file_t
- Add oracleasmfs_t
- Allow unlabeled_t files to be stored on unlabeled_t filesystems - Fix description of deny_ptrace boolean
- Remove allow for execmod lib_t for now
- Allow quantum to connect to keystone port
- Allow nova-console to talk with mysql over unix stream socket
- Allow dirsrv to stream connect to uuidd
- thumb_t needs to be able to create ~/.cache if it does not exist
- virtd needs to be able to sys_ptrace when starting and stoping containers - Allow alsa_t signal_perms, we probaly should search for any app that can execute something without transition and give it signal_perms...
- Add dontaudit for mozilla_plugin_t looking at the xdm_t sockets
- Fix deny_ptrace boolean, certain ptrace leaked into the system
- Allow winbind to manage kerberos_rcache_host
- Allow spamd to create spamd_var_lib_t directories
- Remove transition to mozilla_tmp_t by mozilla_t, to allow it to manage the users tmp dirs
- Add mising nslcd_dontaudit_write_sock_file() interface
- one more fix
- Fix pki_read_tomcat_lib_files() interface
- Allow certmonger to read pki-tomcat lib files
- Allow certwatch to execute bin_t
- Allow snmp to manage /var/lib/net-snmp files
- Call snmp_manage_var_lib_files(fogorn_t) instead of snmp_manage_var_dirs
- Fix vmware_role() interface
- Fix cobbler_manage_lib_files() interface
- Allow nagios check disk plugins to execute bin_t
- Allow quantum to transition to openvswitch_t
- Allow postdrop to stream connect to postfix-master
- Allow quantum to stream connect to openvswitch
- Add xserver_dontaudit_xdm_rw_stream_sockets() interface
- Allow daemon to send dgrams to initrc_t
- Allow kdm to start the power service to initiate a reboot or poweroff - Add mising nslcd_dontaudit_write_sock_file() interface
- one more fix
- Fix pki_read_tomcat_lib_files() interface
- Allow certmonger to read pki-tomcat lib files
- Allow certwatch to execute bin_t
- Allow snmp to manage /var/lib/net-snmp files
- Don't audit attempts to write to stream socket of nscld by thumbnailers
- Allow git_system_t to read network state
- Allow pegasas to execute mount command
- Fix desc for drdb_admin
- Fix condor_amin()
- Interface fixes for uptime, vdagent, vnstatd
- Fix labeling for moodle in /var/www/moodle/data
- Add interface fixes
- Allow bugzilla to read certs
- /var/www/moodle needs to be writable by apache
- Add interface to dontaudit attempts to send dbus messages to systemd domains, for xguest
- Fix namespace_init_t to create content with proper labels, and allow it to manage all user content
- Allow httpd_t to connect to osapi_compute port using httpd_use_openstack bolean
- Fixes for dlm_controld
- Fix apache_read_sys_content_rw_dirs() interface
- Allow logrotate to read /var/log/z-push dir
- Fix sys_nice for cups_domain
- Allow postfix_postdrop to acces postfix_public socket
- Allow sched_setscheduler for cupsd_t
- Add missing context for /usr/sbin/snmpd
- Kernel_t needs mac_admin in order to support labeled NFS
- Fix systemd_dontaudit_dbus_chat() interface
- Add interface to dontaudit attempts to send dbus messages to systemd domains, for xguest
- Allow consolehelper domain to write Xauth files in /root
- Add port definition for osapi_compute port
- Allow unconfined to create /etc/hostname with correct labeling
- Add systemd_filetrans_named_hostname() interface - Allow httpd_t to connect to osapi_compute port using httpd_use_openstack bolean
- Fixes for dlm_controld
- Fix apache_read_sys_content_rw_dirs() interface
- Allow logrotate to read /var/log/z-push dir
- Allow postfix_postdrop to acces postfix_public socket
- Allow sched_setscheduler for cupsd_t
- Add missing context for /usr/sbin/snmpd
- Allow consolehelper more access discovered by Tom London
- Allow fsdaemon to send signull to all domain
- Add port definition for osapi_compute port
- Allow unconfined to create /etc/hostname with correct labeling
- Add systemd_filetrans_named_hostname() interface - Fix file_contexts.subs to label /run/lock correctly - Try to label on controlC devices up to 30 correctly
- Add mount_rw_pid_files() interface
- Add additional mount/umount interfaces needed by mock
- fsadm_t sends audit messages in reads kernel_ipc_info when doing livecd-iso-to-disk
- Fix tabs
- Allow initrc_domain to search rgmanager lib files
- Add more fixes which make mock working together with confined users
  * Allow mock_t to manage rpm files
  * Allow mock_t to read rpm log files
  * Allow mock to setattr on tmpfs, devpts
  * Allow mount/umount filesystems
- Add rpm_read_log() interface
- yum-cron runs rpm from within it.
- Allow tuned to transition to dmidecode
- Allow firewalld to do net_admin
- Allow mock to unmont tmpfs_t
- Fix virt_sigkill() interface
- Add additional fixes for mock. Mainly caused by mount running in mock_t
- Allow mock to write sysfs_t and mount pid files
- Add mailman_domain to mailman_template()
- Allow openvswitch to execute shell
- Allow qpidd to use kerberos
- Allow mailman to use fusefs, needs back port to RHEL6
- Allow apache and its scripts to use anon_inodefs
- Add alias for git_user_content_t and git_sys_content_t so that RHEL6 will update to RHEL7
- Realmd needs to connect to samba ports, needs back port to F18 also
- Allow colord to read /run/initial-setup-
- Allow sanlock-helper to send sigkill to virtd which is registred to sanlock
- Add virt_kill() interface
- Add rgmanager_search_lib() interface
- Allow wdmd to getattr on all filesystems. Back ported from RHEL6 - Allow realmd to create tmp files
- FIx ircssi_home_t type to irssi_home_t
- Allow adcli running as realmd_t to connect to ldap port
- Allow NetworkManager to transition to ipsec_t, for running strongswan
- Make openshift_initrc_t an lxc_domain
- Allow gssd to manage user_tmp_t files
- Fix handling of irclogs in users homedir
- Fix labeling for drupal an wp-content in subdirs of /var/www/html
- Allow abrt to read utmp_t file
- Fix openshift policy to transition lnk_file, sock-file an fifo_file when created in a tmpfs_t, needs back port to RHEL6
- fix labeling for (oo|rhc)-restorer-wrapper.sh
- firewalld needs to be able to write to network sysctls
- Fix mozilla_plugin_dontaudit_rw_sem() interface
- Dontaudit generic ipc read/write to a mozilla_plugin for sandbox_x domains
- Add mozilla_plugin_dontaudit_rw_sem() interface
- Allow svirt_lxc_t to transition to openshift domains
- Allow condor domains block_suspend and dac_override caps
- Allow condor_master to read passd
- Allow condor_master to read system state
- Allow NetworkManager to transition to ipsec_t, for running strongswan
- Lots of access required by lvm_t to created encrypted usb device
- Allow xdm_t to dbus communicate with systemd_localed_t
- Label strongswan content as ipsec_exec_mgmt_t for now
- Allow users to dbus chat with systemd_localed
- Fix handling of .xsession-errors in xserver.if, so kde will work
- Might be a bug but we are seeing avc's about people status on init_t:service
- Make sure we label content under /var/run/lock as <<none>>
- Allow daemon and systemprocesses to search init_var_run_t directory
- Add boolean to allow xdm to write xauth data to the home directory
- Allow mount to write keys for the unconfined domain
- Add unconfined_write_keys() interface - Add labeling for /usr/share/pki
- Allow programs that read var_run_t symlinks also read var_t symlinks
- Add additional ports as mongod_port_t for  27018, 27019, 28017, 28018 and 28019 ports
- Fix labeling for /etc/dhcp directory
- add missing systemd_stub_unit_file() interface
- Add files_stub_var() interface
- Add lables for cert_t directories
- Make localectl set-x11-keymap working at all
- Allow abrt to manage mock build environments to catch build problems.
- Allow virt_domains to setsched for running gdb on itself
- Allow thumb_t to execute user home content
- Allow pulseaudio running as mozilla_plugin_t to read /run/systemd/users/1000
- Allow certwatch to execut /usr/bin/httpd
- Allow cgred to send signal perms to itself, needs back port to RHEL6
- Allow openshift_cron_t to look at quota
- Allow cups_t to read inhered tmpfs_t from the kernel
- Allow yppasswdd to use NIS
- Tuned wants sys_rawio capability
- Add ftpd_use_fusefs boolean
- Allow dirsrvadmin_t to signal itself - Allow localectl to read /etc/X11/xorg.conf.d directory
- Revert "Revert "Fix filetrans rules for kdm creates .xsession-errors""
- Allow mount to transition to systemd_passwd_agent
- Make sure abrt directories are labeled correctly
- Allow commands that are going to read mount pid files to search mount_var_run_t
- label /usr/bin/repoquery as rpm_exec_t
- Allow automount to block suspend
- Add abrt_filetrans_named_content so that abrt directories get labeled correctly
- Allow virt domains to setrlimit and read file_context - Allow nagios to manage nagios spool files
- /var/spool/snmptt is a directory which snmdp needs to write to, needs back port to RHEL6
- Add swift_alias.* policy files which contain typealiases for swift types
- Add support for /run/lock/opencryptoki
- Allow pkcsslotd chown capability
- Allow pkcsslotd to read passwd
- Add rsync_stub() interface
- Allow systemd_timedate also manage gnome config homedirs
- Label /usr/lib64/security/pam_krb5/pam_krb5_cchelper as bin_t
- Fix filetrans rules for kdm creates .xsession-errors
- Allow sytemd_tmpfiles to create wtmp file
- Really should not label content  under /var/lock, since it could have labels on it different from var_lock_t
- Allow systemd to list all file system directories
- Add some basic stub interfaces which will be used in PRODUCT policies - Fix log transition rule for cluster domains
- Start to group all cluster log together
- Dont use filename transition for POkemon Advanced Adventure until a new checkpolicy update
- cups uses usbtty_device_t devices
- These fixes were all required to build a MLS virtual Machine with single level desktops
- Allow domains to transiton using httpd_exec_t
- Allow svirt domains to manage kernel key rings
- Allow setroubleshoot to execute ldconfig
- Allow firewalld to read generate gnome data
- Allow bluetooth to read machine-info
- Allow boinc domain to send signal to itself
- Fix gnome_filetrans_home_content() interface
- Allow mozilla_plugins to list apache modules, for use with gxine
- Fix labels for POkemon in the users homedir
- Allow xguest to read mdstat
- Dontaudit virt_domains getattr on /dev/*
- These fixes were all required to build a MLS virtual Machine with single level desktops
- Need to back port this to RHEL6 for openshift
- Add tcp/8891 as milter port
- Allow nsswitch domains to read sssd_var_lib_t files
- Allow ping to read network state.
- Fix typo
- Add labels to /etc/X11/xorg.d and allow systemd-timestampd_t to manage them - Adopt swift changes from lhh@redhat.com
- Add rhcs_manage_cluster_pid_files() interface
- Allow screen domains to configure tty and setup sock_file in ~/.screen directory
- ALlow setroubleshoot to read default_context_t, needed to backport to F18
- Label /etc/owncloud as being an apache writable directory
- Allow sshd to stream connect to an lxc domain - Allow postgresql to manage rgmanager pid files
- Allow postgresql to read ccs data
- Allow systemd_domain to send dbus messages to policykit
- Add labels for /etc/hostname and /etc/machine-info and allow systemd-hostnamed to create them
- All systemd domains that create content are reading the file_context file and setfscreate
- Systemd domains need to search through init_var_run_t
- Allow sshd to communicate with libvirt to set containers labels
- Add interface to manage pid files
- Allow NetworkManger_t to read /etc/hostname
- Dontaudit leaked locked files into openshift_domains
- Add fixes for oo-cgroup-read - it nows creates tmp files
- Allow gluster to manage all directories as well as files
- Dontaudit chrome_sandbox_nacl_t using user terminals
- Allow sysstat to manage its own log files
- Allow virtual machines to setrlimit and send itself signals.
- Add labeling for /var/run/hplip - Fix POSTIN scriptlet - Merge rgmanger, corosync,pacemaker,aisexec policies to cluster_t in rhcs.pp - Fix authconfig.py labeling
- Make any domains that write homedir content do it correctly
- Allow glusterd to read/write anyhwere on the file system by default
- Be a little more liberal with the rsync log files
- Fix iscsi_admin interface
- Allow iscsid_t to read /dev/urand
- Fix up iscsi domain for use with unit files
- Add filename transition support for spamassassin policy
- Allow web plugins to use badly formated libraries
- Allow nmbd_t to create samba_var_t directories
- Add filename transition support for spamassassin policy
- Add filename transition support for tvtime
- Fix alsa_home_filetrans_alsa_home() interface
- Move all userdom_filetrans_home_content() calling out of booleans
- Allow logrotote to getattr on all file sytems
- Remove duplicate userdom_filetrans_home_content() calling
- Allow kadmind to read /etc/passwd
- Dontaudit append .xsession-errors file on ecryptfs for  policykit-auth
- Allow antivirus domain to manage antivirus db links
- Allow logrotate to read /sys
- Allow mandb to setattr on man dirs
- Remove mozilla_plugin_enable_homedirs boolean
- Fix ftp_home_dir boolean
- homedir mozilla filetrans has been moved to userdom_home_manager
- homedir telepathy filetrans has been moved to userdom_home_manager
- Remove gnome_home_dir_filetrans() from gnome_role_gkeyringd()
- Might want to eventually write a daemon on fusefsd.
- Add policy fixes for sshd [net] child from plautrba@redhat.com
- Tor uses a new port
- Remove bin_t for authconfig.py
- Fix so only one call to userdom_home_file_trans
- Allow home_manager_types to create content with the correctl label
- Fix all domains that write data into the homedir to do it with the correct label
- Change the postgresql to use proper boolean names, which is causing httpd_t to
- not get access to postgresql_var_run_t
- Hostname needs to send syslog messages
- Localectl needs to be able to send dbus signals to users
- Make sure userdom_filetrans_type will create files/dirs with user_home_t labeling by default
- Allow user_home_manger domains to create spam* homedir content with correct labeling
- Allow user_home_manger domains to create HOMEDIR/.tvtime with correct labeling
- Add missing miscfiles_setattr_man_pages() interface and for now comment some rules for userdom_filetrans_type to make build process working
- Declare userdom_filetrans_type attribute
- userdom_manage_home_role() needs to be called withoout usertype attribute because of userdom_filetrans_type attribute
- fusefsd is mounding a fuse file system on /run/user/UID/gvfs - Man pages are now generated in the build process
- Allow cgred to list inotifyfs filesystem - Allow gluster to get attrs on all fs
- New access required for virt-sandbox
- Allow dnsmasq to execute bin_t
- Allow dnsmasq to create content in /var/run/NetworkManager
- Fix openshift_initrc_signal() interface
- Dontaudit openshift domains doing getattr on other domains
- Allow consolehelper domain to communicate with session bus
- Mock should not be transitioning to any other domains,  we should keep mock_t as mock_t
- Update virt_qemu_ga_t policy
- Allow authconfig running from realmd to restart oddjob service
- Add systemd support for oddjob
- Add initial policy for realmd_consolehelper_t which if for authconfig executed by realmd
- Add labeling for gnashpluginrc
- Allow chrome_nacl to execute /dev/zero
- Allow condor domains to read /proc
- mozilla_plugin_t will getattr on /core if firefox crashes
- Allow condor domains to read /etc/passwd
- Allow dnsmasq to execute shell scripts, openstack requires this access
- Fix glusterd labeling
- Allow virtd_t to interact with the socket type
- Allow nmbd_t to override dac if you turned on sharing all files
- Allow tuned to created kobject_uevent socket
- Allow guest user to run fusermount
- Allow openshift to read /proc and locale
- Allow realmd to dbus chat with rpm
- Add new interface for virt
- Remove depracated interfaces
- Allow systemd_domains read access on etc, etc_runtime and usr files, also allow them to connect stream to syslog socket
- /usr/share/munin/plugins/plugin.sh should be labeled as bin_t
- Remove some more unconfined_t process transitions, that I don't believe are necessary
- Stop transitioning uncofnined_t to checkpc
- dmraid creates /var/lock/dmraid
- Allow systemd_localed to creatre unix_dgram_sockets
- Allow systemd_localed to write kernel messages.
- Also cleanup systemd definition a little.
- Fix userdom_restricted_xwindows_user_template() interface
- Label any block devices or char devices under /dev/infiniband as fixed_disk_device_t
- User accounts need to dbus chat with accountsd daemon
- Gnome requires all users to be able to read /proc/1/ - virsh now does a setexeccon call
- Additional rules required by openshift domains
- Allow svirt_lxc_domains to use inherited terminals, needed to make virt-sandbox-service execute work
- Allow spamd_update_t to search spamc_home_t
- Avcs discovered by mounting an isci device under /mnt
- Allow lspci running as logrotate to read pci.ids
- Additional fix for networkmanager_read_pid_files()
- Fix networkmanager_read_pid_files() interface
- Allow all svirt domains to connect to svirt_socket_t
- Allow virsh to set SELinux context for a process.
- Allow tuned to create netlink_kobject_uevent_socket
- Allow systemd-timestamp to set SELinux context
- Add support for /var/lib/systemd/linger
- Fix ssh_sysadm_login to be working on MLS as expected - Rename files_rw_inherited_tmp_files to files_rw_inherited_tmp_file
- Add missing files_rw_inherited_tmp_files interface
- Add additional interface for ecryptfs
- ALlow nova-cert to connect to postgresql
- Allow keystone to connect to postgresql
- Allow all cups domains to getattr on filesystems
- Allow pppd to send signull
- Allow tuned to execute ldconfig
- Allow gpg to read fips_enabled
- Add additional fixes for ecryptfs
- Allow httpd to work with posgresql
- Allow keystone getsched and setsched - Allow gpg to read fips_enabled
- Add support for /var/cache/realmd
- Add support for /usr/sbin/blazer_usb and systemd support for nut
- Add labeling for fenced_sanlock and allow sanclok transition to fenced_t
- bitlbee wants to read own log file
- Allow glance domain to send a signal itself
- Allow xend_t to request that the kernel load a kernel module
- Allow pacemaker to execute heartbeat lib files
- cleanup new swift policy - Fix smartmontools
- Fix userdom_restricted_xwindows_user_template() interface
- Add xserver_xdm_ioctl_log() interface
- Allow Xusers to ioctl lxdm.log to make lxdm working
- Add MLS fixes to make MLS boot/log-in working
- Add mls_socket_write_all_levels() also for syslogd
- fsck.xfs needs to read passwd
- Fix ntp_filetrans_named_content calling in init.te
- Allow postgresql to create pg_log dir
- Allow sshd to read rsync_data_t to make rsync <backuphost> working
- Change ntp.conf to be labeled net_conf_t
- Allow useradd to create homedirs in /run.  ircd-ratbox does this and we should just allow it
- Allow xdm_t to execute gstreamer home content
- Allod initrc_t and unconfined domains, and sysadm_t to manage ntp
- New policy for openstack swift domains
- More access required for openshift_cron_t
- Use cupsd_log_t instead of cupsd_var_log_t
- rpm_script_roles should be used in rpm_run
- Fix rpm_run() interface
- Fix openshift_initrc_run()
- Fix sssd_dontaudit_stream_connect() interface
- Fix sssd_dontaudit_stream_connect() interface
- Allow LDA's job to deliver mail to the mailbox
- dontaudit block_suspend for mozilla_plugin_t
- Allow l2tpd_t to all signal perms
- Allow uuidgen to read /dev/random
- Allow mozilla-plugin-config to read power_supply info
- Implement cups_domain attribute for cups domains
- We now need access to user terminals since we start by executing a command outside the tty
- We now need access to user terminals since we start by executing a command outside the tty
- svirt lxc containers want to execute userhelper apps, need these changes to allow this to happen
- Add containment of openshift cron jobs
- Allow system cron jobs to create tmp directories
- Make userhelp_conf_t a config file
- Change rpm to use rpm_script_roles
- More fixes for rsync to make rsync <backuphost> wokring
- Allow logwatch to domtrans to mdadm
- Allow pacemaker to domtrans to ifconfig
- Allow pacemaker to setattr on corosync.log
- Add pacemaker_use_execmem for memcheck-amd64 command
- Allow block_suspend capability
- Allow create fifo_file in /tmp with pacemaker_tmp_t
- Allow systat to getattr on fixed disk
- Relabel /etc/ntp.conf to be net_conf_t
- ntp_admin should create files in /etc with the correct label
- Add interface to create ntp_conf_t files in /etc
- Add additional labeling for quantum
- Allow quantum to execute dnsmasq with transition - boinc_cliean wants also execmem as boinc projecs have
- Allow sa-update to search admin home for /root/.spamassassin
- Allow sa-update to search admin home for /root/.spamassassin
- Allow antivirus domain to read net sysctl
- Dontaudit attempts from thumb_t to connect to ssd
- Dontaudit attempts by readahead to read sock_files
- Dontaudit attempts by readahead to read sock_files
- Create tmpfs file while running as wine as user_tmpfs_t
- Dontaudit attempts by readahead to read sock_files
- libmpg ships badly created librarie - Change ssh_use_pts to use macro and only inherited sshd_devpts_t
- Allow confined users to read systemd_logind seat information
- libmpg ships badly created libraries
- Add support for strongswan.service
- Add labeling for strongswan
- Allow l2tpd_t to read network manager content in /run directory
- Allow rsync to getattr any file in rsync_data_t
- Add labeling and filename transition for .grl-podcasts - mount.glusterfs executes glusterfsd binary
- Allow systemd_hostnamed_t to stream connect to systemd
- Dontaudit any user doing a access check
- Allow obex-data-server to request the kernel to load a module
- Allow gpg-agent to manage gnome content (~/.cache/gpg-agent-info)
- Allow gpg-agent to read /proc/sys/crypto/fips_enabled
- Add new types for antivirus.pp policy module
- Allow gnomesystemmm_t caps because of ioprio_set
- Make sure if mozilla_plugin creates files while in permissive mode, they get created with the correct label, user_home_t
- Allow gnomesystemmm_t caps because of ioprio_set
- Allow NM rawip socket
- files_relabel_non_security_files can not be used with boolean
- Add interface to thumb_t dbus_chat to allow it to read remote process state
- ALlow logrotate to domtrans to mdadm_t
- kde gnomeclock wants to write content to /tmp - kde gnomeclock wants to write content to /tmp
- /usr/libexec/kde4/kcmdatetimehelper attempts to create /root/.kde
- Allow blueman_t to rwx zero_device_t, for some kind of jre
- Allow mozilla_plugin_t to rwx zero_device_t, for some kind of jre
- Ftp full access should be allowed to create directories as well as files
- Add boolean to allow rsync_full_acces, so that an rsync server can write all
- over the local machine
- logrotate needs to rotate logs in openshift directories, needs back port to RHEL6
- Add missing vpnc_roles type line
- Allow stapserver to write content in /tmp
- Allow gnome keyring to create keyrings dir in ~/.local/share
- Dontaudit thumb drives trying to bind to udp sockets if nis_enabled is turned on
- Add interface to colord_t dbus_chat to allow it to read remote process state
- Allow colord_t to read cupsd_t state
- Add mate-thumbnail-font as thumnailer
- Allow sectoolm to sys_ptrace since it is looking at other proceses /proc data.
- Allow qpidd to list /tmp. Needed by ssl
- Only allow init_t to transition to rsync_t domain, not initrc_t.  This should be back ported to F17, F18
- - Added systemd support for ksmtuned
- Added booleans
 	ksmtuned_use_nfs
 	ksmtuned_use_cifs
- firewalld seems to be creating mmap files which it needs to execute in /run /tmp and /dev/shm.  Would like to clean this up but for now we will allow
- Looks like qpidd_t needs to read /dev/random
- Lots of probing avc's caused by execugting gpg from staff_t
- Dontaudit senmail triggering a net_admin avc
- Change thumb_role to use thumb_run, not sure why we have a thumb_role, needs back port
- Logwatch does access check on mdadm binary
- Add raid_access_check_mdadm() iterface - Fix systemd_manage_unit_symlinks() interface
- Call systemd_manage_unit_symlinks(() which is correct interface
- Add filename transition for opasswd
- Switch gnomeclock_dbus_chat to systemd_dbus_chat_timedated since we have switched the name of gnomeclock
- Allow sytstemd-timedated to get status of init_t
- Add new systemd policies for hostnamed and rename gnomeclock_t to systemd_timedate_t
- colord needs to communicate with systemd and systemd_logind, also remove duplicate rules
- Switch gnomeclock_dbus_chat to systemd_dbus_chat_timedated since we have switched the name of gnomeclock
- Allow gpg_t to manage all gnome files
- Stop using pcscd_read_pub_files
- New rules for xguest, dontaudit attempts to dbus chat
- Allow firewalld to create its mmap files in tmpfs and tmp directories
- Allow firewalld to create its mmap files in tmpfs and tmp directories
- run unbound-chkconf as named_t, so it can read dnssec
- Colord is reading xdm process state, probably reads state of any apps that sends dbus message
- Allow mdadm_t to change the kernel scheduler
- mythtv policy
- Update mandb_admin() interface
- Allow dsspam to listen on own tpc_socket
- seutil_filetrans_named_content needs to be optional
- Allow sysadm_t to execute content in his homedir
- Add attach_queue to tun_socket, new patch from Paul Moore
- Change most of selinux configuration types to security_file_type.
- Add filename transition rules for selinux configuration
- ssh into a box with -X -Y requires ssh_use_ptys
- Dontaudit thumb drives trying to bind to udp sockets if nis_enabled is turned on
- Allow all unpriv userdomains to send dbus messages to hostnamed and timedated
- New allow rules found by Tom London for systemd_hostnamed - Allow systemd-tmpfiles to relabel lpd spool files
- Ad labeling for texlive bash scripts
- Add xserver_filetrans_fonts_cache_home_content() interface
- Remove duplicate rules from *.te
- Add support for /var/lock/man-db.lock
- Add support for /var/tmp/abrt(/.*)?
- Add additional labeling for munin cgi scripts
- Allow httpd_t to read munin conf files
- Allow certwatch to read meminfo
- Fix nscd_dontaudit_write_sock_file() interfac
- Fix gnome_filetrans_home_content() to include also "fontconfig" dir as cache_home_t
- llow mozilla_plugin_t to create HOMEDIR/.fontconfig with the proper labeling - Allow gnomeclock to talk to puppet over dbus
- Allow numad access discovered by Dominic
- Add support for HOME_DIR/.maildir
- Fix attribute_role for mozilla_plugin_t domain to allow staff_r to access this domain
- Allow udev to relabel udev_var_run_t lnk_files
- New bin_t file in mcelog - Remove all mcs overrides and replace with t1 != mcs_constrained_types
- Add attribute_role for iptables
- mcs_process_set_categories needs to be called for type
- Implement additional role_attribute statements
- Sodo domain is attempting to get the additributes of proc_kcore_t
- Unbound uses port 8953
- Allow svirt_t images to compromise_kernel when using pci-passthrough
- Add label for dns lib files
- Bluetooth aquires a dbus name
- Remove redundant files_read_usr_file calling
- Remove redundant files_read_etc_file calling
- Fix mozilla_run_plugin()
- Add role_attribute support for more domains - Mass merge with upstream - Bump the policy version to 28 to match selinux userspace
- Rebuild versus latest libsepol - Add systemd_status_all_unit_files() interface
- Add support for nshadow
- Allow sysadm_t to administrate the postfix domains
- Add interface to setattr on isid directories for use by tmpreaper
- Allow sshd_t sys_admin for use with afs logins
- Allow systemd to read/write all sysctls
- Allow sshd_t sys_admin for use with afs logins
- Allow systemd to read/write all sysctls
- Add systemd_status_all_unit_files() interface
- Add support for nshadow
- Allow sysadm_t to administrate the postfix domains
- Add interface to setattr on isid directories for use by tmpreaper
- Allow sshd_t sys_admin for use with afs logins
- Allow systemd to read/write all sysctls
- Allow sshd_t sys_admin for use with afs logins
- Add labeling for /var/named/chroot/etc/localtim - Allow setroubleshoot_fixit to execute rpm
- zoneminder needs to connect to httpd ports where remote cameras are listening
- Allow firewalld to execute content created in /run directory
- Allow svirt_t to read generic certs
- Dontaudit leaked ps content to mozilla plugin
- Allow sshd_t sys_admin for use with afs logins
- Allow systemd to read/write all sysctls
- init scripts are creating systemd_unit_file_t directories - systemd_logind_t is looking at all files under /run/user/apache
- Allow systemd to manage all user tmp files
- Add labeling for /var/named/chroot/etc/localtime
- Allow netlabel_peer_t type to flow over netif_t and node_t, and only be hindered by MLS, need back port to RHEL6
- Keystone is now using a differnt port
- Allow xdm_t to use usbmuxd daemon to control sound
- Allow passwd daemon to execute gnome_exec_keyringd
- Fix chrome_sandbox policy
- Add labeling for /var/run/checkquorum-timer
- More fixes for the dspam domain, needs back port to RHEL6
- More fixes for the dspam domain, needs back port to RHEL6
- sssd needs to connect to kerberos password port if a user changes his password
- Lots of fixes from RHEL testing of dspam web
- Allow chrome and mozilla_plugin to create msgq and semaphores
- Fixes for dspam cgi scripts
- Fixes for dspam cgi scripts
- Allow confine users to ptrace screen
- Backport virt_qemu_ga_t changes from RHEL
- Fix labeling for dspam.cgi needed for RHEL6
- We need to back port this policy to RHEL6, for lxc domains
- Dontaudit attempts to set sys_resource of logrotate
- Allow corosync to read/write wdmd's tmpfs files
- I see a ptrace of mozilla_plugin_t by staff_t, will allow without deny_ptrace being set
- Allow cron jobs to read bind config for unbound
- libvirt needs to inhibit systemd
- kdumpctl needs to delete boot_t files
- Fix duplicate gnome_config_filetrans
- virtd_lxc_t is using /dev/fuse
- Passenger needs to create a directory in /var/log, needs a backport to RHEL6 for openshift
- apcupsd can be setup to listen to snmp trafic
- Allow transition from kdumpgui to kdumpctl
- Add fixes for munin CGI scripts
- Allow deltacloud to connect to openstack at the keystone port
- Allow domains that transition to svirt domains to be able to signal them
- Fix file context of gstreamer in .cache directory
- libvirt is communicating with logind
- NetworkManager writes to the systemd inhibit pipe - Allow munin disk plugins to get attributes of all directories
- Allow munin disk plugins to get attributes of all directorie
- Allow logwatch to get attributes of all directories
- Fix networkmanager_manage_lib() interface
- Fix gnome_manage_config() to allow to manage sock_file
- Fix virtual_domain_context
- Add support for dynamic DNS for DHCPv6 - Allow svirt to use netlink_route_socket which was a part of auth_use_nsswitch
- Add additional labeling for /var/www/openshift/broker
- Fix rhev policy
- Allow openshift_initrc domain to dbus chat with systemd_logind
- Allow httpd to getattr passenger log file if run_stickshift
- Allow consolehelper-gtk to connect to xserver
- Add labeling for the tmp-inst directory defined in pam_namespace.conf
- Add lvm_metadata_t labeling for /etc/multipath - consoletype is no longer used - Add label for efivarfs
- Allow certmonger to send signal to itself
- Allow plugin-config to read own process status
- Add more fixes for pacemaker
- apache/drupal can run clamscan on uploaded content
- Allow chrome_sandbox_nacl_t to read pid 1 content - Fix MCS Constraints to control ingres and egres controls on the network.
- Change name of svirt_nokvm_t to svirt_tcg_t
- Allow tuned to request the kernel to load kernel modules - Label /var/lib/pgsql/.ssh as ssh_home_t
- Add labeling for /usr/bin/pg_ctl
- Allow systemd-logind to manage keyring user tmp dirs
- Add support for 7389/tcp port
- gems seems to be placed in lots of places
- Since xdm is running a full session, it seems to be trying to execute lots of executables via dbus
- Add back tcp/8123 port as http_cache port
- Add ovirt-guest-agent\.pid labeling
- Allow xend to run scsi_id
- Allow rhsmcertd-worker to read "physical_package_id"
- Allow pki_tomcat to connect to ldap port
- Allow lpr to read /usr/share/fonts
- Allow open file from CD/DVD drive on domU
- Allow munin services plugins to talk to SSSD
- Allow all samba domains to create samba directory in var_t directories
- Take away svirt_t ability to use nsswitch
- Dontaudit attempts by openshift to read apache logs
- Allow apache to create as well as append _ra_content_t
- Dontaudit sendmail_t reading a leaked file descriptor
- Add interface to have admin transition /etc/prelink.cache to the proper label
- Add sntp support to ntp policy
- Allow firewalld to dbus chat with devicekit_power
- Allow tuned to call lsblk
- Allow tor to read /proc/sys/kernel/random/uuid
- Add tor_can_network_relay boolean - Add openshift_initrc_signal() interface
- Fix typos
- dspam port is treat as spamd_port_t
- Allow setroubleshoot to getattr on all executables
- Allow tuned to execute profiles scripts in /etc/tuned
- Allow apache to create directories to store its log files
- Allow all directories/files in /var/log starting with passenger to be labeled passenger_log_t
- Looks like apache is sending sinal to openshift_initrc_t now,needs back port to RHEL6
- Allow Postfix to be configured to listen on TCP port 10026 for email from DSPAM
- Add filename transition for /etc/tuned/active_profile
- Allow condor_master to send mails
- Allow condor_master to read submit.cf
- Allow condor_master to create /tmp files/dirs
- Allow condor_mater to send sigkill to other condor domains
- Allow condor_procd sigkill capability
- tuned-adm wants to talk with tuned daemon
- Allow kadmind and krb5kdc to also list sssd_public_t
- Allow accountsd to dbus chat with init
- Fix git_read_generic_system_content_files() interface
- pppd wants sys_nice by nmcli because of "syscall=sched_setscheduler"
- Fix mozilla_plugin_can_network_connect to allow to connect to all ports
- Label all munin plugins which are not covered by munin plugins policy  as unconfined_munin_plugin_exec_t
- dspam wants to search /var/spool for opendkim data
- Revert "Add support for tcp/10026 port as dspam_port_t"
- Turning on labeled networking requires additional access for netlabel_peer_t; these allow rules need to be back ported to RHEL6
- Allow all application domains to use fifo_files passed in from userdomains, also allow them to write to tmp_files inherited from userdomain
- Allow systemd_tmpfiles_t to setattr on mandb_cache_t - consolekit.pp was not removed from the postinstall script - Add back consolekit policy
- Silence bootloader trying to use inherited tty
- Silence xdm_dbusd_t trying to execute telepathy apps
- Fix shutdown avcs when machine has unconfined.pp disabled
- The host and a virtual machine can share the same printer on a usb device
- Change oddjob to transition to a ranged openshift_initr_exec_t when run from oddjob
- Allow abrt_watch_log_t to execute bin_t
- Allow chrome sandbox to write content in ~/.config/chromium
- Dontaudit setattr on fontconfig dir for thumb_t
- Allow lircd to request the kernel to load module
- Make rsync as userdom_home_manager
- Allow rsync to search automount filesystem
- Add fixes for pacemaker - Add support for 4567/tcp port
- Random fixes from Tuomo Soini
- xdm wants to get init status
- Allow programs to run in fips_mode
- Add interface to allow the reading of all blk device nodes
- Allow init to relabel rpcbind sock_file
- Fix labeling for lastlog and faillog related to logrotate
- ALlow aeolus_configserver to use TRAM port
- Add fixes for aeolus_configserver
- Allow snmpd to connect to snmp port
- Allow spamd_update to create spamd_var_lib_t directories
- Allow domains that can read sssd_public_t files to also list the directory
- Remove miscfiles_read_localization, this is defined for all domains - Allow syslogd to request the kernel to load a module
- Allow syslogd_t to read the network state information
- Allow xdm_dbusd_t connect to the system DBUS
- Add support for 7389/tcp port
- Allow domains to read/write all inherited sockets
- Allow staff_t to read kmsg
- Add awstats_purge_apache_log boolean
- Allow ksysguardproces to read /.config/Trolltech.conf
- Allow passenger to create and append puppet log files
- Add puppet_append_log and puppet_create_log interfaces
- Add puppet_manage_log() interface
- Allow tomcat domain to search tomcat_var_lib_t
- Allow pki_tomcat_t to connect to pki_ca ports
- Allow pegasus_t to have net_admin capability
- Allow pegasus_t to write /sys/class/net/<interface>/flags
- Allow mailserver_delivery to manage mail_home_rw_t lnk_files
- Allow fetchmail to create log files
- Allow gnomeclock to manage home config in .kde
- Allow bittlebee to read kernel sysctls
- Allow logrotate to list /root - Fix userhelper_console_role_template()
- Allow enabling Network Access Point service using blueman
- Make vmware_host_t as unconfined domain
- Allow authenticate users in webaccess via squid, using mysql as backend
- Allow gathers to get various metrics on mounted file systems
- Allow firewalld to read /etc/hosts
- Fix cron_admin_role() to make sysadm cronjobs running in the sysadm_t instead of cronjob_t
- Allow kdumpgui to read/write to zipl.conf
- Commands needed to get mock to build from staff_t in enforcing mode
- Allow mdadm_t to manage cgroup files
- Allow all daemons and systemprocesses to use inherited initrc_tmp_t files
- dontaudit ifconfig_t looking at fifo_files that are leaked to it
- Add lableing for Quest Authentication System - Fix filetrans interface definitions
- Dontaudit xdm_t to getattr on BOINC lib files
- Add systemd_reload_all_services() interface
- Dontaudit write access on /var/lib/net-snmp/mib_indexes 
- Only stop mcsuntrustedproc from relableing files
- Allow accountsd to dbus chat with gdm
- Allow realmd to getattr on all fs
- Allow logrotate to reload all services
- Add systemd unit file for radiusd
- Allow winbind to create samba pid dir
- Add labeling for /var/nmbd/unexpected
- Allow chrome and mozilla plugin to connect to msnp ports - Fix storage_rw_inherited_fixed_disk_dev() to cover also blk_file
- Dontaudit setfiles reading /dev/random
- On initial boot gnomeclock is going to need to be set buy gdm
- Fix tftp_read_content() interface
- Random apps looking at kernel file systems
- Testing virt with lxc requiers additional access for virsh_t
- New allow rules requied for latest libvirt, libvirt talks directly to journald,lxc setup tool needs compromize_kernel,and we need ipc_lock in the container
- Allow MPD to read /dev/radnom
- Allow sandbox_web_type to read logind files which needs to read pulseaudio
- Allow mozilla plugins to read /dev/hpet
- Add labeling for /var/lib/zarafa-webap
- Allow BOINC client to use an HTTP proxy for all connections
- Allow rhsmertd to domain transition to dmidecod
-  Allow setroubleshootd to send D-Bus msg to ABRT - Define usbtty_device_t as a term_tty
- Allow svnserve to accept a connection
- Allow xend manage default virt_image_t type
- Allow prelink_cron_system_t to overide user componant when executing cp
- Add labeling for z-push
- Gnomeclock sets the realtime clock
- Openshift seems to be storing apache logs in /var/lib/openshift/.log/httpd
- Allow lxc domains to use /dev/random and /dev/urandom - Add port defintion for tcp/9000
- Fix labeling for /usr/share/cluster/checkquorum to label also checkquorum.wdmd
- Add rules and labeling for $HOME/cache/\.gstreamer-.* directory
- Add support for CIM provider openlmi-networking which uses NetworkManager dbus API
- Allow shorewall_t to create netlink_socket
- Allow krb5admind to block suspend
- Fix labels on /var/run/dlm_controld /var/log/dlm_controld
- Allow krb5kdc to block suspend
- gnomessytemmm_t needs to read /etc/passwd
- Allow cgred to read all sysctls - Allow all domains to read /proc/sys/vm/overcommit_memory
- Make proc_numa_t an MLS Trusted Object
- Add /proc/numactl support for confined users
- Allow ssh_t to connect to any port > 1023
- Add openvswitch domain
- Pulseaudio tries to create directories in gnome_home_t directories
- New ypbind pkg wants to search /var/run which is caused by sd_notify
- Allow NM to read certs on NFS/CIFS using use_nfs_*, use_samba_* booleans
- Allow sanlock to read /dev/random
- Treat php-fpm with httpd_t
- Allow domains that can read named_conf_t to be able to list the directories
- Allow winbind to create sock files in /var/run/samba - Add smsd policy
- Add support for OpenShift sbin labelin
- Add boolean to allow virt to use rawip
- Allow mozilla_plugin to read all file systems with noxattrs support
- Allow kerberos to write on anon_inodefs fs
- Additional access required by fenced
- Add filename transitions for passwd.lock/group.lock
- UPdate man pages
- Create coolkey directory in /var/cache with the correct label - Fix label on /etc/group.lock
- Allow gnomeclock to create lnk_file in /etc
- label /root/.pki as a home_cert_t
- Add interface to make sure rpcbind.sock is created with the correct label
- Add definition for new directory /var/lib/os-probe and bootloader wants to read udev rules
- opendkim should be a part of milter
- Allow libvirt to set the kernel sched algorythm
- Allow mongod to read sysfs_t
- Add authconfig policy
- Remove calls to miscfiles_read_localization all domains get this
- Allow virsh_t to read /root/.pki/ content
- Add label for log directory under /var/www/stickshift - Allow getty to setattr on usb ttys
- Allow sshd to search all directories for sshd_home_t content
- Allow staff domains to send dbus messages to kdumpgui
- Fix labels on /etc/.pwd.lock and friends to be passwd_file_t
- Dontaudit setfiles reading urand
- Add files_dontaudit_list_tmp() for domains to which we added sys_nice/setsched
- Allow staff_gkeyringd_t to read /home/$USER/.local/share/keyrings dir
- Allow systemd-timedated to read /dev/urandom
- Allow entropyd_t to read proc_t (meminfo)
- Add unconfined munin plugin
- Fix networkmanager_read_conf() interface
- Allow blueman to list /tmp which is needed by sys_nic/setsched
- Fix label of /etc/mail/aliasesdb-stamp
- numad is searching cgroups
- realmd is communicating with networkmanager using dbus
- Lots of fixes to try to get kdump to work - Allow loging programs to dbus chat with realmd
- Make apache_content_template calling as optional
- realmd is using policy kit - Add new selinuxuser_use_ssh_chroot boolean
- dbus needs to be able to read/write inherited fixed disk device_t passed through it
- Cleanup netutils process allow rule
- Dontaudit leaked fifo files from openshift to ping
- sanlock needs to read mnt_t lnk files
- Fail2ban needs to setsched and sys_nice - Change default label of all files in /var/run/rpcbind
- Allow sandbox domains (java) to read hugetlbfs_t
- Allow awstats cgi content to create tmp files and read apache log files
- Allow setuid/setgid for cupsd-config
- Allow setsched/sys_nice pro cupsd-config
-  Fix /etc/localtime sym link to be labeled locale_t
- Allow sshd to search postgresql db t since this is a homedir
- Allow xwindows users to chat with realmd
- Allow unconfined domains to configure all files and null_device_t service - Adopt pki-selinux policy - pki is leaking which we dontaudit until a pki code fix
- Allow setcap for arping
- Update man pages
- Add labeling for /usr/sbin/mcollectived
- pki fixes
- Allow smokeping to execute fping in the netutils_t domain - Allow mount to relabelfrom unlabeled file systems
- systemd_logind wants to send and receive messages from devicekit disk over dbus to make connected mouse working
- Add label to get bin files under libreoffice labeled correctly
- Fix interface to allow executing of base_ro_file_type
- Add fixes for realmd
- Update pki policy
- Add tftp_homedir boolean
- Allow blueman sched_setscheduler
- openshift user domains wants to r/w ssh tcp sockets - Additional requirements for disable unconfined module when booting
- Fix label of systemd script files
- semanage can use -F /dev/stdin to get input
- syslog now uses kerberos keytabs
- Allow xserver to compromise_kernel access
-  Allow nfsd to write to mount_var_run_t when running the mount command
- Add filename transition rule for bin_t directories
- Allow files to read usr_t lnk_files
- dhcpc wants chown
- Add support for new openshift labeling
- Clean up for tunable+optional statements
- Add labeling for /usr/sbin/mkhomedir_helper
- Allow antivirus domain to managa amavis spool files
- Allow rpcbind_t to read passwd 
- Allow pyzor running as spamc to manage amavis spool - Add interfaces to read kernel_t proc info
- Missed this version of exec_all
- Allow anyone who can load a kernel module to compromise kernel
- Add oddjob_dbus_chat to openshift apache policy
- Allow chrome_sandbox_nacl_t to send signals to itself
- Add unit file support to usbmuxd_t
- Allow all openshift domains to read sysfs info
- Allow openshift domains to getattr on all domains - MLS fixes from Dan
- Fix name of capability2 secure_firmware->compromise_kerne - Allow xdm to search all file systems
- Add interface to allow the config of all files
- Add rngd policy
- Remove kgpg as a gpg_exec_t type
- Allow plymouthd to block suspend
- Allow systemd_dbus to config any file
- Allow system_dbus_t to configure all services
- Allow freshclam_t to read usr_files
- varnishd requires execmem to load modules - Allow semanage to verify types
- Allow sudo domain to execute user home files
- Allow session_bus_type to transition to user_tmpfs_t
- Add dontaudit caused by yum updates
- Implement pki policy but not activated - tuned wants to getattr on all filesystems
- tuned needs also setsched. The build is needed for test day - Add policy for qemu-qa
- Allow razor to write own config files
-  Add an initial antivirus policy to collect all antivirus program
- Allow qdisk to read usr_t
- Add additional caps for vmware_host
- Allow tmpfiles_t to setattr on mandb_cache_t
- Dontaudit leaked files into mozilla_plugin_config_t
- Allow wdmd to getattr on tmpfs
- Allow realmd to use /dev/random
- allow containers to send audit messages
- Allow root mount any file via loop device with enforcing mls policy
- Allow tmpfiles_t to setattr on mandb_cache_t
- Allow tmpfiles_t to setattr on mandb_cache_t
- Make userdom_dontaudit_write_all_ not allow open
- Allow init scripts to read all unit files
- Add support for saphostctrl ports - Add kernel_read_system_state to sandbox_client_t
- Add some of the missing access to kdumpgui
- Allow systemd_dbusd_t to status the init system
- Allow vmnet-natd to request the kernel to load a module
- Allow gsf-office-thum to append .cache/gdm/session.log
- realmd wants to read .config/dconf/user
- Firewalld wants sys_nice/setsched
- Allow tmpreaper to delete mandb cache files
- Firewalld wants sys_nice/setsched
- Allow firewalld to perform  a DNS name resolution
- Allown winbind to read /usr/share/samba/codepages/lowcase.dat
- Add support for HTTPProxy* in /etc/freshclam.conf
- Fix authlogin_yubike boolean
- Extend smbd_selinux man page to include samba booleans
- Allow dhcpc to execute consoletype
- Allow ping to use inherited tmp files created in init scripts
- On full relabel with unconfined domain disabled, initrc was running some chcon's
- Allow people who delete man pages to delete mandb cache files - Add missing permissive domains - Add new mandb policy
- ALlow systemd-tmpfiles_t to relabel mandb_cache_t
- Allow logrotate to start all unit files - Add fixes for ctbd
- Allow nmbd to stream connect to ctbd
- Make cglear_t as nsswitch_domain
- Fix bogus in interfaces
- Allow openshift to read/write postfix public pipe
- Add postfix_manage_spool_maildrop_files() interface
- stickshift paths have been renamed to openshift
- gnome-settings-daemon wants to write to /run/systemd/inhibit/ pipes
- Update man pages, adding ENTRYPOINTS -  Add mei_device_t
- Make sure gpg content in homedir created with correct label
- Allow dmesg to write to abrt cache files
- automount wants to search  virtual memory sysctls
- Add support for hplip logs stored in /var/log/hp/tmp
- Add labeling for /etc/owncloud/config.php
- Allow setroubleshoot to send analysys to syslogd-journal
- Allow virsh_t to interact with new fenced daemon
- Allow gpg to write to /etc/mail/spamassassiin directories
- Make dovecot_deliver_t a mail server delivery type
- Add label for /var/tmp/DNS25 - Fixes for tomcat_domain template interface - Remove init_systemd and init_upstart boolean, Move init_daemon_domain and init_system_domain to use attributes
- Add attribute to all base os types.  Allow all domains to read all ro base OS types - Additional unit files to be defined as power unit files
- Fix more boolean names - Fix boolean name so subs will continue to work - dbus needs to start getty unit files
- Add interface to allow system_dbusd_t to start the poweroff service
- xdm wants to exec telepathy apps
- Allow users to send messages to systemdlogind
- Additional rules needed for systemd and other boot apps
- systemd wants to list /home and /boot
- Allow gkeyringd to write dbus/conf file
- realmd needs to read /dev/urand
- Allow readahead to delete /.readahead if labeled root_t, might get created before policy is loaded - Fixes to safe more rules
- Re-write tomcat_domain_template()
- Fix passenger labeling
- Allow all domains to read man pages
- Add ephemeral_port_t to the 'generic' port interfaces
- Fix the names of postgresql booleans - Stop using attributes form netlabel_peer and syslog, auth_use_nsswitch setsup netlabel_peer
- Move netlable_peer check out of booleans
- Remove call to recvfrom_netlabel for kerberos call
- Remove use of attributes when calling syslog call 
- Move -miscfiles_read_localization to domain.te to save hundreds of allow rules
- Allow all domains to read locale files.  This eliminates around 1500 allow rules- Cleanup nis_use_ypbind_uncond interface
- Allow rndc to block suspend
- tuned needs to modify the schedule of the kernel
- Allow svirt_t domains to read alsa configuration files
- ighten security on irc domains and make sure they label content in homedir correctly
- Add filetrans_home_content for irc files
- Dontaudit all getattr access for devices and filesystems for sandbox domains
- Allow stapserver to search cgroups directories
- Allow all postfix domains to talk to spamd - Add interfaces to ignore setattr until kernel fixes this to be checked after the DAC check
- Change pam_t to pam_timestamp_t
- Add dovecot_domain attribute and allow this attribute block_suspend capability2
- Add sanlock_use_fusefs boolean
- numad wants send/recieve msg
- Allow rhnsd to send syslog msgs
- Make piranha-pulse as initrc domain
- Update openshift instances to dontaudit setattr until the kernel is fixed. -  Fix auth_login_pgm_domain() interface to allow domains also managed user tmp dirs because of #856880 related to pam_systemd
- Remove pam_selinux.8 which conflicts with man page owned by the pam package
- Allow glance-api to talk to mysql
- ABRT wants to read Xorg.0.log if if it detects problem with Xorg
- Fix gstreamer filename trans. interface - Man page fixes by Dan Walsh - Allow postalias to read postfix config files
- Allow man2html to read man pages
- Allow rhev-agentd to search all mountpoints
- Allow rhsmcertd to read /dev/random
- Add tgtd_stream_connect() interface
- Add cyrus_write_data() interface
- Dontaudit attempts by sandboxX clients connectiing to the xserver_port_t
- Add port definition for tcp/81 as http_port_t
- Fix /dev/twa labeling
- Allow systemd to read modules config - Merge openshift policy
- Allow xauth to read /dev/urandom
- systemd needs to relabel content in /run/systemd directories
- Files unconfined should be able to perform all services on all files
- Puppet tmp file can be leaked to all domains
- Dontaudit rhsmcertd-worker to search /root/.local
- Allow chown capability for zarafa domains
-  Allow system cronjobs to runcon into openshift domains
- Allow virt_bridgehelper_t to manage content in the svirt_home_t labeled directories - nmbd wants to create /var/nmbd
-  Stop transitioning out of anaconda and firstboot, just causes AVC messages
- Allow clamscan to read /etc files
- Allow bcfg2 to bind cyphesis port
- heartbeat should be run as rgmanager_t instead of corosync_t
- Add labeling for /etc/openldap/certs
- Add labeling for /opt/sartest directory
- Make crontab_t as userdom home reader
- Allow tmpreaper to list admin_home dir
- Add defition for imap_0 replay cache file
- Add support for gitolite3
- Allow virsh_t to send syslog messages
- allow domains that can read samba content to be able to list the directories also
- Add realmd_dbus_chat to allow all apps that use nsswitch to talk to realmd
- Separate out sandbox from sandboxX policy so we can disable it by default
- Run dmeventd as lvm_t
- Mounting on any directory requires setattr and write permissions
- Fix use_nfs_home_dirs() boolean
- New labels for pam_krb5
- Allow init and initrc domains to sys_ptrace since this is needed to look at processes not owned by uid 0
- Add realmd_dbus_chat to allow all apps that use nsswitch to talk to realmd - Separate sandbox policy into sandbox and sandboxX, and disable sandbox by default on fresh installs
- Allow domains that can read etc_t to read etc_runtime_t 
- Allow all domains to use inherited tmpfiles - Allow realmd to read resolv.conf
- Add pegasus_cache_t type
- Label /usr/sbin/fence_virtd as virsh_exec_t
- Add policy for pkcsslotd
- Add support for cpglockd
- Allow polkit-agent-helper to read system-auth-ac
- telepathy-idle wants to read gschemas.compiled
- Allow plymouthd to getattr on fs_t
- Add slpd policy
- Allow ksysguardproces to read/write config_usr_t - Fix labeling substitution so rpm will label /lib/systemd content correctly - Add file name transitions for ttyACM0
- spice-vdagent(d)'s are going to log over to syslog
- Add sensord policy
- Add more fixes for passenger policy related to puppet
- Allow wdmd to create wdmd_tmpfs_t
- Fix labeling for /var/run/cachefilesd\.pid
- Add thumb_tmpfs_t files type - Allow svirt domains to manage the network since this is containerized
- Allow svirt_lxc_net_t to send audit messages - Make "snmpwalk -mREDHAT-CLUSTER-MIB ...." working
- Allow dlm_controld to execute dlm_stonith labeled as bin_t
- Allow GFS2 working on F17
- Abrt needs to execute dmesg
- Allow jockey to list the contents of modeprobe.d
- Add policy for lightsquid as squid_cron_t
- Mailscanner is creating files and directories in /tmp
- dmesg is now reading /dev/kmsg
- Allow xserver to communicate with secure_firmware
- Allow fsadm tools (fsck) to read /run/mount contnet
- Allow sysadm types to read /dev/kmsg
- - Allow postfix, sssd, rpcd to block_suspend
- udev seems to need secure_firmware capability
- Allow virtd to send dbus messages to firewalld so it can configure the firewall - Fix labeling of content in /run created by virsh_t
- Allow condor domains to read kernel sysctls
- Allow condor_master to connect to amqp
- Allow thumb drives to create shared memory and semaphores
- Allow abrt to read mozilla_plugin config files
- Add labels for lightsquid
- Default files in /opt and /usr that end in .cgi as httpd_sys_script_t, allow
- dovecot_auth_t uses ldap for user auth
- Allow domains that can read dhcp_etc_t to read lnk_files
- Add more then one watchdog device
- Allow useradd_t to manage etc_t files so it can rename it and edit them
- Fix invalid class dir should be fifo_file
- Move /run/blkid to fsadm and make sure labeling is correct - Fix bogus regex found by eparis
- Fix manage run interface since lvm needs more access
- syslogd is searching cgroups directory
- Fixes to allow virt-sandbox-service to manage lxc var run content - Fix Boolean settings
- Add new libjavascriptcoregtk as textrel_shlib_t
- Allow xdm_t to create xdm_home_t directories
- Additional access required for systemd
- Dontaudit mozilla_plugin attempts to ipc_lock
- Allow tmpreaper to delete unlabeled files
- Eliminate screen_tmp_t and allow it to manage user_tmp_t
- Dontaudit mozilla_plugin_config_t to append to leaked file descriptors
- Allow web plugins to connect to the asterisk ports
- Condor will recreate the lock directory if it does not exist
- Oddjob mkhomedir needs to connectto user processes
- Make oddjob_mkhomedir_t a userdom home manager - Put placeholder back in place for proper numbering of capabilities
- Systemd also configures init scripts - Fix ecryptfs interfaces
- Bootloader seems to be trolling around /dev/shm and /dev
- init wants to create /etc/systemd/system-update.target.wants
- Fix systemd_filetrans call to move it out of tunable
- Fix up policy to work with systemd userspace manager
- Add secure_firmware capability and remove bogus epolwakeup
- Call seutil_*_login_config interfaces where should be needed
- Allow rhsmcertd to send signal to itself
- Allow thin domains to send signal to itself
- Allow Chrome_ChildIO to read dosfs_t - Add role rules for realmd, sambagui - Add new type selinux_login_config_t for /etc/selinux/<type>/logins/
- Additional fixes for seutil_manage_module_store()
- dbus_system_domain() should be used with optional_policy
- Fix svirt to be allowed to use fusefs file system
- Allow login programs to read /run/ data created by systemd_login
- sssd wants to write /etc/selinux/<policy>/logins/ for SELinux PAM module
- Fix svirt to be allowed to use fusefs file system
- Allow piranha domain to use nsswitch
- Sanlock needs to send Kill Signals to non root processes
- Pulseaudio wants to execute /run/user/PID/.orc - Fix saslauthd when it tries to read /etc/shadow
- Label gnome-boxes as a virt homedir
- Need to allow svirt_t ability to getattr on nfs_t file systems
- Update sanlock policy to solve all AVC's
- Change confined users can optionally manage virt content
- Handle new directories under ~/.cache
- Add block suspend to appropriate domains
- More rules required for containers
- Allow login programs to read /run/ data created by systemd_logind
- Allow staff users to run svirt_t processes - Update to upstream - More fixes for systemd to make rawhide booting from Dan Walsh - Add systemd fixes to make rawhide booting - Add systemd_logind_inhibit_var_run_t attribute
- Remove corenet_all_recvfrom_unlabeled() for non-contrib policies because we moved it to domain.if for all domain_type
- Add interface for mysqld to dontaudit signull to all processes
- Label new /var/run/journal directory correctly
- Allow users to inhibit suspend via systemd
- Add new type for the /var/run/inhibit directory
- Add interface to send signull to systemd_login so avahi can send them
- Allow systemd_passwd to send syslog messages
- Remove corenet_all_recvfrom_unlabeled() calling fro policy files
- Allow       editparams.cgi running as httpd_bugzilla_script_t to read /etc/group
- Allow smbd to read cluster config
- Add additional labeling for passenger
- Allow dbus to inhibit suspend via systemd
- Allow avahi to send signull to systemd_login - Add interface to dontaudit getattr access on sysctls
- Allow sshd to execute /bin/login
- Looks like xdm is recreating the xdm directory in ~/.cache/ on login
- Allow syslog to use the leaked kernel_t unix_dgram_socket from system-jounald
-  Fix semanage to work with unconfined domain disabled on F18
- Dontaudit attempts by mozilla plugins to getattr on all kernel sysctls
- Virt seems to be using lock files
- Dovecot seems to be searching directories of every mountpoint
- Allow jockey to read random/urandom, execute shell and install third-party drivers
- Add aditional params to allow cachedfiles to manage its content
- gpg agent needs to read /dev/random
- The kernel hands an svirt domains /SYSxxxxx which is a tmpfs that httpd wants to read and write
- Add a bunch of dontaudit rules to quiet svirt_lxc domains
- Additional perms needed to run svirt_lxc domains
- Allow cgclear to read cgconfig
- Allow sys_ptrace capability for snmp
- Allow freshclam to read /proc
- Allow procmail to manage /home/user/Maildir content
- Allow NM to execute wpa_cli
- Allow amavis to read clamd system state
- Regenerate man pages - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild - Add realmd and stapserver policies
- Allow useradd to manage stap-server lib files
- Tighten up capabilities for confined users
- Label /etc/security/opasswd as shadow_t
- Add label for /dev/ecryptfs
- Allow condor_startd_t to start sshd with the ranged
- Allow lpstat.cups to read fips_enabled file
- Allow pyzor running as spamc_t to create /root/.pyzor directory
- Add labelinf for amavisd-snmp init script
- Add support for amavisd-snmp
- Allow fprintd sigkill self
- Allow xend (w/o libvirt) to start virtual machines
- Allow aiccu to read /etc/passwd
- Allow condor_startd to Make specified domain MCS trusted for setting any category set for the processes it executes
- Add condor_startd_ranged_domtrans_to() interface
- Add ssd_conf_t for /etc/sssd
- accountsd needs to fchown some files/directories
- Add ICACLient and zibrauserdata as mozilla_filetrans_home_content
- SELinux reports afs_t needs dac_override to read /etc/mtab, even though everything works, adding dontaudit
- Allow xend_t to read the /etc/passwd file - Until we figure out how to fix systemd issues, allow all apps that send syslog messages to send them to kernel_t
- Add init_access_check() interface
- Fix label on /usr/bin/pingus to not be labeled as ping_exec_t
- Allow tcpdump to create a netlink_socket
- Label newusers like useradd
- Change xdm log files to be labeled xdm_log_t
- Allow sshd_t with privsep to work in MLS
- Allow freshclam to update databases thru HTTP proxy
- Allow s-m-config to access check on systemd
- Allow abrt to read public files by default
- Fix amavis_create_pid_files() interface
- Add labeling and filename transition for dbomatic.log
- Allow system_dbusd_t to stream connect to bluetooth, and use its socket
- Allow amavisd to execute fsav
- Allow tuned to use sys_admin and sys_nice capabilities
- Add php-fpm policy from Bryan
- Add labeling for aeolus-configserver-thinwrapper
- Allow thin domains to execute shell
- Fix gnome_role_gkeyringd() interface description
- Lot of interface fixes
- Allow OpenMPI job running as condor_startd_ssh_t to manage condor lib files
- Allow OpenMPI job to use kerberos
- Make deltacloudd_t as nsswitch_domain
- Allow xend_t to run lsscsi
- Allow qemu-dm running as xend_t to create tun_socket
- Add labeling for /opt/brother/Printers(.*/)?inf
- Allow jockey-backend to read pyconfig-64.h labeled as usr_t
- Fix clamscan_can_scan_system boolean
- Allow lpr to connectto to /run/user/$USER/keyring-22uREb/pkcs11 - initrc is calling exportfs which is not confined so it attempts to read nfsd_files
- Fixes for passenger running within openshift.
- Add labeling for all tomcat6 dirs
- Add support for tomcat6
- Allow cobblerd to read /etc/passwd
- Allow jockey to read sysfs and and execute binaries with bin_t
- Allow thum to use user terminals
- Allow cgclear to read cgconfig config files
- Fix bcf2g.fc
- Remove sysnet_dns_name_resolve() from policies where auth_use_nsswitch() is used for other domains
- Allow dbomatic to execute ruby
- abrt_watch_log should be abrt_domain
- Allow mozilla_plugin to connect to gatekeeper port - add ptrace_child access to process
- remove files_read_etc_files() calling from all policies which have auth_use_nsswith()
- Allow boinc domains to manage boinc_lib_t lnk_files
- Add support for boinc-client.service unit file
- Add support for boinc.log
- Allow mozilla_plugin execmod on mozilla home files if allow_ex
- Allow dovecot_deliver_t to read dovecot_var_run_t
- Allow ldconfig and insmod to manage kdumpctl tmp files
- Move thin policy out from cloudform.pp and add a new thin poli
- pacemaker needs to communicate with corosync streams
- abrt is now started on demand by dbus
- Allow certmonger to talk directly to Dogtag servers
- Change labeling for /var/lib/cobbler/webui_sessions to httpd_c
- Allow mozila_plugin to execute gstreamer home files
- Allow useradd to delete all file types stored in the users hom
- rhsmcertd reads the rpm database
- Add support for lightdm - Add tomcat policy
- Remove pyzor/razor policy
- rhsmcertd reads the rpm database
- Dontaudit  thumb to setattr on xdm_tmp dir
- Allow wicd to execute ldconfig in the networkmanager_t domain
- Add /var/run/cherokee\.pid labeling
- Allow mozilla_plugin to create mozilla_plugin_tmp_t lnk files too
- Allow postfix-master to r/w pipes other postfix domains
- Allow snort to create netlink_socket
- Add kdumpctl policy
- Allow firstboot to create tmp_t files/directories
- /usr/bin/paster should not be labeled as piranha_exec_t
- remove initrc_domain from tomcat
- Allow ddclient to read /etc/passwd
- Allow useradd to delete all file types stored in the users homedir
- Allow ldconfig and insmod to manage kdumpctl tmp files
- Firstboot should be just creating tmp_t dirs and xauth should be allowed to write to those
- Transition xauth files within firstboot_tmp_t
- Fix labeling of /run/media to match /media
- Label all lxdm.log as xserver_log_t
- Add port definition for mxi port
- Allow local_login_t to execute tmux - apcupsd needs to read /etc/passwd
- Sanlock allso sends sigkill
- Allow glance_registry to connect to the mysqld port
- Dontaudit mozilla_plugin trying to getattr on /dev/gpmctl
- Allow firefox plugins/flash to connect to port 1234
- Allow mozilla plugins to delete user_tmp_t files
- Add transition name rule for printers.conf.O
- Allow virt_lxc_t to read urand
- Allow systemd_loigind to list gstreamer_home_dirs
- Fix labeling for /usr/bin
- Fixes for cloudform services
  * support FIPS
- Allow polipo to work as web caching
- Allow chfn to execute tmux - Add support for ecryptfs
  * ecryptfs does not support xattr
  * we need labeling for HOMEDIR
- Add policy for (u)mount.ecryptfs*
- Fix labeling of kerbero host cache files, allow rpc.svcgssd to manage host cache
- Allow dovecot to manage Maildir content, fix transitions to Maildir
- Allow postfix_local to transition to dovecot_deliver
- Dontaudit attempts to setattr on xdm_tmp_t, looks like bogus code
- Cleanup interface definitions
- Allow apmd to change with the logind daemon
- Changes required for sanlock in rhel6
- Label /run/user/apache as httpd_tmp_t
- Allow thumb to use lib_t as execmod if boolean turned on
- Allow squid to create the squid directory in /var with the correct labe
- Add a new policy for glusterd from Bryan Bickford (bbickfor@redhat.com)
- Allow virtd to exec xend_exec_t without transition
- Allow virtd_lxc_t to unmount all file systems - PolicyKit path has changed
- Allow httpd connect to dirsrv socket
- Allow tuned to write generic kernel sysctls
- Dontaudit logwatch to gettr on /dev/dm-2
- Allow policykit-auth to manage kerberos files
- Make condor_startd and rgmanager as initrc domain
- Allow virsh to read /etc/passwd
- Allow mount to mount on user_tmp_t for /run/user/dwalsh/gvfs
- xdm now needs to execute xsession_exec_t
- Need labels for /var/lib/gdm
- Fix files_filetrans_named_content() interface
- Add new attribute - initrc_domain
- Allow systemd_logind_t to signal, signull, sigkill all processes
- Add filetrans rules for etc_runtime files - Rename boolean names to remove allow_ - Mass merge with upstream
  * new policy topology to include contrib policy modules
  * we have now two base policy patches - Fix description of authlogin_nsswitch_use_ldap
- Fix transition rule for rhsmcertd_t needed for RHEL7
- Allow useradd to list nfs state data
- Allow openvpn to manage its log file and directory
- We want vdsm to transition to mount_t when executing mount command to make sure /etc/mtab remains labeled correctly
- Allow thumb to use nvidia devices
-  Allow local_login to create user_tmp_t files for kerberos
- Pulseaudio needs to read systemd_login /var/run content
- virt should only transition named system_conf_t config files
- Allow  munin to execute its plugins
- Allow nagios system plugin to read /etc/passwd
- Allow plugin to connect to soundd port
- Fix httpd_passwd to be able to ask passwords
- Radius servers can use ldap for backing store
- Seems to need to mount on /var/lib for xguest polyinstatiation to work.
- Allow systemd_logind to list the contents of gnome keyring
- VirtualGL need xdm to be able to manage content in /etc/opt/VirtualGL
- Add policy for isns-utils - Add policy for subversion daemon
- Allow boinc to read passwd
- Allow pads to read kernel network state
- Fix man2html interface for sepolgen-ifgen
- Remove extra /usr/lib/systemd/system/smb
- Remove all /lib/systemd and replace with /usr/lib/systemd
- Add policy for man2html
- Fix the label of kerberos_home_t to krb5_home_t
- Allow mozilla plugins to use Citrix
- Allow tuned to read /proc/sys/kernel/nmi_watchdog
- Allow tune /sys options via systemd's tmpfiles.d "w" type - Dontaudit lpr_t to read/write leaked mozilla tmp files
- Add file name transition for .grl-podcasts directory
- Allow corosync to read user tmp files
- Allow fenced to create snmp lib dirs/files
- More fixes for sge policy
- Allow mozilla_plugin_t to execute any application
- Allow dbus to read/write any open file descriptors to any non security file on the system that it inherits to that it can pass them to another domain
- Allow mongod to read system state information
-  Fix wrong type, we should dontaudit sys_admin for xdm_t not xserver_t
- Allow polipo to manage polipo_cache dirs
- Add jabbar_client port to mozilla_plugin_t
- Cleanup procmail policy
- system bus will pass around open file descriptors on files that do not have labels on them
- Allow l2tpd_t to read system state
- Allow tuned to run ls /dev
- Allow sudo domains to read usr_t files
- Add label to machine-id 
- Fix corecmd_read_bin_symlinks cut and paste error - Fix pulseaudio port definition
- Add labeling for condor_starter
- Allow chfn_t to creat user_tmp_files
- Allow chfn_t to execute bin_t
- Allow prelink_cron_system_t to getpw calls
- Allow sudo domains to manage kerberos rcache files
- Allow user_mail_domains to work with courie
- Port definitions necessary for running jboss apps within openshift
-  Add support for openstack-nova-metadata-api
- Add support for nova-console*
- Add support for openstack-nova-xvpvncproxy
- Fixes to make privsep+SELinux working if we try to use chage to change passwd
- Fix auth_role() interface
- Allow numad to read sysfs
- Allow matahari-rpcd to execute shell
- Add label for ~/.spicec
- xdm is executing lspci as root which is requesting a sys_admin priv but seems to succeed without it
- Devicekit_disk wants to read the logind sessions file when writing a cd
- Add fixes for condor to make condor jobs working correctly
- Change label of /var/log/rpmpkgs to cron_log_t
- Access requires to allow systemd-tmpfiles --create to work.
- Fix obex to be a user application started by the session bus.
- Add additional filename trans rules for kerberos
- Fix /var/run/heartbeat labeling
- Allow apps that are managing rcache to file trans correctly
- Allow openvpn to authenticate against ldap server
- Containers need to listen to network starting and stopping events - Make systemd unit files less specific - Fix zarafa labeling
- Allow guest_t to fix labeling
- corenet_tcp_bind_all_unreserved_ports(ssh_t) should be called with the user_tcp_server boolean
- add lxc_contexts
- Allow accountsd to read /proc
- Allow restorecond to getattr on all file sytems
- tmpwatch now calls getpw
- Allow apache daemon to transition to pwauth domain
- Label content under /var/run/user/NAME/keyring* as gkeyringd_tmp_t
- The obex socket seems to be a stream socket
- dd label for /var/run/nologin - Allow jetty running as httpd_t to read hugetlbfs files
- Allow sys_nice and setsched for rhsmcertd
- Dontaudit attempts by mozilla_plugin_t to bind to ssdp ports
- Allow setfiles to append to xdm_tmp_t
- Add labeling for /export as a usr_t directory
- Add labels for .grl files created by gstreamer - Add labeling for /usr/share/jetty/bin/jetty.sh
- Add jetty policy which contains file type definitios
- Allow jockey to use its own fifo_file and make this the default for all domains
- Allow mozilla_plugins to use spice (vnc_port/couchdb)
- asterisk wants to read the network state
- Blueman now uses /var/lib/blueman- Add label for nodejs_debug
- Allow mozilla_plugin_t to create ~/.pki directory and content - Add clamscan_can_scan_system boolean
- Allow mysqld to read kernel network state
- Allow sshd to read/write condor lib files
- Allow sshd to read/write condor-startd tcp socket
- Fix description on httpd_graceful_shutdown
- Allow glance_registry to communicate with mysql
- dbus_system_domain is using systemd to lauch applications
- add interfaces to allow domains to send kill signals to user mail agents
- Remove unnessary access for svirt_lxc domains, add privs for virtd_lxc_t
- Lots of new access required for secure containers
- Corosync needs sys_admin capability
- ALlow colord to create shm
- .orc should be allowed to be created by any app that can create gstream home content, thumb_t to be specific
- Add boolean to control whether or not mozilla plugins can create random content in the users homedir
-  Add new interface to allow domains to list msyql_db directories, needed for libra
- shutdown has to be allowed to delete etc_runtime_t
- Fail2ban needs to read /etc/passwd
-  Allow ldconfig to create /var/cache/ldconfig
- Allow tgtd to read hardware state information
- Allow collectd to create packet socket
- Allow chronyd to send signal to itself
- Allow collectd to read /dev/random
- Allow collectd to send signal to itself
- firewalld needs to execute restorecon
- Allow restorecon and other login domains to execute restorecon - Allow logrotate to getattr on systemd unit files
- Add support for tor systemd unit file
- Allow apmd to create /var/run/pm-utils with the correct label
- Allow l2tpd to send sigkill to pppd
- Allow pppd to stream connect to l2tpd
- Add label for scripts in /etc/gdm/
- Allow systemd_logind_t to ignore mcs constraints on sigkill
- Fix files_filetrans_system_conf_named_files() interface
- Add labels for /usr/share/wordpress/wp-includes/*.php
- Allow cobbler to get SELinux mode and booleans - Add unconfined_execmem_exec_t as an alias to bin_t
- Allow fenced to read snmp var lib files, also allow it to read usr_t
- ontaudit access checks on all executables from mozilla_plugin
- Allow all user domains to setexec, so that sshd will work properly if it call setexec(NULL) while running withing a user mode
- Allow systemd_tmpfiles_t to getattr all pipes and sockets
- Allow glance-registry to send system log messages
- semanage needs to manage mock lib files/dirs - Add policy for abrt-watch-log
- Add definitions for jboss_messaging ports
- Allow systemd_tmpfiles to manage printer devices
- Allow oddjob to use nsswitch
- Fix labeling of log files for postgresql
- Allow mozilla_plugin_t to execmem and execstack by default
- Allow firewalld to execute shell
- Fix /etc/wicd content files to get created with the correct label
- Allow mcelog to exec shell
- Add ~/.orc as a gstreamer_home_t
- /var/spool/postfix/lib64 should be labeled lib_t
- mpreaper should be able to list all file system labeled directories
- Add support for apache to use openstack
- Add labeling for /etc/zipl.conf and zipl binary
- Turn on allow_execstack and turn off telepathy transition for final release - More access required for virt_qmf_t
- Additional assess required for systemd-logind to support multi-seat
- Allow mozilla_plugin to setrlimit
- Revert changes to fuse file system to stop deadlock - Allow condor domains to connect to ephemeral ports
- More fixes for condor policy
- Allow keystone to stream connect to mysqld
- Allow mozilla_plugin_t to read generic USB device to support GPS devices
- Allow thum to file name transition gstreamer home content
- Allow thum to read all non security files
- Allow glance_api_t to connect to ephemeral ports
- Allow nagios plugins to read /dev/urandom
- Allow syslogd to search postfix spool to support postfix chroot env
- Fix labeling for /var/spool/postfix/dev
- Allow wdmd chown
- Label .esd_auth as pulseaudio_home_t
- Have no idea why keyring tries to write to /run/user/dwalsh/dconf/user, but we can dontaudit for now - Add support for clamd+systemd
- Allow fresclam to execute systemctl to handle clamd
- Change labeling for /usr/sbin/rpc.ypasswd.env
	- Allow yppaswd_t to execute yppaswd_exec_t
	- Allow yppaswd_t to read /etc/passwd
- Gnomekeyring socket has been moved to /run/user/USER/
- Allow samba-net to connect to ldap port
- Allow signal for vhostmd
- allow mozilla_plugin_t to read user_home_t socket
- New access required for secure Linux Containers
- zfs now supports xattrs
- Allow quantum to execute sudo and list sysfs
- Allow init to dbus chat with the firewalld
- Allow zebra to read /etc/passwd - Allow svirt_t to create content in the users homedir under ~/.libvirt
- Fix label on /var/lib/heartbeat
- Allow systemd_logind_t to send kill signals to all processes started by a user
- Fuse now supports Xattr Support - upowered needs to setsched on the kernel
- Allow mpd_t to manage log files
- Allow xdm_t to create /var/run/systemd/multi-session-x
- Add rules for missedfont.log to be used by thumb.fc
- Additional access required for virt_qmf_t
- Allow dhclient to dbus chat with the firewalld
- Add label for lvmetad
- Allow systemd_logind_t to remove userdomain sock_files
- Allow cups to execute usr_t files
- Fix labeling on nvidia shared libraries
- wdmd_t needs access to sssd and /etc/passwd
- Add boolean to allow ftp servers to run in passive mode
- Allow namepspace_init_t to relabelto/from a different user system_u from the user the namespace_init running with
- Fix using httpd_use_fusefs
- Allow chrome_sandbox_nacl to write inherited user tmp files as we allow it for chrome_sandbox - Rename rdate port to time port, and allow gnomeclock to connect to it
- We no longer need to transition to ldconfig from rpm, rpm_script, or anaconda
- /etc/auto.* should be labeled bin_t
- Add httpd_use_fusefs boolean
- Add fixes for heartbeat
- Allow sshd_t to signal processes that it transitions to
- Add condor policy
- Allow svirt to create monitors in ~/.libvirt
- Allow dovecot to domtrans sendmail to handle sieve scripts
- Lot of fixes for cfengine - /var/run/postmaster.* labeling is no longer needed
- Alllow drbdadmin to read /dev/urandom
- l2tpd_t seems to use ptmx
- group+ and passwd+ should be labeled as /etc/passwd
- Zarafa-indexer is a socket - Ensure lastlog is labeled correctly
- Allow accountsd to read /proc data about gdm
- Add fixes for tuned
- Add bcfg2 fixes which were discovered during RHEL6 testing
- More fixes for gnome-keyring socket being moved
- Run semanage as a unconfined domain, and allow initrc_t to create tmpfs_t sym links on shutdown
- Fix description for files_dontaudit_read_security_files() interface - Add new policy and man page for bcfg2
- cgconfig needs to use getpw calls
- Allow domains that communicate with the keyring to use cache_home_t instead of gkeyringd_tmpt
- gnome-keyring wants to create a directory in cache_home_t
- sanlock calls getpw - Add numad policy and numad man page
- Add fixes for interface bugs discovered by SEWatch
- Add /tmp support for squid
- Add fix for #799102
     * change default labeling for /var/run/slapd.* sockets
- Make thumb_t as userdom_home_reader
- label /var/lib/sss/mc same as pubconf, so getpw domains can read it
- Allow smbspool running as cups_t to stream connect to nmbd
- accounts needs to be able to execute passwd on behalf of users
- Allow systemd_tmpfiles_t to delete boot flags
- Allow dnssec_trigger to connect to apache ports
- Allow gnome keyring to create sock_files in ~/.cache
- google_authenticator is using .google_authenticator
- sandbox running from within firefox is exposing more leaks
- Dontaudit thumb to read/write /dev/card0
- Dontaudit getattr on init_exec_t for gnomeclock_t
- Allow certmonger to do a transition to certmonger_unconfined_t
- Allow dhcpc setsched which is caused by nmcli
- Add rpm_exec_t for /usr/sbin/bcfg2
- system cronjobs are sending dbus messages to systemd_logind
- Thumnailers read /dev/urand - Allow auditctl getcap
- Allow vdagent to use libsystemd-login
- Allow abrt-dump-oops to search /etc/abrt
- Got these avc's while trying to print a boarding pass from firefox
- Devicekit is now putting the media directory under /run/media
- Allow thumbnailers to create content in ~/.thumbails directory
- Add support for proL2TPd by Dominick Grift
- Allow all domains to call getcap
- wdmd seems to get a random chown capability check that it does not need
- Allow vhostmd to read kernel sysctls - Allow chronyd to read unix
- Allow hpfax to read /etc/passwd
- Add support matahari vios-proxy-* apps and add virtd_exec_t label for them
- Allow rpcd to read quota_db_t
- Update to man pages to match latest policy
- Fix bug in jockey interface for sepolgen-ifgen
- Add initial svirt_prot_exec_t policy - More fixes for systemd from Dan Walsh - Add a new type for /etc/firewalld and allow firewalld to write to this directory
- Add definition for ~/Maildir, and allow mail deliver domains to write there
- Allow polipo to run from a cron job
- Allow rtkit to schedule wine processes
- Allow mozilla_plugin_t to acquire a bug, and allow it to transition gnome content in the home dir to the proper label
- Allow users domains to send signals to consolehelper domains - More fixes for boinc policy
- Allow polipo domain to create its own cache dir and pid file
- Add systemctl support to httpd domain
- Add systemctl support to polipo, allow NetworkManager to manage the service
- Add policy for jockey-backend
- Add support for motion daemon which is now covered by zoneminder policy
- Allow colord to read/write motion tmpfs
- Allow vnstat to search through var_lib_t directories
- Stop transitioning to quota_t, from init an sysadm_t - Add svirt_lxc_file_t as a customizable type - Add additional fixes for icmp nagios plugin
- Allow cron jobs to open fifo_files from cron, since service script opens /dev/stdin
- Add certmonger_unconfined_exec_t
- Make sure tap22 device is created with the correct label
- Allow staff users to read systemd unit files
- Merge in previously built policy
- Arpwatch needs to be able to start netlink sockets in order to start
- Allow cgred_t to sys_ptrace to look at other DAC Processes - Back port some of the access that was allowed in nsplugin_t
- Add definitiona for couchdb ports
- Allow nagios to use inherited users ttys
- Add git support for mock
- Allow inetd to use rdate port
- Add own type for rdate port
- Allow samba to act as a portmapper
- Dontaudit chrome_sandbox attempts to getattr on chr_files in /dev
- New fixes needed for samba4
- Allow apps that use lib_t to read lib_t symlinks - Add policy for nove-cert
- Add labeling for nova-openstack  systemd unit files
- Add policy for keystoke - Fix man pages fro domains
- Add man pages for SELinux users and roles
- Add storage_dev_filetrans_named_fixed_disk() and use it for smartmon
- Add policy for matahari-rpcd
- nfsd executes mount command on restart
- Matahari domains execute renice and setsched
- Dontaudit leaked tty in mozilla_plugin_config
- mailman is changing to a per instance naming
- Add 7600 and 4447 as jboss_management ports
- Add fixes for nagios event handlers
- Label httpd.event as httpd_exec_t, it is an apache daemon - Add labeling for /var/spool/postfix/dev/log
- NM reads sysctl.conf
- Iscsi log file context specification fix
-  Allow mozilla plugins to send dbus messages to user domains that transition to it
- Allow mysql to read the passwd file
- Allow mozilla_plugin_t to create mozilla home dirs in user homedir
- Allow deltacloud to read kernel sysctl
- Allow postgresql_t to connectto itselfAllow postgresql_t to connectto itself
- Allow postgresql_t to connectto itself
- Add login_userdomain attribute for users which can log in using terminal - Allow sysadm_u to reach system_r by default #784011
- Allow nagios plugins to use inherited user terminals
- Razor labeling is not used no longer
- Add systemd support for matahari
- Add port_types to man page, move booleans to the top, fix some english
- Add support for matahari-sysconfig-console
- Clean up matahari.fc
- Fix matahari_admin() interfac
- Add labels for/etc/ssh/ssh_host_*.pub keys - Allow ksysguardproces to send system log msgs
- Allow  boinc setpgid and signull
- Allow xdm_t to sys_ptrace to run pidof command
- Allow smtpd_t to manage spool files/directories and symbolic links
- Add labeling for jetty
- Needed changes to get unbound/dnssec to work with openswan - Add user_fonts_t alias xfs_tmp_t
- Since depmod now runs as insmod_t we need to write to kernel_object_t
- Allow firewalld to dbus chat with networkmanager
- Allow qpidd to connect to matahari ports
- policykit needs to read /proc for uses not owned by it
- Allow systemctl apps to connecto the init stream - Turn on deny_ptrace boolean - Remove pam_selinux.8 man page. There was a conflict. - Add proxy class and read access for gssd_proxy
- Separate out the sharing public content booleans
- Allow certmonger to execute a script and send signals to  apache and dirsrv to reload the certificate
-  Add label transition for gstream-0.10 and 12
- Add booleans to allow rsync to share nfs and cifs file sytems
- chrome_sandbox wants to read the /proc/PID/exe file of the program that executed it
- Fix filename transitions for cups files
- Allow denyhosts to read "unix"
- Add file name transition for locale.conf.new
- Allow boinc projects to gconf config files
- sssd needs to be able to increase the socket limit under certain loads
- sge_execd needs to read /etc/passwd
- Allow denyhost to check network state
- NetworkManager needs to read sessions data
- Allow denyhost to check network state
- Allow xen to search virt images directories
- Add label for /dev/megaraid_sas_ioctl_node
- Add autogenerated man pages - Allow boinc project to getattr on fs
- Allow init to execute initrc_state_t
- rhev-agent package was rename to ovirt-guest-agent
- If initrc_t creates /etc/local.conf then we need to make sure it is labeled correctly
- sytemd writes content to /run/initramfs and executes it on shutdown
- kdump_t needs to read /etc/mtab, should be back ported to F16
- udev needs to load kernel modules in early system boot - Need to add sys_ptrace back in since reading any content in /proc can cause these accesses
- Add additional systemd interfaces which are needed fro *_admin interfaces
- Fix bind_admin() interface - Allow firewalld to read urand
- Alias java, execmem_mono to bin_t to allow third parties
- Add label for kmod
- /etc/redhat-lsb contains binaries
- Add boolean to allow gitosis to send mail
- Add filename transition also for "event20"
- Allow systemd_tmpfiles_t to delete all file types
- Allow collectd to ipc_lock - make consoletype_exec optional, so we can remove consoletype policy
- remove unconfined_permisive.patch
- Allow openvpn_t to inherit user home content and tmp content
- Fix dnssec-trigger labeling
- Turn on obex policy for staff_t
- Pem files should not be secret
- Add lots of rules to fix AVC's when playing with containers
- Fix policy for dnssec
- Label ask-passwd directories correctly for systemd - sshd fixes seem to be causing unconfined domains to dyntrans to themselves
- fuse file system is now being mounted in /run/user
- systemd_logind is sending signals to processes that are dbus messaging with it
- Add support for winshadow port and allow iscsid to connect to this port
- httpd should be allowed to bind to the http_port_t udp socket
- zarafa_var_lib_t can be a lnk_file
- A couple of new .xsession-errors files
- Seems like user space and login programs need to read logind_sessions_files
- Devicekit disk seems to be being launched by systemd
- Cleanup handling of setfiles so most of rules in te file
- Correct port number for dnssec
- logcheck has the home dir set to its cache - Add policy for grindengine MPI jobs - Add new sysadm_secadm.pp module
	* contains secadm definition for sysadm_t
- Move user_mail_domain access out of the interface into the te file
- Allow httpd_t to create httpd_var_lib_t directories as well as files
- Allow snmpd to connect to the ricci_modcluster stream
- Allow firewalld to read /etc/passwd
- Add auth_use_nsswitch for colord
- Allow smartd to read network state
- smartdnotify needs to read /etc/group - Allow gpg and gpg_agent to store sock_file in gpg_secret_t directory
- lxdm startup scripts should be labeled bin_t, so confined users will work
- mcstransd now creates a pid, needs back port to F16
- qpidd should be allowed to connect to the amqp port
- Label devices 010-029 as usb devices
- ypserv packager says ypserv does not use tmp_t so removing selinux policy types
- Remove all ptrace commands that I believe are caused by the kernel/ps avcs
- Add initial Obex policy
- Add logging_syslogd_use_tty boolean
- Add polipo_connect_all_unreserved bolean
- Allow zabbix to connect to ftp port
- Allow systemd-logind to be able to switch VTs
- Allow apache to communicate with memcached through a sock_file - Fix file_context.subs_dist for now to work with pre usrmove - More /usr move fixes - Add zabbix_can_network boolean
- Add httpd_can_connect_zabbix boolean
- Prepare file context labeling for usrmove functions
- Allow system cronjobs to read kernel network state
- Add support for selinux_avcstat munin plugin
- Treat hearbeat with corosync policy
- Allow corosync to read and write to qpidd shared mem
-  mozilla_plugin is trying to run pulseaudio 
- Fixes for new sshd patch for running priv sep domains as the users context
- Turn off dontaudit rules when turning on allow_ypbind
- udev now reads /etc/modules.d directory - Turn on deny_ptrace boolean for the Rawhide run, so we can test this out
- Cups exchanges dbus messages with init
- udisk2 needs to send syslog messages
- certwatch needs to read /etc/passwd - Add labeling for udisks2
- Allow fsadmin to communicate with the systemd process - Treat Bip with bitlbee policy
      * Bip is an IRC proxy
- Add port definition for interwise port
- Add support for ipa_memcached socket
- systemd_jounald needs to getattr on all processes
- mdadmin fixes
     * uses getpw
- amavisd calls getpwnam()
- denyhosts calls getpwall() - Setup labeling of /var/rsa and /var/lib/rsa to allow login programs to write there
- bluetooth says they do not use /tmp and want to remove the type
- Allow init to transition to colord
- Mongod needs to read /proc/sys/vm/zone_reclaim_mode
- Allow postfix_smtpd_t to connect to spamd
- Add boolean to allow ftp to connect to all ports > 1023
- Allow sendmain to write to inherited dovecot tmp files
- setroubleshoot needs to be able to execute rpm to see what version of packages - Merge systemd patch
- systemd-tmpfiles wants to relabel /sys/devices/system/cpu/online
- Allow deltacloudd dac_override, setuid, setgid  caps
- Allow aisexec to execute shell
- Add use_nfs_home_dirs boolean for ssh-keygen - Fixes to make rawhide boot in enforcing mode with latest systemd changes - Add labeling for /var/run/systemd/journal/syslog
- libvirt sends signals to ifconfig
- Allow domains that read logind session files to list them - Fixed destined form libvirt-sandbox
- Allow apps that list sysfs to also read sympolicy links in this filesystem
- Add ubac_constrained rules for chrome_sandbox
- Need interface to allow domains to use tmpfs_t files created by the kernel, used by libra
- Allow postgresql to be executed by the caller
- Standardize interfaces of daemons 
- Add new labeling for mm-handler
- Allow all matahari domains to read network state and etc_runtime_t files - New fix for seunshare, requires seunshare_domains to be able to mounton /
- Allow systemctl running as logrotate_t to connect to private systemd socket
- Allow tmpwatch to read meminfo
- Allow rpc.svcgssd to read supported_krb5_enctype
- Allow zarafa domains to read /dev/random and /dev/urandom
- Allow snmpd to read dev_snmp6
- Allow procmail to talk with cyrus
- Add fixes for check_disk and check_nagios plugins - default trans rules for Rawhide policy
-  Make sure sound_devices controlC* are labeled correctly on creation
- sssd now needs sys_admin
- Allow snmp to read all proc_type
- Allow to setup users homedir with quota.group - Add httpd_can_connect_ldap() interface
- apcupsd_t needs to use seriel ports connected to usb devices
- Kde puts procmail mail directory under ~/.local/share
- nfsd_t can trigger sys_rawio on tests that involve too many mountpoints, dontaudit for now
- Add labeling for /sbin/iscsiuio - Add label for /var/lib/iscan/interpreter
- Dont audit writes to leaked file descriptors or redirected output for nacl
- NetworkManager needs to write to /sys/class/net/ib*/mode - Allow abrt  to request the kernel to load a module
- Make sure mozilla content is labeled correctly
- Allow tgtd to read system state
- More fixes for boinc
  * allow to resolve dns name
  * re-write boinc policy to use boinc_domain attribute
- Allow munin services plugins to use NSCD services - Allow mozilla_plugin_t to manage mozilla_home_t
- Allow ssh derived domain to execute ssh-keygen in the ssh_keygen_t domain
- Add label for tumblerd - Fixes for xguest package - Fixes related to  /bin, /sbin
- Allow abrt to getattr on blk files
- Add type for rhev-agent log file
- Fix labeling for /dev/dmfm
- Dontaudit wicd leaking
- Allow systemd_logind_t to look at process info of apps that exchange dbus messages with it
- Label /etc/locale.conf correctly
- Allow user_mail_t to read /dev/random
- Allow postfix-smtpd to read MIMEDefang
- Add label for /var/log/suphp.log
- Allow swat_t to connect and read/write nmbd_t sock_file
- Allow systemd-tmpfiles to setattr for /run/user/gdm/dconf
- Allow systemd-tmpfiles to change user identity in object contexts
- More fixes for rhev_agentd_t consolehelper policy - Use fs_use_xattr for squashf
-  Fix procs_type interface
- Dovecot has a new fifo_file /var/run/dovecot/stats-mail
- Dovecot has a new fifo_file /var/run/stats-mail
- Colord does not need to connect to network
- Allow system_cronjob to dbus chat with NetworkManager
- Puppet manages content, want to make sure it labels everything correctly - Change port 9050 to tor_socks_port_t and then allow openvpn to connect to it
- Allow all postfix domains to use the fifo_file
- Allow sshd_t to getattr on all file systems in order to generate avc on nfs_t
- Allow apmd_t to read grub.cfg
- Let firewallgui read the selinux config
- Allow systemd-tmpfiles to delete content in /root that has been moved to /tmp
- Fix devicekit_manage_pid_files() interface
- Allow squid to check the network state
- Dontaudit colord getattr on file systems
- Allow ping domains to read zabbix_tmp_t files - Allow mcelog_t to create dir and file in /var/run and label it correctly
- Allow dbus to manage fusefs
- Mount needs to read process state when mounting gluster file systems
- Allow collectd-web to read collectd lib files
- Allow daemons and system processes started by init to read/write the unix_stream_socket passed in from as stdin/stdout/stderr
- Allow colord to get the attributes of tmpfs filesystem
- Add sanlock_use_nfs and sanlock_use_samba booleans
- Add bin_t label for /usr/lib/virtualbox/VBoxManage - Add ssh_dontaudit_search_home_dir
- Changes to allow namespace_init_t to work
- Add interface to allow exec of mongod, add port definition for mongod port, 27017
- Label .kde/share/apps/networkmanagement/certificates/ as home_cert_t
- Allow spamd and clamd to steam connect to each other
- Add policy label for passwd.OLD
- More fixes for postfix and postfix maildro
- Add ftp support for mozilla plugins
- Useradd now needs to manage policy since it calls libsemanage
- Fix devicekit_manage_log_files() interface
- Allow colord to execute ifconfig
- Allow accountsd to read /sys
- Allow mysqld-safe to execute shell
- Allow openct to stream connect to pcscd
- Add label for /var/run/nm-dns-dnsmasq\.conf
- Allow networkmanager to chat with virtd_t - Pulseaudio changes
- Merge patches - Merge patches back into git repository. - Remove allow_execmem boolean and replace with deny_execmem boolean - Turn back on allow_execmem boolean - Add more MCS fixes to make sandbox working
- Make faillog MLS trusted to make sudo_$1_t working
- Allow sandbox_web_client_t to read passwd_file_t
- Add .mailrc file context
- Remove execheap from openoffice domain
- Allow chrome_sandbox_nacl_t to read cpu_info
- Allow virtd to relabel generic usb which is need if USB device
- Fixes for virt.if interfaces to consider chr_file as image file type - Remove Open Office policy
- Remove execmem policy - MCS fixes
- quota fixes - Remove transitions to consoletype - Make nvidia* to be labeled correctly
- Fix abrt_manage_cache() interface
- Make filetrans rules optional so base policy will build
- Dontaudit chkpwd_t access to inherited TTYS
- Make sure postfix content gets created with the correct label
- Allow gnomeclock to read cgroup
- Fixes for cloudform policy - Check in fixed for Chrome nacl support -  Begin removing qemu_t domain, we really no longer need this domain.  
- systemd_passwd needs dac_overide to communicate with users TTY's
- Allow svirt_lxc domains to send kill signals within their container - Remove qemu.pp again without causing a crash - Remove qemu.pp, everything should use svirt_t or stay in its current domain - Allow policykit to talk to the systemd via dbus
- Move chrome_sandbox_nacl_t to permissive domains
- Additional rules for chrome_sandbox_nacl - Change bootstrap name to nacl
- Chrome still needs execmem
- Missing role for chrome_sandbox_bootstrap
- Add boolean to remove execmem and execstack from virtual machines
- Dontaudit xdm_t doing an access_check on etc_t directories - Allow named to connect to dirsrv by default
- add ldapmap1_0 as a krb5_host_rcache_t file
- Google chrome developers asked me to add bootstrap policy for nacl stuff
- Allow rhev_agentd_t to getattr on mountpoints
- Postfix_smtpd_t needs access to milters and cleanup seems to read/write postfix_smtpd_t unix_stream_sockets - Fixes for cloudform policies which need to connect to random ports
- Make sure if an admin creates modules content it creates them with the correct label
- Add port 8953 as a dns port used by unbound
- Fix file name transition for alsa and confined users - Turn on mock_t and thumb_t for unconfined domains - Policy update should not modify local contexts - Remove ada policy - Remove tzdata policy
- Add labeling for udev
- Add cloudform policy
- Fixes for bootloader policy - Add policies for nova openstack - Add fixes for nova-stack policy - Allow svirt_lxc_domain to chr_file and blk_file devices if they are in the domain
- Allow init process to setrlimit on itself
- Take away transition rules for users executing ssh-keygen
- Allow setroubleshoot_fixit_t to read /dev/urand
- Allow sshd to relbale tunnel sockets
- Allow fail2ban domtrans to shorewall in the same way as with iptables
- Add support for lnk files in the /var/lib/sssd directory
- Allow system mail to connect to courier-authdaemon over an unix stream socket - Add passwd_file_t for /etc/ptmptmp - Dontaudit access checks for all executables, gnome-shell is doing access(EXEC, X_OK)
- Make corosync to be able to relabelto cluster lib fies
- Allow samba domains to search /var/run/nmbd
- Allow dirsrv to use pam
- Allow thumb to call getuid
- chrome less likely to get mmap_zero bug so removing dontaudit
- gimp help-browser has built in javascript
- Best guess is that devices named /dev/bsr4096 should be labeled as cpu_device_t
- Re-write glance policy - Move dontaudit sys_ptrace line from permissive.te to domain.te
- Remove policy for hal, it no longer exists - Don't check md5 size or mtime on certain config files - Remove allow_ptrace and replace it with deny_ptrace, which will remove all 
ptrace from the system
- Remove 2000 dontaudit rules between confined domains on transition
and replace with single
dontaudit domain domain:process { noatsecure siginh rlimitinh } ; - Fixes for bootloader policy
- $1_gkeyringd_t needs to read $HOME/%USER/.local/share/keystore
- Allow nsplugin to read /usr/share/config
- Allow sa-update to update rules
- Add use_fusefs_home_dirs for chroot ssh option
- Fixes for grub2
- Update systemd_exec_systemctl() interface
- Allow gpg to read the mail spool
- More fixes for sa-update running out of cron job
- Allow ipsec_mgmt_t to read hardware state information
- Allow pptp_t to connect to unreserved_port_t
- Dontaudit getattr on initctl in /dev from chfn
- Dontaudit getattr on kernel_core from chfn
- Add systemd_list_unit_dirs to systemd_exec_systemctl call
- Fixes for collectd policy
- CHange sysadm_t to create content as user_tmp_t under /tmp - Shrink size of policy through use of attributes for userdomain and apache - Allow virsh to read xenstored pid file
- Backport corenetwork fixes from upstream
- Do not audit attempts by thumb to search config_home_t dirs (~/.config)
- label ~/.cache/telepathy/logger telepathy_logger_cache_home_t
- allow thumb to read generic data home files (mime.type) - Allow nmbd to manage sock file in /var/run/nmbd
- ricci_modservice send syslog msgs
- Stop transitioning from unconfined_t to ldconfig_t, but make sure /etc/ld.so.cache is labeled correctly
- Allow systemd_logind_t to manage /run/USER/dconf/user - Fix missing patch from F16 - Allow logrotate setuid and setgid since logrotate is supposed to do it
- Fixes for thumb policy by grift
- Add new nfsd ports
- Added fix to allow confined apps to execmod on chrome
- Add labeling for additional vdsm directories
- Allow Exim and Dovecot SASL
- Add label for /var/run/nmbd
- Add fixes to make virsh and xen working together
- Colord executes ls
- /var/spool/cron  is now labeled as user_cron_spool_t - Stop complaining about leaked file descriptors during install - Remove java and mono module and merge into execmem - Fixes for thumb policy and passwd_file_t - Fixes caused by the labeling of /etc/passwd
- Add thumb.patch to transition unconfined_t to thumb_t for Rawhide - Add support for Clustered Samba commands
- Allow ricci_modrpm_t to send log msgs
- move permissive virt_qmf_t from virt.te to permissivedomains.te
- Allow ssh_t to use kernel keyrings
- Add policy for libvirt-qmf and more fixes for linux containers
- Initial Polipo
- Sanlock needs to run ranged in order to kill svirt processes
- Allow smbcontrol to stream connect to ctdbd - Add label for /etc/passwd - Change unconfined_domains to permissive for Rawhide
- Add definition for the ephemeral_ports - Make mta_role() active
- Allow asterisk to connect to jabber client port
- Allow procmail to read utmp
- Add NIS support for systemd_logind_t
- Allow systemd_logind_t to manage /run/user/$USER/dconf dir which is labeled as config_home_t
- Fix systemd_manage_unit_dirs() interface
- Allow ssh_t to manage directories passed into it
- init needs to be able to create and delete unit file directories
- Fix typo in apache_exec_sys_script
- Add ability for logrotate to transition to awstat domain - Change screen to use screen_domain attribute and allow screen_domains to read all process domain state
- Add SELinux support for ssh pre-auth net process in F17
- Add logging_syslogd_can_sendmail boolean - Add definition for ephemeral ports
- Define user_tty_device_t as a customizable_type - Needs to require a new version of checkpolicy
- Interface fixes - Allow sanlock to manage virt lib files
- Add virt_use_sanlock booelan
- ksmtuned is trying to resolve uids
- Make sure .gvfs is labeled user_home_t in the users home directory
- Sanlock sends kill signals and needs the kill capability
- Allow mockbuild to work on nfs homedirs
- Fix kerberos_manage_host_rcache() interface
- Allow exim to read system state - Allow systemd-tmpfiles to set the correct labels on /var/run, /tmp and other files
- We want any file type that is created in /tmp by a process running as initrc_t to be labeled initrc_tmp_t -  Allow collectd to read hardware state information
- Add loop_control_device_t
- Allow mdadm to request kernel to load module
- Allow domains that start other domains via systemctl to search unit dir
- systemd_tmpfilses, needs to list any file systems mounted on /tmp
- No one can explain why radius is listing the contents of /tmp, so we will dontaudit
- If I can manage etc_runtime files, I should be able to read the links
- Dontaudit hostname writing to mock library chr_files
- Have gdm_t setup labeling correctly in users home dir
- Label content unde /var/run/user/NAME/dconf as config_home_t
- Allow sa-update to execute shell
- Make ssh-keygen working with fips_enabled
- Make mock work for staff_t user
- Tighten security on mock_t - removing unconfined_notrans_t no longer necessary
- Clean up handling of secure_mode_insmod and secure_mode_policyload
- Remove unconfined_mount_t - Add exim_exec_t label for /usr/sbin/exim_tidydb
- Call init_dontaudit_rw_stream_socket() interface in mta policy
- sssd need to search /var/cache/krb5rcache directory
- Allow corosync to relabel own tmp files
- Allow zarafa domains to send system log messages
- Allow ssh to do tunneling
- Allow initrc scripts to sendto init_t unix_stream_socket
- Changes to make sure dmsmasq and virt directories are labeled correctly
- Changes needed to allow sysadm_t to manage systemd unit files
- init is passing file descriptors to dbus and on to system daemons
- Allow sulogin additional access Reported by dgrift and Jeremy Miller
- Steve Grubb believes that wireshark does not need this access
- Fix /var/run/initramfs to stop restorecon from looking at
- pki needs another port
- Add more labels for cluster scripts
- Allow apps that manage cgroup_files to manage cgroup link files
- Fix label on nfs-utils scripts directories
- Allow gatherd to read /dev/rand and /dev/urand - pki needs another port
- Add more labels for cluster scripts
- Fix label on nfs-utils scripts directories
- Fixes for cluster
- Allow gatherd to read /dev/rand and /dev/urand
- abrt leaks fifo files - Add glance policy
- Allow mdadm setsched
- /var/run/initramfs should not be relabeled with a restorecon run
- memcache can be setup to override sys_resource
- Allow httpd_t to read tetex data
- Allow systemd_tmpfiles to delete kernel modules left in /tmp directory. - Allow Postfix to deliver to Dovecot LMTP socket
- Ignore bogus sys_module for lldpad
- Allow chrony and gpsd to send dgrams, gpsd needs to write to the real time clock
- systemd_logind_t sets the attributes on usb devices
- Allow hddtemp_t to read etc_t files
- Add permissivedomains module
- Move all permissive domains calls to permissivedomain.te
- Allow pegasis to send kill signals to other UIDs - Allow insmod_t to use fds leaked from devicekit
- dontaudit getattr between insmod_t and init_t unix_stream_sockets
- Change sysctl unit file interfaces to use systemctl
- Add support for chronyd unit file
- Allow mozilla_plugin to read gnome_usr_config
- Add policy for new gpsd
- Allow cups to create kerberos rhost cache files
- Add authlogin_filetrans_named_content, to unconfined_t to make sure shadow and other log files get labeled correctly - Make users_extra and seusers.final into config(noreplace) so semanage users and login does not get overwritten - Add policy for sa-update being run out of cron jobs
- Add create perms to postgresql_manage_db
- ntpd using a gps has to be able to read/write generic tty_device_t
- If you disable unconfined and unconfineduser, rpm needs more privs to manage /dev
- fix spec file
- Remove qemu_domtrans_unconfined() interface
- Make passenger working together with puppet
- Add init_dontaudit_rw_stream_socket interface
- Fixes for wordpress - Turn on allow_domain_fd_use boolean on F16
- Allow syslog to manage all log files
- Add use_fusefs_home_dirs boolean for chrome
- Make vdagent working with confined users
- Add abrt_handle_event_t domain for ABRT event scripts
- Labeled /usr/sbin/rhnreg_ks as rpm_exec_t and added changes related to this change
- Allow httpd_git_script_t to read passwd data
- Allow openvpn to set its process priority when the nice parameter is used - livecd fixes
- spec file fixes - fetchmail can use kerberos
- ksmtuned reads in shell programs
- gnome_systemctl_t reads the process state of ntp
- dnsmasq_t asks the kernel to load multiple kernel modules
- Add rules for domains executing systemctl
- Bogus text within fc file - Add cfengine policy - Add abrt_domain attribute
- Allow corosync to manage cluster lib files
- Allow corosync to connect to the system DBUS - Add sblim, uuidd policies
- Allow kernel_t dyntrasition to init_t - init_t need setexec
- More fixes of rules which cause an explosion in rules by Dan Walsh - Allow rcsmcertd to perform DNS name resolution
- Add dirsrvadmin_unconfined_script_t domain type for 389-ds admin scripts
- Allow tmux to run as screen
- New policy for collectd
- Allow gkeyring_t to interact with all user apps
- Add rules to allow firstboot to run on machines with the unconfined.pp module removed - Allow systemd_logind to send dbus messages with users
- allow accountsd to read wtmp file
- Allow dhcpd to get and set capabilities - Fix oracledb_port definition
- Allow mount to mounton the selinux file system
- Allow users to list /var directories - systemd fixes - Add initial policy for abrt_dump_oops_t
- xtables-multi wants to getattr of the proc fs
- Smoltclient is connecting to abrt
- Dontaudit leaked file descriptors to postdrop
- Allow abrt_dump_oops to look at kernel sysctls
- Abrt_dump_oops_t reads kernel ring buffer
- Allow mysqld to request the kernel to load modules
- systemd-login needs fowner
- Allow postfix_cleanup_t to searh maildrop - Initial systemd_logind policy
- Add policy for systemd_logger and additional proivs for systemd_logind
- More fixes for systemd policies - Allow setsched for virsh
- Systemd needs to impersonate cups, which means it needs to create tcp_sockets in cups_t domain, as well as manage spool directories
- iptables: the various /sbin/ip6?tables.* are now symlinks for
/sbin/xtables-multi - A lot of users are running yum -y update while in /root which is causing ldconfig to list the contents, adding dontaudit
- Allow colord to interact with the users through the tmpfs file system
- Since we changed the label on deferred, we need to allow postfix_qmgr_t to be able to create maildrop_t files
- Add label for /var/log/mcelog
- Allow asterisk to read /dev/random if it uses TLS
- Allow colord to read ini files which are labeled as bin_t
- Allow dirsrvadmin sys_resource and setrlimit to use ulimit
- Systemd needs to be able to create sock_files for every label in /var/run directory, cupsd being the first.  
- Also lists /var and /var/spool directories
- Add openl2tpd to l2tpd policy
- qpidd is reading the sysfs file - Change usbmuxd_t to dontaudit attempts to read chr_file
- Add mysld_safe_exec_t for libra domains to be able to start private mysql domains
- Allow pppd to search /var/lock dir
- Add rhsmcertd policy - Update to upstream - More fixes
  * http://git.fedorahosted.org/git/?p=selinux-policy.git - Fix spec file to not report Verify errors - Add dspam policy
- Add lldpad policy
- dovecot auth wants to search statfs #713555
- Allow systemd passwd apps to read init fifo_file
- Allow prelink to use inherited terminals
- Run cherokee in the httpd_t domain
- Allow mcs constraints on node connections
- Implement pyicqt policy
- Fixes for zarafa policy
- Allow cobblerd to send syslog messages - Add policy.26 to the payload
- Remove olpc stuff
- Remove policygentool - Fixes for zabbix
- init script needs to be able to manage sanlock_var_run_...
- Allow sandlock and wdmd to create /var/run directories... 
- mixclip.so has been compiled correctly
- Fix passenger policy module name - Add mailscanner policy from dgrift
- Allow chrome to optionally be transitioned to
- Zabbix needs these rules when starting the zabbix_server_mysql
- Implement a type for freedesktop openicc standard (~/.local/share/icc)
- Allow system_dbusd_t to read inherited icc_data_home_t files.
- Allow colord_t to read icc_data_home_t content. #706975
- Label stuff under /usr/lib/debug as if it was labeled under / - Fixes for sanlock policy
- Fixes for colord policy
- Other fixes
	* http://git.fedorahosted.org/git/?p=selinux-policy.git;a=log - Add rhev policy module to modules-targeted.conf - Lot of fixes
	* http://git.fedorahosted.org/git/?p=selinux-policy.git;a=log - Allow logrotate to execute systemctl
- Allow nsplugin_t to getattr on gpmctl
- Fix dev_getattr_all_chr_files() interface
- Allow shorewall to use inherited terms
- Allow userhelper to getattr all chr_file devices
- sandbox domains should be able to getattr and dontaudit search of sysctl_kernel_t
- Fix labeling for ABRT Retrace Server - Dontaudit sys_module for ifconfig
- Make telepathy and gkeyringd daemon working with confined users
- colord wants to read files in users homedir
- Remote login should be creating user_tmp_t not its own tmp files - Fix label for /usr/share/munin/plugins/munin_* plugins
- Add support for zarafa-indexer
- Fix boolean description
- Allow colord to getattr on /proc/scsi/scsi
- Add label for /lib/upstart/init
- Colord needs to list /mnt - Forard port changes from F15 for telepathy
- NetworkManager should be allowed to use /dev/rfkill
- Fix dontaudit messages to say Domain to not audit
- Allow telepathy domains to read/write gnome_cache files
- Allow telepathy domains to call getpw
- Fixes for colord and vnstatd policy - Allow init_t getcap and setcap
- Allow namespace_init_t to use nsswitch
- aisexec will execute corosync
- colord tries to read files off noxattr file systems
- Allow init_t getcap and setcap - Add support for ABRT retrace server
- Allow user_t and staff_t access to generic scsi to handle locally plugged in scanners
- Allow telepath_msn_t to read /proc/PARENT/cmdline
- ftpd needs kill capability
- Allow telepath_msn_t to connect to sip port
- keyring daemon does not work on nfs homedirs
- Allow $1_sudo_t to read default SELinux context
- Add label for tgtd sock file in /var/run/
- Add apache_exec_rotatelogs interface
- allow all zaraha domains to signal themselves, server writes to /tmp
- Allow syslog to read the process state
- Add label for /usr/lib/chromium-browser/chrome
- Remove the telepathy transition from unconfined_t
- Dontaudit sandbox domains trying to mounton sandbox_file_t, this is caused by fuse mounts
- Allow initrc_t domain to manage abrt pid files
- Add support for AEOLUS project
- Virt_admin should be allowed to manage images and processes
- Allow plymountd to send signals to init
- Change labeling of fping6 - Add filename transitions - Fixes for zarafa policy
- Add support for AEOLUS project
- Change labeling of fping6
- Allow plymountd to send signals to init
- Allow initrc_t domain to manage abrt pid files
- Virt_admin should be allowed to manage images and processes - xdm_t needs getsession for switch user 
- Every app that used to exec init is now execing systemdctl 
- Allow squid to manage krb5_host_rcache_t files 
- Allow foghorn to connect to agentx port - Fixes for colord policy - Add Dan's patch to remove 64 bit variants
- Allow colord to use unix_dgram_socket 
- Allow apps that search pids to read /var/run if it is a lnk_file 
- iscsid_t creates its own directory 
- Allow init to list var_lock_t dir 
- apm needs to verify user accounts auth_use_nsswitch
- Add labeling for systemd unit files
- Allow gnomeclok to enable ntpd service using systemctl - systemd_systemctl_t domain was added
- Add label for matahari-broker.pid file
- We want to remove untrustedmcsprocess from ability to read /proc/pid
- Fixes for matahari policy
- Allow system_tmpfiles_t to delete user_home_t files in the /tmp dir
- Allow sshd to transition to sysadm_t if ssh_sysadm_login is turned on - Fix typo - Add /var/run/lock /var/lock definition to file_contexts.subs
- nslcd_t is looking for kerberos cc files
- SSH_USE_STRONG_RNG is 1 which requires /dev/random
- Fix auth_rw_faillog definition
- Allow sysadm_t to set attributes on fixed disks
- allow user domains to execute lsof and look at application sockets
- prelink_cron job calls telinit -u if init is rewritten
- Fixes to run qemu_t from staff_t - Fix label for /var/run/udev to udev_var_run_t
- Mock needs to be able to read network state - Add file_contexts.subs to handle /run and /run/lock
- Add other fixes relating to /run changes from F15 policy - Allow $1_sudo_t and $1_su_t open access to user terminals
- Allow initrc_t to use generic terminals
- Make Makefile/Rules.modular run sepolgen-ifgen during build to check if files for bugs
-systemd is going to be useing /run and /run/lock for early bootup files.
- Fix some comments in rlogin.if
- Add policy for KDE backlighthelper
- sssd needs to read ~/.k5login in nfs, cifs or fusefs file systems
- sssd wants to read .k5login file in users homedir
- setroubleshoot reads executables to see if they have TEXTREL
- Add /var/spool/audit support for new version of audit
- Remove kerberos_connect_524() interface calling
- Combine kerberos_master_port_t and kerberos_port_t
- systemd has setup /dev/kmsg as stderr for apps it executes
- Need these access so that init can impersonate sockets on unix_dgram_socket - Remove some unconfined domains
- Remove permissive domains
- Add policy-term.patch from Dan - Fix multiple specification for boot.log
- devicekit leaks file descriptors to setfiles_t
- Change all all_nodes to generic_node and all_if to generic_if
- Should not use deprecated interface
- Switch from using all_nodes to generic_node and from all_if to generic_if
- Add support for xfce4-notifyd
- Fix file context to show several labels as SystemHigh
- seunshare needs to be able to mounton nfs/cifs/fusefs homedirs
- Add etc_runtime_t label for /etc/securetty
- Fixes to allow xdm_t to start gkeyringd_USERTYPE_t directly
- login.krb needs to be able to write user_tmp_t
- dirsrv needs to bind to port 7390 for dogtag
- Fix a bug in gpg policy
- gpg sends audit messages
- Allow qpid to manage matahari files - Initial policy for matahari
- Add dev_read_watchdog
- Allow clamd to connect clamd port
- Add support for kcmdatetimehelper
- Allow shutdown to setrlimit and sys_nice
- Allow systemd_passwd to talk to /dev/log before udev or syslog is running
- Purge chr_file and blk files on /tmp
- Fixes for pads
- Fixes for piranha-pulse
- gpg_t needs to be able to encyprt anything owned by the user - mozilla_plugin_tmp_t needs to be treated as user tmp files
- More dontaudits of writes from readahead
- Dontaudit readahead_t file_type:dir write, to cover up kernel bug
- systemd_tmpfiles needs to relabel faillog directory as well as the file
- Allow hostname and consoletype to r/w inherited initrc_tmp_t files handline hostname >> /tmp/myhost - Add policykit fixes from Tim Waugh
- dontaudit sandbox domains sandbox_file_t:dir mounton
- Add new dontaudit rules for sysadm_dbusd_t
- Change label for /var/run/faillock
	* other fixes which relate with this change - Update to upstream
- Fixes for telepathy
- Add port defition for ssdp port
- add policy for /bin/systemd-notify from Dan
- Mount command requires users read mount_var_run_t
- colord needs to read konject_uevent_socket
- User domains connect to the gkeyring socket
- Add colord policy and allow user_t and staff_t to dbus chat with it
- Add lvm_exec_t label for kpartx
- Dontaudit reading the mail_spool_t link from sandbox -X
- systemd is creating sockets in avahi_var_run and system_dbusd_var_run - gpg_t needs to talk to gnome-keyring
- nscd wants to read /usr/tmp->/var/tmp to generate randomziation in unixchkpwd
- enforce MCS labeling on nodes
- Allow arpwatch to read meminfo
- Allow gnomeclock to send itself signals
- init relabels /dev/.udev files on boot
- gkeyringd has to transition back to staff_t when it runs commands in bin_t or shell_exec_t
- nautilus checks access on /media directory before mounting usb sticks, dontaudit access_check on mnt_t
- dnsmasq can run as a dbus service, needs acquire service
- mysql_admin should  be allowed to connect to mysql service
- virt creates monitor sockets in the users home dir - Allow usbhid-ups to read hardware state information
- systemd-tmpfiles has moved
- Allo cgroup to sys_tty_config
- For some reason prelink is attempting to read gconf settings
- Add allow_daemons_use_tcp_wrapper boolean
- Add label for ~/.cache/wocky to make telepathy work in enforcing mode
- Add label for char devices /dev/dasd*
- Fix for apache_role
- Allow amavis to talk to nslcd
- allow all sandbox to read selinux poilcy config files
- Allow cluster domains to use the system bus and send each other dbus messages - Update to upstream - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild - Update to ref policy
- cgred needs chown capability
- Add /dev/crash crash_dev_t
- systemd-readahead wants to use fanotify which means readahead_t needs sys_admin capability - New labeling for postfmulti #675654
- dontaudit xdm_t listing noxattr file systems
- dovecot-auth needs to be able to connect to mysqld via the network as well as locally
- shutdown is passed stdout to a xdm_log_t file
- smartd creates a fixed disk device
- dovecot_etc_t contains a lnk_file that domains need to read
- mount needs to be able to read etc_runtim_t:lnk_file since in rawhide this is a link created at boot - syslog_t needs syslog capability
- dirsrv needs to be able to create /var/lib/snmp
- Fix labeling for dirsrv
- Fix for dirsrv policy missing manage_dirs_pattern
- corosync needs to delete clvm_tmpfs_t files
- qdiskd needs to list hugetlbfs
- Move setsched to sandbox_x_domain, so firefox can run without network access
- Allow hddtemp to read removable devices
- Adding syslog and read_policy permissions to policy
	* syslog
		Allow unconfined, sysadm_t, secadm_t, logadm_t
	* read_policy
		allow unconfined, sysadm_t, secadm_t, staff_t on Targeted
		allow sysadm_t (optionally), secadm_t on MLS
- mdadm application will write into /sys/.../uevent whenever arrays are
assembled or disassembled. - Add tcsd policy - ricci_modclusterd_t needs to bind to rpc ports 500-1023
- Allow dbus to use setrlimit to increase resoueces
- Mozilla_plugin is leaking to sandbox
- Allow confined users  to connect to lircd over unix domain stream socket which allow to use remote control
- Allow awstats to read squid logs
- seunshare needs to manage tmp_t
- apcupsd cgi scripts have a new directory - Fix xserver_dontaudit_read_xdm_pid
- Change oracle_port_t to oracledb_port_t to prevent conflict with satellite
- Allow dovecot_deliver_t to read/write postfix_master_t:fifo_file. 
	* These fifo_file is passed from postfix_master_t to postfix_local_t to dovecot_deliver_t
- Allow readahead to manage readahead pid dirs
- Allow readahead to read all mcs levels
- Allow mozilla_plugin_t to use nfs or samba homedirs - Allow nagios plugin to read /proc/meminfo
- Fix for mozilla_plugin
- Allow samba_net_t to create /etc/keytab
- pppd_t setting up vpns needs to run unix_chkpwd, setsched its process and write wtmp_t
- nslcd can read user credentials
- Allow nsplugin to delete mozilla_plugin_tmpfs_t
- abrt tries to create dir in rpm_var_lib_t
- virt relabels fifo_files
- sshd needs to manage content in fusefs homedir
- mock manages link files in cache dir - nslcd needs setsched and to read /usr/tmp
- Invalid call in likewise policy ends up creating a bogus role
- Cannon puts content into /var/lib/bjlib that cups needs to be able to write
- Allow screen to create screen_home_t in /root
- dirsrv sends syslog messages
- pinentry reads stuff in .kde directory
- Add labels for .kde directory in homedir
- Treat irpinit, iprupdate, iprdump services with raid policy - NetworkManager wants to read consolekit_var_run_t
- Allow readahead to create /dev/.systemd/readahead
- Remove permissive domains
- Allow newrole to run namespace_init - Add sepgsql_contexts file - Update to upstream - Add oracle ports and allow apache to connect to them if the connect_db boolean is turned on
- Add puppetmaster_use_db boolean
- Fixes for zarafa policy
- Fixes for gnomeclock poliy
- Fix systemd-tmpfiles to use auth_use_nsswitch - gnomeclock executes a shell
- Update for screen policy to handle pipe in homedir
- Fixes for polyinstatiated homedir
- Fixes for namespace policy and other fixes related to polyinstantiation
- Add namespace policy
- Allow dovecot-deliver transition to sendmail which is needed by sieve scripts
- Fixes for init, psad policy which relate with confined users
- Do not audit bootloader attempts to read devicekit pid files
- Allow nagios service plugins to read /proc - Add firewalld policy
- Allow vmware_host to read samba config
- Kernel wants to read /proc Fix duplicate grub def in cobbler
- Chrony sends mail, executes shell, uses fifo_file and reads /proc
- devicekitdisk getattr all file systems
- sambd daemon writes wtmp file
- libvirt transitions to dmidecode - Add initial policy for system-setup-keyboard which is now daemon
- Label /var/lock/subsys/shorewall as shorewall_lock_t
- Allow users to communicate with the gpg_agent_t
- Dontaudit mozilla_plugin_t using the inherited terminal
- Allow sambagui to read files in /usr
- webalizer manages squid log files
- Allow unconfined domains to bind ports to raw_ip_sockets
- Allow abrt to manage rpm logs when running yum
- Need labels for /var/run/bittlebee
- Label .ssh under amanda
- Remove unused genrequires for virt_domain_template
- Allow virt_domain to use fd inherited from virtd_t
- Allow iptables to read shorewall config - Gnome apps list config_home_t
- mpd creates lnk files in homedir
- apache leaks write to mail apps on tmp files
- /var/stockmaniac/templates_cache contains log files
- Abrt list the connects of mount_tmp_t dirs
- passwd agent reads files under /dev and reads utmp file
- squid apache script connects to the squid port
- fix name of plymouth log file
- teamviewer is a wine app
- allow dmesg to read system state
- Stop labeling files under /var/lib/mock so restorecon will not go into this 
- nsplugin needs to read network state for google talk - Allow xdm and syslog to use /var/log/boot.log
- Allow users to communicate with mozilla_plugin and kill it
- Add labeling for ipv6 and dhcp - New labels for ghc http content
- nsplugin_config needs to read urand, lvm now calls setfscreate to create dev
- pm-suspend now creates log file for append access so we remove devicekit_wri
- Change authlogin_use_sssd to authlogin_nsswitch_use_ldap
- Fixes for greylist_milter policy - Update to upstream
- Fixes for systemd policy
- Fixes for passenger policy
- Allow staff users to run mysqld in the staff_t domain, akonadi needs this
- Add bin_t label for /usr/share/kde4/apps/kajongg/kajongg.py
- auth_use_nsswitch does not need avahi to read passwords,needed for resolving data
- Dontaudit (xdm_t) gok attempting to list contents of /var/account
- Telepathy domains need to read urand
- Need interface to getattr all file classes in a mock library for setroubleshoot - Update selinux policy to handle new /usr/share/sandbox/start script - Update to upstream
- Fix version of policy in spec file - Allow sandbox to run on nfs partitions, fixes for systemd_tmpfs
- remove per sandbox domains devpts types
- Allow dkim-milter sending signal to itself - Allow domains that transition to ping or traceroute, kill them
- Allow user_t to conditionally transition to ping_t and traceroute_t
- Add fixes to systemd- tools, including new labeling for systemd-fsck, systemd-cryptsetup - Turn on systemd policy
- mozilla_plugin needs to read certs in the homedir.
- Dontaudit leaked file descriptors from devicekit
- Fix ircssi to use auth_use_nsswitch
- Change to use interface without param in corenet to disable unlabelednet packets
- Allow init to relabel sockets and fifo files in /dev
- certmonger needs dac* capabilities to manage cert files not owned by root
- dovecot needs fsetid to change group membership on mail
- plymouthd removes /var/log/boot.log
- systemd is creating symlinks in /dev
- Change label on /etc/httpd/alias to be all cert_t - Fixes for clamscan and boinc policy
- Add boinc_project_t setpgid
- Allow alsa to create tmp files in /tmp - Push fixes to allow disabling of unlabeled_t packet access
- Enable unlabelednet policy - Fixes for lvm to work with systemd - Fix the label for wicd log
- plymouthd creates force-display-on-active-vt file
- Allow avahi to request the kernel to load a module
- Dontaudit hal leaks
- Fix gnome_manage_data interface
- Add new interface corenet_packet to define a type as being an packet_type.
- Removed general access to packet_type from icecast and squid.
- Allow mpd to read alsa config
- Fix the label for wicd log
- Add systemd policy - Fix gnome_manage_data interface
- Dontaudit sys_ptrace capability for iscsid
- Fixes for nagios plugin policy - Fix cron to run ranged when started by init
- Fix devicekit to use log files
- Dontaudit use of devicekit_var_run_t for fstools
- Allow init to setattr on logfile directories
- Allow hald to manage files in /var/run/pm-utils/ dir which is now labeled as devicekit_var_run_t - Fix up handling of dnsmasq_t creating /var/run/libvirt/network
- Turn on sshd_forward_ports boolean by default
- Allow sysadmin to dbus chat with rpm
- Add interface for rw_tpm_dev
- Allow cron to execute bin
- fsadm needs to write sysfs
- Dontaudit consoletype reading /var/run/pm-utils
- Lots of new privs fro mozilla_plugin_t running java app, make mozilla_plugin
- certmonger needs to manage dirsrv data
- /var/run/pm-utils should be labeled as devicekit_var_run_t - fixes to allow /var/run and /var/lock as tmpfs
- Allow chrome sandbox to connect to web ports
- Allow dovecot to listem on lmtp and sieve ports
- Allov ddclient to search sysctl_net_t
- Transition back to original domain if you execute the shell - Remove duplicate declaration - Update to upstream
- Cleanup for sandbox
- Add attribute to be able to select sandbox types - Allow ddclient to fix file mode bits of ddclient conf file
- init leaks file descriptors to daemons
- Add labels for /etc/lirc/ and
- Allow amavis_t to exec shell
- Add label for gssd_tmp_t for /var/tmp/nfs_0 - Put back in lircd_etc_t so policy will install - Turn on allow_postfix_local_write_mail_spool
- Allow initrc_t to transition to shutdown_t
- Allow logwatch and cron to mls_read_to_clearance for MLS boxes
- Allow wm to send signull to all applications and receive them from users
- lircd patch from field
- Login programs have to read /etc/samba
- New programs under /lib/systemd
- Abrt needs to read config files - Update to upstream
- Dontaudit leaked sockets from userdomains to user domains
- Fixes for mcelog to handle scripts
- Apply patch from Ruben Kerkhof
- Allow syslog to search spool dirs - Allow nagios plugins to read usr files
- Allow mysqld-safe to send system log messages
- Fixes fpr ddclient policy
- Fix sasl_admin interface
- Allow apache to search zarafa config
- Allow munin plugins to search /var/lib directory
- Allow gpsd to read sysfs_t
- Fix labels on /etc/mcelog/triggers to bin_t - Remove saslauthd_tmp_t and transition tmp files to krb5_host_rcache_t
- Allow saslauthd_t to create krb5_host_rcache_t files in /tmp
- Fix xserver interface
- Fix definition of /var/run/lxdm - Turn on mediawiki policy
- kdump leaks kdump_etc_t to ifconfig, add dontaudit
- uux needs to transition to uucpd_t
- More init fixes relabels man,faillog
- Remove maxima defs in libraries.fc
- insmod needs to be able to create tmpfs_t files
- ping needs setcap - Allow groupd transition to fenced domain when executes fence_node
- Fixes for rchs policy
- Allow mpd to be able to read samba/nfs files - Fix up corecommands.fc to match upstream
- Make sure /lib/systemd/* is labeled init_exec_t
- mount wants to setattr on all mountpoints
- dovecot auth wants to read dovecot etc files
- nscd daemon looks at the exe file of the comunicating daemon
- openvpn wants to read utmp file
- postfix apps now set sys_nice and lower limits
- remote_login (telnetd/login) wants to use telnetd_devpts_t and user_devpts_t to work correctly
- Also resolves nsswitch
- Fix labels on /etc/hosts.*
- Cleanup to make upsteam patch work
- allow abrt to read etc_runtime_t - Add conflicts for dirsrv package - Update to upstream
- Add vlock policy - Fix sandbox to work on nfs homedirs
- Allow cdrecord to setrlimit
- Allow mozilla_plugin to read xauth
- Change label on systemd-logger to syslogd_exec_t
- Install dirsrv policy from dirsrv package - Add virt_home_t, allow init to setattr on xserver_tmp_t and relabel it
- Udev needs to stream connect to init and kernel
- Add xdm_exec_bootloader boolean, which allows xdm to execute /sbin/grub and read files in /boot directory - Allow NetworkManager to read openvpn_etc_t
- Dontaudit hplip to write of /usr dirs
- Allow system_mail_t to create /root/dead.letter as mail_home_t
- Add vdagent policy for spice agent daemon - Dontaudit sandbox sending sigkill to all user domains
- Add policy for rssh_chroot_helper
- Add missing flask definitions
- Allow udev to relabelto removable_t
- Fix label on /var/log/wicd.log
- Transition to initrc_t from init when executing bin_t
- Add audit_access permissions to file
- Make removable_t a device_node 
- Fix label on /lib/systemd/* - Fixes for systemd to manage /var/run
- Dontaudit leaks by firstboot - Allow chome to create netlink_route_socket
- Add additional MATHLAB file context
- Define nsplugin as an application_domain
- Dontaudit sending signals from sandboxed domains to other domains
- systemd requires init to build /tmp /var/auth and /var/lock dirs
- mount wants to read devicekit_power /proc/ entries
- mpd wants to connect to soundd port
- Openoffice causes a setattr on a lib_t file for normal users, add dontaudit
- Treat lib_t and textrel_shlib_t directories the same
- Allow mount read access on virtual images - Allow sandbox_x_domains to work with nfs/cifs/fusefs home dirs.
- Allow devicekit_power to domtrans to mount
- Allow dhcp to bind to udp ports > 1024 to do named stuff
- Allow ssh_t to exec ssh_exec_t
- Remove telepathy_butterfly_rw_tmp_files(), dev_read_printk() interfaces which are nolonger used
- Fix clamav_append_log() intefaces
- Fix 'psad_rw_fifo_file' interface - Allow cobblerd to list cobler appache content - Fixup for the latest version of upowed
- Dontaudit sandbox sending SIGNULL to desktop apps - Update to upstream -Mount command from a confined user generates setattr on /etc/mtab file, need to dontaudit this access
- dovecot-auth_t needs ipc_lock
- gpm needs to use the user terminal
- Allow system_mail_t to append ~/dead.letter
- Allow NetworkManager to edit /etc/NetworkManager/NetworkManager.conf
- Add pid file to vnstatd
- Allow mount to communicate with gfs_controld
- Dontaudit hal leaks in setfiles - Lots of fixes for systemd
- systemd now executes readahead and tmpwatch type scripts
- Needs to manage random seed - Allow smbd to use sys_admin
- Remove duplicate file context for tcfmgr
- Update to upstream - Fix fusefs handling
- Do not allow sandbox to manage nsplugin_rw_t
- Allow mozilla_plugin_t to connecto its parent
- Allow init_t to connect to plymouthd running as kernel_t
- Add mediawiki policy
- dontaudit sandbox sending signals to itself.  This can happen when they are running at different mcs.
- Disable transition from dbus_session_domain to telepathy for F14
- Allow boinc_project to use shm
- Allow certmonger to search through directories that contain certs
- Allow fail2ban the DAC Override so it can read log files owned by non root users - Start adding support for use_fusefs_home_dirs
- Add /var/lib/syslog directory file context
- Add /etc/localtime as locale file context - Turn off default transition to mozilla_plugin and telepathy domains from unconfined user 
- Turn off iptables from unconfined user 
- Allow sudo to send signals to any domains the user could have transitioned to.
- Passwd in single user mode needs to talk to console_device_t
- Mozilla_plugin_t needs to connect to web ports, needs to write to video device, and read alsa_home_t alsa setsup pulseaudio
- locate tried to read a symbolic link, will dontaudit
- New labels for telepathy-sunshine content in homedir
- Google is storing other binaries under /opt/google/talkplugin
- bluetooth/kernel is creating unlabeled_t socket that I will allow it to use until kernel fixes bug
- Add boolean for unconfined_t transition to mozilla_plugin_t and telepathy domains, turned off in F14 on in F15
- modemmanger and bluetooth send dbus messages to devicekit_power
- Samba needs to getquota on filesystems labeld samba_share_t - Dontaudit attempts by xdm_t to write to bin_t for kdm
- Allow initrc_t to manage system_conf_t - Fixes to allow mozilla_plugin_t to create nsplugin_home_t directory.
- Allow mozilla_plugin_t to create tcp/udp/netlink_route sockets
- Allow confined users to read xdm_etc_t files
- Allow xdm_t to transition to xauth_t for lxdm program - Rearrange firewallgui policy to be more easily updated to upstream, dontaudit search of /home
- Allow clamd to send signals to itself
- Allow mozilla_plugin_t to read user home content.  And unlink pulseaudio shm.
- Allow haze to connect to yahoo chat and messenger port tcp:5050.
Bz #637339
- Allow guest to run ps command on its processes by allowing it to read /proc
- Allow firewallgui to sys_rawio which seems to be required to setup masqerading
- Allow all domains to search through default_t directories, in order to find differnet labels.  For example people serring up /foo/bar to be share via samba.
- Add label for /var/log/slim.log - Pull in cleanups from dgrift
- Allow mozilla_plugin_t to execute mozilla_home_t
- Allow rpc.quota to do quotamod - Cleanup policy via dgrift
- Allow dovecot_deliver to append to inherited log files
- Lots of fixes for consolehelper - Fix up Xguest policy - Add vnstat policy
- allow libvirt to send audit messages
- Allow chrome-sandbox to search nfs_t - Update to upstream - Add the ability to send audit messages to confined admin policies
- Remove permissive domain from cmirrord and dontaudit sys_tty_config
- Split out unconfined_domain() calls from other unconfined_ calls so we can d
- virt needs to be able to read processes to clearance for MLS - Allow all domains that can use cgroups to search tmpfs_t directory
- Allow init to send audit messages - Update to upstream - Allow mdadm_t to create files and sock files in /dev/md/ - Add policy for ajaxterm - Handle /var/db/sudo
- Allow pulseaudio to read alsa config
- Allow init to send initrc_t dbus messages Allow iptables to read shorewall tmp files
Change chfn and passwd to use auth_use_pam so they can send dbus messages to fpr
intd
label vlc as an execmem_exec_t 
Lots of fixes for mozilla_plugin to run google vidio chat
Allow telepath_msn to execute ldconfig and its own tmp files
Fix labels on hugepages
Allow mdadm to read files on /dev
Remove permissive domains and change back to unconfined
Allow freshclam to execute shell and bin_t
Allow devicekit_power to transition to dhcpc
Add boolean to allow icecast to connect to any port - Merge upstream fix of mmap_zero
- Allow mount to write files in debugfs_t
- Allow corosync to communicate with clvmd via tmpfs
- Allow certmaster to read usr_t files
- Allow dbus system services to search cgroup_t
- Define rlogind_t as a login pgm - Allow mdadm_t to read/write hugetlbfs - Dominic Grift Cleanup
- Miroslav Grepl policy for jabberd
- Various fixes for mount/livecd and prelink - Merge with upstream - More access needed for devicekit
- Add dbadm policy - Merge with upstream - Allow seunshare to fowner - Allow cron to look at user_cron_spool links
- Lots of fixes for mozilla_plugin_t
- Add sysv file system
- Turn unconfined domains to permissive to find additional avcs - Update policy for mozilla_plugin_t - Allow clamscan to read proc_t
- Allow mount_t to write to debufs_t dir
- Dontaudit mount_t trying to write to security_t dir - Allow clamscan_t execmem if clamd_use_jit set
- Add policy for firefox plugin-container - Fix /root/.forward definition - label dead.letter as mail_home_t - Allow login programs to search /cgroups - Fix cert handling - Fix devicekit_power bug
- Allow policykit_auth_t more access. - Fix nis calls to allow bind to ports 512-1024
- Fix smartmon - Allow pcscd to read sysfs
- systemd fixes 
- Fix wine_mmap_zero_ignore boolean - Apply Miroslav munin patch
- Turn back on allow_execmem and allow_execmod booleans - Merge in fixes from dgrift repository - Update boinc policy
- Fix sysstat policy to allow sys_admin
- Change failsafe_context to unconfined_r:unconfined_t:s0 - New paths for upstart - New permissions for syslog
- New labels for /lib/upstart - Add mojomojo policy - Allow systemd to setsockcon on sockets to immitate other services - Remove debugfs label - Update to latest policy - Fix eclipse labeling from IBMSupportAssasstant packageing - Make boot with systemd in enforcing mode - Update to upstream - Add boolean to turn off port forwarding in sshd. - Add support for ebtables
- Fixes for rhcs and corosync policy -Update to upstream -Update to upstream -Update to upstream - Add Zarafa policy - Cleanup of aiccu policy
- initial mock policy - Lots of random fixes - Update to upstream - Update to upstream
- Allow prelink script to signal itself
- Cobbler fixes - Add xdm_var_run_t to xserver_stream_connect_xdm
- Add cmorrord and mpd policy from Miroslav Grepl - Fix sshd creation of krb cc files for users to be user_tmp_t - Fixes for accountsdialog
- Fixes for boinc - Fix label on /var/lib/dokwiki
- Change permissive domains to enforcing
- Fix libvirt policy to allow it to run on mls - Update to upstream - Allow procmail to execute scripts in the users home dir that are labeled home_bin_t
- Fix /var/run/abrtd.lock label - Allow login programs to read krb5_home_t
Resolves: 594833
- Add obsoletes for cachefilesfd-selinux package
Resolves: #575084 - Allow mount to r/w abrt fifo file
- Allow svirt_t to getattr on hugetlbfs
- Allow abrt to create a directory under /var/spool - Add labels for /sys
- Allow sshd to getattr on shutdown
- Fixes for munin
- Allow sssd to use the kernel key ring
- Allow tor to send syslog messages
- Allow iptabels to read usr files
- allow policykit to read all domains state - Fix path for /var/spool/abrt
- Allow nfs_t as an entrypoint for http_sys_script_t
- Add policy for piranha
- Lots of fixes for sosreport - Allow xm_t to read network state and get and set capabilities
- Allow policykit to getattr all processes
- Allow denyhosts to connect to tcp port 9911
- Allow pyranha to use raw ip sockets and ptrace itself
- Allow unconfined_execmem_t and gconfsd mechanism to dbus
- Allow staff to kill ping process
- Add additional MLS rules - Allow gdm to edit ~/.gconf dir
Resolves: #590677
- Allow dovecot to create directories in /var/lib/dovecot
Partially resolves 590224
- Allow avahi to dbus chat with NetworkManager
- Fix cobbler labels
- Dontaudit iceauth_t leaks
- fix /var/lib/lxdm file context
- Allow aiccu to use tun tap devices
- Dontaudit shutdown using xserver.log - Fixes for sandbox_x_net_t  to match access for sandbox_web_t ++
- Add xdm_etc_t for /etc/gdm directory, allow accountsd to manage this directory
- Add dontaudit interface for bluetooth dbus
- Add chronyd_read_keys, append_keys for initrc_t
- Add log support for ksmtuned
Resolves: #586663 - Allow boinc to send mail - Allow initrc_t to remove dhcpc_state_t
- Fix label on sa-update.cron
- Allow dhcpc to restart chrony initrc
- Don't allow sandbox to send signals to its parent processes
- Fix transition from unconfined_t -> unconfined_mount_t -> rpcd_t
Resolves: #589136 - Fix location of oddjob_mkhomedir
Resolves: #587385
- fix labeling on /root/.shosts and ~/.shosts
- Allow ipsec_mgmt_t to manage net_conf_t
Resolves: #586760 - Dontaudit sandbox trying to connect to netlink sockets
Resolves: #587609
- Add policy for piranha - Fixups for xguest policy
- Fixes for running sandbox firefox - Allow ksmtuned to use terminals
Resolves: #586663
- Allow lircd to write to generic usb devices - Allow sandbox_xserver to connectto unconfined stream
Resolves: #585171 - Allow initrc_t to read slapd_db_t
Resolves: #585476
- Allow ipsec_mgmt to use unallocated devpts and to create /etc/resolv.conf
Resolves: #585963 - Allow rlogind_t to search /root for .rhosts
Resolves: #582760
- Fix path for cached_var_t
- Fix prelink paths /var/lib/prelink	
- Allow confined users to direct_dri
- Allow mls lvm/cryptosetup to work - Allow virtd_t to manage firewall/iptables config
Resolves: #573585 - Fix label on /root/.rhosts
Resolves: #582760
- Add labels for Picasa
- Allow openvpn to read home certs
- Allow plymouthd_t to use tty_device_t
- Run ncftool as iptables_t
- Allow mount to unmount unlabeled_t
- Dontaudit hal leaks - Allow livecd to transition to mount - Update to upstream
- Allow abrt to delete sosreport
Resolves: #579998
- Allow snmp to setuid and gid
Resolves: #582155
- Allow smartd to use generic scsi devices
Resolves: #582145 - Allow ipsec_t to create /etc/resolv.conf with the correct label
- Fix reserved port destination
- Allow autofs to transition to showmount
- Stop crashing tuned - Add telepathysofiasip policy - Update to upstream
- Fix label for  /opt/google/chrome/chrome-sandbox
- Allow modemmanager to dbus with policykit - Fix allow_httpd_mod_auth_pam to use 	auth_use_pam(httpd_t)
- Allow accountsd to read shadow file
- Allow apache to send audit messages when using pam
- Allow asterisk to bind and connect to sip tcp ports
- Fixes for dovecot 2.0
- Allow initrc_t to setattr on milter directories
- Add procmail_home_t for .procmailrc file - Fixes for labels during install from livecd - Fix /cgroup file context 
- Fix broken afs use of unlabled_t
- Allow getty to use the console for s390 - Fix cgroup handling adding policy for /cgroup
- Allow confined users to write to generic usb devices, if user_rw_noexattrfile boolean set - Merge patches from dgrift - Update upstream
- Allow abrt to write to the /proc under any process - Fix ~/.fontconfig label
- Add /root/.cert label
- Allow reading of the fixed_file_disk_t:lnk_file if you can read file
- Allow qemu_exec_t as an entrypoint to svirt_t - Update to upstream
- Allow tmpreaper to delete sandbox sock files
- Allow chrome-sandbox_t to use /dev/zero, and dontaudit getattr file systems
- Fixes for gitosis
- No transition on livecd to passwd or chfn
- Fixes for denyhosts - Add label for /var/lib/upower
- Allow logrotate to run sssd
- dontaudit readahead on tmpfs blk files
- Allow tmpreaper to setattr on sandbox files
- Allow confined users to execute dos files
- Allow sysadm_t to kill processes running within its clearance
- Add accountsd policy
- Fixes for corosync policy
- Fixes from crontab policy
- Allow svirt to manage svirt_image_t chr files
- Fixes for qdisk policy
- Fixes for sssd policy
- Fixes for newrole policy - make libvirt work on an MLS platform - Add qpidd policy - Update to upstream - Allow boinc to read kernel sysctl
- Fix snmp port definitions
- Allow apache to read anon_inodefs - Allow shutdown dac_override - Add device_t as a file system
- Fix sysfs association - Dontaudit ipsec_mgmt sys_ptrace
- Allow at to mail its spool files
- Allow nsplugin to search in .pulse directory - Update to upstream - Allow users to dbus chat with xdm
- Allow users to r/w wireless_device_t
- Dontaudit reading of process states by ipsec_mgmt - Fix openoffice from unconfined_t - Add shutdown policy so consolekit can shutdown system - Update to upstream - Update to upstream - Update to upstream - These are merges of my patches
- Remove 389 labeling conflicts
- Add MLS fixes found in RHEL6 testing
- Allow pulseaudio to run as a service
- Add label for mssql and allow apache to connect to this database port if boolean set
- Dontaudit searches of debugfs mount point
- Allow policykit_auth to send signals to itself
- Allow modcluster to call getpwnam
- Allow swat to signal winbind
- Allow usbmux to run as a system role
- Allow svirt to create and use devpts - Add MLS fixes found in RHEL6 testing
- Allow domains to append to rpm_tmp_t
- Add cachefilesfd policy
- Dontaudit leaks when transitioning - Change allow_execstack and allow_execmem booleans to on
- dontaudit acct using console
- Add label for fping
- Allow tmpreaper to delete sandbox_file_t
- Fix wine dontaudit mmap_zero
- Allow abrt to read var_t symlinks - Additional policy for rgmanager - Allow sshd to setattr on pseudo terms - Update to upstream - Allow policykit to send itself signals - Fix duplicate cobbler definition - Fix file context of /var/lib/avahi-autoipd - Merge with upstream - Allow sandbox to work with MLS - Make Chrome work with staff user - Add icecast policy
- Cleanup  spec file - Add mcelog policy - Lots of fixes found in F12 - Fix rpm_dontaudit_leaks - Add getsched to hald_t
- Add file context for Fedora/Redhat Directory Server - Allow abrt_helper to getattr on all filesystems
- Add label for /opt/real/RealPlayer/plugins/oggfformat\.so - Add gstreamer_home_t for ~/.gstreamer - Update to upstream - Fix git - Turn on puppet policy
- Update to dgrift git policy - Move users file to selection by spec file.
- Allow vncserver to run as unconfined_u:unconfined_r:unconfined_t - Update to upstream - Remove most of the permissive domains from F12. - Add cobbler policy from dgrift - add usbmon device
- Add allow rulse for devicekit_disk - Lots of fixes found in F12, fixes from Tom London - Cleanups from dgrift - Add back xserver_manage_home_fonts - Dontaudit sandbox trying to read nscd and sssd - Update to upstream - Rename udisks-daemon back to devicekit_disk_t policy - Fixes for abrt calls - Add tgtd policy - Update to upstream release - Add asterisk policy back in
- Update to upstream release 2.20091117 - Update to upstream release 2.20091117 - Fixup nut policy - Update to upstream - Allow vpnc request the kernel to load modules - Fix minimum policy installs
- Allow udev and rpcbind to request the kernel to load modules - Add plymouth policy
- Allow local_login to sys_admin - Allow cupsd_config to read user tmp
- Allow snmpd_t to signal itself
- Allow sysstat_t to makedir in sysstat_log_t - Update rhcs policy - Allow users to exec restorecond - Allow sendmail to request kernel modules load - Fix all kernel_request_load_module domains - Fix all kernel_request_load_module domains - Remove allow_exec* booleans for confined users.  Only available for unconfined_t - More fixes for sandbox_web_t - Allow sshd to create .ssh directory and content - Fix request_module line to module_request - Fix sandbox policy to allow it to run under firefox.  
- Dont audit leaks. - Fixes for sandbox - Update to upstream
- Dontaudit nsplugin search /root
- Dontaudit nsplugin sys_nice - Fix label on /usr/bin/notepad, /usr/sbin/vboxadd-service
- Remove policycoreutils-python requirement except for minimum - Fix devicekit_disk_t to getattr on all domains sockets and fifo_files
- Conflicts seedit (You can not use selinux-policy-targeted and seedit at the same time.) - Add wordpress/wp-content/uploads label
- Fixes for sandbox when run from staff_t - Update to upstream
- Fixes for devicekit_disk - More fixes - Lots of fixes for initrc and other unconfined domains - Allow xserver to use  netlink_kobject_uevent_socket - Fixes for sandbox - Dontaudit setroubleshootfix looking at /root directory - Update to upsteam - Allow gssd to send signals to users
- Fix duplicate label for apache content - Update to upstream - Remove polkit_auth on upgrades - Add back in unconfined.pp and unconfineduser.pp
- Add Sandbox unshare - Fixes for cdrecord, mdadm, and others - Add capability setting to dhcpc and gpm - Allow cronjobs to read exim_spool_t - Add ABRT policy - Fix system-config-services policy - Allow libvirt to change user componant of virt_domain - Allow cupsd_config_t to be started by dbus
- Add smoltclient policy - Add policycoreutils-python to pre install - Make all unconfined_domains permissive so we can see what AVC's happen - Add pt_chown policy - Add kdump policy for Miroslav Grepl
- Turn off execstack boolean - Turn on execstack on a temporary basis (#512845) - Allow nsplugin to connecto the session bus
- Allow samba_net to write to coolkey data - Allow devicekit_disk to list inotify - Allow svirt images to create sock_file in svirt_var_run_t - Allow exim to getattr on mountpoints
- Fixes for pulseaudio - Allow svirt_t to stream_connect to virtd_t - Allod hald_dccm_t to create sock_files in /tmp - More fixes from upstream - Fix polkit label
- Remove hidebrokensymptoms for nss_ldap fix
- Add modemmanager policy
- Lots of merges from upstream
- Begin removing textrel_shlib_t labels, from fixed libraries - Update to upstream - Allow certmaster to override dac permissions - Update to upstream - Fix context for VirtualBox - Update to upstream - Allow clamscan read amavis spool files - Fixes for xguest - fix multiple directory ownership of mandirs - Update to upstream - Add rules for rtkit-daemon - Update to upstream
- Fix nlscd_stream_connect - Add rtkit policy - Allow rpcd_t to stream connect to rpcbind - Allow kpropd to create tmp files - Fix last duplicate /var/log/rpmpkgs - Update to upstream
  * add sssd - Update to upstream
  * cleanup - Update to upstream
- Additional mail ports
- Add virt_use_usb boolean for svirt - Fix mcs rules to include chr_file and blk_file - Add label for udev-acl - Additional rules for consolekit/udev, privoxy and various other fixes - New version for upstream - Allow NetworkManager to read inotifyfs - Allow setroubleshoot to run mlocate - Update to upstream - Add fish as a shell
- Allow fprintd to list usbfs_t
- Allow consolekit to search mountpoints
- Add proper labeling for shorewall - New log file for vmware
- Allow xdm to setattr on user_tmp_t - Upgrade to upstream - Allow fprintd to access sys_ptrace
- Add sandbox policy - Add varnishd policy - Fixes for kpropd - Allow brctl to r/w tun_tap_device_t - Add /usr/share/selinux/packages - Allow rpcd_t to send signals to kernel threads - Fix upgrade for F10 to F11 - Add policy for /var/lib/fprint -Remove duplicate line - Allow svirt to manage pci and other sysfs device data - Fix package selection handling - Fix /sbin/ip6tables-save context
- Allod udev to transition to mount
- Fix loading of mls policy file - Add shorewall policy - Additional rules for fprintd and sssd - Allow nsplugin to unix_read unix_write sem for unconfined_java - Fix uml files to be owned by users - Fix Upgrade path to install unconfineduser.pp when unocnfined package is 3.0.0 or less - Allow confined users to manage virt_content_t, since this is home dir content
- Allow all domains to read rpm_script_tmp_t which is what shell creates on redirection - Fix labeling on /var/lib/misc/prelink*
- Allow xserver to rw_shm_perms with all x_clients
- Allow prelink to execute files in the users home directory - Allow initrc_t to delete dev_null
- Allow readahead to configure auditing
- Fix milter policy
- Add /var/lib/readahead - Update to latest milter code from Paul Howarth - Additional perms for readahead - Allow pulseaudio to acquire_svc on session bus
- Fix readahead labeling - Allow sysadm_t to run rpm directly
- libvirt needs fowner - Allow sshd to read var_lib symlinks for freenx - Allow nsplugin unix_read and write on users shm and sem
- Allow sysadm_t to execute su - Dontaudit attempts to getattr user_tmpfs_t by lvm
- Allow nfs to share removable media - Add ability to run postdrop from confined users - Fixes for podsleuth - Turn off nsplugin transition
- Remove Konsole leaked file descriptors for release - Allow cupsd_t to create link files in print_spool_t
- Fix iscsi_stream_connect typo
- Fix labeling on /etc/acpi/actions
- Don't reinstall unconfine and unconfineuser on upgrade if they are not installed - Allow audioentroy to read etc files - Add fail2ban_var_lib_t
- Fixes for devicekit_power_t - Separate out the ucnonfined user from the unconfined.pp package - Make sure unconfined_java_t and unconfined_mono_t create user_tmpfs_t. - Upgrade to latest upstream
- Allow devicekit_disk sys_rawio - Dontaudit binds to ports < 1024 for named
- Upgrade to latest upstream - Allow podsleuth to use tmpfs files - Add customizable_types for svirt - Allow setroubelshoot exec* privs to prevent crash from bad libraries
- add cpufreqselector - Dontaudit listing of /root directory for cron system jobs - Fix missing ld.so.cache label - Add label for ~/.forward and /root/.forward - Fixes for svirt - Fixes to allow svirt read iso files in homedir - Add xenner and wine fixes from mgrepl - Allow mdadm to read/write mls override - Change to svirt to only access svirt_image_t - Fix libvirt policy - Upgrade to latest upstream - Fixes for iscsid and sssd
- More cleanups for upgrade from F10 to Rawhide. - Add pulseaudio, sssd policy
- Allow networkmanager to exec udevadm - Add pulseaudio context - Upgrade to latest patches - Fixes for libvirt - Update to Latest upstream - Fix setrans.conf to show SystemLow for s0 - Further confinement of qemu images via svirt - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild - Allow NetworkManager to manage /etc/NetworkManager/system-connections - add virtual_image_context and virtual_domain_context files - Allow rpcd_t to send signal to mount_t
- Allow libvirtd to run ranged - Fix sysnet/net_conf_t - Fix squidGuard labeling - Re-add corenet_in_generic_if(unlabeled_t) * Tue Feb 10 2009 Dan Walsh <dwalsh@redhat.com> 3.6.5-2
- Add git web policy - Add setrans contains from upstream - Do transitions outside of the booleans - Allow xdm to create user_tmp_t sockets for switch user to work - Fix staff_t domain - Grab remainder of network_peer_controls patch - More fixes for devicekit - Upgrade to latest upstream - Add boolean to disallow unconfined_t login - Add back transition from xguest to mozilla - Add virt_content_ro_t and labeling for isos directory - Fixes for wicd daemon - More mls/rpm fixes - Add policy to make dbus/nm-applet work - Remove polgen-ifgen from post and add trigger to policycoreutils-python - Add wm policy
- Make mls work in graphics mode - Fixed for DeviceKit - Add devicekit policy - Update to upstream - Define openoffice as an x_domain - Fixes for reading xserver_tmp_t - Allow cups_pdf_t write to nfs_t - Remove audio_entropy policy - Update to upstream - Allow hal_acl_t to getattr/setattr fixed_disk - Change userdom_read_all_users_state to include reading symbolic links in /proc - Fix dbus reading /proc information - Add missing alias for home directory content - Fixes for IBM java location - Allow unconfined_r unconfined_java_t - Add cron_role back to user domains - Fix sudo setting of user keys - Allow iptables to talk to terminals
- Fixes for policy kit
- lots of fixes for booting. - Cleanup policy - Rebuild for Python 2.6 - Fix labeling on /var/spool/rsyslog - Allow postgresl to bind to udp nodes - Allow lvm to dbus chat with hal
- Allow rlogind to read nfs_t - Fix cyphesis file context - Allow hal/pm-utils to look at /var/run/video.rom
- Add ulogd policy - Additional fixes for cyphesis
- Fix certmaster file context
- Add policy for system-config-samba
- Allow hal to read /var/run/video.rom - Allow dhcpc to restart ypbind
- Fixup labeling in /var/run - Add certmaster policy - Fix confined users 
- Allow xguest to read/write xguest_dbusd_t - Allow openoffice execstack/execmem privs - Allow mozilla to run with unconfined_execmem_t - Dontaudit domains trying to write to .xsession-errors - Allow nsplugin to look at autofs_t directory - Allow kerneloops to create tmp files - More alias for fastcgi - Remove mod_fcgid-selinux package - Fix dovecot access - Policy cleanup - Remove Multiple spec
- Add include
- Fix makefile to not call per_role_expansion - Fix labeling of libGL - Update to upstream - Update to upstream policy - Fixes for confined xwindows and xdm_t - Allow confined users and xdm to exec wm
- Allow nsplugin to talk to fifo files on nfs - Allow NetworkManager to transition to avahi and iptables
- Allow domains to search other domains keys, coverup kernel bug - Fix labeling for oracle - Allow nsplugin to comminicate with xdm_tmp_t sock_file - Change all user tmpfs_t files to be labeled user_tmpfs_t
- Allow radiusd to create sock_files - Upgrade to upstream - Allow confined users to login with dbus - Fix transition to nsplugin - Add file context for /dev/mspblk.* - Fix transition to nsplugin
' - Fix labeling on new pm*log
- Allow ssh to bind to all nodes - Merge upstream changes
- Add Xavier Toth patches - Add qemu_cache_t for /var/cache/libvirt - Remove gamin policy - Add tinyxs-max file system support - Update to upstream
-       New handling of init scripts - Allow pcsd to dbus
- Add memcache policy - Allow audit dispatcher to kill his children - Update to upstream
- Fix crontab use by unconfined user - Allow ifconfig_t to read dhcpc_state_t - Update to upstream - Update to upstream - Allow system-config-selinux to work with policykit - Fix novel labeling - Consolodate pyzor,spamassassin, razor into one security domain
- Fix xdm requiring additional perms. - Fixes for logrotate, alsa - Eliminate vbetool duplicate entry - Fix xguest -> xguest_mozilla_t -> xguest_openiffice_t
- Change dhclient to be able to red networkmanager_var_run - Update to latest refpolicy
- Fix libsemanage initial install bug - Add inotify support to nscd - Allow unconfined_t to setfcap - Allow amanda to read tape
- Allow prewikka cgi to use syslog, allow audisp_t to signal cgi
- Add support for netware file systems - Allow ypbind apps to net_bind_service - Allow all system domains and application domains to append to any log file - Allow gdm to read rpm database
- Allow nsplugin to read mplayer config files - Allow vpnc to run ifconfig - Allow confined users to use postgres
- Allow system_mail_t to exec other mail clients
- Label mogrel_rails as an apache server - Apply unconfined_execmem_exec_t to haskell programs - Fix prelude file context - allow hplip to talk dbus
- Fix context on ~/.local dir - Prevent applications from reading x_device - Add /var/lib/selinux context - Update to upstream - Add livecd policy - Dontaudit search of admin_home for init_system_domain
- Rewrite of xace interfaces
- Lots of new fs_list_inotify
- Allow livecd to transition to setfiles_mac - Begin XAce integration - Merge Upstream - Allow amanada to create data files - Fix initial install, semanage setup - Allow system_r for httpd_unconfined_script_t - Remove dmesg boolean
- Allow user domains to read/write game data - Change unconfined_t to transition to unconfined_mono_t when running mono
- Change XXX_mono_t to transition to XXX_t when executing bin_t files, so gnome-do will work - Remove old booleans from targeted-booleans.conf file - Add boolean to mmap_zero
- allow tor setgid
- Allow gnomeclock to set clock - Don't run crontab from unconfined_t - Change etc files to config files to allow users to read them - Lots of fixes for confined domains on NFS_t homedir - dontaudit mrtg reading /proc
- Allow iscsi to signal itself
- Allow gnomeclock sys_ptrace - Allow dhcpd to read kernel network state - Label /var/run/gdm correctly
- Fix unconfined_u user creation - Allow transition from initrc_t to getty_t - Allow passwd to communicate with user sockets to change gnome-keyring - Fix initial install - Allow radvd to use fifo_file
- dontaudit setfiles reading links
- allow semanage sys_resource
- add allow_httpd_mod_auth_ntlm_winbind boolean
- Allow privhome apps including dovecot read on nfs and cifs home 
dirs if the boolean is set - Allow nsplugin to read /etc/mozpluggerrc, user_fonts
- Allow syslog to manage innd logs.
- Allow procmail to ioctl spamd_exec_t - Allow initrc_t to dbus chat with consolekit. - Additional access for nsplugin
- Allow xdm setcap/getcap until pulseaudio is fixed - Allow mount to mkdir on tmpfs
- Allow ifconfig to search debugfs - Fix file context for MATLAB
- Fixes for xace - Allow stunnel to transition to inetd children domains
- Make unconfined_dbusd_t an unconfined domain - Fixes for qemu/virtd - Fix bug in mozilla policy to allow xguest transition
- This will fix the 

libsemanage.dbase_llist_query: could not find record value
libsemanage.dbase_llist_query: could not query record value (No such file or
directory)
 bug in xguest - Allow nsplugin to run acroread - Add cups_pdf policy
- Add openoffice policy to run in xguest - prewika needs to contact mysql
- Allow syslog to read system_map files - Change init_t to an unconfined_domain - Allow init to transition to initrc_t on shell exec.
- Fix init to be able to sendto init_t.
- Allow syslog to connect to mysql
- Allow lvm to manage its own fifo_files
- Allow bugzilla to use ldap
- More mls fixes - fixes for init policy (#436988)
- fix build - Additional changes for MLS policy - Fix initrc_context generation for MLS - Fixes for libvirt - Allow bitlebee to read locale_t - More xselinux rules - Change httpd_$1_script_r*_t to httpd_$1_content_r*_t - Prepare policy for beta release
- Change some of the system domains back to unconfined
- Turn on some of the booleans - Allow nsplugin_config execstack/execmem
- Allow nsplugin_t to read alsa config
- Change apache to use user content - Add cyphesis policy - Fix Makefile.devel to build mls modules
- Fix qemu to be more specific on labeling - Update to upstream fixes - Allow staff to mounton user_home_t - Add xace support - Add fusectl file system - Fixes from yum-cron
- Update to latest upstream - Fix userdom_list_user_files - Merge with upstream - Allow udev to send audit messages - Add additional login users interfaces
  -     userdom_admin_login_user_template(staff) - More fixes for polkit - Eliminate transition from unconfined_t to qemu by default
- Fixes for gpg - Update to upstream - Fixes for staff_t - Add policy for kerneloops
- Add policy for gnomeclock - Fixes for libvirt - Fixes for nsplugin - More fixes for qemu - Additional ports for vnc and allow qemu and libvirt to search all directories - Update to upstream
- Add libvirt policy
- add qemu policy - Allow fail2ban to create a socket in /var/run - Allow allow_httpd_mod_auth_pam to work - Add audisp policy and prelude - Allow all user roles to executae samba net command - Allow usertypes to read/write noxattr file systems - Fix nsplugin to allow flashplugin to work in enforcing mode - Allow pam_selinux_permit to kill all processes - Allow ptrace or user processes by users of same type
- Add boolean for transition to nsplugin - Allow nsplugin sys_nice, getsched, setsched - Allow login programs to talk dbus to oddjob - Add procmail_log support
- Lots of fixes for munin - Allow setroubleshoot to read policy config and send audit messages - Allow users to execute all files in homedir, if boolean set
- Allow mount to read samba config - Fixes for xguest to run java plugin - dontaudit pam_t and dbusd writing to user_home_t - Update gpg to allow reading of inotify - Change user and staff roles to work correctly with varied perms - Fix munin log,
- Eliminate duplicate mozilla file context
- fix wpa_supplicant spec - Fix role transition from unconfined_r to system_r when running rpm
- Allow unconfined_domains to communicate with user dbus instances - Fixes for xguest - Let all uncofined domains communicate with dbus unconfined - Run rpm in system_r - Zero out customizable types - Fix definiton of admin_home_t - Fix munin file context - Allow cron to run unconfined apps - Modify default login to unconfined_u - Dontaudit dbus user client search of /root - Update to upstream - Fixes for polkit
- Allow xserver to ptrace - Add polkit policy
- Symplify userdom context, remove automatic per_role changes - Update to upstream
- Allow httpd_sys_script_t to search users homedirs - Allow rpm_script to transition to unconfined_execmem_t - Remove user based home directory separation - Remove user specific crond_t - Merge with upstream
- Allow xsever to read hwdata_t
- Allow login programs to setkeycreate - Update to upstream - Update to upstream - Allow XServer to read /proc/self/cmdline
- Fix unconfined cron jobs
- Allow fetchmail to transition to procmail
- Fixes for hald_mac
- Allow system_mail to transition to exim
- Allow tftpd to upload files
- Allow xdm to manage unconfined_tmp
- Allow udef to read alsa config
- Fix xguest to be able to connect to sound port - Fixes for hald_mac 
- Treat unconfined_home_dir_t as a home dir
- dontaudit rhgb writes to fonts and root - Fix dnsmasq
- Allow rshd full login privs - Allow rshd to connect to ports > 1023 - Fix vpn to bind to port 4500
- Allow ssh to create shm
- Add Kismet policy - Allow rpm to chat with networkmanager - Fixes for ipsec and exim mail
- Change default to unconfined user - Pass the UNK_PERMS param to makefile
- Fix gdm location - Make alsa work - Fixes for consolekit and startx sessions - Dontaudit consoletype talking to unconfined_t - Remove homedir_template - Check asound.state - Fix exim policy - Allow tmpreadper to read man_t
- Allow racoon to bind to all nodes
- Fixes for finger print reader - Allow xdm to talk to input device (fingerprint reader)
- Allow octave to run as java - Allow login programs to set ioctl on /proc - Allow nsswitch apps to read samba_var_t - Fix maxima - Eliminate rpm_t:fifo_file avcs
- Fix dbus path for helper app - Fix service start stop terminal avc's - Allow also to search var_lib
- New context for dbus launcher - Allow cupsd_config_t to read/write usb_device_t
- Support for finger print reader,
- Many fixes for clvmd
- dbus starting networkmanager - Fix java and mono to run in xguest account - Fix to add xguest account when inititial install
- Allow mono, java, wine to run in userdomains - Allow xserver to search devpts_t
- Dontaudit ldconfig output to homedir - Remove hplip_etc_t change back to etc_t. - Allow cron to search nfs and samba homedirs - Allow NetworkManager to dbus chat with yum-updated - Allow xfs to bind to port 7100 - Allow newalias/sendmail dac_override
- Allow bind to bind to all udp ports - Turn off direct transition - Allow wine to run in system role - Fix java labeling - Define user_home_type as home_type - Allow sendmail to create etc_aliases_t - Allow login programs to read symlinks on homedirs - Update an readd modules - Cleanup  spec file - Allow xserver to be started by unconfined process and talk to tty - Upgrade to upstream to grab postgressql changes - Add setransd for mls policy - Add ldconfig_cache_t - Allow sshd to write to proc_t for afs login - Allow xserver access to urand - allow dovecot to search mountpoints - Fix Makefile for building policy modules - Fix dhcpc startup of service - Fix dbus chat to not happen for xguest and guest users - Fix nagios cgi
- allow squid to communicate with winbind - Fixes for ldconfig - Update from upstream - Add nasd support - Fix new usb devices and dmfm - Eliminate mount_ntfs_t policy, merge into mount_t - Allow xserver to write to ramfs mounted by rhgb - Add context for dbus machine id - Update with latest changes from upstream - Fix prelink to handle execmod - Add ntpd_key_t to handle secret data - Add anon_inodefs
- Allow unpriv user exec pam_exec_t
- Fix trigger - Allow cups to use generic usb
- fix inetd to be able to run random apps (git) - Add proper contexts for rsyslogd - Fixes for xguest policy - Allow execution of gconf - Fix moilscanner update problem - Begin adding policy to separate setsebool from semanage
- Fix xserver.if definition to not break sepolgen.if - Add new devices - Add brctl policy - Fix root login to include system_r - Allow prelink to read kernel sysctls - Default to user_u:system_r:unconfined_t - fix squid
- Fix rpm running as uid - Fix syslog declaration - Allow avahi to access inotify
- Remove a lot of bogus security_t:filesystem avcs - Remove ifdef strict policy from upstream - Remove ifdef strict to allow user_u to login - Fix for amands
- Allow semanage to read pp files
- Allow rhgb to read xdm_xserver_tmp - Allow kerberos servers to use ldap for backing store - allow alsactl to read kernel state - More fixes for alsactl
- Transition from hal and modutils
- Fixes for suspend resume.  
     - insmod domtrans to alsactl
     - insmod writes to hal log - Allow unconfined_t to transition to NetworkManager_t
- Fix netlabel policy - Update to latest from upstream - Update to latest from upstream - Update to latest from upstream - Allow pcscd_t to send itself signals - Fixes for unix_update
- Fix logwatch to be able to search all dirs - Upstream bumped the version - Allow consolekit to syslog
- Allow ntfs to work with hal - Allow iptables to read etc_runtime_t - MLS Fixes - Fix path of /etc/lvm/cache directory
- Fixes for alsactl and pppd_t
- Fixes for consolekit - Allow insmod_t to mount kvmfs_t filesystems - Rwho policy
- Fixes for consolekit - fixes for fusefs - Fix samba_net to allow it to view samba_var_t - Update to upstream - Fix Sonypic backlight
- Allow snmp to look at squid_conf_t - Fixes for pyzor, cyrus, consoletype on everything installs - Fix hald_acl_t to be able to getattr/setattr on usb devices
- Dontaudit write to unconfined_pipes for load_policy - Allow bluetooth to read inotifyfs - Fixes for samba domain controller.
- Allow ConsoleKit to look at ttys - Fix interface call - Allow syslog-ng to read /var
- Allow locate to getattr on all filesystems
- nscd needs setcap - Update to upstream - Allow samba to run groupadd - Update to upstream - Allow mdadm to access generic scsi devices - Fix labeling on udev.tbl dirs - Fixes for logwatch - Add fusermount and mount_ntfs policy - Update to upstream
- Allow saslauthd to use kerberos keytabs - Fixes for samba_var_t - Allow networkmanager to setpgid
- Fixes for hal_acl_t - Remove disable_trans booleans
- hald_acl_t needs to talk to nscd - Fix prelink to be able to manage usr dirs. - Allow insmod to launch init scripts - Remove setsebool policy - Fix handling of unlabled_t packets - More of my patches from upstream - Update to latest from upstream
- Add fail2ban policy - Update to remove security_t:filesystem getattr problems - Policy for consolekit - Update to latest from upstream - Revert Nemiver change
- Set sudo as a corecmd so prelink will work,  remove sudoedit mapping, since this will not work, it does not transition.
- Allow samba to execute useradd - Upgrade to the latest from upstream - Add sepolgen support
- Add bugzilla policy - Fix file context for nemiver - Remove include sym link - Allow mozilla, evolution and thunderbird to read dev_random.
Resolves: #227002
- Allow spamd to connect to smtp port
Resolves: #227184
- Fixes to make ypxfr work
Resolves: #227237 - Fix ssh_agent to be marked as an executable
- Allow Hal to rw sound device - Fix spamassisin so crond can update spam files
- Fixes to allow kpasswd to work
- Fixes for bluetooth - Remove some targeted diffs in file context file - Fix squid cachemgr labeling - Add ability to generate webadm_t policy
- Lots of new interfaces for httpd
- Allow sshd to login as unconfined_t - Continue fixing, additional user domains - Begin adding user confinement to targeted policy - Fixes for prelink, ktalkd, netlabel - Allow prelink when run from rpm to create tmp files
Resolves: #221865
- Remove file_context for exportfs
Resolves: #221181
- Allow spamassassin to create ~/.spamassissin
Resolves: #203290
- Allow ssh access to the krb tickets
- Allow sshd to change passwd
- Stop newrole -l from working on non securetty
Resolves: #200110
- Fixes to run prelink in MLS machine
Resolves: #221233
- Allow spamassassin to read var_lib_t dir
Resolves: #219234 - fix mplayer to work under strict policy
- Allow iptables to use nscd
Resolves: #220794 - Add gconf policy and make it work with strict - Many fixes for strict policy and by extension mls. - Fix to allow ftp to bind to ports > 1024
Resolves: #219349 - Allow semanage to exec it self.  Label genhomedircon as semanage_exec_t
Resolves: #219421
- Allow sysadm_lpr_t to manage other print spool jobs
Resolves: #220080 - allow automount to setgid
Resolves: #219999 - Allow cron to polyinstatiate 
- Fix creation of boot flags
Resolves: #207433 - Fixes for irqbalance
Resolves: #219606 - Fix vixie-cron to work on mls
Resolves: #207433 Resolves: #218978 - Allow initrc to create files in /var directories
Resolves: #219227 - More fixes for MLS
Resolves: #181566 - More Fixes polyinstatiation
Resolves: #216184 - More Fixes polyinstatiation
- Fix handling of keyrings
Resolves: #216184 - Fix polyinstatiation
- Fix pcscd handling of terminal
Resolves: #218149
Resolves: #218350 - More fixes for quota
Resolves: #212957 - ncsd needs to use avahi sockets
Resolves: #217640
Resolves: #218014 - Allow login programs to polyinstatiate homedirs
Resolves: #216184
- Allow quotacheck to create database files
Resolves: #212957 - Dontaudit appending hal_var_lib files 
Resolves: #217452
Resolves: #217571
Resolves: #217611
Resolves: #217640
Resolves: #217725 - Fix context for helix players file_context #216942 - Fix load_policy to be able to mls_write_down so it can talk to the terminal - Fixes for hwclock, clamav, ftp - Move to upstream version which accepted my patches - Fixes for nvidia driver - Allow semanage to signal mcstrans - Update to upstream - Allow modstorage to edit /etc/fstab file - Fix for qemu, /dev/ - Fix path to realplayer.bin - Allow xen to connect to xen port - Allow cups to search samba_etc_t directory
- Allow xend_t to list auto_mountpoints - Allow xen to search automount - Fix spec of jre files - Fix unconfined access to shadow file - Allow xend to create files in xen_image_t directories - Fixes for /var/lib/hal - Remove ability for sysadm_t to look at audit.log - Fix rpc_port_types
- Add aide policy for mls - Merge with upstream - Lots of fixes for ricci - Allow xen to read/write fixed devices with a boolean
- Allow apache to search /var/log - Fix policygentool specfile problem.
- Allow apache to send signals to it's logging helpers.
- Resolves: rhbz#212731 - Add perms for swat - Add perms for swat - Allow daemons to dump core files to / - Fixes for ricci - Allow mount.nfs to work - Allow ricci-modstorage to look at lvm_etc_t - Fixes for ricci using saslauthd - Allow mountpoint on home_dir_t and home_t - Update xen to read nfs files - Allow noxattrfs to associate with other noxattrfs - Allow hal to use power_device_t - Allow procemail to look at autofs_t
- Allow xen_image_t to work as a fixed device - Refupdate from upstream - Add lots of fixes for mls cups - Lots of fixes for ricci - Fix number of cats - Update to upstream - More iSCSI changes for #209854 - Test ISCSI fixes for #209854 - allow semodule to rmdir selinux_config_t dir - Fix boot_runtime_t problem on ppc.  Should not be creating these files. - Fix context mounts on reboot
- Fix ccs creation of directory in /var/log - Update for tallylog - Allow xend to rewrite dhcp conf files
- Allow mgetty sys_admin capability - Make xentapctrl work - Don't transition unconfined_t to bootloader_t
- Fix label in /dev/xen/blktap - Patch for labeled networking - Fix crond handling for mls - Update to upstream - Remove bluetooth-helper transition
- Add selinux_validate for semanage
- Require new version of libsemanage - Fix prelink - Fix rhgb - Fix setrans handling on MLS and useradd - Support for fuse
- fix vigr - Fix dovecot, amanda
- Fix mls - Allow java execheap for itanium - Update with upstream - mls fixes - Update from upstream - More fixes for mls
- Revert change on automount transition to mount - Fix cron jobs to run under the correct context - Fixes to make pppd work - Multiple policy fixes
- Change max categories to 1023 - Fix transition on mcstransd - Add /dev/em8300 defs - Upgrade to upstream - Fix ppp connections from network manager - Add tty access to all domains boolean
- Fix gnome-pty-helper context for ia64 - Fixed typealias of firstboot_rw_t - Fix location of xel log files
- Fix handling of sysadm_r -> rpm_exec_t - Fixes for autofs, lp - Update from upstream - Fixup for test6 - Update to upstream - Update to upstream - Fix suspend to disk problems - Lots of fixes for restarting daemons at the console. - Fix audit line
- Fix requires line - Upgrade to upstream - Fix install problems - Allow setroubleshoot to getattr on all dirs to gather RPM data - Set /usr/lib/ia32el/ia32x_loader to unconfined_execmem_exec_t for ia32 platform
- Fix spec for /dev/adsp - Fix xen tty devices - Fixes for setroubleshoot - Update to upstream - Fixes for stunnel and postgresql
- Update from upstream - Update from upstream
- More java fixes - Change allow_execstack to default to on, for RHEL5 Beta.  
  This is required because of a Java compiler problem.
  Hope to turn off for next beta - Misc fixes - More fixes for strict policy - Quiet down anaconda audit messages - Fix setroubleshootd - Update to the latest from upstream - More fixes for xen - Fix anaconda transitions - yet more xen rules - more xen rules - Fixes for Samba - Fixes for xen - Allow setroubleshootd to send mail - Add nagios policy -  fixes for setroubleshoot - Added Paul Howarth patch to only load policy packages shipped 
  with this package
- Allow pidof from initrc to ptrace higher level domains
- Allow firstboot to communicate with hal via dbus - Add policy for /var/run/ldapi - Fix setroubleshoot policy - Fixes for mls use of ssh
- named  has a new conf file - Fixes to make setroubleshoot work - Cups needs to be able to read domain state off of printer client - add boolean to allow zebra to write config files - setroubleshootd fixes - Allow prelink to read bin_t symlink
- allow xfs to read random devices
- Change gfs to support xattr - Remove spamassassin_can_network boolean - Update to upstream
- Fix lpr domain for mls - Add setroubleshoot policy - Turn off auditallow on setting booleans - Multiple fixes - Update to upstream - Update to upstream
- Add new class for kernel key ring - Update to upstream - Update to upstream - Break out selinux-devel package - Add ibmasmfs - Fix policygentool gen_requires - Update from Upstream - Fix spec of realplay - Update to upstream - Fix semanage - Allow useradd to create_home_dir in MLS environment - Update from upstream - Update from upstream - Add oprofilefs - Fix for hplip and Picasus - Update to upstream - Update to upstream - fixes for spamd - fixes for java, openldap and webalizer - Xen fixes - Upgrade to upstream - allow hal to read boot_t files
- Upgrade to upstream - allow hal to read boot_t files - Update from upstream - Fixes for amavis - Update from upstream - Allow auditctl to search all directories - Add acquire service for mono. - Turn off allow_execmem boolean
- Allow ftp dac_override when allowed to access users homedirs - Clean up spec file
- Transition from unconfined_t to prelink_t - Allow execution of cvs command - Update to upstream - Update to upstream - Fix libjvm spec - Update to upstream - Add xm policy
- Fix policygentool - Update to upstream
- Fix postun to only disable selinux on full removal of the packages - Allow mono to chat with unconfined - Allow procmail to sendmail
- Allow nfs to share dosfs - Update to latest from upstream
- Allow selinux-policy to be removed and kernel not to crash - Update to latest from upstream
- Add James Antill patch for xen
- Many fixes for pegasus - Add unconfined_mount_t
- Allow privoxy to connect to httpd_cache
- fix cups labeleing on /var/cache/cups - Update to latest from upstream - Update to latest from upstream
- Allow mono and unconfined to talk to initrc_t dbus objects - Change libraries.fc to stop shlib_t form overriding texrel_shlib_t - Fix samba creating dirs in homedir
- Fix NFS so its booleans would work - Allow secadm_t ability to relabel all files
- Allow ftp to search xferlog_t directories
- Allow mysql to communicate with ldap
- Allow rsync to bind to rsync_port_t - Fixed mailman with Postfix #183928
- Allowed semanage to create file_context files.
- Allowed amanda_t to access inetd_t TCP sockets and allowed amanda_recover_t
  to bind to reserved ports.  #149030
- Don't allow devpts_t to be associated with tmp_t.
- Allow hald_t to stat all mountpoints.
- Added boolean samba_share_nfs to allow smbd_t full access to NFS mounts.
  - Make mount run in mount_t domain from unconfined_t to prevent mislabeling of
  /etc/mtab.
- Changed the file_contexts to not have a regex before the first ^/[a-z]/
  whenever possible, makes restorecon slightly faster.
- Correct the label of /etc/named.caching-nameserver.conf
- Now label /usr/src/kernels/.+/lib(/.*)? as usr_t instead of
  /usr/src(/.*)?/lib(/.*)? - I don't think we need anything else under /usr/src
  hit by this.
- Granted xen access to /boot, allowed mounting on xend_var_lib_t, and allowed
  xenstored_t rw access to the xen device node. - More textrel_shlib_t file path fixes
- Add ada support - Get auditctl working in MLS policy - Add mono dbus support
- Lots of file_context fixes for textrel_shlib_t in FC5
- Turn off execmem auditallow since they are filling log files - Update to upstream - Allow automount and dbus to read cert files - Fix ftp policy
- Fix secadm running of auditctl - Update to upstream - Update to upstream - Fix policyhelp - Fix pam_console handling of usb_device
- dontaudit logwatch reading /mnt dir - Update to upstream - Get transition rules to create policy.20 at SystemHigh - Allow secadmin to shutdown system
- Allow sendmail to exec newalias - MLS Fixes
     dmidecode needs mls_file_read_up
- add ypxfr_t
- run init needs access to nscd
- udev needs setuid
- another xen log file
- Dontaudit mount getattr proc_kcore_t - fix buildroot usage (#185391) - Get rid of mount/fsdisk scan of /dev messages
- Additional fixes for suspend/resume - Fake make to rebuild enableaudit.pp - Get xen networking running. - Fixes for Xen
- enableaudit should not be the same as base.pp
- Allow ps to work for all process - more xen policy fixups - more xen fixage (#184393) - Fix blkid specification
- Allow postfix to execute mailman_que - Blkid changes
- Allow udev access to usb_device_t
- Fix post script to create targeted policy config file - Allow lvm tools to create drevice dir - Add Xen support - Fixes for cups
- Make cryptosetup work with hal - Load Policy needs translock - Fix cups html interface - Add hal changes suggested by Jeremy
- add policyhelp to point at policy html pages - Additional fixes for nvidia and cups - Update to upstream
- Merged my latest fixes
- Fix cups policy to handle unix domain sockets - NSCD socket is in nscd_var_run_t needs to be able to search dir - Fixes Apache interface file - Fixes for new version of cups - Turn off polyinstatiate util after FC5 - Fix problem with privoxy talking to Tor - Turn on polyinstatiation - Don't transition from unconfined_t to fsadm_t - Fix policy update model. - Update to upstream - Fix load_policy to work on MLS
- Fix cron_rw_system_pipes for postfix_postdrop_t
- Allow audotmount to run showmount - Fix swapon
- allow httpd_sys_script_t to be entered via a shell
- Allow httpd_sys_script_t to read eventpolfs - Update from upstream - allow cron to read apache files - Fix vpnc policy to work from NetworkManager - Update to upstream
- Fix semoudle polcy - Update to upstream 
- fix sysconfig/selinux link - Add router port for zebra
- Add imaze port for spamd
- Fixes for amanda and java - Fix bluetooth handling of usb devices
- Fix spamd reading of ~/
- fix nvidia spec - Update to upsteam - Add users_extra files - Update to upstream - Add semodule policy - Update from upstream - Fix for spamd to use razor port - Fixes for mcs
- Turn on mount and fsadm for unconfined_t - Fixes for the -devel package - Fix for spamd to use ldap - Update to upstream - Update to upstream
- Fix rhgb, and other Xorg startups - Update to upstream - Separate out role of secadm for mls - Add inotifyfs handling - Update to upstream
- Put back in changes for pup/zen - Many changes for MLS 
- Turn on strict policy - Update to upstream - Update to upstream
- Fixes for booting and logging in on MLS machine - Update to upstream
- Turn off execheap execstack for unconfined users
- Add mono/wine policy to allow execheap and execstack for them
- Add execheap for Xdm policy - Update to upstream
- Fixes to fetchmail, - Update to upstream - Fix for procmail/spamassasin
- Update to upstream
- Add rules to allow rpcd to work with unlabeled_networks. - Update to upstream
- Fix ftp Man page - Update to upstream - fix pup transitions (#177262)
- fix xen disks (#177599) - Update to upstream - More Fixes for hal and readahead - Fixes for hal and readahead - Update to upstream
- Apply - Add wine and fix hal problems - Handle new location of hal scripts - Allow su to read /etc/mtab - Update to upstream - Fix  "libsemanage.parse_module_headers: Data did not represent a module." problem - Allow load_policy to read /etc/mtab - Fix dovecot to allow dovecot_auth to look at /tmp - Allow restorecon to read unlabeled_t directories in order to fix labeling. - Add Logwatch policy - Fix /dev/ub[a-z] file context - Fix library specification
- Give kudzu execmem privs - Fix hostname in targeted policy - Fix passwd command on mls - Lots of fixes to make mls policy work - Add dri libs to textrel_shlib_t
- Add system_r role for java
- Add unconfined_exec_t for vncserver
- Allow slapd to use kerberos - Add man pages - Add enableaudit.pp - Fix mls policy - Update mls file from old version - Add sids back in
- Rebuild with update checkpolicy - Fixes to allow automount to use portmap
- Fixes to start kernel in s0-s15:c0.c255 - Add java unconfined/execmem policy - Add file context for /var/cvs
- Dontaudit webalizer search of homedir - Update from upstream - Clean up spec
- range_transition crond to SystemHigh - Fixes for hal
- Update to upstream - Turn back on execmem since we need it for java, firefox, ooffice
- Allow gpm to stream socket to itself - fix requirements to be on the actual packages so that policy can get
  created properly at install time - Allow unconfined_t to execmod texrel_shlib_t - Update to upstream 
- Turn off allow_execmem and allow_execmod booleans
- Add tcpd and automount policies - Add two new httpd booleans, turned off by default
     * httpd_can_network_relay
     * httpd_can_network_connect_db - Add ghost for policy.20 - Update to upstream
- Turn off boolean allow_execstack - Change setrans-mls to use new libsetrans
- Add default_context rule for xdm - Change Requires to PreReg for requiring of policycoreutils on install - New upstream release Add xdm policy Update from upstream Update from upstream Update from upstream - Also trigger to rebuild policy for versions up to 2.0.7. - No longer installing policy.20 file, anaconda handles the building of the app. - Fixes for dovecot and saslauthd - Cleanup pegasus and named 
- Fix spec file
- Fix up passwd changing applications -Update to latest from upstream - Add rules for pegasus and avahi - Start building MLS Policy - Update to upstream - Turn on bash - Initial version /bin/sh                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        	   
                                                                      !   "   #   $   %   &   '   (   )   *   +   ,   -   .   /   0   1   2   3   4   5   6   7   8   9   :   ;   <   =   >   ?   @   A   B   C   D   E   F   G   H   I   J   K   L   M   N   O   P   Q   R   S   T   U   V   W   X   Y   Z   [   \   ]   ^   _   `   a   b   c   d   e   f   g   h   i   j   k   l   m   n   o   p   q   r   s   t   u   v   w   x   y   z   {   |   }   ~      А   Б   В   Г   Д   Е   Ж   З   И   Й   К   Л   М   Н   О   П   Р   С   Т   У   Ф   Х   Ц   Ч   Ш   Щ   Ъ   Ы   Ь   Э   Ю   Я   а   б   в   г   д   е   ж   з   и   й   к   л   м   н   о   п   ░   ▒   ▓   │   ┤   ╡   ╢   ╖   ╕   ╣   ║   ╗   ╝   ╜   ╛   ┐   └   ┴   ┬   ├   ─   ┼   ╞   ╟   ╚   ╔   ╩   ╦   ╠   ═   ╬   ╧   ╨   ╤   ╥   ╙   ╘   ╒   ╓   ╫   ╪   ┘   ┌   █   ▄   ▌   ▐   ▀   р   с   т   у   ф   х   ц   ч   ш   щ   ъ   ы   ь   э   ю   я   Ё   ё   Є   є   Ї   ї   Ў   ў   °   ∙   ·   √   №   ¤   ■                         	  
                                               !  "  #  $  %  &  '  (  )  *  +  ,  -  .  /  0  1  2  3  4  5  6  7  8  9  :  ;  <  =  >  ?  @  A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z  [  \  ]  ^  _  `  a  b  c  d  e  f  g  h  i  j  k  l  m  n  o  p  q  r  s  t  u  v  w  x  y  z  {  |  }  ~    А  Б  В  Г  Д  Е  Ж  З  И  Й  К  Л  М  Н  О  П  Р  С  Т  У  Ф  Х  Ц  Ч  Ш  Щ  Ъ  Ы  Ь  Э  Ю  Я  а  б  в  г  д  е  ж  з  и  й  к  л  м  н  о  п  ░  ▒  ▓  │  ┤  ╡  ╢  ╖  ╕  ╣  ║  ╗  ╝  ╜  ╛  ┐  └  ┴  ┬  ├  ─  ┼  ╞  ╟  ╚  ╔  ╩  ╦  ╠  ═  ╬  ╧  ╨  ╤  ╥  ╙  ╘  ╒  ╓  ╫  ╪  ┘  ┌  █  ▄  ▌  ▐  ▀  р  с  т  у  ф  х  ц  ч  ш  щ  ъ  ы  ь  э  ю  я  Ё  ё  Є  є  Ї  ї  Ў  ў  °  ∙  ·  √  №  ¤  ■                        	  
                                               !  "  #  $  %  &  '  (  )  *  +  ,  -  .  /  0  1  2  3  4  5  6  7  8  9  :  ;  <  =  >  ?  @  A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z  [  \  ]  ^  _  `  a  b  c  d  e  f  g  h  i  j  k  l  m  n  o  p  q  r  s  t  u  v  w  x  y  z  {  |  }  ~    А  Б  В  Г  Д  Е  Ж  З  И  Й  К  Л  М  Н  О  П  Р  С  Т  У  Ф  Х  Ц  Ч  Ш  Щ  Ъ  Ы  Ь  Э  Ю  Я  а  б  в  г  д  е  ж  з  и  й  к  л  м  н  о  п  ░  ▒  ▓  │  ┤  ╡  ╢  ╖  ╕  ╣  ║  ╗  ╝  ╜  ╛  ┐  └  ┴  ┬  ├  ─  ┼  ╞  ╟  ╚  ╔  ╩  ╦  ╠  ═  ╬  ╧  ╨  ╤  ╥  ╙  ╘  ╒  ╓  ╫  ╪  ┘  ┌  █  ▄  ▌  ▐  ▀  р  с  т  у  ф  х  ц  ч  ш  щ  ъ  ы  ь  э  ю  я  Ё  ё  Є  є  Ї  ї  Ў  ў  °  ∙  ·  √  №  ¤  ■                        	  
                                               !  "  #  $  %  &  '  (  )  *  +  ,  -  .  /  0  1  2  3  4  5  6  7  8  9  :  ;  <  =  >  ?  @  A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z  [  \  ]  ^  _  `  a  b  c  d  e  f  g  h  i  j  k  l  m  n  o  p  q  r  s  t  u  v  w  x  y  z  {  |  }  ~    А  Б  В  Г  Д  Е  Ж  З  И  Й  К  Л  М  Н  О  П  Р  С  Т  У  Ф  Х  Ц  Ч  Ш  Щ  Ъ  Ы  Ь  Э  Ю  Я  а  б  в  г  д  е  ж  з  и  й  к  л  м  н  о  п  ░  ▒  ▓  │  ┤  ╡  ╢  ╖  ╕  ╣  ║  ╗  ╝  ╜  ╛  ┐  └  ┴  ┬  ├  ─  ┼  ╞  ╟  ╚  ╔  ╩  ╦  ╠  ═  ╬  ╧  ╨  ╤  ╥  ╙  ╘  ╒  ╓  ╫  ╪  ┘  ┌  █  ▄  ▌  ▐  ▀  р  с  т  у  ф  х  ц  ч  ш  щ  ъ  ы  ь  э  ю  я  Ё  ё  Є  є  Ї  ї  Ў  ў  °  ∙  ·  √  №  ¤  ■                        	  
                                               !  "  #  $  %  &  '  (  )  *  +  ,  -  .  /  0  1  2  3  4  5  6  7  8  9  :  ;  <  =  >  ?  @  A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z  [  \  ]  ^  _  `  a  b  c  d  e  f  g  h  i  j  k  l  m  n  o  p  q  r  s  t  u  v  w  x  y  z  {  |  }  ~    А  Б  В  Г  Д  Е  Ж  З  И  Й  К  Л  М  Н  О  П  Р  С  Т  У  Ф  Х  Ц  Ч  Ш  Щ  Ъ  Ы  Ь  Э  Ю  Я  а  б  в  г  д  е  ж  з  и  й  к  л  м  н  о  п  ░  ▒  ▓  │  ┤  ╡  ╢  ╖  ╕  ╣  ║  ╗  ╝  ╜  ╛  ┐  └  ┴  ┬  ├  ─  ┼  ╞  ╟  ╚  ╔  ╩  ╦  ╠  ═  ╬  ╧  ╨  ╤  ╥  ╙  ╘  ╒  ╓  ╫  ╪  ┘  ┌  █  ▄  ▌  ▐  ▀  р  с  т  у  ф  х  ц  ч  ш  щ  ъ  ы  ь  э  ю  я  Ё  ё  Є  є  Ї  ї  Ў  ў  °  ∙  ·  √  №  ¤  ■                        	  
                                               !  "  #  $  %  &  '  (  )  *  +  ,  -  .  .  0  1  2  3  4  5  6  7  8  9  :  ;  <  =  >  ?  @  A  B  C  D  E  F  G  H  I  J  K  L  M  N                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   3.13.1-229.el7_6.6                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	   	   	      
   
   
   
   
   
   
   
   
   
   
   
   
   
                                                                                          devel Makefile example.fc example.if example.te html NetworkManager.html abrt.html abrt_dump_oops.html abrt_handle_event.html abrt_helper.html abrt_retrace_coredump.html abrt_retrace_worker.html abrt_upload_watch.html abrt_watch_log.html accountsd.html acct.html admin_crontab.html afs.html afs_bosserver.html afs_fsserver.html afs_kaserver.html afs_ptserver.html afs_vlserver.html aiccu.html aide.html ajaxterm.html ajaxterm_ssh.html alsa.html amanda.html amanda_recover.html amtu.html anaconda.html anon_sftpd.html antivirus.html apcupsd.html apcupsd_cgi_script.html apm.html apmd.html arpwatch.html asterisk.html audisp.html audisp_remote.html auditadm.html auditadm_screen.html auditadm_su.html auditadm_sudo.html auditctl.html auditd.html authconfig.html automount.html avahi.html awstats.html awstats_script.html bacula.html bacula_admin.html bacula_unconfined_script.html bcfg2.html bitlbee.html blkmapd.html blktap.html blueman.html bluetooth.html bluetooth_helper.html boinc.html boinc_project.html bootloader.html brctl.html brltty.html bugzilla_script.html bumblebee.html cachefiles_kernel.html cachefilesd.html calamaris.html callweaver.html canna.html cardmgr.html ccs.html cdcc.html cdrecord.html certmaster.html certmonger.html certmonger_unconfined.html certwatch.html cfengine_execd.html cfengine_monitord.html cfengine_serverd.html cgclear.html cgconfig.html cgdcbxd.html cgred.html checkpc.html checkpolicy.html chfn.html chkpwd.html chrome_sandbox.html chrome_sandbox_nacl.html chronyc.html chronyd.html chroot_user.html cinder_api.html cinder_backup.html cinder_scheduler.html cinder_volume.html ciped.html clogd.html cloud_init.html cluster.html clvmd.html cmirrord.html cobblerd.html cockpit_session.html cockpit_ws.html collectd.html collectd_script.html colord.html comsat.html condor_collector.html condor_master.html condor_negotiator.html condor_procd.html condor_schedd.html condor_startd.html condor_startd_ssh.html conman.html conman_unconfined_script.html consolekit.html container.html container_auth.html container_runtime.html couchdb.html courier_authdaemon.html courier_pcp.html courier_pop.html courier_sqwebmail.html courier_tcpd.html cpucontrol.html cpufreqselector.html cpuplug.html cpuspeed.html crack.html crond.html cronjob.html crontab.html ctdbd.html cups_pdf.html cupsd.html cupsd_config.html cupsd_lpd.html cvs.html cvs_script.html cyphesis.html cyrus.html dbadm.html dbadm_sudo.html dbskkd.html dcc_client.html dcc_dbclean.html dccd.html dccifd.html dccm.html dcerpcd.html ddclient.html deltacloudd.html denyhosts.html depmod.html devicekit.html devicekit_disk.html devicekit_power.html dhcpc.html dhcpd.html dictd.html dirsrv.html dirsrv_snmp.html dirsrvadmin.html dirsrvadmin_script.html dirsrvadmin_unconfined_script.html disk_munin_plugin.html dkim_milter.html dlm_controld.html dmesg.html dmidecode.html dnsmasq.html dnssec_trigger.html dovecot.html dovecot_auth.html dovecot_deliver.html drbd.html dspam.html dspam_script.html entropyd.html eventlogd.html evtchnd.html exim.html fail2ban.html fail2ban_client.html fcoemon.html fenced.html fetchmail.html fingerd.html firewalld.html firewallgui.html firstboot.html foghorn.html fprintd.html freeipmi_bmc_watchdog.html freeipmi_ipmidetectd.html freeipmi_ipmiseld.html freqset.html fsadm.html fsdaemon.html ftpd.html ftpdctl.html games.html games_srv.html ganesha.html gconfd.html gconfdefaultsm.html gdomap.html geoclue.html getty.html gfs_controld.html git_script.html git_session.html git_system.html gitosis.html glance_api.html glance_registry.html glance_scrubber.html glusterd.html gnomesystemmm.html gpg.html gpg_agent.html gpg_helper.html gpg_pinentry.html gpg_web.html gpm.html gpsd.html greylist_milter.html groupadd.html groupd.html gssd.html gssproxy.html guest.html haproxy.html hddtemp.html hostname.html hsqldb.html httpd.html httpd_helper.html httpd_passwd.html httpd_php.html httpd_rotatelogs.html httpd_suexec.html httpd_sys_script.html httpd_unconfined_script.html httpd_user_script.html hwclock.html hwloc_dhwd.html hypervkvp.html hypervvssd.html iceauth.html icecast.html ifconfig.html index.html inetd.html inetd_child.html init.html initrc.html innd.html insmod.html install.html iodined.html iotop.html ipa_dnskey.html ipa_helper.html ipa_otpd.html ipmievd.html ipsec.html ipsec_mgmt.html iptables.html irc.html irqbalance.html irssi.html iscsid.html isnsd.html iwhd.html jabberd.html jabberd_router.html jockey.html journalctl.html kadmind.html kdump.html kdumpctl.html kdumpgui.html keepalived.html keepalived_unconfined_script.html kernel.html keyboardd.html keystone.html keystone_cgi_script.html kismet.html klogd.html kmscon.html kpropd.html krb5kdc.html ksmtuned.html ktalkd.html l2tpd.html ldconfig.html lircd.html livecd.html lldpad.html load_policy.html loadkeys.html local_login.html locate.html lockdev.html logadm.html logrotate.html logrotate_mail.html logwatch.html logwatch_mail.html lpd.html lpr.html lsassd.html lsmd.html lsmd_plugin.html lttng_sessiond.html lvm.html lwiod.html lwregd.html lwsmd.html mail_munin_plugin.html mailman_cgi.html mailman_mail.html mailman_queue.html man2html_script.html mandb.html mcelog.html mdadm.html mediawiki_script.html memcached.html mencoder.html minidlna.html minissdpd.html mip6d.html mirrormanager.html mock.html mock_build.html modemmanager.html mojomojo_script.html mon_procd.html mon_statd.html mongod.html motion.html mount.html mount_ecryptfs.html mozilla.html mozilla_plugin.html mozilla_plugin_config.html mpd.html mplayer.html mrtg.html mscan.html munin.html munin_script.html mysqld.html mysqld_safe.html mysqlmanagerd.html mythtv_script.html nagios.html nagios_admin_plugin.html nagios_checkdisk_plugin.html nagios_eventhandler_plugin.html nagios_mail_plugin.html nagios_openshift_plugin.html nagios_script.html nagios_services_plugin.html nagios_system_plugin.html nagios_unconfined_plugin.html named.html namespace_init.html ncftool.html ndc.html netlabel_mgmt.html netlogond.html netutils.html neutron.html newrole.html nfsd.html ninfod.html nmbd.html nova.html nrpe.html nscd.html nsd.html nsd_crond.html nslcd.html ntop.html ntpd.html numad.html nut_upsd.html nut_upsdrvctl.html nut_upsmon.html nutups_cgi_script.html nx_server.html nx_server_ssh.html obex.html oddjob.html oddjob_mkhomedir.html openct.html opendnssec.html openhpid.html openshift.html openshift_app.html openshift_cgroup_read.html openshift_cron.html openshift_initrc.html openshift_net_read.html openshift_script.html opensm.html openvpn.html openvpn_unconfined_script.html openvswitch.html openwsman.html oracleasm.html osad.html pads.html pam_console.html pam_timestamp.html passenger.html passwd.html pcp_pmcd.html pcp_pmie.html pcp_pmlogger.html pcp_pmmgr.html pcp_pmproxy.html pcp_pmwebd.html pcscd.html pegasus.html pegasus_openlmi_account.html pegasus_openlmi_admin.html pegasus_openlmi_logicalfile.html pegasus_openlmi_services.html pegasus_openlmi_storage.html pegasus_openlmi_system.html pegasus_openlmi_unconfined.html pesign.html phc2sys.html ping.html pingd.html piranha_fos.html piranha_lvs.html piranha_pulse.html piranha_web.html pkcs_slotd.html pki_ra.html pki_tomcat.html pki_tomcat_script.html pki_tps.html plymouth.html plymouthd.html podsleuth.html policykit.html policykit_auth.html policykit_grant.html policykit_resolve.html polipo.html polipo_session.html portmap.html portmap_helper.html portreserve.html postfix_bounce.html postfix_cleanup.html postfix_local.html postfix_map.html postfix_master.html postfix_pickup.html postfix_pipe.html postfix_postdrop.html postfix_postqueue.html postfix_qmgr.html postfix_showq.html postfix_smtp.html postfix_smtpd.html postfix_virtual.html postgresql.html postgrey.html pppd.html pptp.html prelink.html prelink_cron_system.html prelude.html prelude_audisp.html prelude_correlator.html prelude_lml.html preupgrade.html prewikka_script.html privoxy.html procmail.html prosody.html psad.html ptal.html ptchown.html ptp4l.html publicfile.html pulseaudio.html puppetagent.html puppetca.html puppetmaster.html pwauth.html pyicqt.html qdiskd.html qemu_dm.html qmail_clean.html qmail_inject.html qmail_local.html qmail_lspawn.html qmail_queue.html qmail_remote.html qmail_rspawn.html qmail_send.html qmail_smtpd.html qmail_splogger.html qmail_start.html qmail_tcp_env.html qpidd.html quota.html quota_nld.html rabbitmq.html racoon.html radiusd.html radvd.html rasdaemon.html rdisc.html readahead.html realmd.html realmd_consolehelper.html redis.html regex_milter.html remote_login.html restorecond.html rhev_agentd.html rhev_agentd_consolehelper.html rhgb.html rhnsd.html rhsmcertd.html ricci.html ricci_modcluster.html ricci_modclusterd.html ricci_modlog.html ricci_modrpm.html ricci_modservice.html ricci_modstorage.html rlogind.html rngd.html roundup.html rpcbind.html rpcd.html rpm.html rpm_script.html rshd.html rssh.html rssh_chroot_helper.html rsync.html rtas_errd.html rtkit_daemon.html run_init.html rwho.html samba_net.html samba_unconfined_net.html samba_unconfined_script.html sambagui.html sandbox.html sandbox_min.html sandbox_min_client.html sandbox_net.html sandbox_net_client.html sandbox_web.html sandbox_web_client.html sandbox_x.html sandbox_x_client.html sandbox_xserver.html sanlk_resetd.html sanlock.html saslauthd.html sbd.html sblim_gatherd.html sblim_reposd.html sblim_sfcbd.html secadm.html secadm_screen.html secadm_su.html secadm_sudo.html sectoolm.html selinux_munin_plugin.html semanage.html sendmail.html sensord.html sepgsql_ranged_proc.html sepgsql_trusted_proc.html services_munin_plugin.html setfiles.html setfiles_mac.html setkey.html setrans.html setroubleshoot_fixit.html setroubleshootd.html setsebool.html sftpd.html sge_execd.html sge_job.html sge_job_ssh.html sge_shepherd.html shorewall.html showmount.html slapd.html slpd.html smbcontrol.html smbd.html smbmount.html smokeping.html smokeping_cgi_script.html smoltclient.html smsd.html snapperd.html snmpd.html snort.html sosreport.html soundd.html spamass_milter.html spamc.html spamd.html spamd_update.html spc.html speech-dispatcher.html squid.html squid_cron.html squid_script.html srvsvcd.html ssh.html ssh_keygen.html ssh_keysign.html sshd.html sshd_keygen.html sshd_net.html sshd_sandbox.html sssd.html sssd_selinux_manager.html staff.html staff_consolehelper.html staff_dbusd.html staff_gkeyringd.html staff_screen.html staff_seunshare.html staff_ssh_agent.html staff_sudo.html staff_wine.html stapserver.html stunnel.html style.css sulogin.html svc_multilog.html svc_run.html svc_start.html svirt.html svirt_kvm_net.html svirt_qemu_net.html svirt_socket.html svirt_tcg.html svnserve.html swat.html swift.html sysadm.html sysadm_gkeyringd.html sysadm_passwd.html sysadm_screen.html sysadm_seunshare.html sysadm_ssh_agent.html sysadm_su.html sysadm_sudo.html syslogd.html sysstat.html system_cronjob.html system_dbusd.html system_mail.html system_munin_plugin.html systemd_bootchart.html systemd_hostnamed.html systemd_hwdb.html systemd_initctl.html systemd_localed.html systemd_logger.html systemd_logind.html systemd_machined.html systemd_networkd.html systemd_notify.html systemd_passwd_agent.html systemd_resolved.html systemd_sysctl.html systemd_timedated.html systemd_tmpfiles.html tangd.html targetd.html tcpd.html tcsd.html telepathy_gabble.html telepathy_idle.html telepathy_logger.html telepathy_mission_control.html telepathy_msn.html telepathy_salut.html telepathy_sofiasip.html telepathy_stream_engine.html telepathy_sunshine.html telnetd.html tftpd.html tgtd.html thin.html thin_aeolus_configserver.html thumb.html timemaster.html tlp.html tmpreaper.html tomcat.html tor.html traceroute.html tuned.html tvtime.html udev.html ulogd.html uml.html uml_switch.html unconfined.html unconfined_cronjob.html unconfined_dbusd.html unconfined_mount.html unconfined_munin_plugin.html unconfined_sendmail.html unconfined_service.html update_modules.html updfstab.html updpwd.html usbmodules.html usbmuxd.html user.html user_dbusd.html user_gkeyringd.html user_mail.html user_screen.html user_seunshare.html user_ssh_agent.html user_wine.html useradd.html usernetctl.html utempter.html uucpd.html uuidd.html uux.html varnishd.html varnishlog.html vdagent.html vhostmd.html virsh.html virsh_ssh.html virt_bridgehelper.html virt_qemu_ga.html virt_qemu_ga_unconfined.html virt_qmf.html virtd.html virtd_lxc.html virtlogd.html vlock.html vmtools.html vmtools_helper.html vmtools_unconfined.html vmware.html vmware_host.html vnstat.html vnstatd.html vpnc.html w3c_validator_script.html watchdog.html watchdog_unconfined.html wdmd.html webadm.html webalizer.html webalizer_script.html winbind.html winbind_helper.html wine.html wireshark.html wpa_cli.html xauth.html xdm.html xdm_unconfined.html xenconsoled.html xend.html xenstored.html xguest.html xguest_dbusd.html xguest_gkeyringd.html xserver.html ypbind.html yppasswdd.html ypserv.html ypxfr.html zabbix.html zabbix_agent.html zabbix_script.html zarafa_deliver.html zarafa_gateway.html zarafa_ical.html zarafa_indexer.html zarafa_monitor.html zarafa_server.html zarafa_spooler.html zebra.html zoneminder.html zoneminder_script.html zos_remote.html include Makefile admin admin.xml bootloader.if consoletype.if dmesg.if netutils.if su.if sudo.if usermanage.if apps apps.xml seunshare.if build.conf contrib contrib.xml abrt.if accountsd.if acct.if ada.if afs.if aiccu.if aide.if aisexec.if ajaxterm.if alsa.if amanda.if amavis.if amtu.if anaconda.if antivirus.if apache.if apcupsd.if apm.if apt.if arpwatch.if asterisk.if authbind.if authconfig.if automount.if avahi.if awstats.if backup.if bacula.if bcfg2.if bind.if bird.if bitlbee.if blkmapd.if blueman.if bluetooth.if boinc.if brctl.if brltty.if bugzilla.if bumblebee.if cachefilesd.if calamaris.if callweaver.if canna.if ccs.if cdrecord.if certmaster.if certmonger.if certwatch.if cfengine.if cgdcbxd.if cgroup.if chrome.if chronyd.if cinder.if cipe.if clamav.if clockspeed.if clogd.if cloudform.if cmirrord.if cobbler.if cockpit.if collectd.if colord.if comsat.if condor.if conman.if consolekit.if container.if corosync.if couchdb.if courier.if cpucontrol.if cpufreqselector.if cpuplug.if cron.if ctdb.if cups.if cvs.if cyphesis.if cyrus.if daemontools.if dante.if dbadm.if dbskk.if dbus.if dcc.if ddclient.if ddcprobe.if denyhosts.if devicekit.if dhcp.if dictd.if dirmngr.if dirsrv-admin.if dirsrv.if distcc.if djbdns.if dkim.if dmidecode.if dnsmasq.if dnssec.if dnssectrigger.if dovecot.if dpkg.if drbd.if dspam.if entropyd.if etcd.if evolution.if exim.if fail2ban.if fcoe.if fetchmail.if finger.if firewalld.if firewallgui.if firstboot.if fprintd.if freeipmi.if freqset.if ftp.if games.if ganesha.if gatekeeper.if gdomap.if gear.if geoclue.if gift.if git.if gitosis.if glance.if glusterd.if gnome.if gnomeclock.if gpg.if gpm.if gpsd.if gssproxy.if guest.if hadoop.if hal.if hddtemp.if hostapd.if howl.if hsqldb.if hwloc.if hypervkvp.if i18n_input.if icecast.if ifplugd.if imaze.if inetd.if inn.if iodine.if iotop.if ipa.if ipmievd.if irc.if ircd.if irqbalance.if iscsi.if isns.if jabber.if java.if jetty.if jockey.if journalctl.if kde.if kdump.if kdumpgui.if keepalived.if kerberos.if kerneloops.if keyboardd.if keystone.if kismet.if kmscon.if ksmtuned.if ktalk.if kudzu.if l2tp.if ldap.if lightsquid.if likewise.if linuxptp.if lircd.if livecd.if lldpad.if loadkeys.if lockdev.if logrotate.if logwatch.if lpd.if lsm.if lttng-tools.if mailman.if mailscanner.if man2html.if mandb.if mcelog.if mcollective.if mediawiki.if memcached.if milter.if minidlna.if minissdpd.if mip6d.if mirrormanager.if mock.if modemmanager.if mojomojo.if mon_statd.if mongodb.if mono.if monop.if motion.if mozilla.if mpd.if mplayer.if mrtg.if mta.if munin.if mysql.if mythtv.if naemon.if nagios.if namespace.if ncftool.if nessus.if networkmanager.if ninfod.if nis.if nova.if nscd.if nsd.if nslcd.if nsplugin.if ntop.if ntp.if numad.if nut.if nx.if oav.if obex.if oddjob.if oident.if openca.if openct.if opendnssec.if openhpi.if openhpid.if openshift-origin.if openshift.if opensm.if openvpn.if openvswitch.if openwsman.if oracleasm.if osad.if pacemaker.if pads.if passenger.if pcmcia.if pcp.if pcscd.if pegasus.if perdition.if pesign.if pingd.if piranha.if pkcs.if pki.if plymouthd.if podsleuth.if policykit.if polipo.if portage.if portmap.if portreserve.if portslave.if postfix.if postfixpolicyd.if postgrey.if ppp.if prelink.if prelude.if privoxy.if procmail.if prosody.if psad.if ptchown.if publicfile.if pulseaudio.if puppet.if pwauth.if pxe.if pyzor.if qemu.if qmail.if qpid.if quantum.if quota.if rabbitmq.if radius.if radvd.if raid.if rasdaemon.if razor.if rdisc.if readahead.if realmd.if redis.if remotelogin.if resmgr.if rgmanager.if rhcs.if rhev.if rhgb.if rhnsd.if rhsmcertd.if ricci.if rkhunter.if rlogin.if rngd.if rolekit.if roundup.if rpc.if rpcbind.if rpm.if rshd.if rssh.if rsync.if rtas.if rtkit.if rwho.if samba.if sambagui.if samhain.if sandbox.if sandboxX.if sanlock.if sasl.if sbd.if sblim.if screen.if sectoolm.if sendmail.if sensord.if setroubleshoot.if sge.if shorewall.if shutdown.if slocate.if slpd.if slrnpull.if smartmon.if smokeping.if smoltclient.if smsd.if smstools.if snapper.if snmp.if snort.if sosreport.if soundserver.if spamassassin.if speech-dispatcher.if speedtouch.if squid.if sssd.if stapserver.if stunnel.if svnserve.if swift.if swift_alias.if sxid.if sysstat.if tangd.if targetd.if tcpd.if tcsd.if telepathy.if telnet.if tftp.if tgtd.if thin.if thumb.if thunderbird.if timidity.if tlp.if tmpreaper.if tomcat.if tor.if transproxy.if tripwire.if tuned.if tvtime.if tzdata.if ucspitcp.if ulogd.if uml.if updfstab.if uptime.if usbmodules.if usbmuxd.if userhelper.if usernetctl.if uucp.if uuidd.if uwimap.if varnishd.if vbetool.if vdagent.if vhostmd.if virt.if vlock.if vmtools.if vmware.if vnstatd.if vpn.if w3c.if watchdog.if wdmd.if webadm.if webalizer.if wine.if wireshark.if wm.if xen.if xfs.if xguest.if xprint.if xscreensaver.if yam.if zabbix.if zarafa.if zebra.if zoneminder.if zosremote.if global_booleans.xml global_tunables.xml kernel kernel.xml corecommands.if corenetwork.if devices.if domain.if files.if filesystem.if kernel.if mcs.if mls.if selinux.if storage.if terminal.if ubac.if unlabelednet.if roles roles.xml auditadm.if logadm.if secadm.if staff.if sysadm.if sysadm_secadm.if unconfineduser.if unprivuser.if services services.xml postgresql.if ssh.if xserver.if support all_perms.spt divert.m4 file_patterns.spt ipc_patterns.spt loadable_module.spt misc_macros.spt misc_patterns.spt mls_mcs_macros.spt obj_perm_sets.spt policy.dtd segenxml.py segenxml.pyc segenxml.pyo undivert.m4 system system.xml application.if authlogin.if clock.if fstools.if getty.if hostname.if hotplug.if init.if ipsec.if iptables.if libraries.if locallogin.if logging.if lvm.if miscfiles.if modutils.if mount.if netlabel.if selinuxutil.if setrans.if sysnetwork.if systemd.if udev.if unconfined.if userdomain.if policy.dtd policy.xml interface_info /usr/share/selinux/ /usr/share/selinux/devel/ /usr/share/selinux/devel/html/ /usr/share/selinux/devel/include/ /usr/share/selinux/devel/include/admin/ /usr/share/selinux/devel/include/apps/ /usr/share/selinux/devel/include/contrib/ /usr/share/selinux/devel/include/kernel/ /usr/share/selinux/devel/include/roles/ /usr/share/selinux/devel/include/services/ /usr/share/selinux/devel/include/support/ /usr/share/selinux/devel/include/system/ /var/lib/sepolgen/ -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches   -m32 -march=x86-64 -mtune=generic -mfpmath=sse -fasynchronous-unwind-tables drpm xz 2 noarch-redhat-linux-gnu                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	   
   
                                                                                              directory ASCII text SE Linux policy interface source SE Linux policy module source HTML document, ASCII text makefile script, ASCII text C++ source, ASCII text ASCII text, with very long lines ASCII text, with no line terminators Python script, ASCII text executable python 2.7 byte-compiled XML 1.0 document, ASCII text cannot open (No such file or directory)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         ?     №p   ¤7zXZ  
с√б !   #╕З,рcU?M] "╠k└%Э:СkhюЬuч<·ФzЛ═╞d/baB┌№yфY2├┬wо╦╙·╔Z ╔┤─шP╫{g$╧кЬhо╪▓}ью8╛=д}0═cдвЁ3/slВО lя]╛╡jиУf/RKЄ#FЩ╠ЎЬ╓s╓5┴?Fё~C╠Ашr1√ 6├%ЪNнHЦ├э├x(QЧЯя╤EФЕy╚]Б█╡. ╢UWТ╚h╞шz▄╝Г╬Хp╗2═%ПяФ~ Фбt6╖∙ОLчТЪбС═Л1У!─√Ъ"П╥┤БнRq╕uВ¤'▀·■с┼ АЯ╬Р╣"вp 1=хПUЄv╝`√Ц╖пє-┬$yЎЦВ	ac}Це2W┼ма╞ф√ФШlжд Щ┼.WЦо┌ШT*ї0Ївiйe╛GЁE┬юl'XБJqfСz┴В╟ТkГ%╘╙"^єсS┼%■2─╬IДM1╛МcтЄнўRnPёIЙe[И·╨╔╚=СК─n\ЖяЇSE№WйЮK8¤ЬЬдьvЖмPЭ▐zПДЭL▐+)└А╣Nп@ш▄E7:oS╕;┌╓╫╗НЛ╗дИrIG<S`,B█г"║╙К▓=>gхМ╚я■┘y╡*єУ╡тї/2DпaдZWк╧е┌·r]еъ╥Cу\дЬ(Tф▒BNє╪Y╥╙B+╘Шў6┘єЦв╚RЙЩ╨& aШ6	Жц2│═░o+Хg▒TГк%)▐&xЬДWХ╔сўV2m&Ц░`mЖЕZДYrjb:щc╢&╟╟─юaKпЧVа%ТжячcТcц}pеfЧntAAэeщT╬Ї;P▓fФtє┤з}#╒ ЭjЭ╨IЇЖ%	▐cъ.и╛√Sхи:▐fИEїЭЙ╠HwOє╗їи░|6У$/Ятэ'[їkM6МN┬ЖiEуХ7Vз6╘5lS7C╧їт\ч∙▐}3хt╥═ожя█l+ ╪├ЕqыЩ=-╞bкН└^┘bёлиe3R?)Qь└╩S╞U6Tс╔#░Т╟шъ4еqжкГ└[єС▀▐wў~BpuM╗oN┌юY┘Fыкрi)_ЪГЄb░tл╖Vh7@ЛYWХ_ЎцLdд╤e\╚ыд№e│фоIX│тщ2f(O╩╩ ╘~xw┤гH╫┴╘dЪ┌П	 D╝█_SJuКТl$О╪)з9t|LAk─▒Б?╠iHХйbЙeз2AT
СЁgBK·MБЎ?я╗шQофB~ЧУу<NГ?,FJЪ>нР@Iъ╠Эж;ї*.·√еэ├юlS╧JТйлIFTРё¤ Йsб ┘▀"aХb└zД °R7Р├ыЯAy1WiПlих=єфTqOЬ┼░МYЕ═╩@Ю╗С═ЭQdq>ў¤йФх3Ям╟╞п}#Выk@у3бФ[╧]=к"є2╪▒Щ░\┴j┼Е╚щс(╠~Б!╕9ДЕ2BwпСvTK╨Мx,Tщ]:э.а╘░ Vц+╦=·М1мС├2Л┴з╕_RN╚ш!,3gагu?ЕГя▒#ЛЩ╡АNЕЪ8nП0╗╜<чwQш?^q╣nq1▀G┘fИЦафЪ{2Yтя▄.╙Fh$├▀FsYQ╕N└I0qД┴ALдЇ
XБ`l▓j╜bm╛ hЇ╓╕ъB╖oXNmг║КюИg√цПЪ├ЦФ"//tх╘╠Д(-|Д0▒ ("─╛ъ∙вD_1=┬ДG+УЮEа▓<▓khI<N3ч°cjwя╢вuъ~Ъuнx╦■R'З[╛d[M╩g:* ?`9єБryьч└д*▐─Й├ЎК#p═iх╞■'ь&╙┬╥1№п
{	У╚∙	+SV│9╕ГШё_└]┘░lЄю└[█╞T"цН╘ХаW■c╝█9Rэ№"┴П╜gПg`ўYЬPA\ЪЎ╝√╝np1МC║Eъ│ }3T5/K,Ж+LСшИЎм╜яZФx}╛мжoi└┬
tвС(кУ─ў%│a╘JЫЛб▀:Ў╘	}`╔иGц╧╤чQZ"П8Яc║▒ iT@ЙG<▌)щvJi~r?Бў┬a╒{╜ў╞ВY:╤0ъЬB
Й┴Dv	лBTpк╛oWN`иNАПм^░`7ыр7╙ЩBqdЫкA╓D█ь╖?NОA▄В.╙ч╣Х╗(¤?.9Ч!6°\brRY·4Дю╠ц─@o
an─леV_ш╕@b├П]╧█Р║^о0▄ф╨9	о╖Юbhxэ░@cЎї▄wKТц─_є(╛╤wm+їJВнQ:ЫfО?┴jЦїHъA8Ъ3П╫<vЬFУЁцМ3Щ9Щ█/╠_Ne╬_kш╥┴A@5<пиg╧&?WАзкБАаW)УY╦╣ЪлолСЩN9ж·╙╟Q╠н4╠вV^Ю·8a╗V>ї_dGк╞qНХ╩з~z╤уг╙╟╚@╨@ ╟№{вAВA╘ъ┌щл;%Z\ WБ╚ЪVnJ√ДАш▒Хт:Ї9Т╩∙-7Б#yq│ї}Y╚Ў▀╠─c┼═╣│┐хч'┤єnCY ч=SLЖ\ иH
╬oшашцВK▀РтЁ7бO3*2┬▀оNUЮ>╡!uKаuИr!lbїL
Y┐М(O╒E√√6цП)╧є1#№$R^нЯjАў┬Кob─Fд,
'гH■УK▓0:K·╬NK╛р▐t	o┌cдmс!СEО╫nП╟╖д╓nшыI?uНbz╚╦0;ь`Ьg▄3}Кiа┌┌Ц[zbБЙW m ╫┐╬│iW▓F0╘Rl5;уiБ╦Эм∙РrфЗЁаSg'ВU}`u▓ыЕКгbziЗ%№▌а3bЁ∙┼ДдЗZЮ-ЎЦВПФe7 ╦Д#╪X4{Ц╨кА skїўйsЦк║Т╩·иыЫПъ╧O~J7┼_FйИ+ZуGyNаHr╠╞Xян:
%дм3с3┤Жlю№LO┤|k┬╟рW;╣№`r(j═ J┌wНы╩п▓уЕв~╞}═d╚м|#ЕЩ║ї·Mm[2┼Яб┘W╟sПХ ╖╙╒bi*р$ТRЛю▒т>	═├!kaъЁц╜Ўc
ў└··Сh ╝y"И└Б│	бз│ЁdЮzї╢Z╧┐Вf╩щ▀A│ вx│*╢C+┤v╓ЪНЫ{ д%C	Т:п%W╙yЭ6оDТ┬>╜├кez}*XэбЯрЫўГКz{юIQsGВе┼GZр┐║мBa92VцЩ╤Wu■еЁG▄Z╫+°Ф╠!пцm;|2№ЛYп6в%=|iп;ЕРaэП─СyEо°БЪ-иЯC┼Ў_|фч╝t╩ЪыnzЄRи&C,hXGfXх╚0>єВYП_╛]э\ИG$%─
r─╓hх┼█├0:╘gwЩЩI>>жёТHюЭЎх╡d єе<c№Ущц&Eв¤wjh╒ЬЙtCчLмg∙uK(E`еъ╟АгI╦Ўg∙╓Эь√и■i{1я$╢M\И╨O╟√!╥;╖й╚ш─hУьЦIu┌мю3_ЇУ)неуУo9Г!e+┬Mu█s╙у▓╛ЗЮ]░=ъ9Мыуj:o╦вєШВtх╘5y%!═са8╢Ьши;<И╦X├!М╧~╒╢rw╪a══╘Гvs╫]·╣Яxj°%eЁIaм5yЛї╠goРf_ш╧M(Gg╔6vИ0fъmWyVz√╥╡ФЯпО~t╒╧кaЪ-WеD╬7irB╗i▐Yq╞~ж■╫iъбwЯhБ╛■N│├V}h%┌я╥D8qЛ6ЁHl╡uЇз/gбнЬX
 xсэCЦТа╡x">┐╣Гf-,mT8┘┴╣b+Н┼дA┼╔┬Уx]JРФ╝И1hаэ{Mе╣Р∙RЬ├MIы╖l`╜┘Yу1╡5з╓d╙■╝2R╖√xAd╘paУ═Ї¤┌Ъx4"MН╙ТЙлз┐йч'аї\ЪТnя┘t█#5KК╢xБy ╝┐Eо╠,AЦ¤╖IыUАмы╫КчШ╓NKх·ХSКщё╪Лтг
Сё0AэЬXЁш)~┌BNМШp<|╔lб▓Z Зс╖Зц▌^╦}yжG█C╕жл=╖Yl┘┐;э╤fт┼№█m╨цVLЖ	│уLz▓ ┤тi╝└\И╛4░lTд°╩o▒АЮ╝╚█╕Bо╞д0╞╝kыАEў╚ОЯ╡_▒ДЪЗдr┼оer$Г╬Ючэ╣╟╕К√!Onд■Ск'╨├n=lўI╙нБфЇ>╝:╠ЪШ└к$4ЖzЩm╒q>$╔mС╢╕р╛╞щ(╜ФаёЗ▀?зЕ▓P$=г▄№▀▄BСп■╪iь5wM└0%П╫Ь√	╠▌п▌═фbd║▐2єrф╫^┌╔FUёUШё╛VоNНT?gА№э╟╬ИЭ>цзюё4R╜j■;√vц┤cВ╕╒&▒├Еq╣[▄8Ф▄Ў╡%╧╫З╣aВэOз&ыЧ[$QТ╝є)0їГ╟ї▌п>!ўoPл№ЖHГkUы├BШТUыjМX █з}╙Щк>~К tїШр0Jжкc/(Яx╖Б╕EС├╢z█№╒┘╧█NўDPl┘cукВчё┌eУ5Я∙Qжї┴М╙Д_n┼г'лww	Щ╚?бeW╬W	№Ьє4ЛЇYуzкьIsМБ&рa▒ЕчЁУ╫u┴щL EЬXJЇйуwЩJu(eZ 5.╫хя]C╪t■┤С└б▀j4Л├*╩└▒Єфг#╫v·╤ё╜ўЪPhe╠l┤}ъT]i∙▓C$ФY╥rщL═t}Щ/┴Ж|х~Л╡g'╞)K─bk&сDф┬Rш╙4╤B[╔aF█ТKПфbыщАЛBYhj─╝!!п'╛ёPk6┼xбcрх]/ч·■Л1P7Ыт@`l~
8№}│ ╤╚WяiЫ:Uc=nКx╝╞HТ3KпАA%х0ЕР`?ЭЕ▌Р^┐??Ufuч▓а3m!+∙}╙WўzХ╣Е;╜Dиw╖oKTЎЎ╦y<ф┌бў╤СY|8gC┌)xoё¤═wT▐╓┼8└bСОж3R@Я└C=дK▄╓@┼0ъбю]j┼K∙0шШщЮk?f╚бGч▓=А╨Ф╚!УV╨ДD+6Y└│zepNР(ОяЫ"▒м█ц╩z(ы╪├V▐,фоj&]])АB?кь┼_╞$tы	QпMЛ╩t_L▀Г)ь│o^/╛∙Д╪√∙_=▓╘╟╒▌Е\~e┼$шr8.[SлчЧr8xv7aШH┐от8┤╔╔"┬ЮфсМ╧ИMu└ОEиПSM╨Fз╬
╢EЦ╖Х,╘Po╨\cHх║T╖їЇm@Ы+│В*┌C╪b╚я╣аCO╔9waУжЇ╕╛Y░,Ї5ДИd№O¤ыkзв_L№{╧╟а,ус+жS^у3}╗ЎСу\'}бўД
└╔┘З═╒С╞7▌ь▀s╕Зл▐╤w&ь@В3▐NP*QS)O ТRД╠┘|Сy8ё@ц0~!DjQn╒╫├dвe┬Є^╟¤╚╚<cЫЁQF ▐ў3hшLAg)зL═v╦ыу·╟Лз<ЭhOЕr\6'XHп¤Pжh┤╘Й╩┘2ь╝еBЮn%*┬YW╦A8Ш┌є╗╦э╔р&°`т5$	42	╜E╚Ь0иЬд╘▐°└5г╥еЧаеШИ┐ ╬╔uУЩ╢дгAО■╣╙└║╟hиJ╥┴apя│ПKш╕фbВH[┴>Zх;Е; бd╠ш{╝\дxk-@F_р╢┼N7▀╗;VтT╦3r39дз:Э=%+@зкКtЦ5vў▒75зЭ4
(ЗэЖьо▐ %ых╓е48╙КЖл`AЯ(fН╞З╧ЁqъЖ  Ц-щЇЛQх╠Xdл═:Ч┼8В█,v╔ЫЪЁ┐tkЖ┘ОE+=√AВ╧\ё(З┬>ЦМЧWю╕X Ь9╒╜PT■рГяdИwФЗюA	л,iХ°╥щ/ИЦruхmЫF╔}°г?	╠П@╣Tдм{U▄J╒╠"Ы]f9ИoщеR+ДP0lАУKые╦ЯшyS№ЛЇ┌В,Л╞3пO·[о.▄Е8┤╙л-6лНоF╤u╚-ЕC▄O&ЗоJ▓[Єjkтd2hЎI∙н6░+л3*У]╦┼щKm+O1БЮДА ▐IxFт▐>Ч│1<Ж╡v0fВ┘╒G%╤Ы┌фou,╚ЄиЗg║в╧,бК\aвI:е█	yц│┐Н░[Uмн	/ПЭv╢qй╢_п@╠╕=оI╚Y`n╞#25@╦к╪кnп║ОНаФ$оrj√3┬a^┴L~$qИBЩ╤▐((у╝▀├╗ g=HЄ▀╠h"r╫;D╕щПхx╢А>цМCепB╝eгСH╞жЫЭЖ╛┤Ve╦▌xСIkИ]V√аA┐W┼#N4¤$ПpHy'╪пmЬ╤)╦#+▌╠У	┼W/╡╡ю╘Щ█gXюуе /ОqH╟^°╢ЫКg█─л3∙=░@°єzКОИ0rзMfD0x эюGуФ═xyзИгЬ3X·¤╩╛ўDУza2╡дЕJlПHщ.╫Gй∙7HG°$╪(▌√Gы╬ │XЛ┴═$,╒oЖ¤ш:@^УЬ░°]MЧЭз┘╦V0kaёm╔╔,┴y║Ю·а9Щ.6`°у╘(тh│aЭЮх2QDр┐jo╚4&ТG╓ЯМэrШN▄ЯЖУvLVиz·вўтZ╣╕0┼^d╨/┴╓Ду№п@╜°#,Dq"СъЪ[П┘Щ'∙П№WД╚В╫7╡ZФ|┘ЪtтbX3MD&DX╗╓СAбЭХ╤хYkФEс¤Эzй╓)=Д·{Ш╞═Ц*kе╨Ъ√є)▀S╛_?ЁШ╛#▄╢■ ╟ДЭt╬e√фЕЛНфЩ╘жгЧ=ЧMpLЇ∙╞uU7N═ШУXау╫-Щл№ёSУ═∙$rр╔3ИЇAЬЙ)Рx╕&╫я╙Є¤{hеН╡С─я6r╧ЦьOЩgв; ~NjнгKc╒ ╣	Fп─╞;█Т<v+KОЬ╖ЭxеЦкЗ5├Q<'7№Ч4>Хх!E>o╬l>/ЫК╔Cp X╨╗С|Ш╤╪h{c▓"ў▀С┤\
лўnY№ ╫nЁ╟Яа▌░E╜╧1MЁjГpД═┐c/∙|фО.╩=!Eщ║d/0ЭJ0╠t╫Ш╫pм■CО├╓3№°Y,&КPp-О*mБ╩ЦА~░A╜ЙEйЙйЁUСЁu](Iак·ыцGЮюШT═&╣▒зъ╫╕ы║ЇBY5║ж?╓ш░zO`■Q╒\#И╜Ж-├┬┌о▄_ЧмШ9l_ЫеЧ[Ўйaчб[╝▌╔╣kDMyЕГzэ╖╛рКЛ╣YCWП.╖°в5b№@5GрЁ╔▀╘ьyj^$╦д╫А<╩&8БУИ? В╫_sЇ╡╨Э╢=5J╣Жj7.ОI37
В(Е9╬ww7вщъх/9ц4░шз╞$рв▌WWtРт&/?■ ДkК#]ч7┬2kс6VБ░╝3╫M▌ -Лы·<XEїК√Д<P*ДЖ|1uє║вгАQИ╔вg ╧T╚╦эЁ$╙ё╛╦¤╪╗7AТTў┘RєTиЙKc+o5ЭУХ!}╩Ж╙X Д┬?ьАP;Уё╩C╬ДЫЪ6j5{ЦB$╦tэпb░п*zз№$/╨<Eж╡0GMюФ┘─dШAeK┴├ЎqоЭ9 =ОщТю│[6`+И▓Ф ?йЯ2.╗5дцE╙p▒и∙╠╓┐р6^:Ч5l_~jё	*ДEц#^LB{ZJ▐'АBCEу▌╦╗O╘ &л├0eзТb°H"[╡ь(─	МrА┬╬I/┘З┘цМE┼я█╔pГ│s\,?tв┴бЯ8А)къ-ЕЕЇ┬а╬єp}Og▄к Ёzфу▄╬ЄX°dЁў8:kуMз├Й(√t┴эХX╥3ХБ▌Жx}K%─Ё╟ЧЩnpГoubж.Ч#&Кш№йc▌╔VЄр▄б"> .Ўє╨УR@в oЁВЖ¤Nx'(пСЎ9`║4и°┐H1Тm-■Bо%VИПgЛў_СНK/|EжWСЗ╜fVа°╜L+рa╠№КЩ<нlК╫╒H╟ЕY╓W~Т╧X9╚Г╒╞ ``╛йї╘У─2ўшdj^Wy╨UjUC╞
~]Ры┼@)д@.Ag╘╣л╛Ob@w═ў@╩УЧ ;бT7╗цЪаЎч∙ф√KЇЯ╛Н═╗ояЗю║Ё╘Y∙]и¤ШХ?.╢|_B!-gNъ-.vqс29▄ыW╚Фsрwэ>#Д╫d╠└Dпжд║√EИдЄ╪нf,Я▒/ZPВ╕ў┌OьYЖ"вБФjkе¤\ы0З?K╕ЧщО1bяА╔√с╚gГ& └Ч~o▒┘[Ш<(wМ╔тЖ╦J_,┤H]	HБy.ТEМШ]}!eCї┤3G░)┴╙,/Вk╢Щ@ПO2╒гХ┘▒жRlJ─╙3e╘xЎ4о╓зZ@	т│╝#>╔╢r╢еЪС┤╙Ы ╗╩└[┼Їu`НiоЪrцPч-к@#Л╖╬у║╟}T9qд$╧КVыщ·╟ЁР╥тЙQзFуY╣ ╟{б╖█тс═dзbN╕ЩьViI8aKфКдаб.ЁъО╕ЇS-М╖╝ъS7╤TeM7╤╦1фєsЇ]■/═Яz?ъ░ё]ИЫ	_1И═жK(╥К6Єg╧IDинh
╘╧	╢Bц╬S]Ё>$H░h░zя2╚о&jЄЄ▒ж╒FЯАt╞]▀Ю
╗ їВЕstЄkОА╙qнхж╨─:-~┤и\4a║{`qЁjПw║╠K▒╩тAc┐Су╡ЫЩЕ╙jЗP8ёў▌Ю╞··Ч>┼зN@ьb1тW╓DOz╥`Pш┬6VРe%эy,rц√yyXp°}
ёЦ"╦TЦ0╔г*FjM┴^р╣"╪йsв?Я6г wю┌√vI9П2УyЛ╬i:▌4║]Г╕ ╞a:g┐▓d¤■ъф┴*А2>╬IwDмr▀╙╣х█М\┘т╢ўА,иИ10ЕЯПщ]┤К.e)а┬ uь╟G║МyХ№┼╨l=5cVкИ▌иcО%Z╖$▐╗╨ш$?ь<ыМЄ╥кWdт)└╤√аз╘▐K(v▒oл!IЧЛMЖ█e=e╝-╠u+▌щB▀8ЁRБjp`│└╩М└y1US%┐=(#IзБ▐OR║!Ч┌З\Ш▓√ВЧPYЖъсZ┤^┌▒┬	)░К>н▀pc║└г~tg>W║kН~=┤│C╔я* ЄQC7у┴Ц
nЁшбq▀Gpw№╓▌▐$ЬЖ▓є8dо╓▒сt`ЩykВ Щ9┤а_-╡√q(Зо_┬л$M╜ъДna,│нIй╝т╩╖snЇ├╫·uЗ┴EСЛm$G9bо¤л╫u╜▄
(WэЬтDz*╢{\ДЗf╩*╞ю╞╕2шЛГЦ╠%єe╟WЫ
mш$┼&Ю▐Бх>-j┌▓Ё#╛чXе&/^К)E╦**oС╢;~▌xЪ╜╦]ц·п2┘АX╔м╫п█'пFдiК,Д┬s░)a║ov ;═k└■─$ЩB╫л╠K╜ScЮ;■╚а┼л#С=цD─Ё╞	■·З_)alBЯp a,:QjFл╞┼гl=yЪЛ╠гtOR9U)оUqИпЖ;_бJJе.g╤Д█╔▐┼bГrPЙ6▒ бU4УТ/═r╘5+!jФ╚ї▄pыnАчШмюТЄ2┌Z╘@W╣Фkь=╛kд▌ПЙ╜╪Nd8фЗAю'╧<Y┐кB#└c│р =ИCВЖZЫ╦aspцўЖ╦ Qoцt┌LЇЇo{е\╕&РЯГЭ╝cе HOB┘·З▒ЦюdМ`ц╤0ч@k╓AI$_и▄YР┬#ииxNyE%3|├√Ы─Ж╨vR\ЩФ▌}╕┘фVFРvCCgMж\UPбcўПqoйdС=¤МюtP	ц╓_Н°]╦▀lУїЄ=n╗°─аз╔м·╟ЫсУЪ~╟р,┘k$П#a╧Р ░ш╒uКаз43@B╥_)x┼4дН¤зЁЕd\b>Nc╟ЙМшБ╞Nкi┼╖√┼·x┬XaЬh,ЮЎдUеЖU╧BЦИяощB<3╡╫▒╤яm╩¤oCц╥Є->╟ЪM·jуdB√={оxю,║m╥ЯаLL╙мnЁШхАА4Эm<╞рКЭa.clъ}█дG*nмп%|nBЩ_,┘Мmэ+╝╜ї┬Vv╖я`╗>шyфK9!∙YЇэФп├@Фн,P7К7а=!Г▒╝╓eSiKK╕Пт╨еЎ`N╝<&lЛ╞°▌╞=cсPK╟нIЩ5)вЫp4г]V╥ЧrёskЙWЄТш╗r21+>Ўk├Ыr▄8Pїwas╗4.mа>у*мxCдъq╣ФdE∙╥"┴рлєbhuщfg4╝V╜│#{Йj║ZзW╟Фдn9|є╫╕ю╣Mш╞Рш╘DnL*;Ўё·y╠ 5[xK╟ X╨╘кpE╬;СбhвЩG▀д╙]e0З╫┤ХМ7fgФ▄<ЭR]йСу)A║╪HъUДш·д,QQZ╤рЁ\рi▓ънQ;■╕ОЪНБХs╖.WX╕L'K└Фs¤Дyь7$╠ў№█	╬цQ]Лё▐╞bЭСj╡хЛJ/█╓XъJЇу}▀.^Y!╔О╗╬гшзрФcЦ╧▄ИhxА9▐бНФЖТФux╖┴"CУЇ╖c╬>d■┌ўЁ'╟Fф2Тy║6?╗s║|Й║GФЭ╤%"ZцЇS]╠√Ц
GРь┘+∙Т4xк3╦шl:`∙-║╧ЎФ▌┼pr?╥nф∙ЗОx H╞╦█Ц ЮBв$┐ИеwўhЦ}╖В╗q(бЯа2√█┼Ыw:ЧХW5ЄLйAV╪·LxтUР╔oЧ\─sЧи%<)Иcx▒Ў>З?po~└╠*еаDЗ├Ч\╞I╞<"╡Ф╚A/Y├Bы#Ў╠\▓ЁгФ┼> ╨sїЖО) ^dl┐Я3`aЖМў╕v cK<ф[t╘фьЮ`f_-№ВIac&ЯX6 мЩпPЧ┼bёaSf√)Юм{l╟╪ЇС┤K╔┌█Y7нб.вmЫ8Гb╦╡K╧╗А╒╡k4\╛█5{	╫_и[н'НънЩe`║АЄ,ЙРткQtн■╩	Оє╜.+╤ЕцtAт|/2xлPu│КЕ~є│k┬` ┴?TЇеsЗ╟√.╣kэЖц ┐/Э╖╕$нЕвIЬ7▐е_oVГ 7Я╫Ж&3Wm?╘W@л°┌NWO@XррнzXт┤┌eлК-~K.Й▄q╒S№\LtыБ,ЦD9 -У╝lA╞я╔ь&whцУP2кСBzMj/+6q├M╪аxX╧║k╖ с,<У╕РтBpQ%R╩Й╝>jЇХ>S╡d╬ПлЯ╖*ЄPШ╣Hp╒яK╪К/¤ShыnўХ┬┘zXв°Ыi6м▐y▌9▓4Ф╨!;g]╧~ЬВ┴¤A╚Pi╢@]ZAГ╞*^щЪRуфVFм"У&■╛гE@)ГЦ$╙Г╪в0┴ЇЕ░ЙБ╚ъh }г╪╚╜&оёЬh╘кЧExoНгefЇ}ШN]▓2eezкл╒Ц╕у╙Ъо\&╒O╢{кo)%ПO√{║ТP╢╥yгZД╤i┘ЖKЛc?tw╓:SWfJW!q_г▌буs▀╗p┌Mj▐╙О╞.есИ▌+h$╘∙ЖЛ╥m}н·К╕k5Ь─к▐├ёXдK│∙u╜┬╕ёd5A▌MUцДШ-Т╣(Ьaч┴л3╞aщ/ЦOмйю╝T}╨uHСVWБ Юq╗┼╟?ЦЭT>═ч4чW▓┬╥╖'Ў/KИБ╕7═Уф║8▒з┼ьB╦╖▓xОG NVz╖ЦQВNо╛[ЄD╕||'Ў▀бюЛX╫Ei[C\d╗:э*])mр─K:╡U&йBд'/┬zdб".ъxGоCН]b░Е4T~Д└бbЇlЙ┤6Lў!П╟ДЪОGAAo$чoСї'8╬ъВD+┬N└$·M3БцV┴:▒ЖЧEозAяPк├Об@─5▒\`хЗ ыlOЮк^╙tїwK ═?Є-Ж┤ё|ЮJ═╥п╠Gїи%¤╢
DGЯq0║РPmГqqЪ═ЄїwEрV5╤э√^х╖H└н	У╦иmоиъOi<wЇК╗╩=4hз>\СЛрnыАтл{рo9(э╩╧zTB &М├kЯU6АyAНэнolшр╝>ц▄╠`в@;щЩ─|W~C√Па!ь┬╪┴Fаж	ч╗╝HЫ@╤║JwP8ЎR!ИО┼Щш╤-B'ё:Ar`SЮ█г╤,ЖЧЁ?w
,НС=╣/FШШ'█╟4═V
╫о:шё(с8LF:─vH3'Є Е'G║▀З.k█ЯQаёЇэщ▓АЇ╡╡к╒└oьУr{уЄЛ╓ДЇ>·╠╠hJb╜█]hДЄm5й_╦вЁ▀╠mUУ╕Ю@ъAЧU\`вAЇв#╩]╡шН║З╥С╚;xyT╣Fтm╜О╢╧╛PлW.mRХМSeъ$vk)Н∙BыJ▌╔ °═V─_▀р╤2єЯ╟'8ЇЭСЇYi[cQiv╠┼Ф╜Т╓L╛╜▄'Й│╩M]─б*╔tЕ'┤Ьy4╥HбЄKv╠е╫Г*ьр/╥П╙(═U[5	8О~^ЖД?px(ач├ЗИыюнs№О-ЬYJвj7|T1г█/БBQ/п╒гmоЕчP║№sШ╜cў╠SВXХ╡КЎБ╒ВЙАE╧п5i"R)+к╖∙!Еи)Щ─5VїNРN$l─$лt3kЕ/Бx,Ь╙(ж·Юм╔╬·Й║╗ыeю{#(╓╟┌т"Ъ╝х╦TSзял┴¤c ▐Щ╤>єf╤.Ёс*Gя▌x┘8zє]К#Ыд═G1мн ┐√h▄$eЫ+o°▌	Р&у=}U╠y?aMI√ВyP╬∙ХcЧ( Рч╧Ц8┼lЪєЕН Л╣,■н╖╡цз╙VпZqТvb┌єлД
пO.V╕rеЕZ`ф╕_чRO├КМЇЮёш%,ёi╧ZдъkРхс╩XЄ>╜оБЁtЭOл0Bd╓_h▓Я7∙w╞"B^Sьst¤╩─vыїГ╛3▐кГ╪a;5ВЕYO╥▀╕╙░й-ЙЫФЖєQSQ┬IРXЫ╫їЙ/QJccЖ╙ж-zu└Jt>╤sJ╠Ъ¤╙kЭe╤:╔╕С/zВ5▌.╡ВAЩ╥<:┬▀Чы1ткd.╛a,wЦшm`лШ┴i"╢ф·ЖТ|CЗ╗▄-√(&┐╩Бf]─Ф╡┤╕╩Х 3о`╣╘ & ╣V D┘дRЛq5я╡√Io#┌Ъэ+╠jNsЪq▒¤We&╫ыШ·z╜Ю K╛K4┐*ФР)┬x+.╫O╞┌СУиЕ№ЩL┘#╦┤Uхgg>{/╥ЭхШБзBд╣oG╬1P╛D_Wф*U4Q┘Э░█?ак∙эp═aоеj4в{ЗЩъ╪-HbY9■╝узс.GC╩┘╜ї├&
Ь2эў2K╟ы┴├╨%лmСiIн╘OMdq#╩ЧЭїa▓╗(╓╙Ь-YЧ─/Сj0jщ2,а╗└ЫЮ[%iе<L╫%Vт│╣l>vёcxДЕнЦКЖО╓╝d√6)ё>Пbj▄kп$dznSЩ▐.╧╬(n@!l|■┴▐Г¤NAP╣Лрv?UФZl╩~║Е╒I╚WT[▌p}║№ыфM╓G8Л>YП┌U─h/[ЯM║v:┼J╬:$и│е0s(·аRn╒▐Д%╢.]DcЦ║│Ж╥лЕS╚Ў┼&УщЄtЭПeLY│F~ЕaЭV┌╝╫}НўmхжаJаo╝ёZXЮJzц█╥I@бPе║кtл┘╔e║т	Шь╜йM┴Ўт6СУW=■ф#∙~#╣Вl╩i\#№zИБдbJTА┤Фг└кwW┌┼ц"z+M■п░uЁwЖДTFї9N░╔[=ВЫЄY]╞│uWxШпФM·╫АТN╖г┬╟╬ЧsL]┤2в╡Н;N=г┤О╦▀Д%(5РЛР│EЮFЛю9╖Зs	Й:▌_~A"}Ft■кnы█х╧W+ЙЩх┬╞~и╘#~Р√·o╝Ур{l4▓А5W╢░Щ>№HYъХ╓╥вs+Беф)Н{&я7(┬ИШ╔─Сц╗<Х%Ў4риЧ
r·▓Ї-юlС2e╞СY▒[┐▌ВМаеТ¤#┴bBДn╜▒SЦеХ╥W -H{
╥Iщ░Oэ¤р═╗ЫпрКм─Т7кB<Тg┤╟√uc╘ї%═д>/gQv╚ciь╦║▓Ф
}Ёя╜fШР
аVW╖hвё+▐Ю▓~gKz{╜жtў╞ц?Яи_aл}╒~ё╧бЄg▌∙║T4Aа Є▀чЖєьДШ┼пЮк╦3е╕│╢q#Рш(пt▓ЗцпХр~fЗєB0║дТh2D]nэъ▀#╞Oь¤╥╡h┤¤ўfF'А.D7л╖7e┌ЎЖ#╨р3(зцфZ¤╢!"#╛{oдА,r
	v.gДИX├"Sжh╖№иу╗)7Щ2гЮ}}╙¤ ╞u}jA╣УжЁсфЎГ╦6yяШц[.°?-a▐";иА+╦i.■╧╛;¤:╢ицЧ╢ п)"wз9▐5гфЮ!J
зhЮLXtM[]в√1k√YdЮф╔3█n╟N┌%IgEQsї╚eЯuV∙╩';rТdХн·х[╜bСJ$;д$:▄═аёmёЭшВ6│╡Е%ЖзХ°bзN*bV╗С▐нУНDKЮRЩ;Бэ&Z╫8тЕ(ЁA╫█mk╢[їЫYЗ4{>А$╬4Ў▒iЕЯbё╟г]БжН	√FШdmЯБП┬Эу;┤`░y╪г┌3Зd╝╖z;∙╤H╥ЪО%SВ█чhГЦz╕Bъф▓ь/U╦EXй#▀╗╕U▓чfЫSъИM╡сщ┘╔q╫`(gE└Х┐hARр╕Ч2вf╧X╧W3├F═.╩PЎ7Є	╔ЙXп,ы╤кю▒Ё|щ'╦wЕ^C33╣ъM9ХUв╡ь∙in|V#п╖HXПъХ_юуr╔LГХ,f╓i.0Аы/ёOК╫bЫ¤аЫMШнАlКЁe№0 7И<вЭ1═ЭiзN╓м╣┼М'qLО~╔▌ыИ¤rs'║z<гхC╚Ъ0Х╠{6╡▄╪U-if+┴EИtB▓u·7РЗ"▄зdm_@}двK╡Yз:╔ОwщK├q:Sр%╝<ГЇм:¤Съi╗}o0`╘П G$VЎ/|G6┴Лё~(sLмбЎyфЫЖ°rEПУ^Bg╩/[єю╥╘vUA+╦└5ъуд▐CЎd3p+Y:т OЯХ╪]HoЬC
Jп:"№╔т╥Q╜$╝jvn<ф8┌╟DЄsпB│ўEHB~ъУ╙╗|	|]CЮ°▒┌8ЩОН!$oСЇ│╥Ї┐зйB}\M5X2╫B1lC>Ы\4Vу╚л╓▒Cz ,g╟\К}╧╥"звуЯЛРрвмЪ√е▒╠-э1.╧`Ш╠Ж╬]╩Ц6z╡╛>&░эьMЛ▌2uВ╖╓е9┬ЖЭ$I╚Ж1├╬ы╙(GxmзWя╘═Ф┬ЁatЮwХyk╗█ШмКаї░		Н∙д■┬ю▓ЙОK╩_И═|R░=j/▒MгТчсkЁ+ZbЮи╘ ёАу1Q|╣+<зc4юh│┴Б$ПФ3ЧР"*╦G; *N╥тPg~?S▓╝ц.N0ё@л┤╖_╟Фm┴ўЁC╨ОёЇyz\╤▌мй
ФЎёmэ0TйOЙl═7┤ИM$╛ЇюЗр8ЧjМ%ї.Y╞AXЇСБ╕г▄@@mы╢ў&9a9╣▄яДsu(╜T?Y|╗RР┬,l√л*k─IП╜Iш?\ФлщИ"а$є╫Y(?фFЪLЇ╙гv└i├'з|д:KjЭ	┼Д<У╗╦╖v7л¤╗У!>M#Ї╕Ц■2Ф▐*╢  HCКRавv╣ШЁЁкP>еtє╙ШБG^XКзЗd░хїПкl_∙сЎ└─P°╨шG╙O{╟BF,шPО░g"&Г╒░a╥м╬n Jхc	▐E фpR1░8:Елк╔═╖Гї,Mщ╫d▌6О■╛v╗n`Гучу*ї╒N;ц╬fKKmn|└│м╖tй╗╚√Е┼8МДzии╪╟╔Щ└co4?▐^╣3MК╒#┐Ds╗2ЁЙВў'_#╨ }▒Йщь╫`Я0JшЛ┐сцеd║┤┘╒Ь[nVnєшJ╥еPоЬ╠╬q5▄аz╔Цl▌ ?п╧XYo∙]щЇАЗн╫д▒2fx║"TЫнR2чa┘M▒─Sk <·╛ШЭ)Aш8·X┴в9╙яЩЬёЪПe█^вM└╦╨║:/7Р&H│%.ф[╤бAМAЄян│├?a▄A?$├╧╞═P<Н\9|у]kО"Ў'6W╓эвP░└6PЧ╢|ы╡ыэNp╣еаDМ░▄г░Q┴ьоЭs,:Кd▄;├ЫJ└IТ╩▒юЁ-▓s7Б&Юp'√ъ'ДэT3[йfHГ├щsД╝	|╕Ч3╥С╤╫
Ы╬ЬeЩ╝╔3▒О4пy¤ц<ж.-Н√КD]▄▀1р8Ў┌Ч6r;╙╝гЁCZ°╚иv╤пФKрлАV╟оЧхR╞}п╖гW┼С▓MO+╝TРЕJМXи_@√╗│СVKвлъ┴№ь┴╙Д|┬╘mNt0$Dр╤uFФP╤эУ8ЎM_═Т┴╬о B_Y╫л>t╩╫╦7╒╔В.К╚№ЁЦо╘╔О ╕3╙╜1Г{ЪAПОI)╞░{ЩUБ┌тшє┴DJуT	]вТmтЎд5B─>║U]Є┬.╒Рn╞m6э∙╔▀┤{ы ▄;┘]Wf╥фQжйmf"╠n╪░ааяжИ╡РI}zi"Яъ/6╘фо▀°╬╕*5Ь еАuGйsф)│Т=д-бЇЧ╙5|╪у[>ЗЫ╜ышcОзm1=LОв	N{з░▌┬$DWТР`вЕ}ъTTаgD>mT╟/Т]ўnы/│zaнY╟Wл│·╕ш╬;Ўaнt╬У┐C╡FПqJb▄╔GЁ╬╠xUgХR/O├:Їq ч═[j╫э&	GуД¤rе║0х=Eiё╚4█YE╤{=rNni 74╞я═ЪC=Ы▀}╩│╤щ(<f╒РU█щоПнeG╝эз├╕М╗w╪дГТ╬ G.╦К"зHm╨√oD┐тИЦV>J4сAГПrd+├цGаищ7O╗5:4+Э∙ш4VщЧr╗Ж{cв^фЭE1'k█Н─╘ р kЫМТcИёьxg"р╞т╢ъ %═'Vnа▒0л)є░║zЭюaвI1ф@[}╤¤?╛┬¤lD[B,MЛ╔Я╓╧?'B|YieьWl#w6|ўTv+┬RЕ ╩+,гo[5fа▓я^╤Ш$и@╙еП╒2├;E1^┘1
ч╙▓╗ЁВJ╫▀Хs/-&еимM"╥Л╓{кa ЦЩїSї?д╛┤+лnС4дD■└╙▀g╥лT/Д╨n°Ж├ПG·╔?A╗ щї╚?▀n8Ъ	BФЯ)├┌╛░УwЮЖЧгОC^╡ЭгЪН└Вю╠╔╒З7ы ┌ДhАa9№уЮp^RС_╜╧(є!цЯ@/ъ─ г АQ№┘)}iЇУ╚т╝Б╛#Ё╘sК┌qpж╖VFП|_Ё╒°ё-┼UпLg┴K├сkа╘лХsўC╗╙Юв ╕	╒щЛ░Я;╩вЪ=╖9 фєЬ	
QQ┼х╩puДWВ3qMЙF╫╟г[■vГYўё#╦б#UЮ	Ж█N┌[╠хH╞ЖeХєc╪№уГu┴w╙╨Г▒XX╩ЛеP║╤╗ёl^ └▓PA╟ ШXИp┘\зю\ит╙c&Е▒ЇjЄ5─Ц4ьЬjs▒┌BR╗РЕxЁz╕['╦╨═ыFй■ща[▐bK0ъMп"Юч▌_@7!ыьpw·.─2╗¤╦№Фф╘Xьl─Я|B╙дьГ@С░фщз$й╪т,П╨╧<│"+p╬╒Ssu;kР.╣)S^М┴РSяч>Х!CД╗╡vа ╖╔ЯdЮ@0╕╥╚╟ &╘ ╣аIЮЭ;vKTчЯЮ;a║oФG+Udk▒R╢EDЮ╨8окtы(╒vиЧnK┼└МQ╜a?Т═╫гj╡Ї╒╛│╨╥РWRХ,же╪Ъ╔\t┌╤ж╟$гLDюH│>▒*hGЁц┌yн Є╨ыl╣┌▌L╓Ж▓Ц│.ёыdтХЎ╓У.╣цЇaba?P╞│х'sпAёЄ╧ё╔'-ф▓"i▀6╫Л=Bв$zа8bc┌1r4 ┴▌#з[ж№╟hпа"ИBbХЯЙ?|iHёTЖ╥NЯQЗb√М3╥№|ДЇ╢9▓Еn.Я│~╫[Юz|╢qЁмT@%ы╥дЎu--FъўGз┤мё3│╙г▀ щ·YлэrЖР√▒╘ЦЧЮBЮР+єВЁ@нкмцyIхжЖk▌√┘Н8,|╬╥a5;└D
┘єPPsmGБ&ої╟╓EN
#╚Ї╟╒вlQ░ку├6vsIPчСF#zSА  кн║╪*Dж╪ЩM╨╥яС9╥\ЎЕsvїM_┌╖hE▌N[╣щ╬ JY╨} J╪√~f░{С▓PQ}мПк ┴.╕]ki@╫ЧT,_║Д=А│╥▓╡eнЗ╓|\wО2°■Хєц╠┼ы╒BЧ-▄и╙$ukти∙№[═ki7щ+Vf5~P&?y┤FБ╝С ╦yrрох░!>№P0└Q╩0╡?сЁl▒Фвв┘жЫcМ╜X║]╥ЇЪЛ43╩╕ЛoAЯS╠P├<╪I"ЗfX¤й█Ў8МК+б -нM:Lюц╜с]kё*С▒ЛNQє■{CБLсG}░┤│длVYIB+R┘■╧диKоg╔WK░6дз╢7k▓Ў╟ГйЙzcО-╔Ъ! 	,ПWеЦ~дo1▒╞ъ:FЯ%dЮЬ╒№tкЭФ)b9┼с6G╓╨Йq5·6<V╔·╟Н╟██╗Jж╠/wylЬuqWbм"вH╙Tе▄'Qф┴╩Ч*;Uг╘оl~'▐]hщ│`єjaNCў|	!°р╣Є#qЫyї1:Т-ИА3╖xу-п│ЛЯ─╥gъL/еUV√}Ў1 ИБш╞_╜РЕЎЖvУ&┐K8 _n┴(В╘Ї╡XётЙ╩0I34╛Д╢▓Дx│КH·╒r╞'║	╤ЙЗц╩┘f╤║E*f╒╬LГoьKАvщ·у╕Щ╔╔,В╨№ ■Yd┌SЖ+sУъ╪ы╓▒=П▒Ы╢╨ё▌сm`д№9?@┐┼╟ЧGя д·@
Ъж&qЩ\а╦SgГРЗnх╧┴їqpm╣kqX┬бшM(╞Wд=
√ЖиKйхк├╥├JЪeЁYDgЦ║№8:╕93┬N╖kуєx{5юЯ╓1*ЮG`юЬ┌┴Ш└|t%]■R@N°Ъ┌┤╞И№ў3с│ФЙБ∙┼╫У╕(F/7цWyl╜тЙ]╟ё█ч6GК1}i?╫WEЖ░sыН│XSпZ▌╥╟═╨A─ЯqoY└wржЪ\ioНЄу(╒'вхJёФкзЭўЗc┴ў]л<Хч═▐
ЙПcУ?АЭ_╜▌_Ж▒нB√FE█'╡rХ@┘8д─Qdр╝в┘▀╥ХIG▓╪ФX.ZЭЩПi┤╖╫эХE}ГQХбу╥╜э╣╡Ў7╤.чER╖гшд}=Эv√╟втkАy╜!-%V\o╦ТЎЖ6ТT╒РWUHgЛ,лW0L'╞╛ ╟АыЦ∙╙е·a/Цs─((Ih^ЮЄ■Я┴аZ▀№л	ЛwmШXZЖзAЎРПвkAу?&╜e(Чкиw▓╙╬мy╫QЦн@%в
$Kв╟Nф╘НbS╝╓k▐9~gbce(z┐╒Ф╘Ў[K█]Ы┤О┤uF█G ╙6╧[╡╙лъ ЮЁАЮj9k`ъ┴ЩыxЫAu>╜■^ж╠└╓Qп)╧─8Жф^зц	vg╬%кvcsE╧##ЙЛ_їь<╥./%╕жё:┌oъ╕J 6_(лх┼ZX<АП▀С╦;╗├FМмP}MeНf┼$uИ[Yл╒╠Ф║f{ф~ 	N"S╚зЬ¤╒└┴╕и?└Уi╗A.╖DдЖSlю!*Щ9E∙╪D4~т(^,ьRАЛX╔n¤ВоN╝кJwсф┴2TH!н┐√$jQ╠hх▓MRБ/U86░kГпUЎ5РuRЦЖKW╛_ QЎ┤ё	╙╩r═ч$Ж╧U┴Єу├OГ╠А)Л─П╖+ъr╢NЭ╘╓И▓Л░№║╓Ж╔Ж╙Фcig9╨╬▒ ;▒╧Bc/▌#\╛?`jї8:д?╥9UHАь\nvaыOl▐ЦЮ8E6аЎ▒ё@=лp╬+SУ┘═╘ш▀¤D.└ ║)$r8╖├╬д▄╪Ц╝U╕▌wВАюk
P├цSг|#Лf:▀<ХB╪'∙сm|vгHv┴]pяж JГ<{Г╨JўуtБЯьЛИg0╒╨9█═╤z Ц<ьхyДd)ГФ;хs-▌█Щ¤wГ╒\▐ЯS	0Ы)жz№rЎZ█┌aTnшн[ПЎ+Ч6В╨PЫНA╠я}ыХf,KOk¤КцH_У°╘n&П~yФK▀╥мQ-∙     \ёР┼М▀q╪M╢▀Eхтvlг├знTЖ╛ ╙^ыЧG8о Б╓╞ HY=т╢щ▀    
YZ