(typealias nscd_var_run_t)
(typealiasactual nscd_var_run_t nscd_runtime_t)
(roleattribute nscd_roles)
(roletype nscd_roles nscd_t)
(type nscd_t)
(roletype object_r nscd_t)
(type nscd_exec_t)
(roletype object_r nscd_exec_t)
(type nscd_initrc_exec_t)
(roletype object_r nscd_initrc_exec_t)
(type nscd_log_t)
(roletype object_r nscd_log_t)
(type nscd_runtime_t)
(roletype object_r nscd_runtime_t)
(type nscd_unit_t)
(roletype object_r nscd_unit_t)
(boolean nscd_use_shm false)
(roleattributeset cil_gen_require system_r)
(roletype system_r nscd_t)
(typeattributeset cil_gen_require initrc_t)
(typeattributeset cil_gen_require daemon)
(typeattributeset daemon (nscd_t ))
(typeattributeset cil_gen_require domain)
(typeattributeset domain (nscd_t ))
(typeattributeset cil_gen_require security_t)
(typeattributeset cil_gen_require sysfs_t)
(typeattributeset cil_gen_require selinux_config_t)
(typeattributeset cil_gen_require entry_type)
(typeattributeset entry_type (nscd_exec_t nscd_initrc_exec_t ))
(typeattributeset cil_gen_require exec_type)
(typeattributeset exec_type (nscd_exec_t nscd_initrc_exec_t ))
(typeattributeset cil_gen_require file_type)
(typeattributeset file_type (nscd_exec_t nscd_initrc_exec_t nscd_log_t nscd_runtime_t nscd_unit_t ))
(typeattributeset cil_gen_require non_security_file_type)
(typeattributeset non_security_file_type (nscd_exec_t nscd_initrc_exec_t nscd_log_t nscd_runtime_t nscd_unit_t ))
(typeattributeset cil_gen_require non_auth_file_type)
(typeattributeset non_auth_file_type (nscd_exec_t nscd_initrc_exec_t nscd_log_t nscd_runtime_t nscd_unit_t ))
(typeattributeset cil_gen_require init_script_file_type)
(typeattributeset init_script_file_type (nscd_initrc_exec_t ))
(typeattributeset cil_gen_require init_run_all_scripts_domain)
(typeattributeset cil_gen_require logfile)
(typeattributeset logfile (nscd_log_t ))
(typeattributeset cil_gen_require tmp_t)
(typeattributeset cil_gen_require tmpfs_t)
(typeattributeset cil_gen_require pidfile)
(typeattributeset pidfile (nscd_runtime_t ))
(typeattributeset cil_gen_require daemonpidfile)
(typeattributeset daemonpidfile (nscd_runtime_t ))
(typeattributeset cil_gen_require var_t)
(typeattributeset cil_gen_require var_run_t)
(typeattributeset cil_gen_require systemdunit)
(typeattributeset systemdunit (nscd_unit_t ))
(typeattributeset cil_gen_require var_log_t)
(typeattributeset cil_gen_require proc_t)
(typeattributeset cil_gen_require sysctl_t)
(typeattributeset cil_gen_require sysctl_kernel_t)
(typeattributeset cil_gen_require proc_net_t)
(typeattributeset cil_gen_require bin_t)
(typeattributeset cil_gen_require usr_t)
(typeattributeset cil_gen_require device_t)
(typeattributeset cil_gen_require random_device_t)
(typeattributeset cil_gen_require urandom_device_t)
(typeattributeset cil_gen_require privfd)
(typeattributeset cil_gen_require etc_t)
(typeattributeset cil_gen_require etc_runtime_t)
(typeattributeset cil_gen_require filesystem_type)
(typeattributeset cil_gen_require autofs_t)
(typeattributeset cil_gen_require inotifyfs_t)
(typeattributeset cil_gen_require shadow_t)
(typeattributeset cil_gen_require nsswitch_domain)
(typeattributeset nsswitch_domain (nscd_t ))
(typeattributeset cil_gen_require netlabel_peer_t)
(typeattributeset cil_gen_require netif_t)
(typeattributeset cil_gen_require node_t)
(typeattributeset cil_gen_require client_packet_type)
(typeattributeset cil_gen_require port_type)
(typeattributeset cil_gen_require tun_tap_device_t)
(typeattributeset cil_gen_require syslogd_t)
(typeattributeset cil_gen_require syslogd_runtime_t)
(typeattributeset cil_gen_require devlog_t)
(typeattributeset cil_gen_require init_runtime_t)
(typeattributeset cil_gen_require console_device_t)
(typeattributeset cil_gen_require locale_t)
(typeattributeset cil_gen_require default_context_t)
(typeattributeset cil_gen_require newrole_t)
(typeattributeset cil_gen_require user_tty_device_t)
(typeattributeset cil_gen_require user_devpts_t)
(typeattributeset cil_gen_require unpriv_userdomain)
(typeattributeset cil_gen_require user_home_dir_t)
(allow nscd_t nscd_exec_t (file (entrypoint)))
(allow nscd_t nscd_exec_t (file (ioctl read getattr lock map execute open)))
(allow initrc_t nscd_exec_t (file (ioctl read getattr map execute open)))
(allow initrc_t nscd_t (process (transition)))
(dontaudit initrc_t nscd_t (process (noatsecure siginh rlimitinh)))
(typetransition initrc_t nscd_exec_t process nscd_t)
(allow nscd_t initrc_t (fd (use)))
(allow nscd_t initrc_t (fifo_file (ioctl read write getattr lock append)))
(allow nscd_t initrc_t (process (sigchld)))
(allow initrc_t nscd_initrc_exec_t (file (entrypoint)))
(allow initrc_t nscd_initrc_exec_t (file (ioctl read getattr lock map execute open)))
(allow init_run_all_scripts_domain nscd_initrc_exec_t (file (ioctl read getattr map execute open)))
(allow init_run_all_scripts_domain initrc_t (process (transition)))
(dontaudit init_run_all_scripts_domain initrc_t (process (noatsecure siginh rlimitinh)))
(typetransition init_run_all_scripts_domain nscd_initrc_exec_t process initrc_t)
(allow initrc_t init_run_all_scripts_domain (fd (use)))
(allow initrc_t init_run_all_scripts_domain (fifo_file (ioctl read write getattr lock append)))
(allow initrc_t init_run_all_scripts_domain (process (sigchld)))
(allow nscd_log_t tmp_t (filesystem (associate)))
(allow nscd_log_t tmpfs_t (filesystem (associate)))
(allow initrc_t var_t (dir (getattr open search)))
(allow initrc_t var_run_t (lnk_file (read getattr)))
(allow initrc_t var_run_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow nscd_t self (capability (kill setgid setuid)))
(dontaudit nscd_t self (capability (sys_tty_config)))
(allow nscd_t self (process (sigchld sigkill sigstop signull signal setsched getcap setcap getattr)))
(allow nscd_t self (fifo_file (ioctl read getattr lock open)))
(allow nscd_t self (unix_stream_socket (listen accept)))
(allow nscd_t self (netlink_selinux_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow nscd_t self (nscd (getstat admin)))
(allow nscd_t nscd_log_t (file (ioctl create getattr setattr lock append open)))
(allow nscd_t var_t (dir (getattr open search)))
(allow nscd_t var_log_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition nscd_t var_log_t file nscd_log_t)
(allow nscd_t var_log_t (lnk_file (read getattr)))
(allow nscd_t nscd_runtime_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow nscd_t nscd_runtime_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow nscd_t nscd_runtime_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow nscd_t nscd_runtime_t (sock_file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow nscd_t var_t (dir (getattr open search)))
(allow nscd_t var_run_t (lnk_file (read getattr)))
(allow nscd_t var_run_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition nscd_t var_run_t sock_file nscd_runtime_t)
(typetransition nscd_t var_run_t file nscd_runtime_t)
(allow nscd_t nscd_exec_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow nscd_t proc_t (dir (getattr open search)))
(allow nscd_t proc_t (dir (ioctl read getattr lock open search)))
(allow nscd_t proc_t (dir (getattr open search)))
(allow nscd_t sysctl_t (dir (getattr open search)))
(allow nscd_t sysctl_kernel_t (dir (getattr open search)))
(allow nscd_t sysctl_kernel_t (file (ioctl read getattr lock open)))
(allow nscd_t proc_t (dir (getattr open search)))
(allow nscd_t sysctl_t (dir (getattr open search)))
(allow nscd_t sysctl_kernel_t (dir (ioctl read getattr lock open search)))
(allow nscd_t proc_t (dir (getattr open search)))
(allow nscd_t proc_net_t (dir (getattr open search)))
(allow nscd_t proc_net_t (file (ioctl read getattr lock open)))
(allow nscd_t proc_t (dir (getattr open search)))
(allow nscd_t proc_net_t (dir (getattr open search)))
(allow nscd_t proc_net_t (lnk_file (read getattr)))
(allow nscd_t proc_t (dir (getattr open search)))
(allow nscd_t proc_net_t (dir (ioctl read getattr lock open search)))
(allow nscd_t proc_t (dir (getattr open search)))
(allow nscd_t proc_t (lnk_file (read getattr)))
(allow nscd_t bin_t (dir (getattr open search)))
(allow nscd_t bin_t (lnk_file (read getattr)))
(allow nscd_t usr_t (dir (getattr open search)))
(allow nscd_t sysfs_t (dir (getattr open search)))
(allow nscd_t sysfs_t (file (ioctl read getattr lock open)))
(allow nscd_t sysfs_t (dir (getattr open search)))
(allow nscd_t sysfs_t (lnk_file (read getattr)))
(allow nscd_t sysfs_t (dir (getattr open search)))
(allow nscd_t sysfs_t (dir (ioctl read getattr lock open search)))
(allow nscd_t device_t (dir (getattr open search)))
(allow nscd_t random_device_t (chr_file (ioctl read getattr lock open)))
(allow nscd_t device_t (dir (getattr open search)))
(allow nscd_t urandom_device_t (chr_file (ioctl read getattr lock open)))
(allow nscd_t proc_t (dir (getattr open search)))
(allow nscd_t proc_t (dir (getattr open search)))
(allow nscd_t domain (dir (getattr open search)))
(allow nscd_t privfd (fd (use)))
(allow nscd_t tmp_t (dir (getattr open search)))
(allow nscd_t tmp_t (lnk_file (read getattr)))
(allow nscd_t etc_t (dir (ioctl read getattr lock open search)))
(allow nscd_t etc_t (dir (getattr open search)))
(allow nscd_t etc_runtime_t (file (ioctl read getattr lock open)))
(allow nscd_t etc_t (dir (getattr open search)))
(allow nscd_t etc_runtime_t (lnk_file (read getattr)))
(allow nscd_t filesystem_type (filesystem (getattr)))
(allow nscd_t file_type (filesystem (getattr)))
(allow nscd_t autofs_t (dir (getattr open search)))
(allow nscd_t inotifyfs_t (dir (ioctl read getattr lock open search)))
(allow nscd_t etc_t (dir (getattr open search)))
(allow nscd_t shadow_t (file (getattr)))
(allow nscd_t netlabel_peer_t (peer (recv)))
(allow nscd_t netlabel_peer_t (tcp_socket (recvfrom)))
(allow nscd_t netlabel_peer_t (udp_socket (recvfrom)))
(allow nscd_t netlabel_peer_t (rawip_socket (recvfrom)))
(allow nscd_t netif_t (netif (ingress egress)))
(allow nscd_t node_t (node (recvfrom sendto)))
(allow nscd_t client_packet_type (packet (send)))
(allow nscd_t client_packet_type (packet (recv)))
(allow nscd_t port_type (tcp_socket (name_connect)))
(allow nscd_t device_t (dir (getattr open search)))
(allow nscd_t device_t (dir (ioctl read getattr lock open search)))
(allow nscd_t device_t (dir (getattr open search)))
(allow nscd_t device_t (lnk_file (read getattr)))
(allow nscd_t tun_tap_device_t (chr_file (ioctl read write getattr lock append open)))
(allow nscd_t security_t (filesystem (getattr)))
(allow nscd_t sysfs_t (filesystem (getattr)))
(allow nscd_t sysfs_t (dir (getattr open search)))
(allow nscd_t sysfs_t (dir (getattr open search)))
(allow nscd_t proc_t (dir (getattr open search)))
(allow nscd_t proc_t (file (ioctl read getattr lock open)))
(allow nscd_t proc_t (dir (getattr open search)))
(allow nscd_t proc_t (lnk_file (read getattr)))
(allow nscd_t proc_t (dir (getattr open search)))
(allow nscd_t proc_t (dir (ioctl read getattr lock open search)))
(allow nscd_t sysfs_t (dir (getattr open search)))
(allow nscd_t sysfs_t (dir (getattr open search)))
(allow nscd_t security_t (dir (ioctl read getattr lock open search)))
(allow nscd_t security_t (file (ioctl read write getattr map open)))
(allow nscd_t security_t (security (check_context)))
(allow nscd_t sysfs_t (dir (getattr open search)))
(allow nscd_t sysfs_t (dir (getattr open search)))
(allow nscd_t self (netlink_selinux_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow nscd_t security_t (dir (ioctl read getattr lock open search)))
(allow nscd_t security_t (file (ioctl read write getattr map open)))
(allow nscd_t security_t (security (compute_av)))
(allow nscd_t sysfs_t (dir (getattr open search)))
(allow nscd_t sysfs_t (dir (getattr open search)))
(allow nscd_t security_t (dir (ioctl read getattr lock open search)))
(allow nscd_t security_t (file (ioctl read write getattr map open)))
(allow nscd_t security_t (security (compute_create)))
(allow nscd_t sysfs_t (dir (getattr open search)))
(allow nscd_t sysfs_t (dir (getattr open search)))
(allow nscd_t security_t (dir (ioctl read getattr lock open search)))
(allow nscd_t security_t (file (ioctl read write getattr map open)))
(allow nscd_t security_t (security (compute_relabel)))
(allow nscd_t sysfs_t (dir (getattr open search)))
(allow nscd_t sysfs_t (dir (getattr open search)))
(allow nscd_t security_t (dir (ioctl read getattr lock open search)))
(allow nscd_t security_t (file (ioctl read write getattr map open)))
(allow nscd_t security_t (security (compute_user)))
(allow nscd_t self (capability (audit_write)))
(allow nscd_t self (netlink_audit_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_relay)))
(allow nscd_t devlog_t (sock_file (write getattr append open)))
(allow nscd_t var_run_t (lnk_file (read getattr)))
(allow nscd_t var_t (dir (getattr open search)))
(allow nscd_t var_run_t (dir (getattr open search)))
(allow nscd_t init_runtime_t (dir (getattr open search)))
(allow nscd_t syslogd_runtime_t (dir (getattr open search)))
(allow nscd_t syslogd_t (unix_dgram_socket (sendto)))
(allow nscd_t syslogd_t (unix_stream_socket (connectto)))
(allow nscd_t self (unix_dgram_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow nscd_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow nscd_t device_t (dir (getattr open search)))
(allow nscd_t device_t (dir (ioctl read getattr lock open search)))
(allow nscd_t device_t (dir (getattr open search)))
(allow nscd_t device_t (lnk_file (read getattr)))
(allow nscd_t console_device_t (chr_file (ioctl write getattr lock append open)))
(dontaudit nscd_t console_device_t (chr_file (ioctl read getattr lock open)))
(allow nscd_t etc_t (dir (getattr open search)))
(allow nscd_t etc_t (lnk_file (read getattr)))
(allow nscd_t usr_t (dir (getattr open search)))
(allow nscd_t locale_t (dir (ioctl read getattr lock open search)))
(allow nscd_t locale_t (dir (getattr open search)))
(allow nscd_t locale_t (file (ioctl read getattr lock open)))
(allow nscd_t locale_t (dir (getattr open search)))
(allow nscd_t locale_t (lnk_file (read getattr)))
(allow nscd_t locale_t (file (map)))
(allow nscd_t etc_t (dir (getattr open search)))
(allow nscd_t selinux_config_t (dir (ioctl read getattr lock open search)))
(allow nscd_t selinux_config_t (dir (getattr open search)))
(allow nscd_t selinux_config_t (file (ioctl read getattr lock open)))
(allow nscd_t selinux_config_t (dir (getattr open search)))
(allow nscd_t selinux_config_t (lnk_file (read getattr)))
(allow nscd_t etc_t (dir (getattr open search)))
(allow nscd_t selinux_config_t (dir (getattr open search)))
(allow nscd_t default_context_t (dir (ioctl read getattr lock open search)))
(allow nscd_t default_context_t (dir (getattr open search)))
(allow nscd_t default_context_t (file (ioctl read getattr lock open)))
(allow nscd_t newrole_t (process (sigchld)))
(dontaudit nscd_t user_tty_device_t (chr_file (ioctl read write getattr append open)))
(dontaudit nscd_t user_devpts_t (chr_file (ioctl read write getattr append open)))
(dontaudit nscd_t unpriv_userdomain (fd (use)))
(dontaudit nscd_t user_home_dir_t (dir (getattr open search)))
(typetransition initrc_t var_run_t dir "nscd" nscd_runtime_t)
(optional nscd_optional_2
    (typeattributeset cil_gen_require init_t)
    (allow nscd_t init_t (process (sigchld)))
    (allow nscd_t init_t (process (signull)))
)
(optional nscd_optional_3
    (typeattributeset cil_gen_require rpm_t)
    (allow nscd_t rpm_t (fd (use)))
    (allow nscd_t rpm_t (fifo_file (ioctl read getattr lock open)))
)
(optional nscd_optional_4
    (typeattributeset cil_gen_require security_t)
    (typeattributeset cil_gen_require sysfs_t)
    (dontaudit nscd_t security_t (filesystem (getattr)))
    (dontaudit nscd_t sysfs_t (filesystem (getattr)))
    (dontaudit nscd_t sysfs_t (dir (getattr open search)))
    (dontaudit nscd_t security_t (dir (getattr open search)))
    (dontaudit nscd_t security_t (file (ioctl read getattr lock open)))
    (optional nscd_optional_5
        (typeattributeset cil_gen_require selinux_config_t)
        (dontaudit nscd_t selinux_config_t (dir (getattr open search)))
        (dontaudit nscd_t selinux_config_t (file (ioctl read getattr lock open)))
        (optional nscd_optional_6
            (typeattributeset cil_gen_require accountsd_t)
            (dontaudit nscd_t accountsd_t (fifo_file (ioctl read write getattr lock append open)))
        )
        (optional nscd_optional_7
            (typeattributeset cil_gen_require tmp_t)
            (typeattributeset cil_gen_require system_cronjob_tmp_t)
            (allow nscd_t tmp_t (dir (getattr open search)))
            (allow nscd_t system_cronjob_tmp_t (file (ioctl read getattr lock open)))
        )
        (optional nscd_optional_8
            (typeattributeset cil_gen_require var_t)
            (typeattributeset cil_gen_require var_log_t)
            (typeattributeset cil_gen_require etc_t)
            (typeattributeset cil_gen_require samba_log_t)
            (typeattributeset cil_gen_require smbd_t)
            (typeattributeset cil_gen_require samba_etc_t)
            (typeattributeset cil_gen_require samba_var_t)
            (typeattributeset cil_gen_require var_lib_t)
            (allow nscd_t etc_t (dir (getattr open search)))
            (allow nscd_t samba_etc_t (dir (getattr open search)))
            (allow nscd_t samba_etc_t (file (ioctl read getattr lock open)))
            (allow nscd_t var_t (dir (getattr open search)))
            (allow nscd_t var_lib_t (dir (getattr open search)))
            (allow nscd_t samba_var_t (dir (getattr open search)))
            (allow nscd_t samba_var_t (file (ioctl read getattr lock open)))
            (booleanif (samba_domain_controller)
                (true
                    (dontaudit nscd_t smbd_t (fd (use)))
                    (allow nscd_t samba_log_t (file (ioctl getattr lock append open)))
                    (allow nscd_t samba_log_t (dir (ioctl read getattr lock open search)))
                    (allow nscd_t var_log_t (lnk_file (read getattr)))
                    (allow nscd_t var_log_t (dir (getattr open search)))
                    (allow nscd_t var_t (dir (getattr open search)))
                )
            )
        )
        (optional nscd_optional_9
            (typeattributeset cil_gen_require var_t)
            (typeattributeset cil_gen_require var_log_t)
            (typeattributeset cil_gen_require xen_log_t)
            (allow nscd_t var_t (dir (getattr open search)))
            (allow nscd_t var_log_t (dir (getattr open search)))
            (allow nscd_t var_log_t (lnk_file (read getattr)))
            (allow nscd_t xen_log_t (dir (getattr open search)))
            (allow nscd_t xen_log_t (file (ioctl getattr lock append open)))
            (dontaudit nscd_t xen_log_t (file (write)))
        )
    )
)
(filecon "/etc/rc\.d/init\.d/nscd" file (system_u object_r nscd_initrc_exec_t ((s0) (s0))))
(filecon "/usr/bin/nscd" file (system_u object_r nscd_exec_t ((s0) (s0))))
(filecon "/usr/sbin/nscd" file (system_u object_r nscd_exec_t ((s0) (s0))))
(filecon "/var/cache/nscd(/.*)?" any (system_u object_r nscd_runtime_t ((s0) (s0))))
(filecon "/var/db/nscd(/.*)?" any (system_u object_r nscd_runtime_t ((s0) (s0))))
(filecon "/var/log/nscd\.log.*" file (system_u object_r nscd_log_t ((s0) (s0))))
(filecon "/run/nscd(/.*)?" any (system_u object_r nscd_runtime_t ((s0) (s0))))
(filecon "/run/nscd\.pid" file (system_u object_r nscd_runtime_t ((s0) (s0))))
(filecon "/run/\.nscd_socket" socket (system_u object_r nscd_runtime_t ((s0) (s0))))
