(roleattribute kmod_roles)
(roletype kmod_roles kmod_t)
(type kmod_t)
(roletype object_r kmod_t)
(type kmod_exec_t)
(roletype object_r kmod_exec_t)
(type modules_conf_t)
(roletype object_r modules_conf_t)
(type modules_dep_t)
(roletype object_r modules_dep_t)
(type kmod_tmpfiles_conf_t)
(roletype object_r kmod_tmpfiles_conf_t)
(roleattributeset cil_gen_require system_r)
(roletype system_r kmod_t)
(typeattributeset cil_gen_require initrc_t)
(typeattributeset cil_gen_require systemprocess)
(typeattributeset systemprocess (kmod_t ))
(typeattributeset cil_gen_require application_domain_type)
(typeattributeset application_domain_type (kmod_t ))
(typeattributeset cil_gen_require domain)
(typeattributeset domain (kmod_t ))
(typeattributeset cil_gen_require init_t)
(typeattributeset cil_gen_require sysfs_t)
(typeattributeset cil_gen_require selinux_config_t)
(typeattributeset cil_gen_require application_exec_type)
(typeattributeset application_exec_type (kmod_exec_t ))
(typeattributeset cil_gen_require exec_type)
(typeattributeset exec_type (kmod_exec_t ))
(typeattributeset cil_gen_require file_type)
(typeattributeset file_type (kmod_exec_t modules_conf_t modules_dep_t kmod_tmpfiles_conf_t ))
(typeattributeset cil_gen_require non_security_file_type)
(typeattributeset non_security_file_type (kmod_exec_t modules_conf_t modules_dep_t kmod_tmpfiles_conf_t ))
(typeattributeset cil_gen_require non_auth_file_type)
(typeattributeset non_auth_file_type (kmod_exec_t modules_conf_t modules_dep_t kmod_tmpfiles_conf_t ))
(typeattributeset cil_gen_require entry_type)
(typeattributeset entry_type (kmod_exec_t ))
(typeattributeset cil_gen_require kernel_t)
(typeattributeset cil_gen_require mlsfilewrite)
(typeattributeset mlsfilewrite (kmod_t ))
(typeattributeset cil_gen_require configfile)
(typeattributeset configfile (kmod_tmpfiles_conf_t ))
(typeattributeset cil_gen_require modules_object_t)
(typeattributeset cil_gen_require can_load_kernmodule)
(typeattributeset can_load_kernmodule (kmod_t ))
(typeattributeset cil_gen_require proc_t)
(typeattributeset cil_gen_require proc_net_t)
(typeattributeset cil_gen_require debugfs_t)
(typeattributeset cil_gen_require kvmfs_t)
(typeattributeset cil_gen_require sysctl_t)
(typeattributeset cil_gen_require sysctl_kernel_t)
(typeattributeset cil_gen_require sysctl_net_t)
(typeattributeset cil_gen_require sysctl_hotplug_t)
(typeattributeset cil_gen_require unlabeled_t)
(typeattributeset cil_gen_require bin_t)
(typeattributeset cil_gen_require usr_t)
(typeattributeset cil_gen_require shell_exec_t)
(typeattributeset cil_gen_require usbfs_t)
(typeattributeset cil_gen_require device_t)
(typeattributeset cil_gen_require mtrr_device_t)
(typeattributeset cil_gen_require urandom_device_t)
(typeattributeset cil_gen_require agp_device_t)
(typeattributeset cil_gen_require sound_device_t)
(typeattributeset cil_gen_require acpi_bios_t)
(typeattributeset cil_gen_require kmsg_device_t)
(typeattributeset cil_gen_require privfd)
(typeattributeset cil_gen_require boot_t)
(typeattributeset cil_gen_require system_map_t)
(typeattributeset cil_gen_require etc_t)
(typeattributeset cil_gen_require etc_runtime_t)
(typeattributeset cil_gen_require src_t)
(typeattributeset cil_gen_require tmp_t)
(typeattributeset cil_gen_require var_run_t)
(typeattributeset cil_gen_require fs_t)
(typeattributeset cil_gen_require tmpfs_t)
(typeattributeset cil_gen_require tracefs_t)
(typeattributeset cil_gen_require initctl_t)
(typeattributeset cil_gen_require var_t)
(typeattributeset cil_gen_require initrc_devpts_t)
(typeattributeset cil_gen_require devpts_t)
(typeattributeset cil_gen_require syslogd_t)
(typeattributeset cil_gen_require syslogd_runtime_t)
(typeattributeset cil_gen_require devlog_t)
(typeattributeset cil_gen_require init_runtime_t)
(typeattributeset cil_gen_require console_device_t)
(typeattributeset cil_gen_require var_log_t)
(typeattributeset cil_gen_require locale_t)
(typeattributeset cil_gen_require default_context_t)
(typeattributeset cil_gen_require file_context_t)
(typeattributeset cil_gen_require user_devpts_t)
(typeattributeset cil_gen_require user_tty_device_t)
(typeattributeset cil_gen_require user_home_dir_t)
(typeattributeset cil_gen_require user_tmp_t)
(typeattributeset cil_gen_require user_runtime_t)
(typeattributeset cil_gen_require user_runtime_root_t)
(typeattributeset cil_gen_require tmpfiles_runtime_t)
(allow kmod_t kmod_exec_t (file (entrypoint)))
(allow kmod_t kmod_exec_t (file (ioctl read getattr lock map execute open)))
(allow initrc_t kmod_exec_t (file (ioctl read getattr map execute open)))
(allow initrc_t kmod_t (process (transition)))
(dontaudit initrc_t kmod_t (process (noatsecure siginh rlimitinh)))
(typetransition initrc_t kmod_exec_t process kmod_t)
(allow kmod_t initrc_t (fd (use)))
(allow kmod_t initrc_t (fifo_file (ioctl read write getattr lock append)))
(allow kmod_t initrc_t (process (sigchld)))
(allow kernel_t kmod_exec_t (file (ioctl read getattr map execute open)))
(allow kernel_t kmod_t (process (transition)))
(dontaudit kernel_t kmod_t (process (noatsecure siginh rlimitinh)))
(typetransition kernel_t kmod_exec_t process kmod_t)
(allow kmod_t kernel_t (fd (use)))
(allow kmod_t kernel_t (fifo_file (ioctl read write getattr lock append)))
(allow kmod_t kernel_t (process (sigchld)))
(allow kmod_t self (capability (dac_override net_raw sys_nice sys_tty_config)))
(allow kmod_t self (process (sigchld sigkill sigstop signull signal execmem)))
(dontaudit kmod_t self (capability (sys_admin)))
(allow kmod_t self (udp_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow kmod_t self (rawip_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow kmod_t self (key (write)))
(allow kmod_t modules_conf_t (dir (getattr open search)))
(allow kmod_t modules_conf_t (dir (ioctl read getattr lock open search)))
(allow kmod_t modules_conf_t (dir (getattr open search)))
(allow kmod_t modules_conf_t (file (ioctl read getattr lock open)))
(allow kmod_t modules_dep_t (file (map)))
(allow kmod_t modules_dep_t (dir (getattr open search)))
(allow kmod_t modules_dep_t (dir (ioctl read getattr lock open search)))
(allow kmod_t modules_dep_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow kmod_t modules_dep_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow kmod_t modules_object_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition kmod_t modules_object_t file modules_dep_t)
(allow kmod_t kmod_tmpfiles_conf_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow kmod_t kmod_exec_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow kmod_t kernel_t (system (module_request)))
(allow kmod_t proc_t (dir (getattr open search)))
(allow kmod_t proc_t (file (ioctl read getattr lock open)))
(allow kmod_t proc_t (dir (getattr open search)))
(allow kmod_t proc_t (lnk_file (read getattr)))
(allow kmod_t proc_t (dir (getattr open search)))
(allow kmod_t proc_t (dir (ioctl read getattr lock open search)))
(allow kmod_t proc_t (dir (getattr open search)))
(allow kmod_t proc_net_t (dir (getattr open search)))
(allow kmod_t proc_net_t (file (ioctl read getattr lock open)))
(allow kmod_t proc_t (dir (getattr open search)))
(allow kmod_t proc_net_t (dir (getattr open search)))
(allow kmod_t proc_net_t (lnk_file (read getattr)))
(allow kmod_t proc_t (dir (getattr open search)))
(allow kmod_t proc_net_t (dir (ioctl read getattr lock open search)))
(allow kmod_t proc_t (dir (getattr open search)))
(allow kmod_t proc_t (file (ioctl write getattr lock append open)))
(allow kmod_t debugfs_t (filesystem (mount)))
(allow kmod_t kvmfs_t (filesystem (mount)))
(allow kmod_t debugfs_t (dir (getattr open search)))
(allow kmod_t debugfs_t (file (ioctl read getattr lock open)))
(allow kmod_t debugfs_t (dir (getattr open search)))
(allow kmod_t debugfs_t (lnk_file (read getattr)))
(allow kmod_t debugfs_t (dir (getattr open search)))
(allow kmod_t debugfs_t (dir (ioctl read getattr lock open search)))
(allow kmod_t proc_t (dir (getattr open search)))
(allow kmod_t sysctl_t (dir (getattr open search)))
(allow kmod_t sysctl_kernel_t (dir (getattr open search)))
(allow kmod_t sysctl_kernel_t (file (ioctl read getattr lock open)))
(allow kmod_t proc_t (dir (getattr open search)))
(allow kmod_t sysctl_t (dir (getattr open search)))
(allow kmod_t sysctl_kernel_t (dir (ioctl read getattr lock open search)))
(allow kmod_t proc_t (dir (getattr open search)))
(allow kmod_t sysctl_t (dir (getattr open search)))
(allow kmod_t sysctl_kernel_t (dir (getattr open search)))
(allow kmod_t sysctl_kernel_t (file (ioctl read write getattr lock append open)))
(allow kmod_t proc_t (dir (getattr open search)))
(allow kmod_t sysctl_t (dir (getattr open search)))
(allow kmod_t sysctl_kernel_t (dir (ioctl read getattr lock open search)))
(allow kmod_t proc_t (dir (getattr open search)))
(allow kmod_t sysctl_t (dir (getattr open search)))
(allow kmod_t sysctl_net_t (dir (getattr open search)))
(allow kmod_t sysctl_net_t (file (ioctl read write getattr lock append open)))
(allow kmod_t proc_t (dir (getattr open search)))
(allow kmod_t sysctl_t (dir (getattr open search)))
(allow kmod_t sysctl_net_t (dir (ioctl read getattr lock open search)))
(allow kmod_t proc_t (dir (getattr open search)))
(allow kmod_t sysctl_t (dir (getattr open search)))
(allow kmod_t sysctl_kernel_t (dir (getattr open search)))
(allow kmod_t sysctl_hotplug_t (file (ioctl read getattr lock open)))
(allow kmod_t proc_t (dir (getattr open search)))
(allow kmod_t sysctl_t (dir (getattr open search)))
(allow kmod_t sysctl_kernel_t (dir (ioctl read getattr lock open search)))
(allow kmod_t kernel_t (process (setsched)))
(dontaudit kmod_t unlabeled_t (dir (getattr open search)))
(allow kmod_t bin_t (dir (getattr open search)))
(allow kmod_t bin_t (lnk_file (read getattr)))
(allow kmod_t usr_t (dir (getattr open search)))
(allow kmod_t bin_t (dir (getattr open search)))
(allow kmod_t bin_t (dir (ioctl read getattr lock open search)))
(allow kmod_t bin_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow kmod_t bin_t (dir (getattr open search)))
(allow kmod_t bin_t (lnk_file (read getattr)))
(allow kmod_t usr_t (dir (getattr open search)))
(allow kmod_t bin_t (dir (getattr open search)))
(allow kmod_t bin_t (dir (ioctl read getattr lock open search)))
(allow kmod_t shell_exec_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow kmod_t sysfs_t (dir (getattr open search)))
(allow kmod_t sysfs_t (file (ioctl read write getattr lock append open)))
(allow kmod_t sysfs_t (dir (getattr open search)))
(allow kmod_t sysfs_t (lnk_file (read getattr)))
(allow kmod_t sysfs_t (dir (getattr open search)))
(allow kmod_t sysfs_t (dir (ioctl read getattr lock open search)))
(allow kmod_t usbfs_t (dir (getattr open search)))
(allow kmod_t usbfs_t (dir (getattr open search)))
(allow kmod_t device_t (dir (getattr open search)))
(allow kmod_t mtrr_device_t (file (ioctl read write getattr lock append open)))
(allow kmod_t device_t (dir (getattr open search)))
(allow kmod_t mtrr_device_t (chr_file (ioctl read write getattr lock append open)))
(allow kmod_t device_t (dir (getattr open search)))
(allow kmod_t urandom_device_t (chr_file (ioctl read getattr lock open)))
(allow kmod_t device_t (dir (getattr open search)))
(allow kmod_t agp_device_t (chr_file (ioctl read write getattr lock append open)))
(allow kmod_t device_t (dir (getattr open search)))
(allow kmod_t sound_device_t (chr_file (ioctl read getattr lock open)))
(allow kmod_t sound_device_t (chr_file (map)))
(allow kmod_t device_t (dir (getattr open search)))
(allow kmod_t sound_device_t (chr_file (ioctl write getattr lock append open)))
(allow kmod_t sound_device_t (chr_file (map)))
(allow kmod_t device_t (dir (getattr open search)))
(allow kmod_t acpi_bios_t (chr_file (ioctl read write getattr lock append open)))
(allow kmod_t device_t (dir (getattr open search)))
(allow kmod_t kmsg_device_t (chr_file (ioctl write getattr lock append open)))
(allow kmod_t domain (process (signal)))
(allow kmod_t privfd (fd (use)))
(allow kmod_t modules_object_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow kmod_t modules_object_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow kmod_t modules_object_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow kmod_t modules_object_t (file (map)))
(allow kmod_t boot_t (dir (ioctl read getattr lock open search)))
(allow kmod_t boot_t (dir (getattr open search)))
(allow kmod_t system_map_t (file (ioctl read getattr lock open)))
(allow kmod_t etc_t (dir (ioctl read getattr lock open search)))
(allow kmod_t etc_t (dir (getattr open search)))
(allow kmod_t etc_runtime_t (file (ioctl read getattr lock open)))
(allow kmod_t etc_t (dir (getattr open search)))
(allow kmod_t etc_runtime_t (lnk_file (read getattr)))
(allow kmod_t etc_t (dir (ioctl read getattr lock open search)))
(allow kmod_t etc_t (dir (getattr open search)))
(allow kmod_t etc_t (file (ioctl read getattr lock open)))
(allow kmod_t etc_t (dir (getattr open search)))
(allow kmod_t etc_t (lnk_file (read getattr)))
(allow kmod_t usr_t (dir (ioctl read getattr lock open search)))
(allow kmod_t usr_t (dir (getattr open search)))
(allow kmod_t usr_t (file (ioctl read getattr lock open)))
(allow kmod_t usr_t (dir (getattr open search)))
(allow kmod_t usr_t (lnk_file (read getattr)))
(allow kmod_t usr_t (dir (getattr open search)))
(allow kmod_t usr_t (dir (getattr open search)))
(allow kmod_t src_t (dir (getattr open search)))
(allow kmod_t src_t (file (ioctl read getattr lock open)))
(allow kmod_t usr_t (dir (getattr open search)))
(allow kmod_t src_t (dir (getattr open search)))
(allow kmod_t src_t (lnk_file (read getattr)))
(allow kmod_t src_t (dir (ioctl read getattr lock open search)))
(allow kmod_t etc_t (dir (ioctl read getattr lock open search)))
(allow kmod_t etc_t (dir (getattr open search)))
(allow kmod_t etc_t (lnk_file (read getattr)))
(allow kmod_t etc_t (dir (getattr open search)))
(allow kmod_t etc_t (file (ioctl read getattr map execute open execute_no_trans)))
(allow kmod_t tmp_t (dir (getattr open search)))
(dontaudit kmod_t var_run_t (lnk_file (read getattr)))
(dontaudit kmod_t var_run_t (dir (getattr open search)))
(allow kmod_t modules_object_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow kmod_t modules_object_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow kmod_t modules_object_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow kmod_t modules_object_t (file (map)))
(allow kmod_t fs_t (filesystem (getattr)))
(dontaudit kmod_t tmpfs_t (dir (ioctl read getattr lock open search)))
(dontaudit kmod_t tmpfs_t (chr_file (ioctl read write getattr lock append open)))
(allow kmod_t tracefs_t (dir (getattr open search)))
(allow kmod_t device_t (dir (getattr open search)))
(allow kmod_t device_t (dir (ioctl read getattr lock open search)))
(allow kmod_t device_t (dir (getattr open search)))
(allow kmod_t device_t (lnk_file (read getattr)))
(allow kmod_t var_run_t (lnk_file (read getattr)))
(allow kmod_t var_t (dir (getattr open search)))
(allow kmod_t var_run_t (dir (getattr open search)))
(allow kmod_t initctl_t (fifo_file (ioctl read write getattr lock append open)))
(allow kmod_t init_t (fd (use)))
(allow kmod_t initrc_t (fd (use)))
(allow kmod_t device_t (dir (getattr open search)))
(allow kmod_t device_t (dir (ioctl read getattr lock open search)))
(allow kmod_t device_t (dir (getattr open search)))
(allow kmod_t device_t (lnk_file (read getattr)))
(allow kmod_t devpts_t (dir (ioctl read getattr lock open search)))
(allow kmod_t initrc_devpts_t (chr_file (ioctl read write getattr lock append open)))
(allow kmod_t devlog_t (sock_file (write getattr append open)))
(allow kmod_t var_run_t (lnk_file (read getattr)))
(allow kmod_t var_t (dir (getattr open search)))
(allow kmod_t var_run_t (dir (getattr open search)))
(allow kmod_t init_runtime_t (dir (getattr open search)))
(allow kmod_t syslogd_runtime_t (dir (getattr open search)))
(allow kmod_t syslogd_t (unix_dgram_socket (sendto)))
(allow kmod_t syslogd_t (unix_stream_socket (connectto)))
(allow kmod_t self (unix_dgram_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow kmod_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow kmod_t device_t (dir (getattr open search)))
(allow kmod_t device_t (dir (ioctl read getattr lock open search)))
(allow kmod_t device_t (dir (getattr open search)))
(allow kmod_t device_t (lnk_file (read getattr)))
(allow kmod_t console_device_t (chr_file (ioctl write getattr lock append open)))
(dontaudit kmod_t console_device_t (chr_file (ioctl read getattr lock open)))
(allow kmod_t var_t (dir (getattr open search)))
(allow kmod_t var_log_t (dir (getattr open search)))
(allow kmod_t var_log_t (lnk_file (read getattr)))
(allow kmod_t etc_t (dir (getattr open search)))
(allow kmod_t etc_t (lnk_file (read getattr)))
(allow kmod_t usr_t (dir (getattr open search)))
(allow kmod_t locale_t (dir (ioctl read getattr lock open search)))
(allow kmod_t locale_t (dir (getattr open search)))
(allow kmod_t locale_t (file (ioctl read getattr lock open)))
(allow kmod_t locale_t (dir (getattr open search)))
(allow kmod_t locale_t (lnk_file (read getattr)))
(allow kmod_t locale_t (file (map)))
(allow kmod_t etc_t (dir (getattr open search)))
(allow kmod_t selinux_config_t (dir (getattr open search)))
(allow kmod_t default_context_t (dir (getattr open search)))
(allow kmod_t file_context_t (dir (getattr open search)))
(allow kmod_t file_context_t (file (ioctl read getattr lock open)))
(allow kmod_t file_context_t (file (map)))
(allow kmod_t device_t (dir (getattr open search)))
(allow kmod_t device_t (dir (ioctl read getattr lock open search)))
(allow kmod_t device_t (dir (getattr open search)))
(allow kmod_t device_t (lnk_file (read getattr)))
(allow kmod_t devpts_t (dir (ioctl read getattr lock open search)))
(allow kmod_t user_devpts_t (chr_file (ioctl read write getattr append open)))
(allow kmod_t user_tty_device_t (chr_file (ioctl read write getattr append open)))
(dontaudit kmod_t user_home_dir_t (dir (getattr open search)))
(allow kmod_t user_tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow kmod_t user_tmp_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow kmod_t tmp_t (dir (getattr open search)))
(allow kmod_t user_runtime_t (dir (getattr open search)))
(allow kmod_t user_runtime_root_t (dir (getattr open search)))
(allow kmod_t var_run_t (lnk_file (read getattr)))
(allow kmod_t var_t (dir (getattr open search)))
(allow kmod_t var_run_t (dir (getattr open search)))
(allow kmod_t user_tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow kmod_t user_tmp_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
(allow kmod_t tmp_t (dir (getattr open search)))
(allow kmod_t user_runtime_t (dir (getattr open search)))
(allow kmod_t user_runtime_root_t (dir (getattr open search)))
(allow kmod_t var_run_t (lnk_file (read getattr)))
(allow kmod_t var_t (dir (getattr open search)))
(allow kmod_t var_run_t (dir (getattr open search)))
(allow kmod_t src_t (dir (getattr open search)))
(allow kmod_t src_t (dir (ioctl read getattr lock open search)))
(allow kmod_t src_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow kmod_t src_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow kmod_t modules_object_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow kmod_t modules_object_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow kmod_t modules_object_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow kmod_t modules_object_t (file (map)))
(allow kmod_t tmpfiles_runtime_t (dir (ioctl write getattr lock open add_name search)))
(allow kmod_t tmpfiles_runtime_t (file (create getattr open)))
(allow kmod_t var_run_t (lnk_file (read getattr)))
(allow kmod_t var_t (dir (getattr open search)))
(allow kmod_t var_run_t (dir (getattr open search)))
(allow kmod_t tmpfiles_runtime_t (dir (ioctl read getattr lock open search)))
(allow kmod_t tmpfiles_runtime_t (file (ioctl read getattr lock open)))
(allow kmod_t tmpfiles_runtime_t (dir (ioctl read write getattr lock open add_name search)))
(typetransition kmod_t tmpfiles_runtime_t file kmod_tmpfiles_conf_t)
(optional modutils_optional_2
    (typeattributeset cil_gen_require init_t)
    (allow kmod_t init_t (process (sigchld)))
    (allow kmod_t init_t (process (signull)))
    (optional modutils_optional_3
        (typeattributeset cil_gen_require rpm_t)
        (allow kmod_t rpm_t (fd (use)))
        (allow kmod_t rpm_t (fifo_file (ioctl read getattr lock open)))
    )
    (optional modutils_optional_4
        (typeattributeset cil_gen_require security_t)
        (typeattributeset cil_gen_require sysfs_t)
        (dontaudit kmod_t security_t (filesystem (getattr)))
        (dontaudit kmod_t sysfs_t (filesystem (getattr)))
        (dontaudit kmod_t sysfs_t (dir (getattr open search)))
        (dontaudit kmod_t security_t (dir (getattr open search)))
        (dontaudit kmod_t security_t (file (ioctl read getattr lock open)))
    )
    (optional modutils_optional_5
        (typeattributeset cil_gen_require selinux_config_t)
        (dontaudit kmod_t selinux_config_t (dir (getattr open search)))
        (dontaudit kmod_t selinux_config_t (file (ioctl read getattr lock open)))
        (optional modutils_optional_6
            (typeattributeset cil_gen_require bin_t)
            (typeattributeset cil_gen_require usr_t)
            (typeattributeset cil_gen_require alsa_t)
            (typeattributeset cil_gen_require alsa_exec_t)
            (allow kmod_t bin_t (dir (getattr open search)))
            (allow kmod_t bin_t (lnk_file (read getattr)))
            (allow kmod_t usr_t (dir (getattr open search)))
            (allow kmod_t alsa_exec_t (file (ioctl read getattr map execute open)))
            (allow kmod_t alsa_t (process (transition)))
            (dontaudit kmod_t alsa_t (process (noatsecure siginh rlimitinh)))
            (typetransition kmod_t alsa_exec_t process alsa_t)
            (allow alsa_t kmod_t (fd (use)))
            (allow alsa_t kmod_t (fifo_file (ioctl read write getattr lock append)))
            (allow alsa_t kmod_t (process (sigchld)))
        )
        (optional modutils_optional_7
            (typeattributeset cil_gen_require apt_t)
            (typeattributeset cil_gen_require apt_devpts_t)
            (allow kmod_t apt_t (fd (use)))
            (allow kmod_t apt_devpts_t (chr_file (ioctl read write getattr append open)))
        )
        (optional modutils_optional_8
            (typeattributeset cil_gen_require tmp_t)
            (typeattributeset cil_gen_require dpkg_script_tmp_t)
            (allow kmod_t tmp_t (dir (getattr open search)))
            (allow kmod_t dpkg_script_tmp_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
            (allow kmod_t dpkg_script_tmp_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
            (allow kmod_t dpkg_script_tmp_t (file (map)))
            (allow kmod_t dpkg_script_tmp_t (lnk_file (read getattr)))
        )
        (optional modutils_optional_9
            (typeattributeset cil_gen_require firstboot_t)
            (dontaudit kmod_t firstboot_t (fifo_file (read write)))
            (dontaudit kmod_t firstboot_t (unix_stream_socket (read write)))
        )
        (optional modutils_optional_10
            (typeattributeset cil_gen_require iptables_runtime_t)
            (dontaudit kmod_t iptables_runtime_t (file (read)))
        )
        (optional modutils_optional_11
            (typeattributeset cil_gen_require bin_t)
            (typeattributeset cil_gen_require usr_t)
            (typeattributeset cil_gen_require mount_t)
            (typeattributeset cil_gen_require mount_exec_t)
            (allow kmod_t bin_t (dir (getattr open search)))
            (allow kmod_t bin_t (lnk_file (read getattr)))
            (allow kmod_t usr_t (dir (getattr open search)))
            (allow kmod_t mount_exec_t (file (ioctl read getattr map execute open)))
            (allow kmod_t mount_t (process (transition)))
            (dontaudit kmod_t mount_t (process (noatsecure siginh rlimitinh)))
            (typetransition kmod_t mount_exec_t process mount_t)
            (allow mount_t kmod_t (fd (use)))
            (allow mount_t kmod_t (fifo_file (ioctl read write getattr lock append)))
            (allow mount_t kmod_t (process (sigchld)))
        )
        (optional modutils_optional_12
            (typeattributeset cil_gen_require etc_t)
            (typeattributeset cil_gen_require var_run_t)
            (typeattributeset cil_gen_require var_t)
            (typeattributeset cil_gen_require var_yp_t)
            (typeattributeset cil_gen_require netlabel_peer_t)
            (typeattributeset cil_gen_require netif_t)
            (typeattributeset cil_gen_require node_t)
            (typeattributeset cil_gen_require port_t)
            (typeattributeset cil_gen_require defined_port_type)
            (typeattributeset cil_gen_require reserved_port_type)
            (typeattributeset cil_gen_require port_type)
            (typeattributeset cil_gen_require portmap_port_t)
            (typeattributeset cil_gen_require reserved_port_t)
            (typeattributeset cil_gen_require portmap_client_packet_t)
            (typeattributeset cil_gen_require client_packet_t)
            (typeattributeset cil_gen_require server_packet_t)
            (typeattributeset cil_gen_require net_conf_t)
            (booleanif (allow_ypbind)
                (true
                    (allow kmod_t net_conf_t (lnk_file (read getattr)))
                    (allow kmod_t net_conf_t (file (ioctl read getattr lock open)))
                    (allow kmod_t net_conf_t (dir (ioctl read getattr lock open search)))
                    (allow kmod_t var_run_t (dir (getattr open search)))
                    (allow kmod_t var_t (dir (getattr open search)))
                    (allow kmod_t var_run_t (lnk_file (read getattr)))
                    (allow kmod_t etc_t (dir (getattr open search)))
                    (allow kmod_t server_packet_t (packet (recv)))
                    (allow kmod_t server_packet_t (packet (send)))
                    (allow kmod_t client_packet_t (packet (recv)))
                    (allow kmod_t client_packet_t (packet (send)))
                    (allow kmod_t portmap_client_packet_t (packet (recv)))
                    (allow kmod_t portmap_client_packet_t (packet (send)))
                    (dontaudit kmod_t port_type (tcp_socket (name_connect)))
                    (allow kmod_t port_t (tcp_socket (name_connect)))
                    (allow kmod_t reserved_port_t (tcp_socket (name_connect)))
                    (allow kmod_t portmap_port_t (tcp_socket (name_connect)))
                    (dontaudit kmod_t port_type (udp_socket (name_bind)))
                    (dontaudit kmod_t port_type (tcp_socket (name_bind)))
                    (dontaudit kmod_t reserved_port_type (udp_socket (name_bind)))
                    (dontaudit kmod_t reserved_port_type (tcp_socket (name_bind)))
                    (dontaudit kmod_t defined_port_type (udp_socket (name_bind)))
                    (allow kmod_t port_t (udp_socket (name_bind)))
                    (dontaudit kmod_t defined_port_type (tcp_socket (name_bind)))
                    (allow kmod_t port_t (tcp_socket (name_bind)))
                    (allow kmod_t node_t (udp_socket (node_bind)))
                    (allow kmod_t node_t (tcp_socket (node_bind)))
                    (allow kmod_t node_t (node (recvfrom)))
                    (allow kmod_t node_t (node (sendto)))
                    (allow kmod_t node_t (node (recvfrom sendto)))
                    (allow kmod_t netif_t (netif (ingress)))
                    (allow kmod_t netif_t (netif (egress)))
                    (allow kmod_t netif_t (netif (ingress egress)))
                    (allow kmod_t netlabel_peer_t (tcp_socket (recvfrom)))
                    (allow kmod_t netlabel_peer_t (udp_socket (recvfrom)))
                    (allow kmod_t netlabel_peer_t (rawip_socket (recvfrom)))
                    (allow kmod_t netlabel_peer_t (peer (recv)))
                    (allow kmod_t var_yp_t (lnk_file (read getattr)))
                    (allow kmod_t var_yp_t (file (ioctl read getattr lock open)))
                    (allow kmod_t var_yp_t (dir (ioctl read getattr lock open search)))
                    (allow kmod_t self (udp_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                    (allow kmod_t self (tcp_socket (ioctl read write create getattr setattr append bind connect listen accept getopt setopt shutdown)))
                    (allow kmod_t self (capability (net_bind_service)))
                )
            )
        )
        (optional modutils_optional_13
            (typeattributeset cil_gen_require var_run_t)
            (typeattributeset cil_gen_require var_t)
            (typeattributeset cil_gen_require nscd_t)
            (typeattributeset cil_gen_require nscd_runtime_t)
            (booleanif (nscd_use_shm)
                (true
                    (allow kmod_t nscd_runtime_t (sock_file (read getattr open)))
                    (allow kmod_t nscd_runtime_t (dir (ioctl read getattr lock open search)))
                    (dontaudit kmod_t nscd_runtime_t (file (ioctl read getattr lock open)))
                    (allow kmod_t nscd_t (unix_stream_socket (connectto)))
                    (allow kmod_t nscd_runtime_t (sock_file (write getattr append open)))
                    (allow kmod_t nscd_runtime_t (dir (getattr open search)))
                    (allow kmod_t var_run_t (dir (getattr open search)))
                    (allow kmod_t var_t (dir (getattr open search)))
                    (allow kmod_t var_run_t (lnk_file (read getattr)))
                    (allow kmod_t nscd_t (fd (use)))
                    (allow kmod_t nscd_t (nscd (getgrp gethost getpwd shmemgrp shmemhost shmempwd)))
                    (allow kmod_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect listen accept getopt setopt shutdown)))
                )
                (false
                    (allow nscd_t kmod_t (process (getattr)))
                    (allow nscd_t kmod_t (lnk_file (read getattr)))
                    (allow nscd_t kmod_t (file (ioctl read getattr lock open)))
                    (allow nscd_t kmod_t (dir (ioctl read getattr lock open search)))
                    (dontaudit kmod_t nscd_runtime_t (file (ioctl read getattr lock open)))
                    (allow kmod_t nscd_t (unix_stream_socket (connectto)))
                    (allow kmod_t nscd_runtime_t (sock_file (write getattr append open)))
                    (allow kmod_t nscd_runtime_t (dir (getattr open search)))
                    (allow kmod_t var_run_t (dir (getattr open search)))
                    (allow kmod_t var_t (dir (getattr open search)))
                    (allow kmod_t var_run_t (lnk_file (read getattr)))
                    (dontaudit kmod_t nscd_t (nscd (shmemgrp shmemhost shmempwd getserv shmemserv)))
                    (dontaudit kmod_t nscd_t (fd (use)))
                    (allow kmod_t nscd_t (nscd (getgrp gethost getpwd)))
                    (allow kmod_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                )
            )
        )
        (optional modutils_optional_14
            (typeattributeset cil_gen_require tmp_t)
            (typeattributeset cil_gen_require ramfs_t)
            (typeattributeset cil_gen_require xserver_log_t)
            (typeattributeset cil_gen_require xserver_t)
            (typeattributeset cil_gen_require xserver_tmp_t)
            (allow kmod_t ramfs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
            (allow kmod_t ramfs_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
            (dontaudit kmod_t xserver_log_t (file (ioctl write append)))
            (allow kmod_t tmp_t (dir (getattr open search)))
            (allow kmod_t xserver_tmp_t (dir (getattr open search)))
            (allow kmod_t xserver_tmp_t (sock_file (write getattr append open)))
            (allow kmod_t xserver_t (unix_stream_socket (connectto)))
            (dontaudit kmod_t xserver_t (unix_stream_socket (read write)))
        )
        (optional modutils_optional_15
            (typeattributeset cil_gen_require rpm_t)
            (allow kmod_t rpm_t (fifo_file (ioctl read write getattr lock append open)))
        )
        (optional modutils_optional_16
            (typeattributeset cil_gen_require device_t)
            (typeattributeset cil_gen_require var_t)
            (typeattributeset cil_gen_require var_log_t)
            (typeattributeset cil_gen_require xserver_log_t)
            (typeattributeset cil_gen_require xserver_misc_device_t)
            (allow kmod_t device_t (dir (getattr open search)))
            (allow kmod_t xserver_misc_device_t (chr_file (ioctl read write getattr lock append open)))
            (allow kmod_t var_t (dir (getattr open search)))
            (allow kmod_t var_log_t (dir (getattr open search)))
            (allow kmod_t var_log_t (lnk_file (read getattr)))
            (allow kmod_t xserver_log_t (file (getattr)))
        )
        (optional modutils_optional_17
            (typeattributeset cil_gen_require tmp_t)
            (typeattributeset cil_gen_require var_t)
            (typeattributeset cil_gen_require dracut_tmp_t)
            (allow kmod_t var_t (dir (getattr open search)))
            (allow kmod_t tmp_t (dir (getattr open search)))
            (allow kmod_t dracut_tmp_t (dir (getattr open search)))
            (allow kmod_t dracut_tmp_t (file (ioctl read write getattr lock append open)))
        )
    )
)
(filecon "/etc/modules\.conf.*" file (system_u object_r modules_conf_t (systemlow systemlow)))
(filecon "/etc/modprobe\.conf.*" file (system_u object_r modules_conf_t (systemlow systemlow)))
(filecon "/etc/modprobe\.d(/.*)?" any (system_u object_r modules_conf_t (systemlow systemlow)))
(filecon "/etc/modprobe\.devfs.*" file (system_u object_r modules_conf_t (systemlow systemlow)))
(filecon "/etc/modules-load\.d/.*\.conf" file (system_u object_r modules_conf_t (systemlow systemlow)))
(filecon "/run/modules-load\.d/.*\.conf" file (system_u object_r modules_conf_t (systemlow systemlow)))
(filecon "/run/tmpfiles\.d/static-nodes\.conf" file (system_u object_r kmod_tmpfiles_conf_t (systemlow systemlow)))
(filecon "/run/tmpfiles\.d/kmod\.conf" file (system_u object_r kmod_tmpfiles_conf_t (systemlow systemlow)))
(filecon "/usr/bin/depmod.*" file (system_u object_r kmod_exec_t (systemlow systemlow)))
(filecon "/usr/bin/generate-modprobe\.conf" file (system_u object_r kmod_exec_t (systemlow systemlow)))
(filecon "/usr/bin/insmod.*" file (system_u object_r kmod_exec_t (systemlow systemlow)))
(filecon "/usr/bin/kmod" file (system_u object_r kmod_exec_t (systemlow systemlow)))
(filecon "/usr/bin/modprobe.*" file (system_u object_r kmod_exec_t (systemlow systemlow)))
(filecon "/usr/bin/modules-update" file (system_u object_r kmod_exec_t (systemlow systemlow)))
(filecon "/usr/bin/rmmod.*" file (system_u object_r kmod_exec_t (systemlow systemlow)))
(filecon "/usr/bin/update-modules" file (system_u object_r kmod_exec_t (systemlow systemlow)))
(filecon "/usr/lib/modules-load\.d/.*\.conf" file (system_u object_r modules_conf_t (systemlow systemlow)))
(filecon "/usr/lib/modules/[^/]+/modules\..+" file (system_u object_r modules_dep_t (systemlow systemlow)))
(filecon "/usr/lib/modules/modprobe\.conf" file (system_u object_r modules_conf_t (systemlow systemlow)))
(filecon "/usr/sbin/depmod.*" file (system_u object_r kmod_exec_t (systemlow systemlow)))
(filecon "/usr/sbin/generate-modprobe\.conf" file (system_u object_r kmod_exec_t (systemlow systemlow)))
(filecon "/usr/sbin/insmod.*" file (system_u object_r kmod_exec_t (systemlow systemlow)))
(filecon "/usr/sbin/modprobe.*" file (system_u object_r kmod_exec_t (systemlow systemlow)))
(filecon "/usr/sbin/modules-update" file (system_u object_r kmod_exec_t (systemlow systemlow)))
(filecon "/usr/sbin/rmmod.*" file (system_u object_r kmod_exec_t (systemlow systemlow)))
(filecon "/usr/sbin/update-modules" file (system_u object_r kmod_exec_t (systemlow systemlow)))
