(roleattribute mount_roles)
(roleattributeset mount_roles (system_r ))
(roletype mount_roles mount_t)
(type mount_t)
(roletype object_r mount_t)
(type mount_exec_t)
(roletype object_r mount_exec_t)
(type mount_loopback_t)
(roletype object_r mount_loopback_t)
(type mount_runtime_t)
(roletype object_r mount_runtime_t)
(type mount_tmp_t)
(roletype object_r mount_tmp_t)
(type unconfined_mount_t)
(roletype object_r unconfined_mount_t)
(boolean allow_mount_anyfile false)
(roleattributeset cil_gen_require system_r)
(roletype system_r mount_t)
(typeattributeset cil_gen_require initrc_t)
(typeattributeset cil_gen_require systemprocess)
(typeattributeset systemprocess (mount_t ))
(typeattributeset cil_gen_require application_domain_type)
(typeattributeset application_domain_type (mount_t unconfined_mount_t ))
(typeattributeset cil_gen_require domain)
(typeattributeset domain (mount_t unconfined_mount_t ))
(typeattributeset cil_gen_require init_t)
(typeattributeset cil_gen_require security_t)
(typeattributeset cil_gen_require sysfs_t)
(typeattributeset cil_gen_require selinux_config_t)
(typeattributeset cil_gen_require application_exec_type)
(typeattributeset application_exec_type (mount_exec_t ))
(typeattributeset cil_gen_require exec_type)
(typeattributeset exec_type (mount_exec_t ))
(typeattributeset cil_gen_require file_type)
(typeattributeset file_type (mount_exec_t mount_loopback_t mount_runtime_t mount_tmp_t ))
(typeattributeset cil_gen_require non_security_file_type)
(typeattributeset non_security_file_type (mount_exec_t mount_loopback_t mount_runtime_t mount_tmp_t ))
(typeattributeset cil_gen_require non_auth_file_type)
(typeattributeset non_auth_file_type (mount_exec_t mount_loopback_t mount_runtime_t mount_tmp_t ))
(typeattributeset cil_gen_require entry_type)
(typeattributeset entry_type (mount_exec_t ))
(typeattributeset cil_gen_require filesystem_image_file_type)
(typeattributeset filesystem_image_file_type (mount_loopback_t ))
(typeattributeset cil_gen_require pidfile)
(typeattributeset pidfile (mount_runtime_t ))
(typeattributeset cil_gen_require tmpfile)
(typeattributeset tmpfile (mount_tmp_t ))
(typeattributeset cil_gen_require polymember)
(typeattributeset polymember (mount_tmp_t ))
(typeattributeset cil_gen_require tmp_t)
(typeattributeset cil_gen_require var_t)
(typeattributeset cil_gen_require var_run_t)
(typeattributeset cil_gen_require proc_t)
(typeattributeset cil_gen_require sysctl_t)
(typeattributeset cil_gen_require sysctl_kernel_t)
(typeattributeset cil_gen_require kernel_t)
(typeattributeset cil_gen_require proc_kcore_t)
(typeattributeset cil_gen_require debugfs_t)
(typeattributeset cil_gen_require bin_t)
(typeattributeset cil_gen_require usr_t)
(typeattributeset cil_gen_require device_node)
(typeattributeset cil_gen_require device_t)
(typeattributeset cil_gen_require lvm_control_t)
(typeattributeset cil_gen_require loop_control_device_t)
(typeattributeset cil_gen_require memory_device_t)
(typeattributeset cil_gen_require sound_device_t)
(typeattributeset cil_gen_require privfd)
(typeattributeset cil_gen_require etc_t)
(typeattributeset cil_gen_require etc_runtime_t)
(typeattributeset cil_gen_require mountpoint)
(typeattributeset cil_gen_require unlabeled_t)
(typeattributeset cil_gen_require root_t)
(typeattributeset cil_gen_require filesystem_type)
(typeattributeset cil_gen_require tmpfs_t)
(typeattributeset cil_gen_require mlsfileread)
(typeattributeset mlsfileread (mount_t ))
(typeattributeset cil_gen_require mlsfilewrite)
(typeattributeset mlsfilewrite (mount_t ))
(typeattributeset cil_gen_require fixed_disk_raw_read)
(typeattributeset fixed_disk_raw_read (mount_t ))
(typeattributeset cil_gen_require fixed_disk_device_t)
(typeattributeset cil_gen_require fixed_disk_raw_write)
(typeattributeset fixed_disk_raw_write (mount_t ))
(typeattributeset cil_gen_require removable_device_t)
(typeattributeset cil_gen_require fuse_device_t)
(typeattributeset cil_gen_require ttynode)
(typeattributeset cil_gen_require ptynode)
(typeattributeset cil_gen_require console_device_t)
(typeattributeset cil_gen_require devpts_t)
(typeattributeset cil_gen_require tty_device_t)
(typeattributeset cil_gen_require ptmx_t)
(typeattributeset cil_gen_require nsswitch_domain)
(typeattributeset nsswitch_domain (mount_t ))
(typeattributeset cil_gen_require initrc_devpts_t)
(typeattributeset cil_gen_require initctl_t)
(typeattributeset cil_gen_require init_runtime_t)
(typeattributeset cil_gen_require syslogd_t)
(typeattributeset cil_gen_require syslogd_runtime_t)
(typeattributeset cil_gen_require devlog_t)
(typeattributeset cil_gen_require locale_t)
(typeattributeset cil_gen_require netlabel_peer_t)
(typeattributeset cil_gen_require netif_t)
(typeattributeset cil_gen_require node_t)
(typeattributeset cil_gen_require portmap_port_t)
(typeattributeset cil_gen_require portmap_client_packet_t)
(typeattributeset cil_gen_require net_conf_t)
(typeattributeset cil_gen_require userdomain)
(allow mount_t mount_exec_t (file (entrypoint)))
(allow mount_t mount_exec_t (file (ioctl read getattr lock map execute open)))
(allow initrc_t mount_exec_t (file (ioctl read getattr map execute open)))
(allow initrc_t mount_t (process (transition)))
(dontaudit initrc_t mount_t (process (noatsecure siginh rlimitinh)))
(typetransition initrc_t mount_exec_t process mount_t)
(allow mount_t initrc_t (fd (use)))
(allow mount_t initrc_t (fifo_file (ioctl read write getattr lock append)))
(allow mount_t initrc_t (process (sigchld)))
(allow unconfined_mount_t mount_exec_t (file (entrypoint)))
(allow unconfined_mount_t mount_exec_t (file (ioctl read getattr lock map execute open)))
(allow mount_t self (capability (chown dac_override dac_read_search setgid setuid ipc_lock sys_rawio sys_admin sys_tty_config)))
(dontaudit mount_t self (capability (kill net_admin)))
(dontaudit mount_t self (process (setrlimit)))
(allow mount_t self (process (signal)))
(allow mount_t self (fifo_file (ioctl read write getattr lock append open)))
(allow mount_t mount_tmp_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow mount_t mount_tmp_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
(allow mount_t self (fifo_file (ioctl read write getattr lock append open)))
(allow mount_t mount_exec_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow mount_t tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition mount_t tmp_t dir mount_tmp_t)
(typetransition mount_t tmp_t file mount_tmp_t)
(allow mount_t mount_runtime_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow mount_t mount_runtime_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
(allow mount_t mount_runtime_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow mount_t mount_runtime_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow mount_t mount_runtime_t (dir (getattr open search)))
(allow mount_t mount_runtime_t (file (ioctl read write getattr lock append open)))
(allow mount_t var_t (dir (getattr open search)))
(allow mount_t var_run_t (lnk_file (read getattr)))
(allow mount_t var_run_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition mount_t var_run_t dir mount_runtime_t)
(typetransition mount_t var_run_t file mount_runtime_t)
(allow mount_t proc_t (dir (getattr open search)))
(allow mount_t proc_t (file (ioctl read getattr lock open)))
(allow mount_t proc_t (dir (getattr open search)))
(allow mount_t proc_t (lnk_file (read getattr)))
(allow mount_t proc_t (dir (getattr open search)))
(allow mount_t proc_t (dir (ioctl read getattr lock open search)))
(allow mount_t proc_t (dir (getattr open search)))
(allow mount_t sysctl_t (dir (getattr open search)))
(allow mount_t sysctl_kernel_t (dir (getattr open search)))
(allow mount_t sysctl_kernel_t (file (ioctl read getattr lock open)))
(allow mount_t proc_t (dir (getattr open search)))
(allow mount_t sysctl_t (dir (getattr open search)))
(allow mount_t sysctl_kernel_t (dir (ioctl read getattr lock open search)))
(allow mount_t kernel_t (process (setsched)))
(dontaudit mount_t proc_kcore_t (file (getattr)))
(dontaudit mount_t debugfs_t (dir (write)))
(dontaudit mount_t proc_t (dir (write)))
(allow mount_t kernel_t (system (module_request)))
(allow mount_t bin_t (dir (getattr open search)))
(allow mount_t bin_t (lnk_file (read getattr)))
(allow mount_t usr_t (dir (getattr open search)))
(allow mount_t bin_t (dir (getattr open search)))
(allow mount_t bin_t (dir (ioctl read getattr lock open search)))
(allow mount_t bin_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow mount_t device_t (dir (getattr open search)))
(allow mount_t device_node (blk_file (getattr)))
(allow mount_t device_t (dir (getattr open search)))
(allow mount_t device_t (dir (ioctl read getattr lock open search)))
(allow mount_t device_t (dir (getattr open search)))
(allow mount_t device_t (lnk_file (read getattr)))
(allow mount_t sysfs_t (dir (getattr open search)))
(allow mount_t sysfs_t (file (ioctl read getattr lock open)))
(allow mount_t sysfs_t (dir (getattr open search)))
(allow mount_t sysfs_t (lnk_file (read getattr)))
(allow mount_t sysfs_t (dir (getattr open search)))
(allow mount_t sysfs_t (dir (ioctl read getattr lock open search)))
(dontaudit mount_t sysfs_t (dir (write)))
(allow mount_t device_t (dir (getattr open search)))
(allow mount_t lvm_control_t (chr_file (ioctl read write getattr lock append open)))
(allow mount_t device_t (dir (getattr open search)))
(allow mount_t loop_control_device_t (chr_file (ioctl read write getattr lock append open)))
(dontaudit mount_t device_node (chr_file (getattr)))
(dontaudit mount_t device_t (chr_file (getattr)))
(dontaudit mount_t device_t (blk_file (getattr)))
(dontaudit mount_t memory_device_t (chr_file (getattr)))
(allow mount_t device_t (dir (getattr open search)))
(allow mount_t sound_device_t (chr_file (getattr)))
(dontaudit mount_t device_t (chr_file (ioctl read write getattr lock append open)))
(allow mount_t privfd (fd (use)))
(allow mount_t file_type (dir (getattr open search)))
(allow mount_t etc_t (dir (ioctl read getattr lock open search)))
(allow mount_t etc_t (dir (getattr open search)))
(allow mount_t etc_t (file (ioctl read getattr lock open)))
(allow mount_t etc_t (dir (getattr open search)))
(allow mount_t etc_t (lnk_file (read getattr)))
(allow mount_t etc_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow mount_t etc_runtime_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow mount_t etc_runtime_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow mount_t etc_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition mount_t etc_t file etc_runtime_t)
(allow mount_t mountpoint (dir (getattr mounton open search)))
(allow mount_t mountpoint (file (getattr mounton)))
(allow mount_t unlabeled_t (dir (getattr mounton open search)))
(allow mount_t root_t (filesystem (unmount)))
(allow mount_t file_type (filesystem (relabelto)))
(allow mount_t file_type (filesystem (mount)))
(allow mount_t file_type (filesystem (unmount)))
(allow mount_t usr_t (dir (ioctl read getattr lock open search)))
(allow mount_t usr_t (dir (getattr open search)))
(allow mount_t usr_t (file (ioctl read getattr lock open)))
(allow mount_t usr_t (dir (getattr open search)))
(allow mount_t usr_t (lnk_file (read getattr)))
(allow mount_t mountpoint (dir (ioctl read getattr lock open search)))
(dontaudit mount_t mountpoint (dir (write)))
(dontaudit mount_t mountpoint (dir (setattr)))
(allow mount_t filesystem_type (filesystem (getattr)))
(allow mount_t file_type (filesystem (getattr)))
(allow mount_t filesystem_type (dir (getattr)))
(allow mount_t filesystem_type (filesystem (mount)))
(allow mount_t filesystem_type (filesystem (unmount)))
(allow mount_t filesystem_type (filesystem (remount)))
(allow mount_t filesystem_type (filesystem (relabelfrom)))
(allow mount_t tmpfs_t (dir (ioctl read getattr lock open search)))
(allow mount_t tmpfs_t (dir (getattr open search)))
(allow mount_t tmpfs_t (chr_file (ioctl read write getattr lock append open)))
(allow mount_t tmpfs_t (dir (getattr open search)))
(allow mount_t tmpfs_t (lnk_file (read getattr)))
(dontaudit mount_t tmpfs_t (dir (write)))
(allow mount_t filesystem_image_file_type (dir (getattr open search)))
(allow mount_t filesystem_image_file_type (file (ioctl read getattr lock open)))
(dontaudit mount_t filesystem_image_file_type (file (write)))
(allow mount_t sysfs_t (dir (getattr open search)))
(allow mount_t sysfs_t (dir (getattr open search)))
(allow mount_t security_t (dir (ioctl read getattr lock open search)))
(allow mount_t security_t (file (ioctl read getattr map open)))
(allow mount_t device_t (dir (getattr open search)))
(allow mount_t device_t (dir (ioctl read getattr lock open search)))
(allow mount_t device_t (dir (getattr open search)))
(allow mount_t device_t (lnk_file (read getattr)))
(allow mount_t fixed_disk_device_t (blk_file (ioctl read getattr lock open)))
(allow mount_t fixed_disk_device_t (chr_file (ioctl read getattr lock open)))
(allow mount_t device_t (dir (getattr open search)))
(allow mount_t device_t (dir (ioctl read getattr lock open search)))
(allow mount_t device_t (dir (getattr open search)))
(allow mount_t device_t (lnk_file (read getattr)))
(allow mount_t fixed_disk_device_t (blk_file (ioctl write getattr lock append open)))
(allow mount_t fixed_disk_device_t (chr_file (ioctl write getattr lock append open)))
(allow mount_t device_t (dir (getattr open search)))
(allow mount_t device_t (dir (ioctl read getattr lock open search)))
(allow mount_t device_t (dir (getattr open search)))
(allow mount_t device_t (lnk_file (read getattr)))
(allow mount_t removable_device_t (blk_file (ioctl read getattr lock open)))
(allow mount_t device_t (dir (getattr open search)))
(allow mount_t device_t (dir (ioctl read getattr lock open search)))
(allow mount_t device_t (dir (getattr open search)))
(allow mount_t device_t (lnk_file (read getattr)))
(allow mount_t removable_device_t (blk_file (ioctl write getattr lock append open)))
(allow mount_t fuse_device_t (chr_file (ioctl read write getattr lock append open)))
(allow mount_t device_t (dir (getattr open search)))
(allow mount_t device_t (dir (ioctl read getattr lock open search)))
(allow mount_t device_t (dir (getattr open search)))
(allow mount_t device_t (lnk_file (read getattr)))
(allow mount_t devpts_t (dir (ioctl read getattr lock open search)))
(allow mount_t ttynode (chr_file (ioctl read write getattr lock append open)))
(allow mount_t ptynode (chr_file (ioctl read write getattr lock append open)))
(allow mount_t console_device_t (chr_file (ioctl read write getattr lock append open)))
(allow mount_t devpts_t (chr_file (ioctl read write getattr lock append open)))
(allow mount_t tty_device_t (chr_file (ioctl read write getattr lock append open)))
(dontaudit mount_t devpts_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
(dontaudit mount_t ptmx_t (chr_file (read write getattr)))
(allow mount_t init_t (fd (use)))
(allow mount_t device_t (dir (getattr open search)))
(allow mount_t device_t (dir (ioctl read getattr lock open search)))
(allow mount_t device_t (dir (getattr open search)))
(allow mount_t device_t (lnk_file (read getattr)))
(allow mount_t devpts_t (dir (ioctl read getattr lock open search)))
(allow mount_t initrc_devpts_t (chr_file (ioctl read write getattr lock append open)))
(dontaudit mount_t initctl_t (fifo_file (getattr)))
(dontaudit mount_t init_t (dir (getattr open search)))
(dontaudit mount_t init_t (file (ioctl read getattr lock open)))
(dontaudit mount_t init_t (lnk_file (read getattr)))
(dontaudit mount_t init_runtime_t (sock_file (write)))
(allow mount_t devlog_t (sock_file (write getattr append open)))
(allow mount_t var_run_t (lnk_file (read getattr)))
(allow mount_t var_t (dir (getattr open search)))
(allow mount_t var_run_t (dir (getattr open search)))
(allow mount_t init_runtime_t (dir (getattr open search)))
(allow mount_t syslogd_runtime_t (dir (getattr open search)))
(allow mount_t syslogd_t (unix_dgram_socket (sendto)))
(allow mount_t syslogd_t (unix_stream_socket (connectto)))
(allow mount_t self (unix_dgram_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow mount_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow mount_t device_t (dir (getattr open search)))
(allow mount_t device_t (dir (ioctl read getattr lock open search)))
(allow mount_t device_t (dir (getattr open search)))
(allow mount_t device_t (lnk_file (read getattr)))
(allow mount_t console_device_t (chr_file (ioctl write getattr lock append open)))
(dontaudit mount_t console_device_t (chr_file (ioctl read getattr lock open)))
(allow mount_t etc_t (dir (getattr open search)))
(allow mount_t etc_t (lnk_file (read getattr)))
(allow mount_t usr_t (dir (getattr open search)))
(allow mount_t locale_t (dir (ioctl read getattr lock open search)))
(allow mount_t locale_t (dir (getattr open search)))
(allow mount_t locale_t (file (ioctl read getattr lock open)))
(allow mount_t locale_t (dir (getattr open search)))
(allow mount_t locale_t (lnk_file (read getattr)))
(allow mount_t locale_t (file (map)))
(allow mount_t self (tcp_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow mount_t self (udp_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow mount_t netlabel_peer_t (peer (recv)))
(allow mount_t netlabel_peer_t (tcp_socket (recvfrom)))
(allow mount_t netlabel_peer_t (udp_socket (recvfrom)))
(allow mount_t netlabel_peer_t (rawip_socket (recvfrom)))
(allow mount_t netif_t (netif (ingress egress)))
(allow mount_t netif_t (netif (egress)))
(allow mount_t netif_t (netif (ingress)))
(allow mount_t node_t (node (recvfrom sendto)))
(allow mount_t node_t (node (sendto)))
(allow mount_t node_t (node (recvfrom)))
(allow mount_t portmap_port_t (tcp_socket (name_connect)))
(allow mount_t portmap_client_packet_t (packet (send)))
(allow mount_t portmap_client_packet_t (packet (recv)))
(allow mount_t etc_t (dir (getattr open search)))
(allow mount_t var_run_t (lnk_file (read getattr)))
(allow mount_t var_t (dir (getattr open search)))
(allow mount_t var_run_t (dir (getattr open search)))
(allow mount_t net_conf_t (dir (ioctl read getattr lock open search)))
(allow mount_t net_conf_t (file (ioctl read getattr lock open)))
(allow mount_t net_conf_t (lnk_file (read getattr)))
(allow mount_t etc_t (dir (getattr open search)))
(allow mount_t selinux_config_t (dir (ioctl read getattr lock open search)))
(allow mount_t selinux_config_t (dir (getattr open search)))
(allow mount_t selinux_config_t (file (ioctl read getattr lock open)))
(allow mount_t selinux_config_t (dir (getattr open search)))
(allow mount_t selinux_config_t (lnk_file (read getattr)))
(allow mount_t security_t (filesystem (getattr)))
(allow mount_t sysfs_t (filesystem (getattr)))
(allow mount_t sysfs_t (dir (getattr open search)))
(allow mount_t sysfs_t (dir (getattr open search)))
(allow mount_t userdomain (fd (use)))
(allow mount_t kernel_t (process (setsched)))
(allow mount_t file_type (filesystem (relabelfrom relabelto)))
(allow mount_t security_t (filesystem (getattr)))
(allow mount_t sysfs_t (filesystem (getattr)))
(allow mount_t sysfs_t (dir (getattr open search)))
(allow mount_t sysfs_t (dir (getattr open search)))
(allow mount_t proc_t (dir (getattr open search)))
(allow mount_t proc_t (file (ioctl read getattr lock open)))
(allow mount_t proc_t (dir (getattr open search)))
(allow mount_t proc_t (lnk_file (read getattr)))
(allow mount_t proc_t (dir (getattr open search)))
(allow mount_t proc_t (dir (ioctl read getattr lock open search)))
(booleanif (allow_mount_anyfile)
    (true
        (allow mount_t non_security_file_type (file (getattr mounton)))
        (allow mount_t non_security_file_type (dir (getattr mounton search)))
        (allow mount_t non_auth_file_type (file (ioctl read getattr lock open)))
        (allow mount_t non_auth_file_type (dir (getattr open search)))
        (allow mount_t non_auth_file_type (dir (ioctl read getattr lock open search)))
    )
)
(optional mount_optional_2
    (typeattributeset cil_gen_require init_t)
    (allow mount_t init_t (process (sigchld)))
    (allow mount_t init_t (process (signull)))
    (optional mount_optional_3
        (typeattributeset cil_gen_require rpm_t)
        (allow mount_t rpm_t (fd (use)))
        (allow mount_t rpm_t (fifo_file (ioctl read getattr lock open)))
    )
    (optional mount_optional_4
        (typeattributeset cil_gen_require security_t)
        (typeattributeset cil_gen_require sysfs_t)
        (dontaudit mount_t security_t (filesystem (getattr)))
        (dontaudit mount_t sysfs_t (filesystem (getattr)))
        (dontaudit mount_t sysfs_t (dir (getattr open search)))
        (dontaudit mount_t security_t (dir (getattr open search)))
        (dontaudit mount_t security_t (file (ioctl read getattr lock open)))
        (optional mount_optional_5
            (typeattributeset cil_gen_require selinux_config_t)
            (dontaudit mount_t selinux_config_t (dir (getattr open search)))
            (dontaudit mount_t selinux_config_t (file (ioctl read getattr lock open)))
            (optional mount_optional_6
                (typeattributeset cil_gen_require kubernetes_mountpoint_type)
                (typeattributeset cil_gen_require kubernetes_mountpoint_type)
                (typeattributeset kubernetes_mountpoint_type (mount_runtime_t ))
            )
            (optional mount_optional_7
                (typeattributeset cil_gen_require init_t)
                (allow unconfined_mount_t init_t (process (sigchld)))
                (allow unconfined_mount_t init_t (process (signull)))
                (optional mount_optional_8
                    (typeattributeset cil_gen_require rpm_t)
                    (allow unconfined_mount_t rpm_t (fd (use)))
                    (allow unconfined_mount_t rpm_t (fifo_file (ioctl read getattr lock open)))
                )
                (optional mount_optional_9
                    (typeattributeset cil_gen_require security_t)
                    (typeattributeset cil_gen_require sysfs_t)
                    (dontaudit unconfined_mount_t security_t (filesystem (getattr)))
                    (dontaudit unconfined_mount_t sysfs_t (filesystem (getattr)))
                    (dontaudit unconfined_mount_t sysfs_t (dir (getattr open search)))
                    (dontaudit unconfined_mount_t security_t (dir (getattr open search)))
                    (dontaudit unconfined_mount_t security_t (file (ioctl read getattr lock open)))
                    (optional mount_optional_10
                        (typeattributeset cil_gen_require selinux_config_t)
                        (dontaudit unconfined_mount_t selinux_config_t (dir (getattr open search)))
                        (dontaudit unconfined_mount_t selinux_config_t (file (ioctl read getattr lock open)))
                        (optional mount_optional_11
                            (typeattributeset cil_gen_require netlabel_peer_t)
                            (typeattributeset cil_gen_require netif_type)
                            (typeattributeset cil_gen_require node_type)
                            (typeattributeset cil_gen_require port_t)
                            (typeattributeset cil_gen_require defined_port_type)
                            (typeattributeset cil_gen_require reserved_port_t)
                            (typeattributeset cil_gen_require rpc_port_type)
                            (typeattributeset cil_gen_require reserved_port_type)
                            (typeattributeset cil_gen_require port_type)
                            (typeattributeset cil_gen_require rpc_pipefs_t)
                            (typeattributeset cil_gen_require exports_t)
                            (allow mount_t netlabel_peer_t (peer (recv)))
                            (allow mount_t netlabel_peer_t (tcp_socket (recvfrom)))
                            (allow mount_t netlabel_peer_t (udp_socket (recvfrom)))
                            (allow mount_t netlabel_peer_t (rawip_socket (recvfrom)))
                            (allow mount_t netif_type (netif (ingress egress)))
                            (allow mount_t netif_type (netif (egress)))
                            (allow mount_t netif_type (netif (ingress)))
                            (allow mount_t netif_type (netif (egress)))
                            (allow mount_t netif_type (netif (ingress)))
                            (allow mount_t node_type (node (recvfrom sendto)))
                            (allow mount_t node_type (node (sendto)))
                            (allow mount_t node_type (node (recvfrom)))
                            (allow mount_t node_type (node (sendto)))
                            (allow mount_t node_type (node (recvfrom)))
                            (allow mount_t node_type (tcp_socket (node_bind)))
                            (allow mount_t node_type (udp_socket (node_bind)))
                            (allow mount_t port_t (tcp_socket (name_bind)))
                            (dontaudit mount_t defined_port_type (tcp_socket (name_bind)))
                            (allow mount_t port_t (udp_socket (name_bind)))
                            (dontaudit mount_t defined_port_type (udp_socket (name_bind)))
                            (allow mount_t reserved_port_t (tcp_socket (name_bind)))
                            (allow mount_t self (capability (net_bind_service)))
                            (allow mount_t reserved_port_t (udp_socket (name_bind)))
                            (allow mount_t self (capability (net_bind_service)))
                            (allow mount_t rpc_port_type (tcp_socket (name_bind)))
                            (allow mount_t self (capability (net_bind_service)))
                            (allow mount_t rpc_port_type (udp_socket (name_bind)))
                            (allow mount_t self (capability (net_bind_service)))
                            (dontaudit mount_t reserved_port_type (tcp_socket (name_bind)))
                            (dontaudit mount_t reserved_port_type (udp_socket (name_bind)))
                            (allow mount_t port_type (tcp_socket (name_connect)))
                            (allow mount_t rpc_pipefs_t (dir (getattr open search)))
                        )
                        (optional mount_optional_12
                            (typeattributeset cil_gen_require acpid_t)
                            (allow mount_t acpid_t (fd (use)))
                        )
                        (optional mount_optional_13
                            (typeattributeset cil_gen_require container_file_t)
                            (allow mount_t container_file_t (filesystem (getattr)))
                        )
                        (optional mount_optional_14
                            (typeattributeset cil_gen_require system_dbusd_runtime_t)
                            (dontaudit mount_t system_dbusd_runtime_t (sock_file (write)))
                        )
                        (optional mount_optional_15
                            (typeattributeset cil_gen_require bin_t)
                            (typeattributeset cil_gen_require usr_t)
                            (typeattributeset cil_gen_require glusterd_t)
                            (typeattributeset cil_gen_require glusterd_exec_t)
                            (typeattributeset cil_gen_require shell_exec_t)
                            (allow mount_t bin_t (dir (getattr open search)))
                            (allow mount_t bin_t (lnk_file (read getattr)))
                            (allow mount_t usr_t (dir (getattr open search)))
                            (allow mount_t glusterd_exec_t (file (ioctl read getattr map execute open)))
                            (allow mount_t glusterd_t (process (transition)))
                            (dontaudit mount_t glusterd_t (process (noatsecure siginh rlimitinh)))
                            (typetransition mount_t glusterd_exec_t process glusterd_t)
                            (allow glusterd_t mount_t (fd (use)))
                            (allow glusterd_t mount_t (fifo_file (ioctl read write getattr lock append)))
                            (allow glusterd_t mount_t (process (sigchld)))
                            (allow mount_t bin_t (dir (getattr open search)))
                            (allow mount_t bin_t (lnk_file (read getattr)))
                            (allow mount_t usr_t (dir (getattr open search)))
                            (allow mount_t bin_t (dir (getattr open search)))
                            (allow mount_t bin_t (dir (ioctl read getattr lock open search)))
                            (allow mount_t shell_exec_t (file (ioctl read getattr lock map execute open execute_no_trans)))
                        )
                        (optional mount_optional_16
                            (typeattributeset cil_gen_require kubelet_t)
                            (allow mount_t kubelet_t (dir (ioctl read getattr lock open search)))
                            (allow mount_t kubelet_t (file (ioctl read getattr lock open)))
                            (allow mount_t kubelet_t (lnk_file (read getattr)))
                            (allow mount_t kubelet_t (process (getattr)))
                        )
                        (optional mount_optional_17
                            (typeattributeset cil_gen_require modules_dep_t)
                            (typeattributeset cil_gen_require modules_object_t)
                            (allow mount_t modules_object_t (dir (ioctl read getattr lock open search)))
                            (allow mount_t modules_object_t (dir (getattr open search)))
                            (allow mount_t modules_object_t (lnk_file (read getattr)))
                            (allow mount_t modules_dep_t (file (ioctl read getattr lock map open)))
                        )
                        (optional mount_optional_18
                            (typeattributeset cil_gen_require tmp_t)
                            (typeattributeset cil_gen_require puppet_tmp_t)
                            (allow mount_t tmp_t (dir (getattr open search)))
                            (allow mount_t puppet_tmp_t (file (ioctl read write getattr lock append open)))
                        )
                        (optional mount_optional_19
                            (typeattributeset cil_gen_require bin_t)
                            (typeattributeset cil_gen_require usr_t)
                            (typeattributeset cil_gen_require rpcd_t)
                            (typeattributeset cil_gen_require rpcd_exec_t)
                            (allow mount_t bin_t (dir (getattr open search)))
                            (allow mount_t bin_t (lnk_file (read getattr)))
                            (allow mount_t usr_t (dir (getattr open search)))
                            (allow mount_t rpcd_exec_t (file (ioctl read getattr map execute open)))
                            (allow mount_t rpcd_t (process (transition)))
                            (dontaudit mount_t rpcd_t (process (noatsecure siginh rlimitinh)))
                            (typetransition mount_t rpcd_exec_t process rpcd_t)
                            (allow rpcd_t mount_t (fd (use)))
                            (allow rpcd_t mount_t (fifo_file (ioctl read write getattr lock append)))
                            (allow rpcd_t mount_t (process (sigchld)))
                        )
                        (optional mount_optional_20
                            (typeattributeset cil_gen_require rpm_t)
                            (allow mount_t rpm_t (fifo_file (ioctl read write getattr lock append open)))
                        )
                        (optional mount_optional_21
                            (roleattributeset cil_gen_require smbmount_roles)
                            (typeattributeset cil_gen_require bin_t)
                            (typeattributeset cil_gen_require usr_t)
                            (typeattributeset cil_gen_require smbmount_t)
                            (typeattributeset cil_gen_require smbmount_exec_t)
                            (roleattributeset cil_gen_require smbmount_roles)
                            (roleattributeset smbmount_roles (mount_roles ))
                            (allow mount_t bin_t (dir (getattr open search)))
                            (allow mount_t bin_t (lnk_file (read getattr)))
                            (allow mount_t usr_t (dir (getattr open search)))
                            (allow mount_t smbmount_exec_t (file (ioctl read getattr map execute open)))
                            (allow mount_t smbmount_t (process (transition)))
                            (dontaudit mount_t smbmount_t (process (noatsecure siginh rlimitinh)))
                            (typetransition mount_t smbmount_exec_t process smbmount_t)
                            (allow smbmount_t mount_t (fd (use)))
                            (allow smbmount_t mount_t (fifo_file (ioctl read write getattr lock append)))
                            (allow smbmount_t mount_t (process (sigchld)))
                        )
                        (optional mount_optional_22
                            (typeattributeset cil_gen_require domain)
                            (typeattributeset domain (mount_t unconfined_mount_t ))
                            (typeattributeset cil_gen_require etc_t)
                            (typeattributeset cil_gen_require etc_runtime_t)
                            (typeattributeset cil_gen_require unconfined_t)
                            (typeattributeset cil_gen_require kern_unconfined)
                            (typeattributeset cil_gen_require can_load_kernmodule)
                            (typeattributeset cil_gen_require corenet_unconfined_type)
                            (typeattributeset cil_gen_require devices_unconfined_type)
                            (typeattributeset cil_gen_require set_curr_context)
                            (typeattributeset cil_gen_require can_change_object_identity)
                            (typeattributeset cil_gen_require unconfined_domain_type)
                            (typeattributeset cil_gen_require process_uncond_exempt)
                            (typeattributeset cil_gen_require files_unconfined_type)
                            (typeattributeset cil_gen_require filesystem_unconfined_type)
                            (typeattributeset cil_gen_require selinux_unconfined_type)
                            (typeattributeset cil_gen_require corenet_unconfined_type)
                            (typeattributeset corenet_unconfined_type (unconfined_mount_t ))
                            (typeattributeset cil_gen_require process_uncond_exempt)
                            (typeattributeset process_uncond_exempt (unconfined_mount_t ))
                            (typeattributeset cil_gen_require unconfined_domain_type)
                            (typeattributeset unconfined_domain_type (unconfined_mount_t ))
                            (typeattributeset cil_gen_require can_load_kernmodule)
                            (typeattributeset can_load_kernmodule (unconfined_mount_t ))
                            (typeattributeset cil_gen_require filesystem_unconfined_type)
                            (typeattributeset filesystem_unconfined_type (unconfined_mount_t ))
                            (typeattributeset cil_gen_require set_curr_context)
                            (typeattributeset set_curr_context (unconfined_mount_t ))
                            (typeattributeset cil_gen_require devices_unconfined_type)
                            (typeattributeset devices_unconfined_type (unconfined_mount_t ))
                            (typeattributeset cil_gen_require files_unconfined_type)
                            (typeattributeset files_unconfined_type (unconfined_mount_t ))
                            (typeattributeset cil_gen_require kern_unconfined)
                            (typeattributeset kern_unconfined (unconfined_mount_t ))
                            (typeattributeset cil_gen_require can_change_object_identity)
                            (typeattributeset can_change_object_identity (unconfined_mount_t ))
                            (typeattributeset cil_gen_require selinux_unconfined_type)
                            (typeattributeset selinux_unconfined_type (unconfined_mount_t ))
                            (allow unconfined_mount_t etc_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                            (typetransition unconfined_mount_t etc_t file etc_runtime_t)
                            (allow unconfined_mount_t self (capability (chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
                            (allow unconfined_mount_t self (cap_userns (chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
                            (allow unconfined_mount_t self (capability2 (syslog wake_alarm perfmon bpf)))
                            (allow unconfined_mount_t self (cap2_userns (syslog wake_alarm perfmon bpf)))
                            (allow unconfined_mount_t self (fifo_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                            (allow unconfined_mount_t self (cap_userns (chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write setfcap)))
                            (allow unconfined_mount_t self (cap2_userns (mac_override mac_admin syslog wake_alarm block_suspend audit_read perfmon bpf)))
                            (allow unconfined_mount_t self (process (transition)))
                            (allow unconfined_mount_t self (file (ioctl read write getattr lock append open)))
                            (allow unconfined_mount_t self (anon_inode (read write create map)))
                            (allow unconfined_mount_t self (nscd (getpwd getgrp gethost getstat admin shmempwd shmemgrp shmemhost getserv shmemserv)))
                            (allow unconfined_mount_t self (dbus (acquire_svc send_msg)))
                            (allow unconfined_mount_t self (passwd (passwd chfn chsh rootok crontab)))
                            (allow unconfined_mount_t self (association (sendto recvfrom setcontext polmatch)))
                            (dontaudit unconfined_mount_t domain (dir (ioctl read getattr lock open search)))
                            (dontaudit unconfined_mount_t domain (lnk_file (read getattr)))
                            (dontaudit unconfined_mount_t domain (file (ioctl read getattr lock open)))
                            (dontaudit unconfined_mount_t domain (sock_file (read getattr open)))
                            (dontaudit unconfined_mount_t domain (fifo_file (ioctl read getattr lock open)))
                            (dontaudit unconfined_mount_t domain (process (ptrace)))
                            (allow unconfined_mount_t etc_t (service (status)))
                            (allow unconfined_mount_t etc_t (service (start)))
                            (allow unconfined_mount_t etc_t (service (stop)))
                            (booleanif (allow_execstack)
                                (true
                                    (allow unconfined_mount_t self (process (execmem execstack)))
                                )
                            )
                            (booleanif (allow_execmem)
                                (true
                                    (allow unconfined_mount_t self (process (execmem)))
                                )
                            )
                            (booleanif (allow_execheap)
                                (true
                                    (allow unconfined_mount_t self (process (execheap)))
                                    (auditallow unconfined_mount_t self (process (execheap)))
                                )
                            )
                            (optional mount_optional_23
                                (typeattributeset cil_gen_require can_read_shadow_passwords)
                                (typeattributeset cil_gen_require can_write_shadow_passwords)
                                (typeattributeset cil_gen_require can_relabelto_shadow_passwords)
                                (typeattributeset cil_gen_require can_write_shadow_passwords)
                                (typeattributeset can_write_shadow_passwords (unconfined_mount_t ))
                                (typeattributeset cil_gen_require can_read_shadow_passwords)
                                (typeattributeset can_read_shadow_passwords (unconfined_mount_t ))
                                (typeattributeset cil_gen_require can_relabelto_shadow_passwords)
                                (typeattributeset can_relabelto_shadow_passwords (unconfined_mount_t ))
                            )
                            (optional mount_optional_24
                                (typeattributeset cil_gen_require dbusd_unconfined)
                                (typeattributeset cil_gen_require dbusd_unconfined)
                                (typeattributeset dbusd_unconfined (unconfined_mount_t ))
                            )
                            (optional mount_optional_25
                                (typeattributeset cil_gen_require ipsec_spd_t)
                                (allow unconfined_mount_t ipsec_spd_t (association (setcontext)))
                                (allow unconfined_mount_t ipsec_spd_t (association (polmatch)))
                                (allow unconfined_mount_t self (association (sendto)))
                            )
                            (optional mount_optional_26
                                (typeattributeset cil_gen_require nscd_t)
                                (allow unconfined_mount_t nscd_t (nscd (getpwd getgrp gethost getstat admin shmempwd shmemgrp shmemhost getserv shmemserv)))
                            )
                            (optional mount_optional_27
                                (typeattributeset cil_gen_require sepgsql_unconfined_type)
                                (typeattributeset cil_gen_require sepgsql_unconfined_type)
                                (typeattributeset sepgsql_unconfined_type (unconfined_mount_t ))
                            )
                            (optional mount_optional_28
                                (typeattributeset cil_gen_require selinux_config_t)
                                (typeattributeset cil_gen_require etc_t)
                                (typeattributeset cil_gen_require policy_config_t)
                                (typeattributeset cil_gen_require can_relabelto_binary_policy)
                                (typeattributeset cil_gen_require can_relabelto_binary_policy)
                                (typeattributeset can_relabelto_binary_policy (unconfined_mount_t ))
                                (allow unconfined_mount_t etc_t (dir (getattr open search)))
                                (allow unconfined_mount_t selinux_config_t (dir (getattr open search)))
                                (allow unconfined_mount_t policy_config_t (dir (ioctl write getattr lock open add_name search)))
                                (allow unconfined_mount_t policy_config_t (file (create getattr open)))
                                (allow unconfined_mount_t policy_config_t (dir (getattr open search)))
                                (allow unconfined_mount_t policy_config_t (file (ioctl write getattr lock append open)))
                                (allow unconfined_mount_t policy_config_t (file (relabelto)))
                            )
                            (optional mount_optional_29
                                (typeattributeset cil_gen_require storage_unconfined_type)
                                (typeattributeset cil_gen_require storage_unconfined_type)
                                (typeattributeset storage_unconfined_type (unconfined_mount_t ))
                            )
                            (optional mount_optional_30
                                (typeattributeset cil_gen_require x_domain)
                                (typeattributeset cil_gen_require xserver_unconfined_type)
                                (typeattributeset cil_gen_require x_domain)
                                (typeattributeset x_domain (unconfined_mount_t ))
                                (typeattributeset cil_gen_require xserver_unconfined_type)
                                (typeattributeset xserver_unconfined_type (unconfined_mount_t ))
                            )
                        )
                    )
                )
            )
        )
    )
)
(filecon "/usr/bin/fusermount" file (system_u object_r mount_exec_t (systemlow systemlow)))
(filecon "/usr/bin/fusermount3" file (system_u object_r mount_exec_t (systemlow systemlow)))
(filecon "/usr/bin/mount(\.[^/]+)?" file (system_u object_r mount_exec_t (systemlow systemlow)))
(filecon "/usr/bin/umount(\.[^/]+)?" file (system_u object_r mount_exec_t (systemlow systemlow)))
(filecon "/usr/sbin/mount(\.[^/]+)?" file (system_u object_r mount_exec_t (systemlow systemlow)))
(filecon "/usr/sbin/umount(\.[^/]+)?" file (system_u object_r mount_exec_t (systemlow systemlow)))
(filecon "/run/mount(/.*)?" any (system_u object_r mount_runtime_t (systemlow systemlow)))
