(typealias sshd_var_run_t)
(typealiasactual sshd_var_run_t sshd_runtime_t)
(typeattribute ssh_server)
(typeattributeset ssh_server (sshd_t ))
(typeattribute ssh_agent_type)
(type ssh_keygen_t)
(roletype object_r ssh_keygen_t)
(type ssh_keygen_exec_t)
(roletype object_r ssh_keygen_exec_t)
(type sshd_exec_t)
(roletype object_r sshd_exec_t)
(type sshd_key_t)
(roletype object_r sshd_key_t)
(type sshd_t)
(roletype object_r sshd_t)
(type sshd_devpts_t)
(roletype object_r sshd_devpts_t)
(type sshd_runtime_t)
(roletype object_r sshd_runtime_t)
(type sshd_tmpfs_t)
(roletype object_r sshd_tmpfs_t)
(type sshd_tmp_t)
(roletype object_r sshd_tmp_t)
(type sshd_keygen_unit_t)
(roletype object_r sshd_keygen_unit_t)
(type sshd_unit_t)
(roletype object_r sshd_unit_t)
(type ssh_t)
(roletype object_r ssh_t)
(type ssh_exec_t)
(roletype object_r ssh_exec_t)
(type ssh_agent_exec_t)
(roletype object_r ssh_agent_exec_t)
(type ssh_agent_tmp_t)
(roletype object_r ssh_agent_tmp_t)
(type ssh_keysign_t)
(roletype object_r ssh_keysign_t)
(type ssh_keysign_exec_t)
(roletype object_r ssh_keysign_exec_t)
(type ssh_tmpfs_t)
(roletype object_r ssh_tmpfs_t)
(type ssh_home_t)
(roletype object_r ssh_home_t)
(type sshd_keytab_t)
(roletype object_r sshd_keytab_t)
(boolean allow_ssh_keysign false)
(boolean ssh_sysadm_login false)
(boolean ssh_use_gpg_agent false)
(boolean sshd_port_forwarding false)
(roleattributeset cil_gen_require system_r)
(roletype system_r ssh_keygen_t)
(roletype system_r sshd_t)
(typeattributeset cil_gen_require ssh_server)
(typeattributeset ssh_server (sshd_t ))
(typeattributeset cil_gen_require initrc_t)
(typeattributeset cil_gen_require systemprocess)
(typeattributeset systemprocess (ssh_keygen_t ))
(typeattributeset cil_gen_require application_domain_type)
(typeattributeset application_domain_type (ssh_keygen_t ssh_t ssh_keysign_t ))
(typeattributeset cil_gen_require domain)
(typeattributeset domain (ssh_keygen_t sshd_t ssh_t ssh_keysign_t ))
(typeattributeset cil_gen_require init_t)
(typeattributeset cil_gen_require security_t)
(typeattributeset cil_gen_require sysfs_t)
(typeattributeset cil_gen_require selinux_config_t)
(typeattributeset cil_gen_require application_exec_type)
(typeattributeset application_exec_type (ssh_keygen_exec_t ssh_exec_t ssh_keysign_exec_t ))
(typeattributeset cil_gen_require exec_type)
(typeattributeset exec_type (ssh_keygen_exec_t sshd_exec_t ssh_exec_t ssh_agent_exec_t ssh_keysign_exec_t ))
(typeattributeset cil_gen_require file_type)
(typeattributeset file_type (ssh_keygen_exec_t sshd_exec_t sshd_key_t sshd_runtime_t sshd_tmpfs_t sshd_tmp_t sshd_keygen_unit_t sshd_unit_t ssh_exec_t ssh_agent_exec_t ssh_agent_tmp_t ssh_keysign_exec_t ssh_tmpfs_t ssh_home_t sshd_keytab_t ))
(typeattributeset cil_gen_require non_security_file_type)
(typeattributeset non_security_file_type (ssh_keygen_exec_t sshd_exec_t sshd_key_t sshd_runtime_t sshd_tmpfs_t sshd_tmp_t sshd_keygen_unit_t sshd_unit_t ssh_exec_t ssh_agent_exec_t ssh_agent_tmp_t ssh_keysign_exec_t ssh_tmpfs_t ssh_home_t sshd_keytab_t ))
(typeattributeset cil_gen_require non_auth_file_type)
(typeattributeset non_auth_file_type (ssh_keygen_exec_t sshd_exec_t sshd_key_t sshd_runtime_t sshd_tmpfs_t sshd_tmp_t sshd_keygen_unit_t sshd_unit_t ssh_exec_t ssh_agent_exec_t ssh_agent_tmp_t ssh_keysign_exec_t ssh_tmpfs_t ssh_home_t sshd_keytab_t ))
(typeattributeset cil_gen_require entry_type)
(typeattributeset entry_type (ssh_keygen_exec_t sshd_exec_t ssh_exec_t ssh_keysign_exec_t ))
(typeattributeset cil_gen_require sshd_exec_t)
(typeattributeset cil_gen_require sshd_key_t)
(typeattributeset cil_gen_require var_auth_t)
(typeattributeset cil_gen_require auth_cache_t)
(typeattributeset cil_gen_require can_change_process_identity)
(typeattributeset can_change_process_identity (sshd_t ))
(typeattributeset cil_gen_require can_change_process_role)
(typeattributeset can_change_process_role (sshd_t ))
(typeattributeset cil_gen_require can_change_object_identity)
(typeattributeset can_change_object_identity (sshd_t ))
(typeattributeset cil_gen_require proc_t)
(typeattributeset cil_gen_require var_t)
(typeattributeset cil_gen_require var_lib_t)
(typeattributeset cil_gen_require proc_afs_t)
(typeattributeset cil_gen_require device_t)
(typeattributeset cil_gen_require event_device_t)
(typeattributeset cil_gen_require usb_device_t)
(typeattributeset cil_gen_require etc_t)
(typeattributeset cil_gen_require autofs_t)
(typeattributeset cil_gen_require mlsfileread)
(typeattributeset mlsfileread (sshd_t ))
(typeattributeset cil_gen_require mlsfilewrite)
(typeattributeset mlsfilewrite (sshd_t ))
(typeattributeset cil_gen_require mlsfileupgrade)
(typeattributeset mlsfileupgrade (sshd_t ))
(typeattributeset cil_gen_require mlsfiledowngrade)
(typeattributeset mlsfiledowngrade (sshd_t ))
(typeattributeset cil_gen_require mlsprocsetsl)
(typeattributeset mlsprocsetsl (sshd_t ))
(typeattributeset cil_gen_require mlsfdshare)
(typeattributeset mlsfdshare (sshd_t ))
(typeattributeset cil_gen_require can_read_shadow_passwords)
(typeattributeset can_read_shadow_passwords (sshd_t ))
(typeattributeset cil_gen_require nsswitch_domain)
(typeattributeset nsswitch_domain (ssh_keygen_t sshd_t ssh_t ))
(typeattributeset cil_gen_require pam_domain)
(typeattributeset pam_domain (sshd_t ))
(typeattributeset cil_gen_require chkpwd_t)
(typeattributeset cil_gen_require chkpwd_exec_t)
(typeattributeset cil_gen_require shadow_t)
(typeattributeset cil_gen_require bin_t)
(typeattributeset cil_gen_require usr_t)
(typeattributeset cil_gen_require random_device_t)
(typeattributeset cil_gen_require urandom_device_t)
(typeattributeset cil_gen_require faillog_t)
(typeattributeset cil_gen_require var_log_t)
(typeattributeset cil_gen_require cert_t)
(typeattributeset cil_gen_require var_run_t)
(typeattributeset cil_gen_require default_context_t)
(typeattributeset cil_gen_require tmp_t)
(typeattributeset cil_gen_require user_home_dir_t)
(typeattributeset cil_gen_require home_root_t)
(typeattributeset cil_gen_require initrc_runtime_t)
(typeattributeset cil_gen_require user_runtime_t)
(typeattributeset cil_gen_require user_runtime_root_t)
(typeattributeset cil_gen_require user_tmpfs_t)
(typeattributeset cil_gen_require tmpfs_t)
(typeattributeset cil_gen_require polydir)
(typeattributeset cil_gen_require polymember)
(typeattributeset polymember (sshd_tmp_t ssh_agent_tmp_t ssh_home_t ))
(typeattributeset cil_gen_require polyparent)
(typeattributeset polyparent (sshd_tmp_t ))
(typeattributeset cil_gen_require poly_t)
(typeattributeset cil_gen_require fs_t)
(typeattributeset cil_gen_require server_ptynode)
(typeattributeset server_ptynode (sshd_devpts_t ))
(typeattributeset cil_gen_require ptynode)
(typeattributeset ptynode (sshd_devpts_t ))
(typeattributeset cil_gen_require devpts_t)
(typeattributeset cil_gen_require device_node)
(typeattributeset device_node (sshd_devpts_t ))
(typeattributeset cil_gen_require pidfile)
(typeattributeset pidfile (sshd_runtime_t ))
(typeattributeset cil_gen_require tmpfsfile)
(typeattributeset tmpfsfile (sshd_tmpfs_t ssh_tmpfs_t ))
(typeattributeset cil_gen_require bsdpty_device_t)
(typeattributeset cil_gen_require ptmx_t)
(typeattributeset cil_gen_require sysctl_t)
(typeattributeset cil_gen_require sysctl_kernel_t)
(typeattributeset cil_gen_require proc_net_t)
(typeattributeset cil_gen_require netlabel_peer_t)
(typeattributeset cil_gen_require netif_t)
(typeattributeset cil_gen_require node_t)
(typeattributeset cil_gen_require ssh_port_t)
(typeattributeset cil_gen_require port_type)
(typeattributeset cil_gen_require ssh_server_packet_t)
(typeattributeset cil_gen_require filesystem_type)
(typeattributeset cil_gen_require wtmp_t)
(typeattributeset cil_gen_require privfd)
(typeattributeset privfd (sshd_t ))
(typeattributeset cil_gen_require etc_runtime_t)
(typeattributeset cil_gen_require locale_t)
(typeattributeset cil_gen_require userdomain)
(typeattributeset cil_gen_require user_devpts_t)
(typeattributeset cil_gen_require nfs_t)
(typeattributeset cil_gen_require cifs_t)
(typeattributeset cil_gen_require init_runtime_t)
(typeattributeset cil_gen_require daemon)
(typeattributeset daemon (sshd_t ))
(typeattributeset cil_gen_require tmpfile)
(typeattributeset tmpfile (sshd_tmp_t ssh_agent_tmp_t ))
(typeattributeset cil_gen_require systemdunit)
(typeattributeset systemdunit (sshd_keygen_unit_t sshd_unit_t ))
(typeattributeset cil_gen_require ubac_constrained_type)
(typeattributeset ubac_constrained_type (ssh_t ssh_agent_tmp_t ssh_keysign_t ssh_tmpfs_t ssh_home_t ))
(typeattributeset cil_gen_require user_home_content_type)
(typeattributeset user_home_content_type (ssh_home_t ))
(typeattributeset cil_gen_require user_home_t)
(typeattributeset cil_gen_require ssh_client_packet_t)
(typeattributeset cil_gen_require shell_exec_t)
(typeattributeset cil_gen_require syslogd_t)
(typeattributeset cil_gen_require syslogd_runtime_t)
(typeattributeset cil_gen_require devlog_t)
(typeattributeset cil_gen_require console_device_t)
(typeattributeset cil_gen_require user_tty_device_t)
(typeattributeset cil_gen_require user_tmp_t)
(typeattributeset cil_gen_require kernel_t)
(typeattributeset cil_gen_require xserver_port_t)
(typeattributeset cil_gen_require xserver_server_packet_t)
(typeattributeset cil_gen_require unpriv_userdomain)
(typeattributeset cil_gen_require setfiles_exec_t)
(typeattributeset cil_gen_require initrc_devpts_t)
(allow ssh_keygen_t ssh_keygen_exec_t (file (entrypoint)))
(allow ssh_keygen_t ssh_keygen_exec_t (file (ioctl read getattr lock map execute open)))
(allow initrc_t ssh_keygen_exec_t (file (ioctl read getattr map execute open)))
(allow initrc_t ssh_keygen_t (process (transition)))
(dontaudit initrc_t ssh_keygen_t (process (noatsecure siginh rlimitinh)))
(typetransition initrc_t ssh_keygen_exec_t process ssh_keygen_t)
(allow ssh_keygen_t initrc_t (fd (use)))
(allow ssh_keygen_t initrc_t (fifo_file (ioctl read write getattr lock append)))
(allow ssh_keygen_t initrc_t (process (sigchld)))
(allow sshd_t proc_t (dir (getattr open search)))
(allow sshd_t proc_t (dir (getattr open search)))
(allow sshd_t domain (dir (ioctl read getattr lock open search)))
(allow sshd_t domain (dir (getattr open search)))
(allow sshd_t domain (file (ioctl read getattr lock open)))
(allow sshd_t domain (dir (getattr open search)))
(allow sshd_t domain (lnk_file (read getattr)))
(allow sshd_t domain (process (sigkill)))
(allow sshd_t self (capability (kill)))
(allow sshd_t self (capability (ipc_lock)))
(allow sshd_t self (process (setkeycreate)))
(allow sshd_t self (key (view read write search link setattr create)))
(allow sshd_t var_t (dir (getattr open search)))
(allow sshd_t var_lib_t (dir (ioctl read getattr lock open search)))
(allow sshd_t var_auth_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow sshd_t var_auth_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow sshd_t auth_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow sshd_t auth_cache_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
(allow sshd_t auth_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow sshd_t auth_cache_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow sshd_t auth_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow sshd_t auth_cache_t (sock_file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow sshd_t var_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition sshd_t var_t dir auth_cache_t)
(allow sshd_t proc_t (dir (getattr open search)))
(allow sshd_t proc_t (dir (ioctl read getattr lock open search)))
(allow sshd_t proc_afs_t (dir (getattr open search)))
(allow sshd_t proc_afs_t (file (ioctl read write getattr lock append open)))
(allow sshd_t device_t (dir (getattr open search)))
(allow sshd_t event_device_t (chr_file (ioctl read write getattr lock append open)))
(allow sshd_t device_t (dir (getattr open search)))
(allow sshd_t usb_device_t (chr_file (ioctl read write getattr lock append open)))
(allow sshd_t etc_t (dir (ioctl read getattr lock open search)))
(allow sshd_t etc_t (dir (getattr open search)))
(allow sshd_t etc_t (file (ioctl read getattr lock open)))
(allow sshd_t etc_t (dir (getattr open search)))
(allow sshd_t etc_t (lnk_file (read getattr)))
(allow sshd_t autofs_t (dir (ioctl read getattr lock open search)))
(allow sshd_t security_t (filesystem (getattr)))
(allow sshd_t sysfs_t (filesystem (getattr)))
(allow sshd_t sysfs_t (dir (getattr open search)))
(allow sshd_t sysfs_t (dir (getattr open search)))
(allow sshd_t proc_t (dir (getattr open search)))
(allow sshd_t proc_t (file (ioctl read getattr lock open)))
(allow sshd_t proc_t (dir (getattr open search)))
(allow sshd_t proc_t (lnk_file (read getattr)))
(allow sshd_t proc_t (dir (getattr open search)))
(allow sshd_t proc_t (dir (ioctl read getattr lock open search)))
(allow sshd_t sysfs_t (dir (getattr open search)))
(allow sshd_t sysfs_t (dir (getattr open search)))
(allow sshd_t security_t (dir (ioctl read getattr lock open search)))
(allow sshd_t security_t (file (ioctl read write getattr map open)))
(allow sshd_t security_t (security (check_context)))
(allow sshd_t sysfs_t (dir (getattr open search)))
(allow sshd_t sysfs_t (dir (getattr open search)))
(allow sshd_t self (netlink_selinux_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow sshd_t security_t (dir (ioctl read getattr lock open search)))
(allow sshd_t security_t (file (ioctl read write getattr map open)))
(allow sshd_t security_t (security (compute_av)))
(allow sshd_t sysfs_t (dir (getattr open search)))
(allow sshd_t sysfs_t (dir (getattr open search)))
(allow sshd_t security_t (dir (ioctl read getattr lock open search)))
(allow sshd_t security_t (file (ioctl read write getattr map open)))
(allow sshd_t security_t (security (compute_create)))
(allow sshd_t sysfs_t (dir (getattr open search)))
(allow sshd_t sysfs_t (dir (getattr open search)))
(allow sshd_t security_t (dir (ioctl read getattr lock open search)))
(allow sshd_t security_t (file (ioctl read write getattr map open)))
(allow sshd_t security_t (security (compute_relabel)))
(allow sshd_t sysfs_t (dir (getattr open search)))
(allow sshd_t sysfs_t (dir (getattr open search)))
(allow sshd_t security_t (dir (ioctl read getattr lock open search)))
(allow sshd_t security_t (file (ioctl read write getattr map open)))
(allow sshd_t security_t (security (compute_user)))
(allow sshd_t auth_cache_t (dir (getattr open search)))
(allow sshd_t bin_t (dir (getattr open search)))
(allow sshd_t bin_t (lnk_file (read getattr)))
(allow sshd_t usr_t (dir (getattr open search)))
(allow sshd_t chkpwd_exec_t (file (ioctl read getattr map execute open)))
(allow sshd_t chkpwd_t (process (transition)))
(dontaudit sshd_t chkpwd_t (process (noatsecure siginh rlimitinh)))
(typetransition sshd_t chkpwd_exec_t process chkpwd_t)
(allow chkpwd_t sshd_t (fd (use)))
(allow chkpwd_t sshd_t (fifo_file (ioctl read write getattr lock append)))
(allow chkpwd_t sshd_t (process (sigchld)))
(dontaudit sshd_t shadow_t (file (ioctl read getattr lock open)))
(allow sshd_t device_t (dir (getattr open search)))
(allow sshd_t random_device_t (chr_file (ioctl read getattr lock open)))
(allow sshd_t device_t (dir (getattr open search)))
(allow sshd_t urandom_device_t (chr_file (ioctl read getattr lock open)))
(allow sshd_t var_t (dir (getattr open search)))
(allow sshd_t var_log_t (dir (getattr open search)))
(allow sshd_t var_log_t (lnk_file (read getattr)))
(allow sshd_t faillog_t (file (ioctl read write getattr lock append open)))
(allow sshd_t self (capability (audit_write)))
(allow sshd_t self (netlink_audit_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_relay)))
(allow sshd_t cert_t (dir (ioctl read getattr lock open search)))
(allow sshd_t cert_t (dir (getattr open search)))
(allow sshd_t cert_t (file (ioctl read getattr lock open)))
(allow sshd_t cert_t (dir (getattr open search)))
(allow sshd_t cert_t (lnk_file (read getattr)))
(allow sshd_t security_t (filesystem (getattr)))
(allow sshd_t sysfs_t (filesystem (getattr)))
(allow sshd_t sysfs_t (dir (getattr open search)))
(allow sshd_t sysfs_t (dir (getattr open search)))
(allow sshd_t sysfs_t (dir (getattr open search)))
(allow sshd_t sysfs_t (dir (getattr open search)))
(allow sshd_t security_t (dir (ioctl read getattr lock open search)))
(allow sshd_t security_t (file (ioctl read getattr map open)))
(allow sshd_t var_run_t (lnk_file (read getattr)))
(allow sshd_t var_t (dir (getattr open search)))
(allow sshd_t var_run_t (dir (ioctl read getattr lock open search)))
(allow sshd_t initrc_runtime_t (file (ioctl read write getattr lock append open)))
(allow sshd_t self (capability (audit_control)))
(allow sshd_t self (netlink_audit_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_relay)))
(allow sshd_t self (netlink_audit_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_tty_audit)))
(allow sshd_t etc_t (dir (getattr open search)))
(allow sshd_t selinux_config_t (dir (ioctl read getattr lock open search)))
(allow sshd_t selinux_config_t (dir (getattr open search)))
(allow sshd_t selinux_config_t (file (ioctl read getattr lock open)))
(allow sshd_t selinux_config_t (dir (getattr open search)))
(allow sshd_t selinux_config_t (lnk_file (read getattr)))
(allow sshd_t etc_t (dir (getattr open search)))
(allow sshd_t selinux_config_t (dir (getattr open search)))
(allow sshd_t default_context_t (dir (ioctl read getattr lock open search)))
(allow sshd_t default_context_t (dir (getattr open search)))
(allow sshd_t default_context_t (file (ioctl read getattr lock open)))
(allow sshd_t user_runtime_t (dir (getattr open search)))
(allow sshd_t user_runtime_root_t (dir (getattr open search)))
(allow sshd_t var_run_t (lnk_file (read getattr)))
(allow sshd_t var_t (dir (getattr open search)))
(allow sshd_t var_run_t (dir (getattr open search)))
(allow sshd_t user_tmpfs_t (dir (getattr open search)))
(allow sshd_t user_tmpfs_t (file (ioctl read getattr lock open)))
(allow sshd_t user_tmpfs_t (dir (ioctl read getattr lock open search)))
(allow sshd_t tmpfs_t (dir (getattr open search)))
(allow sshd_devpts_t devpts_t (filesystem (associate)))
(allow sshd_t self (capability (chown dac_read_search fowner fsetid kill setgid setuid sys_chroot sys_nice sys_resource sys_tty_config)))
(dontaudit sshd_t self (capability (net_admin)))
(allow sshd_t self (fifo_file (ioctl read write getattr lock append open)))
(allow sshd_t self (process (signal getsched setsched setexec setrlimit setkeycreate)))
(allow sshd_t self (tcp_socket (ioctl read write create getattr setattr append bind connect listen accept getopt setopt shutdown)))
(allow sshd_t self (udp_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow sshd_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect listen accept getopt setopt shutdown)))
(allow sshd_t self (shm (create destroy getattr setattr read write associate unix_read unix_write lock)))
(allow sshd_t sshd_devpts_t (chr_file (ioctl read write getattr setattr lock relabelfrom append open)))
(allow sshd_t device_t (dir (getattr open search)))
(allow sshd_t device_t (dir (ioctl read getattr lock open search)))
(allow sshd_t device_t (dir (getattr open search)))
(allow sshd_t device_t (lnk_file (read getattr)))
(allow sshd_t ptmx_t (chr_file (ioctl read write getattr lock append open)))
(allow sshd_t devpts_t (dir (ioctl read getattr lock open search)))
(allow sshd_t devpts_t (filesystem (getattr)))
(dontaudit sshd_t bsdpty_device_t (chr_file (read write getattr)))
(typetransition sshd_t devpts_t chr_file sshd_devpts_t)
(allow sshd_t sshd_tmpfs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow sshd_t sshd_tmpfs_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow sshd_tmpfs_t tmpfs_t (filesystem (associate)))
(allow sshd_t tmpfs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition sshd_t tmpfs_t file sshd_tmpfs_t)
(allow sshd_t sshd_runtime_t (dir (getattr open search)))
(allow sshd_t sshd_runtime_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow sshd_t var_t (dir (getattr open search)))
(allow sshd_t var_run_t (lnk_file (read getattr)))
(allow sshd_t var_run_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition sshd_t var_run_t file sshd_runtime_t)
(allow sshd_t sshd_exec_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow sshd_t sshd_key_t (file (ioctl read getattr lock open)))
(allow sshd_t proc_t (dir (getattr open search)))
(allow sshd_t sysctl_t (dir (getattr open search)))
(allow sshd_t sysctl_kernel_t (dir (getattr open search)))
(allow sshd_t sysctl_kernel_t (file (ioctl read getattr lock open)))
(allow sshd_t proc_t (dir (getattr open search)))
(allow sshd_t sysctl_t (dir (getattr open search)))
(allow sshd_t sysctl_kernel_t (dir (ioctl read getattr lock open search)))
(allow sshd_t proc_t (dir (getattr open search)))
(allow sshd_t proc_net_t (dir (getattr open search)))
(allow sshd_t proc_net_t (file (ioctl read getattr lock open)))
(allow sshd_t proc_t (dir (getattr open search)))
(allow sshd_t proc_net_t (dir (getattr open search)))
(allow sshd_t proc_net_t (lnk_file (read getattr)))
(allow sshd_t proc_t (dir (getattr open search)))
(allow sshd_t proc_net_t (dir (ioctl read getattr lock open search)))
(allow sshd_t netlabel_peer_t (peer (recv)))
(allow sshd_t netlabel_peer_t (tcp_socket (recvfrom)))
(allow sshd_t netlabel_peer_t (udp_socket (recvfrom)))
(allow sshd_t netlabel_peer_t (rawip_socket (recvfrom)))
(allow sshd_t netif_t (netif (ingress egress)))
(allow sshd_t netif_t (netif (egress)))
(allow sshd_t netif_t (netif (ingress)))
(allow sshd_t netif_t (netif (egress)))
(allow sshd_t netif_t (netif (ingress)))
(allow sshd_t node_t (node (recvfrom sendto)))
(allow sshd_t node_t (node (sendto)))
(allow sshd_t node_t (node (recvfrom)))
(allow sshd_t node_t (node (sendto)))
(allow sshd_t node_t (node (recvfrom)))
(allow sshd_t node_t (tcp_socket (node_bind)))
(allow sshd_t node_t (udp_socket (node_bind)))
(allow sshd_t ssh_port_t (tcp_socket (name_bind)))
(allow sshd_t self (capability (net_bind_service)))
(allow sshd_t port_type (tcp_socket (name_connect)))
(allow sshd_t ssh_server_packet_t (packet (send)))
(allow sshd_t ssh_server_packet_t (packet (recv)))
(dontaudit sshd_t filesystem_type (filesystem (getattr)))
(allow sshd_t wtmp_t (file (ioctl read write getattr lock append open)))
(allow sshd_t var_t (dir (getattr open search)))
(allow sshd_t var_log_t (dir (getattr open search)))
(allow sshd_t var_log_t (lnk_file (read getattr)))
(allow sshd_t var_t (dir (getattr open search)))
(allow sshd_t var_log_t (dir (getattr open search)))
(allow sshd_t var_log_t (lnk_file (read getattr)))
(allow sshd_t faillog_t (file (ioctl read write getattr lock append open)))
(allow sshd_t bin_t (dir (getattr open search)))
(allow sshd_t bin_t (lnk_file (read getattr)))
(allow sshd_t usr_t (dir (getattr open search)))
(allow sshd_t bin_t (dir (getattr open search)))
(allow sshd_t bin_t (file (getattr)))
(allow sshd_t etc_t (dir (ioctl read getattr lock open search)))
(allow sshd_t etc_t (dir (getattr open search)))
(allow sshd_t etc_t (file (ioctl read getattr lock open)))
(allow sshd_t etc_t (dir (getattr open search)))
(allow sshd_t etc_t (lnk_file (read getattr)))
(allow sshd_t etc_t (dir (ioctl read getattr lock open search)))
(allow sshd_t etc_t (dir (getattr open search)))
(allow sshd_t etc_runtime_t (file (ioctl read getattr lock open)))
(allow sshd_t etc_t (dir (getattr open search)))
(allow sshd_t etc_runtime_t (lnk_file (read getattr)))
(allow sshd_t usr_t (dir (ioctl read getattr lock open search)))
(allow sshd_t usr_t (dir (getattr open search)))
(allow sshd_t usr_t (file (ioctl read getattr lock open)))
(allow sshd_t usr_t (dir (getattr open search)))
(allow sshd_t usr_t (lnk_file (read getattr)))
(allow sshd_t var_t (dir (getattr open search)))
(allow sshd_t var_log_t (dir (getattr open search)))
(allow sshd_t var_log_t (lnk_file (read getattr)))
(allow sshd_t etc_t (dir (getattr open search)))
(allow sshd_t etc_t (lnk_file (read getattr)))
(allow sshd_t usr_t (dir (getattr open search)))
(allow sshd_t locale_t (dir (ioctl read getattr lock open search)))
(allow sshd_t locale_t (dir (getattr open search)))
(allow sshd_t locale_t (file (ioctl read getattr lock open)))
(allow sshd_t locale_t (dir (getattr open search)))
(allow sshd_t locale_t (lnk_file (read getattr)))
(allow sshd_t locale_t (file (map)))
(allow sshd_t userdomain (key (create)))
(dontaudit sshd_t user_devpts_t (chr_file (relabelfrom)))
(allow sshd_t user_home_dir_t (dir (getattr open search)))
(allow sshd_t home_root_t (dir (getattr open search)))
(allow sshd_t home_root_t (lnk_file (read getattr)))
(allow sshd_t sshd_exec_t (file (entrypoint)))
(allow sshd_t sshd_exec_t (file (ioctl read getattr lock map execute open)))
(allow initrc_t sshd_exec_t (file (ioctl read getattr map execute open)))
(allow initrc_t sshd_t (process (transition)))
(dontaudit initrc_t sshd_t (process (noatsecure siginh rlimitinh)))
(typetransition initrc_t sshd_exec_t process sshd_t)
(allow sshd_t initrc_t (fd (use)))
(allow sshd_t initrc_t (fifo_file (ioctl read write getattr lock append)))
(allow sshd_t initrc_t (process (sigchld)))
(allow ssh_t ssh_exec_t (file (entrypoint)))
(allow ssh_t ssh_exec_t (file (ioctl read getattr lock map execute open)))
(allow ssh_keysign_t ssh_keysign_exec_t (file (entrypoint)))
(allow ssh_keysign_t ssh_keysign_exec_t (file (ioctl read getattr lock map execute open)))
(allow ssh_home_t user_home_t (filesystem (associate)))
(allow ssh_t self (capability (dac_override dac_read_search setgid setuid)))
(allow ssh_t self (process (transition sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap share getattr noatsecure siginh rlimitinh dyntransition setkeycreate setsockcreate getrlimit)))
(allow ssh_t self (fd (use)))
(allow ssh_t self (fifo_file (ioctl read write getattr lock append open)))
(allow ssh_t self (key (view read write search link setattr create)))
(allow ssh_t self (unix_dgram_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown sendto)))
(allow ssh_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect listen accept getopt setopt shutdown connectto)))
(allow ssh_t self (shm (create destroy getattr setattr read write associate unix_read unix_write lock)))
(allow ssh_t self (sem (create destroy getattr setattr read write associate unix_read unix_write)))
(allow ssh_t self (msgq (create destroy getattr setattr read write associate unix_read unix_write enqueue)))
(allow ssh_t self (msg (send receive)))
(allow ssh_t self (tcp_socket (ioctl read write create getattr setattr append bind connect listen accept getopt setopt shutdown)))
(allow ssh_t sshd_key_t (file (ioctl read getattr lock open)))
(allow ssh_t sshd_tmp_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
(allow ssh_t sshd_tmp_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow ssh_t tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition ssh_t tmp_t dir sshd_tmp_t)
(typetransition ssh_t tmp_t file sshd_tmp_t)
(allow ssh_t ssh_tmpfs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow ssh_t ssh_tmpfs_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow ssh_t ssh_tmpfs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow ssh_t ssh_tmpfs_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
(allow ssh_t ssh_tmpfs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow ssh_t ssh_tmpfs_t (fifo_file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow ssh_t ssh_tmpfs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow ssh_t ssh_tmpfs_t (sock_file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow ssh_tmpfs_t tmpfs_t (filesystem (associate)))
(allow ssh_t tmpfs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition ssh_t tmpfs_t fifo_file ssh_tmpfs_t)
(typetransition ssh_t tmpfs_t sock_file ssh_tmpfs_t)
(typetransition ssh_t tmpfs_t lnk_file ssh_tmpfs_t)
(typetransition ssh_t tmpfs_t dir ssh_tmpfs_t)
(typetransition ssh_t tmpfs_t file ssh_tmpfs_t)
(allow ssh_t ssh_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow ssh_t ssh_home_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
(allow ssh_t ssh_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow ssh_t ssh_home_t (sock_file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow ssh_t user_home_dir_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition ssh_t user_home_dir_t sock_file ssh_home_t)
(typetransition ssh_t user_home_dir_t dir ssh_home_t)
(allow ssh_t home_root_t (dir (getattr open search)))
(allow ssh_t home_root_t (lnk_file (read getattr)))
(allow ssh_t ssh_agent_tmp_t (dir (getattr open search)))
(allow ssh_t ssh_agent_tmp_t (sock_file (write getattr append open)))
(allow ssh_t ssh_agent_type (unix_stream_socket (connectto)))
(allow ssh_t sshd_t (unix_stream_socket (connectto)))
(allow ssh_t ssh_home_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow ssh_t ssh_home_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow ssh_t ssh_home_t (dir (getattr open search)))
(allow ssh_t ssh_home_t (lnk_file (read getattr)))
(allow ssh_server ssh_home_t (dir (ioctl read getattr lock open search)))
(allow ssh_server ssh_home_t (dir (getattr open search)))
(allow ssh_server ssh_home_t (file (ioctl read getattr lock open)))
(allow ssh_server ssh_home_t (dir (getattr open search)))
(allow ssh_server ssh_home_t (lnk_file (read getattr)))
(allow ssh_t proc_t (dir (getattr open search)))
(allow ssh_t sysctl_t (dir (getattr open search)))
(allow ssh_t sysctl_kernel_t (dir (getattr open search)))
(allow ssh_t sysctl_kernel_t (file (ioctl read getattr lock open)))
(allow ssh_t proc_t (dir (getattr open search)))
(allow ssh_t sysctl_t (dir (getattr open search)))
(allow ssh_t sysctl_kernel_t (dir (ioctl read getattr lock open search)))
(allow ssh_t proc_t (dir (getattr open search)))
(allow ssh_t proc_t (file (ioctl read getattr lock open)))
(allow ssh_t proc_t (dir (getattr open search)))
(allow ssh_t proc_t (lnk_file (read getattr)))
(allow ssh_t proc_t (dir (getattr open search)))
(allow ssh_t proc_t (dir (ioctl read getattr lock open search)))
(allow ssh_t netlabel_peer_t (peer (recv)))
(allow ssh_t netlabel_peer_t (tcp_socket (recvfrom)))
(allow ssh_t netlabel_peer_t (udp_socket (recvfrom)))
(allow ssh_t netlabel_peer_t (rawip_socket (recvfrom)))
(allow ssh_t netif_t (netif (ingress egress)))
(allow ssh_t node_t (node (recvfrom sendto)))
(allow ssh_t ssh_port_t (tcp_socket (name_connect)))
(allow ssh_t ssh_client_packet_t (packet (send)))
(allow ssh_t ssh_client_packet_t (packet (recv)))
(allow ssh_t device_t (dir (getattr open search)))
(allow ssh_t urandom_device_t (chr_file (ioctl read getattr lock open)))
(dontaudit ssh_t random_device_t (chr_file (read getattr)))
(allow ssh_t filesystem_type (filesystem (getattr)))
(allow ssh_t file_type (filesystem (getattr)))
(allow ssh_t autofs_t (dir (getattr open search)))
(allow ssh_t bin_t (dir (getattr open search)))
(allow ssh_t bin_t (lnk_file (read getattr)))
(allow ssh_t usr_t (dir (getattr open search)))
(allow ssh_t bin_t (dir (getattr open search)))
(allow ssh_t bin_t (dir (ioctl read getattr lock open search)))
(allow ssh_t shell_exec_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow ssh_t bin_t (dir (getattr open search)))
(allow ssh_t bin_t (lnk_file (read getattr)))
(allow ssh_t usr_t (dir (getattr open search)))
(allow ssh_t bin_t (dir (getattr open search)))
(allow ssh_t bin_t (dir (ioctl read getattr lock open search)))
(allow ssh_t bin_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow ssh_t privfd (fd (use)))
(allow ssh_t home_root_t (dir (ioctl read getattr lock open search)))
(allow ssh_t home_root_t (lnk_file (read getattr)))
(allow ssh_t usr_t (dir (ioctl read getattr lock open search)))
(allow ssh_t usr_t (dir (getattr open search)))
(allow ssh_t usr_t (file (ioctl read getattr lock open)))
(allow ssh_t usr_t (dir (getattr open search)))
(allow ssh_t usr_t (lnk_file (read getattr)))
(allow ssh_t etc_t (dir (ioctl read getattr lock open search)))
(allow ssh_t etc_t (dir (getattr open search)))
(allow ssh_t etc_runtime_t (file (ioctl read getattr lock open)))
(allow ssh_t etc_t (dir (getattr open search)))
(allow ssh_t etc_runtime_t (lnk_file (read getattr)))
(allow ssh_t etc_t (dir (ioctl read getattr lock open search)))
(allow ssh_t etc_t (dir (getattr open search)))
(allow ssh_t etc_t (file (ioctl read getattr lock open)))
(allow ssh_t etc_t (dir (getattr open search)))
(allow ssh_t etc_t (lnk_file (read getattr)))
(allow ssh_t var_t (dir (getattr open search)))
(allow ssh_t var_t (file (ioctl read getattr lock open)))
(allow ssh_t devlog_t (sock_file (write getattr append open)))
(allow ssh_t var_run_t (lnk_file (read getattr)))
(allow ssh_t var_t (dir (getattr open search)))
(allow ssh_t var_run_t (dir (getattr open search)))
(allow ssh_t init_runtime_t (dir (getattr open search)))
(allow ssh_t syslogd_runtime_t (dir (getattr open search)))
(allow ssh_t syslogd_t (unix_dgram_socket (sendto)))
(allow ssh_t syslogd_t (unix_stream_socket (connectto)))
(allow ssh_t self (unix_dgram_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow ssh_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow ssh_t device_t (dir (getattr open search)))
(allow ssh_t device_t (dir (ioctl read getattr lock open search)))
(allow ssh_t device_t (dir (getattr open search)))
(allow ssh_t device_t (lnk_file (read getattr)))
(allow ssh_t console_device_t (chr_file (ioctl write getattr lock append open)))
(dontaudit ssh_t console_device_t (chr_file (ioctl read getattr lock open)))
(allow ssh_t var_t (dir (getattr open search)))
(allow ssh_t var_log_t (dir (ioctl read getattr lock open search)))
(allow ssh_t var_log_t (dir (getattr open search)))
(allow ssh_t var_log_t (file (ioctl read getattr lock open)))
(allow ssh_t cert_t (dir (ioctl read getattr lock open search)))
(allow ssh_t cert_t (dir (getattr open search)))
(allow ssh_t cert_t (file (ioctl read getattr lock open)))
(allow ssh_t cert_t (dir (getattr open search)))
(allow ssh_t cert_t (lnk_file (read getattr)))
(allow ssh_t etc_t (dir (getattr open search)))
(allow ssh_t etc_t (lnk_file (read getattr)))
(allow ssh_t usr_t (dir (getattr open search)))
(allow ssh_t locale_t (dir (ioctl read getattr lock open search)))
(allow ssh_t locale_t (dir (getattr open search)))
(allow ssh_t locale_t (file (ioctl read getattr lock open)))
(allow ssh_t locale_t (dir (getattr open search)))
(allow ssh_t locale_t (lnk_file (read getattr)))
(allow ssh_t locale_t (file (map)))
(allow ssh_t etc_t (dir (getattr open search)))
(allow ssh_t selinux_config_t (dir (ioctl read getattr lock open search)))
(allow ssh_t selinux_config_t (dir (getattr open search)))
(allow ssh_t selinux_config_t (file (ioctl read getattr lock open)))
(allow ssh_t selinux_config_t (dir (getattr open search)))
(allow ssh_t selinux_config_t (lnk_file (read getattr)))
(dontaudit ssh_t user_home_dir_t (dir (ioctl read getattr lock open search)))
(allow ssh_t user_home_dir_t (dir (getattr open search)))
(allow ssh_t home_root_t (dir (getattr open search)))
(allow ssh_t home_root_t (lnk_file (read getattr)))
(allow ssh_t device_t (dir (getattr open search)))
(allow ssh_t device_t (dir (ioctl read getattr lock open search)))
(allow ssh_t device_t (dir (getattr open search)))
(allow ssh_t device_t (lnk_file (read getattr)))
(allow ssh_t devpts_t (dir (ioctl read getattr lock open search)))
(allow ssh_t user_devpts_t (chr_file (ioctl read write getattr append open)))
(allow ssh_t user_tty_device_t (chr_file (ioctl read write getattr append open)))
(allow ssh_t user_tmp_t (dir (getattr open search)))
(allow ssh_t user_tmp_t (file (ioctl read getattr lock open)))
(allow ssh_t user_tmp_t (dir (ioctl read getattr lock open search)))
(allow ssh_t tmp_t (dir (getattr open search)))
(allow ssh_t user_runtime_t (dir (getattr open search)))
(allow ssh_t user_runtime_root_t (dir (getattr open search)))
(allow ssh_t var_run_t (lnk_file (read getattr)))
(allow ssh_t var_t (dir (getattr open search)))
(allow ssh_t var_run_t (dir (getattr open search)))
(allow ssh_keysign_t self (capability (setgid setuid)))
(allow ssh_keysign_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow ssh_keysign_t sshd_key_t (file (ioctl read getattr lock)))
(allow ssh_keysign_t device_t (dir (getattr open search)))
(allow ssh_keysign_t urandom_device_t (chr_file (ioctl read getattr lock open)))
(allow ssh_keysign_t etc_t (dir (ioctl read getattr lock open search)))
(allow ssh_keysign_t etc_t (dir (getattr open search)))
(allow ssh_keysign_t etc_t (file (ioctl read getattr lock open)))
(allow ssh_keysign_t etc_t (dir (getattr open search)))
(allow ssh_keysign_t etc_t (lnk_file (read getattr)))
(allow sshd_t self (capability (dac_read_search)))
(allow sshd_t self (netlink_route_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown nlmsg_read)))
(allow sshd_t self (key (write search link)))
(allow sshd_t sshd_keytab_t (file (ioctl read getattr lock open)))
(allow sshd_t sshd_tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow sshd_t sshd_tmp_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
(allow sshd_t sshd_tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow sshd_t sshd_tmp_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow sshd_t sshd_tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow sshd_t sshd_tmp_t (sock_file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow sshd_t tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition sshd_t tmp_t sock_file sshd_tmp_t)
(typetransition sshd_t tmp_t dir sshd_tmp_t)
(typetransition sshd_t tmp_t file sshd_tmp_t)
(allow sshd_t bin_t (dir (getattr open search)))
(allow sshd_t bin_t (lnk_file (read getattr)))
(allow sshd_t usr_t (dir (getattr open search)))
(allow sshd_t bin_t (dir (getattr open search)))
(allow sshd_t bin_t (dir (ioctl read getattr lock open search)))
(allow sshd_t bin_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow sshd_t kernel_t (key (link)))
(allow sshd_t kernel_t (key (search)))
(allow sshd_t device_t (dir (getattr open search)))
(allow sshd_t device_t (dir (ioctl read getattr lock open search)))
(allow sshd_t device_t (dir (getattr open search)))
(allow sshd_t device_t (lnk_file (read getattr)))
(allow sshd_t devpts_t (dir (ioctl read getattr lock open search)))
(allow sshd_t ptynode (chr_file (ioctl read write getattr lock append open)))
(allow sshd_t device_t (dir (getattr open search)))
(allow sshd_t device_t (dir (ioctl read getattr lock open search)))
(allow sshd_t device_t (dir (getattr open search)))
(allow sshd_t device_t (lnk_file (read getattr)))
(allow sshd_t devpts_t (dir (ioctl read getattr lock open search)))
(allow sshd_t ptynode (chr_file (setattr)))
(allow sshd_t ptynode (chr_file (relabelto)))
(allow sshd_t xserver_port_t (tcp_socket (name_bind)))
(allow sshd_t self (capability (net_bind_service)))
(allow sshd_t xserver_server_packet_t (packet (send)))
(allow sshd_t xserver_server_packet_t (packet (recv)))
(dontaudit sshd_t self (process (getcap setcap)))
(dontaudit ssh_keygen_t self (capability (sys_tty_config)))
(allow ssh_keygen_t self (process (sigchld sigkill sigstop signull signal)))
(allow ssh_keygen_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect listen accept getopt setopt shutdown)))
(allow ssh_keygen_t sshd_key_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow ssh_keygen_t etc_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition ssh_keygen_t etc_t file sshd_key_t)
(allow ssh_keygen_t proc_t (dir (getattr open search)))
(allow ssh_keygen_t sysctl_t (dir (getattr open search)))
(allow ssh_keygen_t sysctl_kernel_t (dir (getattr open search)))
(allow ssh_keygen_t sysctl_kernel_t (file (ioctl read getattr lock open)))
(allow ssh_keygen_t proc_t (dir (getattr open search)))
(allow ssh_keygen_t sysctl_t (dir (getattr open search)))
(allow ssh_keygen_t sysctl_kernel_t (dir (ioctl read getattr lock open search)))
(dontaudit ssh_keygen_t proc_t (filesystem (getattr)))
(dontaudit ssh_keygen_t proc_t (file (ioctl read getattr lock open)))
(allow ssh_keygen_t autofs_t (dir (getattr open search)))
(allow ssh_keygen_t sysfs_t (dir (getattr open search)))
(allow ssh_keygen_t sysfs_t (file (ioctl read getattr lock open)))
(allow ssh_keygen_t sysfs_t (dir (getattr open search)))
(allow ssh_keygen_t sysfs_t (lnk_file (read getattr)))
(allow ssh_keygen_t sysfs_t (dir (getattr open search)))
(allow ssh_keygen_t sysfs_t (dir (ioctl read getattr lock open search)))
(allow ssh_keygen_t device_t (dir (getattr open search)))
(allow ssh_keygen_t urandom_device_t (chr_file (ioctl read getattr lock open)))
(dontaudit ssh_keygen_t random_device_t (chr_file (read getattr)))
(dontaudit ssh_keygen_t console_device_t (chr_file (ioctl read write getattr lock append open)))
(allow ssh_keygen_t privfd (fd (use)))
(allow ssh_keygen_t etc_t (dir (ioctl read getattr lock open search)))
(allow ssh_keygen_t etc_t (dir (getattr open search)))
(allow ssh_keygen_t etc_t (file (ioctl read getattr lock open)))
(allow ssh_keygen_t etc_t (dir (getattr open search)))
(allow ssh_keygen_t etc_t (lnk_file (read getattr)))
(allow ssh_keygen_t usr_t (dir (ioctl read getattr lock open search)))
(allow ssh_keygen_t usr_t (dir (getattr open search)))
(allow ssh_keygen_t usr_t (file (ioctl read getattr lock open)))
(allow ssh_keygen_t usr_t (dir (getattr open search)))
(allow ssh_keygen_t usr_t (lnk_file (read getattr)))
(allow ssh_keygen_t init_t (fd (use)))
(allow ssh_keygen_t device_t (dir (getattr open search)))
(allow ssh_keygen_t device_t (dir (ioctl read getattr lock open search)))
(allow ssh_keygen_t device_t (dir (getattr open search)))
(allow ssh_keygen_t device_t (lnk_file (read getattr)))
(allow ssh_keygen_t devpts_t (dir (ioctl read getattr lock open search)))
(allow ssh_keygen_t initrc_devpts_t (chr_file (ioctl read write getattr lock append open)))
(allow ssh_keygen_t devlog_t (sock_file (write getattr append open)))
(allow ssh_keygen_t var_run_t (lnk_file (read getattr)))
(allow ssh_keygen_t var_t (dir (getattr open search)))
(allow ssh_keygen_t var_run_t (dir (getattr open search)))
(allow ssh_keygen_t init_runtime_t (dir (getattr open search)))
(allow ssh_keygen_t syslogd_runtime_t (dir (getattr open search)))
(allow ssh_keygen_t syslogd_t (unix_dgram_socket (sendto)))
(allow ssh_keygen_t syslogd_t (unix_stream_socket (connectto)))
(allow ssh_keygen_t self (unix_dgram_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow ssh_keygen_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow ssh_keygen_t device_t (dir (getattr open search)))
(allow ssh_keygen_t device_t (dir (ioctl read getattr lock open search)))
(allow ssh_keygen_t device_t (dir (getattr open search)))
(allow ssh_keygen_t device_t (lnk_file (read getattr)))
(allow ssh_keygen_t console_device_t (chr_file (ioctl write getattr lock append open)))
(dontaudit ssh_keygen_t console_device_t (chr_file (ioctl read getattr lock open)))
(allow ssh_keygen_t etc_t (dir (getattr open search)))
(allow ssh_keygen_t etc_t (lnk_file (read getattr)))
(allow ssh_keygen_t usr_t (dir (getattr open search)))
(allow ssh_keygen_t locale_t (dir (ioctl read getattr lock open search)))
(allow ssh_keygen_t locale_t (dir (getattr open search)))
(allow ssh_keygen_t locale_t (file (ioctl read getattr lock open)))
(allow ssh_keygen_t locale_t (dir (getattr open search)))
(allow ssh_keygen_t locale_t (lnk_file (read getattr)))
(allow ssh_keygen_t locale_t (file (map)))
(dontaudit ssh_keygen_t unpriv_userdomain (fd (use)))
(allow ssh_t sshd_tmp_t (sock_file (read write getattr append open)))
(booleanif (ssh_sysadm_login)
    (true
        (allow sshd_t userdomain (process (signal)))
        (allow userdomain sshd_t (process (sigchld)))
        (allow userdomain sshd_t (fifo_file (ioctl read write getattr lock append)))
        (allow userdomain sshd_t (fd (use)))
        (dontaudit sshd_t userdomain (process (noatsecure siginh rlimitinh)))
        (allow sshd_t userdomain (process (transition)))
        (allow sshd_t shell_exec_t (file (ioctl read getattr map execute open)))
        (allow sshd_t bin_t (dir (ioctl read getattr lock open search)))
        (allow sshd_t bin_t (dir (getattr open search)))
        (allow sshd_t usr_t (dir (getattr open search)))
        (allow sshd_t bin_t (lnk_file (read getattr)))
        (allow sshd_t bin_t (dir (getattr open search)))
    )
    (false
        (allow sshd_t unpriv_userdomain (process (signal)))
        (allow unpriv_userdomain sshd_t (process (sigchld)))
        (allow unpriv_userdomain sshd_t (fifo_file (ioctl read write getattr lock append)))
        (allow unpriv_userdomain sshd_t (fd (use)))
        (dontaudit sshd_t unpriv_userdomain (process (noatsecure siginh rlimitinh)))
        (allow sshd_t unpriv_userdomain (process (transition)))
        (allow sshd_t shell_exec_t (file (ioctl read getattr map execute open)))
        (allow sshd_t bin_t (dir (ioctl read getattr lock open search)))
        (allow sshd_t bin_t (dir (getattr open search)))
        (allow sshd_t usr_t (dir (getattr open search)))
        (allow sshd_t bin_t (lnk_file (read getattr)))
        (allow sshd_t bin_t (dir (getattr open search)))
    )
)
(booleanif (user_tcp_server)
    (true
        (allow ssh_t node_t (tcp_socket (node_bind)))
        (allow ssh_t self (capability (net_bind_service)))
        (allow ssh_t ssh_port_t (tcp_socket (name_bind)))
    )
)
(booleanif (allow_ssh_keysign)
    (true
        (allow ssh_keysign_t ssh_t (process (sigchld)))
        (allow ssh_keysign_t ssh_t (fifo_file (ioctl read write getattr lock append)))
        (allow ssh_keysign_t ssh_t (fd (use)))
        (typetransition ssh_t ssh_keysign_exec_t process ssh_keysign_t)
        (dontaudit ssh_t ssh_keysign_t (process (noatsecure siginh rlimitinh)))
        (allow ssh_t ssh_keysign_t (process (transition)))
        (allow ssh_t ssh_keysign_exec_t (file (ioctl read getattr map execute open)))
    )
)
(booleanif (sshd_port_forwarding)
    (true
        (allow sshd_t self (capability (net_bind_service)))
        (allow sshd_t port_type (tcp_socket (name_bind)))
    )
)
(booleanif (use_samba_home_dirs)
    (true
        (allow sshd_t cifs_t (file (ioctl read getattr lock open)))
        (allow sshd_t cifs_t (dir (getattr open search)))
        (allow sshd_t cifs_t (dir (ioctl read getattr lock open search)))
        (allow ssh_t cifs_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
        (allow ssh_t cifs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
        (allow ssh_t cifs_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
    )
)
(booleanif (use_nfs_home_dirs)
    (true
        (allow sshd_t nfs_t (lnk_file (read getattr)))
        (allow sshd_t nfs_t (dir (getattr open search)))
        (allow sshd_t nfs_t (dir (ioctl read getattr lock open search)))
        (allow sshd_t nfs_t (file (ioctl read getattr lock open)))
        (allow sshd_t nfs_t (dir (getattr open search)))
        (allow sshd_t nfs_t (dir (ioctl read getattr lock open search)))
        (allow ssh_t nfs_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
        (allow ssh_t nfs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
        (allow ssh_t nfs_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
    )
)
(booleanif (allow_polyinstantiation)
    (true
        (allow sshd_t tmpfs_t (filesystem (unmount)))
        (allow sshd_t tmpfs_t (filesystem (mount)))
        (allow sshd_t fs_t (filesystem (unmount)))
        (allow sshd_t poly_t (dir (create mounton)))
        (allow sshd_t polyparent (dir (ioctl read write getattr lock relabelfrom relabelto open add_name remove_name search)))
        (allow sshd_t polydir (dir (write open add_name)))
        (allow sshd_t polymember (dir (create setattr relabelto)))
        (allow sshd_t self (process (setfscreate)))
        (allow sshd_t polyparent (dir (getattr mounton)))
        (allow sshd_t polymember (dir (getattr open search)))
        (allow sshd_t polydir (dir (ioctl write create getattr setattr lock mounton open add_name search rmdir)))
        (allow sshd_t self (capability (chown fowner fsetid sys_admin)))
        (allow sshd_t security_t (security (compute_member)))
        (allow sshd_t security_t (file (ioctl read write getattr map open)))
        (allow sshd_t security_t (dir (ioctl read getattr lock open search)))
        (allow sshd_t sysfs_t (dir (getattr open search)))
        (allow sshd_t sysfs_t (dir (getattr open search)))
        (allow sshd_t setfiles_exec_t (file (ioctl read getattr lock map execute open execute_no_trans)))
        (allow sshd_t usr_t (dir (getattr open search)))
        (allow sshd_t bin_t (lnk_file (read getattr)))
        (allow sshd_t bin_t (dir (getattr open search)))
        (allow sshd_t usr_t (dir (getattr open search)))
        (allow sshd_t tmp_t (dir (getattr relabelfrom relabelto)))
        (allow sshd_t tmp_t (dir (getattr open search)))
        (allow sshd_t self (capability (dac_override)))
    )
)
(optional ssh_optional_2
    (typeattributeset cil_gen_require init_t)
    (allow ssh_keygen_t init_t (process (sigchld)))
    (allow ssh_keygen_t init_t (process (signull)))
    (optional ssh_optional_3
        (typeattributeset cil_gen_require rpm_t)
        (allow ssh_keygen_t rpm_t (fd (use)))
        (allow ssh_keygen_t rpm_t (fifo_file (ioctl read getattr lock open)))
    )
    (optional ssh_optional_4
        (typeattributeset cil_gen_require security_t)
        (typeattributeset cil_gen_require sysfs_t)
        (dontaudit ssh_keygen_t security_t (filesystem (getattr)))
        (dontaudit ssh_keygen_t sysfs_t (filesystem (getattr)))
        (dontaudit ssh_keygen_t sysfs_t (dir (getattr open search)))
        (dontaudit ssh_keygen_t security_t (dir (getattr open search)))
        (dontaudit ssh_keygen_t security_t (file (ioctl read getattr lock open)))
        (optional ssh_optional_5
            (typeattributeset cil_gen_require selinux_config_t)
            (dontaudit ssh_keygen_t selinux_config_t (dir (getattr open search)))
            (dontaudit ssh_keygen_t selinux_config_t (file (ioctl read getattr lock open)))
            (optional ssh_optional_6
                (typeattributeset cil_gen_require init_t)
                (allow sshd_t init_t (process (sigchld)))
                (allow sshd_t init_t (process (signull)))
                (optional ssh_optional_7
                    (typeattributeset cil_gen_require rpm_t)
                    (allow sshd_t rpm_t (fd (use)))
                    (allow sshd_t rpm_t (fifo_file (ioctl read getattr lock open)))
                )
                (optional ssh_optional_8
                    (typeattributeset cil_gen_require security_t)
                    (typeattributeset cil_gen_require sysfs_t)
                    (dontaudit sshd_t security_t (filesystem (getattr)))
                    (dontaudit sshd_t sysfs_t (filesystem (getattr)))
                    (dontaudit sshd_t sysfs_t (dir (getattr open search)))
                    (dontaudit sshd_t security_t (dir (getattr open search)))
                    (dontaudit sshd_t security_t (file (ioctl read getattr lock open)))
                    (optional ssh_optional_9
                        (typeattributeset cil_gen_require selinux_config_t)
                        (dontaudit sshd_t selinux_config_t (dir (getattr open search)))
                        (dontaudit sshd_t selinux_config_t (file (ioctl read getattr lock open)))
                        (optional ssh_optional_10
                            (typeattributeset cil_gen_require etc_t)
                            (typeattributeset cil_gen_require krb5_keytab_t)
                            (allow sshd_t etc_t (dir (getattr open search)))
                            (allow sshd_t krb5_keytab_t (file (ioctl read getattr lock open)))
                        )
                        (optional ssh_optional_11
                            (typeattributeset cil_gen_require var_t)
                            (typeattributeset cil_gen_require pcscd_runtime_t)
                            (typeattributeset cil_gen_require var_run_t)
                            (typeattributeset cil_gen_require pcscd_t)
                            (allow sshd_t var_run_t (lnk_file (read getattr)))
                            (allow sshd_t var_t (dir (getattr open search)))
                            (allow sshd_t var_run_t (dir (getattr open search)))
                            (allow sshd_t pcscd_runtime_t (dir (getattr open search)))
                            (allow sshd_t pcscd_runtime_t (file (ioctl read getattr lock open)))
                            (allow sshd_t var_run_t (lnk_file (read getattr)))
                            (allow sshd_t var_t (dir (getattr open search)))
                            (allow sshd_t var_run_t (dir (getattr open search)))
                            (allow sshd_t pcscd_runtime_t (dir (getattr open search)))
                            (allow sshd_t pcscd_runtime_t (sock_file (write getattr append open)))
                            (allow sshd_t pcscd_t (unix_stream_socket (connectto)))
                            (allow pcscd_t sshd_t (dir (ioctl read getattr lock open search)))
                            (allow pcscd_t sshd_t (file (ioctl read getattr lock open)))
                        )
                        (optional ssh_optional_12
                            (typeattributeset cil_gen_require var_t)
                            (typeattributeset cil_gen_require var_lib_t)
                            (typeattributeset cil_gen_require var_run_t)
                            (typeattributeset cil_gen_require dbusd_system_bus_client)
                            (typeattributeset cil_gen_require system_dbusd_t)
                            (typeattributeset cil_gen_require system_dbusd_runtime_t)
                            (typeattributeset cil_gen_require system_dbusd_var_lib_t)
                            (typeattributeset cil_gen_require session_dbusd_tmp_t)
                            (typeattributeset cil_gen_require dbusd_etc_t)
                            (typeattributeset cil_gen_require dbusd_system_bus_client)
                            (typeattributeset dbusd_system_bus_client (sshd_t ))
                            (allow sshd_t system_dbusd_t (dbus (send_msg)))
                            (allow sshd_t self (dbus (send_msg)))
                            (allow system_dbusd_t sshd_t (dbus (send_msg)))
                            (allow sshd_t var_t (dir (getattr open search)))
                            (allow sshd_t var_lib_t (dir (getattr open search)))
                            (allow sshd_t system_dbusd_var_lib_t (dir (getattr open search)))
                            (allow sshd_t system_dbusd_var_lib_t (file (ioctl read getattr lock open)))
                            (allow sshd_t system_dbusd_var_lib_t (dir (getattr open search)))
                            (allow sshd_t system_dbusd_var_lib_t (lnk_file (read getattr)))
                            (allow sshd_t session_dbusd_tmp_t (dir (getattr open search)))
                            (allow sshd_t session_dbusd_tmp_t (sock_file (read write getattr append open)))
                            (allow sshd_t var_run_t (lnk_file (read getattr)))
                            (allow sshd_t var_t (dir (getattr open search)))
                            (allow sshd_t var_run_t (dir (getattr open search)))
                            (allow sshd_t system_dbusd_runtime_t (dir (getattr open search)))
                            (allow sshd_t system_dbusd_runtime_t (sock_file (write getattr append open)))
                            (allow sshd_t system_dbusd_t (unix_stream_socket (connectto)))
                            (allow sshd_t dbusd_etc_t (dir (ioctl read getattr lock open search)))
                            (allow sshd_t dbusd_etc_t (file (ioctl read getattr lock open)))
                            (allow sshd_t system_dbusd_runtime_t (dir (ioctl read getattr lock open search)))
                            (allow sshd_t system_dbusd_runtime_t (sock_file (read)))
                            (allow sshd_t system_dbusd_var_lib_t (dir (getattr open search)))
                            (allow sshd_t system_dbusd_var_lib_t (lnk_file (read getattr)))
                            (optional ssh_optional_13
                                (typeattributeset cil_gen_require fprintd_t)
                                (allow sshd_t fprintd_t (dbus (send_msg)))
                                (allow fprintd_t sshd_t (dbus (send_msg)))
                            )
                            (optional ssh_optional_14
                                (typeattributeset cil_gen_require systemd_logind_t)
                                (typeattributeset cil_gen_require systemd_sessions_runtime_t)
                                (allow sshd_t systemd_logind_t (dbus (send_msg)))
                                (allow systemd_logind_t sshd_t (dbus (send_msg)))
                                (allow sshd_t systemd_logind_t (fd (use)))
                                (allow sshd_t systemd_sessions_runtime_t (fifo_file (write)))
                                (allow systemd_logind_t sshd_t (process (signal)))
                            )
                        )
                        (optional ssh_optional_15
                            (typeattributeset cil_gen_require security_t)
                            (typeattributeset cil_gen_require sysfs_t)
                            (typeattributeset cil_gen_require selinux_config_t)
                            (typeattributeset cil_gen_require can_change_object_identity)
                            (typeattributeset can_change_object_identity (sshd_t ))
                            (typeattributeset cil_gen_require etc_t)
                            (typeattributeset cil_gen_require krb5_host_rcache_t)
                            (typeattributeset cil_gen_require default_context_t)
                            (typeattributeset cil_gen_require file_context_t)
                            (typeattributeset cil_gen_require tmp_t)
                            (typeattributeset cil_gen_require krb5_conf_t)
                            (typeattributeset cil_gen_require krb5_home_t)
                            (typeattributeset cil_gen_require user_home_dir_t)
                            (typeattributeset cil_gen_require home_root_t)
                            (typeattributeset cil_gen_require can_change_object_identity)
                            (typeattributeset can_change_object_identity (sshd_t ))
                            (allow sshd_t etc_t (dir (getattr open search)))
                            (allow sshd_t krb5_conf_t (file (ioctl read getattr lock open)))
                            (allow sshd_t user_home_dir_t (dir (getattr open search)))
                            (allow sshd_t home_root_t (dir (getattr open search)))
                            (allow sshd_t home_root_t (lnk_file (read getattr)))
                            (allow sshd_t krb5_home_t (file (ioctl read getattr lock open)))
                            (booleanif (allow_kerberos)
                                (true
                                    (allow sshd_t krb5_host_rcache_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                    (allow sshd_t tmp_t (dir (getattr open search)))
                                    (allow sshd_t file_context_t (file (map)))
                                    (allow sshd_t file_context_t (file (ioctl read getattr lock open)))
                                    (allow sshd_t file_context_t (dir (getattr open search)))
                                    (allow sshd_t selinux_config_t (dir (getattr open search)))
                                    (allow sshd_t default_context_t (dir (getattr open search)))
                                    (allow sshd_t etc_t (dir (getattr open search)))
                                    (allow sshd_t security_t (security (check_context)))
                                    (allow sshd_t security_t (file (ioctl read write getattr map open)))
                                    (allow sshd_t security_t (dir (ioctl read getattr lock open search)))
                                    (allow sshd_t sysfs_t (dir (getattr open search)))
                                    (allow sshd_t sysfs_t (dir (getattr open search)))
                                    (allow sshd_t self (process (setfscreate)))
                                )
                            )
                        )
                        (optional ssh_optional_16
                            (typeattributeset cil_gen_require systemd_logind_t)
                            (typeattributeset cil_gen_require systemd_sessions_runtime_t)
                            (typeattributeset cil_gen_require systemd_passwd_agent_t)
                            (allow systemd_logind_t sshd_t (dir (ioctl read getattr lock open search)))
                            (allow systemd_logind_t sshd_t (file (ioctl read getattr lock open)))
                            (allow sshd_t systemd_logind_t (fd (use)))
                            (allow sshd_t systemd_sessions_runtime_t (fifo_file (write)))
                            (allow systemd_logind_t sshd_t (process (signal)))
                            (allow systemd_passwd_agent_t sshd_t (fd (use)))
                        )
                        (optional ssh_optional_17
                            (typeattributeset cil_gen_require var_t)
                            (typeattributeset cil_gen_require mail_spool_t)
                            (typeattributeset cil_gen_require var_spool_t)
                            (allow sshd_t var_t (dir (getattr open search)))
                            (allow sshd_t var_spool_t (dir (getattr open search)))
                            (allow sshd_t mail_spool_t (dir (ioctl read getattr lock open search)))
                            (allow sshd_t mail_spool_t (dir (getattr open search)))
                            (allow sshd_t mail_spool_t (file (getattr)))
                            (allow sshd_t mail_spool_t (dir (getattr open search)))
                            (allow sshd_t mail_spool_t (lnk_file (read getattr)))
                        )
                        (optional ssh_optional_18
                            (typeattributeset cil_gen_require security_t)
                            (typeattributeset cil_gen_require sysfs_t)
                            (typeattributeset cil_gen_require selinux_config_t)
                            (typeattributeset cil_gen_require can_change_object_identity)
                            (typeattributeset can_change_object_identity (sshd_t ))
                            (typeattributeset cil_gen_require etc_t)
                            (typeattributeset cil_gen_require krb5_host_rcache_t)
                            (typeattributeset cil_gen_require default_context_t)
                            (typeattributeset cil_gen_require file_context_t)
                            (typeattributeset cil_gen_require tmp_t)
                            (typeattributeset cil_gen_require krb5_conf_t)
                            (typeattributeset cil_gen_require krb5_home_t)
                            (typeattributeset cil_gen_require user_home_dir_t)
                            (typeattributeset cil_gen_require home_root_t)
                            (typeattributeset cil_gen_require netlabel_peer_t)
                            (typeattributeset cil_gen_require netif_t)
                            (typeattributeset cil_gen_require node_t)
                            (typeattributeset cil_gen_require krb5kdc_conf_t)
                            (typeattributeset cil_gen_require kerberos_client_packet_t)
                            (typeattributeset cil_gen_require kerberos_port_t)
                            (typeattributeset cil_gen_require ocsp_client_packet_t)
                            (typeattributeset cil_gen_require ocsp_port_t)
                            (typeattributeset cil_gen_require can_change_object_identity)
                            (typeattributeset can_change_object_identity (sshd_t ))
                            (allow sshd_t etc_t (dir (getattr open search)))
                            (allow sshd_t krb5_conf_t (file (ioctl read getattr lock open)))
                            (allow sshd_t user_home_dir_t (dir (getattr open search)))
                            (allow sshd_t home_root_t (dir (getattr open search)))
                            (allow sshd_t home_root_t (lnk_file (read getattr)))
                            (allow sshd_t krb5_home_t (file (ioctl read getattr lock open)))
                            (dontaudit sshd_t krb5_conf_t (file (ioctl write getattr lock append open)))
                            (dontaudit sshd_t krb5kdc_conf_t (dir (ioctl read getattr lock open search)))
                            (dontaudit sshd_t krb5kdc_conf_t (file (ioctl read write getattr lock append open)))
                            (dontaudit sshd_t self (process (setfscreate)))
                            (dontaudit sshd_t security_t (dir (ioctl read getattr lock open search)))
                            (dontaudit sshd_t security_t (file (ioctl read write getattr map open)))
                            (dontaudit sshd_t security_t (security (check_context)))
                            (dontaudit sshd_t selinux_config_t (dir (getattr open search)))
                            (dontaudit sshd_t default_context_t (dir (getattr open search)))
                            (dontaudit sshd_t file_context_t (dir (getattr open search)))
                            (dontaudit sshd_t file_context_t (file (ioctl read getattr lock open)))
                            (dontaudit sshd_t file_context_t (file (map)))
                            (booleanif (allow_kerberos)
                                (true
                                    (allow sshd_t krb5_host_rcache_t (file (getattr)))
                                    (allow sshd_t ocsp_port_t (tcp_socket (name_connect)))
                                    (allow sshd_t ocsp_client_packet_t (packet (recv)))
                                    (allow sshd_t ocsp_client_packet_t (packet (send)))
                                    (allow sshd_t kerberos_port_t (tcp_socket (name_connect)))
                                    (allow sshd_t kerberos_client_packet_t (packet (recv)))
                                    (allow sshd_t kerberos_client_packet_t (packet (send)))
                                    (allow sshd_t node_t (node (recvfrom)))
                                    (allow sshd_t node_t (node (sendto)))
                                    (allow sshd_t node_t (node (recvfrom sendto)))
                                    (allow sshd_t netif_t (netif (ingress)))
                                    (allow sshd_t netif_t (netif (egress)))
                                    (allow sshd_t netif_t (netif (ingress egress)))
                                    (allow sshd_t netlabel_peer_t (tcp_socket (recvfrom)))
                                    (allow sshd_t netlabel_peer_t (udp_socket (recvfrom)))
                                    (allow sshd_t netlabel_peer_t (rawip_socket (recvfrom)))
                                    (allow sshd_t netlabel_peer_t (peer (recv)))
                                    (allow sshd_t self (udp_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                                    (allow sshd_t self (tcp_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                                    (allow sshd_t krb5_host_rcache_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                    (allow sshd_t tmp_t (dir (getattr open search)))
                                    (allow sshd_t file_context_t (file (map)))
                                    (allow sshd_t file_context_t (file (ioctl read getattr lock open)))
                                    (allow sshd_t file_context_t (dir (getattr open search)))
                                    (allow sshd_t selinux_config_t (dir (getattr open search)))
                                    (allow sshd_t default_context_t (dir (getattr open search)))
                                    (allow sshd_t etc_t (dir (getattr open search)))
                                    (allow sshd_t security_t (security (check_context)))
                                    (allow sshd_t security_t (file (ioctl read write getattr map open)))
                                    (allow sshd_t security_t (dir (ioctl read getattr lock open search)))
                                    (allow sshd_t sysfs_t (dir (getattr open search)))
                                    (allow sshd_t sysfs_t (dir (getattr open search)))
                                    (allow sshd_t self (process (setfscreate)))
                                )
                            )
                            (optional ssh_optional_19
                                (typeattributeset cil_gen_require var_t)
                                (typeattributeset cil_gen_require pcscd_runtime_t)
                                (typeattributeset cil_gen_require var_run_t)
                                (typeattributeset cil_gen_require pcscd_t)
                                (booleanif (allow_kerberos)
                                    (true
                                        (allow pcscd_t sshd_t (file (ioctl read getattr lock open)))
                                        (allow pcscd_t sshd_t (dir (ioctl read getattr lock open search)))
                                        (allow sshd_t pcscd_t (unix_stream_socket (connectto)))
                                        (allow sshd_t pcscd_runtime_t (sock_file (write getattr append open)))
                                        (allow sshd_t pcscd_runtime_t (dir (getattr open search)))
                                        (allow sshd_t var_run_t (dir (getattr open search)))
                                        (allow sshd_t var_t (dir (getattr open search)))
                                        (allow sshd_t var_run_t (lnk_file (read getattr)))
                                    )
                                )
                            )
                            (optional ssh_optional_20
                                (typeattributeset cil_gen_require var_t)
                                (typeattributeset cil_gen_require var_lib_t)
                                (typeattributeset cil_gen_require sssd_public_t)
                                (typeattributeset cil_gen_require sssd_var_lib_t)
                                (allow sshd_t sssd_var_lib_t (dir (getattr open search)))
                                (allow sshd_t var_t (dir (getattr open search)))
                                (allow sshd_t var_lib_t (dir (getattr open search)))
                                (allow sshd_t sssd_public_t (dir (ioctl read getattr lock open search)))
                                (allow sshd_t sssd_public_t (dir (getattr open search)))
                                (allow sshd_t sssd_public_t (file (ioctl read getattr lock open)))
                            )
                        )
                        (optional ssh_optional_21
                            (typeattributeset cil_gen_require var_t)
                            (typeattributeset cil_gen_require var_lib_t)
                            (typeattributeset cil_gen_require bin_t)
                            (typeattributeset cil_gen_require usr_t)
                            (typeattributeset cil_gen_require nx_server_t)
                            (typeattributeset cil_gen_require nx_server_exec_t)
                            (allow sshd_t var_t (dir (getattr open search)))
                            (allow sshd_t var_lib_t (dir (getattr open search)))
                            (allow sshd_t var_lib_t (lnk_file (read getattr)))
                            (allow sshd_t bin_t (dir (getattr open search)))
                            (allow sshd_t bin_t (lnk_file (read getattr)))
                            (allow sshd_t usr_t (dir (getattr open search)))
                            (allow sshd_t self (process (setexec)))
                            (allow sshd_t nx_server_exec_t (file (ioctl read getattr map execute open)))
                            (allow sshd_t nx_server_t (process (transition)))
                            (dontaudit sshd_t nx_server_t (process (noatsecure siginh rlimitinh)))
                            (allow nx_server_t sshd_t (fd (use)))
                            (allow nx_server_t sshd_t (fifo_file (ioctl read write getattr lock append)))
                            (allow nx_server_t sshd_t (process (sigchld)))
                        )
                        (optional ssh_optional_22
                            (typeattributeset cil_gen_require init_t)
                            (typeattributeset cil_gen_require var_t)
                            (typeattributeset cil_gen_require var_run_t)
                            (typeattributeset cil_gen_require systemd_logind_t)
                            (typeattributeset cil_gen_require systemd_sessions_runtime_t)
                            (typeattributeset cil_gen_require init_runtime_t)
                            (typeattributeset cil_gen_require systemd_userdbd_t)
                            (typeattributeset cil_gen_require systemd_userdbd_runtime_t)
                            (allow sshd_t systemd_logind_t (fd (use)))
                            (allow sshd_t var_run_t (lnk_file (read getattr)))
                            (allow sshd_t var_t (dir (getattr open search)))
                            (allow sshd_t var_run_t (dir (getattr open search)))
                            (allow sshd_t init_runtime_t (dir (getattr open search)))
                            (allow sshd_t systemd_sessions_runtime_t (dir (ioctl read getattr lock open search)))
                            (allow sshd_t systemd_sessions_runtime_t (dir (getattr open search)))
                            (allow sshd_t systemd_sessions_runtime_t (file (ioctl read getattr lock open)))
                            (allow sshd_t init_runtime_t (dir (getattr open search)))
                            (allow sshd_t systemd_userdbd_runtime_t (dir (ioctl read getattr lock open search)))
                            (allow sshd_t systemd_userdbd_runtime_t (lnk_file (read getattr)))
                            (allow sshd_t systemd_userdbd_runtime_t (dir (getattr open search)))
                            (allow sshd_t systemd_userdbd_runtime_t (sock_file (write getattr append open)))
                            (allow sshd_t systemd_userdbd_t (unix_stream_socket (connectto)))
                            (allow sshd_t init_t (unix_stream_socket (connectto)))
                        )
                        (optional ssh_optional_23
                            (typeattributeset cil_gen_require init_t)
                            (allow sshd_t init_t (process (sigchld)))
                            (allow sshd_t init_t (process (signull)))
                            (optional ssh_optional_24
                                (typeattributeset cil_gen_require rpm_t)
                                (allow sshd_t rpm_t (fd (use)))
                                (allow sshd_t rpm_t (fifo_file (ioctl read getattr lock open)))
                            )
                            (optional ssh_optional_25
                                (typeattributeset cil_gen_require security_t)
                                (typeattributeset cil_gen_require sysfs_t)
                                (dontaudit sshd_t security_t (filesystem (getattr)))
                                (dontaudit sshd_t sysfs_t (filesystem (getattr)))
                                (dontaudit sshd_t sysfs_t (dir (getattr open search)))
                                (dontaudit sshd_t security_t (dir (getattr open search)))
                                (dontaudit sshd_t security_t (file (ioctl read getattr lock open)))
                                (optional ssh_optional_26
                                    (typeattributeset cil_gen_require selinux_config_t)
                                    (dontaudit sshd_t selinux_config_t (dir (getattr open search)))
                                    (dontaudit sshd_t selinux_config_t (file (ioctl read getattr lock open)))
                                    (optional ssh_optional_27
                                        (typeattributeset cil_gen_require init_t)
                                        (allow ssh_t init_t (process (sigchld)))
                                        (allow ssh_t init_t (process (signull)))
                                        (optional ssh_optional_28
                                            (typeattributeset cil_gen_require rpm_t)
                                            (allow ssh_t rpm_t (fd (use)))
                                            (allow ssh_t rpm_t (fifo_file (ioctl read getattr lock open)))
                                        )
                                        (optional ssh_optional_29
                                            (typeattributeset cil_gen_require security_t)
                                            (typeattributeset cil_gen_require sysfs_t)
                                            (dontaudit ssh_t security_t (filesystem (getattr)))
                                            (dontaudit ssh_t sysfs_t (filesystem (getattr)))
                                            (dontaudit ssh_t sysfs_t (dir (getattr open search)))
                                            (dontaudit ssh_t security_t (dir (getattr open search)))
                                            (dontaudit ssh_t security_t (file (ioctl read getattr lock open)))
                                            (optional ssh_optional_30
                                                (typeattributeset cil_gen_require selinux_config_t)
                                                (dontaudit ssh_t selinux_config_t (dir (getattr open search)))
                                                (dontaudit ssh_t selinux_config_t (file (ioctl read getattr lock open)))
                                                (optional ssh_optional_31
                                                    (typeattributeset cil_gen_require init_t)
                                                    (allow ssh_keysign_t init_t (process (sigchld)))
                                                    (allow ssh_keysign_t init_t (process (signull)))
                                                    (optional ssh_optional_32
                                                        (typeattributeset cil_gen_require rpm_t)
                                                        (allow ssh_keysign_t rpm_t (fd (use)))
                                                        (allow ssh_keysign_t rpm_t (fifo_file (ioctl read getattr lock open)))
                                                    )
                                                    (optional ssh_optional_33
                                                        (typeattributeset cil_gen_require security_t)
                                                        (typeattributeset cil_gen_require sysfs_t)
                                                        (dontaudit ssh_keysign_t security_t (filesystem (getattr)))
                                                        (dontaudit ssh_keysign_t sysfs_t (filesystem (getattr)))
                                                        (dontaudit ssh_keysign_t sysfs_t (dir (getattr open search)))
                                                        (dontaudit ssh_keysign_t security_t (dir (getattr open search)))
                                                        (dontaudit ssh_keysign_t security_t (file (ioctl read getattr lock open)))
                                                        (optional ssh_optional_34
                                                            (typeattributeset cil_gen_require selinux_config_t)
                                                            (dontaudit ssh_keysign_t selinux_config_t (dir (getattr open search)))
                                                            (dontaudit ssh_keysign_t selinux_config_t (file (ioctl read getattr lock open)))
                                                            (optional ssh_optional_35
                                                                (typeattributeset cil_gen_require var_t)
                                                                (typeattributeset cil_gen_require var_run_t)
                                                                (typeattributeset cil_gen_require user_home_dir_t)
                                                                (typeattributeset cil_gen_require home_root_t)
                                                                (typeattributeset cil_gen_require user_runtime_t)
                                                                (typeattributeset cil_gen_require user_runtime_root_t)
                                                                (typeattributeset cil_gen_require gpg_agent_t)
                                                                (typeattributeset cil_gen_require gpg_agent_tmp_t)
                                                                (typeattributeset cil_gen_require gpg_secret_t)
                                                                (typeattributeset cil_gen_require gpg_runtime_t)
                                                                (booleanif (ssh_use_gpg_agent)
                                                                    (true
                                                                        (allow ssh_t home_root_t (lnk_file (read getattr)))
                                                                        (allow ssh_t home_root_t (dir (getattr open search)))
                                                                        (allow ssh_t user_home_dir_t (dir (getattr open search)))
                                                                        (allow ssh_t var_run_t (dir (getattr open search)))
                                                                        (allow ssh_t var_t (dir (getattr open search)))
                                                                        (allow ssh_t var_run_t (lnk_file (read getattr)))
                                                                        (allow ssh_t user_runtime_root_t (dir (getattr open search)))
                                                                        (allow ssh_t user_runtime_t (dir (getattr open search)))
                                                                        (allow ssh_t gpg_secret_t (dir (getattr open search)))
                                                                        (allow ssh_t gpg_runtime_t (dir (getattr open search)))
                                                                        (allow ssh_t gpg_agent_t (unix_stream_socket (connectto)))
                                                                        (allow ssh_t gpg_agent_tmp_t (sock_file (write getattr append open)))
                                                                        (allow ssh_t gpg_agent_tmp_t (dir (getattr open search)))
                                                                    )
                                                                )
                                                            )
                                                            (optional ssh_optional_36
                                                                (type ssh_xproperty_t)
                                                                (roletype object_r ssh_xproperty_t)
                                                                (type ssh_input_xevent_t)
                                                                (roletype object_r ssh_input_xevent_t)
                                                                (typeattributeset cil_gen_require usr_t)
                                                                (typeattributeset cil_gen_require tmp_t)
                                                                (typeattributeset cil_gen_require user_home_dir_t)
                                                                (typeattributeset cil_gen_require home_root_t)
                                                                (typeattributeset cil_gen_require ubac_constrained_type)
                                                                (typeattributeset ubac_constrained_type (ssh_t ssh_agent_tmp_t ssh_keysign_t ssh_tmpfs_t ssh_home_t ))
                                                                (typeattributeset cil_gen_require xdm_t)
                                                                (typeattributeset cil_gen_require xdm_tmp_t)
                                                                (typeattributeset cil_gen_require xauth_home_t)
                                                                (typeattributeset cil_gen_require iceauth_home_t)
                                                                (typeattributeset cil_gen_require xserver_t)
                                                                (typeattributeset cil_gen_require xserver_tmpfs_t)
                                                                (typeattributeset cil_gen_require fonts_t)
                                                                (typeattributeset cil_gen_require fonts_cache_t)
                                                                (typeattributeset cil_gen_require lib_t)
                                                                (typeattributeset cil_gen_require xsession_log_t)
                                                                (typeattributeset cil_gen_require xserver_tmp_t)
                                                                (typeattributeset cil_gen_require user_fonts_t)
                                                                (typeattributeset cil_gen_require user_fonts_cache_t)
                                                                (typeattributeset cil_gen_require user_fonts_config_t)
                                                                (typeattributeset cil_gen_require xdg_cache_t)
                                                                (typeattributeset cil_gen_require xproperty_type)
                                                                (typeattributeset cil_gen_require input_xevent_type)
                                                                (typeattributeset cil_gen_require xevent_type)
                                                                (typeattributeset cil_gen_require ssh_input_xevent_t)
                                                                (typeattributeset cil_gen_require root_xdrawable_t)
                                                                (typeattributeset cil_gen_require xevent_t)
                                                                (typeattributeset cil_gen_require client_xevent_t)
                                                                (typeattributeset cil_gen_require input_xevent_t)
                                                                (typeattributeset cil_gen_require x_domain)
                                                                (typeattributeset cil_gen_require xdrawable_type)
                                                                (typeattributeset cil_gen_require xcolormap_type)
                                                                (typeattributeset cil_gen_require xauth_t)
                                                                (typeattributeset cil_gen_require xauth_exec_t)
                                                                (typeattributeset cil_gen_require x_domain)
                                                                (typeattributeset x_domain (ssh_t ))
                                                                (typeattributeset cil_gen_require xdrawable_type)
                                                                (typeattributeset xdrawable_type (ssh_t ))
                                                                (typeattributeset cil_gen_require xevent_type)
                                                                (typeattributeset xevent_type (ssh_input_xevent_t ))
                                                                (typeattributeset cil_gen_require ubac_constrained_type)
                                                                (typeattributeset ubac_constrained_type (ssh_xproperty_t ssh_input_xevent_t ))
                                                                (typeattributeset cil_gen_require xcolormap_type)
                                                                (typeattributeset xcolormap_type (ssh_t ))
                                                                (typeattributeset cil_gen_require xproperty_type)
                                                                (typeattributeset xproperty_type (ssh_xproperty_t ))
                                                                (typeattributeset cil_gen_require input_xevent_type)
                                                                (typeattributeset input_xevent_type (ssh_input_xevent_t ))
                                                                (allow ssh_t self (shm (create destroy getattr setattr read write associate unix_read unix_write lock)))
                                                                (allow ssh_t self (unix_dgram_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                                                                (allow ssh_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect listen accept getopt setopt shutdown connectto)))
                                                                (allow ssh_t xauth_home_t (file (ioctl read getattr lock open)))
                                                                (allow ssh_t iceauth_home_t (file (ioctl read getattr lock open)))
                                                                (allow ssh_t xdm_t (fd (use)))
                                                                (allow ssh_t xdm_t (fifo_file (ioctl read write getattr lock append)))
                                                                (allow ssh_t xdm_tmp_t (dir (getattr open search)))
                                                                (allow ssh_t xdm_tmp_t (sock_file (read write)))
                                                                (dontaudit ssh_t xdm_t (tcp_socket (read write)))
                                                                (allow ssh_t tmp_t (dir (getattr open search)))
                                                                (allow ssh_t usr_t (dir (getattr open search)))
                                                                (allow ssh_t lib_t (dir (getattr open search)))
                                                                (allow ssh_t fonts_t (dir (ioctl read getattr lock open search)))
                                                                (allow ssh_t fonts_t (dir (getattr open search)))
                                                                (allow ssh_t fonts_t (file (ioctl read getattr lock open)))
                                                                (allow ssh_t fonts_t (file (map)))
                                                                (allow ssh_t fonts_t (dir (getattr open search)))
                                                                (allow ssh_t fonts_t (lnk_file (read getattr)))
                                                                (allow ssh_t fonts_cache_t (dir (ioctl read getattr lock open search)))
                                                                (allow ssh_t fonts_cache_t (dir (getattr open search)))
                                                                (allow ssh_t fonts_cache_t (file (ioctl read getattr lock open)))
                                                                (allow ssh_t fonts_cache_t (file (map)))
                                                                (allow ssh_t fonts_cache_t (dir (getattr open search)))
                                                                (allow ssh_t fonts_cache_t (lnk_file (read getattr)))
                                                                (allow ssh_t user_home_dir_t (dir (getattr open search)))
                                                                (allow ssh_t home_root_t (dir (getattr open search)))
                                                                (allow ssh_t home_root_t (lnk_file (read getattr)))
                                                                (allow ssh_t xsession_log_t (file (ioctl read write getattr lock append open)))
                                                                (allow xserver_t ssh_t (fd (use)))
                                                                (allow xserver_t ssh_t (shm (getattr read write associate unix_read unix_write lock)))
                                                                (allow xserver_t ssh_tmpfs_t (file (ioctl read write getattr lock append map open)))
                                                                (allow ssh_t xserver_t (unix_stream_socket (connectto)))
                                                                (allow ssh_t xserver_t (process (signal)))
                                                                (allow ssh_t xserver_tmp_t (file (ioctl read getattr lock)))
                                                                (allow ssh_t xserver_t (fd (use)))
                                                                (allow ssh_t xserver_t (shm (getattr read associate unix_read)))
                                                                (allow ssh_t xserver_tmpfs_t (file (ioctl read getattr lock open)))
                                                                (allow ssh_t ssh_tmpfs_t (file (map)))
                                                                (allow ssh_t user_fonts_t (dir (ioctl read getattr lock open watch search)))
                                                                (allow ssh_t user_fonts_t (file (ioctl read getattr lock map open)))
                                                                (allow ssh_t user_fonts_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                                                (allow ssh_t user_fonts_cache_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                                                                (allow ssh_t user_fonts_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                                                (allow ssh_t user_fonts_cache_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                                                (allow ssh_t user_fonts_cache_t (file (ioctl read getattr lock map open)))
                                                                (allow ssh_t user_fonts_config_t (dir (ioctl read getattr lock open search)))
                                                                (allow ssh_t user_fonts_config_t (file (ioctl read getattr lock open)))
                                                                (allow ssh_t user_home_dir_t (dir (getattr open search)))
                                                                (allow ssh_t home_root_t (dir (getattr open search)))
                                                                (allow ssh_t home_root_t (lnk_file (read getattr)))
                                                                (allow ssh_t xdg_cache_t (dir (getattr open search)))
                                                                (allow ssh_t xdg_cache_t (dir (getattr open search)))
                                                                (allow ssh_t user_home_dir_t (dir (getattr open search)))
                                                                (allow ssh_t home_root_t (dir (getattr open search)))
                                                                (allow ssh_t home_root_t (lnk_file (read getattr)))
                                                                (allow ssh_t tmp_t (dir (getattr open search)))
                                                                (allow ssh_t xdm_tmp_t (dir (getattr open search)))
                                                                (allow ssh_t xdm_tmp_t (file (ioctl read getattr lock open)))
                                                                (typetransition ssh_t root_xdrawable_t x_drawable ssh_t)
                                                                (typetransition ssh_t input_xevent_t x_event ssh_input_xevent_t)
                                                                (allow ssh_t ssh_input_xevent_t (x_event (send)))
                                                                (allow ssh_t ssh_input_xevent_t (x_synthetic_event (send)))
                                                                (allow ssh_t ssh_input_xevent_t (x_event (receive)))
                                                                (allow ssh_t ssh_input_xevent_t (x_synthetic_event (receive)))
                                                                (allow ssh_t client_xevent_t (x_event (receive)))
                                                                (allow ssh_t client_xevent_t (x_synthetic_event (receive)))
                                                                (allow ssh_t xevent_t (x_event (receive)))
                                                                (allow ssh_t xevent_t (x_synthetic_event (receive)))
                                                                (dontaudit ssh_t input_xevent_type (x_event (send)))
                                                                (allow ssh_t xauth_exec_t (file (ioctl read getattr map execute open)))
                                                                (allow ssh_t xauth_t (process (transition)))
                                                                (dontaudit ssh_t xauth_t (process (noatsecure siginh rlimitinh)))
                                                                (typetransition ssh_t xauth_exec_t process xauth_t)
                                                                (allow xauth_t ssh_t (fd (use)))
                                                                (allow xauth_t ssh_t (fifo_file (ioctl read write getattr lock append)))
                                                                (allow xauth_t ssh_t (process (sigchld)))
                                                                (booleanif (or (allow_write_xshm) (xserver_client_writes_xserver_tmpfs))
                                                                    (true
                                                                        (allow ssh_t xserver_tmpfs_t (file (ioctl read write getattr lock append open)))
                                                                    )
                                                                )
                                                                (booleanif (allow_write_xshm)
                                                                    (true
                                                                        (allow ssh_t xserver_t (shm (getattr read write associate unix_read unix_write lock)))
                                                                    )
                                                                )
                                                            )
                                                            (optional ssh_optional_37
                                                                (typeattributeset cil_gen_require var_t)
                                                                (typeattributeset cil_gen_require var_run_t)
                                                                (typeattributeset cil_gen_require nscd_t)
                                                                (typeattributeset cil_gen_require nscd_runtime_t)
                                                                (booleanif (nscd_use_shm)
                                                                    (true
                                                                        (allow ssh_keysign_t nscd_runtime_t (sock_file (read getattr open)))
                                                                        (allow ssh_keysign_t nscd_runtime_t (dir (ioctl read getattr lock open search)))
                                                                        (dontaudit ssh_keysign_t nscd_runtime_t (file (ioctl read getattr lock open)))
                                                                        (allow ssh_keysign_t nscd_t (unix_stream_socket (connectto)))
                                                                        (allow ssh_keysign_t nscd_runtime_t (sock_file (write getattr append open)))
                                                                        (allow ssh_keysign_t nscd_runtime_t (dir (getattr open search)))
                                                                        (allow ssh_keysign_t var_run_t (dir (getattr open search)))
                                                                        (allow ssh_keysign_t var_t (dir (getattr open search)))
                                                                        (allow ssh_keysign_t var_run_t (lnk_file (read getattr)))
                                                                        (allow ssh_keysign_t nscd_t (fd (use)))
                                                                        (allow ssh_keysign_t nscd_t (nscd (getgrp gethost getpwd shmemgrp shmemhost shmempwd)))
                                                                        (allow ssh_keysign_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                                                    )
                                                                    (false
                                                                        (allow nscd_t ssh_keysign_t (process (getattr)))
                                                                        (allow nscd_t ssh_keysign_t (lnk_file (read getattr)))
                                                                        (allow nscd_t ssh_keysign_t (file (ioctl read getattr lock open)))
                                                                        (allow nscd_t ssh_keysign_t (dir (ioctl read getattr lock open search)))
                                                                        (dontaudit ssh_keysign_t nscd_runtime_t (file (ioctl read getattr lock open)))
                                                                        (allow ssh_keysign_t nscd_t (unix_stream_socket (connectto)))
                                                                        (allow ssh_keysign_t nscd_runtime_t (sock_file (write getattr append open)))
                                                                        (allow ssh_keysign_t nscd_runtime_t (dir (getattr open search)))
                                                                        (allow ssh_keysign_t var_run_t (dir (getattr open search)))
                                                                        (allow ssh_keysign_t var_t (dir (getattr open search)))
                                                                        (allow ssh_keysign_t var_run_t (lnk_file (read getattr)))
                                                                        (dontaudit ssh_keysign_t nscd_t (nscd (shmemgrp shmemhost shmempwd getserv shmemserv)))
                                                                        (dontaudit ssh_keysign_t nscd_t (fd (use)))
                                                                        (allow ssh_keysign_t nscd_t (nscd (getgrp gethost getpwd)))
                                                                        (allow ssh_keysign_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                                                                    )
                                                                )
                                                            )
                                                            (optional ssh_optional_38
                                                                (typeattributeset cil_gen_require svc_run_t)
                                                                (typeattributeset cil_gen_require svc_start_t)
                                                                (allow svc_run_t sshd_exec_t (file (ioctl read getattr map execute open)))
                                                                (allow svc_run_t sshd_t (process (transition)))
                                                                (dontaudit svc_run_t sshd_t (process (noatsecure siginh rlimitinh)))
                                                                (typetransition svc_run_t sshd_exec_t process sshd_t)
                                                                (allow sshd_t svc_start_t (process (sigchld)))
                                                                (allow sshd_t svc_start_t (fd (use)))
                                                                (allow sshd_t svc_start_t (fifo_file (ioctl read write getattr lock append open)))
                                                                (allow svc_start_t sshd_t (process (signal)))
                                                                (allow svc_run_t sshd_t (process (signal)))
                                                                (allow sshd_t svc_run_t (fd (use)))
                                                            )
                                                            (optional ssh_optional_39
                                                                (roleattributeset cil_gen_require system_r)
                                                                (roletype system_r ssh_keygen_t)
                                                                (roletype system_r sshd_t)
                                                                (typeattributeset cil_gen_require domain)
                                                                (typeattributeset domain (ssh_keygen_t sshd_t ssh_t ssh_keysign_t ))
                                                                (typeattributeset cil_gen_require exec_type)
                                                                (typeattributeset exec_type (ssh_keygen_exec_t sshd_exec_t ssh_exec_t ssh_agent_exec_t ssh_keysign_exec_t ))
                                                                (typeattributeset cil_gen_require file_type)
                                                                (typeattributeset file_type (ssh_keygen_exec_t sshd_exec_t sshd_key_t sshd_runtime_t sshd_tmpfs_t sshd_tmp_t sshd_keygen_unit_t sshd_unit_t ssh_exec_t ssh_agent_exec_t ssh_agent_tmp_t ssh_keysign_exec_t ssh_tmpfs_t ssh_home_t sshd_keytab_t ))
                                                                (typeattributeset cil_gen_require non_security_file_type)
                                                                (typeattributeset non_security_file_type (ssh_keygen_exec_t sshd_exec_t sshd_key_t sshd_runtime_t sshd_tmpfs_t sshd_tmp_t sshd_keygen_unit_t sshd_unit_t ssh_exec_t ssh_agent_exec_t ssh_agent_tmp_t ssh_keysign_exec_t ssh_tmpfs_t ssh_home_t sshd_keytab_t ))
                                                                (typeattributeset cil_gen_require non_auth_file_type)
                                                                (typeattributeset non_auth_file_type (ssh_keygen_exec_t sshd_exec_t sshd_key_t sshd_runtime_t sshd_tmpfs_t sshd_tmp_t sshd_keygen_unit_t sshd_unit_t ssh_exec_t ssh_agent_exec_t ssh_agent_tmp_t ssh_keysign_exec_t ssh_tmpfs_t ssh_home_t sshd_keytab_t ))
                                                                (typeattributeset cil_gen_require entry_type)
                                                                (typeattributeset entry_type (ssh_keygen_exec_t sshd_exec_t ssh_exec_t ssh_keysign_exec_t ))
                                                                (typeattributeset cil_gen_require inetd_t)
                                                                (roleattributeset cil_gen_require system_r)
                                                                (roletype system_r sshd_t)
                                                                (typeattributeset cil_gen_require non_auth_file_type)
                                                                (typeattributeset non_auth_file_type (sshd_exec_t ))
                                                                (typeattributeset cil_gen_require file_type)
                                                                (typeattributeset file_type (sshd_exec_t ))
                                                                (typeattributeset cil_gen_require domain)
                                                                (typeattributeset domain (sshd_t ))
                                                                (typeattributeset cil_gen_require entry_type)
                                                                (typeattributeset entry_type (sshd_exec_t ))
                                                                (typeattributeset cil_gen_require exec_type)
                                                                (typeattributeset exec_type (sshd_exec_t ))
                                                                (typeattributeset cil_gen_require non_security_file_type)
                                                                (typeattributeset non_security_file_type (sshd_exec_t ))
                                                                (allow sshd_t sshd_exec_t (file (entrypoint)))
                                                                (allow sshd_t sshd_exec_t (file (ioctl read getattr lock map execute open)))
                                                                (allow inetd_t sshd_exec_t (file (ioctl read getattr map execute open)))
                                                                (allow inetd_t sshd_t (process (transition)))
                                                                (dontaudit inetd_t sshd_t (process (noatsecure siginh rlimitinh)))
                                                                (typetransition inetd_t sshd_exec_t process sshd_t)
                                                                (allow sshd_t inetd_t (fd (use)))
                                                                (allow sshd_t inetd_t (fifo_file (ioctl read write getattr lock append)))
                                                                (allow sshd_t inetd_t (process (sigchld)))
                                                                (allow inetd_t sshd_t (process (sigkill siginh)))
                                                                (allow sshd_t inetd_t (tcp_socket (ioctl read write getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                                                (optional ssh_optional_40
                                                                    (typeattributeset cil_gen_require init_t)
                                                                    (allow sshd_t init_t (process (sigchld)))
                                                                    (allow sshd_t init_t (process (signull)))
                                                                    (optional ssh_optional_41
                                                                        (typeattributeset cil_gen_require rpm_t)
                                                                        (allow sshd_t rpm_t (fd (use)))
                                                                        (allow sshd_t rpm_t (fifo_file (ioctl read getattr lock open)))
                                                                    )
                                                                    (optional ssh_optional_42
                                                                        (typeattributeset cil_gen_require security_t)
                                                                        (typeattributeset cil_gen_require sysfs_t)
                                                                        (dontaudit sshd_t security_t (filesystem (getattr)))
                                                                        (dontaudit sshd_t sysfs_t (filesystem (getattr)))
                                                                        (dontaudit sshd_t sysfs_t (dir (getattr open search)))
                                                                        (dontaudit sshd_t security_t (dir (getattr open search)))
                                                                        (dontaudit sshd_t security_t (file (ioctl read getattr lock open)))
                                                                        (optional ssh_optional_43
                                                                            (typeattributeset cil_gen_require selinux_config_t)
                                                                            (dontaudit sshd_t selinux_config_t (dir (getattr open search)))
                                                                            (dontaudit sshd_t selinux_config_t (file (ioctl read getattr lock open)))
                                                                        )
                                                                    )
                                                                )
                                                            )
                                                            (optional ssh_optional_44
                                                                (typeattributeset cil_gen_require security_t)
                                                                (typeattributeset cil_gen_require selinux_config_t)
                                                                (typeattributeset cil_gen_require etc_t)
                                                                (typeattributeset cil_gen_require krb5_keytab_t)
                                                                (typeattributeset cil_gen_require krb5_host_rcache_t)
                                                                (typeattributeset cil_gen_require default_context_t)
                                                                (typeattributeset cil_gen_require file_context_t)
                                                                (typeattributeset cil_gen_require krb5_conf_t)
                                                                (typeattributeset cil_gen_require krb5_home_t)
                                                                (typeattributeset cil_gen_require user_home_dir_t)
                                                                (typeattributeset cil_gen_require home_root_t)
                                                                (typeattributeset cil_gen_require netlabel_peer_t)
                                                                (typeattributeset cil_gen_require netif_t)
                                                                (typeattributeset cil_gen_require node_t)
                                                                (typeattributeset cil_gen_require krb5kdc_conf_t)
                                                                (typeattributeset cil_gen_require kerberos_client_packet_t)
                                                                (typeattributeset cil_gen_require kerberos_port_t)
                                                                (typeattributeset cil_gen_require ocsp_client_packet_t)
                                                                (typeattributeset cil_gen_require ocsp_port_t)
                                                                (allow sshd_t etc_t (dir (getattr open search)))
                                                                (allow sshd_t krb5_keytab_t (file (ioctl read getattr lock open)))
                                                                (allow sshd_t etc_t (dir (getattr open search)))
                                                                (allow sshd_t krb5_conf_t (file (ioctl read getattr lock open)))
                                                                (allow sshd_t user_home_dir_t (dir (getattr open search)))
                                                                (allow sshd_t home_root_t (dir (getattr open search)))
                                                                (allow sshd_t home_root_t (lnk_file (read getattr)))
                                                                (allow sshd_t krb5_home_t (file (ioctl read getattr lock open)))
                                                                (dontaudit sshd_t krb5_conf_t (file (ioctl write getattr lock append open)))
                                                                (dontaudit sshd_t krb5kdc_conf_t (dir (ioctl read getattr lock open search)))
                                                                (dontaudit sshd_t krb5kdc_conf_t (file (ioctl read write getattr lock append open)))
                                                                (dontaudit sshd_t self (process (setfscreate)))
                                                                (dontaudit sshd_t security_t (dir (ioctl read getattr lock open search)))
                                                                (dontaudit sshd_t security_t (file (ioctl read write getattr map open)))
                                                                (dontaudit sshd_t security_t (security (check_context)))
                                                                (dontaudit sshd_t selinux_config_t (dir (getattr open search)))
                                                                (dontaudit sshd_t default_context_t (dir (getattr open search)))
                                                                (dontaudit sshd_t file_context_t (dir (getattr open search)))
                                                                (dontaudit sshd_t file_context_t (file (ioctl read getattr lock open)))
                                                                (dontaudit sshd_t file_context_t (file (map)))
                                                                (booleanif (allow_kerberos)
                                                                    (true
                                                                        (allow sshd_t krb5_host_rcache_t (file (getattr)))
                                                                        (allow sshd_t ocsp_port_t (tcp_socket (name_connect)))
                                                                        (allow sshd_t ocsp_client_packet_t (packet (recv)))
                                                                        (allow sshd_t ocsp_client_packet_t (packet (send)))
                                                                        (allow sshd_t kerberos_port_t (tcp_socket (name_connect)))
                                                                        (allow sshd_t kerberos_client_packet_t (packet (recv)))
                                                                        (allow sshd_t kerberos_client_packet_t (packet (send)))
                                                                        (allow sshd_t node_t (node (recvfrom)))
                                                                        (allow sshd_t node_t (node (sendto)))
                                                                        (allow sshd_t node_t (node (recvfrom sendto)))
                                                                        (allow sshd_t netif_t (netif (ingress)))
                                                                        (allow sshd_t netif_t (netif (egress)))
                                                                        (allow sshd_t netif_t (netif (ingress egress)))
                                                                        (allow sshd_t netlabel_peer_t (tcp_socket (recvfrom)))
                                                                        (allow sshd_t netlabel_peer_t (udp_socket (recvfrom)))
                                                                        (allow sshd_t netlabel_peer_t (rawip_socket (recvfrom)))
                                                                        (allow sshd_t netlabel_peer_t (peer (recv)))
                                                                        (allow sshd_t self (udp_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                                                                        (allow sshd_t self (tcp_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                                                                    )
                                                                )
                                                                (optional ssh_optional_45
                                                                    (typeattributeset cil_gen_require var_t)
                                                                    (typeattributeset cil_gen_require pcscd_runtime_t)
                                                                    (typeattributeset cil_gen_require var_run_t)
                                                                    (typeattributeset cil_gen_require pcscd_t)
                                                                    (booleanif (allow_kerberos)
                                                                        (true
                                                                            (allow pcscd_t sshd_t (file (ioctl read getattr lock open)))
                                                                            (allow pcscd_t sshd_t (dir (ioctl read getattr lock open search)))
                                                                            (allow sshd_t pcscd_t (unix_stream_socket (connectto)))
                                                                            (allow sshd_t pcscd_runtime_t (sock_file (write getattr append open)))
                                                                            (allow sshd_t pcscd_runtime_t (dir (getattr open search)))
                                                                            (allow sshd_t var_run_t (dir (getattr open search)))
                                                                            (allow sshd_t var_t (dir (getattr open search)))
                                                                            (allow sshd_t var_run_t (lnk_file (read getattr)))
                                                                        )
                                                                    )
                                                                )
                                                                (optional ssh_optional_46
                                                                    (typeattributeset cil_gen_require var_t)
                                                                    (typeattributeset cil_gen_require var_lib_t)
                                                                    (typeattributeset cil_gen_require sssd_public_t)
                                                                    (typeattributeset cil_gen_require sssd_var_lib_t)
                                                                    (allow sshd_t sssd_var_lib_t (dir (getattr open search)))
                                                                    (allow sshd_t var_t (dir (getattr open search)))
                                                                    (allow sshd_t var_lib_t (dir (getattr open search)))
                                                                    (allow sshd_t sssd_public_t (dir (ioctl read getattr lock open search)))
                                                                    (allow sshd_t sssd_public_t (dir (getattr open search)))
                                                                    (allow sshd_t sssd_public_t (file (ioctl read getattr lock open)))
                                                                )
                                                            )
                                                            (optional ssh_optional_47
                                                                (typeattributeset cil_gen_require bin_t)
                                                                (typeattributeset cil_gen_require usr_t)
                                                                (typeattributeset cil_gen_require oddjob_mkhomedir_t)
                                                                (typeattributeset cil_gen_require oddjob_mkhomedir_exec_t)
                                                                (allow sshd_t bin_t (dir (getattr open search)))
                                                                (allow sshd_t bin_t (lnk_file (read getattr)))
                                                                (allow sshd_t usr_t (dir (getattr open search)))
                                                                (allow sshd_t oddjob_mkhomedir_exec_t (file (ioctl read getattr map execute open)))
                                                                (allow sshd_t oddjob_mkhomedir_t (process (transition)))
                                                                (dontaudit sshd_t oddjob_mkhomedir_t (process (noatsecure siginh rlimitinh)))
                                                                (typetransition sshd_t oddjob_mkhomedir_exec_t process oddjob_mkhomedir_t)
                                                                (allow oddjob_mkhomedir_t sshd_t (fd (use)))
                                                                (allow oddjob_mkhomedir_t sshd_t (fifo_file (ioctl read write getattr lock append)))
                                                                (allow oddjob_mkhomedir_t sshd_t (process (sigchld)))
                                                            )
                                                            (optional ssh_optional_48
                                                                (typeattributeset cil_gen_require rpm_script_t)
                                                                (allow sshd_t rpm_script_t (fd (use)))
                                                            )
                                                            (optional ssh_optional_49
                                                                (typeattributeset cil_gen_require bin_t)
                                                                (typeattributeset cil_gen_require usr_t)
                                                                (typeattributeset cil_gen_require rssh_t)
                                                                (typeattributeset cil_gen_require rssh_exec_t)
                                                                (typeattributeset cil_gen_require rssh_ro_t)
                                                                (allow sshd_t bin_t (dir (getattr open search)))
                                                                (allow sshd_t bin_t (lnk_file (read getattr)))
                                                                (allow sshd_t usr_t (dir (getattr open search)))
                                                                (allow sshd_t self (process (setexec)))
                                                                (allow sshd_t rssh_exec_t (file (ioctl read getattr map execute open)))
                                                                (allow sshd_t rssh_t (process (transition)))
                                                                (dontaudit sshd_t rssh_t (process (noatsecure siginh rlimitinh)))
                                                                (allow rssh_t sshd_t (fd (use)))
                                                                (allow rssh_t sshd_t (fifo_file (ioctl read write getattr lock append)))
                                                                (allow rssh_t sshd_t (process (sigchld)))
                                                                (allow sshd_t rssh_ro_t (dir (ioctl read getattr lock open search)))
                                                                (allow sshd_t rssh_ro_t (file (ioctl read getattr lock open)))
                                                            )
                                                            (optional ssh_optional_50
                                                                (typeattributeset cil_gen_require xdm_t)
                                                                (typeattributeset cil_gen_require xauth_t)
                                                                (typeattributeset cil_gen_require xauth_exec_t)
                                                                (allow sshd_t xauth_exec_t (file (ioctl read getattr map execute open)))
                                                                (allow sshd_t xauth_t (process (transition)))
                                                                (dontaudit sshd_t xauth_t (process (noatsecure siginh rlimitinh)))
                                                                (typetransition sshd_t xauth_exec_t process xauth_t)
                                                                (allow xauth_t sshd_t (fd (use)))
                                                                (allow xauth_t sshd_t (fifo_file (ioctl read write getattr lock append)))
                                                                (allow xauth_t sshd_t (process (sigchld)))
                                                                (allow sshd_t xdm_t (key (link)))
                                                            )
                                                            (optional ssh_optional_51
                                                                (typeattributeset cil_gen_require newrole_t)
                                                                (allow ssh_keygen_t newrole_t (process (sigchld)))
                                                            )
                                                        )
                                                    )
                                                )
                                            )
                                        )
                                    )
                                )
                            )
                        )
                    )
                )
            )
        )
    )
)
(filecon "HOME_DIR/\.ssh(/.*)?" any (system_u object_r ssh_home_t ((s0) (s0))))
(filecon "/etc/ssh/primes" file (system_u object_r sshd_key_t ((s0) (s0))))
(filecon "/etc/ssh/ssh_host.*_key(\.pub)?" file (system_u object_r sshd_key_t ((s0) (s0))))
(filecon "/usr/bin/ssh" file (system_u object_r ssh_exec_t ((s0) (s0))))
(filecon "/usr/bin/ssh-agent" file (system_u object_r ssh_agent_exec_t ((s0) (s0))))
(filecon "/usr/bin/ssh-keygen" file (system_u object_r ssh_keygen_exec_t ((s0) (s0))))
(filecon "/usr/bin/sshd" file (system_u object_r sshd_exec_t ((s0) (s0))))
(filecon "/usr/lib/misc/sshd-session" file (system_u object_r sshd_exec_t ((s0) (s0))))
(filecon "/usr/lib/openssh/ssh-keysign" file (system_u object_r ssh_keysign_exec_t ((s0) (s0))))
(filecon "/usr/lib/openssh/sshd-session" file (system_u object_r sshd_exec_t ((s0) (s0))))
(filecon "/usr/lib/ssh/ssh-keysign" file (system_u object_r ssh_keysign_exec_t ((s0) (s0))))
(filecon "/usr/lib/systemd/system/ssh.*" file (system_u object_r sshd_unit_t ((s0) (s0))))
(filecon "/usr/lib/systemd/system/sshdgenkeys.*" file (system_u object_r sshd_keygen_unit_t ((s0) (s0))))
(filecon "/usr/lib/systemd/system/sshd-keygen.*" file (system_u object_r sshd_keygen_unit_t ((s0) (s0))))
(filecon "/usr/libexec/openssh/ssh-keysign" file (system_u object_r ssh_keysign_exec_t ((s0) (s0))))
(filecon "/usr/sbin/sshd" file (system_u object_r sshd_exec_t ((s0) (s0))))
(filecon "/run/sshd(/.*)?" any (system_u object_r sshd_runtime_t ((s0) (s0))))
(filecon "/run/sshd\.init\.pid" file (system_u object_r sshd_runtime_t ((s0) (s0))))
(filecon "/run/sshd\.pid" file (system_u object_r sshd_runtime_t ((s0) (s0))))
