,<*h8i8}8888?8;9&O99v99997:?:C:L:`:s::::::::::;+;<;U;/^;;;;;G;E<$M<)r<M<5<) =lJ=)==2=L2>K>>"> ?(?!G?'i?D?B?@A@@4A&7A,^A%A2AAKB5MBTB<BLC(bC,CPC2 D.P[P"{P$P!PP%Q'Q GQ hQQQ$QQ%R'R$CRhR$R'RRRS+S@SXSuS"SSS S T'T @TaTzT$TT%TTU3UKU#kUUUUU5V7VVV!uV(V!V"V!W&'WNW$hW/W/W4W2"XUX?oX$X)X)X.(Y,WY)Y)Y.Y,Z)4Z)^Z.Z,Z$Z! [+[)G[q[v[ [[ [ [[[[ \ \ \-)\(W\)\2\2\-]*>]*i]%]%]*]. ^,:^/g^$^/^+^-_+F_+r_'_$_,_-`0F`.w`+`0`4a+8a(da)a+a,a+b#n1I{6f3Ѫ<T,y.81gE'߬o^w.֭02$3W>{ʯFҰ6ڰ*;<x7+><X'()} ^l}S%ڶ(D,a!̷90&7W=2͸B0Ct&+ # +"L"o+" 6!9#[(%ƻ(/5e((ɼ# "7%Z#&.)2\)x&ɾ' $*'Ow.ſ' *Hs!"B"8#[+0)-+4+`)68 8F8K*"2M44424R4468(8a8(+((,Q~  %.@E,W'2=<,Z)4$$ 307d58# 8/4h644 &>#e569704h954 'B2j444"<$_"2544E4z6466R7'68 7Y"2276R3).63M7<43+7_3946:6q4644I5~232%N4t5355I46333S323$".G6v2%86?8v%9"626i32$4,6a4#')3C#w/63"64Y8<7%<<b473 4@4u4548J4263"3V6425)4_*932-7`6457:6r2*22:5m5 %5 <A<~V%[6 >YG8#/$06*0a%45&#-J0x!-))#)MDw$$;JiA% 7 F S`4u,C!Fh q~   )F6+}  #+% Q[$t4J *5;?CG\ q~! $07 KX]4y <:#^ f q! (" (&Bix">%;<x! % >LgxE=!&@gkq;TM>D b9IKS#j <;&<b v+}%i1;9,u79:8O:L/B/*9'Y( %"*HWr&3#0,4]n)@RP,  K "X  {  / -    H ^ s w %  6 A < /V    q  6* 4a # / - - .F 'u & *   &,$S$x$%7 WJx  ! &Nk je~a!l@1CIc& jh'2,;<B(0F]4po%=vs(9/l{y%bC1 iCX:$%|ffTHK@7IQ  GH )s)W&3m.DI]T"vAh5 66F a k80uu|RY'*$4zOe !mG8beZq^wS!|YZ sJzKi5kO(- Gw*.VUE>;JczV-}=E\PY-+{P1$p<dX,Rg2t[rqU`g<@j^QwS_J+ }yFxqyD B ?xr0i~n_MaK.Tl~v>Sn:UfA+rNn3B_[9)`"dERW]LO5g8?pt\*`bhH> c3N[xu?}6#DM2ZQPo#M#Ad'4o/=/^7\ W,":LtVX;m&L{79%s changed labels. %s is already in %s%s is not a valid context %s is not in %s%s must be a directory%s! Could not get current context for %s, not relabeling tty. %s! Could not get new context for %s, not relabeling tty. %s! Could not set new context for %s %s: Can't load policy and enforcing mode requested: %s %s: Can't load policy: %s %s: Policy is already loaded and initial load requested ******************** IMPORTANT *********************** ...600-1024ApplicationsLogin UsersRoot UsersSelect:TCP PortsUDP PortsAddAdd %sAdd Booleans DialogAdd File ContextAdd Network PortAdd SELinux Login MappingAdd SELinux Network PortsAdd SELinux UserAdd SELinux User MappingAdd UserAddr %s is defined in policy, cannot be deletedAddr %s is not definedAdminAdmin User RoleAllAllow SELinux webadm user to manage unprivileged users home directoriesAllow SELinux webadm user to read unprivileged users home directoriesAllow Samba to share nfs directoriesAllow Spam Assassin daemon network accessAllow X-Windows server to map a memory region as both executable and writableAllow all daemons the ability to use unallocated ttysAllow all daemons to write corefiles to /Allow cdrecord to read various content. nfs, samba, removable devices, user temp and untrusted content filesAllow clients to write to X shared memoryAllow daemons to run with NISAllow evolution and thunderbird to read user filesAllow gadmin SELinux user account to execute files in home directory or /tmpAllow guest SELinux user account to execute files in home directory or /tmpAllow java executable stackAllow mount to mount any directoryAllow mount to mount any fileAllow mplayer executable stackAllow normal user to execute pingAllow pppd to be run for a regular userAllow privileged utilities like hotplug and insmod to run unconfinedAllow programs to read files in non-standard locations (default_t)Allow rc scripts to run unconfined, including any daemon started by an rc script that does not have a domain transition explicitly definedAllow regular users direct mouse access (only allow the X server)Allow rpm to run unconfinedAllow sasl authentication server to read /etc/shadowAllow spamd to access home directoriesAllow squid daemon to connect to the networkAllow ssh logins as sysadm_r:sysadm_tAllow ssh to run from inetd instead of as a daemonAllow ssh to run ssh-keysignAllow staff SELinux user account to execute files in home directory or /tmpAllow staff Web Browsers to write to home directoriesAllow staff_r users to search the sysadm home dir and read files (such as ~/.bashrc)Allow stunnel daemon to run as standalone, outside of xinetdAllow sysadm SELinux user account to execute files in home directory or /tmpAllow sysadm_t to directly start daemonsAllow the mozilla browser to read user filesAllow unconfined SELinux user account to execute files in home directory or /tmpAllow unconfined to dyntrans to unconfined_execmemAllow unlabeled packets to flow on the networkAllow user SELinux user account to execute files in home directory or /tmpAllow user to connect to mysql socketAllow user to connect to postgres socketAllow user to r/w noextattrfile (FAT, CDROM, FLOPPY)Allow user to stat ttyfilesAllow user_r to reach sysadm_r via su, sudo, or userhelper. Otherwise, only staff_r can do soAllow users to control network interfaces (also needs USERCTL=true)Allow users to execute the mount commandAllow users to run TCP servers (bind to ports and accept connection from the same domain and outside users) disabling this forces FTP passive mode and may change other protocolsAllow users to run the dmesg commandAllow users to rw usb devicesAllow xdm logins as sysadm_r:sysadm_tAllow xen to read/write physical disk devicesAllow xguest SELinux user account to execute files in home directory or /tmpAllow xinetd to run unconfined, including any services it starts that do not have a domain transition explicitly definedApplicationAre you sure you want to delete %s '%s'?Bad format %s: Record %sBooleanBoolean %s is defined in policy, cannot be deletedBoolean %s is not definedBoolean NameCVSCan not combine +/- with other types of categoriesCan not have multiple sensitivitiesCan not modify sensitivity levels using '+' on %sCannot find your entry in the shadow passwd file. Cannot read policy store.Change process mode to enforcingChange process mode to permissive.Changing the policy type will cause a relabel of the entire file system on the next boot. Relabeling takes a long time depending on the size of the file system. Do you wish to continue?Changing to SELinux disabled requires a reboot. It is not recommended. If you later decide to turn SELinux back on, the system will be required to relabel. If you just want to see if SELinux is causing a problem on your system, you can go to permissive mode which will only log errors and not enforce SELinux policy. Permissive mode does not require a reboot Do you wish to continue?Changing to SELinux enabled will cause a relabel of the entire file system on the next boot. Relabeling takes a long time depending on the size of the file system. Do you wish to continue?CompatibilityConfigue SELinuxContextCopyright (c)2006 Red Hat, Inc. Copyright (c) 2006 Dan Walsh Could not add SELinux user %sCould not add addr %sCould not add file context for %sCould not add interface %sCould not add login mapping for %sCould not add port %s/%sCould not add prefix %s for %sCould not add role %s for %sCould not check if SELinux user %s is definedCould not check if addr %s is definedCould not check if boolean %s is definedCould not check if file context for %s is definedCould not check if interface %s is definedCould not check if login mapping for %s is definedCould not check if port %s/%s is definedCould not close descriptors. Could not commit semanage transactionCould not create SELinux user for %sCould not create a key for %sCould not create a key for %s/%sCould not create addr for %sCould not create context for %sCould not create context for %s/%sCould not create file context for %sCould not create interface for %sCould not create key for %sCould not create login mapping for %sCould not create port for %s/%sCould not create semanage handleCould not delete SELinux user %sCould not delete addr %sCould not delete boolean %sCould not delete file context for %sCould not delete interface %sCould not delete login mapping for %sCould not delete port %s/%sCould not delete the file context %sCould not delete the port %sCould not determine enforcing mode. Could not establish semanage connectionCould not extract key for %sCould not list SELinux modulesCould not list SELinux usersCould not list addrsCould not list booleansCould not list file contextsCould not list interfacesCould not list local file contextsCould not list login mappingsCould not list portsCould not list roles for user %sCould not list the file contextsCould not list the portsCould not modify SELinux user %sCould not modify addr %sCould not modify boolean %sCould not modify file context for %sCould not modify interface %sCould not modify login mapping for %sCould not modify port %s/%sCould not open file %s Could not query addr %sCould not query file context %sCould not query file context for %sCould not query interface %sCould not query port %s/%sCould not query seuser for %sCould not query user for %sCould not remove permissive domain %s (remove failed)Could not set MLS level for %sCould not set MLS range for %sCould not set SELinux user for %sCould not set active value of boolean %sCould not set addr context for %sCould not set exec context to %s. Could not set file context for %sCould not set interface context for %sCould not set mask for %sCould not set message context for %sCould not set mls fields in addr context for %sCould not set mls fields in file context for %sCould not set mls fields in interface context for %sCould not set mls fields in port context for %s/%sCould not set name for %sCould not set permissive domain %s (module installation failed)Could not set port context for %s/%sCould not set role in addr context for %sCould not set role in file context for %sCould not set role in interface context for %sCould not set role in port context for %s/%sCould not set type in addr context for %sCould not set type in file context for %sCould not set type in interface context for %sCould not set type in port context for %s/%sCould not set user in addr context for %sCould not set user in file context for %sCould not set user in interface context for %sCould not set user in port context for %s/%sCould not start semanage transactionCould not test MLS enabled statusCouldn't get default type. Create/Manipulate temporary files in /tmpCronCurrent Enforcing ModeCustomizedDBUS System DaemonDatabasesDelete %sDelete File ContextDelete Network PortDelete SELinux User MappingDelete UserDescriptionDisable AuditDisable SELinux protection for Cluster ServerDisable SELinux protection for EvolutionDisable SELinux protection for Hal daemonDisable SELinux protection for NIS Password DaemonDisable SELinux protection for NIS Transfer DaemonDisable SELinux protection for NetworkManagerDisable SELinux protection for ThunderbirdDisable SELinux protection for acct daemonDisable SELinux protection for amandaDisable SELinux protection for amavisDisable SELinux protection for apmd daemonDisable SELinux protection for arpwatch daemonDisable SELinux protection for auditd daemonDisable SELinux protection for automount daemonDisable SELinux protection for avahiDisable SELinux protection for bluetooth daemonDisable SELinux protection for canna daemonDisable SELinux protection for cardmgr daemonDisable SELinux protection for ciped daemonDisable SELinux protection for clamd daemonDisable SELinux protection for clamscanDisable SELinux protection for clvmdDisable SELinux protection for comsat daemonDisable SELinux protection for courier daemonDisable SELinux protection for cpucontrol daemonDisable SELinux protection for cpuspeed daemonDisable SELinux protection for crond daemonDisable SELinux protection for cups hplip daemonDisable SELinux protection for cupsd back end serverDisable SELinux protection for cupsd daemonDisable SELinux protection for cupsd_lpdDisable SELinux protection for cvs daemonDisable SELinux protection for cyrus daemonDisable SELinux protection for dbskkd daemonDisable SELinux protection for dbusd daemonDisable SELinux protection for dccdDisable SELinux protection for dccifdDisable SELinux protection for dccmDisable SELinux protection for ddt daemonDisable SELinux protection for devfsd daemonDisable SELinux protection for dhcpc daemonDisable SELinux protection for dhcpd daemonDisable SELinux protection for dictd daemonDisable SELinux protection for distccd daemonDisable SELinux protection for dmesg daemonDisable SELinux protection for dnsmasq daemonDisable SELinux protection for dovecot daemonDisable SELinux protection for entropyd daemonDisable SELinux protection for fetchmailDisable SELinux protection for fingerd daemonDisable SELinux protection for freshclam daemonDisable SELinux protection for fsdaemon daemonDisable SELinux protection for gamesDisable SELinux protection for gpm daemonDisable SELinux protection for gss daemonDisable SELinux protection for hostname daemonDisable SELinux protection for hotplug daemonDisable SELinux protection for howl daemonDisable SELinux protection for http suexecDisable SELinux protection for httpd rotatelogsDisable SELinux protection for hwclock daemonDisable SELinux protection for i18n daemonDisable SELinux protection for imazesrv daemonDisable SELinux protection for inetd child daemonsDisable SELinux protection for inetd daemonDisable SELinux protection for innd daemonDisable SELinux protection for iptables daemonDisable SELinux protection for ircd daemonDisable SELinux protection for irqbalance daemonDisable SELinux protection for iscsi daemonDisable SELinux protection for jabberd daemonDisable SELinux protection for kadmind daemonDisable SELinux protection for klogd daemonDisable SELinux protection for krb5kdc daemonDisable SELinux protection for ktalk daemonsDisable SELinux protection for kudzu daemonDisable SELinux protection for locate daemonDisable SELinux protection for lpd daemonDisable SELinux protection for lrrd daemonDisable SELinux protection for lvm daemonDisable SELinux protection for mailmanDisable SELinux protection for mdadm daemonDisable SELinux protection for monopd daemonDisable SELinux protection for mrtg daemonDisable SELinux protection for mysqld daemonDisable SELinux protection for nagios daemonDisable SELinux protection for named daemonDisable SELinux protection for nessusd daemonDisable SELinux protection for nfsd daemonDisable SELinux protection for nmbd daemonDisable SELinux protection for nrpe daemonDisable SELinux protection for nscd daemonDisable SELinux protection for nsd daemonDisable SELinux protection for ntpd daemonDisable SELinux protection for oddjobDisable SELinux protection for oddjob_mkhomedirDisable SELinux protection for openvpn daemonDisable SELinux protection for pam daemonDisable SELinux protection for pegasusDisable SELinux protection for perdition daemonDisable SELinux protection for portmap daemonDisable SELinux protection for portslave daemonDisable SELinux protection for postfixDisable SELinux protection for postgresql daemonDisable SELinux protection for pptpDisable SELinux protection for prelink daemonDisable SELinux protection for privoxy daemonDisable SELinux protection for ptal daemonDisable SELinux protection for pxe daemonDisable SELinux protection for pyzordDisable SELinux protection for quota daemonDisable SELinux protection for radiusd daemonDisable SELinux protection for radvd daemonDisable SELinux protection for rdiscDisable SELinux protection for readaheadDisable SELinux protection for restorecondDisable SELinux protection for rhgb daemonDisable SELinux protection for ricciDisable SELinux protection for ricci_modclusterdDisable SELinux protection for rlogind daemonDisable SELinux protection for rpcd daemonDisable SELinux protection for rshdDisable SELinux protection for rsync daemonDisable SELinux protection for saslauthd daemonDisable SELinux protection for scannerdaemon daemonDisable SELinux protection for sendmail daemonDisable SELinux protection for setransDisable SELinux protection for setroubleshoot daemonDisable SELinux protection for slapd daemonDisable SELinux protection for slrnpull daemonDisable SELinux protection for smbd daemonDisable SELinux protection for snmpd daemonDisable SELinux protection for snort daemonDisable SELinux protection for sound daemonDisable SELinux protection for soundd daemonDisable SELinux protection for spamd daemonDisable SELinux protection for speedmgmt daemonDisable SELinux protection for squid daemonDisable SELinux protection for ssh daemonDisable SELinux protection for stunnel daemonDisable SELinux protection for swat daemonDisable SELinux protection for sxid daemonDisable SELinux protection for syslogd daemonDisable SELinux protection for system cron jobsDisable SELinux protection for tcp daemonDisable SELinux protection for telnet daemonDisable SELinux protection for tftpd daemonDisable SELinux protection for the web browsersDisable SELinux protection for transproxy daemonDisable SELinux protection for udev daemonDisable SELinux protection for uml daemonDisable SELinux protection for updfstab daemonDisable SELinux protection for uptimed daemonDisable SELinux protection for uucpd daemonDisable SELinux protection for vmware daemonDisable SELinux protection for watchdog daemonDisable SELinux protection for winbind daemonDisable SELinux protection for xdm daemonDisable SELinux protection for xen controlDisable SELinux protection for xen daemonDisable SELinux protection for xfs daemonDisable SELinux protection for ypbind daemonDisable SELinux protection for ypserv daemonDisabledDisabled Permissive Enforcing Do not allow any processes to load kernel modulesDo not allow any processes to modify kernel SELinux policyDo not allow transition to sysadm_t, sudo and su effectedDo not audit things that we know to be broken but which are not security risksEdit Network PortEnable AuditEnable/Disable additional audit rules, that are normally not reported in the log files.EnforcingEnter complete path for executable to be confined.Enter complete path to init script used to start the confined application.Enter unique name for the confined application or user role.Error allocating memory. Error allocating shell's argv0. Error changing uid, aborting. Error connecting to audit system. Error dropping SETUID capability, aborting Error dropping capabilities, aborting Error freeing caps Error initializing capabilities, aborting. Error resetting KEEPCAPS, aborting Error sending audit message. Error setting KEEPCAPS, aborting Error setting capabilities, aborting Error! Could not open %s. Error! Shell is not valid. Error: multiple levels specified Error: multiple roles specified Error: multiple types specified Error: you are not allowed to change levels on a non secure terminal ExecutableExisting User RolesExisting_UserFailed to close tty properly File SpecificationFile TypeFile Contexts fileFile LabelingFile SpecificationFile TypeFile context for %s is defined in policy, cannot be deletedFile context for %s is not definedFilterGPLGamesGenerate new policy moduleGroup ViewHTTPD ServiceInit scriptInteracts with the terminalInterface %s is defined in policy, cannot be deletedInterface %s is not definedInterface fileInternet Services Daemon (inetd)Internet Services Daemon are daemons started by xinetdInvalid file specificationKerberosLabelingLinux Group %s does not existLinux User %s does not existList ViewLoad Policy ModuleLoad policy moduleLockdown...Login NameLogin '%s' is requiredLogin NameLogin mapping for %s is defined in policy, cannot be deletedLogin mapping for %s is not definedMCS LevelMCS RangeMLSMLS/MLS/ MCS RangeMLS/MCS LevelMLS/MCS RangeMemory ProtectionMinimal Terminal User RoleMinimal X Windows User RoleModify %sModify File ContextModify SELinux User MappingModify UserModify an existing login user record.Module %s.pp already loaded in current policy. Do you want to continue?Module NameMountNFSNISNameName ServiceNetwork ConfigurationNetwork PortNo context in file %s Node Address is requiredNode Netmask is requiredNot yet implementedOptions Error %s Out of memory! Password:PermissivePolgenPolicy DirectoryPolicy ModulePortPort %s/%s already definedPort %s/%s is defined in policy, cannot be deletedPort %s/%s is not definedPort NumberPort is requiredPort number "%s" is not valid. 0 < PORT_NUMBER < 65536 Ports must be numbers or ranges of numbers from 1 to %d PrefixPrintingProcess DomainProtoProtocolProtocol udp or tcp is requiredRed Hat 2007Relabel on next reboot.Remove loadable policy moduleRequires at least one categoryRequires prefix or rolesRequires prefix, roles, level or rangeRequires setypeRequires setype or serangeRequires setype, serange or seuserRequires seuser or serangeRevert boolean setting to system defaultRoleRoot Admin User RoleRun booleans lockdown wizardSASL authentication serverSELinux UserSELinux AdministrationSELinux InterfaceSELinux Policy Generation ToolSELinux Port TypeSELinux Port TypeSELinux RolesSELinux Service ProtectionSELinux TypeSELinux Type is requiredSELinux UserSELinux booleanSELinux fcontextSELinux policy is not managed or store cannot be accessed.SELinux user %s is defined in policy, cannot be deletedSELinux user %s is not definedSELinux user '%s' is requiredSSHSambaSelect Management ObjectSelect PortsSelect Root Administrator User Role, if this user will be used to administer the machine while running as root. This user will not be able to login to the system directly.Select directory to generate policy files inSelect directory(s) that the confined application owns and writes intoSelect executable file to be confined.Select file(s) that confined application creates or writesSelect if you wish to relabel then entire file system on next reboot. Relabeling can take a very long time, depending on the size of the system. If you are changing policy types or going from disabled to enforcing, a relabel is required.Select init script file to be confined.Select the domains that you would like this user administer.Select the user roles that will transiton to this applications domains.Selinux File TypeSemanage transaction already in progressSemanage transaction not in progressSends audit messagesSends emailSetup ScriptSorry, -l may be used with SELinux MLS support. Sorry, newrole may be used only on a SELinux kernel. Sorry, run_init may be used only on a SELinux kernel. Spam ProtectionSquidStandard Init DaemonStandard Init Daemon are daemons started on boot via init scripts. Usually requires a script in /etc/rc.d/init.dStatusSystem Default Enforcing ModeSystem Default Policy Type: This user can login to a machine via X or terminal. By default this user will have no setuid, no networking, no sudo, no suThis user will login to a machine only via a terminal or remote login. By default this user will have no setuid, no networking, no su, no sudo.To make this policy package active, execute:Toggle between Customized and All BooleansToggle between Customized and All PortsToggle between all and customized file contextTransition staff SELinux user to Web Browser DomainTransition sysadm SELinux user to Web Browser DomainTransition user SELinux user to Web Browser DomainTransition xguest SELinux user to Web Browser DomainType %s_t already defined in current policy. Do you want to continue?Type Enforcement fileType is requiredUSAGE: run_init