]> SELF self FALSE false TRUE true ALLOW allow NEVERALLOW neverallow AUDITALLOW auditallow AUDITDENY auditdeny DONTAUDIT dontaudit ALLOWXPERM allowxperm AUDITALLOWXPERM auditallowxperm DONTAUDITXPERM dontauditxperm NEVERALLOWXPERM neverallowxperm ATTRIBUTE attribute ATTRIBUTE_ROLE attribute_role BOOL bool CATEGORY category COMMON common DOMINANCE dominance EXPANDATTRIBUTE expandattribute MODULE module PERMISSIVE permissive ROLE role ROLEATTRIBUTE roleattribute SENSITIVITY sensitivity TUNABLE tunable TYPE type TYPEALIAS typealias TYPEATTRIBUTE typeattribute TYPEBOUNDS typebounds USER user IF if ELSE else require REQUIRE optional OPTIONAL DEVICETREECON devicetreecon FS_USE_TASK fs_use_task FS_USE_TRANS fs_use_trans FS_USE_XATTR fs_use_xattr FSCON fscon GENFSCON genfscon IBENDPORTCON ibendportcon IBPKEYCON ibpkeycon IOMEMCON iomemcon IOPORTCON ioportcon NETIFCON netifcon NODECON nodecon PCIDEVICECON pcidevicecon PIRQCON pirqcon PORTCON portcon SID sid CLASS class LEVEL level POLICYCAP policycap TYPE_CHANGE type_change TYPE_MEMBER type_member TYPE_TRANSITION type_transition ROLE_TRANSITION role_transition RANGE_TRANSITION range_transition DEFAULT_USER default_user DEFAULT_ROLE default_role DEFAULT_TYPE default_type DEFAULT_RANGE default_range CONSTRAIN constrain VALIDATETRANS validatetrans MLSCONSTRAIN mlsconstrain MLSVALIDATETRANS mlsvalidatetrans ALIAS alias CLONE clone INHERITS inherits ROLES roles TYPES types RANGE range SOURCE source TARGET target SAMEUSER sameuser low-high LOW-HIGH high HIGH low LOW glblub GLBLUB OR or AND and NOT not xor XOR eq EQ eq EQ dom DOM domby DOMBY INCOMP incomp r1 R1 r2 R2 r3 R3 u1 U1 u2 U2 u3 U3 t1 T1 t2 T2 t3 T3 l1 L1 l2 L2 h1 H1 h2 H2 always_check_network always_use_network cgroup_seclabel extended_socket_class network_peer_controls nnp_nosuid_transition open_perms redhat1 accept acceptfrom access acquire_svc add add_child add_color add_glyph add_name admin append associate association attach_queue audit_access audit_control audit_read audit_write bell bind blend block_suspend call check_context chfn chown chsh compute_av compute_create compute_member compute_relabel compute_user connect connectto contains copy create create_files_as crontab dac_override dac_read_search dccp_recv dccp_send debug delete destroy disable drop dyntransition egress enable enforce_dest enqueue entrypoint execheap execmem execmod execstack execute execute_no_trans expand export force_cursor fork forward_in forward_out fowner freeze fsetid get_property get_value getattr getcap getfocus getgrp gethost getopt getpgid getpwd getrlimit getsched getserv getsession getstat grab halt hide hide_cursor impersonate implement import ingress insert install install_module ioctl ipc_info ipc_lock ipc_owner kill lease link linux_immutable list_child list_property listen load_module load_policy lock mac_admin mac_override manage manage_subnet map map_create map_read map_write mknod mmap_zero module_load module_request mount mounton name_bind name_connect net_admin net_bind_service net_broadcast net_raw newconn next_value nlmsg_read nlmsg_readpriv nlmsg_relay nlmsg_tty_audit nlmsg_write nnp_transition noatsecure node_bind nosuid_transition open override passwd paste paste_after_confirm polmatch prog_load prog_run ptrace query quotaget quotamod quotaon rawip_recv rawip_send read read_policy reboot receive record recv recv_msg recvfrom relabelfrom relabelto reload remount remove remove_child remove_color remove_glyph remove_name rename reparent rlimitinh rmdir rootok saver_getattr saver_hide saver_setattr saver_show search select send send_msg sendto set_context_mgr set_property set_value setattr setbool setcap setcheckreqprot setcontext setcurrent setenforce setexec setfcap setfocus setfscreate setgid setkeycreate setopt setpcap setpgid setrlimit setsched setsecparam setsockcreate setuid share shmemgrp shmemhost shmempwd shmemserv show show_cursor shutdown sigchld siginh sigkill signal signull sigstop start status stop swapon sys_admin sys_boot sys_chroot sys_module sys_nice sys_pacct sys_ptrace sys_rawio sys_resource sys_time sys_tty_config syslog syslog_console syslog_mod syslog_read tcp_recv tcp_send transfer transition udp_recv udp_send uninstall unix_read unix_write unlink unmount unused_perm update use use_as_override validate_trans view wake_alarm watch watch_mount watch_reads watch_sb watch_with_perm write add_auth clear_uid closeDecryptSession consumeRights decrypt duplicate exist finalizeDecryptUnit find gen_unique_id get get_state grant initializeDecryptUnit is_empty list openDecryptSession password pread reset set setPlaybackStatus sign unlock user_changed verify rule_mount_fstypes##AppArmor Security Profile policy_module gen_require template interface optional_policy gen_tunable tunable_policy gen_user gen_context gen_bool gen_cats gen_sens gen_levels mls_systemlow mls_systemhigh mcs_systemlow mcs_systemhigh mcs_allcats ifndef builtins##GNU M4 m4_builtins##GNU M4 regexp patsubst m4_regexp m4_patsubst