From 86450bfafbc5945c5cafd0b50ea07f1be8d60e08 Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@redhat.com>
Date: Wed, 26 Jun 2019 17:12:02 +0200
Subject: [PATCH] iii

---
 FedoraBook.te   |  29 +++++++++++++++++++++++++++--
 logo.bmp        | Bin 231482 -> 231482 bytes
 pkglist.txt     |   2 ++
 prepare-root.sh |   3 ++-
 4 files changed, 31 insertions(+), 3 deletions(-)

diff --git a/FedoraBook.te b/FedoraBook.te
index 417589a..a720247 100644
--- a/FedoraBook.te
+++ b/FedoraBook.te
@@ -1,11 +1,15 @@
 module FedoraBook 1.0;
 
 require {
+	type policykit_auth_t;
+	type policykit_t;
+	type sssd_t;
 	type system_dbusd_var_run_t;
 	type iscsi_unit_file_t;
 	type etc_t;
 	type systemd_timedated_t;
 	type var_t;
+	type usr_t;
 	type NetworkManager_t;
 	type systemd_networkd_var_run_t;
 	type default_t;
@@ -28,13 +32,16 @@ require {
 	type init_var_run_t;
 	type svirt_t;
 	type user_home_dir_t;
+        type chkpwd_t;
+	type xdm_var_lib_t;
+	class sock_file { create write };
 	class file { create getattr map open read relabelfrom relabelto rename setattr unlink write };
 	class process { dyntransition setcurrent };
-	class dir { add_name create getattr read write search mounton };
+	class dir { add_name create getattr read write search mounton map };
 	class process2 nnp_transition;
 	class service { reload status stop };
 	class dbus send_msg;
-	class sock_file read;
+	class sock_file { read write };
 	class lnk_file { getattr read };
 }
 
@@ -87,6 +94,24 @@ allow useradd_t var_t:file { getattr open read write };
 allow xdm_t avahi_t:dbus send_msg;
 allow xdm_t getty_var_run_t:file getattr;
 allow xdm_t lib_t:service stop;
+allow xdm_t xdm_var_lib_t:dir map;
 
 #============= svirt_t ==============
 allow svirt_t user_home_dir_t:dir read;
+
+#============= chkpwd_t ==============
+allow chkpwd_t usr_t:file map;
+
+
+#============= policykit_auth_t ==============
+allow policykit_auth_t var_lib_t:file read;
+allow policykit_auth_t var_lib_t:sock_file write;
+
+#============= policykit_t ==============
+allow policykit_t var_lib_t:file read;
+allow policykit_t var_lib_t:sock_file write;
+
+#============= sssd_t ==============
+allow sssd_t var_lib_t:file read;
+allow sssd_t var_lib_t:sock_file { create write };
+
diff --git a/logo.bmp b/logo.bmp
index e16865a61bcb8f68cf1954ce31519602cb9c54ac..5e10b8cd3ce4e43d54b352f629f2f84dbb67f2a5 100644
GIT binary patch
literal 231482
zcmZ?rwd!DI00Ao&28J9428IWW5X{KH0TO0lXkli!&dUJC9~c-IK-kGWs2CziJjsMb
z=?aDw3?U(Z7*>S*VfX{WEB-Jr{Q1MM;?Ez3KVZB9#AW!iB81@&0|Uc~5C(=21_p+Z
z5D>}0Fsgqv{6^Eyz~vt-S$b4xGz3ONU^E0qLtr!nMnhmU1V%$(Gz3ONU^E0qLtr!n
zMnhmU1V%$(Gz3ONU^E0qLtr!nMnhmU1V%$(Gz3ONU^E0qLtr!nMnhmU1V%$(Gz3ON
zU^E0qLtr!nMnhmU1V%$(Gz3ONU^E0qLtr!nMnhmU1V%$(Gz3ONU^E0qLtr!nMnhmU
z1V%$(Gz3ONU^E0qLtr!nMnhmU1V%$(Gz3ONU^E0qLtr!nMnhmU1V%$(Gz3ONU^E0q
zLtr!nMnhmU1V%$(Gz3ONU^E0qLtr!nMnhmU1V%$(Gz3ONU^E0qLtr!nMnhmU1V%$(
zGz3ONU^E0qLtr!nMnhmU1V%$(Gz3ONU^E0qLtr!nMnhmU1V%$(Gz3ONU^E0qLtr!n
zMnhmU1V%$(Gz3ONU^E0qLtr!nMnhmU1V%$(Gz3ONU^E0qLtr!nMnhmU1V%$(Gz3ON
zU^E0qLtr!nMnhmU1n3h2%&Z&;z{*b_OGj;?TL>T`7s48iV!8!AT`YpcDl*AR7kfu7
zp-%`P$1IFJT1wL=?CD_(EKX7A(FmqT(9^{Zlz4@6MkAOmflmiZ;8BXopo7h$R?s5^
zP@@&j8*OCKBk<{92Rug67^5XL9Ri;YR-i>If=dUxN3EcJ2=GGz@-P-Sl1DQz?E{~#
zHlW8aT`eEAjP@bG56-u6f|>R<j@m%i5MYMKEto-9yGJdfLkOT2(W4od4na;=E6_@4
zy4pQz8683ZH3N?}q3IChbhTnM1JgCQ>2KL+2Bv?Q)6+)O3_LmtO-|VJ^Rptd2`ei<
zeX2Qr;_L+XjNk-0-WxW0P}4dG2T>m5N9$yQgA(VWC$KD>z-a+o1(<<N8K$i`>_nsj
zkXiIede|I12*gl>f`fyIz(C4Gpx{Ho*fk?5;J}lB2q{BPiD32EZAA6dh%TVPp@c*b
z4h+=5L(&RjVheAOI0EBL(+DLX7KSpc(TgKFf($^y*c^pn{_qsQ3^f9QfvEv0AUQZV
zu#6X>D!>_z1eBpl!+2O-i|$4&Zo=t`VJ3l@8Sw`OdeFhb89`$f00=n{3ugd=BoP>0
z8D`xJR*N-$!7|7Mx?v-Sj~oh6Ha^c2j$RH9j0lFB3#D)x50!^f=*pnN=oGg2#dIV#
zRp=HBOFm{$;B8@HQ;r_um=TPs0%thlRffxEY%zyfCSfEwoQ@b~5|}}O89fLu;|gTd
zn8B!nQKb>ap|S8P!{$(s25j*Q5=X;mR*e)c_6Wo2d(1#)W#;GSN7>y44p`Js2MfUo
zoTkH7fEj4Yz+xx_D=TP#1=S|7CTyO<q71Bdm=o9=Ew};$Bj6AU(WOwr4JBG|51`;x
zhAIiKL=Y}O*odwa#2=vrG|20i7*}ARsYDq&LW^LOa7WdLhzK+mUS+6~IJ&)H1JPUp
z)rjICu(}aIU=IphLriF@(Nh65AfXg;=s|^`6tWBo8!8W_P^1{p?8X;cn3V{~MEt!z
zRLh194>>51+1P^*6ii4MT@h*&Aj=|YB6oZe)o|QpJOcv*s%>!Iu!%GhJOcMT2L}gA
z2x2n>MFG45L{bSdjg=ML;zEvH^bkkVfyxBwM_^PrG|N#XQFzEr3S?cVPD0T#Tsg?z
z=RisK*a8DN;P7Qb%+Nwa8i<7{4;2APA}~}CN})Iva|8vd3Pd4H;6U*cdUXO)JIpb1
zk<7|~%)?e&AqO13PBLboq3Xnxhl=1+Ms)llD@64Z)RvJ$AqNEqKWY;OODLcQKeil>
zMH5&ERVP>o8-Y(5id*sJU*uHE&wyO!km6!&&Kq)KC}GBc8o!u<fub5$6B~ON;EOmU
z9r%=?+K#8JMK*+RnnkjG_%V@#0u*BCd{iGJX9d!#UzD01Ps%{HA6*%-@r&Y0w8k`M
znnm^DFyo;F8K}ZVF4{1AASkl<N=VFL!WVH!s_`j9aV#F&k<9?5S!7p(_(;|bcP6se
z!Q(+FVTh5~kwcEO<`o_DFNPOT1crNzqWTXd!oX6<A{dDsSrTK02&^3^fvS}(Whn84
zJO84jS+GUOc4MSju!><ypoADCHc>(cJur|1YOuyH7C#|78{*4h8lULi!V;M%!2_z1
zk@X-46bA<fXm$=SMoJ&3T9FM!VdGPV;xwH37o~LtaR7=pQLG#09F)+6_!Tt}A!0BR
zRSrcnb`B(X!P-$3fQ7IT_>`eqk1Hdhm;kW?MI(}%AhN@kMDaH)yimdiH84=rqo~8d
zLDG(@0%w@wQ-*3i%)Mwvp(ui>K`|9g!!YKelv}X4Kq=o~0R#yIl(0hyGaMY4nP{C*
z^o}jWbTEl(5LgIKpjwaWG`J$He!?mU*D_ogsNn^R3sg}QzoSZ_Mg>+L%uM>lFRBw^
zu168YkuYFthYyV-r=r9ZQVgMuUZN<&!9fZuR24`Ps7!pyP+|#3`wF|CP<5i(IDC01
zVToueqZDSSi5*1;5geqjLsg9=fy%_E3^kTeT?R7+ML!~O;t+=E8kRI_a3R71RUF0Z
zD8WPo2T3!kY9t9%CO&1T4#OJ1s7eq<W6#zI`QgYy$*0I;%_w1vh<A)i6h$3Y4pOk8
z%A=TyqzdmaCTiqijb9W$A*n#siqm#vmkfC}N{AzhX9ko>e$;9XMGLAFG&oQK5-EVu
zA`WK=quKy96iT6(P1ttucsf)os`bd8g((<zG-_xe2RLpSl<Yw`gmK3&vJ6VdQWn1`
z#V~S_gqmhiWKgUhMjX_*Lh%?%AR{MsR6W=t2_=M)6Ag-)xI4h8%1~T|y7&NV>O#?t
z;ym1G7S)bn!$b8jN?71d?5LWsWdoEHfE-vTL62?aB}6f*GKd(AM715&$zV083XoG5
z+WJi_dcg(^BLXF(p;T4q{aoa5!WaDDz(G*}7J(8d61eA%QI$dULMhbf!xBd*i3=_D
z;gf@!KddNx0g2igK@Lb%UC1#H4IE?z$Qn_N1TD3OYCxlq^`n>KgyI*kJgOuXm!mmk
zh;vcBixLwIXf0^ujDVU8(6yoEe3U>$jX0c(w@{U#1~Ps(GoUP##H;~OOvZFMs#Qat
zhZ<2RF~NWqO~{2eY7isGJS0R=0udqvB~fHR9PB|1l0jgoUMPiXIi`MuJ`fA42~Oen
zF<jX&VSqvafiXOVkOEEPBT1u3V4S0Z5(B6afT|J1LzRcx0g^yqs34R=F&(pwM3OXe
zuK;TNaH0r=1<@^Nw2Y648H^ehMGDG+>qZ=W2bF<Rs6kG^(S$N6)J!OaYV>g95ef^`
zpoGT*<`5;a6l$tK%bw6+g-{6VLCbrPiwKB3j6@A~R7atikJdZJtU6F#hg|8P+A=J7
zumFV6m|j8+O60&olR*k6v=i-6VjeB@(G5Wqwh#xwNSMPQH>03-=~y9xAQG$$O%^PM
zLZDiTo;*;L4s{M;ufjqYLL<i&BJV-upgZ`{Viyr(kg!6v5nVAtHN;F93DJu-I02J{
z(~ziwbHNN`7h^XCCORBx)HuQx7O1%ar8NQ$KY|2Wu%X2-Di>+E1JzuZA*iD0JaGJ?
znF!N~OcVAsvg#qsCL%2GC_$4#4{Zn^J<XtM;zz3tsgQqBBM%(q=rM$vX0a+k*D^Hu
z#CQ}EO)wHAx=`Z^rUZpXQ4b0vR6S^$`lyh9QO!qc6@V;<Vq(-ll@4tRB`UCo1=?T`
zYGOwVC{*J>JdEf?YhPguk-^Oe=|*5!Fe5~;u|S$pvoCUk5M~BO+aIOUK~gp3nP}02
z-9LC0VYH7>gB>$^G2<82d{7jD-GOQlSO_CxP}M*(KdKnqIG6zt8nxWQkq974hcbzp
z)^UUd+Jpdll%WL`a_~YM)TkkZ8l50H6cM;1kPSl2FQAH|^H|XbRB;qZXo(D$Dv;xb
zG)4^{^q7NrjX)~EnT4^NhZ38RoP#VxY5bx(7GgfkBS<u=&*7FLsTc-K<Z#6pMnw3J
zure%Bj5Y6q%tX!aAQ6;I2M=o07=WlF-2X*$E8H}gei%(;GJq)`nl!PVL=9@}tr4{Q
zQ%DUESPH?JEKm(ZiAJ1}h^lAA@lXN@-zHvS(*Yer5IM<>#xM4OM=dGwG&0Z<0`__p
zyB)L=MNV>~@ryl_k@En~WfWkos453Tcp@jc!QdWnFbysOIf$^|bOLuTa&Ez&65v{B
z%|J?Wqw$M1u+bt7U#W|h6!0m<Y84Fxkz79-zgWW;DF=X<Sk=G;K?)FfFa#)4k{b-p
zfd$myp^*Xz6m$3k2`RUL6b}YpfZPGW_?<o&+&U0$K#MZ`WiDD`z^|A(z5y-AKwwNW
z5v~8x_{9tzjFBL0N|3}LIR!@2BSc|#L1-kWK$(anM-SIPEgd=(B6z?7NGOa*%I#DM
z1+cT=1QsLVP9o%XEP98(5Il4sK}e{?MN1CY$0(^9Y7lq9NGwLfoirN1n4tp?9B2Sy
zsz4PXRXwV1a(GaOK`C-f7|D7NtrKtn63zl(We9>$ey2Qa5q5!Cl$$rQOaO%$5+)p7
zBqs<;!xPDMgJj5zQXkP#Kk3CS={hL%&S?Bn7=VLZ`)K?Q@(7~Pd86@5VE_(t?W6HK
z$RlXfd7~jP8UmvsFd71*Aut*OqaiRF0;3@?8UmvsFd71*Aut*OqaiRF0;3@?8Umvs
zFd71*Aut*OqaiRF0;3@?8UmvsFd71*Aut*OqaiRF0;3@?8UmvsFd71*Aut*OqaiRF
z0;3@?8UmvsFd71*Aut*OqaiRF0;3@?8UmvsFd71*Aut*OqaiRF0#pbA<YU%Rci4{d
zpdr9Y<Qei*hz+U&*b(?pZ;Vp-LV%T-@R2iAjU5UN8;x9iv58%7=tMF4;Wya*Gb)M^
z0z)DbkH#)Wyb&)j=wo=aWF|f`v8g0{v>%04CuQ14GcUGCBS~y9XJNEsVoCDXsA6ac
z(BZUPGBYvMfuj^<Auw3WXv%ywsv8jkWacm0YC|}0ltpO>&^D&XGM!Q{jp|1Z0kWci
zmYR?qH_E0s1O{6jJlb-mI7(3s7+kGrTK9WdS(*9ynOR3tDjH1vV4|XzAN?MB)C7y0
zhmw?uvI=SzKLZ11iohXA?7$m8%KhI^i?C9-{0l02F`b2J1TAY*63r&UxgcL*3vNt*
zp^0FmV`5_hVk265z$(ZA_AZ)AG-p7$V3iC|4qghZ5=+29QY#h-bkiUT!Nv?QK}^U%
zorvxULVQSkKsCcCV(jC9-5`x>1JnpqL1+>pBFv#GiEsc^C5D->SVMIIRvy#{sFMef
z!s<FyL0CMYiW21E@*+Wvh)YmVLl_!LsDe;i&@OGkW(QOy@$rkH66yeAiU3%c!L$q%
zjo}9@Ap>(O7AZVJ(BQ=4F+7@JQczu}Q3(}9jY_B>5&nQWh<KIgZ4Rha7#A|a9F0Q5
z6%Q-}#Z5RkWW_HuG_m>)hdoHbP;CPgzc3G@w(#ISA|i!waKO!gdSzfJlAMYZ{sfuG
z-s9&7^^lM}NZ3}W;sJ_ZNSh7h1|)yNDqrHVFT4o>GG*W}Y5*en2AK(qD`YW3Y=oEK
zkqJ-#=;a<3v!L2hod*@9efi7*k6^gt5kf?`9_%56ccJbc2ny^HLIfG{i|`y$Y{1MR
zB7~q}F<|ivcRxIWp)Ml22aS{<;9BX<fV&=V6vN^LuOd`Qc=#YiF9*ELLX9?5oe&;0
zBv2JX1yPNJ3KHQHsGEpTiEt^r*ALaq02hF`6Ca7t0(B$(Db(=8<yg|=7p4Ovr-J=V
zL<mEJ0@Zy`LAt~*yo82yhTtATZF1oXF|at;uTVD+5CwJzK?3GEf(qdZ;NF3Yz!|K}
zsF4PjKw&@)KvfDAq)+_9JPk>rP^(EOod-n=8YN6|a$sJ?sQ^O)792$6R1Cdf0jL23
z7{9O~G;ow6vLe`ZL=sR>3>-yd@RJ<BFbyOWW@teM4U>V4Uql2W^<_~Vgyv{;F4PkP
zN6{*N;mIA{$3*j?VS*Z*P(k{X&xk=%2Do<^P^~898-zZn%jr#_1|Lr6!m=Yy1?UoR
zj}d7Bx_)@y0#!dWcu)fwDo8|9g}RCel~DJ<{0+4NTv9`&h@zkt!nM<#L6j>I4Fw{V
z!(#`Re~1WSsMdjvUqlHFbq>)108xk-@q+57HwAG9K@ygZ2`YpsAmk6!XoKlOrlBUF
zDufEsE&sy%>rjhPU4!gg>}*)LLABGL!tN{#QJ6b1Byb53@(JM#3^f5YM4^Ioj9-|~
z!8Q|iHClL}=mr}>X9CSVxVSKP;*!S@C+H0f9q0m369zhdIgpE3bT<;@!@>>f8TwNM
zT?kPCb0>sH1WC{*1kHe&FyQfv7{-E(V-a*XvI1DRK|Mo%3fVDu*f4jZhBh7z1bu=>
zFGLDz0;-KrK{}StNKHkOOJ_v86zXpJQ;@JENRHt6MUE4K;e@ULxo}4|h;D4u?1An)
zI3E_jL?>Zb#}7jTOag8+E(SCRP#p*rq+|Ytxfg6RhHr2=9wv^W8*Buf2_juga{R&*
zF3hJe8s<M3A14h}h&6suT@6)<Du~rwXmAsu5~dyIai|@r2@9qOHx1P`fD~@GA<MwM
zi7beZjZ*{EtAv9Xn?jhWsJgMK#O^lI;}>c+oWgD{PEokN0b}5F8j1ugU?EdwC{j2$
zFb|<g!wf==Av8r`E;a*Tx=~uPFhRmb!bYQrPziPdQrimV8WfwMittcyZ3D)@<2WQK
zSQrw&b^+!gw6KKcAR>n8VFn-<&@kO7vr@3CfQYgasvpfwNd81)Le(=c@WTUuXuTk#
z;JRR*p+Aird>|)b$4Cw(P6J{>4b?!H2ML=3Q;8g)Ffo(`j4(mMMv|I;VJQb>9U`hx
zJ%pDB*93DT{b}Uj!|hh2_$4+A!@PoG0ZfpHVh*kpVE|HaVG*Q${KB08G8%3<5#<Cd
zAmMu8Cefb(a|>P?C4L$BiSZ)bZ-}UX<sSwjif5!@BiN2KxQU=Zf|-h($MAXqBndSE
zrWYiH2ZO8uW3YNe5a7{*CI!|#zyv65qB#qbi|`!OwO}t}szVlmszj_eL^1?f9S$}^
zI|BnhKbCV^LD7zMdMgnwf~7BFlp@a@L0kw;91Nh+8X`i7MCd^F44v6Tc@`;Zpw1(#
z4O0(PD{-^raK%J22n9As9va|;-OhnLv<S-qaEB13A9;l>T<1VAKprQAvBVW&PeMZz
z(@%u8A}x)<)Q(kzC^MlhB1J87VuV{vD7YZ<SON`h0v#E|_!gT}A)dfTLW2{-FZlGp
z<uG(X1^BU>3fG5^0o6*3k6~pwa*rQg*TZr&KD)4Wo}pf#Glk!kU|CrFLIViwK(GXU
z0$Dj&517EO2PO+vib?PzSBwa0;zAti9+Ki0<{l6Y)lWq0AEkgtICDT)#CR9#FnFp)
zF1A2E$ARG~9;%;#NPUR%85X2a1Hf*@G!=*S=)zFLz=oj9q4S}Zpe7uMD~QsM)B%9#
z8aNWw59l5R^C6By&OBgY!UQx(A^JfBL4>tHR6sSNW>;9p3@QmVmALTc;DD{gAi}?}
z))Bf=kj2DV2T}=j-#}ADI2ckugM15Np^OkhA_NzS<WW$U2A47nad4=BY=q_{l&nu;
z#|UOP*i0h43sDcU9Ku47#BHuYls{k_2bv(p$E=9RL1H32j*rF4O3vw5NY=12BW#CT
z1QNs+1#kse7_3B%&0x_;s?b13DXRUX1{0~i9dYWB3N6%-9w6R`ivZes7+Q%9P-J4W
zmbU&KVWtnh=p}wob%aF~S>DB#fd*WRET4>O!VH1In0rB~3)7{eB4mWXV2xg4C+^Ac
z@<`G$*jmn@oD0Lm^n*uIT#@0|!5qDasdzFxHmU_N01C@5gODE0!sI7Zq(Rd`7_%@Z
zjm9u}F+4P47aYr@!<8gQ@gT2v!O@CD@M9UzC)v*<MFT62H6=*lIVhQ+NuSZIj3<?{
zf-Z&`lu<Y8s8KK)0;3@?8UmvsFd71*Aut*OqaiRF0;3@?8UmvsFd71*Aut*O$RWTF
z2gstNuqieGVj0{RdJG4{ErZxSG)T}65cq}xqMVF6-$d3d3d$fT#`+dk4i4f>MKK0x
zs}vq@knUZmVW{Kt=*bBbCK&#J>KsT4<Sx*7E4q7exe3*mAe|sgTx>wi#AXDt0kB9T
z;3RCu5KI=NdKc<s25gogyAKoygK@SW=3mrJT`*r^&<N#F4<RUI-(u)P62N5yJcbcQ
zBI&|l;xYz*3?p<A>s+wK2yF<*fmm=uKpZfJi-7eFJOOqTgdoB(5QVr%V*G|Hq(Eju
z^dqUjUEU!n0_jA>#AzeKyHF)~EQ4AFD{&y3%=j6Y8Tk1bpmI<{28IGvMzFvk=pH0r
z!1SQekQl<_75qkkU4U#P4wLW%I7BztAS{}ZttYz40WlI63HCCQBtHWKC~7&F83x04
zU?hhTI$eNZpn}Z86|j)7CTIjJ%8pQ6bp}CWU|V@1wjz-rC&Dm(r@}Q6v<wuXFf$>0
z`1u)FL8t!^X#w0OS}>3tMj(C(`V(ptI6Y%`DiKDoqV6)r8brvM5NatF3adL%)M0ld
znkW%&=0`oe0hE9FS^4?l?Flp!>B>d%FxDV}ItRHRN701A!D$K+LB+v=8hO~_7sEmv
z0@&Pvq7>>gycDW)P_!dBsEQask;}m_D2iv)l!q-upuR`-0>W$9SU8L!Dtgh(!xFz}
zD)4ZzxC2Es)NA-CQoIc_n}MI18MHbJi}m=dqKzEPQD7Rki-^y?AcL@*1Ck*XW5zEj
zCSbY)MK|FPB_~M^hE^5AXDA-V3=gP6Z2n|r<>%+eaqTNq8w!PD6R{kO_$4hvVR#6|
zUKHnH<6!ePiV0Xb*i0HQF%%bK1P9bvnEpg=J77EB0;&;-!WJ>06aqSF5=Sb5G)9rk
zKx<q>-OkL<&(FY*eRVI2X7pnu(IqkXPz#VLR!Gr{D`A6_Vi+@!0w4#$F|PQ9D}XXE
zausT$7t+Z`^%Z6kK^-i{A`h|*%_dA$C{D&QhKTA4)aC}790nKU091@>8>$?fhhfe@
z3cy_jVxTx5;VSg3hfNt;&|)Y78IOW7RA9y(X8uJn0o!OVh9PLypcsJgAyyV4v#^&Y
z1bUfRZK9zdiignx17<CX8pJ8>Fli`_5*$!5IE5mK8E+7EsP=$)sQDM&6m0HAZwW$-
zhLK=HVFXMN2MtpOrBR&%)q|e&L298=gM$J&2#&FZ7y1@(tlot91>so?MQ|%13=DaQ
z0T4-K5>+9x47N%DYzkT;KplldF#)U`CxMnwP+bDog<>Ft1D6{N42YAUB-Z#v4KEzt
zgm?w66v9Q2a0!S-s9}y!hEa{978YoxAn8M4;!_5(A4;O=!r(v^K`EU6MkH#e%AwXj
zLiGSfFrWxPgBBy5z`PEjafTJ<i9RSwA-Z8Ch9z*9pt=~h5pWII7--oSn-Yi^%sp@#
zB0NY)xT`=6tU(5nfMcvGkiEi;<y3v-^OQj*;V}f7KtQU%7&&rK<?tAS+Db;rPhdk~
z1hTs^*f2#98jo$L&ca!3U|2vO0f_UVBsO25I3GE<NpK&E8L0gtbW@-%fl<g7qGn5U
zjmUi5_QA{r)5u!T*|?2BSBX)nU?><!0kB751h)7^2~}(gh;TiM87TP)Lo;f)qSU`I
zSAuE$E&(fn5y(nmVqhA>awGv%cOXe%VS)`q5Li?UoDjlUIOa@I6p-mo6f=;sBo^~f
z)FQ_(DItziEsE(_Y=;Y>BuN5JMo~M&`oAb4MZll%z(Hf6n1Mh0qK_FM*@zN~$axaY
zHZT_@9+4EIh=Wz)Ac$6oc|1K169+~Z#UDrk0doyWp$gN4MpGw#3Aq%-Qe4hPF$6^i
zDu*N|<7v;KnmPbH6c1yGUqbT4I2k3dk#Zz<y(l&!sYVgUt`#AQ5<g@ZLYk9NR1+$o
z5RRk=3nkPD#V;$7fEm>w6z`)-Veul0Y8+96B#gxbkPx!JkW?cJ<BJFsM-X%}N@~Jq
zEXZZ_#V8)e^a!fUQ556nAR9$mV4(~wAfg7vB{&Db;DLwYI=ComNs180V4-M7_6vqe
zkN}F?Mn?Q1`;vmd!V$j&LmXE`qBsQ<H8?PeI)b*1#P~(ZVkm)yBR~<tD1kL7;uqmI
z94r(kBd2T}>ggzq684x071iY^iV1NLo<LEF5XQkmu@Xo8;?RmDjKfYG!bln+Ok&kR
zRHHa~gv2i*W^k32kg&lZQ34BL3W_jhLPR$PM+D&zM%PUpCu5j800Jl;#tb%;P(@Ko
zh=Yh3)WE{D1I^bcRw7J65hiE|s+|ZMP+W}=#$chSBWN3n+YnC1Fm(U~2zdlWo)ivJ
z{Y#bhGfIph8IB{&P@IZTgF_gh0Lns9M_T+6R1LL)J`^F3pvaTLLGmVP@r$AwDKj8j
zjwFmdm~iDNWJB;(lqils@(K~Q5mb%c3>t}|co>V*P~-^>Zy+m1G7BZJ2u2OEA;|L!
zDB^@d1Emv<l-r3l1Vuk-PDb)LAy?8t9>v30oJLCApkx{(x1)&T%QYZ9sEUz-mXJ$9
zn&B9iVia+tc!z6*GEiLs6~sxQn2J-?fJmS?4NLr@RC@&C1|?9CeS=~NvIG`3N`gYp
zzbF!Tq6TaxE*nwA@p%VDA+~S<TLU3b{Eg30h;q7;1pPr!0m8W`N)f_ntE!N)B(fS9
z8^sXh_$4J2ajHc%9Z$TWq$X0FOh7HnoAjblJdDl1#CsGaP*IFRsm<`O&p|PS137+C
zOA`DU7^kmLBv4F83vg6-ph==}Q4B@#IGVx%;1YBj@g7A<2`FAcH3M%7M{y5o{GynT
zw-`jV4>`oqj7OG2aWN@n4yu`G#tbwU#c^1@i=qNgwm}V46n~*g;mg2iDp7J6svMqF
zf~pWDC7^f)?^;Jxl~_Xt;zv~5@Hh*ioX#YQH?aDG*uoW`Nhor7Rw$u{75Y9FR8z1z
z794tb)S*h@i(oXTfDOh*psB;{Dr}l*FNWe_td2wT04^t?CId88Xl9^fDP*N6t^sjS
zvICkaSY3;G9~-jysC78V0-R1kSBhc`5(jJuf<TfP6ikH6aIBwXU_gyIln_UF0X6I~
zf*!>hT-gTI46qhd+rUBy0>c)tb5N^kw8{XX8P39P3i?7n9EA?LlW`dacG*A>aBqSb
zI9vykLSWP&hq@WfpHNW*g(i<Rv@q15m(S??Akg9tVjIGt5EeufMnc3;NnC9Tw1k4q
zHVh}j>=`sPidS*C3N-^`JCq77D6oVWiaj6>Mlt~jVqi2?X!c+_g^&Ua3%~+c+>5#F
z6}2%B4l1x_WCBM90V}2_!OssHN=9}a2TTzCaxN4_pj?IO5A^uQR;OX4bkqZ4(YA-f
zEkui7OjD4Zip3B#{pgh{!XD6pH|Q~d%{GJ@B5Xq_rY{TA;c$<_7^pD_6NS_8V8wRq
z1*%@C*Ra|NKBI-76(iRn?1AcrQP@oZoxp+B5cKH98NVP4A&!CB1fsFI3!)0EZP?N^
z$QXKKY|aLG5Cx+|64qcvQI5nx(TVUIk_zIP7!gF0OE3eR2%C`$YobC5ZYIL71IvOt
z2rmOAnn(y%j3|M57O!mxNt7_fGz>)=p$jVu#S36(U{!`Dh-@dC6kaZ-ZD1?uP7oPF
zsLsWxV{v&EIdo9HMr0a6QHI4dBAt)DyNBXx6q}G_kbRCMOn`~33)SOv<`HlwOd2g{
zaRmlUIg~~&-O&9-lo9+Ws?Zz(HW5Vu)LLv5STP!bq7Gx{E=(3#6HJT{J!qmAZyN*2
z7wADtRIuXrB@ssOqjqx99RUt`B8<V(nE`7>@*k)Vj-xC9D}@m_)S#Gz*-?Y(9srs+
z2V?2Zqj?Dn7k~7kpC5<a0F>Cn8o#JX0E;Q0E*$oNMOF+l8+%xwdIQBl$Oa&>vD-F4
zqDbz-!$kEY*r^13ihO7xSUna3zY!oiQB;890E;PTW2TtC02xF`A6N~FZ7_4tbz)Bi
zFx4C!_$noIv*^Gl<Xo`B!M;a#43<7USTUHussr5wtoM+BwZn>3ln}=izxa&7TUbJ^
z0#OjBp;!kJ#x^>RO%YTr>NpL=%z-BHIv3(@oRNhqap2T|=~;*k7$npL6vyF=U(9(T
zxOsSU6T)<;b?Eaa*xTK>s|0*5#PmAdL|_+j!9xYafC<9Aj@3C>GBJJ)n5G~?8DuR8
zBZ3J<4k3(b2m`iEOwc7T<B`pSiGdsfD@KszA#7At5VZuYgJ>N%65>oKNwhPNj>iR!
z*AcA`p%D4#XjYW{;3&a}KYl@z0En}NiFFC+W(4$j0XYX!GU01PfQId%LB&C=Z6HSu
zAci>?Or!gHK-@)I{0@i{hmfV<c!d$8@jHZKjyR{nq83b##xHS!HiT4x;}u4X#_te{
zIpUlOi&`)}8o$H^+7MC&j#n5l8oxs*=7@7DENa2@X#5fvXhTR9I9_4IX#5VLm?O@q
zkWM``f=A<*xIi01s!-yW;Ajy&JT^MMLCsJ`2~EuPXw<ZdNV8B}G$>LWkq#f6%AiFv
zgc=ONIU2uIO(>9vg^^S>nmofs<CnZ}!=VeM0tT%~!l90C!lUs^)u2WRPHbxzsA?M#
zhM_oUFjN>sxOp%uffda#dZ0T=qw!1K)PfS8ph!lUZKtkX#F&QSp3(eEOpxJM1Bz2L
z%nDx5FfciJG=A|%7wNKSk&DC~i0m^Ozof??ejRxB77aiIkH#<l*djv~t&fD1fwAmj
zAj5o;w2a0tNx?;wV&oV_Wz#<ckH#-iQAU~~)JR3<k!B7RRFB3l6#@~%2;?Y5VPmMI
zwZLfn(j<g&)xk8e44<JW@jEbGG<?n*vT`Wl3eUm=5WsM|2g7LTkd00(4#$>-u_&Xp
z5K=;;f9sCco*Pi}F?Ws)h;tAbctETl)|R3~F}}T4v<wAkK{A?qX%onxZE~!roBC*D
z5l&P2nFr&xX`Id-l^6|y(GVC7fzc2c4S~@R7!85Z5Eu=C(GVC7fzc2c4S~@R7!85Z
z5Eu=C(GVC7fzc2c4S~@R7!85Z5Eu=C(GVC7fzc2c4S~@R7!85Z5Eu=C(GVC7fzc2c
z4S~@R7!85Z5Eu=C(GVC7fzc2c4S~@R7!85Z5Eu=C(GVC7fzc2c4S~@R7!85Z5Eu=C
z(GVC7fzc2c4S~@R7!85Z5Eu=C(GVC7fzc2c4S~@R7zLvtFd71*Aut*OqaiRF0;3@?
z8UmvsFd71*Aut*OqaiRF0;3@?8UmvsFd71*Aut*OqaiRF0;3@?8UmvsFd71*Aut*O
zqaiRF0;3@?8UmvsFd71*Aut*OqaiRF0;3@?8UmvsFd71*Aut*OqaiRF0;3@?8Umvs
zFd71*Aut*OqaiRF0;3@?8UmvsFd71*Aut*OqaiRF0;3@?8UmvsFd71*Aut*OqaiRF
z0;3@?8UmvsFd71*Aut*OqaiRF0;3@?8UmvsFd71*Aut*OqaiRF0;3@?8UmvsFd71*
zAut*OqaiRF0;3@?8UmvsFd71*Aut*OqaiRF0;3@?8UmvsFd71*Aut*OqaiRF0;3@?
z8UmvsFd71*Aut*OqaiRF0;3@?8UmvsFd71*Aut*OqaiRF0;6Cw1V%$(Gz3ONU^E0q
MLtr!nhG_@@01)?_+5i9m

literal 231482
zcmZ?rwd!DI00Ao&28J9428IWW5X{KH0TO0lXkli!&dUJC9~c-IK-kGWs2CziJjsMb
z=?aDw3?U(Z7*>S*VfX{WEB-Jr{Q1MM;?Ez3KVZB9#AW!iB81@&0|Uc~5C(=21_p+Z
z5D>}0Fsgqv{6^Eyz~vt-S$b4xGz3ONU^E0qLtr!nMnhmU1V%%Et|7oT8~|NIY=~Gk
z9O4zbABIQ-(9oIK!)3UM(l7uAv(dvX8VUJlFvkV;-9{)hhN(RD19DKBI80-YNN)|w
zD50XGhzy3|t&ED{Ik=1(-qA*q?*>=IP{lPQ`F|uRrb?&|8bd}xjFIfeK@&TaI)r4O
zj~oq@2JK+bKXPJ=ET0aBD5As-WO;gIX`&=}2UzdOiYW4ZJHXLIuJz=5c;x9MH;e~R
z-^hz3ihMkPF-4Zu6nS=JY9=e32T0S%j3G*WJwTB~y0w&gbmZzMJ*)>p$H<Kz%6&c%
z@kOGYlzVbSn?Pb{(_Q(9jvVTEp6+o*f`!!a;Yc@ygaD_n(vco9RP#T5qm5|WsOG;>
zgNP1uIw~BE6>5e69V3oNtElNaBF*CG=jP_*<Uj$OoSfX;{QN|kFo=~A8SL~@M&FR)
z<>p3<SCmKwb2zz&cr4Q^>WHz2j?v3YIBLQ13nqqkBoh<z^ie~n_$4WB!4V81IEQXV
zrcdk<w1png%S&G5f+CoMW60)Xf<aFg1vHOeUS3{qNKBDW4$=CUE)ht;657TuFEwHp
zoGylD6cY%1+Dp?idO?xP%L|SjY7m^<v~(=3%%*)5;<bTR-s0nf#4g1}GfK)BikTR1
z@Y7n7R?!QITwY#+U0syuBZ4y&8`QLpL_FrxCVpYDOTDrgIp&96mkCb<&{&EV@e7Y#
z+C(o02ghg(6PYY%5WR@lrCIcj#xRl5%Ru$`MT%WoM(<FJVPfNin(C+>zsS)`^`;ea
z9n8VO!AWh$)7(62#vE~GQP)ezu}k@w6<Ty+;SRa}FmaJWJyleVUX<9SNAwQCLYjI}
zN0dp_j9=8~rE%p8&&)%vkR~c#sHKQ{@rxF_bjrS<XdY^PC2GYTG3HP$e$k_sUfCBE
z!J}CiXH-)uelcQ~j@cI!!=qUkdkoVodZ|C`42nkFc&Ig`u}25hMX3_Mn3<QCigSXv
z;}k_^w2a1<IH(c7SfiJ^lY%HQiHkE@Mq|b>72+3b^wPQdg+%#i8I2Lal*cdj=%sh{
z3yI*-G8#RCDUDwou}lBzcQk_0qZZ7kFn)1HFFkv|kf?={6ncp6+QG3vJAyL*;Evt_
zi{BwP@lU(B1({4y{Njn;fs5bK2nNL~3{w)n_@Z|J<9EnKFdr;3Xh2gCzj&i}VA{{n
zI(VpcglQPT<i{`m=pE4b9nHb;l7Q^^B@n#>GQI)LzC&=*pJq9j-1sFFy#pM-qd6Fw
zgUO6vg3&ur103)yJX!~XW0<`7B_etUwgMh4qQSAtK;G(SVxo7T3uq1w@{;ZV>VifI
zRVi}3Lsaw*cmX}SI2x2tXc)h=Ufd3^YH=}!+-wpb^_$UT#4nNAci=NH$55LO=A(WD
zlODfBNAG~Qu!iC$Lu%(>lH-^7=p6(Zc<6P5shxvKjbBotci@}QL$DD|<p`!}{0@Q$
z9)fKwsus~C#xF_PmzM@-Z{TVx;}joq<5<*fWRVuXq(<*xh+xuuI5<>;dal&LB>9K*
z=%vEBbvSb-krG3(gr;5*P4oC2_&Rt9_JRi{e#yzcAUy*;kTsI4U=s2#D5}WB0~^C5
zxrC-q{0?wCYbch`R4Ss0k6$vgE?gVtnf#Eu77({B@bmMNa=1H@?JJNn;(a-YR8pk@
zO|*aD@kAMe8wz-Nd2w3JPxaz_NS4r4$-y`S8C`<1XhqkJZaM~^%5gjtn^;sCsl*6a
z90KSOL<t{<73jiLjbe1ehX$YWBAQr#QWBpidWp3Vtd4q{#D`=PiwZdy9E^kslqjNr
zL)a!X6;z91G;@atm*Naeq(3Q$QY5WJT865OAJhP*9FNcpj2f1>ct~+XJ`<PW1jVV7
zhY4CUI2BNsgNgGL`H_myNt{jCRZ*kEG(<Bng}o%~;fW@Sh$OOEXeN@%rA8r5s-1&H
zJw-W~C{K_bt8k4(S%X&*<%RT6&A=4pV7y@pm4wF<xeTZ|lu?vtVan_uINg+FU}9WN
zZnVPm5n~52YACIRM`8vhB3xn7L@rH)6+|kbG=hn=X7DK^KL-=x7jokjs*ea8h*m;j
zB|J1op+TWTb_9bo<HyiwB9p>zHp#LSMli|t4H^yPMlfLykQuQMZG?>{Q3YkKtdW<2
z2?sAEqR1l&n@+L{iXwQ(wy?;aX&@NB<V7q*7eT|xQ9w}<O^$_wL=Sl-G(pEhVu~!1
zpxNXppd^BaZUIf^C<mb+CM#m0nh2Rqt~>=1JTw>TKmv-a3=GkVn}kLcITUU~DV3q1
zA55v$1F4^!2qxrSav~O@hmgsX$df-EJcL_VWVNvfgfb+m$RP<BOqn$Kjp(6VK$BAi
z69{K=Viv52fVq@PlV1f>YV&~VC%uFw;9PKAkwXwLmttwMtKcDBK$D(>@dq?HF$>m%
z-&ktMl3N82=>mGN#4j}>kboIvm(T>v9puuameBaU1I~+N5co}{jx4zucnA-1fC7%h
z2nK1vjmd~wkQUqqQc;H7HuTW0fJrT(@dh|3uE@c74W*hSxlJspIbdK6A}s^sbt5@(
zi*I8fUdu?9BsT+-Y|$XoKvD$bb^G9sUp_K3@DQ(nNh_gg5Wjehq^2a98F+|Sz@!aR
z;tTIVo_+bq&A|BlJS5~uD53HBhrIa3XCjs5$jrc0b_M;78!7S2M_wOzs8_(Gl+gGR
zA6fYqpMg}DBX1CE$XCE5G_mjn`QVRV@(SpoJp>JoF``RouxjiCS<#F8R2=M<P$)`P
z7ilzp!J$r8{DO7Tk07srrl0$0W)ra)7>@&nLj01~!ouU}AtOa(1mp3~@QvT0-+(5%
z2|d)~m#hkS=r^E=KIEOs@r%be+DMVrf*y@uK0dx7Q9SdJRRIr!1~jo57<aB3jbGeh
zGbm(;YGL7a=@5xuvMONQz8*?4#6&P||Bw^ExJ{#(3|T#3nz@Fq29JpNC98o&*Jz-f
zWkf_UZp(*A{vC~9ykN-3FIf%f;V{4fiaESd3zh__!j6YX{vC~9a6IB7u*WS(bTocJ
zp)klXu4sje<97d0iC=O$NW-OkCOiy18o#(hU?|AIGb#=SZa<9XU)*6ccw}%yD_j`2
zONVp(4vPr}NYue&5<3H;2pc&Xzt}=$(1~G>R=6l`_m0Ld?ywn5GVrLx%E0Z?(fGw3
zHiJn9YqY`zal3RhesPD*ppt>dB{l|bmyX6S?ywnDGT5ROE{5Bsqw$M7YzCJMJTkE`
zaJzIgesPD*;F7@-t#BdSE**_u++j1wWZ<!h$-wQ>(fGw3HiJwCGg{#yxLrCLzqrF@
zkjcPf6O)14rK9nSJ8TA<3}(E-L~y&5ocN{l?m@8Q$(bJ<M&r-mFo4A-CJmOxN{q%Y
z)?gW&f|wBt6~W_Nav~UyakP>e&A<5eGT;gI(fGv^ID<?Inp-g`JnkeXeg~ie9?id?
zIK+%uhzLjy2Of=I904;Jg(0ztN#b$qX#C;{oIxjr8MR;$JnkHgUp#>`=%m20iAmsb
zCt2}J{|b1t{sqS&X4Ha3z;ZYUvLYCVS+o-#jbBLEf}<0IfXHDd$%<dPXW-HJg~T34
z)Pe;da@fhy_{APBgHse7ofrf@w~odyzR($Tau{(762Rw5^5U1?1@vh742?rjbYftr
z9CnJl2*z#}%|u7z7aFt}aSIZF%3-I-i(fit;L-SnMII<V(J@R8D?J*&Sc7G-3Zlm?
zh>zE;WX3OjGw^8sg~cH#KG88u4m(X|1Y<XhMxvwf3lCWI$Yo$)fXiWJkQu*p&A_Aa
z3y(Uw#V<W0cr<=T;}`v&mEpF&4jRKG=U?&;kp-3NP#ft$jpkoOAY(=_LJlhn6jkJ5
ztj5toa5R1qp*kABkdk_smd{x3MMA_qb{2V=7o-cjdDIsj&A&)tijjel<ghY9F-0cE
zY993kN8=YMOz9cFbm}CH#xEuDOMVNQUKe?f#_xc|FI{r*X#66@FGdRsSq?j!%-R>C
z4ZD$46&;OV<lscFfRW{}vmp^hE{WYtYKo4=FLG$oJAP?jM32TVW${Z<3yThotkL*I
zj$iZ&7)1^{huoqWrVqQRR1+PIUzDIkE1*&2aByG|MJ|oQSSksR#xF`h4nX|!(zFsD
zjbBRRm(m)Tww3T`{G!A!S_O<Mhl59M!HldAhtZS^kH#-*7@`)?sB*Y?$Pq;@8<*LX
zijT%GY6uQg{L-ox9*tkh<Ch9GFgV+zx`aAB$c#N{<Zzwe2Ztz11_p}|Ccv>n4T7*$
zq^ck-W+AFa;}<=YsS&pjGtf<@kWbeAzoYSs5$cf0p$>^*IQar(T@TAK8owAJPMw&A
zn}T6JnF5gVmQ->yeldd^9yQcrU|K=42zj}eV>JI_32ACYE1Ef2Y$8&Kmz$if5jd+4
z>->u{f<<Ilf|Q{}3@y0aoMcBCINoSSaB_2Fco-BYgApTlkVtVKh6kxCKz?qdU96&+
zj2Xq?5FjNC>7jNo#xGgj9JJu41D6v=6w_*Oj;!QBZv0Yf6bqc_QHUWDyPyQbiQ;fn
z4q355eNAM?FRdbYuvWUD_{79GvoJWasUKY=n>g6w7c&S4w+Oy042oltBZS%-kRq5w
zqe0H6G9E%@Gd$T53<45^mCDM=k6-GS&_gkLIXDPLFin>v5lRje#4oiYcxXm1F%dj~
zP3l1uzwjb&s4)oVVA?J_!<UCCiC^kw;Gq_)2=@|dWI^K}Uo_B6j-vRbW&{tdju9eq
zK`i{;Bxv*wOdh5zeyJD1L$&e+MK5txFgTiNmQQgSjEG>IO7Ka5T}=f75>7*vB(j7C
zg%iHOq=g)X@k^x~JhZbf2^pB~rS#y4-=UguVeTd&1JgN%DUDz1WMEi04Otpg^b(J0
zQ4r%Wlj8WLMg$M##xo>I65E7^r2!nVL49G$<Ch8%3<;y5Op;bW)3J=ELi|!5!9zJ_
zp>Bs|OyX(k=T&SbQX_sTjo_i)dIm)?@$m{*i7h&)E=HC3r7(hrL;R9j0fS?i>amGw
zAa&xGkD?eJ`pqj24zl8x9#e<#2*!+il0?7>l00JM#xETrm|F2mK@JAhUqc;}+<=B<
z1(Grm8H%YEzvM^oP>)-X`^k=9T4!PE#V^?r3<{s2j>(T-8b>e{<CokB9_n!maz6#}
zOWO#hX8e-bj2^-5D@ZL&Mzu<`7V5??Sy_0*$1g2&FqPw%oCqEc;~S8SNH$4yb|hIL
zwd0qJGI}(AX}E%x`teJ876vs?hBl_8c?HSzBxg(_HP9e_NzTGUzXB$2coGt`P?E^_
zB2^hp;+MoMJoF1_XdF>Qks5Qvsi#f+l9+{ucHzvyL3!~EN*TmO7>TNA6~83K@KDdd
zR4ATl6~VNNUs4L`p`C%LlYMEkYKMmLOF|YN+8LNi*_S2}Ow;%!K8A;K2Buo}r9}kO
zIDUza;UOHspsJH<n8fB2LFF`$Uq0fZc<7eU)GM7qiG*N;k*I(k@k>+;57j{q>P9cs
zM=I$Pzr@7w(2QVeM=!M_m|pQqL@_-SBbfTpOXUcrWBd|~;-Oau(;|AQI~z>j_$3g<
zLoI?q4I&y~5}QzXmD4?b@kjAcieZ{$UT|{38)KwN4n+KdTnP3DHe#sM!qgnqzz7FW
z2vG+QRQ!TnkKr${z);A;w9C8TAOMFBRfqwNU#JhjUP30g2lWx(xQ~8D_5)>XXvk1b
z4Tku|?hAfW0r@36CpYnSp*ohbSj4Rx)fNhPgExLj_7u7CONBc&a7PrmG9>#RhlbJk
z<;M{+qzaQ8lQ{H|YCR71BR+nq6}_PF#Sv9x34_d|0*1#g0~HJ#SR=?PpQ%tdqxhPv
zxWuXn#aOaABRzh}4mg||u|^gdf;cT8Nn(V@FDFTXMWkXfA`_byB5lL3Y=p-zwTowH
zU}K9elEt8AQAUl%FJ<9}OE<}}iA4i0vq=#jjbBniiv+b;;)`S<60F0a6cN26v;9n?
z@);c3Bu6KP2Cy*{5u@=-QSjl{j1gZX3*a}O2-(s2B_fc>Rzh-oqH7@AW|+p&_=SZ8
zZD{leBau(BqekPG;vmFt0ErQbt{lJNgk?wLmv9(SrUE_2NaIsxHy^n-v{Py=P4ts9
z{!GjEGt`r$MJT#zs3GK1NcnfjcaR2Y{F1Uy7Cm+;UJN}NzvSi&67*rl8VMpK*n_DQ
zIeJI)FU<f6(TSmyB1etJFGayev}TN0BVK@LJFqDnjbCh`LIW}4;}b(AC9WBbUrIuc
z6ulVHMzjDawxFvWjbHQ-p%tI#=)_P+iHlI;cc?e825bKa5<wX8MzjD#KUw5x{E`)H
zWN9KgKG7ADWgA4(X#7ILfi5I^yb;SM-*KqXJ6b-IACkoABsM-V)DdGiRyCvXONa4i
zM95=A9FYPD6G&u@#_x!V-yvQ=5AOCeDC-fKUon({^pb<o^6zN;k`sue=)s6N;si*s
z0$J^7{L;02Cgv0{tPzeJXC$!Eqjxm_k`Q?0Da9In1O>^n3uW;JIIhVwXOL(c{Pi!n
z8JNrf2FEEfL8du_MBDI<Uoww8LylSqdyvEwdCnLL@k{1n9r6MM5~s){dFBifU8C`f
z8WG453uU7!7-GC35x?YRV6tKY8mGt<S>_BDO{4LP8WYG73uB|I7+Snx9KU2WuwZeD
zOb@LXMRo1ah+p~@(8%!$W21)H(Bh58FG_sDq7;QjQ8C0gqw$LpVJPtm<DjS*Vw@oo
zzho8AWJColN>OPt3>qw2M&lPHCQ#!Q#zRpuv^b;jiyU9D2t}ijl?*ZVaE@QnJ4k5p
z3gZs3I7N2uX#66F1}s9+X=F7+i#=50mp%<F^mv8whgO^-yLL2wkwOC&oftHdnjyv<
zjbEe)!-!Xy0Fs&^#vF}bqzHpWCnk-gXlOA<;}<EuFyj>_f~06@F-PMU5nr&##6lw!
z4Kdbe{30R@OT5B`5UPe2Yczfl@db}eEDVIIp~V`FUwC|BiB*IUT-6X`jK(iK!Vr;(
zg#}kN#2BOT3y&}?v5F)FS2na5<lH+-=lw^J042B|1&acRPGU)<$i%`V)|5e}ZZv*j
z5rQR7k%eH&h8R5>zpw~Hj!bN9n7W}wlM}x*x!;OVuwf~F2?`N16Ga|doFa>%C>}DL
z(fEZ%6>?N!Wkb~sF^Zh{<roM*63nbv6p-RhtZ|AWNQ!BLMlC-F8DJn>k0tsD3X$MW
zl$gZMA;Gl4qjWTWA#s5{N>M~13Wpd;R{T=)dS_z8i(qEOqJUVl`B3lFK#5f(4hhB$
z9;IXy&m03Vz=0+92n!J(%1E(@n@PNJgGl9Q{DL9_ccdcAfK(1OOiug`Km(d^X2n!N
zLR28fB5pPb1`Zmf<V-LOyZFT&r6@9kCelc72wCw<_XZYb<|IOd_)tKJMLZnhO&l~T
z$r|9GdjpGz*u+#qd>G@2QWPoTO&l~T$?71{y@1AyJR(Gh4r7!!#LFSt$U&o!y!fSe
z0Zl|~Vk#jzjPXV(iX_oS4jzSMHK6HSKx4)oF(Sl<F-i>L=MZb;AW}zG{L;CACMGs9
z)DRuU_@fk6mS{r<jY6^-&>ZwFpfTc(7y+U~7&Qj*^N2Qd&?qFU0nI_zIeubd6H^Vb
zA&fsl(PW7=bnvJnuYpC^0va>!h!G(+h|yw@0GC)(2ah`PDquRcu!xCFENX}hVFK}q
zE={DVgGd>9@k_@Hj3w@f5F$2&(Ib!$pICDTjXLrgSoE7DBqA=cDIqd^2}LJ{Jdx%O
z9%W=!z;w&N*dmVzF(LyPBmM{q5NYtBQATe3(y0a}A}X;eAu@akMkj^>A`Koq%E+vM
z>6C%7Mjl~7B7+wr_J|N5(&#~>jJzH&2YqT_!ZC?m1(BgkM08>(A=2nUqm0}Fnl6J_
z*kg~dC~={S5qCrh5NGz_QAKV6O@|Via75xzL0sq(6`dH0h%<Zes3Nn6M28X@N8}L}
zCN6L>VvaZg;tU@=s>m*&X<kATjz}CThznfeq7zdUai$L*Rb&^?G%lfWL>>{sM1?J8
z#1Sb%l<9*=5!nSaZRe4Qh({bshznaHV-t%q;>;g3s>m;(Y1v7_5qHE06BV*p;*D4#
zqRbyeipVdZX;%dk6OXvm5EZn<MkY3OL|HI+6p>#*bI>e;am5`G;zR{3wrC?>j3_Gx
zjUoyPXj(-u5z&ZK2~pund|YBvNt6|XM-c@DG;Ic=amF1H5<~?nwn!sIj3`S6jUsZ#
zpdsmk`raTS7I7;f$~mOOB{sE0Su%JOK_ZG=lG@8DamO7oGQ@-`wkRV_j2K%6j~Yr^
zSRB-@gNcbm+-islRMO%Sn`)x088nJ0YGF|~f^o+jaWce&DYghBRg4&W29FvFGcffA
zI*5xz+^UEQQc~j*n|h)w8Z?S1&A`+es>B^}M9L5oqS&H~bTMLV8a!&qZCfGqQKOYb
zWF+ENMofT`9+g;i5M$NgQA2SCrowzM?r0-ghL`}w8e3!t5@XlkQG>{c<g+MSR7rFs
z;#NpZaFP*|IJ6LB+n`ZHg$&HW!AX80jXTmvkRc{CaYPmw!o=7%c+`-eZIN}78N(#R
zAs(f~1ST2rh*JwO_6-^}RLQ^`WaVKzQAUy!F=2@_vdEAi#=gO$hSEMTJR6gkhe?V;
ze2R$)N-|;*j}~HV95iaEm4QL=%uQ@Xj4!@Ol_Me~@x&EbQbbrec$82!jRcBTWK2vH
zlNy6~)e{qtWJMw#O~lwac+?<A4>j1F_~IBGSKQp(++YS32qMA}PfU?1MTDh;M+r4c
zXn6YI<mN{$toix5xj9iQdrm6EG7-T@W*p+xMufG4M+s`E!=s2U3{J{2GBJUOH=@Xt
zB*xxBqlP9KnE2E|NemMahGfPd0c}KBJb08)w~0l3%)(TX9m7NfA%S=zSDFZ$2ayt3
zKo1nnNnS&Xm=Gj40tx9O#_mC*W`Ij*4h{~oBAAHqBNR>K%M)Sw;88O05lluIO+@gK
zAAN*%5@G$|Q8JKiXh^L<as(3-c!Xn#d=<plKX}wY0(l@w5{qbJf{y&iBSt4NE*Law
z2EK$Qu?{98<cNtRO4JbHgu$a^pgTz%93-`(i3vDL;*J=-#JFMbs2NgKFfqYKOcYV3
zh8R~29yJ45`9ka_x(X&H&?t*K;&c<^j=`e_637Ec65WO-BFu=3APQ9x;f_J1WWd{4
z#MZ#Xgc*e~N2GRQTrzmn40r?+S3naJU_{0b#mb0r%ivKn(2Z!K3TR@2i{f}A+5lo)
zGkDYta0C-mKob*KM8^&l6cXc}!J}q?BbaajO;k`(A=-#Gf+z<K9z_G&4JKGX6BSTI
z#|>2!66K`9qi8@Qm{9x@6--o#H4+RV%29(y(LhEpf%qjVkVuFbDk&w(S%XK>0M^0y
z8(72z5tSm16k~{U*q~80a1o3*eu)boQsRYLYKe2%;88VT5sWW>i3=WTMHy-45a+hR
zqiUc=vhc(&ae+fxv`|kqajqLYss<>6amO!lK|{R=Bh@70+&6es4NL^%Y(EnhFr-Eb
zHPsX6!a<~JAo@u-;+M!!p=NZEZWfV_96ZVfpp}Jve3IB8Aw5p0s)JZ(4jOfIFQc(n
zzr=<IRU?ZG!-#d~;892K2*y@C6CE04#0ZtO5be~#qmaI3G?wC-=%Ao-T#;oQ(T*KF
z3h9}Ju@uil2LxI1L3K?;J9iK%q+dH4Bl{8`3RI6NG7Ti&#e+vBy|OSy_9Z?D$czmd
zXd~XugGeQPYGJhOOM?Gt5Km+qNrJNnk5Ya*6w;`TXHxu5c3jXzBPlK)JZfoPNTZg{
zq<EYru|$EPq_}+$sikcpjS{^i`I>^5ppjORoIi*Z(=vvUDqqrkOrtoW$XL>RFo;ys
zEQS%$OQLTniU*o$CeagvM>#)jVi+F1r23R*F+`!kr21nJsi%Gn!|Ps>eMw;~&`>+c
zUKvChsN9x@b&N>&Ar0e)Vxvj-%^=c2#bO$odCBn{#c@DW1IY2wAkssnArDCACCgtl
zjU6f&PL`(zlO}G8N43DQOQx5o5Cb$ef=rJMCT*1DV$k8h<okujaYG&B$@kvi(aBF%
zHl{3c`3B*r71k6nc%q3Smyj06l*TRJkcnOf28x1paA_tck~ulKc`0`_)~qr}1u6IK
z;4*=qpPLiyrUlTEOPrkC-27CCT99W4X-wj97RbfJ7NcFWK^1@E2**JyOchU$976_e
zJmPfN$cY;&_!MU-4rU1|_<MvHF_>c!kK0B_>`>}WJRvy9r6~3Jh|oXC;}E~|Mnnuz
z<VpPDH|S+4^7{zTJm@2kkON0R9FgxuLV-6F<jME_u-7>hqK^nS4*Pf_(}P3=-Ox}%
zrvHbxwxJPqM7nZ#M-@4~BQoHIiZXJ7U>NHeD$z!~JBM*(k?u9(gKY?@Bt000tBxTQ
zX{0!HxJDO={vsvFhL~CsLt<DeA7W8PnsbL`jFI9g(t>LUswO2chMn3W7+)kidDul7
z@g5>MtcIor;saz@sT`V-MV70FRlE`D8L|RusA?iIOoorLp&C(SyL<RV9T7euJCug9
zMk2yxm?#;_u|$d6he`Ai@CGFzG{p512$|s^J;Y;(Qs)ncD8%CjN`q$@=*JT}LtSbZ
z#11vQFw~<Fhx@4!G{eLU93eE6g@;MZP|F)bIV!QZom#;%jLg9jN<&p>7{v-Ty)smz
z6V2V!43c4H7FtLRMeZ<*5vqG<D8?zm%~TJLVQ3&Cw1yaK7{&!{yfnn(72;gl1jTSQ
z6%uAcha9f)Ks$d8owyw;=SI>luE;cbNJKH2ejC*W3V}f%!yreFVoE|_5Jxd3-Wt`5
z2!TNv#R%t(vM3LMK^Dc7duY@Ij1U+sag5=xQ2}a&z<@_FwLCIv4$cr5xH!h?q)`bf
zhXDQKn93d)HI85i&@GM$x@1%VtwMn2aZD?RkD5z-2+$~!iFd%LN;-r96=RtWt{t_4
q%n+a`n#r_tRNFuRqGNg>95-s`Xb6mkz-S1JhQMeDjE2Cl4FLeDh3Rwv

diff --git a/pkglist.txt b/pkglist.txt
index 83becfd..59536bf 100644
--- a/pkglist.txt
+++ b/pkglist.txt
@@ -1,3 +1,5 @@
+toolbox
+sssd-kcm
 podman
 ImageMagick
 exa
diff --git a/prepare-root.sh b/prepare-root.sh
index e7d4bd3..5462d0d 100755
--- a/prepare-root.sh
+++ b/prepare-root.sh
@@ -310,7 +310,6 @@ fi
 
 (( $RET == 0 ))
 
-
 chroot "$sysroot" /usr/bin/systemd-sysusers
 
 for i in passwd shadow group gshadow subuid subgid; do
@@ -480,6 +479,8 @@ sed -i -e 's#/etc/passwd#/cfg/passwd#g;s#/etc/shadow#/cfg/shadow#g;s#/etc/gshado
     "$sysroot"/usr/bin/newuidmap \
     "$sysroot"/usr/sbin/newusers
 
+chmod u+s "$sysroot"/usr/bin/newgidmap "$sysroot"/usr/bin/newuidmap
+
 sed -i -e 's#/etc/.pwd.lock#/cfg/.pwd.lock#g' \
     "$sysroot"/lib*/libc.so.* \
     "$sysroot"/usr/lib/systemd/libsystemd-shared*.so