ifeq "$(PCP_SELINUX_CONTAINER_RUNTIME)" "true"
PCP_CONTAINER_RUNTIME_T="type container_runtime_t\;"
PCP_CONTAINER_RUNTIME_RULE="allow pcp_pmcd_t container_runtime_t:unix_stream_socket connectto\;"
else
PCP_CONTAINER_RUNTIME_RULE=""
PCP_CONTAINER_RUNTIME_T=""
endif

ifeq "$(PCP_SELINUX_NSFS)" "true"
PCP_NSFS_T="type nsfs_t\; \# filesys.used"
PCP_NSFS_RULE="allow pcp_pmcd_t nsfs_t:file { read open }\;"
endif

ifeq "$(PCP_SELINUX_DOCKER_VAR_LIB)" "true"
PCP_DOCKER_VAR_LIB_T="type docker_var_lib_t\;"
PCP_DOCKER_VAR_LIB_RULE="allow pcp_pmcd_t docker_var_lib_t:dir search\;"
else
PCP_DOCKER_VAR_LIB_T=""
PCP_DOCKER_VAR_LIB_RULE=""
endif

ifeq "$(PCP_SELINUX_SVIRT_LXC_NET)" "true"
PCP_SVIRT_LXC_NET_T="type svirt_lxc_net_t\;"
PCP_SVIRT_LXC_NET_RULE="allow pcp_pmcd_t svirt_lxc_net_t:dir { open read search }\;"
endif

ifeq "$(PCP_SELINUX_CLASS_STATUS)" "true"
PCP_CLASS_STATUS="class system status\;"
PCP_PMLOGGER_SYSTEM_STATUS_RULE="allow pcp_pmlogger_t init_t:system status\;"
PCP_PMIE_SYSTEM_STATUS_RULE="allow pcp_pmie_t init_t:system status\;"
endif

ifeq "$(PCP_SELINUX_SYSTEMD_UNIT_FILE)" "true"
PCP_SYSTEMCTL_UNIT_FILE_T="type systemd_unit_file_t\;"
PCP_SYSTEMCTL_UNIT_FILE_RULE="allow pcp_pmie_t systemd_unit_file_t:file getattr\;"
PCP_SYSTEMCTL_UNIT_DIR_RULE="allow pcp_pmie_t systemd_unit_file_t:dir search\;"
endif

ifeq "$(PCP_SELINUX_SYSTEMD_EXEC)" "true"
PCP_SYSTEMCTL_EXEC_T="type systemd_systemctl_exec_t\;"
PCP_SYSTEMCTL_EXEC_RULE="allow pcp_pmie_t systemd_systemctl_exec_t:file { execute execute_no_trans open read getattr }\;"
endif

ifeq "$(PCP_SELINUX_CAP_USERNS_PTRACE)" "true"
PCP_CAPUSERNS_PTRACE="class cap_userns sys_ptrace\; \#pmdaproc"
PCP_CAPUSERNS_PTRACE_RULE="allow pcp_pmcd_t self:cap_userns sys_ptrace\;"
endif

ifeq "$(PCP_SELINUX_UNRESERVED_PORT)" "true"
PCP_UNRESERVED_PORT="type unreserved_port_t\;"
PCP_UNRESERVED_PORT_RULE="allow pcp_pmcd_t unreserved_port_t:tcp_socket { name_bind name_connect }\;"
PCP_UNRESERVED_PORT_RULE_PMMGR="allow pcp_pmmgr_t unreserved_port_t:tcp_socket name_bind\;"
endif

ifeq "$(PCP_SELINUX_TRACEFS)" "true"
PCP_TRACEFS="type tracefs_t\;"
PCP_TRACEFS_FS_RULE="allow pcp_pmcd_t tracefs_t:filesystem mount\;"
PCP_TRACEFS_DIR_RULE="allow pcp_pmcd_t tracefs_t:dir { search read open }\;"
PCP_TRACEFS_FILE_RULE="allow pcp_pmcd_t tracefs_t:file { read open append }\;"
endif

ifeq "$(PCP_SELINUX_SOCK_FILE_GETATTR)" "true"
PCP_SOCK_FILE_GETATTR="class sock_file getattr\;"
PCP_SOCK_FILE_GETATTR_RULE="allow pcp_pmcd_t gpmctl_t:sock_file getattr\;"
endif

ifeq "$(PCP_SELINUX_HOSTNAME_EXEC_MAP)" "true"
PCP_HOSTNAME_EXEC_MAP=" map "
PCP_TMP_T_MAP_RULE="allow pcp_pmcd_t pcp_tmp_t:file map\;"
PCP_LDCONFIG_EXEC_MAP_RULE="allow pcp_pmcd_t ldconfig_exec_t:file map\;"
PCP_FSADM_EXEC_MAP_RULE="allow pcp_pmcd_t fsadm_exec_t:file map\;"
endif

ifeq "$(PCP_SELINUX_MOCK)" "true"
PCP_MOCK_VAR_LIB="type mock_var_lib_t\;"
PCP_MOCK_VAR_LIB_RULE="allow pcp_pmcd_t mock_var_lib_t:dir getattr\;"
endif

ifeq "$(PCP_SELINUX_UNCONFINED)" "true"
PCP_UNCONFINED_SERVICE="type unconfined_service_t\;"
PCP_UNCONFINED_SERVICE_RULE="allow pcp_pmcd_t unconfined_service_t:sem { associate getattr }\;"
endif

ifeq "$(PCP_SELINUX_NUMAD)" "true"
PCP_NUMAD_CONTEXT="type numad_t\;"
PCP_NUMAD_RULE="allow pcp_pmcd_t numad_t:msgq unix_read\;"
endif