ifeq "$(PCP_SELINUX_CONTAINER_RUNTIME)" "true"
PCP_CONTAINER_RUNTIME_T="type container_runtime_t\;"
PCP_CONTAINER_RUNTIME_RULE="allow pcp_pmcd_t container_runtime_t:unix_stream_socket connectto\;"
else
PCP_CONTAINER_RUNTIME_RULE=""
PCP_CONTAINER_RUNTIME_T=""
endif

ifeq "$(PCP_SELINUX_NSFS)" "true"
PCP_NSFS_T="type nsfs_t\; \# filesys.used"
PCP_NSFS_RULE="allow pcp_pmcd_t nsfs_t:file { read open }\;"
endif

ifeq "$(PCP_SELINUX_DOCKER_VAR_LIB)" "true"
PCP_DOCKER_VAR_LIB_T="type docker_var_lib_t\;"
PCP_DOCKER_VAR_LIB_RULE="allow pcp_pmcd_t docker_var_lib_t:dir search\;"
else
PCP_DOCKER_VAR_LIB_T=""
PCP_DOCKER_VAR_LIB_RULE=""
endif

ifeq "$(PCP_SELINUX_SVIRT_LXC_NET)" "true"
PCP_SVIRT_LXC_NET_T="type svirt_lxc_net_t\;"
PCP_SVIRT_LXC_NET_RULE="allow pcp_pmcd_t svirt_lxc_net_t:dir { open read search }\;"
endif

ifeq "$(PCP_SELINUX_CLASS_STATUS)" "true"
PCP_CLASS_STATUS="class system status\;"
PCP_PMLOGGER_SYSTEM_STATUS_RULE="allow pcp_pmlogger_t init_t:system status\;"
PCP_PMIE_SYSTEM_STATUS_RULE="allow pcp_pmie_t init_t:system status\;"
endif

ifeq "$(PCP_SELINUX_SYSTEMD_UNIT_FILE)" "true"
PCP_SYSTEMCTL_UNIT_FILE_T="type systemd_unit_file_t\;"
PCP_SYSTEMCTL_UNIT_FILE_RULE="allow pcp_pmie_t systemd_unit_file_t:file getattr\;"
PCP_SYSTEMCTL_UNIT_DIR_RULE="allow pcp_pmie_t systemd_unit_file_t:dir search\;"
endif

ifeq "$(PCP_SELINUX_SYSTEMD_EXEC)" "true"
PCP_SYSTEMCTL_EXEC_T="type systemd_systemctl_exec_t\;"
PCP_SYSTEMCTL_EXEC_RULE="allow pcp_pmie_t systemd_systemctl_exec_t:file { execute execute_no_trans open read getattr }\;"
endif

ifeq "$(PCP_SELINUX_CAP_USERNS_PTRACE)" "true"
PCP_CAPUSERNS_PTRACE="class cap_userns sys_ptrace\; \#pmdaproc"
PCP_CAPUSERNS_PTRACE_RULE="allow pcp_pmcd_t self:cap_userns sys_ptrace\;"
endif

ifeq "$(PCP_SELINUX_UNRESERVED_PORT)" "true"
PCP_UNRESERVED_PORT="type unreserved_port_t\;"
PCP_UNRESERVED_PORT_RULE="allow pcp_pmcd_t unreserved_port_t:tcp_socket { name_bind name_connect }\;"
PCP_UNRESERVED_PORT_RULE_PMMGR="allow pcp_pmmgr_t unreserved_port_t:tcp_socket name_bind\;"
endif

ifeq "$(PCP_SELINUX_TRACEFS)" "true"
PCP_TRACEFS="type tracefs_t\;"
PCP_TRACEFS_FS_RULE="allow pcp_pmcd_t tracefs_t:filesystem mount\;"
PCP_TRACEFS_DIR_RULE="allow pcp_pmcd_t tracefs_t:dir { search read open }\;"
PCP_TRACEFS_FILE_RULE="allow pcp_pmcd_t tracefs_t:file { read open }\;"
endif
