#DESC pegasus - The Open Group Pegasus CIM/WBEM Server 
#
# Author:  Jason Vas Dias <jvdias@redhat.com>
# Package: tog-pegasus
# 
#################################
#
# Rules for the pegasus domain
#
daemon_domain(pegasus, `, nscd_client_domain, auth')
type pegasus_data_t, file_type, sysadmfile;
type pegasus_conf_t, file_type, sysadmfile;
type pegasus_mof_t, file_type, sysadmfile;
type pegasus_conf_exec_t, file_type, exec_type, sysadmfile;
allow pegasus_t self:capability { dac_override net_bind_service audit_write }; 
can_network_tcp(pegasus_t);
nsswitch_domain(pegasus_t);
allow pegasus_t pegasus_var_run_t:sock_file { create setattr };
allow pegasus_t self:unix_dgram_socket create_socket_perms;
allow pegasus_t self:unix_stream_socket create_stream_socket_perms;
allow pegasus_t self:file { read getattr };
allow pegasus_t self:fifo_file rw_file_perms;
allow pegasus_t self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay };
allow pegasus_t { pegasus_http_port_t pegasus_https_port_t }:tcp_socket { name_bind name_connect };
allow pegasus_t proc_t:file { getattr read };
allow pegasus_t sysctl_vm_t:dir search;
allow pegasus_t initrc_var_run_t:file { read write lock };
allow pegasus_t urandom_device_t:chr_file { getattr read };
r_dir_file(pegasus_t, etc_t)
r_dir_file(pegasus_t, var_lib_t)
r_dir_file(pegasus_t, pegasus_mof_t)
rw_dir_create_file(pegasus_t, pegasus_conf_t)
rw_dir_create_file(pegasus_t, pegasus_data_t)
rw_dir_create_file(pegasus_conf_exec_t, pegasus_conf_t)
allow pegasus_t shadow_t:file { getattr read };
dontaudit pegasus_t selinux_config_t:dir search;