module zabbix_policy 1.2;

require {
 type zabbix_t;
 type zabbix_port_t;
 type zabbix_var_run_t;
 type postgresql_port_t;
 type httpd_t;
 class tcp_socket name_connect;
 class sock_file { create unlink };
 class unix_stream_socket connectto;
}

#============= zabbix_t ==============
allow zabbix_t self:unix_stream_socket connectto;
allow zabbix_t zabbix_port_t:tcp_socket name_connect;
allow zabbix_t zabbix_var_run_t:sock_file create;
allow zabbix_t zabbix_var_run_t:sock_file unlink;
allow httpd_t zabbix_port_t:tcp_socket name_connect;

#============= httpd_t ==============
allow httpd_t postgresql_port_t:tcp_socket name_connect;