#DESC file system daemons
#
# Author:  Russell Coker <russell@coker.com.au>
# X-Debian-Packages: smartmontools

daemon_domain(fsdaemon, `, fs_domain, privmail')
allow fsdaemon_t self:unix_dgram_socket create_socket_perms;
allow fsdaemon_t self:unix_stream_socket create_stream_socket_perms;

# for config
allow fsdaemon_t etc_t:file { getattr read };

allow fsdaemon_t device_t:dir read;
allow fsdaemon_t fixed_disk_device_t:blk_file rw_file_perms;
allow fsdaemon_t self:capability { setgid sys_rawio sys_admin };
allow fsdaemon_t etc_runtime_t:file { getattr read };

can_exec_any(fsdaemon_t)
allow fsdaemon_t self:fifo_file rw_file_perms;
can_network_udp(fsdaemon_t)
tmp_domain(fsdaemon)
allow system_mail_t fsdaemon_tmp_t:file { getattr ioctl read };

dontaudit fsdaemon_t devpts_t:dir search;
allow fsdaemon_t proc_t:file { getattr read };
dontaudit system_mail_t fixed_disk_device_t:blk_file read;