#DESC Radv - IPv6 route advisory daemon
#
# Author:  Russell Coker <russell@coker.com.au>
# X-Debian-Packages: radvd
#

#################################
#
# Rules for the radvd_t domain.
#
daemon_domain(radvd)

etc_domain(radvd)
allow radvd_t etc_t:file { getattr read };

allow radvd_t self:{ rawip_socket unix_dgram_socket } rw_socket_perms;

allow radvd_t self:capability { setgid setuid net_raw };
allow radvd_t self:{ unix_dgram_socket rawip_socket } create;
allow radvd_t self:unix_stream_socket create_socket_perms;

can_network_server(radvd_t)
can_ypbind(radvd_t)

allow radvd_t { proc_t proc_net_t }:dir r_dir_perms;
allow radvd_t { proc_t proc_net_t }:file { getattr read };
allow radvd_t etc_t:lnk_file read;

allow radvd_t sysctl_net_t:file r_file_perms;
allow radvd_t sysctl_net_t:dir r_dir_perms;