policy_module(lsm, 1.2.0)

########################################
#
# Declarations
#

type lsmd_t;
type lsmd_exec_t;
init_daemon_domain(lsmd_t, lsmd_exec_t)

type lsmd_var_run_t;
files_pid_file(lsmd_var_run_t)

########################################
#
# Local policy
#

allow lsmd_t self:capability setgid;
allow lsmd_t self:unix_stream_socket create_stream_socket_perms;

manage_dirs_pattern(lsmd_t, lsmd_var_run_t, lsmd_var_run_t)
manage_files_pattern(lsmd_t, lsmd_var_run_t, lsmd_var_run_t)
manage_lnk_files_pattern(lsmd_t, lsmd_var_run_t, lsmd_var_run_t)
manage_sock_files_pattern(lsmd_t, lsmd_var_run_t, lsmd_var_run_t)
files_pid_filetrans(lsmd_t, lsmd_var_run_t, { dir file sock_file })

logging_send_syslog_msg(lsmd_t)