module zabbix_server 1.0;

require {
        type zabbix_var_run_t;
        type zabbix_t;
        type zabbix_var_lib_t;
        class sock_file { create unlink };
        class unix_stream_socket connectto;
        class file { execute execute_no_trans };
}

#============= zabbix_t ==============
allow zabbix_t self:unix_stream_socket connectto;
allow zabbix_t zabbix_var_lib_t:file { execute execute_no_trans };
allow zabbix_t zabbix_var_run_t:sock_file { create unlink };