module zabbix-server 1.4;

require {
        type devlog_t;
        type zabbix_t;
        type ping_t;
        type syslogd_t;
        type sudo_exec_t;
        type zabbix_var_lib_t;
        type zabbix_var_run_t;
        class process { setrlimit setpgid };
        class capability { sys_resource audit_write };
        class file { execute read create ioctl execute_no_trans write getattr unlink open };
        class netlink_audit_socket { nlmsg_relay create };
        class sock_file { create write unlink };
        class unix_dgram_socket { create connect sendto };
        class dir { write remove_name add_name };
        class key write;
        class unix_stream_socket connectto;
}

allow ping_t zabbix_var_lib_t:file { read getattr };
allow zabbix_t devlog_t:sock_file write;
allow zabbix_t self:capability { sys_resource audit_write };
allow zabbix_t self:netlink_audit_socket { nlmsg_relay create };
allow zabbix_t self:process { setrlimit setpgid };
allow zabbix_t self:unix_dgram_socket { create connect };
allow zabbix_t self:key write;
allow zabbix_t sudo_exec_t:file { read execute open execute_no_trans };
allow zabbix_t syslogd_t:unix_dgram_socket sendto;
allow zabbix_t zabbix_var_lib_t:dir { write remove_name add_name };
allow zabbix_t zabbix_var_lib_t:file { execute read create getattr execute_no_trans write ioctl unlink open };
allow zabbix_t self:unix_stream_socket connectto;
allow zabbix_t zabbix_var_run_t:sock_file { create write unlink };