module nrpe 1.0;

require {
        type nrpe_t;
        type proc_net_t;
        type initrc_var_run_t;
        type system_dbusd_t;
        type user_home_t;
        type user_home_dir_t;
        type admin_home_t;
        type systemd_logind_t;
        type unconfined_t;
        class capability { dac_override dac_read_search };
        class process execmem;
        class file { read open write lock };
        class unix_stream_socket connectto;
        class dir {open read search};
        class sock_file { getattr write };
        class dbus send_msg;
        class unix_stream_socket connectto;
}

#============= nrpe_t ==============
allow nrpe_t user_home_t:dir search;
allow nrpe_t user_home_dir_t:dir search;
allow nrpe_t system_dbusd_t:unix_stream_socket connectto;
allow nrpe_t initrc_var_run_t:file read;
allow nrpe_t self:capability { dac_override dac_read_search };
allow nrpe_t self:process execmem;
allow nrpe_t admin_home_t:file { read open };
allow nrpe_t admin_home_t:sock_file { getattr write };
allow nrpe_t initrc_var_run_t:file open;
allow nrpe_t system_dbusd_t:dbus send_msg;
allow nrpe_t initrc_var_run_t:file lock;
allow nrpe_t systemd_logind_t:dbus send_msg;
allow nrpe_t user_home_t:file { open read };
allow nrpe_t user_home_t:sock_file { getattr write };
allow systemd_logind_t nrpe_t:dbus send_msg;
allow nrpe_t unconfined_t:unix_stream_socket connectto;