## policy for afs
########################################
##
## Execute a domain transition to run afs.
##
##
##
## Domain allowed to transition.
##
##
#
interface(`afsd_domtrans',`
gen_require(`
type afsd_t, afsd_exec_t;
')
domain_auto_trans($1,afsd_exec_t,afsd_t)
allow $1 afsd_t:fd use;
allow afsd_t $1:fd use;
allow afsd_t $1:fifo_file rw_file_perms;
allow afsd_t $1:process sigchld;
')
interface(`afs_access',`
gen_require(`
type afsd_t, afsd_etc_t;
type autofs_t, nfs_t;
')
allow $1 afsd_t:udp_socket all_udp_socket_perms;
allow $1 afsd_etc_t:dir r_dir_perms;
allow $1 afsd_etc_t:file r_file_perms;
allow $1 autofs_t:dir r_dir_perms;
allow $1 autofs_t:lnk_file r_file_perms;
allow $1 nfs_t:dir manage_dir_perms;
allow $1 nfs_t:file_class_set manage_file_perms;
')