module globus 1.0;

require {
    type mysqld_port_t;
    type user_home_t;
    type tmp_t;
    type init_t;
    type httpd_t;
    type httpd_config_t;
    type smtp_port_t;
    type http_port_t;
    type public_content_rw_t;
    type unreserved_port_t;
    type var_t;
    class tcp_socket name_connect;
    class dir { add_name create rename reparent rmdir };
    class file { append create execute execute_no_trans lock open read setattr unlink write };
}

#============= httpd_t =============
allow httpd_t http_port_t:tcp_socket name_connect;
allow httpd_t httpd_config_t:dir add_name;
allow httpd_t httpd_config_t:file {append create};

allow httpd_t smtp_port_t:tcp_socket name_connect;

allow httpd_t unreserved_port_t:tcp_socket name_connect;

#============= init_t ==============

allow init_t mysqld_port_t:tcp_socket name_connect;
allow init_t tmp_t:file unlink;
allow init_t user_home_t:dir { create rename reparent rmdir };
allow init_t user_home_t:file { append create execute execute_no_trans lock open read setattr unlink write };
allow init_t public_content_rw_t:file execute;
allow init_t public_content_rw_t:file { append create execute execute_no_trans lock open read setattr unlink write };
allow init_t var_t:file { append create execute execute_no_trans lock open read setattr unlink write };