policy_module(mcollective, 1.0.0)

########################################
#
# Declarations
#

type mcollective_t;
type mcollective_exec_t;
init_daemon_domain(mcollective_t, mcollective_exec_t)
cron_system_entry(mcollective_t, mcollective_exec_t)

permissive mcollective_t;

type mcollective_etc_rw_t;
files_type(mcollective_etc_rw_t)

########################################
#
# mcollective local policy
#
allow mcollective_t self:fifo_file rw_fifo_file_perms;
allow mcollective_t self:unix_stream_socket create_stream_socket_perms;

manage_files_pattern(mcollective_t, mcollective_etc_rw_t, mcollective_etc_rw_t)
files_etc_filetrans(mcollective_t, mcollective_etc_rw_t, file, "facts.yaml")

domain_use_interactive_fds(mcollective_t)