dontaudit vpp_t self:capability2 block_suspend;
allow vpp_t self:process { execmem execstack setsched signal }; # too benevolent
dontaudit vpp_t self:capability2 block_suspend;
allow vpp_t self:process { execmem execstack setsched signal }; # too benevolent
allow vpp_t self:tun_socket { create relabelto relabelfrom };
allow vpp_t self:udp_socket { create ioctl };
allow vpp_t self:unix_dgram_socket { connect create ioctl };
allow vpp_t self:unix_stream_socket { create_stream_socket_perms connectto };
allow vpp_t self:tun_socket { create relabelto relabelfrom };
allow vpp_t self:udp_socket { create ioctl };
allow vpp_t self:unix_dgram_socket { connect create ioctl };
allow vpp_t self:unix_stream_socket { create_stream_socket_perms connectto };
manage_dirs_pattern(vpp_t, vpp_lib_t, vpp_lib_t)
manage_files_pattern(vpp_t, vpp_lib_t, vpp_lib_t)
manage_dirs_pattern(vpp_t, vpp_lib_t, vpp_lib_t)
manage_files_pattern(vpp_t, vpp_lib_t, vpp_lib_t)
files_var_lib_filetrans(vpp_t, vpp_lib_t, {file dir})
manage_dirs_pattern(vpp_t, vpp_log_t, vpp_log_t)
files_var_lib_filetrans(vpp_t, vpp_lib_t, {file dir})
manage_dirs_pattern(vpp_t, vpp_log_t, vpp_log_t)
manage_dirs_pattern(vpp_t, vpp_tmpfs_t, vpp_tmpfs_t)
manage_files_pattern(vpp_t, vpp_tmpfs_t, vpp_tmpfs_t)
manage_dirs_pattern(vpp_t, vpp_tmpfs_t, vpp_tmpfs_t)
manage_files_pattern(vpp_t, vpp_tmpfs_t, vpp_tmpfs_t)
fs_tmpfs_filetrans(vpp_t, vpp_tmpfs_t, { dir file })
read_files_pattern(vpp_t, vpp_config_rw_t, vpp_config_rw_t)
fs_tmpfs_filetrans(vpp_t, vpp_tmpfs_t, { dir file })
read_files_pattern(vpp_t, vpp_config_rw_t, vpp_config_rw_t)