#
# Policy rules for lsud daemon
#

-c unix_socket_create grant
-c unix_dgram_socket_bind grant
-c unix_dgram_socket_connect grant
-c unix_stream_socket_bind grant
-c unix_stream_socket_connect grant
-c unix_vmklink_socket_connect grant

-p unix_stream_socket_connect lsud-socket grant
-p unix_stream_socket_bind lsud-socket grant
-p unix_stream_socket_connect vmwLocalSocketAuthentication revoke
-p unix_stream_socket_bind vmwLocalSocketAuthentication revoke

-s cloneSys grant
-s genericSys grant
-s vsiReadSys grant
-s openSys grant
-s mprotectSys grant
-s ioctlSys grant
-s forkExecSys grant
-s forkSys grant
-s execSys grant
-s syncSys grant
-s killSys grant
-s vsiReadSys grant
-s vsiWriteSys grant

# Deny everything
-r /
# except ...

# Read and Execute
-r /bin x
-r /lib64 x
-r /usr x
-r /usr/lib64 x
-r /usr/lib64/vmware/lsuv2_plugins x
-r /opt/hp/hpssacli x
-r /opt/smartstorageadmin x

# Read only
-r /etc/localtime r
-r /etc/vmware/config r
-r /etc/vmware/default.map.d r
-r /etc/vmware/settings r
-r /etc/vmware/ssl/castore.pem r
-r /etc/vmware/ssl/fipsmodule.cnf r
-r /etc/vmware/ssl/openssl.cnf r
-r /etc/vmware/vsphereFeatures r
-r /usr/share/hwdata r

# All
-r /etc/banner w
-r /etc/config w
-r /var/log w
-r /var/core w
-r /dev/char/vmkdriver/ipmi0 w
-r /dev/char/vmkdriver/ipmi1 w
-r /dev/char/vmkdriver/ipmi2 w
-r /dev/char/vmkdriver/ipmi3 w
-r /dev/char/vmkdriver/random w
-r /dev/char/vmkdriver/urandom w
-r /dev/char/vmkdriver/vmwMgmtInfo w
-r /dev/char/vmkdriver/vmwMgmtNode0 w
-r /dev/char/vmkdriver/vmwMgmtNode1 w
-r /dev/char/vmkdriver/vmwMgmtNode2 w
-r /dev/char/vmkdriver/vmwMgmtNode3 w
-r /dev/char/vmkdriver/vmwMgmtNode4 w
-r /dev/char/vmkdriver/vmwMgmtNode5 w
-r /dev/char/vmkdriver/vmwMgmtNode6 w
-r /dev/char/vmkdriver/vmwMgmtNode7 w
-r /dev/char/vmkdriver/vmwMgmtNode8 w
-r /dev/char/vmkdriver/vmwMgmtNode9 w
-r /dev/char/vmkdriver/vmwMgmtNode10 w
-r /dev/char/vmkdriver/vmwMgmtNode11 w
-r /dev/char/vmkdriver/vmwMgmtNode12 w
-r /dev/char/vmkdriver/vmwMgmtNode13 w
-r /dev/char/vmkdriver/vmwMgmtNode14 w
-r /dev/char/vmkdriver/vmwMgmtNode15 w
-r /dev/char/vmkdriver/vmwMgmtNode16 w
-r /dev/char/vmkdriver/vmwMgmtNode17 w
-r /dev/char/vmkdriver/vmwMgmtNode18 w
-r /dev/char/vmkdriver/vmwMgmtNode19 w
-r /dev/char/vmkdriver/vmwMgmtNode20 w
-r /dev/char/vmkdriver/vmwMgmtNode21 w
-r /dev/char/vmkdriver/vmwMgmtNode22 w
-r /dev/char/vmkdriver/vmwMgmtNode23 w
-r /dev/char/vmkdriver/vmwMgmtNode24 w
-r /dev/char/vmkdriver/vmwMgmtNode25 w
-r /dev/char/vmkdriver/vmwMgmtNode26 w
-r /dev/char/vmkdriver/vmwMgmtNode27 w
-r /dev/char/vmkdriver/vmwMgmtNode28 w
-r /dev/char/vmkdriver/vmwMgmtNode29 w
-r /dev/char/vmkdriver/vmwMgmtNode30 w
-r /dev/char/vmkdriver/vmwMgmtNode31 w
-r /dev/char/vmkdriver/vmwMgmtNode32 w
-r /dev/char/vmkdriver/vmwMgmtNode33 w
-r /dev/char/vmkdriver/vmwMgmtNode34 w
-r /dev/char/vmkdriver/vmwMgmtNode35 w
-r /dev/char/vmkdriver/vmwMgmtNode36 w
-r /dev/char/vmkdriver/vmwMgmtNode37 w
-r /dev/char/vmkdriver/vmwMgmtNode38 w
-r /dev/char/vmkdriver/vmwMgmtNode39 w
-r /dev/char/vmkdriver/vmwMgmtNode40 w
-r /dev/char/vmkdriver/vmwMgmtNode41 w
-r /dev/char/vmkdriver/vmwMgmtNode42 w
-r /dev/char/vmkdriver/vmwMgmtNode43 w
-r /dev/char/vmkdriver/vmwMgmtNode44 w
-r /dev/char/vmkdriver/vmwMgmtNode45 w
-r /dev/char/vmkdriver/vmwMgmtNode46 w
-r /dev/char/vmkdriver/vmwMgmtNode47 w
-r /dev/char/vmkdriver/vmwMgmtNode48 w
-r /dev/char/vmkdriver/vmwMgmtNode49 w
-r /dev/char/vmkdriver/vmwMgmtNode50 w
-r /dev/char/vmkdriver/vmwMgmtNode51 w
-r /dev/char/vmkdriver/vmwMgmtNode52 w
-r /dev/char/vmkdriver/vmwMgmtNode53 w
-r /dev/char/vmkdriver/vmwMgmtNode54 w
-r /dev/char/vmkdriver/vmwMgmtNode55 w
-r /dev/char/vmkdriver/vmwMgmtNode56 w
-r /dev/char/vmkdriver/vmwMgmtNode57 w
-r /dev/char/vmkdriver/vmwMgmtNode58 w
-r /dev/char/vmkdriver/vmwMgmtNode59 w
-r /dev/char/vmkdriver/vmwMgmtNode60 w
-r /dev/char/vmkdriver/vmwMgmtNode61 w
-r /dev/char/vmkdriver/vmwMgmtNode62 w
-r /dev/char/vmkdriver/vmwMgmtNode63 w
-r /dev/char/vmkdriver/vmwMgmtNode64 w
-r /dev/char/vmkdriver/vmwMgmtNode65 w
-r /dev/char/vmkdriver/vmwMgmtNode66 w
-r /dev/char/vmkdriver/vmwMgmtNode67 w
-r /dev/char/vmkdriver/vmwMgmtNode68 w
-r /dev/char/vmkdriver/vmwMgmtNode69 w
-r /dev/char/vmkdriver/vmwMgmtNode70 w
-r /dev/char/vmkdriver/vmwMgmtNode71 w
-r /dev/char/vmkdriver/vmwMgmtNode72 w
-r /dev/char/vmkdriver/vmwMgmtNode73 w
-r /dev/char/vmkdriver/vmwMgmtNode74 w
-r /dev/char/vmkdriver/vmwMgmtNode75 w
-r /dev/char/vmkdriver/vmwMgmtNode76 w
-r /dev/char/vmkdriver/vmwMgmtNode77 w
-r /dev/char/vmkdriver/vmwMgmtNode78 w
-r /dev/char/vmkdriver/vmwMgmtNode79 w
-r /dev/char/vmkdriver/vmwMgmtNode80 w
-r /dev/char/vmkdriver/vmwMgmtNode81 w
-r /dev/char/vmkdriver/vmwMgmtNode82 w
-r /dev/char/vmkdriver/vmwMgmtNode83 w
-r /dev/char/vmkdriver/vmwMgmtNode84 w
-r /dev/char/vmkdriver/vmwMgmtNode85 w
-r /dev/char/vmkdriver/vmwMgmtNode86 w
-r /dev/char/vmkdriver/vmwMgmtNode87 w
-r /dev/char/vmkdriver/vmwMgmtNode88 w
-r /dev/char/vmkdriver/vmwMgmtNode89 w
-r /dev/char/vmkdriver/vmwMgmtNode90 w
-r /dev/char/vmkdriver/vmwMgmtNode91 w
-r /dev/char/vmkdriver/vmwMgmtNode92 w
-r /dev/char/vmkdriver/vmwMgmtNode93 w
-r /dev/char/vmkdriver/vmwMgmtNode94 w
-r /dev/char/vmkdriver/vmwMgmtNode95 w
-r /dev/char/vmkdriver/vmwMgmtNode96 w
-r /dev/char/vmkdriver/vmwMgmtNode97 w
-r /dev/char/vmkdriver/vmwMgmtNode98 w
-r /dev/char/vmkdriver/vmwMgmtNode99 w
-r /dev/char/vmkdriver/vmwMgmtNode100 w
-r /dev/char/vmkdriver/vmwMgmtNode101 w
-r /dev/char/vmkdriver/vmwMgmtNode102 w
-r /dev/char/vmkdriver/vmwMgmtNode103 w
-r /dev/char/vmkdriver/vmwMgmtNode104 w
-r /dev/char/vmkdriver/vmwMgmtNode105 w
-r /dev/char/vmkdriver/vmwMgmtNode106 w
-r /dev/char/vmkdriver/vmwMgmtNode107 w
-r /dev/char/vmkdriver/vmwMgmtNode108 w
-r /dev/char/vmkdriver/vmwMgmtNode109 w
-r /dev/char/vmkdriver/vmwMgmtNode110 w
-r /dev/char/vmkdriver/vmwMgmtNode111 w
-r /dev/char/vmkdriver/vmwMgmtNode112 w
-r /dev/char/vmkdriver/vmwMgmtNode113 w
-r /dev/char/vmkdriver/vmwMgmtNode114 w
-r /dev/char/vmkdriver/vmwMgmtNode115 w
-r /dev/char/vmkdriver/vmwMgmtNode116 w
-r /dev/char/vmkdriver/vmwMgmtNode117 w
-r /dev/char/vmkdriver/vmwMgmtNode118 w
-r /dev/char/vmkdriver/vmwMgmtNode119 w
-r /dev/char/vmkdriver/vmwMgmtNode120 w
-r /dev/char/vmkdriver/vmwMgmtNode121 w
-r /dev/char/vmkdriver/vmwMgmtNode122 w
-r /dev/char/vmkdriver/vmwMgmtNode123 w
-r /dev/char/vmkdriver/vmwMgmtNode124 w
-r /dev/char/vmkdriver/vmwMgmtNode125 w
-r /dev/char/vmkdriver/vmwMgmtNode126 w
-r /dev/char/vmkdriver/vmwMgmtNode127 w
-r /dev/char/vmkdriver/vmwMgmtNode128 w
-r /dev/char/vmkdriver/vmwMgmtNode129 w
-r /dev/char/vmkdriver/vmwMgmtNode130 w
-r /dev/char/vmkdriver/vmwMgmtNode131 w
-r /dev/char/vmkdriver/vmwMgmtNode132 w
-r /dev/char/vmkdriver/vmwMgmtNode133 w
-r /dev/char/vmkdriver/vmwMgmtNode134 w
-r /dev/char/vmkdriver/vmwMgmtNode135 w
-r /dev/char/vmkdriver/vmwMgmtNode136 w
-r /dev/char/vmkdriver/vmwMgmtNode137 w
-r /dev/char/vmkdriver/vmwMgmtNode138 w
-r /dev/char/vmkdriver/vmwMgmtNode139 w
-r /dev/char/vmkdriver/vmwMgmtNode140 w
-r /dev/char/vmkdriver/vmwMgmtNode141 w
-r /dev/char/vmkdriver/vmwMgmtNode142 w
-r /dev/char/vmkdriver/vmwMgmtNode143 w
-r /dev/char/vmkdriver/vmwMgmtNode144 w
-r /dev/char/vmkdriver/vmwMgmtNode145 w
-r /dev/char/vmkdriver/vmwMgmtNode146 w
-r /dev/char/vmkdriver/vmwMgmtNode147 w
-r /dev/char/vmkdriver/vmwMgmtNode148 w
-r /dev/char/vmkdriver/vmwMgmtNode149 w
-r /dev/char/vmkdriver/vmwMgmtNode150 w
-r /dev/char/vmkdriver/vmwMgmtNode151 w
-r /dev/char/vmkdriver/vmwMgmtNode152 w
-r /dev/char/vmkdriver/vmwMgmtNode153 w
-r /dev/char/vmkdriver/vmwMgmtNode154 w
-r /dev/char/vmkdriver/vmwMgmtNode155 w
-r /dev/char/vmkdriver/vmwMgmtNode156 w
-r /dev/char/vmkdriver/vmwMgmtNode157 w
-r /dev/char/vmkdriver/vmwMgmtNode158 w
-r /dev/char/vmkdriver/vmwMgmtNode159 w
-r /dev/char/vmkdriver/vmwMgmtNode160 w
-r /dev/char/vmkdriver/vmwMgmtNode161 w
-r /dev/char/vmkdriver/vmwMgmtNode162 w
-r /dev/char/vmkdriver/vmwMgmtNode163 w
-r /dev/char/vmkdriver/vmwMgmtNode164 w
-r /dev/char/vmkdriver/vmwMgmtNode165 w
-r /dev/char/vmkdriver/vmwMgmtNode166 w
-r /dev/char/vmkdriver/vmwMgmtNode167 w
-r /dev/char/vmkdriver/vmwMgmtNode168 w
-r /dev/char/vmkdriver/vmwMgmtNode169 w
-r /dev/char/vmkdriver/vmwMgmtNode170 w
-r /dev/char/vmkdriver/vmwMgmtNode171 w
-r /dev/char/vmkdriver/vmwMgmtNode172 w
-r /dev/char/vmkdriver/vmwMgmtNode173 w
-r /dev/char/vmkdriver/vmwMgmtNode174 w
-r /dev/char/vmkdriver/vmwMgmtNode175 w
-r /dev/char/vmkdriver/vmwMgmtNode176 w
-r /dev/char/vmkdriver/vmwMgmtNode177 w
-r /dev/char/vmkdriver/vmwMgmtNode178 w
-r /dev/char/vmkdriver/vmwMgmtNode179 w
-r /dev/char/vmkdriver/vmwMgmtNode180 w
-r /dev/char/vmkdriver/vmwMgmtNode181 w
-r /dev/char/vmkdriver/vmwMgmtNode182 w
-r /dev/char/vmkdriver/vmwMgmtNode183 w
-r /dev/char/vmkdriver/vmwMgmtNode184 w
-r /dev/char/vmkdriver/vmwMgmtNode185 w
-r /dev/char/vmkdriver/vmwMgmtNode186 w
-r /dev/char/vmkdriver/vmwMgmtNode187 w
-r /dev/char/vmkdriver/vmwMgmtNode188 w
-r /dev/char/vmkdriver/vmwMgmtNode189 w
-r /dev/char/vmkdriver/vmwMgmtNode190 w
-r /dev/char/vmkdriver/vmwMgmtNode191 w
-r /dev/char/vmkdriver/vmwMgmtNode192 w
-r /dev/char/vmkdriver/vmwMgmtNode193 w
-r /dev/char/vmkdriver/vmwMgmtNode194 w
-r /dev/char/vmkdriver/vmwMgmtNode195 w
-r /dev/char/vmkdriver/vmwMgmtNode196 w
-r /dev/char/vmkdriver/vmwMgmtNode197 w
-r /dev/char/vmkdriver/vmwMgmtNode198 w
-r /dev/char/vmkdriver/vmwMgmtNode199 w
-r /dev/char/vmkdriver/vmwMgmtNode200 w
-r /dev/char/vmkdriver/vmwMgmtNode201 w
-r /dev/char/vmkdriver/vmwMgmtNode202 w
-r /dev/char/vmkdriver/vmwMgmtNode203 w
-r /dev/char/vmkdriver/vmwMgmtNode204 w
-r /dev/char/vmkdriver/vmwMgmtNode205 w
-r /dev/char/vmkdriver/vmwMgmtNode206 w
-r /dev/char/vmkdriver/vmwMgmtNode207 w
-r /dev/char/vmkdriver/vmwMgmtNode208 w
-r /dev/char/vmkdriver/vmwMgmtNode209 w
-r /dev/char/vmkdriver/vmwMgmtNode210 w
-r /dev/char/vmkdriver/vmwMgmtNode211 w
-r /dev/char/vmkdriver/vmwMgmtNode212 w
-r /dev/char/vmkdriver/vmwMgmtNode213 w
-r /dev/char/vmkdriver/vmwMgmtNode214 w
-r /dev/char/vmkdriver/vmwMgmtNode215 w
-r /dev/char/vmkdriver/vmwMgmtNode216 w
-r /dev/char/vmkdriver/vmwMgmtNode217 w
-r /dev/char/vmkdriver/vmwMgmtNode218 w
-r /dev/char/vmkdriver/vmwMgmtNode219 w
-r /dev/char/vmkdriver/vmwMgmtNode220 w
-r /dev/char/vmkdriver/vmwMgmtNode221 w
-r /dev/char/vmkdriver/vmwMgmtNode222 w
-r /dev/char/vmkdriver/vmwMgmtNode223 w
-r /dev/char/vmkdriver/vmwMgmtNode224 w
-r /dev/char/vmkdriver/vmwMgmtNode225 w
-r /dev/char/vmkdriver/vmwMgmtNode226 w
-r /dev/char/vmkdriver/vmwMgmtNode227 w
-r /dev/char/vmkdriver/vmwMgmtNode228 w
-r /dev/char/vmkdriver/vmwMgmtNode229 w
-r /dev/char/vmkdriver/vmwMgmtNode230 w
-r /dev/char/vmkdriver/vmwMgmtNode231 w
-r /dev/char/vmkdriver/vmwMgmtNode232 w
-r /dev/char/vmkdriver/vmwMgmtNode233 w
-r /dev/char/vmkdriver/vmwMgmtNode234 w
-r /dev/char/vmkdriver/vmwMgmtNode235 w
-r /dev/char/vmkdriver/vmwMgmtNode236 w
-r /dev/char/vmkdriver/vmwMgmtNode237 w
-r /dev/char/vmkdriver/vmwMgmtNode238 w
-r /dev/char/vmkdriver/vmwMgmtNode239 w
-r /dev/char/vmkdriver/vmwMgmtNode240 w
-r /dev/char/vmkdriver/vmwMgmtNode241 w
-r /dev/char/vmkdriver/vmwMgmtNode242 w
-r /dev/char/vmkdriver/vmwMgmtNode243 w
-r /dev/char/vmkdriver/vmwMgmtNode244 w
-r /dev/char/vmkdriver/vmwMgmtNode245 w
-r /dev/char/vmkdriver/vmwMgmtNode246 w
-r /dev/char/vmkdriver/vmwMgmtNode247 w
-r /dev/char/vmkdriver/vmwMgmtNode248 w
-r /dev/char/vmkdriver/vmwMgmtNode249 w
-r /dev/char/vmkdriver/vmwMgmtNode250 w
-r /dev/char/vmkdriver/vmwMgmtNode251 w
-r /dev/char/vmkdriver/vmwMgmtNode252 w
-r /dev/char/vmkdriver/vmwMgmtNode253 w
-r /dev/char/vmkdriver/vmwMgmtNode254 w
-r /dev/char/vmkdriver/vmwMgmtNode255 w
-r /dev/disks w
-r /etc/vmware/schemastore w
-r /etc/vmware/configstore w
-r /dev/char/mem/null w
-r /tmp w
