#
# Policy rules for nvmf-discoveryd daemon
#

-c opaque_net_connect revoke
-c unix_dgram_socket_bind revoke
-c unix_dgram_socket_connect revoke
-c unix_socket_create grant
-c unix_stream_socket_bind revoke
-c unix_stream_socket_connect revoke
-c unix_vmklink_socket_connect revoke

-p unix_dgram_socket_connect /dev/vmwSyslog grant

-s genericSys grant
-s ioctlSys grant
-s openSys grant
-s vsiReadSys grant
-s vsiWriteSys grant

# Deny everything
-r /

# except ...
-r /var/run/vmware/nvmf-discoveryd.PID w

