policy_module(mylikewise1, 1.0.0)

gen_require(`

	attribute likewise_domains;	

	type likewise_initrc_exec_t, dcerpcd_exec_t, eventlogd_exec_t, lsassd_exec_t;
	type lwiod_exec_t, lwregd_exec_t, lwsmd_exec_t, netlogond_exec_t, srvsvcd_exec_t;

	type likewise_var_lib_t, eventlogd_var_socket_t, lsassd_var_socket_t, lwiod_var_socket_t;
	type lwregd_var_socket_t, lwsmd_var_socket_t, lwsmd_var_lib_t, netlogond_var_socket_t;
	type likewise_pstore_lock_t, netlogond_var_lib_t, lsassd_var_lib_t, lwregd_var_lib_t;
	type eventlogd_var_lib_t, dcerpcd_var_socket_t, dcerpcd_var_lib_t, likewise_krb5_ad_t;

	type eventlogd_t, lsassd_t, lwiod_t, netlogond_t, lwsmd_t;
')

kernel_read_system_state(likewise_domains)

corenet_tcp_connect_epmap_port(eventlogd_t)
corenet_tcp_sendrecv_epmap_port(eventlogd_t)
corenet_sendrecv_epmap_client_packets(eventlogd_t)

domain_dontaudit_search_all_domains_state(lsassd_t)

allow lwiod_t self:process setrlimit;
allow lwiod_t self:capability sys_resource;

allow lwiod_t { likewise_krb5_ad_t netlogond_var_lib_t }:file read_file_perms;

stream_connect_pattern(lwiod_t, likewise_var_lib_t, netlogond_var_socket_t, netlogond_t)

allow lwsmd_t self:process setpgid;

allow lwsmd_t { likewise_krb5_ad_t netlogond_var_lib_t }:file read_file_perms;