--- /dev/null	1970-01-01 01:00:00.000000000 +0100
+++ policy/domains/program/unused/famd.te	2004-04-21 23:43:24.000000000 +0200
@@ -0,0 +1,27 @@
+# DESC famd - File Alteration Monitor (FAM) daemon
+#
+# Author: Thomas Bleher <ThomasBleher@gmx.de>
+
+rpc_domain(famd)
+allow famd_t self:unix_stream_socket create_stream_socket_perms;
+allow famd_t self:unix_dgram_socket { connect create write };
+allow famd_t self:fifo_file { read write };
+allow famd_t port_t:{ tcp_socket udp_socket } name_bind;
+
+# why does it need this?
+allow famd_t self:capability { chown setgid setuid };
+
+tmp_domain(famd)
+# read /etc/mtab
+allow famd_t etc_runtime_t:file read;
+
+# monitor all files
+allow famd_t { file_type - shadow_t }:dir { search getattr read };
+allow famd_t { file_type - shadow_t }:{ lnk_file file } getattr;
+allow famd_t { file_type - shadow_t }:lnk_file read;
+dontaudit famd_t { sysfs_t security_t domain proc_t }:dir { search getattr read };
+dontaudit famd_t { self proc_t }:{ file lnk_file } getattr;
+
+allow userdomain famd_tmp_t:sock_file write;
+allow userdomain famd_t:unix_stream_socket connectto;
+
--- policy/domains/program/unused/rpcd.te	2004-04-21 23:43:13.000000000 +0200
+++ policy/domains/program/unused/rpcd.te	2004-04-21 23:43:24.000000000 +0200
@@ -12,15 +12,2 @@
 #
-define(`rpc_domain', `
-daemon_base_domain($1)
-can_network($1_t)
-allow $1_t etc_t:file { getattr read };
-read_locale($1_t)
-allow $1_t self:capability net_bind_service;
-
-allow $1_t var_t:dir { getattr search };
-allow $1_t var_lib_t:dir { search };
-allow $1_t var_lib_nfs_t:dir create_dir_perms;
-allow $1_t var_lib_nfs_t:file create_file_perms;
-')
-
 # rpcd_t is the domain of rpc daemons.
--- /dev/null	1970-01-01 01:00:00.000000000 +0100
+++ policy/file_contexts/program/famd.fc	2004-04-21 23:43:24.000000000 +0200
@@ -0,0 +1,2 @@
+# famd
+/usr/sbin/famd				--	system_u:object_r:famd_exec_t
--- /dev/null	1970-01-01 01:00:00.000000000 +0100
+++ policy/macros/program/rpcd_macros.te	2004-04-21 23:43:24.000000000 +0200
@@ -0,0 +1,19 @@
+# Macros for RPCD-domains
+#
+# Authors:  Stephen Smalley <sds@epoch.ncsc.mil> and Timothy Fraser  
+#           Russell Coker <russell@coker.com.au>
+#
+
+define(`rpc_domain', `
+daemon_base_domain($1)
+can_network($1_t)
+allow $1_t etc_t:file { getattr read };
+read_locale($1_t)
+allow $1_t self:capability net_bind_service;
+
+allow $1_t var_t:dir { getattr search };
+allow $1_t var_lib_t:dir { search };
+allow $1_t var_lib_nfs_t:dir create_dir_perms;
+allow $1_t var_lib_nfs_t:file create_file_perms;
+')
+