domtrans_pattern($1, cfengine_server_exec_t, cfengine_server_t)
')
+########################################
+## <summary>
+## Read cfengine lib files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`cfengine_read_lib_files',`
+ gen_require(`
+ type cfengine_var_lib_t;
+ ')
+
+ files_search_var_lib($1)
+ read_files_pattern($1, cfengine_var_lib_t, cfengine_var_lib_t)
+')
+
kernel_dontaudit_search_kernel_sysctl(puppet_t)
kernel_read_system_state(puppet_t)
kernel_read_crypto_sysctls(puppet_t)
+kernel_read_kernel_sysctls(puppet_t)
+corecmd_read_all_executables(puppet_t)
+corecmd_dontaudit_access_all_executables(puppet_t)
corecmd_exec_bin(puppet_t)
corecmd_exec_shell(puppet_t)
files_manage_config_dirs(puppet_t)
files_manage_etc_dirs(puppet_t)
files_manage_etc_files(puppet_t)
+files_read_usr_files(puppet_t)
files_read_usr_symlinks(puppet_t)
files_relabel_config_dirs(puppet_t)
files_relabel_config_files(puppet_t)
term_dontaudit_getattr_unallocated_ttys(puppet_t)
term_dontaudit_getattr_all_ttys(puppet_t)
+auth_use_nsswitch(puppet_t)
+auth_read_passwd(puppet_t)
+
init_all_labeled_script_domtrans(puppet_t)
init_domtrans_script(puppet_t)
init_read_utmp(puppet_t)
seutil_domtrans_setfiles(puppet_t)
seutil_domtrans_semanage(puppet_t)
+seutil_read_file_contexts(puppet_t)
sysnet_dns_name_resolve(puppet_t)
sysnet_run_ifconfig(puppet_t, system_r)
files_manage_non_security_files(puppet_t)
')
+optional_policy(`
+ cfengine_read_lib_files(puppet_t)
+')
+
optional_policy(`
consoletype_domtrans(puppet_t)
')
mount_domtrans(puppet_t)
')
+optional_policy(`
+ mta_send_mail(puppet_t)
+')
+
optional_policy(`
files_rw_var_files(puppet_t)