allow $1_t self:process { signal getcap getsched setsched setrlimit setexec };
allow $1_t self:tcp_socket create_stream_socket_perms;
allow $1_t self:udp_socket create_socket_perms;
+ allow $1_t self:tun_socket create_socket_perms;
# ssh agent connections:
allow $1_t self:unix_stream_socket create_stream_socket_perms;
allow $1_t self:shm create_shm_perms;
corenet_sendrecv_ssh_client_packets(ssh_t)
corenet_tcp_bind_generic_node(ssh_t)
corenet_tcp_bind_all_unreserved_ports(ssh_t)
+corenet_rw_tun_tap_dev(ssh_t)
dev_read_rand(ssh_t)
dev_read_urand(ssh_t)