hal_dontaudit_read_pid_files(domain)
')
+optional_policy(`
+ ipsec_match_default_spd(domain)
+')
+
optional_policy(`
ifdef(`hide_broken_symptoms',`
afs_rw_udp_sockets(domain)
stream_connect_pattern(ssh_t, ssh_agent_tmp_t, ssh_agent_tmp_t, ssh_agent_type)
allow ssh_t sshd_t:unix_stream_socket connectto;
+allow ssh_t sshd_t:peer recv;
# ssh client can manage the keys and config
manage_files_pattern(ssh_t, ssh_home_t, ssh_home_t)
allow $1 ipsec_spd_t:association polmatch;
allow $1 self:association sendto;
+ allow $1 self:peer recv;
')
########################################