module zabbix_proxy 1.2;

require {
        type zabbix_var_run_t;
        type zabbix_var_lib_t;
        type zabbix_t;
        type ping_t;
        class sock_file { create unlink };
        class unix_stream_socket connectto;
        class file { getattr read execute execute_no_trans };
        class capability dac_override;
}

#============= ping_t ==============
allow ping_t zabbix_var_lib_t:file { getattr read };

#============= zabbix_t ==============
allow zabbix_t self:unix_stream_socket connectto;
allow zabbix_t zabbix_var_run_t:sock_file { create unlink };
allow zabbix_t self:capability dac_override;
allow zabbix_t zabbix_var_lib_t:file { execute execute_no_trans };