module zabbix_server 1.2;

require {
        type zabbix_var_run_t;
        type zabbix_t;
        type zabbix_var_lib_t;
        type mysqld_db_t;
        class sock_file { create unlink write };
        class unix_stream_socket connectto;
        class file { execute execute_no_trans };
        class capability dac_override;
}

#============= zabbix_t ==============
allow zabbix_t self:unix_stream_socket connectto;
allow zabbix_t self:capability dac_override;
allow zabbix_t zabbix_var_lib_t:file { execute execute_no_trans };
allow zabbix_t zabbix_var_run_t:sock_file { create unlink };
allow zabbix_t mysqld_db_t:sock_file write;