#DESC distcc - Distributed compiler daemon
#
# Author: Chris PeBenito <pebenito@gentoo.org>
#

daemon_domain(distccd)
can_network_server(distccd_t)
can_ypbind(distccd_t)
log_domain(distccd)
tmp_domain(distccd)

type distccd_port_t, port_type;
allow distccd_t distccd_port_t:tcp_socket name_bind;
allow distccd_t self:capability { setgid setuid };

# distccd can renice
allow distccd_t self:process setsched;

# compiler stuff
allow distccd_t { bin_t sbin_t }:dir { search getattr };
allow distccd_t { bin_t sbin_t }:lnk_file { getattr read };
can_exec(distccd_t,bin_t)
can_exec(distccd_t,lib_t)

# comm stuff
allow distccd_t net_conf_t:file r_file_perms;
allow distccd_t self:{ unix_stream_socket unix_dgram_socket } { create connect read write };
allow distccd_t self:fifo_file { read write getattr };

# config access
allow distccd_t { etc_t etc_runtime_t }:file r_file_perms;
allow distccd_t proc_t:file r_file_perms;

allow distccd_t var_t:dir search;
allow distccd_t admin_tty_type:chr_file { ioctl read write };