module nagios-socket 1.1;

require {
        type nagios_t;
        type nagios_spool_t;
        class sock_file { write create unlink };
        class unix_stream_socket connectto;
}


#============= nagios_t ==============

#!!!! This avc is allowed in the current policy
allow nagios_t nagios_spool_t:sock_file { write create unlink };
#!!!! This avc can be allowed using the boolean 'daemons_enable_cluster_mode'
allow nagios_t self:unix_stream_socket connectto;