module gestioip 1.0;

require {
	type mysqld_safe_t;
	type httpd_sys_script_t;
	type mysqld_port_t;
	type user_home_t;
	type home_root_t;
	class capability { setuid net_raw };
	class tcp_socket name_connect;
	class dir search;
	class rawip_socket { write getopt create read setopt };
}

#============= httpd_sys_script_t ==============
allow httpd_sys_script_t mysqld_port_t:tcp_socket name_connect;
allow httpd_sys_script_t self:capability { setuid net_raw };
allow httpd_sys_script_t self:rawip_socket { write getopt create read setopt };

#============= mysqld_safe_t ==============
allow mysqld_safe_t home_root_t:dir search;
allow mysqld_safe_t user_home_t:dir search;