# ------------------------------------------------------------------
#
#    Copyright (C) 2002-2005 Novell/SUSE
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------

abi <abi/4.0>,

include <tunables/global>

profile rpc.statd /{usr/,}sbin/rpc.statd {
  include <abstractions/base>
  include <abstractions/hosts_access>
  include <abstractions/nameservice>

  # needed to sanely drop privileges
  capability setgid,
  capability setuid,

  # changes ownership of pidfile
  capability chown,

  # needed to drop capabilities
  capability setpcap,

  owner @{PROC}/@{pid}/fd/         r,
  @{PROC}/fs/lockd/nlm_end_grace   w,
  @{PROC}/sys/fs/nfs/**            r,
  @{PROC}/sys/fs/nfs/nsm_local_state w,

  /etc/netconfig                   r,
  /etc/nfs.conf                    rk,
  /etc/nfs.conf.d/                 r,
  /etc/nfs.conf.d/*                rk,
  /etc/rpc                         r,
  /{usr/,}sbin/rpc.statd           mrix,
  /{usr/,}sbin/sm-notify           mrix,
  /var/lib/nfs/sm/                 r,
  /var/lib/nfs/sm/*                rw,
  /var/lib/nfs/sm.bak/             r,
  /var/lib/nfs/statd/              rw,
  /var/lib/nfs/statd/sm/           r,
  /var/lib/nfs/statd/sm/*          rwl,
  /var/lib/nfs/statd/state         rw,
  /var/lib/nfs/statd/sm.bak/       r,
  /var/lib/nfs/statd/sm.bak/*      rwl,
  /var/lib/nfs/state               rwk,
  /var/lib/nfs/state.new           rwl,
  @{run}/rpc.statd.pid             w,
  @{run}/rpcbind.sock              rw,
  @{run}/sm-notify.pid             w,

  # Site-specific additions and overrides. See local/README for details.
  include if exists <local/sbin.rpc.statd>
}