module varnish-sepol 1.0;
require {
type varnishd_t;
class capability { fowner fsetid };
}
#============= varnishd_t ==============
allow varnishd_t self:capability fowner;
allow varnishd_t self:capability fsetid;