module fail2ban-journal-sepol 1.0;

require {
	type fail2ban_client_exec_t;
	type logrotate_t;
	type fail2ban_t;
        type var_run_t;
        type syslogd_t;
	type syslogd_var_run_t;
	class dir read;
	class file { ioctl read execute execute_no_trans open getattr };
}

#============= fail2ban_t ==============

allow fail2ban_t var_run_t:file { read  getattr open };
allow fail2ban_t syslogd_var_run_t:dir read;
allow fail2ban_t syslogd_var_run_t:file { read getattr open };

#============= syslogd_t ==============
allow syslogd_t var_run_t:file { read getattr open };

#============= logrotate_t ==============
allow logrotate_t fail2ban_client_exec_t:file { ioctl read execute execute_no_trans open };