# Last Modified: Mon Oct 29 01:20:30 2012
#include <tunables/global>
/usr/sbin/hiawatha {
#include <abstractions/apache2-common>
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/php5>
capability chown,
capability dac_override,
capability fowner,
capability fsetid,
capability setgid,
capability setuid,
/bin/dash rix,
/etc/ImageMagick/policy.xml r,
owner /etc/hiawatha/ r,
/etc/hiawatha/** r,
/etc/host.conf r,
/etc/hosts r,
/etc/mailname r,
/etc/nsswitch.conf r,
owner /etc/passwd r,
/etc/php5/ r,
/etc/php5/** r,
/etc/postfix/** r,
/etc/protocols r,
/etc/resolv.conf r,
/etc/services r,
/etc/snmp/snmp.conf r,
/proc/*/auxv r,
owner /run/ r,
owner /run/** w,
/run/** r,
/sys/devices/system/cpu/ r,
owner /tmp/** rwk,
/usr/bin/php5-cgi rix,
/usr/lib/postfix/cleanup rix,
/usr/lib{,32,64}/** mr,
/usr/sbin/cgi-wrapper rix,
/usr/sbin/postdrop rix,
/usr/sbin/sendmail rix,
/usr/share/ r,
/usr/share/** r,
/var/lib/ r,
/var/lib/** r,
/var/lib/*/ rw,
/var/lib/hiawatha/** rw,
owner /var/lib/php5/** rw,
owner /var/log/hiawatha/** w,
/var/log/hiawatha/** r,
owner /var/run/ r,
owner /var/run/** w,
/var/run/** r,
/var/spool/postfix/** rw,
/var/spool/postfix/pid/** wk,
/var/www/ r,
/var/www/** rk,
/var/www/banshee/logfiles/** rw,
/var/www/banshee/hashes/** r,
/var/www/monitor/logfiles/** rw,
/var/www/infosec/banshee/logfiles/** rw,
}