--- services/vde.te	1970-01-01 01:00:00.000000000 +0100
+++ services/vde.te	2011-01-22 22:20:13.375000222 +0100
@@ -0,0 +1,56 @@
+policy_module(vde, 0.0.1)
+
+########################################
+#
+# Declarations
+#
+
+type vde_t;
+type vde_exec_t;
+init_daemon_domain(vde_t, vde_exec_t)
+
+type vde_initrc_exec_t;
+init_script_file(vde_initrc_exec_t)
+
+type vde_conf_t;
+files_type(vde_conf_t);
+
+type vde_var_lib_t;
+files_type(vde_var_lib_t)
+
+type vde_var_run_t;
+files_pid_file(vde_var_run_t)
+
+type vde_tmp_t;
+files_tmp_file(vde_tmp_t)
+
+########################################
+#
+# Local policy
+#
+
+allow vde_t self:process { signal_perms getcap setcap };
+allow vde_t self:capability { chown net_admin dac_override fowner fsetid };
+
+allow vde_t vde_tmp_t:sock_file manage_sock_file_perms;
+allow vde_t self:unix_stream_socket {  create_stream_socket_perms connectto };
+allow vde_t self:unix_dgram_socket create_socket_perms;
+files_tmp_filetrans(vde_t, vde_tmp_t, sock_file)
+
+manage_dirs_pattern(vde_t, vde_var_run_t, vde_var_run_t)
+manage_files_pattern(vde_t, vde_var_run_t, vde_var_run_t)
+manage_sock_files_pattern(vde_t, vde_var_run_t, vde_var_run_t)
+files_pid_filetrans(vde_t, vde_var_run_t, { dir file sock_file unix_dgram_socket })
+
+files_read_etc_files(vde_t)
+
+allow vde_t vde_conf_t:dir list_dir_perms;
+read_files_pattern(vde_t, vde_conf_t, vde_conf_t)
+read_lnk_files_pattern(vde_t, vde_conf_t, vde_conf_t)
+
+domain_use_interactive_fds(vde_t)
+userdom_use_user_terminals(vde_t)
+miscfiles_read_localization(vde_t)
+corenet_rw_tun_tap_dev(vde_t)
+
+logging_send_syslog_msg(vde_t)
--- services/vde.fc	1970-01-01 01:00:00.000000000 +0100
+++ services/vde.fc	2011-01-22 21:23:05.129000146 +0100
@@ -0,0 +1,7 @@
+/etc/init.d/vde		--	gen_context(system_u:object_r:vde_initrc_exec_t,s0)
+/usr/bin/vde_switch	--	gen_context(system_u:object_r:vde_exec_t,s0)
+/usr/sbin/vde_tunctl	--	gen_context(system_u:object_r:vde_exec_t,s0)
+/etc/vde2(/.*)?			gen_context(system_u:object_r:vde_conf_t,s0)
+/etc/vde2/libvdemgmt(/.*)?	gen_context(system_u:object_r:vde_conf_t,s0)
+/var/run/vde\.ctl(/.*)?		gen_context(system_u:object_r:vde_var_run_t,s0)
+/tmp/vde.[0-9-]*	-s	gen_context(system_u:object_r:vde_tmp_t,s0)