# IPv6 proxying
type ipv6proxy, domain;
type ipv6proxy_exec, exec_type, vendor_file_type, file_type;

init_daemon_domain(ipv6proxy)
net_domain(ipv6proxy)

# Allow ipv6proxy to be run by execns in its own domain
domain_auto_trans(execns, ipv6proxy_exec, ipv6proxy);
allow ipv6proxy execns:fd use;

allow ipv6proxy self:capability { sys_admin sys_module net_admin net_raw };
allow ipv6proxy self:packet_socket { bind create read };
allow ipv6proxy self:netlink_route_socket nlmsg_write;
allow ipv6proxy varrun_file:dir search;
allowxperm ipv6proxy self:udp_socket ioctl { SIOCSIFFLAGS SIOCGIFHWADDR };