# DNS, DHCP services
type dnsmasq, domain;
permissive_or_unconfined(dnsmasq)
type dnsmasq_exec, exec_type, file_type;

net_domain(dnsmasq)

allow dnsmasq self:capability { net_bind_service setgid setuid };

allow dnsmasq dhcp_data_file:dir w_dir_perms;
allow dnsmasq dhcp_data_file:file create_file_perms;