# DHCP client
type dhcpclient, domain;
type dhcpclient_exec, exec_type, vendor_file_type, file_type;

init_daemon_domain(dhcpclient)
net_domain(dhcpclient)

dontaudit dhcpclient kernel:system module_request;
allow dhcpclient self:capability { net_admin net_raw };
allow dhcpclient self:udp_socket create;
allow dhcpclient self:netlink_route_socket { write nlmsg_write };
allow dhcpclient varrun_file:dir search;
allow dhcpclient self:packet_socket { create bind write read };
allowxperm dhcpclient self:udp_socket ioctl { SIOCSIFFLAGS
                                              SIOCSIFADDR
                                              SIOCSIFNETMASK
                                              SIOCSIFMTU
                                              SIOCGIFHWADDR };