1type ip_link_add, domain; 2type ip_link_add_exec, exec_type, vendor_file_type, file_type; 3 4init_daemon_domain(ip_link_add) 5 6allow ip_link_add self:capability { net_admin net_raw sys_module }; 7allow ip_link_add self:udp_socket { create ioctl }; 8allow ip_link_add self:netlink_route_socket { bind create nlmsg_write read write }; 9 10allow ip_link_add kernel:system module_request; 11