1*57718be8SEnji Cooper > native-issetugid: permit 2*57718be8SEnji Cooper > native-mprotect: permit 3*57718be8SEnji Cooper > native-mmap: permit 4*57718be8SEnji Cooper > native-fsread: filename eq "/var/run/ld.so.hints" then pe 5*57718be8SEnji Cooper > native-fstat: permit 6*57718be8SEnji Cooper native-connect: sockaddr eq "inet-[127.0.0.1]:53" then pe | native-fsread: filename match "/usr/lib/libssl.so.*" then 7*57718be8SEnji Cooper native-connect: sockaddr match "inet-\\\[*\\\]:80" then p | native-read: permit 8*57718be8SEnji Cooper native-exit: permit | native-fsread: filename match "/usr/lib/libcrypto.so.*" t 9*57718be8SEnji Cooper native-fcntl: cmd eq "F_SETFD" then permit | native-fsread: filename match "/usr/lib/libncurses.so.*" 10*57718be8SEnji Cooper native-fsread: filename eq "/" then permit | native-fsread: filename match "/usr/lib/libc.so.*" then p 11*57718be8SEnji Cooper native-fsread: filename match "/<non-existent filename>: | native-munmap: permit 12*57718be8SEnji Cooper native-fsread: filename eq "/etc/lynx.cfg" then permit | native-sigprocmask: permit 13*57718be8SEnji Cooper native-fsread: filename eq "/etc/resolv.conf" then permit | native-getpid: permit 14*57718be8SEnji Cooper native-fsread: filename eq "/etc/utmp" then permit < 15*57718be8SEnji Cooper native-fsread: filename eq "/home" then permit < 16*57718be8SEnji Cooper native-fsread: filename eq "$HOME" then permit < 17*57718be8SEnji Cooper native-fsread: filename eq "$HOME/.lynx-keymaps" then per < 18*57718be8SEnji Cooper native-fsread: filename eq "$HOME/.lynxrc" then permit < 19*57718be8SEnji Cooper native-fsread: filename eq "$HOME/.mailcap" then permit < 20*57718be8SEnji Cooper native-fsread: filename eq "$HOME/.mime.types" then permi < 21*57718be8SEnji Cooper native-fsread: filename eq "$HOME/.terminfo" then permit < 22*57718be8SEnji Cooper native-fsread: filename eq "$HOME/.terminfo.db" then perm < 23*57718be8SEnji Cooper native-fsread: filename eq "/obj" then permit < 24*57718be8SEnji Cooper > native-fsread: filename eq "$HOME" then permit 25*57718be8SEnji Cooper > native-fsread: filename eq "/etc/lynx.cfg" then permit 26*57718be8SEnji Cooper > native-fsread: filename eq "/" then permit 27*57718be8SEnji Cooper > native-fsread: filename eq "/usr/obj/bin/systrace/." then 28*57718be8SEnji Cooper > native-fsread: filename eq "/usr/obj/bin" then permit 29*57718be8SEnji Cooper > native-fcntl: permit 30*57718be8SEnji Cooper > native-getdirentries: permit 31*57718be8SEnji Cooper > native-lseek: permit 32*57718be8SEnji Cooper > native-fsread: filename eq "/usr/obj" then permit 33*57718be8SEnji Cooper > native-fsread: filename eq "$HOME/.mime.types" then permi 34*57718be8SEnji Cooper > native-sigaction: permit 35*57718be8SEnji Cooper > native-ioctl: permit 36*57718be8SEnji Cooper > native-fsread: filename eq "$HOME/.terminfo.db" then perm 37*57718be8SEnji Cooper > native-fsread: filename eq "$HOME/.terminfo" then permit 38*57718be8SEnji Cooper > native-pread: permit 39*57718be8SEnji Cooper > native-write: permit 40*57718be8SEnji Cooper > native-fsread: filename eq "$HOME/.lynx-keymaps" then per 41*57718be8SEnji Cooper native-fsread: filename eq "/var/run/ld.so.hints" then pe | native-fsread: filename eq "/etc/utmp" then permit 42*57718be8SEnji Cooper native-fstat: permit < 43*57718be8SEnji Cooper native-fswrite: filename match "/tmp/lynx-*" then permit < 44*57718be8SEnji Cooper native-getdirentries: permit < 45*57718be8SEnji Cooper native-getpid: permit < 46*57718be8SEnji Cooper native-gettimeofday: permit < 47*57718be8SEnji Cooper native-ioctl: permit < 48*57718be8SEnji Cooper native-issetugid: permit < 49*57718be8SEnji Cooper native-lseek: permit < 50*57718be8SEnji Cooper native-mmap: permit < 51*57718be8SEnji Cooper native-mprotect: prot eq "PROT_READ" then permit < 52*57718be8SEnji Cooper native-mprotect: prot eq "PROT_READ|PROT_EXEC" then permi < 53*57718be8SEnji Cooper native-mprotect: prot eq "PROT_READ|PROT_WRITE" then perm < 54*57718be8SEnji Cooper native-mprotect: prot eq "PROT_READ|PROT_WRITE|PROT_EXEC" < 55*57718be8SEnji Cooper native-munmap: permit < 56*57718be8SEnji Cooper native-nanosleep: permit < 57*57718be8SEnji Cooper native-pread: permit | native-nanosleep: permit 58*57718be8SEnji Cooper native-read: permit | native-gettimeofday: permit 59*57718be8SEnji Cooper native-recvfrom: permit | native-fsread: filename eq "/etc/resolv.conf" then permit 60*57718be8SEnji Cooper native-select: permit < 61*57718be8SEnji Cooper native-sendto: true then permit < 62*57718be8SEnji Cooper native-sigaction: permit < 63*57718be8SEnji Cooper native-sigprocmask: permit < 64*57718be8SEnji Cooper > native-connect: sockaddr eq "inet-[127.0.0.1]:53" then pe 65*57718be8SEnji Cooper > native-sendto: true then permit 66*57718be8SEnji Cooper > native-select: permit 67*57718be8SEnji Cooper > native-recvfrom: permit 68*57718be8SEnji Cooper native-write: permit | native-connect: sockaddr match "inet-\\\[*\\\]:80" then p 69*57718be8SEnji Cooper > native-exit: permit 70