(block peertube
    (blockinherit container)
    (blockinherit restricted_net_container)
    (allow process process ( capability ( chown dac_override fowner fsetid kill net_bind_service setfcap setgid setpcap setuid sys_chroot ))) 

    (allow process flash_port_t ( tcp_socket (  name_bind ))) 
    (allow process http_port_t ( tcp_socket (  name_bind ))) 
    (allow process unreserved_port_t (tcp_socket (name_connect) ) )
    (allow process cifs_t (dir (setattr)))
    (allow process redis_port_t (tcp_socket (name_connect)))
    (allow process smtp_port_t (tcp_socket (name_connect)))
    (allow process postgresql_port_t (tcp_socket (name_connect)))


    (allow process container_file_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write ))) 
    (allow process container_file_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write ))) 
    (allow process container_file_t ( fifo_file ( getattr read write append ioctl lock open ))) 
    (allow process container_file_t ( sock_file ( append getattr open read write ))) 
    (allow process default_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
    (allow process default_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
    (allow process default_t ( fifo_file ( getattr read write append ioctl lock open )))
    (allow process default_t ( sock_file ( append getattr open read write )))
)