burn down the systrace

21 files changed, 20 insertions, 133 deletions

diff --git a/etc/Makefile b/etc/Makefile
index 6caba685a6e..dacfb00fb7e 100644
--- a/etc/Makefile
+++ b/etc/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.421 2016/03/09 16:28:46 deraadt Exp $
+#	$OpenBSD: Makefile,v 1.422 2016/04/25 20:38:10 tedu Exp $
 
 TZDIR=		/usr/share/zoneinfo
 LOCALTIME=	Canada/Mountain
@@ -154,9 +154,6 @@ distribution-etc-root-var: distrib-dirs
 	cd signify; \
 		${INSTALL} -c -o root -g wheel -m 644 *.pub \
 		    ${DESTDIR}/etc/signify
-	cd systrace; \
-		${INSTALL} -c -o root -g wheel -m 600 usr_sbin_lpd \
-		    ${DESTDIR}/etc/systrace; \
 	ln -fs ${TZDIR}/${LOCALTIME} ${DESTDIR}/etc/localtime
 	ln -fs /usr/sbin/rmt ${DESTDIR}/etc/rmt
 	${INSTALL} -c -o root -g wheel -m 644 minfree \
diff --git a/etc/etc.alpha/MAKEDEV.md b/etc/etc.alpha/MAKEDEV.md
index bde081d1f2a..8923212261c 100644
--- a/etc/etc.alpha/MAKEDEV.md
+++ b/etc/etc.alpha/MAKEDEV.md
@@ -1,6 +1,6 @@
 define(MACHINE,alpha)dnl
 vers(__file__,
-	{-$OpenBSD: MAKEDEV.md,v 1.65 2015/10/23 15:14:11 claudio Exp $-},
+	{-$OpenBSD: MAKEDEV.md,v 1.66 2016/04/25 20:38:10 tedu Exp $-},
 etc.MACHINE)dnl
 dnl
 dnl Copyright (c) 2001-2006 Todd T. Fries <todd@OpenBSD.org>
@@ -74,7 +74,6 @@ _DEV(radio, 59)
 _DEV(rnd, 34)
 _DEV(rmidi, 41)
 _DEV(speak, 40)
-_DEV(systrace, 50)
 _DEV(tun, 7)
 _DEV(tap, 68)
 _DEV(tuner, 58)
diff --git a/etc/etc.amd64/MAKEDEV.md b/etc/etc.amd64/MAKEDEV.md
index 949287cc5d9..80c73ff9612 100644
--- a/etc/etc.amd64/MAKEDEV.md
+++ b/etc/etc.amd64/MAKEDEV.md
@@ -1,6 +1,6 @@
 define(MACHINE,amd64)dnl
 vers(__file__,
-	{-$OpenBSD: MAKEDEV.md,v 1.64 2016/02/05 06:29:45 uebayasi Exp $-},
+	{-$OpenBSD: MAKEDEV.md,v 1.65 2016/04/25 20:38:10 tedu Exp $-},
 etc.MACHINE)dnl
 dnl
 dnl Copyright (c) 2001-2006 Todd T. Fries <todd@OpenBSD.org>
@@ -85,7 +85,6 @@ _DEV(radio, 76)
 _DEV(rnd, 45)
 _DEV(rmidi, 52)
 _DEV(speak, 27)
-_DEV(systrace, 78)
 _DEV(tun, 40)
 _DEV(tap, 93)
 _DEV(tuner, 49)
diff --git a/etc/etc.armish/MAKEDEV.md b/etc/etc.armish/MAKEDEV.md
index 1c5ccf0dac0..30375d41a13 100644
--- a/etc/etc.armish/MAKEDEV.md
+++ b/etc/etc.armish/MAKEDEV.md
@@ -1,6 +1,6 @@
 define(MACHINE,armish)dnl
 vers(__file__,
-	{-$OpenBSD: MAKEDEV.md,v 1.35 2015/10/23 15:14:11 claudio Exp $-},
+	{-$OpenBSD: MAKEDEV.md,v 1.36 2016/04/25 20:38:10 tedu Exp $-},
 etc.MACHINE)dnl
 dnl
 dnl Copyright (c) 2001-2004 Todd T. Fries <todd@OpenBSD.org>
@@ -81,7 +81,6 @@ _DEV(rmidi, 57)
 _DEV(tun, 33)
 _DEV(tap, 104)
 _DEV(uk, 28)
-_DEV(systrace, 50)
 _DEV(tuner, 75)
 _DEV(vi, 38)
 _DEV(vscsi, 100)
diff --git a/etc/etc.armv7/MAKEDEV.md b/etc/etc.armv7/MAKEDEV.md
index 473517a2f4e..2389fb763d1 100644
--- a/etc/etc.armv7/MAKEDEV.md
+++ b/etc/etc.armv7/MAKEDEV.md
@@ -1,6 +1,6 @@
 define(MACHINE,armv7)dnl
 vers(__file__,
-	{-$OpenBSD: MAKEDEV.md,v 1.9 2015/10/23 15:14:11 claudio Exp $-},
+	{-$OpenBSD: MAKEDEV.md,v 1.10 2016/04/25 20:38:10 tedu Exp $-},
 etc.MACHINE)dnl
 dnl
 dnl Copyright (c) 2001-2004 Todd T. Fries <todd@OpenBSD.org>
@@ -82,7 +82,6 @@ _DEV(rmidi, 57)
 _DEV(tun, 33)
 _DEV(tap, 104)
 _DEV(uk, 28)
-_DEV(systrace, 50)
 _DEV(tuner, 75)
 _DEV(vi, 38)
 _DEV(vscsi, 100)
diff --git a/etc/etc.hppa/MAKEDEV.md b/etc/etc.hppa/MAKEDEV.md
index 23afe2b6df0..b19188702c3 100644
--- a/etc/etc.hppa/MAKEDEV.md
+++ b/etc/etc.hppa/MAKEDEV.md
@@ -1,6 +1,6 @@
 define(MACHINE,hppa)dnl
 vers(__file__,
-	{-$OpenBSD: MAKEDEV.md,v 1.56 2015/10/23 15:14:11 claudio Exp $-},
+	{-$OpenBSD: MAKEDEV.md,v 1.57 2016/04/25 20:38:10 tedu Exp $-},
 etc.MACHINE)dnl
 dnl
 dnl Copyright (c) 2001-2006 Todd T. Fries <todd@OpenBSD.org>
@@ -69,7 +69,6 @@ _DEV(pdc, 22)
 _DEV(pf, 21)
 _DEV(pppx,57)
 _DEV(rnd, 20)
-_DEV(systrace, 34)
 _DEV(tun, 18)
 _DEV(tap, 59)
 _DEV(uk, 15)
diff --git a/etc/etc.hppa64/MAKEDEV.md b/etc/etc.hppa64/MAKEDEV.md
index 42aa7a4178a..639c4f521e5 100644
--- a/etc/etc.hppa64/MAKEDEV.md
+++ b/etc/etc.hppa64/MAKEDEV.md
@@ -1,6 +1,6 @@
 define(MACHINE,hppa64)dnl
 vers(__file__,
-	{-$OpenBSD: MAKEDEV.md,v 1.32 2015/10/23 15:14:11 claudio Exp $-},
+	{-$OpenBSD: MAKEDEV.md,v 1.33 2016/04/25 20:38:10 tedu Exp $-},
 etc.MACHINE)dnl
 dnl
 dnl Copyright (c) 2001-2006 Todd T. Fries <todd@OpenBSD.org>
@@ -68,7 +68,6 @@ _DEV(pdc, 22)
 _DEV(pf, 21)
 _DEV(pppx,57)
 _DEV(rnd, 20)
-_DEV(systrace, 34)
 _DEV(tun, 18)
 _DEV(tap, 59)
 _DEV(uk, 15)
diff --git a/etc/etc.i386/MAKEDEV.md b/etc/etc.i386/MAKEDEV.md
index cc4fd56c7f5..1ac717bab39 100644
--- a/etc/etc.i386/MAKEDEV.md
+++ b/etc/etc.i386/MAKEDEV.md
@@ -1,6 +1,6 @@
 define(MACHINE,i386)dnl
 vers(__file__,
-	{-$OpenBSD: MAKEDEV.md,v 1.78 2016/02/05 06:29:45 uebayasi Exp $-},
+	{-$OpenBSD: MAKEDEV.md,v 1.79 2016/04/25 20:38:11 tedu Exp $-},
 etc.MACHINE)dnl
 dnl
 dnl Copyright (c) 2001-2006 Todd T. Fries <todd@OpenBSD.org>
@@ -87,7 +87,6 @@ _DEV(radio, 76)
 _DEV(rnd, 45)
 _DEV(rmidi, 52)
 _DEV(speak, 27)
-_DEV(systrace, 78)
 _DEV(tun, 40)
 _DEV(tap, 94)
 _DEV(tuner, 49)
diff --git a/etc/etc.landisk/MAKEDEV.md b/etc/etc.landisk/MAKEDEV.md
index a2f7d81fe36..f576de6e80b 100644
--- a/etc/etc.landisk/MAKEDEV.md
+++ b/etc/etc.landisk/MAKEDEV.md
@@ -1,6 +1,6 @@
 define(MACHINE,landisk)dnl
 vers(__file__,
-	{-$OpenBSD: MAKEDEV.md,v 1.38 2015/10/23 15:14:11 claudio Exp $-},
+	{-$OpenBSD: MAKEDEV.md,v 1.39 2016/04/25 20:38:11 tedu Exp $-},
 etc.MACHINE)dnl
 dnl
 dnl Copyright (c) 2001-2004 Todd T. Fries <todd@OpenBSD.org>
@@ -82,7 +82,6 @@ _DEV(pppx,102)
 _DEV(radio, 97)
 _DEV(rnd, 40)
 _DEV(rmidi, 57)
-_DEV(systrace, 50)
 _DEV(tun, 33)
 _DEV(tap, 104)
 dnl _DEV(tuner, 75)
diff --git a/etc/etc.loongson/MAKEDEV.md b/etc/etc.loongson/MAKEDEV.md
index 11c112af02b..a354f9ca49b 100644
--- a/etc/etc.loongson/MAKEDEV.md
+++ b/etc/etc.loongson/MAKEDEV.md
@@ -1,6 +1,6 @@
 define(MACHINE,loongson)dnl
 vers(__file__,
-	{-$OpenBSD: MAKEDEV.md,v 1.22 2015/10/23 15:14:11 claudio Exp $-},
+	{-$OpenBSD: MAKEDEV.md,v 1.23 2016/04/25 20:38:11 tedu Exp $-},
 etc.MACHINE)dnl
 dnl
 dnl Copyright (c) 2001-2006 Todd T. Fries <todd@OpenBSD.org>
@@ -74,7 +74,6 @@ _DEV(pci, 29)
 _DEV(pf, 31)
 _DEV(pppx, 71)
 _DEV(rnd, 33)
-_DEV(systrace, 50)
 _DEV(tun, 13)
 _DEV(tap, 74)
 _DEV(uk, 32)
diff --git a/etc/etc.luna88k/MAKEDEV.md b/etc/etc.luna88k/MAKEDEV.md
index 853a1571fd7..d5650659036 100644
--- a/etc/etc.luna88k/MAKEDEV.md
+++ b/etc/etc.luna88k/MAKEDEV.md
@@ -1,6 +1,6 @@
 define(MACHINE,luna88k)dnl
 vers(__file__,
-	{-$OpenBSD: MAKEDEV.md,v 1.26 2015/10/23 15:14:11 claudio Exp $-},
+	{-$OpenBSD: MAKEDEV.md,v 1.27 2016/04/25 20:38:11 tedu Exp $-},
 etc.MACHINE)dnl
 dnl
 dnl Copyright (c) 2001-2006 Todd T. Fries <todd@OpenBSD.org>
@@ -105,7 +105,6 @@ _DEV(pcex, 25)
 _DEV(pf, 39)
 _DEV(pppx, 55)
 _DEV(rnd, 40)
-_DEV(systrace, 50)
 _DEV(tun, 23)
 _DEV(tap, 56)
 _DEV(uk, 41)
diff --git a/etc/etc.macppc/MAKEDEV.md b/etc/etc.macppc/MAKEDEV.md
index 466287eccc1..3ac6b53f8ce 100644
--- a/etc/etc.macppc/MAKEDEV.md
+++ b/etc/etc.macppc/MAKEDEV.md
@@ -1,6 +1,6 @@
 define(MACHINE,macppc)dnl
 vers(__file__,
-	{-$OpenBSD: MAKEDEV.md,v 1.65 2015/10/23 15:14:12 claudio Exp $-},
+	{-$OpenBSD: MAKEDEV.md,v 1.66 2016/04/25 20:38:11 tedu Exp $-},
 etc.MACHINE)dnl
 dnl
 dnl Copyright (c) 2001-2006 Todd T. Fries <todd@OpenBSD.org>
@@ -89,7 +89,6 @@ _DEV(pppx, 85)
 _DEV(radio, 76)
 _DEV(rnd, 40)
 _DEV(rmidi, 52)
-_DEV(systrace, 50)
 _DEV(tun, 23)
 _DEV(tap, 86)
 _DEV(tuner, 75)
diff --git a/etc/etc.octeon/MAKEDEV.md b/etc/etc.octeon/MAKEDEV.md
index 3bd32ad65b5..b8ca248fb73 100644
--- a/etc/etc.octeon/MAKEDEV.md
+++ b/etc/etc.octeon/MAKEDEV.md
@@ -1,6 +1,6 @@
 define(MACHINE,octeon)dnl
 vers(__file__,
-	{-$OpenBSD: MAKEDEV.md,v 1.8 2015/10/23 15:14:12 claudio Exp $-},
+	{-$OpenBSD: MAKEDEV.md,v 1.9 2016/04/25 20:38:11 tedu Exp $-},
 etc.MACHINE)dnl
 dnl
 dnl Copyright (c) 2001-2006 Todd T. Fries <todd@OpenBSD.org>
@@ -77,7 +77,6 @@ _DEV(pci, 29)
 _DEV(pf, 31)
 _DEV(pppx, 71)
 _DEV(rnd, 33)
-_DEV(systrace, 50)
 _DEV(tun, 13)
 _DEV(tap, 74)
 _DEV(uk, 32)
diff --git a/etc/etc.sgi/MAKEDEV.md b/etc/etc.sgi/MAKEDEV.md
index 4c942bdfcc5..9da0706300f 100644
--- a/etc/etc.sgi/MAKEDEV.md
+++ b/etc/etc.sgi/MAKEDEV.md
@@ -1,6 +1,6 @@
 define(MACHINE,sgi)dnl
 vers(__file__,
-	{-$OpenBSD: MAKEDEV.md,v 1.44 2015/10/23 15:14:12 claudio Exp $-},
+	{-$OpenBSD: MAKEDEV.md,v 1.45 2016/04/25 20:38:11 tedu Exp $-},
 etc.MACHINE)dnl
 dnl
 dnl Copyright (c) 2001-2006 Todd T. Fries <todd@OpenBSD.org>
@@ -82,7 +82,6 @@ _DEV(pci, 29)
 _DEV(pf, 31)
 _DEV(pppx, 70)
 _DEV(rnd, 33)
-_DEV(systrace, 50)
 _DEV(tun, 13)
 _DEV(tap, 74)
 _DEV(uk, 32)
diff --git a/etc/etc.socppc/MAKEDEV.md b/etc/etc.socppc/MAKEDEV.md
index 88256a71841..d6901885904 100644
--- a/etc/etc.socppc/MAKEDEV.md
+++ b/etc/etc.socppc/MAKEDEV.md
@@ -1,6 +1,6 @@
 define(MACHINE,socppc)dnl
 vers(__file__,
-	{-$OpenBSD: MAKEDEV.md,v 1.27 2015/10/23 15:14:12 claudio Exp $-},
+	{-$OpenBSD: MAKEDEV.md,v 1.28 2016/04/25 20:38:11 tedu Exp $-},
 etc.MACHINE)dnl
 dnl
 dnl Copyright (c) 2001-2006 Todd T. Fries <todd@OpenBSD.org>
@@ -69,7 +69,6 @@ _DEV(pf, 39)
 _DEV(pppx, 83)
 dnl _DEV(radio, 76)
 _DEV(rnd, 40)
-_DEV(systrace, 50)
 _DEV(tun, 23)
 _DEV(tap, 86)
 dnl _DEV(tuner, 75)
diff --git a/etc/etc.sparc/MAKEDEV.md b/etc/etc.sparc/MAKEDEV.md
index 66a5c16049c..d3e701cd10f 100644
--- a/etc/etc.sparc/MAKEDEV.md
+++ b/etc/etc.sparc/MAKEDEV.md
@@ -1,6 +1,6 @@
 define(MACHINE,sparc)dnl
 vers(__file__,
-	{-$OpenBSD: MAKEDEV.md,v 1.56 2015/10/23 15:14:12 claudio Exp $-},
+	{-$OpenBSD: MAKEDEV.md,v 1.57 2016/04/25 20:38:11 tedu Exp $-},
 etc.MACHINE)dnl
 dnl
 dnl Copyright (c) 2001-2006 Todd T. Fries <todd@OpenBSD.org>
@@ -102,7 +102,6 @@ _DEV(oppr)
 _DEV(pf, 59)
 _DEV(pppx, 130)
 _DEV(rnd, 119)
-_DEV(systrace, 50)
 _DEV(tun, 111)
 _DEV(tap, 132)
 _DEV(uk, 120)
diff --git a/etc/etc.sparc64/MAKEDEV.md b/etc/etc.sparc64/MAKEDEV.md
index 3daaa7fcba6..02c887ef524 100644
--- a/etc/etc.sparc64/MAKEDEV.md
+++ b/etc/etc.sparc64/MAKEDEV.md
@@ -1,6 +1,6 @@
 define(MACHINE,sparc64)dnl
 vers(__file__,
-	{-$OpenBSD: MAKEDEV.md,v 1.82 2015/10/23 15:14:12 claudio Exp $-},
+	{-$OpenBSD: MAKEDEV.md,v 1.83 2016/04/25 20:38:11 tedu Exp $-},
 etc.MACHINE)dnl
 dnl
 dnl Copyright (c) 2001-2006 Todd T. Fries <todd@OpenBSD.org>
@@ -120,7 +120,6 @@ _DEV(pf, 73)
 _DEV(pppx, 131)
 _DEV(rmidi, 68)
 _DEV(rnd, 119)
-_DEV(systrace, 50)
 _DEV(tun, 111)
 _DEV(tap, 135)
 _DEV(uk, 60)
diff --git a/etc/etc.zaurus/MAKEDEV.md b/etc/etc.zaurus/MAKEDEV.md
index b47861a953c..f85155e6b89 100644
--- a/etc/etc.zaurus/MAKEDEV.md
+++ b/etc/etc.zaurus/MAKEDEV.md
@@ -1,6 +1,6 @@
 define(MACHINE,zaurus)dnl
 vers(__file__,
-	{-$OpenBSD: MAKEDEV.md,v 1.41 2015/10/23 15:14:12 claudio Exp $-},
+	{-$OpenBSD: MAKEDEV.md,v 1.42 2016/04/25 20:38:11 tedu Exp $-},
 etc.MACHINE)dnl
 dnl
 dnl Copyright (c) 2001-2004 Todd T. Fries <todd@OpenBSD.org>
@@ -77,7 +77,6 @@ _DEV(pppx, 103)
 _DEV(radio, 97)
 _DEV(rnd, 40)
 _DEV(rmidi, 57)
-_DEV(systrace, 50)
 _DEV(tun, 33)
 _DEV(tap, 104)
 _DEV(tuner, 75)
diff --git a/etc/mtree/4.4BSD.dist b/etc/mtree/4.4BSD.dist
index fbf2e86d819..fd2ca984916 100644
--- a/etc/mtree/4.4BSD.dist
+++ b/etc/mtree/4.4BSD.dist
@@ -1,4 +1,4 @@
-#	$OpenBSD: 4.4BSD.dist,v 1.280 2016/03/09 16:28:46 deraadt Exp $
+#	$OpenBSD: 4.4BSD.dist,v 1.281 2016/04/25 20:38:11 tedu Exp $
 
 /set type=dir uname=root gname=wheel mode=0755
 
@@ -111,9 +111,6 @@ etc
         ..
     ..
 
-    # ./etc/systrace
-    systrace
-    ..
 ..
 
 # ./home
diff --git a/etc/mtree/special b/etc/mtree/special
index a8e3486fa55..87c2a512c10 100644
--- a/etc/mtree/special
+++ b/etc/mtree/special
@@ -1,4 +1,4 @@
-#	$OpenBSD: special,v 1.118 2016/04/20 21:14:44 schwarze Exp $
+#	$OpenBSD: special,v 1.119 2016/04/25 20:38:11 tedu Exp $
 #
 # Hand-crafted mtree specification for the dangerous files.
 #
@@ -108,8 +108,6 @@ ssh_host_rsa_key	type=file mode=0600 uname=root gname=wheel optional
 ssh_host_rsa_key.pub	type=file mode=0644 uname=root gname=wheel optional
 sshd_config	type=file mode=0644 uname=root gname=wheel
 ..	#ssh
-systrace	type=dir mode=0755 uname=root gname=wheel optional
-..	#systrace
 syslog.conf	type=file mode=0644 uname=root gname=wheel
 ttys		type=file mode=0644 uname=root gname=wheel
 weekly		type=file mode=0644 uname=root gname=wheel
diff --git a/etc/systrace/usr_sbin_lpd b/etc/systrace/usr_sbin_lpd
deleted file mode 100644
index 1ec24198b54..00000000000
--- a/etc/systrace/usr_sbin_lpd
+++ /dev/null
@@ -1,88 +0,0 @@
-# $OpenBSD: usr_sbin_lpd,v 1.9 2015/09/13 17:08:04 guenther Exp $
-#
-# Policy for lpd.
-# This policy works for the default configuration of lpd.
-#
-Policy: /usr/sbin/lpd, Emulation: native
-	native-accept: permit
-	native-bind: sockaddr eq "/var/run/printer" then permit
-	native-bind: sockaddr eq "inet-[0.0.0.0]:0" then permit
-	native-bind: sockaddr match "inet-*:515" then permit
-	native-break: permit
-	native-chdir: permit
-	native-chmod: filename eq "/var/run/printer" then permit
-	native-chown: filename eq "/var/run/printer" then permit
-	native-close: permit
-	native-connect: sockaddr match "inet-*:53" then permit
-	native-connect: sockaddr sub ":515" then permit
-	native-dup2: permit
-	native-exit: permit
-	native-fchmod: permit
-	native-fcntl: permit
-	native-fork: permit
-	native-fsread: filename eq "/etc/hosts" then permit
-	native-fsread: filename eq "/etc/malloc.conf" then permit
-	native-fsread: filename eq "/etc/printcap" then permit
-	native-fsread: filename eq "/etc/printcap.db" then permit
-	native-fsread: filename eq "/etc/pwd.db" then permit
-	native-fsread: filename eq "/etc/resolv.conf" then permit
-	native-fsread: filename eq "/etc/services" then permit
-	native-fsread: filename eq "/etc/spwd.db" then deny[eperm]
-	native-fsread: filename eq "/usr/libexec/ld.so" then permit
-	native-fsread: filename eq "/var/run/ld.so.hints" then permit
-	native-fsread: filename eq "<non-existent filename>" then deny[enoent]
-	native-fsread: filename match "/usr/lib" then permit
-	native-fsread: filename match "/usr/share/nls" then permit
-	native-fsread: filename match "/usr/share/zoneinfo" then permit
-	native-fsread: filename match "/var/spool/lpd" then permit
-	native-fsread: filename match "/var/spool/output" then permit
-	native-fstat: permit
-	native-fstatfs: permit
-	native-fswrite: filename eq "/dev/console" then permit
-	native-fswrite: filename eq "/dev/null" then permit
-	native-fswrite: filename eq "/var/log/lpd-errs" then permit
-	native-fswrite: filename eq "/var/run/lpd.pid" then permit
-	native-fswrite: filename eq "/var/run/printer" then permit
-	native-fswrite: filename match "/var/spool/lpd/*" then permit
-	native-fswrite: filename match "/var/spool/output/*" then permit
-	native-ftruncate: permit
-	native-getdirentries: permit
-	native-getegid: permit
-	native-getentropy: permit
-	native-geteuid: permit
-	native-getpid: permit
-	native-getsockname: permit
-	native-getsockopt: permit
-	native-gettimeofday: permit
-	native-issetugid: permit
-	native-kbind: permit
-	native-kill: permit
-	native-listen: permit
-	native-lseek: permit
-	native-minherit: permit
-	native-mmap: permit
-	native-mprotect: permit
-	native-mquery: permit
-	native-munmap: permit
-	native-nanosleep: permit
-	native-pread: permit
-	native-read: permit
-	native-recvfrom: permit
-	native-select: permit
-	native-sendsyslog: permit
-	native-sendto: permit
-	native-setegid: gid eq "1" then permit
-	native-seteuid: uid eq "0" then permit
-	native-seteuid: uid eq "1" then permit
-	native-setitimer: permit
-	native-setpgid: permit
-	native-setsid: permit
-	native-setsockopt: permit
-	native-sigaction: permit
-	native-sigprocmask: permit
-	native-sigreturn: permit
-	native-socket: permit
-	native-sysctl: permit
-	native-umask: permit
-	native-wait4: permit
-	native-write: permit