# Last Modified: Fri Aug 21 15:23:17 2015
#include <tunables/global>

/usr/sbin/haveged {
  #include <abstractions/base>
  #include <abstractions/consoles>

  # Required for ioctl RNDADDENTROPY
  capability sys_admin,

  owner @{PROC}/@{pid}/status r,

  @{PROC}/sys/kernel/osrelease r,
  @{PROC}/sys/kernel/random/poolsize r,
  @{PROC}/sys/kernel/random/write_wakeup_threshold w,
  /dev/random w,

  /dev/shm/sem.* rwl,

  /sys/devices/system/cpu/ r,
  /sys/devices/system/cpu/cpu*/cache/ r,
  /sys/devices/system/cpu/cpu*/cache/index*/{type,size,level} r,
  /usr/sbin/haveged mr,

  /run/haveged.pid w,

  #include <local/usr.sbin.haveged>
}