Policy: /bin/ksh, Emulation: native
	native-__sysctl: permit
	native-break: permit
	native-chdir: permit
	native-close: permit
	native-execve: filename eq "/usr/bin/sudo" then deny
	native-execve: filename eq "/usr/bin/at" then deny
	native-execve: filename eq "/usr/bin/crontab" then deny
	native-execve: filename match "/bin/*" then permit
	native-execve: filename match "$CWD/*" then permit
	native-execve: filename match "/sbin/*" then permit
	native-execve: filename match "/usr/X11R6/bin/*" then permit
	native-execve: filename match "/usr/bin/*" then permit
	native-execve: filename match "/usr/local/bin/*" then permit
	native-execve: filename match "/usr/sbin/*" then permit
	native-exit: permit
	native-fcntl: permit
	native-fork: permit
	native-fsread: true then permit
	native-fstat: permit
	native-fstatfs: permit
	native-fswrite: true then permit
	native-getdirentries: permit
	native-getegid: permit
	native-geteuid: permit
	native-getgid: permit
	native-getpgrp: permit
	native-getpid: permit
	native-getppid: permit
	native-getrusage: permit
	native-gettimeofday: permit
	native-getuid: permit
	native-ioctl: permit
	native-issetugid: permit
	native-kill: permit
	native-lseek: permit
	native-mmap: permit
	native-munmap: permit
	native-pipe: permit
	native-read: permit
	native-setpgid: permit
	native-setpgid: permit
	native-sigaction: permit
	native-sigprocmask: permit
	native-sigreturn: permit
	native-sigsuspend: permit
	native-wait4: permit
	native-write: permit
	native-execve: filename eq "/usr/local/grace/bin/xmgrace" then permit
	native-execve: filename eq "/usr/local/sbin/dsniff" then permit
	native-execve: filename match "/usr/local/emul/redhat/usr/local/bin/*" then permit
	native-execve: filename match "$HOME/bin/*" then permit
	native-execve: filename eq "/usr/games/fortune" then permit
	native-execve: filename eq "/usr/local/AbiSuite/bin/AbiWord" then permit
	native-execve: filename eq "/usr/games/caesar" then permit

