Policy: /usr/local/sbin/snmpd, Emulation: native
	native-fsread: filename eq "/usr/libexec/ld.so" then permit
	native-read: permit
	native-mmap: permit
	native-issetugid: permit
	native-__sysctl: permit
	native-fsread: filename eq "/var/run/ld.so.hints" then permit
	native-fsread: filename eq "/usr/local/lib/libucdagent.so.42.2" then permit
	native-mprotect: permit
	native-close: permit
	native-fsread: filename eq "/usr/local/lib/libucdmibs.so.42.2" then permit
	native-fsread: filename eq "/usr/lib/libwrap.so.2.0" then permit
	native-fsread: filename eq "/usr/local/lib/libsnmp.so.42.2" then permit
	native-fsread: filename eq "/usr/lib/libcrypto.so.6.0" then permit
	native-fsread: filename eq "/usr/lib/libdes.so.7.0" then permit
	native-fsread: filename eq "/usr/lib/libkvm.so.6.0" then permit
	native-fsread: filename eq "/usr/lib/libz.so.1.4" then permit
	native-fsread: filename eq "/usr/lib/libm.so.0.1" then permit
	native-fsread: filename eq "/usr/lib/libc.so.28.5" then permit
	native-munmap: permit
	native-fsread: filename match "/<non-existent filename>*" then deny[enoent]
	native-break: permit
	native-fswrite: filename eq "/var/log/snmpd" then permit
	native-fstat: permit
	native-fork: permit
	native-exit: permit
	native-gettimeofday: permit
	native-fsread: filename eq "/dev/mem" then permit
	native-fsread: filename eq "/dev/kmem" then permit
	native-fsread: filename eq "/dev/drum" then permit
	native-fsread: filename eq "/var/db/kvm_bsd.db" then permit
	native-fcntl: permit
	native-pread: permit
	native-fsread: filename eq "/var/db/kvm_ksyms.db" then permit
	native-fsread: filename eq "/dev/ksyms" then permit
	native-fsread: filename eq "/etc/services" then permit
	native-fsread: filename eq "/usr/local/share/snmp/snmpd.conf" then permit
	native-fsread: filename eq "/usr/local/share/snmp/snmpd.local.conf" then permit
	native-fsread: filename eq "/var/ucd-snmp/snmpd.0.conf" then permit
	native-fsread: filename eq "/var/ucd-snmp/snmpd.conf" then permit
	native-fsread: filename eq "/var/ucd-snmp/snmpd.local.conf" then permit
	native-fsread: filename eq "/<non-existent filename>: /etc/snmp/snmp.conf" then permit
	native-fsread: filename eq "/<non-existent filename>: /etc/snmp/snmp.local.conf" then permit
	native-fsread: filename eq "/usr/local/share/snmp/snmp.conf" then permit
	native-fsread: filename eq "/usr/local/share/snmp/snmp.local.conf" then permit
	native-fsread: filename eq "/var/ucd-snmp/snmp.0.conf" then permit
	native-fsread: filename eq "/var/ucd-snmp/snmp.conf" then permit
	native-fsread: filename eq "/var/ucd-snmp/snmp.local.conf" then permit
	native-fsread: filename eq "/etc/resolv.conf" then permit
	native-fsread: filename eq "/etc/hosts" then permit
	native-getpid: permit
	native-fsread: filename eq "/dev/arandom" then permit
	native-getuid: permit
	native-fsread: filename eq "/usr/local/share/snmp/mibs/.index" then permit
	native-fsread: filename eq "/usr/local/share/snmp/mibs" then permit
	native-fsread: filename match "/usr/local/share/snmp/mibs/*" then permit
	native-fsread: filename eq "/etc/snmpd.conf" then permit
	native-socket: permit
	native-bind: sockaddr eq "inet-[0.0.0.0]:161" then permit
	native-sigaction: permit
	native-rename: filename eq "/var/ucd-snmp/snmpd.conf" and filename[1] eq "/var/ucd-snmp/snmpd.0.conf" then permit
	native-umask: permit
	native-fsread: filename eq "/var" then permit
	native-fsread: filename eq "/var/ucd-snmp" then permit
	native-fswrite: filename eq "/var/ucd-snmp/snmpd.conf" then permit
	native-lseek: permit
	native-write: permit
	native-fswrite: filename eq "/var/ucd-snmp/snmpd.0.conf" then permit
	native-fsread: filename eq "/var/ucd-snmp/snmpd.1.conf" then permit
	native-fsread: filename eq "/var/ucd-snmp/snmpd.2.conf" then permit
	native-fsread: filename eq "/var/ucd-snmp/snmpd.3.conf" then permit
	native-fsread: filename eq "/var/ucd-snmp/snmpd.4.conf" then permit
	native-fsread: filename eq "/var/ucd-snmp/snmpd.5.conf" then permit
	native-fsread: filename eq "/var/ucd-snmp/snmpd.6.conf" then permit
	native-fsread: filename eq "/var/ucd-snmp/snmpd.7.conf" then permit
	native-fsread: filename eq "/var/ucd-snmp/snmpd.8.conf" then permit
	native-fsread: filename eq "/var/ucd-snmp/snmpd.9.conf" then permit
	native-fsread: filename eq "/var/ucd-snmp/snmpd.10.conf" then permit
	native-ioctl: permit
	native-select: permit
	native-recvfrom: permit
	native-sigprocmask: permit
	native-fsread: filename eq "/etc/hosts.allow" then permit
	native-fsread: filename eq "/etc/hosts.deny" then permit
	native-sendto: true then permit
	native-pipe: permit
	native-fswrite: filename eq "/var/ucd-snmp/.snmp-exec-cache" then permit
	native-dup: permit
	native-getrlimit: permit
	native-nanosleep: permit
	native-fswrite: filename eq "/dev/null" then permit
	native-execve: filename eq "/bin/ps" and argv eq "/bin/ps acx" then permit
	native-wait4: permit
	native-fsread: filename eq "/var/ucd-snmp/.snmp-exec-cache" then permit
	native-sigreturn: permit
# last think: allow ps to read extra files
	native-fsread: filename eq "/var/run/dev.db" then permit
	native-fsread: filename eq "/usr/share/nls/C/libc.cat" then permit

