#usage: systrace -ai /usr/sbin/named -t /var/named -u named
#line 42  mean a '/var/named/' about configuration file
Policy: /usr/sbin/named, Emulation: native
	native-fsread: filename eq "/<non-existent filename>: /etc/malloc.conf" then permit
	native-issetugid: permit
	native-mmap: permit
	native-break: permit
	native-getuid: permit
	native-getgid: permit
	native-gettimeofday: permit
	native-getpid: permit
	native-umask: permit
	native-fsread: filename eq "/etc/irs.conf" then permit
	native-fsread: filename eq "/etc/hesiod.conf" then permit
	native-fsread: filename eq "/dev/arandom" then permit
	native-read: permit
	native-close: permit
	native-fsread: filename eq "/etc/resolv.conf" then permit
	native-fstat: permit
	native-fsread: filename eq "/etc/spwd.db" then permit
	native-fcntl: permit
	native-pread: permit
	native-getrlimit: permit
	native-chroot: filename eq "/var/named" then permit
	native-chdir: filename eq "/" then permit
	native-fsread: filename eq "/<non-existent filename>: /var/named/named.conf" then permit
	native-__sysctl: permit
	native-socket: permit
	native-connect: sockaddr eq "/dev/log" then permit
	native-sigprocmask: permit
	native-sigaction: permit
	native-fsread: filename eq "/etc/localtime" then permit
	native-fsread: filename eq "/<non-existent filename>: /usr/share/zoneinfo/GMT" then permit
	native-fsread: filename eq "/<non-existent filename>: /usr/share/zoneinfo/posixrules" then permit
	native-sendto: true then permit
	native-nanosleep: permit
	native-fsread: filename eq "/etc/services" then permit
	native-fsread: filename eq "/etc/protocols" then permit
	native-fsread: filename eq "/" then permit
	native-setrlimit: permit
	native-fsread: filename match "/*" then permit
	native-fsread: filename eq "/var/run/ndc" then permit
	native-setsockopt: permit
	native-bind: sockaddr eq "/var/run/ndc" then permit
	native-listen: permit
	native-chmod: filename eq "/var/run/ndc" and mode eq "600" then permit
	native-chown: filename eq "/var/run/ndc" and uid eq "0" and gid eq "0" then permit
	native-fsread: filename eq "/var/run/named.pid" then permit
	native-fswrite: filename eq "/<non-existent filename>: /var/run/named.pid" then permit
	native-fswrite: filename eq "/var/run/named.pid" then permit
	native-fchown: fd eq "3" and uid eq "70" and gid eq "70" then permit
	native-write: permit
	native-ioctl: permit
	native-getsockopt: permit
	native-bind: sockaddr match "inet-*:53" then permit
	native-bind: sockaddr eq "inet-[0.0.0.0]:0" then permit
	native-getsockname: permit
	native-fork: permit
	native-exit: permit
	native-setsid: permit
	native-fswrite: filename eq "/dev/null" then permit
	native-fchown: fd eq "5" and uid eq "70" and gid eq "70" then permit
	native-setgid: gid eq "70" then permit
	native-fsread: filename eq "/etc/group" then permit
	native-setgroups: permit
	native-setuid: uid eq "70" and uname eq "named" then permit
	native-select: permit
	native-recvfrom: permit
	native-accept: permit
	native-writev: permit
	native-getrusage: permit
	native-fswrite: filename eq "/var/run/ndc" then permit
	native-connect: sockaddr eq "/var/run/ndc" then permit
