  include <abstractions/base>
  include <abstractions/consoles>
  include <abstractions/openssl>

  /{usr/,}etc/nsswitch.conf r,
  /{usr/,}etc/gai.conf r,
  /{usr/,}etc/host.conf r,
  /{usr/,}etc/resolv.conf r,

  /etc/hosts r,

  /etc/passwd r,
  /etc/group r,

  @{etc_ro}/pam.d/* r,

  /etc/ssh/** r,
  /usr/etc/ssh/** r,

  /etc/selinux/config r,

  /proc/@{pid}/oom_score_adj rw,

  network inet  stream,
  network inet6 stream,

  # for some weird reason it even does a port 22 connect
  network inet  dgram,
  network inet6 dgram,

  # seems for nscd
  network netlink raw,

  capability audit_write,
  capability net_admin,
  capability sys_resource,

  capability setgid,
  capability setuid,

  /{usr/,}sbin/sshd.hmac r,
  /{usr/,}sbin/sshd rm,