<code>
subject /sbin/insmod o
        /                                       h
        /var/log/ksymoop                        rlacwxd
        /lib                                    rx
        /etc/modules.conf                       r
        -CAP_ALL
        +CAP_SYS_MODULE
        bind                                    disabled
        connect                                 disabled
</code>

<code>
subject /usr/sbin/named
        /                                       h
        /etc/bind                               rx
        /usr/sbin/named                         rx
        /var/cache/bind                         rwx
        /var/run/bind/run/named.pid             w
        /sbin/insmod                            rx
        /dev/log                                rw
        -CAP_ALL
        +CAP_SYS_MODULE
        connect   0.0.0.0/0:53                  dgram udp
        connect   0.0.0.0/0:53                  stream tcp
        bind      0.0.0.0/0:53                  dgram udp
        bind      0.0.0.0/0:53                  stream tcp
</code>