module my-proftpd 1.0; require { type ftpd_t; type shadow_t; class file read; } #============= ftpd_t ============== allow ftpd_t shadow_t:file read;