nats: add basic permissions needed to run

nats.fc

@@ -1,2 +1,3 @@
 /usr/local/bin/nats-server     --      gen_context(system_u:object_r:nats_exec_t,s0)
+/etc/gnats.conf		--	gen_context(system_u:object_r:nats_etc_t,s0)
 

nats.te

@@ -1,4 +1,4 @@
-policy_module(nats, 0.0.1)
+policy_module(nats, 0.0.2)
 
 ########################################
 #
@@ -9,6 +9,29 @@ type nats_t;
 type nats_exec_t;
 init_daemon_domain(nats_t, nats_exec_t)
 
+type nats_etc_t;
+files_config_file(nats_etc_t)
+
+allow nats_t self:fifo_file { read write };
+allow nats_t self:netlink_route_socket { bind create getattr nlmsg_read read write };
+allow nats_t self:process { getsched signal };
+allow nats_t self:tcp_socket { accept bind create getattr listen read setopt write };
+allow nats_t self:unix_dgram_socket { connect create getattr write };
+
+logging_send_syslog_msg(nats_t)
+
+read_files_pattern(nats_t, nats_etc_t, nats_etc_t)
+
+miscfiles_read_localization(nats_t)
+
+corenet_tcp_bind_generic_node(nats_t)
+
+kernel_read_net_sysctls(nats_t)
+
+dev_read_sysfs(nats_t)
+
+corenet_tcp_bind_all_unreserved_ports(nats_t)
+
 optional_policy(`
   gen_require(`
     type supervisor_t;