<aegis>
  <provide>
    <credential name="keychain-access" />
    <credential name="ssoProtectedWriteAccess" />
    <credential name="ssoProtectedReadAccess" />
  </provide>
  <account>
    <user name="signon" group="signon"/>
  </account>
  <request>
    <credential name="UID::signon" />
    <credential name="GID::signon" />
    <for path="/usr/bin/signonpluginprocess" />
  </request>
  <request>
    <credential name="signond::keychain-access" />
    <for path="/etc/osso-cud-scripts/signon-cud.sh" />
  </request>
  <request>
    <credential name="UID::root" />
    <credential name="GID::root" />
    <credential name="CAP::setuid" />
    <credential name="CAP::dac_override" />
    <credential name="CAP::sys_module" />
    <credential name="CAP::sys_admin" />
    <credential name="CAP::chown" />
    <credential name="CAP::fowner" />
    <credential name="CAP::mknod" />
    <credential name="CAP::ipc_lock" />
    <credential name="signond::ssoProtectedWriteAccess" />
    <credential name="signond::ssoProtectedReadAccess" />
    <for path="/usr/bin/signond" id="signond-id" />
  </request>
  <request context="INSTALL">
    <credential name="aegisfs::AegisFSMountAdd" />
  </request>
</aegis>
