systrace policy for opam

usr_local_bin_opam

# Policy for opam.
#
Policy: /usr/local/bin/opam, Emulation: native
        native-rename: filename match "/tmp/*" and filename[1] match "/tmp/*" then permit
        native-rename: filename match "/tmp/*" and filename[1] match "$HOME/.opam/*" then permit
        native-rename: filename match "$HOME/.opam/*" and filename[1] match "$HOME/.opam/*" then permit
        native-rename: filename match "$HOME/.opam/*" and filename[1] match "/tmp/*" then permit
        native-chown: filename match "$HOME/.opam/*" then permit
        native-chown: filename match "/tmp/*" then permit
        native-fswrite: filename match "/tmp/*" then permit
        native-fswrite: filename match "$HOME/.opam/*" then permit
        native-fswrite: filename match "/dev/*" then permit
        native-mkdir: filename eq "$HOME/.opam" then permit
        native-mkdir: filename eq "$HOME/.opam/*" then permit
        native-__sysctl: permit
        native-__getcwd: permit
        native-__get_tcb: permit
        native-__set_tcb: permit
        native-accept: permit
        native-break: permit
        native-chdir: permit
        native-chmod: permit
        native-clock_gettime: permit
        native-close: permit
        native-connect: permit
        native-dup: permit
        native-dup2: permit
        native-exit: permit
        native-execve: permit
        native-fchmod: permit
        native-fchdir: permit
        native-fchflags: permit
        native-fcntl: permit
        native-fork: permit
        native-fsread: permit
        native-fstat: permit
        native-fstatfs: permit
        native-fsync: permit
        native-ftruncate: permit
        native-futimens: permit
        native-getdents: permit
        native-getdirentries: permit
        native-getegid: permit
        native-getentropy: permit
        native-getgroups: permit
        native-getgid: permit
        native-getrusage: permit
        native-getrlimit: permit
        native-getpeername: permit
        native-getuid: permit
        native-getrlimit: permit
        native-getpeername: permit
        native-getuid: permit
        native-geteuid: permit
        native-getppid: permit
        native-getpgrp: permit
        native-getpid: permit
        native-sched_yield: permit
        native-getsockname: permit
        native-getsockopt: permit
        native-getthrid: permit
        native-gettimeofday: permit
        native-ioctl: permit
        native-issetugid: permit
        native-kill: permit
        native-listen: permit
        native-lseek: permit
        native-madvise: permit
        native-minherit: permit
        native-mmap: permit
        native-mprotect: permit
        native-mquery: permit
        native-munmap: permit
        native-nanosleep: permit
        native-pipe: permit
        native-poll: permit
        native-pread: permit
        native-read: permit
        native-recvfrom: permit
        native-select: permit
        native-sendsyslog: permit
        native-sendto: permit
        native-setitimer: permit
        native-setpgid: permit
        native-setrlimit: permit
        native-setsid: permit
        native-setsockopt: permit
        native-sigaction: permit
        native-sigaltstack: permit
        native-sigprocmask: permit
        native-sigreturn: permit
        native-sigsuspend: permit
        native-socket: permit
        native-socketpair: permit
        native-umask: permit
        native-utimensat: permit
        native-utimes: permit
        native-vfork: permit
        native-wait4: permit
        native-write: permit