This fixed quite some messages.
module astnb 1.0;
require {
type var_run_t;
type var_log_t;
type asterisk_t;
type var_spool_t;
type initrc_t;
type var_lib_t;
type sysadm_t;
type asterisk_log_t;
type initrc_var_run_t;
type asterisk_var_run_t;
class socket { write read };
class process setpgid;
class unix_stream_socket { connectto accept listen };
class capability { dac_read_search chown };
class file { rename setattr read create write getattr link unlink open
append };
class sock_file { write create unlink };
class dir { read write add_name setattr remove_name };
}
#============= asterisk_t ==============
allow asterisk_t initrc_t:unix_stream_socket connectto;
allow asterisk_t initrc_var_run_t:file { write getattr };
allow asterisk_t self:capability { dac_read_search chown };
allow asterisk_t self:process setpgid;
allow asterisk_t self:socket { write read };
allow asterisk_t self:unix_stream_socket { accept listen };
allow asterisk_t var_lib_t:file { read write getattr open };
allow asterisk_t var_log_t:file { getattr open append };
allow asterisk_t var_run_t:dir setattr;
allow asterisk_t var_run_t:sock_file { write create unlink };
allow asterisk_t var_spool_t:dir { read write add_name remove_name };
allow asterisk_t var_spool_t:file { rename write getattr link create unlink
open };
#============= initrc_t ==============
allow initrc_t asterisk_log_t:file setattr;
allow initrc_t asterisk_var_run_t:file setattr;
allow initrc_t var_run_t:dir setattr;
#============= sysadm_t ==============
allow sysadm_t asterisk_t:unix_stream_socket connectto
