# a variable definition
@{HOME} = /home/*/ /root/
# a comment about foo.
/usr/bin/foo {
network inet tcp,
/bin/mount ux,
/dev/{,u}random r,
/etc/ld.so.cache r,
/etc/foo.conf r,
/etc/foo/* r,
/lib/ld-*.so* mr,
/lib/lib*.so* mr,
/proc/[0-9]** r,
/usr/lib/** mr,
/tmp/ r,
/tmp/foo.pid wr,
/tmp/foo.* lrw,
/@{HOME}/.foo_file rw,
/@{HOME}/.foo_lock kw,
# a comment about foo's subprofile, bar.
^bar {
/lib/ld-*.so* mr,
/usr/bin/bar px,
/var/spool/* rwl,
}
}