40 lines
1.4 KiB
Plaintext
40 lines
1.4 KiB
Plaintext
module nagios_epel 1.1;
|
|
|
|
require {
|
|
type devlog_t;
|
|
type hostname_exec_t;
|
|
type kernel_t;
|
|
type ldconfig_exec_t;
|
|
type initrc_tmp_t;
|
|
type nagios_exec_t;
|
|
type nagios_script_t;
|
|
type nagios_services_plugin_t;
|
|
type nagios_spool_t;
|
|
type nagios_system_plugin_t;
|
|
type nagios_t;
|
|
class capability chown;
|
|
class file { execute execute_no_trans getattr open read };
|
|
class sock_file { write create unlink };
|
|
class unix_dgram_socket { connect create sendto };
|
|
class unix_stream_socket connectto;
|
|
}
|
|
|
|
#============= nagios_services_plugin_t ==============
|
|
allow nagios_services_plugin_t devlog_t:sock_file write;
|
|
allow nagios_services_plugin_t kernel_t:unix_dgram_socket sendto;
|
|
allow nagios_services_plugin_t self:unix_dgram_socket { connect create };
|
|
|
|
#============= nagios_t ==============
|
|
allow nagios_t hostname_exec_t:file { read getattr open execute execute_no_trans };
|
|
allow nagios_t ldconfig_exec_t:file { execute execute_no_trans open read };
|
|
allow nagios_t nagios_exec_t:file execute_no_trans;
|
|
allow nagios_t nagios_spool_t:sock_file { write create unlink };
|
|
allow nagios_t self:capability chown;
|
|
allow nagios_t self:unix_stream_socket connectto;
|
|
|
|
#============= nagios_script_t ==============
|
|
allow nagios_script_t nagios_spool_t:file { getattr open read };
|
|
|
|
#============= nagios_system_plugin_t ==============
|
|
allow nagios_system_plugin_t nagios_spool_t:file { getattr open read };
|