selinux-policy/policy/modules/services/munin.if

103 lines
2.0 KiB
Plaintext
Raw Normal View History

2006-04-28 15:50:06 +00:00
## <summary>Munin network-wide load graphing (formerly LRRD)</summary>
########################################
## <summary>
## Connect to munin over a unix domain
## stream socket.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`munin_stream_connect',`
gen_require(`
type munin_var_run_t, munin_t;
')
allow $1 munin_t:unix_stream_socket connectto;
allow $1 munin_var_run_t:sock_file { getattr write };
files_search_pids($1)
')
#######################################
## <summary>
## Read munin configuration files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
2006-09-06 22:07:25 +00:00
## <rolecap/>
2006-04-28 15:50:06 +00:00
#
interface(`munin_read_config',`
gen_require(`
type munin_etc_t;
')
allow $1 munin_etc_t:dir list_dir_perms;
allow $1 munin_etc_t:file read_file_perms;
allow $1 munin_etc_t:lnk_file { getattr read };
files_search_etc($1)
')
2009-03-10 19:32:04 +00:00
#######################################
## <summary>
## Append to the munin log.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`munin_append_log',`
gen_require(`
type munin_log_t;
')
allow $1 munin_log_t:file append_file_perms;
logging_search_logs($1)
')
2006-04-28 15:50:06 +00:00
#######################################
## <summary>
## Search munin library directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`munin_search_lib',`
gen_require(`
type munin_var_lib_t;
')
allow $1 munin_var_lib_t:dir search_dir_perms;
files_search_var_lib($1)
')
2007-11-15 16:54:18 +00:00
#######################################
## <summary>
## Do not audit attempts to search
## munin library directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`munin_dontaudit_search_lib',`
gen_require(`
type munin_var_lib_t;
')
dontaudit $1 munin_var_lib_t:dir search_dir_perms;
')