2007-04-11 18:55:44 +00:00
|
|
|
## <summary>Distributed infrastructure monitoring</summary>
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Execute a domain transition to run zabbix.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 19:36:17 +00:00
|
|
|
## <summary>
|
2007-04-11 18:55:44 +00:00
|
|
|
## Domain allowed to transition.
|
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 19:36:17 +00:00
|
|
|
## </summary>
|
2007-04-11 18:55:44 +00:00
|
|
|
## </param>
|
|
|
|
#
|
|
|
|
interface(`zabbix_domtrans',`
|
|
|
|
gen_require(`
|
|
|
|
type zabbix_t, zabbix_exec_t;
|
|
|
|
')
|
|
|
|
|
2008-07-23 21:38:39 +00:00
|
|
|
domtrans_pattern($1, zabbix_exec_t, zabbix_t)
|
2007-04-11 18:55:44 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Allow the specified domain to read zabbix's log files.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
## <rolecap/>
|
|
|
|
#
|
|
|
|
interface(`zabbix_read_log',`
|
|
|
|
gen_require(`
|
|
|
|
type zabbix_log_t;
|
|
|
|
')
|
|
|
|
|
|
|
|
logging_search_logs($1)
|
2008-07-23 21:38:39 +00:00
|
|
|
read_files_pattern($1, zabbix_log_t, zabbix_log_t)
|
2007-04-11 18:55:44 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Allow the specified domain to append
|
|
|
|
## zabbix log files.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 19:36:17 +00:00
|
|
|
## <summary>
|
2007-04-11 18:55:44 +00:00
|
|
|
## Domain allowed access.
|
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-15 19:36:17 +00:00
|
|
|
## </summary>
|
2007-04-11 18:55:44 +00:00
|
|
|
## </param>
|
|
|
|
#
|
|
|
|
interface(`zabbix_append_log',`
|
|
|
|
gen_require(`
|
2008-05-22 15:24:52 +00:00
|
|
|
type zabbix_log_t;
|
2007-04-11 18:55:44 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
logging_search_logs($1)
|
2008-07-23 21:38:39 +00:00
|
|
|
append_files_pattern($1, zabbix_log_t, zabbix_log_t)
|
2007-04-11 18:55:44 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## Read zabbix PID files.
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
|
|
|
#
|
|
|
|
interface(`zabbix_read_pid_files',`
|
|
|
|
gen_require(`
|
|
|
|
type zabbix_var_run_t;
|
|
|
|
')
|
|
|
|
|
|
|
|
files_search_pids($1)
|
|
|
|
allow $1 zabbix_var_run_t:file read_file_perms;
|
|
|
|
')
|
2008-02-05 17:41:53 +00:00
|
|
|
|
|
|
|
########################################
|
|
|
|
## <summary>
|
|
|
|
## All of the rules required to administrate
|
|
|
|
## an zabbix environment
|
|
|
|
## </summary>
|
|
|
|
## <param name="domain">
|
|
|
|
## <summary>
|
|
|
|
## Domain allowed access.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
2008-10-08 15:50:03 +00:00
|
|
|
## <param name="role">
|
|
|
|
## <summary>
|
|
|
|
## The role to be allowed to manage the zabbix domain.
|
|
|
|
## </summary>
|
|
|
|
## </param>
|
2008-02-05 17:41:53 +00:00
|
|
|
## <rolecap/>
|
|
|
|
#
|
|
|
|
interface(`zabbix_admin',`
|
|
|
|
gen_require(`
|
|
|
|
type zabbix_t, zabbix_log_t, zabbix_var_run_t;
|
2008-10-08 15:50:03 +00:00
|
|
|
type zabbix_initrc_exec_t;
|
2008-02-05 17:41:53 +00:00
|
|
|
')
|
|
|
|
|
2008-10-08 15:50:03 +00:00
|
|
|
allow $1 zabbix_t:process { ptrace signal_perms };
|
|
|
|
ps_process_pattern($1, zabbix_t)
|
2008-10-17 15:52:39 +00:00
|
|
|
|
2008-10-08 15:50:03 +00:00
|
|
|
init_labeled_script_domtrans($1, zabbix_initrc_exec_t)
|
|
|
|
domain_system_change_exemption($1)
|
|
|
|
role_transition $2 zabbix_initrc_exec_t system_r;
|
|
|
|
allow $2 system_r;
|
2008-10-17 15:52:39 +00:00
|
|
|
|
2008-02-05 17:41:53 +00:00
|
|
|
logging_list_logs($1)
|
2008-10-08 15:50:03 +00:00
|
|
|
admin_pattern($1, zabbix_log_t)
|
2008-02-05 17:41:53 +00:00
|
|
|
|
|
|
|
files_list_pids($1)
|
2008-10-08 15:50:03 +00:00
|
|
|
admin_pattern($1, zabbix_var_run_t)
|
2008-02-05 17:41:53 +00:00
|
|
|
')
|