selinux-policy/policy/modules/services/zabbix.if

## <summary>Distributed infrastructure monitoring</summary>

########################################
## <summary>
##	Execute a domain transition to run zabbix.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed to transition.
##	</summary>
## </param>
#
interface(`zabbix_domtrans',`
	gen_require(`
		type zabbix_t, zabbix_exec_t;
	')

	domtrans_pattern($1, zabbix_exec_t, zabbix_t)
')

########################################
## <summary>
##	Allow the specified domain to read zabbix's log files.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <rolecap/>
#
interface(`zabbix_read_log',`
	gen_require(`
		type zabbix_log_t;
	')

	logging_search_logs($1)
	read_files_pattern($1, zabbix_log_t, zabbix_log_t)
')

########################################
## <summary>
##	Allow the specified domain to append
##	zabbix log files.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`zabbix_append_log',`
	gen_require(`
		type zabbix_log_t;
	')

	logging_search_logs($1)
	append_files_pattern($1, zabbix_log_t, zabbix_log_t)
')

########################################
## <summary>
##	Read zabbix PID files.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`zabbix_read_pid_files',`
	gen_require(`
		type zabbix_var_run_t;
	')

	files_search_pids($1)
	allow $1 zabbix_var_run_t:file read_file_perms;
')

########################################
## <summary>
##	All of the rules required to administrate 
##	an zabbix environment
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <param name="role">
##	<summary>
##	The role to be allowed to manage the zabbix domain.
##	</summary>
## </param>
## <rolecap/>
#
interface(`zabbix_admin',`
	gen_require(`
		type zabbix_t, zabbix_log_t, zabbix_var_run_t;
		type zabbix_initrc_exec_t;
	')

	allow $1 zabbix_t:process { ptrace signal_perms };
	ps_process_pattern($1, zabbix_t)

	init_labeled_script_domtrans($1, zabbix_initrc_exec_t)
	domain_system_change_exemption($1)
	role_transition $2 zabbix_initrc_exec_t system_r;
	allow $2 system_r;

	logging_list_logs($1)
	admin_pattern($1, zabbix_log_t)

	files_list_pids($1)
	admin_pattern($1, zabbix_var_run_t)
')
add zabbix from dan 2007-04-11 18:55:44 +00:00			`## <summary>Distributed infrastructure monitoring</summary>`

			`########################################`
			`## <summary>`
			`## Execute a domain transition to run zabbix.`
			`## </summary>`
			`## <param name="domain">`
Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Signed-off-by: Dominick Grift <domg472@gmail.com> 2010-09-15 19:36:17 +00:00			`## <summary>`
add zabbix from dan 2007-04-11 18:55:44 +00:00			`## Domain allowed to transition.`
Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Signed-off-by: Dominick Grift <domg472@gmail.com> 2010-09-15 19:36:17 +00:00			`## </summary>`
add zabbix from dan 2007-04-11 18:55:44 +00:00			`## </param>`
			`#`
			interface(`zabbix_domtrans',`
			gen_require(`
			`type zabbix_t, zabbix_exec_t;`
			`')`

trunk: massive whitespace cleanup from dominick grift. 2008-07-23 21:38:39 +00:00			`domtrans_pattern($1, zabbix_exec_t, zabbix_t)`
add zabbix from dan 2007-04-11 18:55:44 +00:00			`')`

			`########################################`
			`## <summary>`
			`## Allow the specified domain to read zabbix's log files.`
			`## </summary>`
			`## <param name="domain">`
			`## <summary>`
			`## Domain allowed access.`
			`## </summary>`
			`## </param>`
			`## <rolecap/>`
			`#`
			interface(`zabbix_read_log',`
			gen_require(`
			`type zabbix_log_t;`
			`')`

			`logging_search_logs($1)`
trunk: massive whitespace cleanup from dominick grift. 2008-07-23 21:38:39 +00:00			`read_files_pattern($1, zabbix_log_t, zabbix_log_t)`
add zabbix from dan 2007-04-11 18:55:44 +00:00			`')`

			`########################################`
			`## <summary>`
			`## Allow the specified domain to append`
			`## zabbix log files.`
			`## </summary>`
			`## <param name="domain">`
Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Signed-off-by: Dominick Grift <domg472@gmail.com> 2010-09-15 19:36:17 +00:00			`## <summary>`
add zabbix from dan 2007-04-11 18:55:44 +00:00			`## Domain allowed access.`
Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Signed-off-by: Dominick Grift <domg472@gmail.com> 2010-09-15 19:36:17 +00:00			`## </summary>`
add zabbix from dan 2007-04-11 18:55:44 +00:00			`## </param>`
			`#`
			interface(`zabbix_append_log',`
			gen_require(`
trunk: another pile of misc fixes. 2008-05-22 15:24:52 +00:00			`type zabbix_log_t;`
add zabbix from dan 2007-04-11 18:55:44 +00:00			`')`

			`logging_search_logs($1)`
trunk: massive whitespace cleanup from dominick grift. 2008-07-23 21:38:39 +00:00			`append_files_pattern($1, zabbix_log_t, zabbix_log_t)`
add zabbix from dan 2007-04-11 18:55:44 +00:00			`')`

			`########################################`
			`## <summary>`
			`## Read zabbix PID files.`
			`## </summary>`
			`## <param name="domain">`
			`## <summary>`
			`## Domain allowed access.`
			`## </summary>`
			`## </param>`
			`#`
			interface(`zabbix_read_pid_files',`
			gen_require(`
			`type zabbix_var_run_t;`
			`')`

			`files_search_pids($1)`
			`allow $1 zabbix_var_run_t:file read_file_perms;`
			`')`
trunk: 3 patches from dan. 2008-02-05 17:41:53 +00:00
			`########################################`
			`## <summary>`
			`## All of the rules required to administrate`
			`## an zabbix environment`
			`## </summary>`
			`## <param name="domain">`
			`## <summary>`
			`## Domain allowed access.`
			`## </summary>`
			`## </param>`
trunk: 21 patches from dan. 2008-10-08 15:50:03 +00:00			`## <param name="role">`
			`## <summary>`
			`## The role to be allowed to manage the zabbix domain.`
			`## </summary>`
			`## </param>`
trunk: 3 patches from dan. 2008-02-05 17:41:53 +00:00			`## <rolecap/>`
			`#`
			interface(`zabbix_admin',`
			gen_require(`
			`type zabbix_t, zabbix_log_t, zabbix_var_run_t;`
trunk: 21 patches from dan. 2008-10-08 15:50:03 +00:00			`type zabbix_initrc_exec_t;`
trunk: 3 patches from dan. 2008-02-05 17:41:53 +00:00			`')`

trunk: 21 patches from dan. 2008-10-08 15:50:03 +00:00			`allow $1 zabbix_t:process { ptrace signal_perms };`
			`ps_process_pattern($1, zabbix_t)`
trunk: additional whitespace fixes. 2008-10-17 15:52:39 +00:00
trunk: 21 patches from dan. 2008-10-08 15:50:03 +00:00			`init_labeled_script_domtrans($1, zabbix_initrc_exec_t)`
			`domain_system_change_exemption($1)`
			`role_transition $2 zabbix_initrc_exec_t system_r;`
			`allow $2 system_r;`
trunk: additional whitespace fixes. 2008-10-17 15:52:39 +00:00
trunk: 3 patches from dan. 2008-02-05 17:41:53 +00:00			`logging_list_logs($1)`
trunk: 21 patches from dan. 2008-10-08 15:50:03 +00:00			`admin_pattern($1, zabbix_log_t)`
trunk: 3 patches from dan. 2008-02-05 17:41:53 +00:00
			`files_list_pids($1)`
trunk: 21 patches from dan. 2008-10-08 15:50:03 +00:00			`admin_pattern($1, zabbix_var_run_t)`
trunk: 3 patches from dan. 2008-02-05 17:41:53 +00:00			`')`