2010-06-17 14:16:19 +00:00
|
|
|
policy_module(nagios, 1.9.1)
|
2006-04-06 15:03:23 +00:00
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# Declarations
|
|
|
|
#
|
|
|
|
|
|
|
|
type nagios_t;
|
|
|
|
type nagios_exec_t;
|
2007-09-17 14:33:40 +00:00
|
|
|
init_daemon_domain(nagios_t, nagios_exec_t)
|
2006-04-06 15:03:23 +00:00
|
|
|
|
|
|
|
type nagios_etc_t;
|
|
|
|
files_config_file(nagios_etc_t)
|
|
|
|
|
2010-05-24 13:42:59 +00:00
|
|
|
type nagios_initrc_exec_t;
|
|
|
|
init_script_file(nagios_initrc_exec_t)
|
|
|
|
|
2006-04-06 15:03:23 +00:00
|
|
|
type nagios_log_t;
|
|
|
|
logging_log_file(nagios_log_t)
|
|
|
|
|
|
|
|
type nagios_tmp_t;
|
|
|
|
files_tmp_file(nagios_tmp_t)
|
|
|
|
|
|
|
|
type nagios_var_run_t;
|
|
|
|
files_pid_file(nagios_var_run_t)
|
|
|
|
|
2010-05-24 13:42:59 +00:00
|
|
|
type nagios_spool_t;
|
|
|
|
files_type(nagios_spool_t)
|
|
|
|
|
|
|
|
nagios_plugin_template(admin)
|
|
|
|
nagios_plugin_template(checkdisk)
|
|
|
|
nagios_plugin_template(mail)
|
|
|
|
nagios_plugin_template(services)
|
|
|
|
nagios_plugin_template(system)
|
2010-05-24 17:00:07 +00:00
|
|
|
nagios_plugin_template(unconfined)
|
2010-05-24 13:42:59 +00:00
|
|
|
|
|
|
|
type nagios_system_plugin_tmp_t;
|
|
|
|
files_tmp_file(nagios_system_plugin_tmp_t)
|
|
|
|
|
2006-04-27 16:37:40 +00:00
|
|
|
type nrpe_t;
|
|
|
|
type nrpe_exec_t;
|
2007-09-17 14:33:40 +00:00
|
|
|
init_daemon_domain(nrpe_t, nrpe_exec_t)
|
2006-04-27 16:37:40 +00:00
|
|
|
|
|
|
|
type nrpe_etc_t;
|
|
|
|
files_config_file(nrpe_etc_t)
|
|
|
|
|
2010-05-24 13:42:59 +00:00
|
|
|
type nrpe_var_run_t;
|
|
|
|
files_pid_file(nrpe_var_run_t)
|
|
|
|
|
2006-04-06 15:03:23 +00:00
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# Nagios local policy
|
|
|
|
#
|
|
|
|
|
|
|
|
allow nagios_t self:capability { dac_override setgid setuid };
|
|
|
|
dontaudit nagios_t self:capability sys_tty_config;
|
|
|
|
allow nagios_t self:process { setpgid signal_perms };
|
|
|
|
allow nagios_t self:fifo_file rw_file_perms;
|
|
|
|
allow nagios_t self:tcp_socket create_stream_socket_perms;
|
|
|
|
allow nagios_t self:udp_socket create_socket_perms;
|
|
|
|
|
2007-09-17 14:33:40 +00:00
|
|
|
read_files_pattern(nagios_t, nagios_etc_t, nagios_etc_t)
|
|
|
|
read_lnk_files_pattern(nagios_t, nagios_etc_t, nagios_etc_t)
|
2006-12-12 20:08:08 +00:00
|
|
|
allow nagios_t nagios_etc_t:dir list_dir_perms;
|
2006-04-06 15:03:23 +00:00
|
|
|
|
2007-09-17 14:33:40 +00:00
|
|
|
manage_files_pattern(nagios_t, nagios_log_t, nagios_log_t)
|
|
|
|
manage_fifo_files_pattern(nagios_t, nagios_log_t, nagios_log_t)
|
|
|
|
logging_log_filetrans(nagios_t, nagios_log_t, { file dir })
|
2006-04-06 15:03:23 +00:00
|
|
|
|
2007-09-17 14:33:40 +00:00
|
|
|
manage_dirs_pattern(nagios_t, nagios_tmp_t, nagios_tmp_t)
|
|
|
|
manage_files_pattern(nagios_t, nagios_tmp_t, nagios_tmp_t)
|
2006-04-06 15:03:23 +00:00
|
|
|
files_tmp_filetrans(nagios_t, nagios_tmp_t, { file dir })
|
|
|
|
|
2007-09-17 14:33:40 +00:00
|
|
|
manage_files_pattern(nagios_t, nagios_var_run_t, nagios_var_run_t)
|
|
|
|
files_pid_filetrans(nagios_t, nagios_var_run_t, file)
|
2006-04-06 15:03:23 +00:00
|
|
|
|
2010-05-24 13:42:59 +00:00
|
|
|
manage_fifo_files_pattern(nagios_t, nagios_spool_t, nagios_spool_t)
|
|
|
|
files_spool_filetrans(nagios_t, nagios_spool_t, fifo_file)
|
|
|
|
|
2006-04-06 15:03:23 +00:00
|
|
|
kernel_read_system_state(nagios_t)
|
|
|
|
kernel_read_kernel_sysctls(nagios_t)
|
|
|
|
|
|
|
|
corecmd_exec_bin(nagios_t)
|
|
|
|
corecmd_exec_shell(nagios_t)
|
|
|
|
|
2007-06-27 15:23:21 +00:00
|
|
|
corenet_all_recvfrom_unlabeled(nagios_t)
|
|
|
|
corenet_all_recvfrom_netlabel(nagios_t)
|
2006-04-06 15:03:23 +00:00
|
|
|
corenet_tcp_sendrecv_generic_if(nagios_t)
|
|
|
|
corenet_udp_sendrecv_generic_if(nagios_t)
|
2009-01-09 19:48:02 +00:00
|
|
|
corenet_tcp_sendrecv_generic_node(nagios_t)
|
|
|
|
corenet_udp_sendrecv_generic_node(nagios_t)
|
2006-04-06 15:03:23 +00:00
|
|
|
corenet_tcp_sendrecv_all_ports(nagios_t)
|
|
|
|
corenet_udp_sendrecv_all_ports(nagios_t)
|
2007-06-21 17:23:19 +00:00
|
|
|
corenet_tcp_connect_all_ports(nagios_t)
|
2006-04-06 15:03:23 +00:00
|
|
|
|
2010-05-24 13:42:59 +00:00
|
|
|
corenet_dontaudit_tcp_bind_all_reserved_ports(nagios_t)
|
|
|
|
corenet_dontaudit_udp_bind_all_reserved_ports(nagios_t)
|
|
|
|
|
2006-04-06 15:03:23 +00:00
|
|
|
dev_read_sysfs(nagios_t)
|
2007-06-21 17:23:19 +00:00
|
|
|
dev_read_urand(nagios_t)
|
2006-04-06 15:03:23 +00:00
|
|
|
|
|
|
|
domain_use_interactive_fds(nagios_t)
|
|
|
|
# for ps
|
|
|
|
domain_read_all_domains_state(nagios_t)
|
|
|
|
|
|
|
|
files_read_etc_files(nagios_t)
|
|
|
|
files_read_etc_runtime_files(nagios_t)
|
|
|
|
files_read_kernel_symbol_table(nagios_t)
|
2010-05-24 13:42:59 +00:00
|
|
|
files_search_spool(nagios_t)
|
2010-08-26 13:41:21 +00:00
|
|
|
files_read_usr_files(nagios_t)
|
2006-04-06 15:03:23 +00:00
|
|
|
|
|
|
|
fs_getattr_all_fs(nagios_t)
|
|
|
|
fs_search_auto_mountpoints(nagios_t)
|
|
|
|
|
2007-12-04 15:05:55 +00:00
|
|
|
auth_use_nsswitch(nagios_t)
|
|
|
|
|
2006-04-06 15:03:23 +00:00
|
|
|
logging_send_syslog_msg(nagios_t)
|
|
|
|
|
|
|
|
miscfiles_read_localization(nagios_t)
|
|
|
|
|
|
|
|
userdom_dontaudit_use_unpriv_user_fds(nagios_t)
|
2008-11-05 16:10:46 +00:00
|
|
|
userdom_dontaudit_search_user_home_dirs(nagios_t)
|
2006-04-06 15:03:23 +00:00
|
|
|
|
|
|
|
mta_send_mail(nagios_t)
|
2010-09-03 21:06:40 +00:00
|
|
|
mta_signal_system_mail(nagios_t)
|
|
|
|
mta_kill_system_mail(nagios_t)
|
2006-04-06 15:03:23 +00:00
|
|
|
|
|
|
|
optional_policy(`
|
2007-06-21 17:23:19 +00:00
|
|
|
netutils_kill_ping(nagios_t)
|
2006-04-06 15:03:23 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
optional_policy(`
|
|
|
|
seutil_sigchld_newrole(nagios_t)
|
|
|
|
')
|
|
|
|
|
|
|
|
optional_policy(`
|
|
|
|
udev_read_db(nagios_t)
|
|
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# Nagios CGI local policy
|
|
|
|
#
|
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.
2010-09-22 10:07:37 +00:00
|
|
|
|
2010-05-24 17:00:07 +00:00
|
|
|
optional_policy(`
|
|
|
|
apache_content_template(nagios)
|
|
|
|
typealias httpd_nagios_script_t alias nagios_cgi_t;
|
|
|
|
typealias httpd_nagios_script_exec_t alias nagios_cgi_exec_t;
|
2006-04-06 15:03:23 +00:00
|
|
|
|
2010-05-24 17:00:07 +00:00
|
|
|
allow httpd_nagios_script_t self:process signal_perms;
|
2006-04-06 15:03:23 +00:00
|
|
|
|
2010-05-24 17:00:07 +00:00
|
|
|
read_files_pattern(httpd_nagios_script_t, nagios_t, nagios_t)
|
|
|
|
read_lnk_files_pattern(httpd_nagios_script_t, nagios_t, nagios_t)
|
2006-04-06 15:03:23 +00:00
|
|
|
|
2010-05-24 17:00:07 +00:00
|
|
|
files_search_spool(httpd_nagios_script_t)
|
|
|
|
rw_fifo_files_pattern(httpd_nagios_script_t, nagios_spool_t, nagios_spool_t)
|
2006-04-06 15:03:23 +00:00
|
|
|
|
2010-05-24 17:00:07 +00:00
|
|
|
allow httpd_nagios_script_t nagios_etc_t:dir list_dir_perms;
|
|
|
|
read_files_pattern(httpd_nagios_script_t, nagios_etc_t, nagios_etc_t)
|
|
|
|
read_lnk_files_pattern(httpd_nagios_script_t, nagios_etc_t, nagios_etc_t)
|
2006-04-06 15:03:23 +00:00
|
|
|
|
2010-05-24 17:00:07 +00:00
|
|
|
allow httpd_nagios_script_t nagios_log_t:dir list_dir_perms;
|
|
|
|
read_files_pattern(httpd_nagios_script_t, nagios_etc_t, nagios_log_t)
|
|
|
|
read_lnk_files_pattern(httpd_nagios_script_t, nagios_etc_t, nagios_log_t)
|
2006-04-06 15:03:23 +00:00
|
|
|
|
2010-05-24 17:00:07 +00:00
|
|
|
kernel_read_system_state(httpd_nagios_script_t)
|
2006-04-06 15:03:23 +00:00
|
|
|
|
2010-05-24 17:00:07 +00:00
|
|
|
domain_dontaudit_read_all_domains_state(httpd_nagios_script_t)
|
2006-04-06 15:03:23 +00:00
|
|
|
|
2010-05-24 17:00:07 +00:00
|
|
|
files_read_etc_runtime_files(httpd_nagios_script_t)
|
|
|
|
files_read_kernel_symbol_table(httpd_nagios_script_t)
|
2006-04-06 15:03:23 +00:00
|
|
|
|
2010-05-24 17:00:07 +00:00
|
|
|
logging_send_syslog_msg(httpd_nagios_script_t)
|
|
|
|
')
|
2006-04-27 16:37:40 +00:00
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# Nagios remote plugin executor local policy
|
|
|
|
#
|
|
|
|
|
2010-05-24 13:42:59 +00:00
|
|
|
allow nrpe_t self:capability { setuid setgid };
|
|
|
|
dontaudit nrpe_t self:capability {sys_tty_config sys_resource};
|
|
|
|
allow nrpe_t self:process { setpgid signal_perms setsched setrlimit };
|
2006-12-12 20:08:08 +00:00
|
|
|
allow nrpe_t self:fifo_file rw_fifo_file_perms;
|
2010-05-24 13:42:59 +00:00
|
|
|
allow nrpe_t self:tcp_socket create_stream_socket_perms;
|
2006-04-27 16:37:40 +00:00
|
|
|
|
2010-05-24 13:42:59 +00:00
|
|
|
domtrans_pattern(nrpe_t, nagios_checkdisk_plugin_exec_t, nagios_checkdisk_plugin_t)
|
|
|
|
|
|
|
|
read_files_pattern(nrpe_t, nagios_etc_t, nagios_etc_t)
|
2006-04-27 16:37:40 +00:00
|
|
|
files_search_etc(nrpe_t)
|
|
|
|
|
2010-05-24 13:42:59 +00:00
|
|
|
manage_files_pattern(nrpe_t, nrpe_var_run_t, nrpe_var_run_t)
|
|
|
|
files_pid_filetrans(nrpe_t, nrpe_var_run_t, file)
|
|
|
|
|
2006-04-27 16:37:40 +00:00
|
|
|
kernel_read_system_state(nrpe_t)
|
|
|
|
kernel_read_kernel_sysctls(nrpe_t)
|
|
|
|
|
|
|
|
corecmd_exec_bin(nrpe_t)
|
|
|
|
corecmd_exec_shell(nrpe_t)
|
|
|
|
|
2010-05-24 13:42:59 +00:00
|
|
|
corenet_tcp_bind_generic_node(nrpe_t)
|
|
|
|
corenet_tcp_bind_inetd_child_port(nrpe_t)
|
|
|
|
corenet_sendrecv_unlabeled_packets(nrpe_t)
|
|
|
|
|
2006-04-27 16:37:40 +00:00
|
|
|
dev_read_sysfs(nrpe_t)
|
|
|
|
dev_read_urand(nrpe_t)
|
|
|
|
|
|
|
|
domain_use_interactive_fds(nrpe_t)
|
2010-05-24 13:42:59 +00:00
|
|
|
domain_read_all_domains_state(nrpe_t)
|
2006-04-27 16:37:40 +00:00
|
|
|
|
|
|
|
files_read_etc_runtime_files(nrpe_t)
|
2010-05-24 17:00:07 +00:00
|
|
|
files_read_etc_files(nrpe_t)
|
2006-04-27 16:37:40 +00:00
|
|
|
|
2010-05-24 13:42:59 +00:00
|
|
|
fs_getattr_all_fs(nrpe_t)
|
2006-04-27 16:37:40 +00:00
|
|
|
fs_search_auto_mountpoints(nrpe_t)
|
|
|
|
|
2010-05-24 13:42:59 +00:00
|
|
|
auth_use_nsswitch(nrpe_t)
|
|
|
|
|
2006-04-27 16:37:40 +00:00
|
|
|
logging_send_syslog_msg(nrpe_t)
|
|
|
|
|
|
|
|
miscfiles_read_localization(nrpe_t)
|
|
|
|
|
|
|
|
userdom_dontaudit_use_unpriv_user_fds(nrpe_t)
|
|
|
|
|
|
|
|
optional_policy(`
|
2007-09-17 14:33:40 +00:00
|
|
|
inetd_tcp_service_domain(nrpe_t, nrpe_exec_t)
|
2006-04-27 16:37:40 +00:00
|
|
|
')
|
|
|
|
|
2010-05-24 13:42:59 +00:00
|
|
|
optional_policy(`
|
|
|
|
mta_send_mail(nrpe_t)
|
|
|
|
')
|
|
|
|
|
2006-04-27 16:37:40 +00:00
|
|
|
optional_policy(`
|
2008-12-03 18:33:19 +00:00
|
|
|
seutil_sigchld_newrole(nrpe_t)
|
2006-04-27 16:37:40 +00:00
|
|
|
')
|
|
|
|
|
2007-09-17 14:33:40 +00:00
|
|
|
optional_policy(`
|
|
|
|
tcpd_wrapped_domain(nrpe_t, nrpe_exec_t)
|
|
|
|
')
|
|
|
|
|
2006-04-27 16:37:40 +00:00
|
|
|
optional_policy(`
|
2008-12-03 18:33:19 +00:00
|
|
|
udev_read_db(nrpe_t)
|
2006-04-27 16:37:40 +00:00
|
|
|
')
|
2010-05-24 13:42:59 +00:00
|
|
|
|
|
|
|
#####################################
|
|
|
|
#
|
|
|
|
# local policy for admin check plugins
|
|
|
|
#
|
|
|
|
|
|
|
|
corecmd_read_bin_files(nagios_admin_plugin_t)
|
|
|
|
corecmd_read_bin_symlinks(nagios_admin_plugin_t)
|
|
|
|
|
|
|
|
dev_read_urand(nagios_admin_plugin_t)
|
2010-05-24 17:00:07 +00:00
|
|
|
dev_getattr_all_chr_files(nagios_admin_plugin_t)
|
|
|
|
dev_getattr_all_blk_files(nagios_admin_plugin_t)
|
2010-05-24 13:42:59 +00:00
|
|
|
|
|
|
|
files_read_etc_files(nagios_admin_plugin_t)
|
|
|
|
# for check_file_age plugin
|
|
|
|
files_getattr_all_dirs(nagios_admin_plugin_t)
|
|
|
|
files_getattr_all_files(nagios_admin_plugin_t)
|
|
|
|
files_getattr_all_symlinks(nagios_admin_plugin_t)
|
|
|
|
files_getattr_all_pipes(nagios_admin_plugin_t)
|
|
|
|
files_getattr_all_sockets(nagios_admin_plugin_t)
|
|
|
|
files_getattr_all_file_type_fs(nagios_admin_plugin_t)
|
|
|
|
|
|
|
|
######################################
|
|
|
|
#
|
|
|
|
# local policy for mail check plugins
|
|
|
|
#
|
|
|
|
|
|
|
|
allow nagios_mail_plugin_t self:capability { setuid setgid dac_override };
|
|
|
|
allow nagios_mail_plugin_t self:netlink_route_socket r_netlink_socket_perms;
|
|
|
|
allow nagios_mail_plugin_t self:tcp_socket create_stream_socket_perms;
|
|
|
|
allow nagios_mail_plugin_t self:udp_socket create_socket_perms;
|
|
|
|
|
|
|
|
kernel_read_system_state(nagios_mail_plugin_t)
|
|
|
|
kernel_read_kernel_sysctls(nagios_mail_plugin_t)
|
|
|
|
|
|
|
|
corecmd_read_bin_files(nagios_mail_plugin_t)
|
|
|
|
corecmd_read_bin_symlinks(nagios_mail_plugin_t)
|
|
|
|
|
|
|
|
dev_read_urand(nagios_mail_plugin_t)
|
|
|
|
|
|
|
|
files_read_etc_files(nagios_mail_plugin_t)
|
|
|
|
|
|
|
|
logging_send_syslog_msg(nagios_mail_plugin_t)
|
|
|
|
|
|
|
|
sysnet_read_config(nagios_mail_plugin_t)
|
|
|
|
|
|
|
|
optional_policy(`
|
|
|
|
mta_send_mail(nagios_mail_plugin_t)
|
|
|
|
')
|
|
|
|
|
2010-05-24 17:00:07 +00:00
|
|
|
optional_policy(`
|
|
|
|
nscd_dontaudit_search_pid(nagios_mail_plugin_t)
|
|
|
|
')
|
|
|
|
|
2010-05-24 13:42:59 +00:00
|
|
|
optional_policy(`
|
|
|
|
postfix_stream_connect_master(nagios_mail_plugin_t)
|
|
|
|
posftix_exec_postqueue(nagios_mail_plugin_t)
|
|
|
|
')
|
|
|
|
|
|
|
|
######################################
|
|
|
|
#
|
|
|
|
# local policy for disk check plugins
|
|
|
|
#
|
|
|
|
|
|
|
|
# needed by ioctl()
|
|
|
|
allow nagios_checkdisk_plugin_t self:capability { sys_admin sys_rawio };
|
|
|
|
|
|
|
|
files_read_etc_runtime_files(nagios_checkdisk_plugin_t)
|
|
|
|
|
|
|
|
fs_getattr_all_fs(nagios_checkdisk_plugin_t)
|
|
|
|
|
|
|
|
storage_raw_read_fixed_disk(nagios_checkdisk_plugin_t)
|
|
|
|
|
|
|
|
#######################################
|
|
|
|
#
|
|
|
|
# local policy for service check plugins
|
|
|
|
#
|
2010-05-24 17:00:07 +00:00
|
|
|
|
2010-05-24 13:42:59 +00:00
|
|
|
allow nagios_services_plugin_t self:capability { net_bind_service net_raw };
|
|
|
|
allow nagios_services_plugin_t self:process { signal sigkill };
|
|
|
|
allow nagios_services_plugin_t self:tcp_socket create_stream_socket_perms;
|
|
|
|
allow nagios_services_plugin_t self:udp_socket create_socket_perms;
|
|
|
|
|
|
|
|
corecmd_exec_bin(nagios_services_plugin_t)
|
|
|
|
|
|
|
|
corenet_tcp_connect_all_ports(nagios_services_plugin_t)
|
|
|
|
corenet_udp_bind_dhcpc_port(nagios_services_plugin_t)
|
|
|
|
|
|
|
|
auth_use_nsswitch(nagios_services_plugin_t)
|
|
|
|
|
|
|
|
domain_read_all_domains_state(nagios_services_plugin_t)
|
|
|
|
|
|
|
|
files_read_usr_files(nagios_services_plugin_t)
|
|
|
|
|
|
|
|
optional_policy(`
|
|
|
|
netutils_domtrans_ping(nagios_services_plugin_t)
|
2010-08-26 13:41:21 +00:00
|
|
|
netutils_signal_ping(nagios_services_plugin_t)
|
|
|
|
netutils_kill_ping(nagios_services_plugin_t)
|
2010-05-24 13:42:59 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
optional_policy(`
|
|
|
|
mysql_stream_connect(nagios_services_plugin_t)
|
|
|
|
')
|
|
|
|
|
|
|
|
optional_policy(`
|
|
|
|
snmp_read_snmp_var_lib_files(nagios_services_plugin_t)
|
|
|
|
')
|
|
|
|
|
|
|
|
######################################
|
|
|
|
#
|
|
|
|
# local policy for system check plugins
|
|
|
|
#
|
|
|
|
|
|
|
|
allow nagios_system_plugin_t self:capability dac_override;
|
|
|
|
dontaudit nagios_system_plugin_t self:capability { setuid setgid };
|
|
|
|
|
|
|
|
# check_log
|
|
|
|
manage_files_pattern(nagios_system_plugin_t, nagios_system_plugin_tmp_t, nagios_system_plugin_tmp_t)
|
|
|
|
manage_dirs_pattern(nagios_system_plugin_t, nagios_system_plugin_tmp_t, nagios_system_plugin_tmp_t)
|
|
|
|
files_tmp_filetrans(nagios_system_plugin_t, nagios_system_plugin_tmp_t, { dir file })
|
|
|
|
|
|
|
|
kernel_read_system_state(nagios_system_plugin_t)
|
|
|
|
kernel_read_kernel_sysctls(nagios_system_plugin_t)
|
|
|
|
|
2010-05-24 17:00:07 +00:00
|
|
|
corecmd_exec_bin(nagios_system_plugin_t)
|
|
|
|
corecmd_exec_shell(nagios_system_plugin_t)
|
2010-05-24 13:42:59 +00:00
|
|
|
|
|
|
|
dev_read_sysfs(nagios_system_plugin_t)
|
|
|
|
dev_read_urand(nagios_system_plugin_t)
|
|
|
|
|
|
|
|
domain_read_all_domains_state(nagios_system_plugin_t)
|
|
|
|
|
2010-05-24 17:00:07 +00:00
|
|
|
files_read_etc_files(nagios_system_plugin_t)
|
|
|
|
|
2010-05-24 13:42:59 +00:00
|
|
|
# needed by check_users plugin
|
|
|
|
optional_policy(`
|
|
|
|
init_read_utmp(nagios_system_plugin_t)
|
|
|
|
')
|
2010-05-24 17:00:07 +00:00
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# Unconfined plugin policy
|
|
|
|
#
|
|
|
|
|
|
|
|
optional_policy(`
|
|
|
|
unconfined_domain(nagios_unconfined_plugin_t)
|
|
|
|
')
|