Snmp patch from Dan Walsh.
This commit is contained in:
parent
82cdffce58
commit
207c4d1e6e
@ -1,5 +1,24 @@
|
|||||||
## <summary>Simple network management protocol services</summary>
|
## <summary>Simple network management protocol services</summary>
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Connect to snmpd using a unix domain stream socket.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`snmp_stream_connect',`
|
||||||
|
gen_require(`
|
||||||
|
type snmpd_t, snmpd_var_lib_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
files_search_var_lib($1)
|
||||||
|
stream_connect_pattern($1, snmpd_var_lib_t, snmpd_var_lib_t, snmpd_t)
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Use snmp over a TCP connection. (Deprecated)
|
## Use snmp over a TCP connection. (Deprecated)
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(snmp, 1.10.0)
|
policy_module(snmp, 1.10.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -27,7 +27,7 @@ files_type(snmpd_var_lib_t)
|
|||||||
#
|
#
|
||||||
allow snmpd_t self:capability { dac_override kill ipc_lock sys_ptrace net_admin sys_nice sys_tty_config };
|
allow snmpd_t self:capability { dac_override kill ipc_lock sys_ptrace net_admin sys_nice sys_tty_config };
|
||||||
dontaudit snmpd_t self:capability { sys_module sys_tty_config };
|
dontaudit snmpd_t self:capability { sys_module sys_tty_config };
|
||||||
allow snmpd_t self:process { getsched setsched };
|
allow snmpd_t self:process { signal_perms getsched setsched };
|
||||||
allow snmpd_t self:fifo_file rw_fifo_file_perms;
|
allow snmpd_t self:fifo_file rw_fifo_file_perms;
|
||||||
allow snmpd_t self:unix_dgram_socket create_socket_perms;
|
allow snmpd_t self:unix_dgram_socket create_socket_perms;
|
||||||
allow snmpd_t self:unix_stream_socket create_stream_socket_perms;
|
allow snmpd_t self:unix_stream_socket create_stream_socket_perms;
|
||||||
@ -72,6 +72,8 @@ corenet_tcp_bind_snmp_port(snmpd_t)
|
|||||||
corenet_udp_bind_snmp_port(snmpd_t)
|
corenet_udp_bind_snmp_port(snmpd_t)
|
||||||
corenet_sendrecv_snmp_server_packets(snmpd_t)
|
corenet_sendrecv_snmp_server_packets(snmpd_t)
|
||||||
corenet_tcp_connect_agentx_port(snmpd_t)
|
corenet_tcp_connect_agentx_port(snmpd_t)
|
||||||
|
corenet_tcp_bind_agentx_port(snmpd_t)
|
||||||
|
corenet_udp_bind_agentx_port(snmpd_t)
|
||||||
|
|
||||||
dev_list_sysfs(snmpd_t)
|
dev_list_sysfs(snmpd_t)
|
||||||
dev_read_sysfs(snmpd_t)
|
dev_read_sysfs(snmpd_t)
|
||||||
|
Loading…
Reference in New Issue
Block a user