- Add tgtd policy
This commit is contained in:
Daniel J Walsh
parent
4d6f15ea8d
commit
9c90ba7e8e
@ -1576,6 +1576,13 @@ tgtd = module
|
|||||||
#
|
#
|
||||||
udev = base
|
udev = base
|
||||||
|
|
||||||
|
# Layer: services
|
||||||
|
# Module: udisks
|
||||||
|
#
|
||||||
|
# Policy for udisk
|
||||||
|
#
|
||||||
|
udisks = base
|
||||||
|
|
||||||
# Layer: system
|
# Layer: system
|
||||||
# Module: userdomain
|
# Module: userdomain
|
||||||
#
|
#
|
||||||
|
|||||||
@ -1386,6 +1386,13 @@ tgtd = module
|
|||||||
#
|
#
|
||||||
udev = base
|
udev = base
|
||||||
|
|
||||||
|
# Layer: services
|
||||||
|
# Module: udisks
|
||||||
|
#
|
||||||
|
# Policy for udisk
|
||||||
|
#
|
||||||
|
udisks = base
|
||||||
|
|
||||||
# Layer: system
|
# Layer: system
|
||||||
# Module: userdomain
|
# Module: userdomain
|
||||||
#
|
#
|
||||||
|
|||||||
@ -1576,6 +1576,13 @@ tgtd = module
|
|||||||
#
|
#
|
||||||
udev = base
|
udev = base
|
||||||
|
|
||||||
|
# Layer: services
|
||||||
|
# Module: udisks
|
||||||
|
#
|
||||||
|
# Policy for udisk
|
||||||
|
#
|
||||||
|
udisks = base
|
||||||
|
|
||||||
# Layer: system
|
# Layer: system
|
||||||
# Module: userdomain
|
# Module: userdomain
|
||||||
#
|
#
|
||||||
|
|||||||
@ -16719,7 +16719,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
')
|
')
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.te serefpolicy-3.7.4/policy/modules/services/nagios.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.te serefpolicy-3.7.4/policy/modules/services/nagios.te
|
||||||
--- nsaserefpolicy/policy/modules/services/nagios.te 2009-08-14 16:14:31.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/nagios.te 2009-08-14 16:14:31.000000000 -0400
|
||||||
+++ serefpolicy-3.7.4/policy/modules/services/nagios.te 2009-12-15 15:35:42.000000000 -0500
|
+++ serefpolicy-3.7.4/policy/modules/services/nagios.te 2009-12-16 08:29:49.000000000 -0500
|
||||||
@@ -6,17 +6,23 @@
|
@@ -6,17 +6,23 @@
|
||||||
# Declarations
|
# Declarations
|
||||||
#
|
#
|
||||||
@ -16758,7 +16758,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
type nrpe_t;
|
type nrpe_t;
|
||||||
type nrpe_exec_t;
|
type nrpe_exec_t;
|
||||||
init_daemon_domain(nrpe_t, nrpe_exec_t)
|
init_daemon_domain(nrpe_t, nrpe_exec_t)
|
||||||
@@ -33,6 +42,31 @@
|
@@ -33,6 +42,33 @@
|
||||||
type nrpe_etc_t;
|
type nrpe_etc_t;
|
||||||
files_config_file(nrpe_etc_t)
|
files_config_file(nrpe_etc_t)
|
||||||
|
|
||||||
@ -16781,7 +16781,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+files_tmp_file(nagios_system_plugin_tmp_t)
|
+files_tmp_file(nagios_system_plugin_tmp_t)
|
||||||
+
|
+
|
||||||
+nagios_plugin_template(unconfined)
|
+nagios_plugin_template(unconfined)
|
||||||
+unconfined_domain(nagios_unconfined_plugin_t)
|
+optional_policy(`
|
||||||
|
+ unconfined_domain(nagios_unconfined_plugin_t)
|
||||||
|
+')
|
||||||
+
|
+
|
||||||
+permissive nagios_checkdisk_plugin_t;
|
+permissive nagios_checkdisk_plugin_t;
|
||||||
+permissive nagios_services_plugin_t;
|
+permissive nagios_services_plugin_t;
|
||||||
@ -16790,7 +16792,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# Nagios local policy
|
# Nagios local policy
|
||||||
@@ -45,6 +79,9 @@
|
@@ -45,6 +81,9 @@
|
||||||
allow nagios_t self:tcp_socket create_stream_socket_perms;
|
allow nagios_t self:tcp_socket create_stream_socket_perms;
|
||||||
allow nagios_t self:udp_socket create_socket_perms;
|
allow nagios_t self:udp_socket create_socket_perms;
|
||||||
|
|
||||||
@ -16800,7 +16802,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
read_files_pattern(nagios_t, nagios_etc_t, nagios_etc_t)
|
read_files_pattern(nagios_t, nagios_etc_t, nagios_etc_t)
|
||||||
read_lnk_files_pattern(nagios_t, nagios_etc_t, nagios_etc_t)
|
read_lnk_files_pattern(nagios_t, nagios_etc_t, nagios_etc_t)
|
||||||
allow nagios_t nagios_etc_t:dir list_dir_perms;
|
allow nagios_t nagios_etc_t:dir list_dir_perms;
|
||||||
@@ -60,6 +97,8 @@
|
@@ -60,6 +99,8 @@
|
||||||
manage_files_pattern(nagios_t, nagios_var_run_t, nagios_var_run_t)
|
manage_files_pattern(nagios_t, nagios_var_run_t, nagios_var_run_t)
|
||||||
files_pid_filetrans(nagios_t, nagios_var_run_t, file)
|
files_pid_filetrans(nagios_t, nagios_var_run_t, file)
|
||||||
|
|
||||||
@ -16809,7 +16811,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
kernel_read_system_state(nagios_t)
|
kernel_read_system_state(nagios_t)
|
||||||
kernel_read_kernel_sysctls(nagios_t)
|
kernel_read_kernel_sysctls(nagios_t)
|
||||||
|
|
||||||
@@ -86,6 +125,7 @@
|
@@ -86,6 +127,7 @@
|
||||||
files_read_etc_files(nagios_t)
|
files_read_etc_files(nagios_t)
|
||||||
files_read_etc_runtime_files(nagios_t)
|
files_read_etc_runtime_files(nagios_t)
|
||||||
files_read_kernel_symbol_table(nagios_t)
|
files_read_kernel_symbol_table(nagios_t)
|
||||||
@ -16817,7 +16819,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
|
|
||||||
fs_getattr_all_fs(nagios_t)
|
fs_getattr_all_fs(nagios_t)
|
||||||
fs_search_auto_mountpoints(nagios_t)
|
fs_search_auto_mountpoints(nagios_t)
|
||||||
@@ -127,52 +167,59 @@
|
@@ -127,52 +169,59 @@
|
||||||
#
|
#
|
||||||
# Nagios CGI local policy
|
# Nagios CGI local policy
|
||||||
#
|
#
|
||||||
@ -16902,7 +16904,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
kernel_read_system_state(nrpe_t)
|
kernel_read_system_state(nrpe_t)
|
||||||
kernel_read_kernel_sysctls(nrpe_t)
|
kernel_read_kernel_sysctls(nrpe_t)
|
||||||
|
|
||||||
@@ -183,15 +230,19 @@
|
@@ -183,15 +232,19 @@
|
||||||
dev_read_urand(nrpe_t)
|
dev_read_urand(nrpe_t)
|
||||||
|
|
||||||
domain_use_interactive_fds(nrpe_t)
|
domain_use_interactive_fds(nrpe_t)
|
||||||
@ -16922,7 +16924,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
userdom_dontaudit_use_unpriv_user_fds(nrpe_t)
|
userdom_dontaudit_use_unpriv_user_fds(nrpe_t)
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -209,3 +260,84 @@
|
@@ -209,3 +262,84 @@
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
udev_read_db(nrpe_t)
|
udev_read_db(nrpe_t)
|
||||||
')
|
')
|
||||||
|
|||||||
@ -15,7 +15,7 @@
|
|||||||
%endif
|
%endif
|
||||||
%define POLICYVER 24
|
%define POLICYVER 24
|
||||||
%define libsepolver 2.0.41-1
|
%define libsepolver 2.0.41-1
|
||||||
%define POLICYCOREUTILSVER 2.0.78-3
|
%define POLICYCOREUTILSVER 2.0.78-1
|
||||||
%define CHECKPOLICYVER 2.0.21-1
|
%define CHECKPOLICYVER 2.0.21-1
|
||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user