## Simple network management protocol services ######################################## ## ## Use snmp over a TCP connection. ## ## ## Domain allowed access. ## # interface(`snmp_tcp_connect',` gen_require(` type snmpd_t; ') allow $1 snmpd_t:tcp_socket { connectto recvfrom }; allow snmpd_t $1:tcp_socket { acceptfrom recvfrom }; kernel_tcp_recvfrom($1) ') ######################################## ## ## Send and receive UDP traffic to SNMP ## ## ## Domain allowed access. ## # interface(`snmp_udp_chat',` gen_require(` type snmpd_t; ') allow $1 snmpd_t:udp_socket { sendto recvfrom }; allow snmpd_t $1:udp_socket { sendto recvfrom }; ') ######################################## ## ## Read snmpd libraries. ## ## ## Domain allowed access. ## # interface(`snmp_read_snmp_var_lib',` gen_require(` type snmpd_var_lib_t; ') allow $1 snmpd_var_lib_t:dir r_dir_perms; allow $1 snmpd_var_lib_t:file r_file_perms; allow $1 snmpd_var_lib_t:lnk_file { getattr read }; ')