selinux-policy/policy/modules/services/zabbix.te
Dominick Grift 7d1f5642b0 Use permission sets where possible.
Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.

Use permission sets where possible.
2010-09-24 12:44:39 +02:00

53 lines
1.1 KiB
Plaintext

policy_module(zabbix, 1.2.1)
########################################
#
# Declarations
#
type zabbix_t;
type zabbix_exec_t;
init_daemon_domain(zabbix_t, zabbix_exec_t)
type zabbix_initrc_exec_t;
init_script_file(zabbix_initrc_exec_t)
# log files
type zabbix_log_t;
logging_log_file(zabbix_log_t)
# pid files
type zabbix_var_run_t;
files_pid_file(zabbix_var_run_t)
########################################
#
# zabbix local policy
#
allow zabbix_t self:capability { setuid setgid };
allow zabbix_t self:fifo_file rw_fifo_file_perms;
allow zabbix_t self:unix_stream_socket create_stream_socket_perms;
# log files
allow zabbix_t zabbix_log_t:dir setattr_dir_perms;
manage_files_pattern(zabbix_t, zabbix_log_t, zabbix_log_t)
logging_log_filetrans(zabbix_t, zabbix_log_t, file)
# pid file
manage_dirs_pattern(zabbix_t, zabbix_var_run_t, zabbix_var_run_t)
manage_files_pattern(zabbix_t, zabbix_var_run_t, zabbix_var_run_t)
files_pid_filetrans(zabbix_t, zabbix_var_run_t, { dir file })
files_read_etc_files(zabbix_t)
miscfiles_read_localization(zabbix_t)
optional_policy(`
mysql_stream_connect(zabbix_t)
')
optional_policy(`
postgresql_stream_connect(zabbix_t)
')