selinux-policy/policy/modules/services/zabbix.te

policy_module(zabbix, 1.2.1)

########################################
#
# Declarations
#

type zabbix_t;
type zabbix_exec_t;
init_daemon_domain(zabbix_t, zabbix_exec_t)

type zabbix_initrc_exec_t;
init_script_file(zabbix_initrc_exec_t)

# log files
type zabbix_log_t;
logging_log_file(zabbix_log_t)

# pid files
type zabbix_var_run_t;
files_pid_file(zabbix_var_run_t)

########################################
#
# zabbix local policy
#

allow zabbix_t self:capability { setuid setgid };
allow zabbix_t self:fifo_file rw_fifo_file_perms;
allow zabbix_t self:unix_stream_socket create_stream_socket_perms;

# log files
allow zabbix_t zabbix_log_t:dir setattr_dir_perms;
manage_files_pattern(zabbix_t, zabbix_log_t, zabbix_log_t)
logging_log_filetrans(zabbix_t, zabbix_log_t, file)

# pid file
manage_dirs_pattern(zabbix_t, zabbix_var_run_t, zabbix_var_run_t)
manage_files_pattern(zabbix_t, zabbix_var_run_t, zabbix_var_run_t)
files_pid_filetrans(zabbix_t, zabbix_var_run_t, { dir file })

files_read_etc_files(zabbix_t)

miscfiles_read_localization(zabbix_t)

optional_policy(`
	mysql_stream_connect(zabbix_t)
')

optional_policy(`
	postgresql_stream_connect(zabbix_t)
')