selinux-policy/policy/modules/services/snmp.if
Dominick Grift dcf87460eb Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Signed-off-by: Dominick Grift <domg472@gmail.com>

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.
2010-09-16 12:18:33 +02:00

150 lines
3.2 KiB
Plaintext

## <summary>Simple network management protocol services</summary>
########################################
## <summary>
## Connect to snmpd using a unix domain stream socket.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`snmp_stream_connect',`
gen_require(`
type snmpd_t, snmpd_var_lib_t;
')
files_search_var_lib($1)
stream_connect_pattern($1, snmpd_var_lib_t, snmpd_var_lib_t, snmpd_t)
')
########################################
## <summary>
## Use snmp over a TCP connection. (Deprecated)
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`snmp_tcp_connect',`
refpolicywarn(`$0($*) has been deprecated.')
')
########################################
## <summary>
## Send and receive UDP traffic to SNMP (Deprecated)
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`snmp_udp_chat',`
refpolicywarn(`$0($*) has been deprecated.')
')
########################################
## <summary>
## Read snmpd libraries.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`snmp_read_snmp_var_lib_files',`
gen_require(`
type snmpd_var_lib_t;
')
files_search_var_lib($1)
allow $1 snmpd_var_lib_t:dir list_dir_perms;
read_files_pattern($1, snmpd_var_lib_t, snmpd_var_lib_t)
read_lnk_files_pattern($1, snmpd_var_lib_t, snmpd_var_lib_t)
')
########################################
## <summary>
## dontaudit Read snmpd libraries.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`snmp_dontaudit_read_snmp_var_lib_files',`
gen_require(`
type snmpd_var_lib_t;
')
dontaudit $1 snmpd_var_lib_t:dir list_dir_perms;
dontaudit $1 snmpd_var_lib_t:file read_file_perms;
dontaudit $1 snmpd_var_lib_t:lnk_file read_lnk_file_perms;
')
########################################
## <summary>
## dontaudit write snmpd libraries files.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`snmp_dontaudit_write_snmp_var_lib_files',`
gen_require(`
type snmpd_var_lib_t;
')
dontaudit $1 snmpd_var_lib_t:file write;
')
########################################
## <summary>
## All of the rules required to administrate
## an snmp environment
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="role">
## <summary>
## The role to be allowed to manage the snmp domain.
## </summary>
## </param>
## <rolecap/>
#
interface(`snmp_admin',`
gen_require(`
type snmpd_t, snmpd_log_t;
type snmpd_var_lib_t, snmpd_var_run_t;
type snmpd_initrc_exec_t;
')
allow $1 snmpd_t:process { ptrace signal_perms getattr };
ps_process_pattern($1, snmpd_t)
init_labeled_script_domtrans($1, snmpd_initrc_exec_t)
domain_system_change_exemption($1)
role_transition $2 snmpd_initrc_exec_t system_r;
allow $2 system_r;
logging_list_logs($1)
admin_pattern($1, snmpd_log_t)
files_list_var_lib($1)
admin_pattern($1, snmpd_var_lib_t)
files_list_pids($1)
admin_pattern($1, snmpd_var_run_t)
')