2d102f8402
Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Signed-off-by: Dominick Grift <domg472@gmail.com>
117 lines
2.3 KiB
Plaintext
117 lines
2.3 KiB
Plaintext
## <summary>Distributed infrastructure monitoring</summary>
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute a domain transition to run zabbix.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed to transition.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`zabbix_domtrans',`
|
|
gen_require(`
|
|
type zabbix_t, zabbix_exec_t;
|
|
')
|
|
|
|
domtrans_pattern($1, zabbix_exec_t, zabbix_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Allow the specified domain to read zabbix's log files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`zabbix_read_log',`
|
|
gen_require(`
|
|
type zabbix_log_t;
|
|
')
|
|
|
|
logging_search_logs($1)
|
|
read_files_pattern($1, zabbix_log_t, zabbix_log_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Allow the specified domain to append
|
|
## zabbix log files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`zabbix_append_log',`
|
|
gen_require(`
|
|
type zabbix_log_t;
|
|
')
|
|
|
|
logging_search_logs($1)
|
|
append_files_pattern($1, zabbix_log_t, zabbix_log_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read zabbix PID files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`zabbix_read_pid_files',`
|
|
gen_require(`
|
|
type zabbix_var_run_t;
|
|
')
|
|
|
|
files_search_pids($1)
|
|
allow $1 zabbix_var_run_t:file read_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## All of the rules required to administrate
|
|
## an zabbix environment
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="role">
|
|
## <summary>
|
|
## The role to be allowed to manage the zabbix domain.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`zabbix_admin',`
|
|
gen_require(`
|
|
type zabbix_t, zabbix_log_t, zabbix_var_run_t;
|
|
type zabbix_initrc_exec_t;
|
|
')
|
|
|
|
allow $1 zabbix_t:process { ptrace signal_perms };
|
|
ps_process_pattern($1, zabbix_t)
|
|
|
|
init_labeled_script_domtrans($1, zabbix_initrc_exec_t)
|
|
domain_system_change_exemption($1)
|
|
role_transition $2 zabbix_initrc_exec_t system_r;
|
|
allow $2 system_r;
|
|
|
|
logging_list_logs($1)
|
|
admin_pattern($1, zabbix_log_t)
|
|
|
|
files_list_pids($1)
|
|
admin_pattern($1, zabbix_var_run_t)
|
|
')
|