source: trunk/selinux/build/nagios-nrpe.te @ 1119

Last change on this file since 1119 was 88, checked in by presbrey, 16 years ago
Nagios NRPE strict SELinux module
File size: 1.4 KB
Line 
1# Joe Presbrey
2# presbrey@mit.edu
3# 2006/1/15
4
5policy_module(nrpe,1.0.0)
6
7require {
8        type nrpe_t, nrpe_exec_t;
9        type inaddr_any_node_t;
10        type inetd_child_port_t;
11        type initrc_var_run_t;
12        type nrpe_t;
13        type port_t;
14        type var_run_t;
15};
16
17########################################
18#
19# nrpe local policy
20
21files_read_etc_files(nrpe_t)
22files_rw_etc_runtime_files(nrpe_t)
23libs_use_ld_so(nrpe_t)
24libs_use_shared_libs(nrpe_t)
25miscfiles_read_localization(nrpe_t)
26
27sysnet_dns_name_resolve(nrpe_t)
28corenet_tcp_sendrecv_all_nodes(nrpe_t)
29corenet_udp_sendrecv_all_nodes(nrpe_t)
30
31nagios_read_config(nrpe_t)
32files_rw_generic_pids(nrpe_t)
33allow nrpe_t self:capability { setgid setuid };
34allow nrpe_t self:tcp_socket { accept bind create listen setopt };
35
36require {
37        attribute domain;
38        attribute file_type;
39        attribute filesystem_type;
40};
41
42domain_read_all_domains_state(nrpe_t)
43dontaudit nrpe_t domain:dir getattr;
44dontaudit nrpe_t file_type:dir all_dir_perms;
45dontaudit nrpe_t file_type:file all_file_perms;
46files_getattr_all_dirs(nrpe_t)
47files_getattr_all_files(nrpe_t)
48fs_getattr_all_fs(nrpe_t)
49fs_get_xattr_fs_quotas(nrpe_t)
50
51allow nrpe_t inaddr_any_node_t:tcp_socket node_bind;
52allow nrpe_t inetd_child_port_t:tcp_socket name_bind;
53allow nrpe_t initrc_var_run_t:file { lock read };
54allow nrpe_t port_t:tcp_socket { recv_msg send_msg };
55allow nrpe_t var_run_t:dir { add_name write };
56allow nrpe_t var_run_t:file create;
Note: See TracBrowser for help on using the repository browser.