You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
28 lines
1.1 KiB
28 lines
1.1 KiB
7 years ago
|
module zabbix-agent-addons 1.0;
|
||
|
|
||
|
require {
|
||
|
type kernel_t;
|
||
|
type devlog_t;
|
||
|
type zabbix_var_lib_t;
|
||
|
type sudo_exec_t;
|
||
|
type proc_mdstat_t;
|
||
|
type zabbix_agent_t;
|
||
|
class process setrlimit;
|
||
|
class capability { audit_write dac_override sys_resource };
|
||
|
class file { execute execute_no_trans getattr ioctl open read };
|
||
|
class netlink_audit_socket { create nlmsg_relay };
|
||
|
class sock_file write;
|
||
|
class unix_dgram_socket { connect create sendto };
|
||
|
}
|
||
|
|
||
|
#============= zabbix_agent_t ==============
|
||
|
allow zabbix_agent_t devlog_t:sock_file write;
|
||
|
allow zabbix_agent_t kernel_t:unix_dgram_socket sendto;
|
||
|
allow zabbix_agent_t proc_mdstat_t:file { getattr ioctl open read };
|
||
|
allow zabbix_agent_t self:capability { audit_write dac_override sys_resource };
|
||
|
allow zabbix_agent_t self:netlink_audit_socket { create nlmsg_relay };
|
||
|
allow zabbix_agent_t self:process setrlimit;
|
||
|
allow zabbix_agent_t self:unix_dgram_socket { connect create };
|
||
|
allow zabbix_agent_t sudo_exec_t:file { execute execute_no_trans };
|
||
|
allow zabbix_agent_t zabbix_var_lib_t:file { execute execute_no_trans ioctl open read };
|