zabbix/zabbix-proxy.te

module zabbix-proxy 1.3;

require {
        type var_lib_t;
        type ping_t;
        type initrc_t;
        type unlabeled_t;
        type zabbix_t;
        type zabbix_var_run_t;
        type zabbix_var_lib_t;
        class file { read getattr };
        class sem { unix_read unix_write associate destroy };
        class shm { unix_read unix_write associate destroy };
        class tcp_socket { create getattr accept shutdown read };
        class sock_file { create write };
        class netlink_route_socket { create bind };
        class process setrlimit;
        class unix_stream_socket connectto;
}

#============= ping_t ==============
allow ping_t var_lib_t:file { read getattr };
allow ping_t zabbix_var_lib_t:file { read getattr };
allow initrc_t unlabeled_t:sem { unix_read unix_write associate destroy };
allow initrc_t unlabeled_t:shm { unix_read unix_write associate destroy };
allow unlabeled_t self:tcp_socket { create getattr accept shutdown read };
allow unlabeled_t self:netlink_route_socket { create bind };
allow zabbix_t self:process setrlimit;
allow zabbix_t zabbix_var_run_t:sock_file create;
allow zabbix_t self:unix_stream_socket connectto;
Update zabbix-proxy SELinux policy for EL 7.5 7 years ago			`module zabbix-proxy 1.3;`
Initial import 7 years ago
			`require {`
			`type var_lib_t;`
			`type ping_t;`
			`type initrc_t;`
			`type unlabeled_t;`
			`type zabbix_t;`
Fix SELinux policy for proxy 7 years ago			`type zabbix_var_run_t;`
Update zabbix-proxy SELinux policy for EL 7.5 7 years ago			`type zabbix_var_lib_t;`
Initial import 7 years ago			`class file { read getattr };`
			`class sem { unix_read unix_write associate destroy };`
			`class shm { unix_read unix_write associate destroy };`
			`class tcp_socket { create getattr accept shutdown read };`
Fix SELinux policy for proxy 7 years ago			`class sock_file { create write };`
Initial import 7 years ago			`class netlink_route_socket { create bind };`
			`class process setrlimit;`
Fix SELinux policy for proxy 7 years ago			`class unix_stream_socket connectto;`
Initial import 7 years ago			`}`

			`#============= ping_t ==============`
			`allow ping_t var_lib_t:file { read getattr };`
Update zabbix-proxy SELinux policy for EL 7.5 7 years ago			`allow ping_t zabbix_var_lib_t:file { read getattr };`
Initial import 7 years ago			`allow initrc_t unlabeled_t:sem { unix_read unix_write associate destroy };`
			`allow initrc_t unlabeled_t:shm { unix_read unix_write associate destroy };`
			`allow unlabeled_t self:tcp_socket { create getattr accept shutdown read };`
			`allow unlabeled_t self:netlink_route_socket { create bind };`
			`allow zabbix_t self:process setrlimit;`
Fix SELinux policy for proxy 7 years ago			`allow zabbix_t zabbix_var_run_t:sock_file create;`
			`allow zabbix_t self:unix_stream_socket connectto;`