zabbix/zabbix-server.te

module zabbix-server 1.4;

require {
        type devlog_t;
        type zabbix_t;
        type ping_t;
        type syslogd_t;
        type sudo_exec_t;
        type zabbix_var_lib_t;
        type zabbix_var_run_t;
        class process { setrlimit setpgid };
        class capability { sys_resource audit_write };
        class file { execute read create ioctl execute_no_trans write getattr unlink open };
        class netlink_audit_socket { nlmsg_relay create };
        class sock_file { create write unlink };
        class unix_dgram_socket { create connect sendto };
        class dir { write remove_name add_name };
        class key write;
        class unix_stream_socket connectto;
}

allow ping_t zabbix_var_lib_t:file { read getattr };
allow zabbix_t devlog_t:sock_file write;
allow zabbix_t self:capability { sys_resource audit_write };
allow zabbix_t self:netlink_audit_socket { nlmsg_relay create };
allow zabbix_t self:process { setrlimit setpgid };
allow zabbix_t self:unix_dgram_socket { create connect };
allow zabbix_t self:key write;
allow zabbix_t sudo_exec_t:file { read execute open execute_no_trans };
allow zabbix_t syslogd_t:unix_dgram_socket sendto;
allow zabbix_t zabbix_var_lib_t:dir { write remove_name add_name };
allow zabbix_t zabbix_var_lib_t:file { execute read create getattr execute_no_trans write ioctl unlink open };
allow zabbix_t self:unix_stream_socket connectto;
allow zabbix_t zabbix_var_run_t:sock_file { create write unlink };
Allow unlinking sockets on shutdown 6 years ago			`module zabbix-server 1.4;`
Initial import 7 years ago
			`require {`
			`type devlog_t;`
			`type zabbix_t;`
			`type ping_t;`
			`type syslogd_t;`
			`type sudo_exec_t;`
			`type zabbix_var_lib_t;`
			`type zabbix_var_run_t;`
			`class process { setrlimit setpgid };`
			`class capability { sys_resource audit_write };`
			`class file { execute read create ioctl execute_no_trans write getattr unlink open };`
			`class netlink_audit_socket { nlmsg_relay create };`
Allow unlinking sockets on shutdown 6 years ago			`class sock_file { create write unlink };`
Initial import 7 years ago			`class unix_dgram_socket { create connect sendto };`
			`class dir { write remove_name add_name };`
			`class key write;`
			`class unix_stream_socket connectto;`
			`}`

			`allow ping_t zabbix_var_lib_t:file { read getattr };`
			`allow zabbix_t devlog_t:sock_file write;`
			`allow zabbix_t self:capability { sys_resource audit_write };`
			`allow zabbix_t self:netlink_audit_socket { nlmsg_relay create };`
			`allow zabbix_t self:process { setrlimit setpgid };`
			`allow zabbix_t self:unix_dgram_socket { create connect };`
			`allow zabbix_t self:key write;`
			`allow zabbix_t sudo_exec_t:file { read execute open execute_no_trans };`
			`allow zabbix_t syslogd_t:unix_dgram_socket sendto;`
			`allow zabbix_t zabbix_var_lib_t:dir { write remove_name add_name };`
			`allow zabbix_t zabbix_var_lib_t:file { execute read create getattr execute_no_trans write ioctl unlink open };`
			`allow zabbix_t self:unix_stream_socket connectto;`
Allow unlinking sockets on shutdown 6 years ago			`allow zabbix_t zabbix_var_run_t:sock_file { create write unlink };`