|
|
@ -1,4 +1,4 @@ |
|
|
|
module zabbix-proxy 1.2; |
|
|
|
module zabbix-proxy 1.3; |
|
|
|
|
|
|
|
|
|
|
|
require { |
|
|
|
require { |
|
|
|
type var_lib_t; |
|
|
|
type var_lib_t; |
|
|
@ -7,6 +7,7 @@ require { |
|
|
|
type unlabeled_t; |
|
|
|
type unlabeled_t; |
|
|
|
type zabbix_t; |
|
|
|
type zabbix_t; |
|
|
|
type zabbix_var_run_t; |
|
|
|
type zabbix_var_run_t; |
|
|
|
|
|
|
|
type zabbix_var_lib_t; |
|
|
|
class file { read getattr }; |
|
|
|
class file { read getattr }; |
|
|
|
class sem { unix_read unix_write associate destroy }; |
|
|
|
class sem { unix_read unix_write associate destroy }; |
|
|
|
class shm { unix_read unix_write associate destroy }; |
|
|
|
class shm { unix_read unix_write associate destroy }; |
|
|
@ -19,6 +20,7 @@ require { |
|
|
|
|
|
|
|
|
|
|
|
#============= ping_t ============== |
|
|
|
#============= ping_t ============== |
|
|
|
allow ping_t var_lib_t:file { read getattr }; |
|
|
|
allow ping_t var_lib_t:file { read getattr }; |
|
|
|
|
|
|
|
allow ping_t zabbix_var_lib_t:file { read getattr }; |
|
|
|
allow initrc_t unlabeled_t:sem { unix_read unix_write associate destroy }; |
|
|
|
allow initrc_t unlabeled_t:sem { unix_read unix_write associate destroy }; |
|
|
|
allow initrc_t unlabeled_t:shm { unix_read unix_write associate destroy }; |
|
|
|
allow initrc_t unlabeled_t:shm { unix_read unix_write associate destroy }; |
|
|
|
allow unlabeled_t self:tcp_socket { create getattr accept shutdown read }; |
|
|
|
allow unlabeled_t self:tcp_socket { create getattr accept shutdown read }; |
|
|
|