fws
/
zabbix
4
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Allow unlinking sockets on shutdown

Browse Source
tags/zabbix-3.4.11-0.beta2
Daniel Berteaud 7 years ago
parent 9407d9a8e8
commit aeeac615d3
2 changed files with 6 additions and 6 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      zabbix-proxy.te
  2. 6
      zabbix-server.te

6
zabbix-proxy.te
Unescape View File

@ -1,4 +1,4 @@
module zabbix-proxy 1.3; module zabbix-proxy 1.4;
require { require {
type var_lib_t; type var_lib_t;
@ -12,7 +12,7 @@ require {
class sem { unix_read unix_write associate destroy }; class sem { unix_read unix_write associate destroy };
class shm { unix_read unix_write associate destroy }; class shm { unix_read unix_write associate destroy };
class tcp_socket { create getattr accept shutdown read }; class tcp_socket { create getattr accept shutdown read };
class sock_file { create write }; class sock_file { create write unlink };
class netlink_route_socket { create bind }; class netlink_route_socket { create bind };
class process setrlimit; class process setrlimit;
class unix_stream_socket connectto; class unix_stream_socket connectto;
@ -26,5 +26,5 @@ allow initrc_t unlabeled_t:shm { unix_read unix_write associate destroy };
allow unlabeled_t self:tcp_socket { create getattr accept shutdown read }; allow unlabeled_t self:tcp_socket { create getattr accept shutdown read };
allow unlabeled_t self:netlink_route_socket { create bind }; allow unlabeled_t self:netlink_route_socket { create bind };
allow zabbix_t self:process setrlimit; allow zabbix_t self:process setrlimit;
allow zabbix_t zabbix_var_run_t:sock_file create; allow zabbix_t zabbix_var_run_t:sock_file { create write unlink };
allow zabbix_t self:unix_stream_socket connectto; allow zabbix_t self:unix_stream_socket connectto;

6
zabbix-server.te
Unescape View File

@ -1,4 +1,4 @@
module zabbix-server 1.3; module zabbix-server 1.4;
require { require {
type devlog_t; type devlog_t;
@ -12,7 +12,7 @@ require {
class capability { sys_resource audit_write }; class capability { sys_resource audit_write };
class file { execute read create ioctl execute_no_trans write getattr unlink open }; class file { execute read create ioctl execute_no_trans write getattr unlink open };
class netlink_audit_socket { nlmsg_relay create }; class netlink_audit_socket { nlmsg_relay create };
class sock_file { create write}; class sock_file { create write unlink };
class unix_dgram_socket { create connect sendto }; class unix_dgram_socket { create connect sendto };
class dir { write remove_name add_name }; class dir { write remove_name add_name };
class key write; class key write;
@ -31,4 +31,4 @@ allow zabbix_t syslogd_t:unix_dgram_socket sendto;
allow zabbix_t zabbix_var_lib_t:dir { write remove_name add_name }; allow zabbix_t zabbix_var_lib_t:dir { write remove_name add_name };
allow zabbix_t zabbix_var_lib_t:file { execute read create getattr execute_no_trans write ioctl unlink open }; allow zabbix_t zabbix_var_lib_t:file { execute read create getattr execute_no_trans write ioctl unlink open };
allow zabbix_t self:unix_stream_socket connectto; allow zabbix_t self:unix_stream_socket connectto;
allow zabbix_t zabbix_var_run_t:sock_file create; allow zabbix_t zabbix_var_run_t:sock_file { create write unlink };

Write Preview
Loading…
Cancel
Save