You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
34 lines
1.4 KiB
34 lines
1.4 KiB
module zabbix-server 1.3;
|
|
|
|
require {
|
|
type devlog_t;
|
|
type zabbix_t;
|
|
type ping_t;
|
|
type syslogd_t;
|
|
type sudo_exec_t;
|
|
type zabbix_var_lib_t;
|
|
type zabbix_var_run_t;
|
|
class process { setrlimit setpgid };
|
|
class capability { sys_resource audit_write };
|
|
class file { execute read create ioctl execute_no_trans write getattr unlink open };
|
|
class netlink_audit_socket { nlmsg_relay create };
|
|
class sock_file { create write};
|
|
class unix_dgram_socket { create connect sendto };
|
|
class dir { write remove_name add_name };
|
|
class key write;
|
|
class unix_stream_socket connectto;
|
|
}
|
|
|
|
allow ping_t zabbix_var_lib_t:file { read getattr };
|
|
allow zabbix_t devlog_t:sock_file write;
|
|
allow zabbix_t self:capability { sys_resource audit_write };
|
|
allow zabbix_t self:netlink_audit_socket { nlmsg_relay create };
|
|
allow zabbix_t self:process { setrlimit setpgid };
|
|
allow zabbix_t self:unix_dgram_socket { create connect };
|
|
allow zabbix_t self:key write;
|
|
allow zabbix_t sudo_exec_t:file { read execute open execute_no_trans };
|
|
allow zabbix_t syslogd_t:unix_dgram_socket sendto;
|
|
allow zabbix_t zabbix_var_lib_t:dir { write remove_name add_name };
|
|
allow zabbix_t zabbix_var_lib_t:file { execute read create getattr execute_no_trans write ioctl unlink open };
|
|
allow zabbix_t self:unix_stream_socket connectto;
|
|
allow zabbix_t zabbix_var_run_t:sock_file create;
|
|
|