diff --git a/policy/modules/services/nagios.te b/policy/modules/services/nagios.te index 777cc1567..cb5bf9144 100644 --- a/policy/modules/services/nagios.te +++ b/policy/modules/services/nagios.te @@ -1,5 +1,5 @@ -policy_module(nagios,1.2.0) +policy_module(nagios,1.2.1) ######################################## # @@ -73,8 +73,10 @@ corenet_tcp_sendrecv_all_nodes(nagios_t) corenet_udp_sendrecv_all_nodes(nagios_t) corenet_tcp_sendrecv_all_ports(nagios_t) corenet_udp_sendrecv_all_ports(nagios_t) +corenet_tcp_connect_all_ports(nagios_t) dev_read_sysfs(nagios_t) +dev_read_urand(nagios_t) domain_use_interactive_fds(nagios_t) # for ps @@ -97,8 +99,6 @@ logging_send_syslog_msg(nagios_t) miscfiles_read_localization(nagios_t) -sysnet_read_config(nagios_t) - userdom_dontaudit_use_unpriv_user_fds(nagios_t) userdom_dontaudit_search_sysadm_home_dirs(nagios_t) @@ -111,17 +111,13 @@ ifdef(`targeted_policy',` ') optional_policy(` - netutils_domtrans_ping(nagios_t) - netutils_signal_ping(nagios_t) - netutils_kill_ping(nagios_t) - - # cjp: leaked file descriptors: - #dontaudit ping_t nagios_etc_t:file read; - #dontaudit ping_t nagios_log_t:fifo_file read; + auth_use_nsswitch(nagios_t) ') optional_policy(` - nis_use_ypbind(nagios_t) + netutils_domtrans_ping(nagios_t) + netutils_signal_ping(nagios_t) + netutils_kill_ping(nagios_t) ') optional_policy(`