Remove unnecessary comments in zabbix.te.
This commit is contained in:
Chris PeBenito
parent
b6b23abade
commit
2c59cf9cf9
|
|
@ -12,7 +12,6 @@ init_daemon_domain(zabbix_t, zabbix_exec_t)
|
|||
type zabbix_initrc_exec_t;
|
||||
init_script_file(zabbix_initrc_exec_t)
|
||||
|
||||
# agent definition
|
||||
type zabbix_agent_t;
|
||||
type zabbix_agent_exec_t;
|
||||
init_daemon_domain(zabbix_agent_t, zabbix_agent_exec_t)
|
||||
|
|
@ -59,24 +58,15 @@ files_pid_filetrans(zabbix_t, zabbix_var_run_t, { dir file })
|
|||
rw_files_pattern(zabbix_t, zabbix_tmpfs_t, zabbix_tmpfs_t)
|
||||
fs_tmpfs_filetrans(zabbix_t, zabbix_tmpfs_t, file)
|
||||
|
||||
# network access to zabbix agent
|
||||
zabbix_agent_tcp_connect(zabbix_t)
|
||||
|
||||
## Kernel layer module calls
|
||||
|
||||
# corenetwork module
|
||||
corenet_tcp_bind_generic_node(zabbix_t)
|
||||
corenet_tcp_bind_zabbix_port(zabbix_t)
|
||||
|
||||
# files module
|
||||
files_read_etc_files(zabbix_t)
|
||||
|
||||
## System layer module calls
|
||||
|
||||
# miscfiles module
|
||||
miscfiles_read_localization(zabbix_t)
|
||||
|
||||
# sysnetwork module
|
||||
sysnet_dns_name_resolve(zabbix_t)
|
||||
|
||||
optional_policy(`
|
||||
|
|
@ -100,8 +90,6 @@ allow zabbix_agent_t self:shm create_shm_perms;
|
|||
allow zabbix_agent_t self:tcp_socket create_stream_socket_perms;
|
||||
allow zabbix_agent_t self:unix_stream_socket create_stream_socket_perms;
|
||||
|
||||
## Rules related to the types managed by this policy file
|
||||
|
||||
# Logging access
|
||||
filetrans_pattern(zabbix_agent_t, zabbix_log_t, zabbix_log_t, file)
|
||||
manage_files_pattern(zabbix_agent_t, zabbix_log_t, zabbix_log_t)
|
||||
|
|
@ -117,48 +105,33 @@ zabbix_tcp_connect(zabbix_agent_t)
|
|||
rw_files_pattern(zabbix_agent_t, zabbix_tmpfs_t, zabbix_tmpfs_t)
|
||||
fs_tmpfs_filetrans(zabbix_agent_t, zabbix_tmpfs_t, file)
|
||||
|
||||
## Kernel layer module calls
|
||||
|
||||
# kernel module
|
||||
kernel_read_all_sysctls(zabbix_agent_t)
|
||||
kernel_read_system_state(zabbix_agent_t)
|
||||
|
||||
# corecommands module
|
||||
corecmd_read_all_executables(zabbix_agent_t)
|
||||
|
||||
# corenetwork module
|
||||
corenet_tcp_bind_generic_node(zabbix_agent_t)
|
||||
corenet_tcp_bind_zabbix_agent_port(zabbix_agent_t)
|
||||
corenet_tcp_connect_ssh_port(zabbix_agent_t)
|
||||
corenet_tcp_connect_zabbix_port(zabbix_agent_t)
|
||||
|
||||
# devices module
|
||||
dev_getattr_all_blk_files(zabbix_agent_t)
|
||||
dev_getattr_all_chr_files(zabbix_agent_t)
|
||||
|
||||
# domain module
|
||||
domain_search_all_domains_state(zabbix_agent_t)
|
||||
|
||||
# files module
|
||||
files_getattr_all_dirs(zabbix_agent_t)
|
||||
files_getattr_all_files(zabbix_agent_t)
|
||||
files_read_all_symlinks(zabbix_agent_t)
|
||||
files_read_etc_files(zabbix_agent_t)
|
||||
|
||||
# filesystem module
|
||||
fs_getattr_all_fs(zabbix_agent_t)
|
||||
|
||||
## System layer module calls
|
||||
|
||||
# init module
|
||||
init_read_utmp(zabbix_agent_t)
|
||||
|
||||
# logging module
|
||||
logging_search_logs(zabbix_agent_t)
|
||||
|
||||
# miscfiles module
|
||||
miscfiles_read_localization(zabbix_agent_t)
|
||||
|
||||
# sysnetwork module
|
||||
sysnet_dns_name_resolve(zabbix_agent_t)
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue