selinux-refpolicy/policy/modules/services/nagios.if

102 lines
1.9 KiB
Plaintext

## <summary>Net Saint / NAGIOS - network monitoring server</summary>
########################################
## <summary>
## Do not audit attempts to read or write nagios
## unnamed pipes.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
## <rolecap/>
#
interface(`nagios_dontaudit_rw_pipes',`
gen_require(`
type nagios_t;
')
dontaudit $1 nagios_t:fifo_file rw_fifo_file_perms;
')
########################################
## <summary>
## Allow the specified domain to read
## nagios configuration files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`nagios_read_config',`
gen_require(`
type nagios_etc_t;
')
allow $1 nagios_etc_t:dir list_dir_perms;
allow $1 nagios_etc_t:file read_file_perms;
files_search_etc($1)
')
########################################
## <summary>
## Allow the specified domain to read
## nagios temporary files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`nagios_read_tmp_files',`
gen_require(`
type nagios_tmp_t;
')
allow $1 nagios_tmp_t:file read_file_perms;
files_search_tmp($1)
')
########################################
## <summary>
## Execute the nagios CGI with
## a domain transition.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`nagios_domtrans_cgi',`
gen_require(`
type nagios_cgi_t, nagios_cgi_exec_t;
')
domtrans_pattern($1, nagios_cgi_exec_t, nagios_cgi_t)
')
########################################
## <summary>
## Execute the nagios NRPE with
## a domain transition.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`nagios_domtrans_nrpe',`
gen_require(`
type nrpe_t, nrpe_exec_t;
')
domtrans_pattern($1, nrpe_exec_t, nrpe_t)
')