Define zabbix port and allow server to listen/bind on it

The zabbix server uses a dedicated port (10051). We define it and allow the zabbix server to bind/listen on it. Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2011-06-13 10:29:30 +02:00 · 2011-06-13 10:29:30 +02:00 · 5b17d3e7d6
parent 1f1723e008
commit 5b17d3e7d6
2 changed files with 5 additions and 0 deletions
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@ -223,6 +223,7 @@ network_port(xen, tcp,8002,s0)
 network_port(xfs, tcp,7100,s0)
 network_port(xserver, tcp,6000-6020,s0)
 network_port(zarafa, tcp,236,s0, tcp,237,s0)
+network_port(zabbix, tcp,10051,s0)
 network_port(zookeeper_client, tcp,2181,s0)
 network_port(zookeeper_election, tcp,3888,s0)
 network_port(zookeeper_leader, tcp,2888,s0)
--- a/policy/modules/services/zabbix.te
+++ b/policy/modules/services/zabbix.te
@ -35,6 +35,7 @@ allow zabbix_t self:process { setsched getsched signal };
 allow zabbix_t self:unix_stream_socket create_stream_socket_perms;
 allow zabbix_t self:sem create_sem_perms;
 allow zabbix_t self:shm create_shm_perms;
+allow zabbix_t self:tcp_socket create_stream_socket_perms;

 # log files
 allow zabbix_t zabbix_log_t:dir setattr;
@ -52,6 +53,9 @@ fs_tmpfs_filetrans(zabbix_t, zabbix_tmpfs_t, file)

 files_read_etc_files(zabbix_t)

+corenet_tcp_bind_generic_node(zabbix_t)
+corenet_tcp_bind_zabbix_port(zabbix_t)
+
 miscfiles_read_localization(zabbix_t)

 optional_policy(`