selinux-refpolicy/policy/modules/services/munin.if
2007-11-15 16:54:18 +00:00

83 lines
1.6 KiB
Plaintext

## <summary>Munin network-wide load graphing (formerly LRRD)</summary>
########################################
## <summary>
## Connect to munin over a unix domain
## stream socket.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`munin_stream_connect',`
gen_require(`
type munin_var_run_t, munin_t;
')
allow $1 munin_t:unix_stream_socket connectto;
allow $1 munin_var_run_t:sock_file { getattr write };
files_search_pids($1)
')
#######################################
## <summary>
## Read munin configuration files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`munin_read_config',`
gen_require(`
type munin_etc_t;
')
allow $1 munin_etc_t:dir list_dir_perms;
allow $1 munin_etc_t:file read_file_perms;
allow $1 munin_etc_t:lnk_file { getattr read };
files_search_etc($1)
')
#######################################
## <summary>
## Search munin library directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`munin_search_lib',`
gen_require(`
type munin_var_lib_t;
')
allow $1 munin_var_lib_t:dir search_dir_perms;
files_search_var_lib($1)
')
#######################################
## <summary>
## Do not audit attempts to search
## munin library directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`munin_dontaudit_search_lib',`
gen_require(`
type munin_var_lib_t;
')
dontaudit $1 munin_var_lib_t:dir search_dir_perms;
')