40 lines
1.4 KiB
Plaintext
40 lines
1.4 KiB
Plaintext
|
module nrpe 1.0;
|
||
|
|
|
||
|
|
require {
|
||
|
|
type nrpe_t;
|
||
|
|
type proc_net_t;
|
||
|
|
type initrc_var_run_t;
|
||
|
|
type system_dbusd_t;
|
||
|
|
type user_home_t;
|
||
|
|
type user_home_dir_t;
|
||
|
|
type admin_home_t;
|
||
|
|
type systemd_logind_t;
|
||
|
|
type unconfined_t;
|
||
|
|
class capability { dac_override dac_read_search };
|
||
|
|
class process execmem;
|
||
|
|
class file { read open write lock };
|
||
|
|
class unix_stream_socket connectto;
|
||
|
|
class dir {open read search};
|
||
|
|
class sock_file { getattr write };
|
||
|
|
class dbus send_msg;
|
||
|
|
class unix_stream_socket connectto;
|
||
|
|
}
|
||
|
|
|
||
|
|
#============= nrpe_t ==============
|
||
|
|
allow nrpe_t user_home_t:dir search;
|
||
|
|
allow nrpe_t user_home_dir_t:dir search;
|
||
|
|
allow nrpe_t system_dbusd_t:unix_stream_socket connectto;
|
||
|
|
allow nrpe_t initrc_var_run_t:file read;
|
||
|
|
allow nrpe_t self:capability { dac_override dac_read_search };
|
||
|
|
allow nrpe_t self:process execmem;
|
||
|
|
allow nrpe_t admin_home_t:file { read open };
|
||
|
|
allow nrpe_t admin_home_t:sock_file { getattr write };
|
||
|
|
allow nrpe_t initrc_var_run_t:file open;
|
||
|
|
allow nrpe_t system_dbusd_t:dbus send_msg;
|
||
|
|
allow nrpe_t initrc_var_run_t:file lock;
|
||
|
|
allow nrpe_t systemd_logind_t:dbus send_msg;
|
||
|
|
allow nrpe_t user_home_t:file { open read };
|
||
|
|
allow nrpe_t user_home_t:sock_file { getattr write };
|
||
|
|
allow systemd_logind_t nrpe_t:dbus send_msg;
|
||
|
|
allow nrpe_t unconfined_t:unix_stream_socket connectto;
|