adds file content for nrpe.te

2019-04-23 19:53:49 +02:00
parent b7d84c1fd9
commit 018087f0ac
4 changed files with 83 additions and 0 deletions
--- a/templates/nrpe.te.erb
+++ b/templates/nrpe.te.erb
@@ -0,0 +1,39 @@
+module nrpe 1.0;
+
+require {
+        type nrpe_t;
+        type proc_net_t;
+        type initrc_var_run_t;
+        type system_dbusd_t;
+        type user_home_t;
+        type user_home_dir_t;
+        type admin_home_t;
+        type systemd_logind_t;
+        type unconfined_t;
+        class capability { dac_override dac_read_search };
+        class process execmem;
+        class file { read open write lock };
+        class unix_stream_socket connectto;
+        class dir {open read search};
+        class sock_file { getattr write };
+        class dbus send_msg;
+        class unix_stream_socket connectto;
+}
+
+#============= nrpe_t ==============
+allow nrpe_t user_home_t:dir search;
+allow nrpe_t user_home_dir_t:dir search;
+allow nrpe_t system_dbusd_t:unix_stream_socket connectto;
+allow nrpe_t initrc_var_run_t:file read;
+allow nrpe_t self:capability { dac_override dac_read_search };
+allow nrpe_t self:process execmem;
+allow nrpe_t admin_home_t:file { read open };
+allow nrpe_t admin_home_t:sock_file { getattr write };
+allow nrpe_t initrc_var_run_t:file open;
+allow nrpe_t system_dbusd_t:dbus send_msg;
+allow nrpe_t initrc_var_run_t:file lock;
+allow nrpe_t systemd_logind_t:dbus send_msg;
+allow nrpe_t user_home_t:file { open read };
+allow nrpe_t user_home_t:sock_file { getattr write };
+allow systemd_logind_t nrpe_t:dbus send_msg;
+allow nrpe_t unconfined_t:unix_stream_socket connectto;