tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6347 from dgoetz/fix/selinux-notifications-6028 

SELinux: Allow notification plugins to read local users …
This commit is contained in:
Jean Flach 2018-06-04 15:50:35 +02:00 committed by GitHub
parent 891456fefc 00214e597e
commit 3092f6fadb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
tools/selinux/icinga2.te
View File

@ -1,4 +1,4 @@
policy_module(icinga2, 0.1.5) policy_module(icinga2, 0.1.6)
######################################## ########################################
# #
@ -146,12 +146,19 @@ files_tmp_file(nagios_notification_plugin_tmp_t)
manage_files_pattern(nagios_notification_plugin_t, nagios_notification_plugin_tmp_t, nagios_notification_plugin_tmp_t) manage_files_pattern(nagios_notification_plugin_t, nagios_notification_plugin_tmp_t, nagios_notification_plugin_tmp_t)
manage_dirs_pattern(nagios_notification_plugin_t, nagios_notification_plugin_tmp_t, nagios_notification_plugin_tmp_t) manage_dirs_pattern(nagios_notification_plugin_t, nagios_notification_plugin_tmp_t, nagios_notification_plugin_tmp_t)
files_tmp_filetrans(nagios_notification_plugin_t, nagios_notification_plugin_tmp_t, { dir file }) files_tmp_filetrans(nagios_notification_plugin_t, nagios_notification_plugin_tmp_t, { dir file })
auth_dontaudit_read_passwd(nagios_notification_plugin_t)
fs_dontaudit_getattr_xattr_fs(nagios_notification_plugin_t) fs_dontaudit_getattr_xattr_fs(nagios_notification_plugin_t)
optional_policy(` optional_policy(`
mta_send_mail(nagios_notification_plugin_t) mta_send_mail(nagios_notification_plugin_t)
') ')
icinga2_dontaudit_leaks_fifo(system_mail_t) icinga2_dontaudit_leaks_fifo(system_mail_t)
# hipsaint notification
auth_read_passwd(nagios_notification_plugin_t)
sysnet_read_config(nagios_notification_plugin_t)
allow nagios_notification_plugin_t self:udp_socket create_stream_socket_perms;
allow nagios_notification_plugin_t self:tcp_socket create_stream_socket_perms;
allow nagios_notification_plugin_t self:netlink_route_socket create_netlink_socket_perms;
corenet_tcp_connect_http_port(nagios_notification_plugin_t)
miscfiles_read_generic_certs(nagios_notification_plugin_t)
allow icinga2_t icinga2_port_t:tcp_socket name_bind; allow icinga2_t icinga2_port_t:tcp_socket name_bind;
allow icinga2_t self:tcp_socket create_stream_socket_perms; allow icinga2_t self:tcp_socket create_stream_socket_perms;