Created
September 25, 2014 02:56
-
-
Save MelanieGault/3aa9b497a5cd908b85cf to your computer and use it in GitHub Desktop.
selinux module for icinga2 all in one box
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| module my_httpd_icinga_command 1.0; | |
| require { | |
| type var_run_t; | |
| type var_log_t; | |
| type var_t; | |
| type httpd_t; | |
| type ping_t; | |
| type postgresql_port_t; | |
| type reserved_port_t; | |
| type httpd_sys_script_t; | |
| type load_policy_t; | |
| type user_tmp_t; | |
| class fifo_file {open getattr write}; | |
| class tcp_socket {name_connect}; | |
| class file {open read getattr write}; | |
| class dir {read}; | |
| } | |
| #============= httpd_t ============== | |
| allow httpd_t var_run_t:fifo_file {open getattr write}; | |
| allow ping_t var_t:file {open getattr write}; | |
| allow httpd_sys_script_t var_t:file {open read getattr write}; | |
| allow httpd_sys_script_t var_log_t:dir read; | |
| allow httpd_sys_script_t var_t:file read; | |
| allow httpd_t postgresql_port_t:tcp_socket name_connect; | |
| allow httpd_t reserved_port_t:tcp_socket name_connect; | |
| allow load_policy_t user_tmp_t:file write; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment