ansible-roles/roles/zabbix_proxy/files/zabbix_proxy.te

module zabbix_proxy 1.2;

require {
        type zabbix_var_run_t;
        type zabbix_var_lib_t;
        type zabbix_t;
        type ping_t;
        class sock_file { create unlink };
        class unix_stream_socket connectto;
        class file { getattr read execute execute_no_trans };
        class capability dac_override;
}

#============= ping_t ==============
allow ping_t zabbix_var_lib_t:file { getattr read };

#============= zabbix_t ==============
allow zabbix_t self:unix_stream_socket connectto;
allow zabbix_t zabbix_var_run_t:sock_file { create unlink };
allow zabbix_t self:capability dac_override;
allow zabbix_t zabbix_var_lib_t:file { execute execute_no_trans };
Update to 2022-01-17 10:00 2022-01-17 10:00:06 +01:00			`module zabbix_proxy 1.2;`
Update to 2021-12-01 19:13 2021-12-01 19:13:34 +01:00
			`require {`
			`type zabbix_var_run_t;`
			`type zabbix_var_lib_t;`
			`type zabbix_t;`
			`type ping_t;`
			`class sock_file { create unlink };`
			`class unix_stream_socket connectto;`
Update to 2022-01-17 10:00 2022-01-17 10:00:06 +01:00			`class file { getattr read execute execute_no_trans };`
Update to 2021-12-01 19:13 2021-12-01 19:13:34 +01:00			`class capability dac_override;`
			`}`

			`#============= ping_t ==============`
			`allow ping_t zabbix_var_lib_t:file { getattr read };`

			`#============= zabbix_t ==============`
			`allow zabbix_t self:unix_stream_socket connectto;`
			`allow zabbix_t zabbix_var_run_t:sock_file { create unlink };`
			`allow zabbix_t self:capability dac_override;`
Update to 2022-01-17 10:00 2022-01-17 10:00:06 +01:00			`allow zabbix_t zabbix_var_lib_t:file { execute execute_no_trans };`