Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Add some more selinux policy to fi-nrpe

Browse source 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
This commit is contained in:
Patrick Uiterwijk 2018-01-12 21:43:40 +00:00
parent 1ddf40d19c
commit d3ea8120ee
2 changed files with 6 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

BIN
roles/nagios_client/files/selinux/fi-nrpe.pp
View file

Binary file not shown.

8
roles/nagios_client/files/selinux/fi-nrpe.te
View file

@ -1,11 +1,15 @@
module fi-nrpe 1.0;
module fi-nrpe 1.1;
require {
type nagios_system_plugin_t;
type nagios_admin_plugin_t;
type nrpe_exec_t;
class file getattr;
type bin_t;
class file { getattr map execute };
}
#============= nagios_system_plugin_t ==============
allow nagios_system_plugin_t nrpe_exec_t:file getattr;
# This is needed for e.g. check_file_age, which is a perl script
allow nagios_admin_plugin_t bin_t:file { map execute };