cookbooks/mu-master/files/default/nagios_selinux.te from cloudamatic/mu

cookbooks/mu-master/files/default/nagios_selinux.te
Summary

Maintainability

Test Coverage

Issues
module nagios_selinux 1.0;

require {
  type nagios_t;
  type usr_t;
  type nagios_log_t;
  type httpd_t;
  type httpd_sys_script_t;
  type httpd_sys_content_t;
  type httpd_sys_script_exec_t;
  type nagios_exec_t;
  type initrc_var_run_t;
  type port_t;
  type ssh_exec_t;
  class capability chown;
  class dir { search read write remove_name add_name };
  class file { create open execute_no_trans read append write getattr setattr lock unlink rename execute };
  class fifo_file { read open getattr write create };
  class sock_file { create write unlink };
  class tcp_socket { name_bind };
  class capability { chown };
}

allow httpd_t nagios_log_t:dir search;
allow httpd_t nagios_log_t:file { read open };
allow httpd_t nagios_log_t:fifo_file { read open getattr write };
allow httpd_t httpd_sys_script_exec_t:fifo_file { read open getattr write };
allow nagios_t nagios_exec_t:file execute_no_trans;
allow httpd_sys_script_t nagios_log_t:dir search;
allow httpd_sys_script_t nagios_log_t:file { read open };
allow httpd_sys_script_t nagios_log_t:fifo_file { read open getattr write };
allow httpd_sys_script_t httpd_sys_script_exec_t:fifo_file { read open getattr write };
allow nagios_t nagios_exec_t:file execute_no_trans;
allow nagios_t ssh_exec_t:file { getattr execute read open execute_no_trans };
allow nagios_t self:capability chown;
allow nagios_t httpd_sys_content_t:dir { read search write remove_name add_name };
allow nagios_t httpd_sys_script_exec_t:dir { read search write remove_name add_name };
allow nagios_t nagios_log_t:dir { read search write remove_name add_name };
allow nagios_t httpd_sys_content_t:file { open read append getattr setattr create write rename };
allow nagios_t httpd_sys_script_exec_t:file { open read append getattr setattr create write rename };
allow nagios_t nagios_log_t:file { open read append getattr setattr create write rename };
allow nagios_t httpd_sys_content_t:sock_file { unlink create write };
allow nagios_t httpd_sys_script_exec_t:sock_file { unlink create write };
allow nagios_t nagios_log_t:sock_file { unlink create write };
allow nagios_t initrc_var_run_t:file { read write open lock unlink };
allow nagios_t port_t:tcp_socket { name_bind };
allow nagios_t nagios_t:capability { chown };
allow nagios_t httpd_sys_script_exec_t:fifo_file { read open getattr write create };
allow nagios_t nagios_log_t:fifo_file { read open getattr write create };
allow nagios_t nagios_log_t:fifo_file { read open getattr write create };
allow nagios_t usr_t:file { read open getattr execute execute_no_trans append };