|
 |
df1bc6d |
# this file was contributed by David Galloway. Thank you.
|
|
|
df1bc6d |
module nrpe_epel 1.0;
|
|
|
df1bc6d |
|
|
|
df1bc6d |
require {
|
|
|
df1bc6d |
type fsadm_exec_t;
|
|
|
df1bc6d |
type hostname_exec_t;
|
|
|
df1bc6d |
type hwdata_t;
|
|
|
df1bc6d |
type nrpe_t;
|
|
|
df1bc6d |
type scsi_generic_device_t;
|
|
|
df1bc6d |
type tmp_t;
|
|
|
df1bc6d |
class capability { sys_admin sys_rawio };
|
|
|
df1bc6d |
class chr_file { ioctl open read write };
|
|
|
df1bc6d |
class dir { add_name remove_name search write };
|
|
|
df1bc6d |
class file { create execute getattr open read unlink write };
|
|
|
df1bc6d |
class unix_dgram_socket sendto;
|
|
|
df1bc6d |
}
|
|
|
df1bc6d |
|
|
|
df1bc6d |
#============= nrpe_t ==============
|
|
|
df1bc6d |
|
|
|
df1bc6d |
allow nrpe_t fsadm_exec_t:file { execute getattr open read };
|
|
|
df1bc6d |
allow nrpe_t hostname_exec_t:file execute;
|
|
|
df1bc6d |
allow nrpe_t hwdata_t:dir search;
|
|
|
df1bc6d |
allow nrpe_t hwdata_t:file { getattr open read };
|
|
|
df1bc6d |
allow nrpe_t scsi_generic_device_t:chr_file { ioctl open read write };
|
|
|
df1bc6d |
allow nrpe_t self:capability { sys_admin sys_rawio };
|
|
|
df1bc6d |
allow nrpe_t self:unix_dgram_socket sendto;
|
|
|
df1bc6d |
allow nrpe_t tmp_t:dir { add_name remove_name write };
|
|
|
df1bc6d |
allow nrpe_t tmp_t:file unlink;
|
|
|
df1bc6d |
allow nrpe_t tmp_t:file { create open write };
|