| |
@@ -72,8 +72,8 @@
|
| |
# zabbix domain local policy
|
| |
#
|
| |
|
| |
- allow zabbix_domain self:capability { setuid setgid };
|
| |
- allow zabbix_domain self:process { setpgid setsched getsched signal_perms };
|
| |
+ allow zabbix_domain self:capability { setgid setuid };
|
| |
+ allow zabbix_domain self:process { getsched setpgid setsched signal_perms };
|
| |
allow zabbix_domain self:fifo_file rw_fifo_file_perms;
|
| |
allow zabbix_domain self:sem create_sem_perms;
|
| |
allow zabbix_domain self:shm create_shm_perms;
|
| |
@@ -157,7 +157,7 @@
|
| |
')
|
| |
|
| |
tunable_policy(`zabbix_run_sudo',`
|
| |
- allow zabbix_t self:capability { setuid setgid sys_resource };
|
| |
+ allow zabbix_t self:capability { setgid setuid sys_resource };
|
| |
allow zabbix_t self:process { setrlimit setsched };
|
| |
allow zabbix_t self:key write;
|
| |
allow zabbix_t self:passwd { passwd rootok };
|
| |
@@ -285,7 +285,7 @@
|
| |
zabbix_script_domtrans(zabbix_agent_t)
|
| |
|
| |
tunable_policy(`zabbix_run_sudo',`
|
| |
- allow zabbix_agent_t self:capability { setuid setgid sys_resource };
|
| |
+ allow zabbix_agent_t self:capability { setgid setuid sys_resource };
|
| |
allow zabbix_agent_t self:process { setrlimit setsched };
|
| |
allow zabbix_agent_t self:key write;
|
| |
allow zabbix_agent_t self:passwd { passwd rootok };
|
| |
@@ -324,8 +324,7 @@
|
| |
|
| |
domtrans_pattern(zabbix_t, zabbix_script_exec_t, zabbix_script_t)
|
| |
|
| |
- allow zabbix_t zabbix_script_exec_t:dir search_dir_perms;
|
| |
- allow zabbix_t zabbix_script_exec_t:dir read_file_perms;
|
| |
+ allow zabbix_t zabbix_script_exec_t:dir list_dir_perms;
|
| |
allow zabbix_t zabbix_script_exec_t:file ioctl;
|
| |
allow zabbix_t zabbix_script_t:process signal;
|
| |
|
| |