"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "tools/selinux/icinga2.te" between
icinga2-2.11.5.tar.gz and icinga2-2.12.0.tar.gz

About: Icinga 2 is an enterprise grade monitoring system which keeps watch over networks and any conceivable network resource.

icinga2.te  (icinga2-2.11.5):icinga2.te  (icinga2-2.12.0)
policy_module(icinga2, 0.2.0) policy_module(icinga2, 0.2.2)
######################################## ########################################
# #
# Declarations # Declarations
# #
## <desc> ## <desc>
## <p> ## <p>
## Allow Icinga 2 to connect to all ports ## Allow Icinga 2 to connect to all ports
## </p> ## </p>
skipping to change at line 96 skipping to change at line 96
type icinga2_port_t; type icinga2_port_t;
# There is no interface for unreserved_port_type # There is no interface for unreserved_port_type
typeattribute icinga2_port_t unreserved_port_type; typeattribute icinga2_port_t unreserved_port_type;
corenet_port(icinga2_port_t) corenet_port(icinga2_port_t)
######################################## ########################################
# #
# icinga2 local policy # icinga2 local policy
# #
allow icinga2_t self:capability { setgid setuid sys_resource }; allow icinga2_t self:capability { setgid setuid sys_resource kill };
allow icinga2_t self:process { setsched signal setrlimit }; allow icinga2_t self:process { setsched signal setrlimit };
allow icinga2_t self:fifo_file rw_fifo_file_perms; allow icinga2_t self:fifo_file rw_fifo_file_perms;
allow icinga2_t self:unix_dgram_socket create_socket_perms; allow icinga2_t self:unix_dgram_socket create_socket_perms;
allow icinga2_t self:unix_stream_socket create_stream_socket_perms; allow icinga2_t self:unix_stream_socket create_stream_socket_perms;
allow icinga2_t icinga2_exec_t:file execute_no_trans;
list_dirs_pattern(icinga2_t, icinga2_etc_t, icinga2_etc_t) list_dirs_pattern(icinga2_t, icinga2_etc_t, icinga2_etc_t)
read_files_pattern(icinga2_t, icinga2_etc_t, icinga2_etc_t) read_files_pattern(icinga2_t, icinga2_etc_t, icinga2_etc_t)
read_lnk_files_pattern(icinga2_t, icinga2_etc_t, icinga2_etc_t) read_lnk_files_pattern(icinga2_t, icinga2_etc_t, icinga2_etc_t)
manage_dirs_pattern(icinga2_t, icinga2_log_t, icinga2_log_t) manage_dirs_pattern(icinga2_t, icinga2_log_t, icinga2_log_t)
manage_files_pattern(icinga2_t, icinga2_log_t, icinga2_log_t) manage_files_pattern(icinga2_t, icinga2_log_t, icinga2_log_t)
manage_lnk_files_pattern(icinga2_t, icinga2_log_t, icinga2_log_t) manage_lnk_files_pattern(icinga2_t, icinga2_log_t, icinga2_log_t)
logging_log_filetrans(icinga2_t, icinga2_log_t, { dir file lnk_file }) logging_log_filetrans(icinga2_t, icinga2_log_t, { dir file lnk_file })
manage_dirs_pattern(icinga2_t, icinga2_var_lib_t, icinga2_var_lib_t) manage_dirs_pattern(icinga2_t, icinga2_var_lib_t, icinga2_var_lib_t)
skipping to change at line 178 skipping to change at line 180
type nagios_notification_plugin_tmp_t; type nagios_notification_plugin_tmp_t;
files_tmp_file(nagios_notification_plugin_tmp_t) files_tmp_file(nagios_notification_plugin_tmp_t)
manage_files_pattern(nagios_notification_plugin_t, nagios_notification_plugin_tm p_t, nagios_notification_plugin_tmp_t) manage_files_pattern(nagios_notification_plugin_t, nagios_notification_plugin_tm p_t, nagios_notification_plugin_tmp_t)
manage_dirs_pattern(nagios_notification_plugin_t, nagios_notification_plugin_tmp _t, nagios_notification_plugin_tmp_t) manage_dirs_pattern(nagios_notification_plugin_t, nagios_notification_plugin_tmp _t, nagios_notification_plugin_tmp_t)
files_tmp_filetrans(nagios_notification_plugin_t, nagios_notification_plugin_tmp _t, { dir file }) files_tmp_filetrans(nagios_notification_plugin_t, nagios_notification_plugin_tmp _t, { dir file })
fs_dontaudit_getattr_xattr_fs(nagios_notification_plugin_t) fs_dontaudit_getattr_xattr_fs(nagios_notification_plugin_t)
optional_policy(` optional_policy(`
mta_send_mail(nagios_notification_plugin_t) mta_send_mail(nagios_notification_plugin_t)
') ')
icinga2_dontaudit_leaks_fifo(system_mail_t) icinga2_dontaudit_leaks_fifo(system_mail_t)
# direct smtp notification
corenet_tcp_connect_smtp_port(nagios_notification_plugin_t)
# hipsaint notification # hipsaint notification
auth_read_passwd(nagios_notification_plugin_t) auth_read_passwd(nagios_notification_plugin_t)
sysnet_read_config(nagios_notification_plugin_t) sysnet_read_config(nagios_notification_plugin_t)
allow nagios_notification_plugin_t self:udp_socket create_stream_socket_perms; allow nagios_notification_plugin_t self:udp_socket create_stream_socket_perms;
allow nagios_notification_plugin_t self:tcp_socket create_stream_socket_perms; allow nagios_notification_plugin_t self:tcp_socket create_stream_socket_perms;
allow nagios_notification_plugin_t self:netlink_route_socket create_netlink_sock et_perms; allow nagios_notification_plugin_t self:netlink_route_socket create_netlink_sock et_perms;
corenet_tcp_connect_http_port(nagios_notification_plugin_t) corenet_tcp_connect_http_port(nagios_notification_plugin_t)
miscfiles_read_generic_certs(nagios_notification_plugin_t) miscfiles_read_generic_certs(nagios_notification_plugin_t)
allow icinga2_t icinga2_port_t:tcp_socket name_bind; allow icinga2_t icinga2_port_t:tcp_socket name_bind;
 End of changes. 4 change blocks. 
2 lines changed or deleted 6 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)