fixed selinux policy for icinga2
This commit is contained in:
parent
43fb666dc8
commit
b3ce4d9a30
GPG Key ID:
18524638BE25530A
|
|
@ -1,3 +1,3 @@
|
|||
AUX gentoonize.patch 4405 BLAKE2B 9821c6bfcbe06f6318173c02d1bf31f49a4e84214de8dcec471229246226603992b5fd251352f4d69a7e04c595d7aacbaa661323bc49fe162320fdc3e6d74520 SHA512 0eef0cb9d1a376bae75582eaca5daec42f833c79a8614839f6018d3ac6df5b0755ea2830727bf15df331566ecedd52de11850c5eb4a65981996d3886f6f461a0
|
||||
AUX gentoonize.patch 5576 BLAKE2B 5960d09e9b3cfd1e893fcb93b73bc23e1b4818d8ea9554375687f319084eccb504420a734ebbad4dca47666b9864c988b11f2a6b7899bb9a595e94093efb5cda SHA512 2be59c08a7ec879953a7bbc938bfd3ea022c282cc84a3bd5c048b2e2439330844c339b37184c8610f262132f5bae59e8a86d05bce29ee50b70b8de80860dcfee
|
||||
DIST icinga2-2.11.3.tar.gz 7475785 BLAKE2B baabe8c90170a7b2ddb3ae7e95ef3cd042e64f68dbfdb50f5a981bc63ae5aa1e8ec4082729456d1b3fc02c0c74a98e15383cc56e56c53a2ab6181db94125365c SHA512 616e938fabaa6565fb9ac4824649c09801dd53b3517c0a9b5b62307293bc838377c18818cc13dd40e240902f02455c421d433b6ee54671403598c5b7aeb78ea1
|
||||
EBUILD selinux-icinga2-2.11.3.ebuild 1077 BLAKE2B 54fffd47616853ad07a35d996dbd2efe68d248fbfb05dd37de09c40fa18fb581ece81101595a03ec9f13a9c372a9dea2e1e9ae91f744a046bca5282d3c298d96 SHA512 8d170b5a8a414ff1bfa4aaaa862f872d739dba40154c715137c028c5699b5bae058e7ede17907fa5ed5f33d021bb3a99663f431ff07e0f15197c4be06f6f188d
|
||||
|
|
|
|||
|
|
@ -1,12 +1,17 @@
|
|||
--- icinga2-2.11.3/tools/selinux/icinga2.te.orig 2020-05-23 12:30:01.124718236 +0200
|
||||
+++ icinga2-2.11.3/tools/selinux/icinga2.te 2020-05-23 12:32:01.098712372 +0200
|
||||
@@ -41,13 +41,14 @@
|
||||
--- icinga2-2.11.3/tools/selinux/icinga2.te.orig 2020-05-23 16:55:59.329080781 +0200
|
||||
+++ icinga2-2.11.3/tools/selinux/icinga2.te 2020-05-23 17:05:18.181127417 +0200
|
||||
@@ -41,13 +41,19 @@
|
||||
type nagios_system_plugin_t; type nagios_system_plugin_exec_t;
|
||||
type nagios_unconfined_plugin_t; type nagios_unconfined_plugin_exec_t;
|
||||
type nagios_eventhandler_plugin_t; type nagios_eventhandler_plugin_exec_t;
|
||||
- type nagios_openshift_plugin_t; type nagios_openshift_plugin_exec_t;
|
||||
type httpd_t; type system_mail_t;
|
||||
type devlog_t;
|
||||
+ type sysadm_t;
|
||||
+ type run_init_t;
|
||||
+ type tmpfiles_t;
|
||||
+ type var_t;
|
||||
+ role sysadm_r;
|
||||
role staff_r;
|
||||
attribute unreserved_port_type;
|
||||
}
|
||||
|
|
@ -16,7 +21,7 @@
|
|||
type icinga2_t;
|
||||
type icinga2_exec_t;
|
||||
init_daemon_domain(icinga2_t, icinga2_exec_t)
|
||||
@@ -58,7 +59,12 @@
|
||||
@@ -58,7 +64,12 @@
|
||||
init_script_file(icinga2_initrc_exec_t)
|
||||
|
||||
type icinga2_unit_file_t;
|
||||
|
|
@ -30,7 +35,22 @@
|
|||
|
||||
type icinga2_etc_t;
|
||||
files_config_file(icinga2_etc_t)
|
||||
@@ -155,7 +161,12 @@
|
||||
@@ -89,6 +100,14 @@
|
||||
typeattribute icinga2_port_t unreserved_port_type;
|
||||
corenet_port(icinga2_port_t)
|
||||
|
||||
+corenet_tcp_bind_generic_node(icinga2_t)
|
||||
+init_startstop_service(sysadm_t, sysadm_r, icinga2_t, icinga2_initrc_exec_t)
|
||||
+domain_auto_transition_pattern(run_init_t, icinga2_exec_t, icinga2_t)
|
||||
+manage_dirs_pattern(tmpfiles_t, var_t, icinga2_cache_t)
|
||||
+manage_files_pattern(initrc_t, icinga2_log_t, icinga2_log_t)
|
||||
+logging_send_syslog_msg(icinga2_t)
|
||||
+dev_read_urand(icinga2_t)
|
||||
+
|
||||
########################################
|
||||
#
|
||||
# icinga2 local policy
|
||||
@@ -155,7 +174,12 @@
|
||||
icinga2_execstrans(nagios_system_plugin_exec_t, nagios_system_plugin_t)
|
||||
icinga2_execstrans(nagios_unconfined_plugin_exec_t, nagios_unconfined_plugin_t)
|
||||
icinga2_execstrans(nagios_eventhandler_plugin_exec_t, nagios_eventhandler_plugin_t)
|
||||
|
|
@ -44,7 +64,7 @@
|
|||
|
||||
# should be moved nagios.te
|
||||
nagios_plugin_template(notification)
|
||||
@@ -176,7 +187,9 @@
|
||||
@@ -176,7 +200,9 @@
|
||||
')
|
||||
icinga2_dontaudit_leaks_fifo(system_mail_t)
|
||||
# hipsaint notification
|
||||
|
|
@ -55,7 +75,7 @@
|
|||
sysnet_read_config(nagios_notification_plugin_t)
|
||||
allow nagios_notification_plugin_t self:udp_socket create_stream_socket_perms;
|
||||
allow nagios_notification_plugin_t self:tcp_socket create_stream_socket_perms;
|
||||
@@ -216,16 +229,13 @@
|
||||
@@ -216,16 +242,13 @@
|
||||
selinux_compute_access_vector(icinga2_t)
|
||||
|
||||
dbus_send_system_bus(icinga2_t)
|
||||
|
|
@ -73,7 +93,7 @@
|
|||
')
|
||||
|
||||
|
||||
@@ -271,5 +281,10 @@
|
||||
@@ -271,5 +294,10 @@
|
||||
icinga2adm_execstrans(nagios_system_plugin_exec_t, nagios_system_plugin_t)
|
||||
icinga2adm_execstrans(nagios_unconfined_plugin_exec_t, nagios_unconfined_plugin_t)
|
||||
icinga2adm_execstrans(nagios_eventhandler_plugin_exec_t, nagios_eventhandler_plugin_t)
|
||||
|
|
@ -85,8 +105,8 @@
|
|||
+ icinga2adm_execstrans(nagios_openshift_plugin_exec_t, nagios_openshift_plugin_t)
|
||||
+')
|
||||
icinga2adm_execstrans(nagios_notification_plugin_exec_t, nagios_notification_plugin_t)
|
||||
--- icinga2-2.11.3/tools/selinux/icinga2.if.orig 2020-05-23 12:30:13.197717646 +0200
|
||||
+++ icinga2-2.11.3/tools/selinux/icinga2.if 2020-05-23 12:31:03.445715190 +0200
|
||||
--- icinga2-2.11.3/tools/selinux/icinga2.if.orig 2020-05-23 16:56:10.481081712 +0200
|
||||
+++ icinga2-2.11.3/tools/selinux/icinga2.if 2020-05-23 16:56:31.862083496 +0200
|
||||
@@ -54,9 +54,11 @@
|
||||
type icinga2_unit_file_t;
|
||||
')
|
||||
|
|
@ -126,3 +146,13 @@
|
|||
')
|
||||
')
|
||||
|
||||
--- icinga2-2.11.3/tools/selinux/icinga2.fc.orig 2020-05-23 17:19:17.224197435 +0200
|
||||
+++ icinga2-2.11.3/tools/selinux/icinga2.fc 2020-05-23 17:20:00.709201064 +0200
|
||||
@@ -3,6 +3,7 @@
|
||||
/usr/lib/systemd/system/icinga2.* -- gen_context(system_u:object_r:icinga2_unit_file_t,s0)
|
||||
|
||||
/etc/icinga2(/.*)? gen_context(system_u:object_r:icinga2_etc_t,s0)
|
||||
+/usr/share/icinga2/inc(lude)(/.*)? gen_context(system_u:object_r:icinga2_etc_t,s0)
|
||||
|
||||
/etc/icinga2/scripts(/.*)? -- gen_context(system_u:object_r:nagios_notification_plugin_exec_t,s0)
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue