MelanieGault · September 25, 2014 02:56
diff --git a/icinga2.te b/icinga2.te
 module my_httpd_icinga_command 1.0;

 require {
  type var_run_t;
  type var_log_t;
  type var_t;
  type httpd_t;
  type ping_t;
  type postgresql_port_t;
  type reserved_port_t;
  type httpd_sys_script_t;
  type load_policy_t;
  type user_tmp_t;
  class fifo_file {open getattr write};
  class tcp_socket {name_connect};
  class file {open read getattr write};
  class dir {read};
 }

 #============= httpd_t ==============
 allow httpd_t var_run_t:fifo_file {open getattr write};
 allow ping_t var_t:file {open getattr write};
 allow httpd_sys_script_t var_t:file {open read getattr write};
 allow httpd_sys_script_t var_log_t:dir read;
 allow httpd_sys_script_t var_t:file read;
 allow httpd_t postgresql_port_t:tcp_socket name_connect;
 allow httpd_t reserved_port_t:tcp_socket name_connect;
 allow load_policy_t user_tmp_t:file write;
	module my_httpd_icinga_command 1.0;

	require {
	type var_run_t;
	type var_log_t;
	type var_t;
	type httpd_t;
	type ping_t;
	type postgresql_port_t;
	type reserved_port_t;
	type httpd_sys_script_t;
	type load_policy_t;
	type user_tmp_t;
	class fifo_file {open getattr write};
	class tcp_socket {name_connect};
	class file {open read getattr write};
	class dir {read};
	}

	#============= httpd_t ==============
	allow httpd_t var_run_t:fifo_file {open getattr write};
	allow ping_t var_t:file {open getattr write};
	allow httpd_sys_script_t var_t:file {open read getattr write};
	allow httpd_sys_script_t var_log_t:dir read;
	allow httpd_sys_script_t var_t:file read;
	allow httpd_t postgresql_port_t:tcp_socket name_connect;
	allow httpd_t reserved_port_t:tcp_socket name_connect;
	allow load_policy_t user_tmp_t:file write;