1 |
commit: 0828821e68ff42275eb385702ca16d0738355551 |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Jun 30 10:06:09 2011 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Jun 30 10:06:09 2011 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=0828821e |
7 |
|
8 |
sec-policy/selinux-zabbix: moved to tree |
9 |
|
10 |
(Portage version: 2.1.9.42/git/Linux x86_64, signed Manifest commit with key 0xD0455535) |
11 |
|
12 |
--- |
13 |
sec-policy/selinux-zabbix/ChangeLog | 23 ---- |
14 |
.../files/fix-services-zabbix-r1.patch | 135 -------------------- |
15 |
sec-policy/selinux-zabbix/metadata.xml | 6 - |
16 |
.../selinux-zabbix-2.20101213-r1.ebuild | 16 --- |
17 |
4 files changed, 0 insertions(+), 180 deletions(-) |
18 |
|
19 |
diff --git a/sec-policy/selinux-zabbix/ChangeLog b/sec-policy/selinux-zabbix/ChangeLog |
20 |
deleted file mode 100644 |
21 |
index 099cbd2..0000000 |
22 |
--- a/sec-policy/selinux-zabbix/ChangeLog |
23 |
+++ /dev/null |
24 |
@@ -1,23 +0,0 @@ |
25 |
-# ChangeLog for sec-policy/selinux-zabbix |
26 |
-# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 |
27 |
-# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-zabbix/ChangeLog,v 1.2 2011/06/02 13:12:38 blueness Exp $ |
28 |
- |
29 |
- 22 Jun 2011; <swift@g.o> selinux-zabbix-2.20101213-r1.ebuild: |
30 |
- Use ~arch first |
31 |
- |
32 |
- 22 Jun 2011; <swift@g.o> selinux-zabbix-2.20101213-r1.ebuild: |
33 |
- Set EAPI=4 on zabbix policy build |
34 |
- |
35 |
-*selinux-zabbix-2.20101213-r1 (12 Jun 2011) |
36 |
- |
37 |
- 12 Jun 2011; <swift@g.o> +files/fix-services-zabbix-r1.patch, |
38 |
- +selinux-zabbix-2.20101213-r1.ebuild, +metadata.xml: |
39 |
- Make sure zabbix agent works |
40 |
- |
41 |
- 02 Jun 2011; Anthony G. Basile <blueness@g.o> |
42 |
- selinux-zabbix-2.20101213.ebuild: |
43 |
- Stable amd64 x86 |
44 |
- |
45 |
- 05 Feb 2011; Anthony G. Basile <blueness@g.o> ChangeLog: |
46 |
- Initial commit to portage. |
47 |
- |
48 |
|
49 |
diff --git a/sec-policy/selinux-zabbix/files/fix-services-zabbix-r1.patch b/sec-policy/selinux-zabbix/files/fix-services-zabbix-r1.patch |
50 |
deleted file mode 100644 |
51 |
index a6b6593..0000000 |
52 |
--- a/sec-policy/selinux-zabbix/files/fix-services-zabbix-r1.patch |
53 |
+++ /dev/null |
54 |
@@ -1,135 +0,0 @@ |
55 |
---- services/zabbix.te 2010-12-13 15:11:02.000000000 +0100 |
56 |
-+++ services/zabbix.te 2011-06-13 11:44:56.271000342 +0200 |
57 |
-@@ -9,9 +9,16 @@ |
58 |
- type zabbix_exec_t; |
59 |
- init_daemon_domain(zabbix_t, zabbix_exec_t) |
60 |
- |
61 |
-+type zabbix_agent_t; |
62 |
-+type zabbix_agent_exec_t; |
63 |
-+init_daemon_domain(zabbix_agent_t, zabbix_agent_exec_t) |
64 |
-+ |
65 |
- type zabbix_initrc_exec_t; |
66 |
- init_script_file(zabbix_initrc_exec_t) |
67 |
- |
68 |
-+type zabbix_agent_initrc_exec_t; |
69 |
-+init_script_file(zabbix_agent_initrc_exec_t) |
70 |
-+ |
71 |
- # log files |
72 |
- type zabbix_log_t; |
73 |
- logging_log_file(zabbix_log_t) |
74 |
-@@ -20,6 +27,9 @@ |
75 |
- type zabbix_var_run_t; |
76 |
- files_pid_file(zabbix_var_run_t) |
77 |
- |
78 |
-+type zabbix_tmpfs_t; |
79 |
-+files_tmpfs_file(zabbix_tmpfs_t); |
80 |
-+ |
81 |
- ######################################## |
82 |
- # |
83 |
- # zabbix local policy |
84 |
-@@ -27,7 +37,11 @@ |
85 |
- |
86 |
- allow zabbix_t self:capability { setuid setgid }; |
87 |
- allow zabbix_t self:fifo_file rw_file_perms; |
88 |
-+allow zabbix_t self:process { setsched getsched signal }; |
89 |
- allow zabbix_t self:unix_stream_socket create_stream_socket_perms; |
90 |
-+allow zabbix_t self:sem { create unix_write unix_read read write associate destroy }; #mutex requirement for log file |
91 |
-+allow zabbix_t self:shm create_shm_perms; |
92 |
-+allow zabbix_t self:tcp_socket create_stream_socket_perms; |
93 |
- |
94 |
- # log files |
95 |
- allow zabbix_t zabbix_log_t:dir setattr; |
96 |
-@@ -39,14 +53,81 @@ |
97 |
- manage_files_pattern(zabbix_t, zabbix_var_run_t, zabbix_var_run_t) |
98 |
- files_pid_filetrans(zabbix_t, zabbix_var_run_t, { dir file }) |
99 |
- |
100 |
-+sysnet_dns_name_resolve(zabbix_t) |
101 |
-+ |
102 |
-+fs_tmpfs_filetrans(zabbix_t, zabbix_tmpfs_t, { dir file }) |
103 |
-+manage_files_pattern(zabbix_t, tmpfs_t, zabbix_tmpfs_t) |
104 |
-+ |
105 |
-+# configuration file |
106 |
- files_read_etc_files(zabbix_t) |
107 |
- |
108 |
- miscfiles_read_localization(zabbix_t) |
109 |
-+corenet_tcp_bind_generic_node(zabbix_t) |
110 |
-+corenet_tcp_bind_zabbix_port(zabbix_t) |
111 |
-+ |
112 |
-+gentoo_zabbix_agent_tcp_connect(zabbix_t) |
113 |
- |
114 |
- optional_policy(` |
115 |
-+ # Support MySQL connectivity both local (stream) and through network (tcp) |
116 |
- mysql_stream_connect(zabbix_t) |
117 |
-+ mysql_tcp_connect(zabbix_t) |
118 |
- ') |
119 |
- |
120 |
- optional_policy(` |
121 |
- postgresql_stream_connect(zabbix_t) |
122 |
- ') |
123 |
-+ |
124 |
-+######################################## |
125 |
-+# |
126 |
-+# zabbix agent local policy |
127 |
-+# |
128 |
-+ |
129 |
-+allow zabbix_agent_t self:capability { setuid setgid }; |
130 |
-+allow zabbix_agent_t self:process { setsched getsched signal }; |
131 |
-+allow zabbix_agent_t self:fifo_file rw_file_perms; |
132 |
-+allow zabbix_agent_t self:unix_stream_socket create_stream_socket_perms; |
133 |
-+allow zabbix_agent_t self:sem { create unix_write unix_read read write associate destroy }; #mutex requirement for log file |
134 |
-+allow zabbix_agent_t self:tcp_socket create_stream_socket_perms; |
135 |
-+allow zabbix_agent_t self:shm create_shm_perms; |
136 |
-+ |
137 |
-+## Rules relating to the objects managed by this policy file |
138 |
-+# Logging access |
139 |
-+filetrans_pattern(zabbix_agent_t, zabbix_log_t, zabbix_log_t, file) |
140 |
-+manage_files_pattern(zabbix_agent_t, zabbix_log_t, zabbix_log_t) |
141 |
-+# PID file management |
142 |
-+manage_files_pattern(zabbix_agent_t, zabbix_var_run_t, zabbix_var_run_t) |
143 |
-+files_pid_filetrans(zabbix_agent_t, zabbix_var_run_t, file) |
144 |
-+# Port access |
145 |
-+gentoo_zabbix_tcp_connect(zabbix_agent_t) |
146 |
-+# Shared memory |
147 |
-+rw_files_pattern(zabbix_agent_t, zabbix_tmpfs_t, zabbix_tmpfs_t) |
148 |
-+fs_tmpfs_filetrans(zabbix_agent_t, zabbix_tmpfs_t, file) |
149 |
-+ |
150 |
-+## kernel layer module calls |
151 |
-+kernel_read_all_sysctls(zabbix_agent_t) |
152 |
-+kernel_read_system_state(zabbix_agent_t) |
153 |
-+#corecmd_exec_bin(zabbix_agent_t) |
154 |
-+#corecmd_exec_shell(zabbix_agent_t) |
155 |
-+corecmd_read_all_executables(zabbix_agent_t) |
156 |
-+corenet_tcp_bind_generic_node(zabbix_agent_t) |
157 |
-+corenet_tcp_bind_zabbix_agent_port(zabbix_agent_t) |
158 |
-+corenet_tcp_connect_ssh_port(zabbix_agent_t) # Agent supports ssh connectivity tests |
159 |
-+corenet_tcp_connect_zabbix_port(zabbix_agent_t) |
160 |
-+dev_getattr_all_blk_files(zabbix_agent_t) |
161 |
-+dev_getattr_all_chr_files(zabbix_agent_t) |
162 |
-+domain_search_all_domains_state(zabbix_agent_t) |
163 |
-+files_read_all_symlinks(zabbix_agent_t) |
164 |
-+files_read_etc_files(zabbix_agent_t) |
165 |
-+files_getattr_all_dirs(zabbix_agent_t) |
166 |
-+files_getattr_all_files(zabbix_agent_t) |
167 |
-+fs_getattr_all_fs(zabbix_agent_t) |
168 |
-+ |
169 |
-+## system layer module calls |
170 |
-+#hostname_exec(zabbix_agent_t) |
171 |
-+init_read_utmp(zabbix_agent_t) |
172 |
-+logging_search_logs(zabbix_agent_t) |
173 |
-+miscfiles_read_localization(zabbix_agent_t) |
174 |
-+sysnet_dns_name_resolve(zabbix_agent_t) |
175 |
-+ |
176 |
-+## other modules |
177 |
-+#ssh_exec(zabbix_agent_t) |
178 |
---- services/zabbix.fc 2010-08-03 15:11:09.000000000 +0200 |
179 |
-+++ services/zabbix.fc 2011-06-12 20:12:49.376002444 +0200 |
180 |
-@@ -1,6 +1,8 @@ |
181 |
- /etc/rc\.d/init\.d/zabbix -- gen_context(system_u:object_r:zabbix_initrc_exec_t,s0) |
182 |
-+/etc/rc\.d/init\.d/zabbix-agentd -- gen_context(system_u:object_r:zabbix_agent_initrc_exec_t,s0) |
183 |
- |
184 |
--/usr/bin/zabbix_server -- gen_context(system_u:object_r:zabbix_exec_t,s0) |
185 |
-+/usr/(s)?bin/zabbix_server -- gen_context(system_u:object_r:zabbix_exec_t,s0) |
186 |
-+/usr/(s)?bin/zabbix_agentd -- gen_context(system_u:object_r:zabbix_agent_exec_t,s0) |
187 |
- |
188 |
- /var/log/zabbix(/.*)? gen_context(system_u:object_r:zabbix_log_t,s0) |
189 |
- |
190 |
|
191 |
diff --git a/sec-policy/selinux-zabbix/metadata.xml b/sec-policy/selinux-zabbix/metadata.xml |
192 |
deleted file mode 100644 |
193 |
index 0232f85..0000000 |
194 |
--- a/sec-policy/selinux-zabbix/metadata.xml |
195 |
+++ /dev/null |
196 |
@@ -1,6 +0,0 @@ |
197 |
-<?xml version="1.0" encoding="UTF-8"?> |
198 |
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> |
199 |
-<pkgmetadata> |
200 |
- <herd>selinux</herd> |
201 |
- <longdescription>Gentoo SELinux policy for zabbix</longdescription> |
202 |
-</pkgmetadata> |
203 |
|
204 |
diff --git a/sec-policy/selinux-zabbix/selinux-zabbix-2.20101213-r1.ebuild b/sec-policy/selinux-zabbix/selinux-zabbix-2.20101213-r1.ebuild |
205 |
deleted file mode 100644 |
206 |
index 6bd0ed2..0000000 |
207 |
--- a/sec-policy/selinux-zabbix/selinux-zabbix-2.20101213-r1.ebuild |
208 |
+++ /dev/null |
209 |
@@ -1,16 +0,0 @@ |
210 |
-# Copyright 1999-2011 Gentoo Foundation |
211 |
-# Distributed under the terms of the GNU General Public License v2 |
212 |
-# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-zabbix/selinux-zabbix-2.20101213.ebuild,v 1.2 2011/06/02 13:12:38 blueness Exp $ |
213 |
-EAPI="4" |
214 |
- |
215 |
-IUSE="" |
216 |
- |
217 |
-MODS="zabbix" |
218 |
- |
219 |
-inherit selinux-policy-2 |
220 |
- |
221 |
-DESCRIPTION="SELinux policy for general applications" |
222 |
- |
223 |
-KEYWORDS="~amd64 ~x86" |
224 |
- |
225 |
-POLICY_PATCH="${FILESDIR}/fix-services-zabbix-r1.patch" |