Gentoo Archives: gentoo-hardened

1	This is also used for the nagios stuff:
2
3	---8<---
4	module nrpe 1.0;
5
6	require {
7	type nrpe_t;
8	type proc_mdstat_t;
9	type system_cronjob_t;
10	class tcp_socket getattr;
11	class unix_dgram_socket getattr;
12	class file { read getattr open ioctl };
13	}
14
15	#============= nrpe_t ==============
16	allow nrpe_t proc_mdstat_t:file { read getattr open ioctl };
17
18	#============= system_cronjob_t ==============
19	allow system_cronjob_t nrpe_t:tcp_socket getattr;
20	allow system_cronjob_t nrpe_t:unix_dgram_socket getattr;