trunk: nagios update from dan

diff --git a/policy/modules/services/nagios.te b/policy/modules/services/nagios.te
index 777cc156723b8a23cbaeda4871195d46f65df183..cb5bf9144252d820315b9bad303912337a300723 100644 (file)
--- a/policy/modules/services/nagios.te
+++ b/policy/modules/services/nagios.te
@@ -1,5 +1,5 @@
 
-policy_module(nagios,1.2.0)
+policy_module(nagios,1.2.1)
 
 ########################################
 #
@@ -73,8 +73,10 @@ corenet_tcp_sendrecv_all_nodes(nagios_t)
 corenet_udp_sendrecv_all_nodes(nagios_t)
 corenet_tcp_sendrecv_all_ports(nagios_t)
 corenet_udp_sendrecv_all_ports(nagios_t)
+corenet_tcp_connect_all_ports(nagios_t)
 
 dev_read_sysfs(nagios_t)
+dev_read_urand(nagios_t)
 
 domain_use_interactive_fds(nagios_t)
 # for ps
@@ -97,8 +99,6 @@ logging_send_syslog_msg(nagios_t)
 
 miscfiles_read_localization(nagios_t)
 
-sysnet_read_config(nagios_t)
-
 userdom_dontaudit_use_unpriv_user_fds(nagios_t)
 userdom_dontaudit_search_sysadm_home_dirs(nagios_t)
 
@@ -111,17 +111,13 @@ ifdef(`targeted_policy',`
 ')
 
 optional_policy(`
-       netutils_domtrans_ping(nagios_t)
-       netutils_signal_ping(nagios_t)
-       netutils_kill_ping(nagios_t)
-
-       # cjp: leaked file descriptors:
-       #dontaudit ping_t nagios_etc_t:file read;
-       #dontaudit ping_t nagios_log_t:fifo_file read;
+       auth_use_nsswitch(nagios_t)
 ')
 
 optional_policy(`
-       nis_use_ypbind(nagios_t)
+       netutils_domtrans_ping(nagios_t)
+       netutils_signal_ping(nagios_t)
+       netutils_kill_ping(nagios_t)
 ')
 
 optional_policy(`