Allow ping domains to read zabbix_tmp_t files

diff --git a/policy/modules/admin/netutils.te b/policy/modules/admin/netutils.te
index 373882d60b9914fcaeba5c9bad11eadb738b14ba..9f49d01c5436620fe9878f17aefd78448a758c22 100644 (file)
--- a/policy/modules/admin/netutils.te
+++ b/policy/modules/admin/netutils.te
@@ -176,6 +176,10 @@ optional_policy(`
        hotplug_use_fds(ping_t)
 ')
 
+optional_policy(`
+       zabbix_read_tmp(ping_t)
+')
+
 ########################################
 #
 # Traceroute local policy

diff --git a/policy/modules/services/zabbix.if b/policy/modules/services/zabbix.if
index 062947298e3a0ec58db94006d545468cf538c6a7..75a7d17256757a978a3d20fea3809633b4ddf663 100644 (file)
--- a/policy/modules/services/zabbix.if
+++ b/policy/modules/services/zabbix.if
@@ -59,6 +59,26 @@ interface(`zabbix_read_log',`
        read_files_pattern($1, zabbix_log_t, zabbix_log_t)
 ')
 
+########################################
+## <summary>
+##     Allow the specified domain to read zabbix's tmp files.
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+## <rolecap/>
+#
+interface(`zabbix_read_tmp',`
+       gen_require(`
+               type zabbix_tmp_t;
+       ')
+
+       files_search_tmp($1)
+       read_files_pattern($1, zabbix_tmp_t, zabbix_tmp_t)
+')
+
 ########################################
 ## <summary>
 ##     Allow the specified domain to append