From: Dan Walsh <dwalsh@redhat.com>
Date: Tue, 29 Nov 2011 02:05:36 +0000 (-0500)
Subject: Allow ping domains to read zabbix_tmp_t files
X-Git-Tag: 000~74
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=acc56d2e69eb462a326562af02c14ca2eab2207e;p=people%2Fstevee%2Fselinux-policy.git

Allow ping domains to read zabbix_tmp_t files
---

diff --git a/policy/modules/admin/netutils.te b/policy/modules/admin/netutils.te
index 373882d6..9f49d01c 100644
--- a/policy/modules/admin/netutils.te
+++ b/policy/modules/admin/netutils.te
@@ -176,6 +176,10 @@ optional_policy(`
 	hotplug_use_fds(ping_t)
 ')
 
+optional_policy(`
+	zabbix_read_tmp(ping_t)
+')
+
 ########################################
 #
 # Traceroute local policy
diff --git a/policy/modules/services/zabbix.if b/policy/modules/services/zabbix.if
index 06294729..75a7d172 100644
--- a/policy/modules/services/zabbix.if
+++ b/policy/modules/services/zabbix.if
@@ -59,6 +59,26 @@ interface(`zabbix_read_log',`
 	read_files_pattern($1, zabbix_log_t, zabbix_log_t)
 ')
 
+########################################
+## <summary>
+##	Allow the specified domain to read zabbix's tmp files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`zabbix_read_tmp',`
+	gen_require(`
+		type zabbix_tmp_t;
+	')
+
+	files_search_tmp($1)
+	read_files_pattern($1, zabbix_tmp_t, zabbix_tmp_t)
+')
+
 ########################################
 ## <summary>
 ##	Allow the specified domain to append