From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Mon, 13 Jun 2011 10:25:50 +0200
Subject: [refpolicy] [PATCH 1/7] zabbix server spawns multiple processes
In-Reply-To: <20110613082006.GA18072@siphos.be>
References: <20110613082006.GA18072@siphos.be>
Message-ID: <20110613082550.GB18072@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

The zabbix server process is a multi-process system. 

In order to, for instance, shut it down, signalling within the domain is
necessary. Otherwise, the processes remain running.

Also, since there are multiple processes trying to use the same log file,
the zabbix server uses semaphores to ensure proper access to the log files
(concurrency).

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 policy/modules/services/zabbix.te |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/policy/modules/services/zabbix.te b/policy/modules/services/zabbix.te
index c26ecf5..3dd76ca 100644
--- a/policy/modules/services/zabbix.te
+++ b/policy/modules/services/zabbix.te
@@ -27,7 +27,9 @@ files_pid_file(zabbix_var_run_t)
 
 allow zabbix_t self:capability { setuid setgid };
 allow zabbix_t self:fifo_file rw_file_perms;
+allow zabbix_t self:process { setsched getsched signal };
 allow zabbix_t self:unix_stream_socket create_stream_socket_perms;
+allow zabbix_t self:sem create_sem_perms;
 
 # log files
 allow zabbix_t zabbix_log_t:dir setattr;
-- 
1.7.3.4