From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Tue, 23 Aug 2011 12:46:27 +0200
Subject: [refpolicy] [PATCH 1/1] Nagios' checkdisk plugin requires getattr
 on the mountpoint directories
Message-ID: <20110823104626.GA1557@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Without the getattr privilege on the mountpoint directories, the checkdisk
plugin fails to capture the data unless nagios is reconfigured to directly
read the device files themselves.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 policy/modules/services/nagios.te |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/policy/modules/services/nagios.te b/policy/modules/services/nagios.te
index 758c522..b7dbb1a 100644
--- a/policy/modules/services/nagios.te
+++ b/policy/modules/services/nagios.te
@@ -310,6 +310,7 @@ optional_policy(`
 # needed by ioctl()
 allow nagios_checkdisk_plugin_t self:capability { sys_admin sys_rawio };
 
+files_getattr_all_mountpoints(nagios_checkdisk_plugin_t)
 files_read_etc_runtime_files(nagios_checkdisk_plugin_t)
 
 fs_getattr_all_fs(nagios_checkdisk_plugin_t)
-- 
1.7.3.4