From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Wed, 24 Aug 2011 09:02:58 -0400
Subject: [refpolicy] [PATCH 1/1] Nagios' checkdisk plugin requires
 getattr on the mountpoint directories
In-Reply-To: <20110823104626.GA1557@siphos.be>
References: <20110823104626.GA1557@siphos.be>
Message-ID: <4E54F682.5030201@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 08/23/11 06:46, Sven Vermeulen wrote:
> Without the getattr privilege on the mountpoint directories, the checkdisk
> plugin fails to capture the data unless nagios is reconfigured to directly
> read the device files themselves.
> 
> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
> ---
>  policy/modules/services/nagios.te |    1 +
>  1 files changed, 1 insertions(+), 0 deletions(-)
> 
> diff --git a/policy/modules/services/nagios.te b/policy/modules/services/nagios.te
> index 758c522..b7dbb1a 100644
> --- a/policy/modules/services/nagios.te
> +++ b/policy/modules/services/nagios.te
> @@ -310,6 +310,7 @@ optional_policy(`
>  # needed by ioctl()
>  allow nagios_checkdisk_plugin_t self:capability { sys_admin sys_rawio };
>  
> +files_getattr_all_mountpoints(nagios_checkdisk_plugin_t)
>  files_read_etc_runtime_files(nagios_checkdisk_plugin_t)
>  
>  fs_getattr_all_fs(nagios_checkdisk_plugin_t)

Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com