ansible-roles/roles/zabbix_server/files/zabbix_server.te

module zabbix_server 1.4;

require {
        type zabbix_var_run_t;
        type zabbix_t;
        type zabbix_var_lib_t;
        type mysqld_db_t;
        type httpd_t;
        type unconfined_service_t;
        class sock_file { create unlink write };
        class unix_stream_socket connectto;
        class file { execute execute_no_trans };
        class capability dac_override;
}

#============= zabbix_t ==============
allow zabbix_t self:unix_stream_socket connectto;
allow zabbix_t self:capability dac_override;
allow zabbix_t zabbix_var_lib_t:file { execute execute_no_trans };
allow zabbix_t zabbix_var_run_t:sock_file { create unlink };
allow zabbix_t mysqld_db_t:sock_file write;
allow zabbix_t unconfined_service_t:unix_stream_socket connectto;
allow httpd_t unconfined_service_t:unix_stream_socket connectto;
Update to 2024-09-04 10:00 2024-09-04 10:00:14 +02:00			`module zabbix_server 1.4;`
Update to 2021-12-01 19:13 2021-12-01 19:13:34 +01:00
			`require {`
			`type zabbix_var_run_t;`
			`type zabbix_t;`
			`type zabbix_var_lib_t;`
			`type mysqld_db_t;`
Update to 2024-09-04 10:00 2024-09-04 10:00:14 +02:00			`type httpd_t;`
			`type unconfined_service_t;`
Update to 2021-12-01 19:13 2021-12-01 19:13:34 +01:00			`class sock_file { create unlink write };`
			`class unix_stream_socket connectto;`
			`class file { execute execute_no_trans };`
			`class capability dac_override;`
			`}`

			`#============= zabbix_t ==============`
			`allow zabbix_t self:unix_stream_socket connectto;`
			`allow zabbix_t self:capability dac_override;`
			`allow zabbix_t zabbix_var_lib_t:file { execute execute_no_trans };`
			`allow zabbix_t zabbix_var_run_t:sock_file { create unlink };`
			`allow zabbix_t mysqld_db_t:sock_file write;`
Update to 2024-09-04 10:00 2024-09-04 10:00:14 +02:00			`allow zabbix_t unconfined_service_t:unix_stream_socket connectto;`
			`allow httpd_t unconfined_service_t:unix_stream_socket connectto;`