On Thu, 2011-05-26 at 07:33 -0400, Vadym Chepkov wrote:
> Hi,
>
> There is a series of nagios plugins which have to record previous call's status in a file.
> For example, check_snmp_uptime. It would record the previous uptime of a monitored server into a bdb file and will generate an ERROR state if during a next call uptime was lower then previous.
> Unfortunately, there is no suitable context for files like that. even nagios_system_plugin_tmp_t doesn't fit the bill.
I guess all (or at least the system and services) plugins should be able
to manage nagios_spool_t content:
mkdir ~/mytest; cd ~/mytest;
echo "policy_module(mytest, 1.0.0) gen_require(\` type nagios_spool_t,
nagios_services_plugin_t, nagios_system_plugin_t; ')
manage_dirs_pattern({nagios_services_plugin_t
nagios_services_plugin_t }, nagios_spool_t, nagios_spool_t)
manage_dirs_pattern({nagios_services_plugin_t
nagios_services_plugin_t }, nagios_spool_t, nagios_spool_t)" >
mytest.te; make -f /usr/share/selinux/devel/Makefile mytest.pp
sudo semodule -i mytest.pp
sudo restorecon -R -v /var/spool/nagios
See where that gets you.
Attachment:
signature.asc
Description: This is a digitally signed message part
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
