Make sure zabbix agent works, bump to EAPI=4

Package-Manager: portage-2.1.9.42/cvs/Linux x86_64
author: Anthony G. Basile <blueness@gentoo.org> 2011-06-30 10:04:18 +0000
committer: Anthony G. Basile <blueness@gentoo.org> 2011-06-30 10:04:18 +0000
commit: 6968cb700fcce5edba24005d87024cc2a2cd4419 (patch)
tree: 4acc2271c350191edf1cc977277dd4238dfeeafb /sec-policy/selinux-zabbix
parent: Stable on amd64 wrt bug #373155 (diff)
download: historical-6968cb700fcce5edba24005d87024cc2a2cd4419.tar.gz
historical-6968cb700fcce5edba24005d87024cc2a2cd4419.tar.bz2
historical-6968cb700fcce5edba24005d87024cc2a2cd4419.zip
4 files changed, 164 insertions, 5 deletions
diff --git a/sec-policy/selinux-zabbix/ChangeLog b/sec-policy/selinux-zabbix/ChangeLog
index 0ad51db87697..b89042ad4b39 100644
--- a/sec-policy/selinux-zabbix/ChangeLog
+++ b/sec-policy/selinux-zabbix/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for sec-policy/selinux-zabbix
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-zabbix/ChangeLog,v 1.2 2011/06/02 13:12:38 blueness Exp $
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-zabbix/ChangeLog,v 1.3 2011/06/30 10:04:18 blueness Exp $
+
+*selinux-zabbix-2.20101213-r1 (30 Jun 2011)
+
+  30 Jun 2011; Anthony G. Basile <blueness@gentoo.org>
+  +files/fix-services-zabbix-r1.patch, +selinux-zabbix-2.20101213-r1.ebuild:
+  Make sure zabbix agent works, bump to EAPI=4
 
   02 Jun 2011; Anthony G. Basile <blueness@gentoo.org>
   selinux-zabbix-2.20101213.ebuild:
diff --git a/sec-policy/selinux-zabbix/Manifest b/sec-policy/selinux-zabbix/Manifest
index 6ce6c7457ed2..320ea1c6591f 100644
--- a/sec-policy/selinux-zabbix/Manifest
+++ b/sec-policy/selinux-zabbix/Manifest
@@ -1,14 +1,16 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA256
 
+AUX fix-services-zabbix-r1.patch 4856 RMD160 caae5ef1ad31212452c0f2bfb05968848a3b0a3f SHA1 968978b67499289900ffcf544e628e3a2ae96122 SHA256 260c90774d6f351b7b32a4d042eb45c7849bf78b963aa51a112e49241fdf6317
 DIST refpolicy-2.20101213.tar.bz2 559450 RMD160 4858f792f4db5b179de6fb8419a626c29d59bdd3 SHA1 0e881e99b8950a358eadc44633551ca10f12eaee SHA256 b691ee8f6066cc19bb0d4384fe3be277d97d22e9d4ac2db0c252065e8c3535de
+EBUILD selinux-zabbix-2.20101213-r1.ebuild 440 RMD160 62b6d6f51884f161bc3e915838ac9d49c9303d2d SHA1 e379465b5a6472038013c22f1669996841337aab SHA256 f39f5f873a632ac7d077d464b56f84408e319d3b435de15e9bddc01dcfebd2ee
 EBUILD selinux-zabbix-2.20101213.ebuild 369 RMD160 2a69228e1c41dcdf88ae3166b74638fb54441872 SHA1 b3c3bc64018295498e2f84ef6ed351ff5bc319e4 SHA256 05beeb93429038b975e7d74c94fe1ad6a9f908ea15637fb73fa74bfa28d90166
-MISC ChangeLog 432 RMD160 fa8fffeea013c1062f424880b4fc146895c97920 SHA1 270ad270ab0285ccbf5d1108458e5f98e632615a SHA256 153d89bbafde7a3b2bba33abcb56516d6cc794638bc368a39e27be79f5f54316
+MISC ChangeLog 657 RMD160 3a860d1b2221a9a5733613db17a83e5b53a4f351 SHA1 eb688067e1b33c105231bcccd5b0600ad2854ee7 SHA256 29b99d12f09ff1874d267c7f8c2410266239807f6a55dcbb9a47394dd42a8a29
 MISC metadata.xml 230 RMD160 7a866c726623b5965ac5008485f20ce4a2b6f152 SHA1 b74d8ea3840ee2af99d4d2af51cd5e0274e372e5 SHA256 e9b3160af532a6e966a9a73bf5c180574ee4c9b9ee6e852ab75b11acea984444
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.17 (GNU/Linux)
 
-iEYEAREIAAYFAk3njEwACgkQl5yvQNBFVTVRkwCcD4Waf6DJWdsGLHNl+RNZvsTP
-s0oAnRJ8g14VIbpUYxp4AeiiobqNgUuW
-=dLa4
+iEYEAREIAAYFAk4MSi0ACgkQl5yvQNBFVTW76wCdFLqsRNLiXRump5JbDHMDV34i
+wIsAniuWpJ+Sx4IvbzVmiJfkQcrpUOBn
+=fnbl
 -----END PGP SIGNATURE-----
diff --git a/sec-policy/selinux-zabbix/files/fix-services-zabbix-r1.patch b/sec-policy/selinux-zabbix/files/fix-services-zabbix-r1.patch
new file mode 100644
index 000000000000..a6b6593358a9
--- /dev/null
+++ b/sec-policy/selinux-zabbix/files/fix-services-zabbix-r1.patch
@@ -0,0 +1,135 @@
+--- services/zabbix.te	2010-12-13 15:11:02.000000000 +0100
++++ services/zabbix.te	2011-06-13 11:44:56.271000342 +0200
+@@ -9,9 +9,16 @@
+ type zabbix_exec_t;
+ init_daemon_domain(zabbix_t, zabbix_exec_t)
+ 
++type zabbix_agent_t;
++type zabbix_agent_exec_t;
++init_daemon_domain(zabbix_agent_t, zabbix_agent_exec_t)
++
+ type zabbix_initrc_exec_t;
+ init_script_file(zabbix_initrc_exec_t)
+ 
++type zabbix_agent_initrc_exec_t;
++init_script_file(zabbix_agent_initrc_exec_t)
++
+ # log files
+ type zabbix_log_t;
+ logging_log_file(zabbix_log_t)
+@@ -20,6 +27,9 @@
+ type zabbix_var_run_t;
+ files_pid_file(zabbix_var_run_t)
+ 
++type zabbix_tmpfs_t;
++files_tmpfs_file(zabbix_tmpfs_t);
++
+ ########################################
+ #
+ # zabbix local policy
+@@ -27,7 +37,11 @@
+ 
+ allow zabbix_t self:capability { setuid setgid };
+ allow zabbix_t self:fifo_file rw_file_perms;
++allow zabbix_t self:process { setsched getsched signal };
+ allow zabbix_t self:unix_stream_socket create_stream_socket_perms;
++allow zabbix_t self:sem { create unix_write unix_read read write associate destroy }; #mutex requirement for log file
++allow zabbix_t self:shm create_shm_perms;
++allow zabbix_t self:tcp_socket create_stream_socket_perms;
+ 
+ # log files
+ allow zabbix_t zabbix_log_t:dir setattr;
+@@ -39,14 +53,81 @@
+ manage_files_pattern(zabbix_t, zabbix_var_run_t, zabbix_var_run_t)
+ files_pid_filetrans(zabbix_t, zabbix_var_run_t, { dir file })
+ 
++sysnet_dns_name_resolve(zabbix_t)
++
++fs_tmpfs_filetrans(zabbix_t, zabbix_tmpfs_t, { dir file })
++manage_files_pattern(zabbix_t, tmpfs_t, zabbix_tmpfs_t)
++
++# configuration file
+ files_read_etc_files(zabbix_t)
+ 
+ miscfiles_read_localization(zabbix_t)
++corenet_tcp_bind_generic_node(zabbix_t)
++corenet_tcp_bind_zabbix_port(zabbix_t)
++
++gentoo_zabbix_agent_tcp_connect(zabbix_t)
+ 
+ optional_policy(`
++	# Support MySQL connectivity both local (stream) and through network (tcp)
+ 	mysql_stream_connect(zabbix_t)
++	mysql_tcp_connect(zabbix_t)
+ ')
+ 
+ optional_policy(`
+ 	postgresql_stream_connect(zabbix_t)
+ ')
++
++########################################
++#
++# zabbix agent local policy
++#
++
++allow zabbix_agent_t self:capability { setuid setgid };
++allow zabbix_agent_t self:process { setsched getsched signal };
++allow zabbix_agent_t self:fifo_file rw_file_perms;
++allow zabbix_agent_t self:unix_stream_socket create_stream_socket_perms;
++allow zabbix_agent_t self:sem { create unix_write unix_read read write associate destroy }; #mutex requirement for log file
++allow zabbix_agent_t self:tcp_socket create_stream_socket_perms;
++allow zabbix_agent_t self:shm create_shm_perms;
++
++## Rules relating to the objects managed by this policy file
++# Logging access
++filetrans_pattern(zabbix_agent_t, zabbix_log_t, zabbix_log_t, file)
++manage_files_pattern(zabbix_agent_t, zabbix_log_t, zabbix_log_t)
++# PID file management
++manage_files_pattern(zabbix_agent_t, zabbix_var_run_t, zabbix_var_run_t)
++files_pid_filetrans(zabbix_agent_t, zabbix_var_run_t, file)
++# Port access
++gentoo_zabbix_tcp_connect(zabbix_agent_t) 
++# Shared memory
++rw_files_pattern(zabbix_agent_t, zabbix_tmpfs_t, zabbix_tmpfs_t)
++fs_tmpfs_filetrans(zabbix_agent_t, zabbix_tmpfs_t, file)
++
++## kernel layer module calls
++kernel_read_all_sysctls(zabbix_agent_t)
++kernel_read_system_state(zabbix_agent_t)
++#corecmd_exec_bin(zabbix_agent_t)
++#corecmd_exec_shell(zabbix_agent_t)
++corecmd_read_all_executables(zabbix_agent_t)
++corenet_tcp_bind_generic_node(zabbix_agent_t)
++corenet_tcp_bind_zabbix_agent_port(zabbix_agent_t)
++corenet_tcp_connect_ssh_port(zabbix_agent_t) # Agent supports ssh connectivity tests
++corenet_tcp_connect_zabbix_port(zabbix_agent_t)
++dev_getattr_all_blk_files(zabbix_agent_t)
++dev_getattr_all_chr_files(zabbix_agent_t)
++domain_search_all_domains_state(zabbix_agent_t)
++files_read_all_symlinks(zabbix_agent_t)
++files_read_etc_files(zabbix_agent_t)
++files_getattr_all_dirs(zabbix_agent_t)
++files_getattr_all_files(zabbix_agent_t)
++fs_getattr_all_fs(zabbix_agent_t)
++
++## system layer module calls
++#hostname_exec(zabbix_agent_t)
++init_read_utmp(zabbix_agent_t)
++logging_search_logs(zabbix_agent_t)
++miscfiles_read_localization(zabbix_agent_t) 
++sysnet_dns_name_resolve(zabbix_agent_t)
++
++## other modules
++#ssh_exec(zabbix_agent_t)
+--- services/zabbix.fc	2010-08-03 15:11:09.000000000 +0200
++++ services/zabbix.fc	2011-06-12 20:12:49.376002444 +0200
+@@ -1,6 +1,8 @@
+ /etc/rc\.d/init\.d/zabbix --	gen_context(system_u:object_r:zabbix_initrc_exec_t,s0)
++/etc/rc\.d/init\.d/zabbix-agentd --	gen_context(system_u:object_r:zabbix_agent_initrc_exec_t,s0)
+ 
+-/usr/bin/zabbix_server	--	gen_context(system_u:object_r:zabbix_exec_t,s0)
++/usr/(s)?bin/zabbix_server	--	gen_context(system_u:object_r:zabbix_exec_t,s0)
++/usr/(s)?bin/zabbix_agentd	--	gen_context(system_u:object_r:zabbix_agent_exec_t,s0)
+ 
+ /var/log/zabbix(/.*)?		gen_context(system_u:object_r:zabbix_log_t,s0)
+ 
diff --git a/sec-policy/selinux-zabbix/selinux-zabbix-2.20101213-r1.ebuild b/sec-policy/selinux-zabbix/selinux-zabbix-2.20101213-r1.ebuild
new file mode 100644
index 000000000000..280917a770a2
--- /dev/null
+++ b/sec-policy/selinux-zabbix/selinux-zabbix-2.20101213-r1.ebuild
@@ -0,0 +1,16 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-zabbix/selinux-zabbix-2.20101213-r1.ebuild,v 1.1 2011/06/30 10:04:18 blueness Exp $
+EAPI="4"
+
+IUSE=""
+
+MODS="zabbix"
+
+inherit selinux-policy-2
+
+DESCRIPTION="SELinux policy for general applications"
+
+KEYWORDS="~amd64 ~x86"
+
+POLICY_PATCH="${FILESDIR}/fix-services-zabbix-r1.patch"
author	Anthony G. Basile <blueness@gentoo.org>	2011-06-30 10:04:18 +0000
committer	Anthony G. Basile <blueness@gentoo.org>	2011-06-30 10:04:18 +0000
commit	6968cb700fcce5edba24005d87024cc2a2cd4419 (patch)
tree	4acc2271c350191edf1cc977277dd4238dfeeafb /sec-policy/selinux-zabbix
parent	Stable on amd64 wrt bug #373155 (diff)
download	historical-6968cb700fcce5edba24005d87024cc2a2cd4419.tar.gz historical-6968cb700fcce5edba24005d87024cc2a2cd4419.tar.bz2 historical-6968cb700fcce5edba24005d87024cc2a2cd4419.zip