This is also used for the nagios stuff: ---8<--- module nrpe 1.0;
require {
type nrpe_t;
type proc_mdstat_t;
type system_cronjob_t;
class tcp_socket getattr;
class unix_dgram_socket getattr;
class file { read getattr open ioctl };
}
#============= nrpe_t ==============
allow nrpe_t proc_mdstat_t:file { read getattr open ioctl };
#============= system_cronjob_t ==============
allow system_cronjob_t nrpe_t:tcp_socket getattr;
allow system_cronjob_t nrpe_t:unix_dgram_socket getattr;
