cat my-barman3.te
module my-barman3 1.0;
require {
type var_lib_t;
type var_log_t;
type icinga2_t;
type krb5_keytab_t;
type var_t;
type unlabeled_t;
class dir { getattr open read search };
class file { getattr ioctl lock open read write };
}
#============= icinga2_t ==============
#!!!! This avc is allowed in the current policy
allow icinga2_t krb5_keytab_t:dir search;
#!!!! This avc is allowed in the current policy
allow icinga2_t unlabeled_t:dir { getattr open read search };
#!!!! This avc is allowed in the current policy
allow icinga2_t unlabeled_t:file getattr;
allow icinga2_t unlabeled_t:file read;
#!!!! This avc is allowed in the current policy
allow icinga2_t var_lib_t:file getattr;
#!!!! This avc is allowed in the current policy
allow icinga2_t var_log_t:file open;
#!!!! This avc is allowed in the current policy
allow icinga2_t var_t:dir read;
#!!!! This avc is allowed in the current policy
#!!!! This av rule may have been overridden by an extended permission av rule
allow icinga2_t var_t:file { getattr ioctl lock open read write };
de ez sem oldja meg.