Overview

File usr.lib.nagios.plugins.check_zypper of Package nagios-plugins-zypper

# Last Modified: Sun Jul 17 14:48:41 2011
#include <tunables/global>

/usr/lib/nagios/plugins/check_zypper {
  #include <abstractions/base>
  #include <abstractions/perl>
  #include <abstractions/consoles>
  # include <abstractions/wutmp>

  /etc/SuSE-release r,

  /bin/grep rix,
  /bin/awk rix,
  /bin/gawk rix,
  /bin/rpm px -> /usr/lib/nagios/plugins/check_zypper//rpm,
  /bin/bash rix,
#  /usr/bin/sudo rix,

  # as we do not know how people name the ignore file, we 
  # allow read access to everything below /etc/nagios here
  # feel free to limit this to exactly the file you need
  /etc/nagios/** r,

  /usr/sbin/zypp-refresh-wrapper px -> /usr/lib/nagios/plugins/check_zypper//zypp-refresh-wrapper,
  /usr/bin/zypper px -> /usr/lib/nagios/plugins/check_zypper//zypper,

  profile zypp-refresh-wrapper {
    #include <abstractions/base>
    #include <abstractions/nameservice>
    capability setuid,
    capability setgid,
    /usr/sbin/zypp-refresh-wrapper rmix,
    /usr/sbin/zypp-refresh px -> /usr/lib/nagios/plugins/check_zypper//zypp-refresh,
  }
  profile zypp-refresh {
    #include <abstractions/base>
    #include <abstractions/bash>
    #include <abstractions/consoles>
    #include <abstractions/user-tmp>
    #include <abstractions/zypp>

    /var/log/zypp-refresh.log w,
    /usr/sbin/zypp-refresh rmix,

    /bin/cp rix,
    /bin/bash rix,
    /usr/bin/rpmdb2solv         rix,
    /usr/bin/zypper px -> /usr/lib/nagios/plugins/check_zypper//zypper,
    /usr/bin/gpg2 px -> /usr/lib/nagios/plugins/check_zypper//gpg,
    /usr/bin/uuidgen px -> /usr/lib/nagios/plugins/check_zypper//uuidgen,
    /usr/bin/repo2solv.sh px -> /usr/lib/nagios/plugins/check_zypper//repo2solv, 
  }
  profile repo2solv {
    #include <abstractions/base>
    #include <abstractions/consoles>
    #include <abstractions/user-tmp>
    #include <abstractions/nameservice>

    /usr/bin/repo2solv.sh      rmix,
    /usr/bin/repomdxml2solv     rix,
    /usr/bin/rpmmd2solv         rix,
    /usr/bin/susetags2solv      rix,
    /usr/bin/updateinfoxml2solv rix,
    /usr/bin/deltainfoxml2solv  rix,
    /usr/bin/mergesolv          rix,

    /usr/bin/find               rix,
    /bin/bash                   rix,
    /bin/rm                     rix,
    /bin/cat                    rix,
    /bin/sed                    rix,
    /bin/gzip                   rix,
    /bin/grep                   rix,
    /usr/bin/gzip               rix,
    /usr/bin/bzip2              rix,
    /usr/bin/lzma               rix,
    /usr/bin/xz                 rix,
    /bin/mktemp                 rix,

    /var/cache/zypp/** rw,
  }
  profile uuidgen {
    #include <abstractions/base>
    /usr/bin/uuidgen rmix,
  }
  profile gpg {
    #include <abstractions/base>
    capability ipc_lock,
    /usr/bin/gpg2 rmix,
    /proc/sys/crypto/fips_enabled r,
    /var/tmp/TmpFile.*  rwk,
    /var/tmp/TmpDir.*/* rwlk,
    /var/tmp/zypp.*/*   rwlk,
    /var/tmp/zypp.*/*/* rwlk,
    /var/cache/zypp/** r,
  }
  profile zypper {
    #include <abstractions/base>
    #include <abstractions/bash>
    #include <abstractions/zypp>
    #include <abstractions/consoles>

    /bin/bash rix,
    /usr/bin/rpmdb2solv         rix,
    /usr/bin/zypper rmix,
    /usr/share/zypper/ r,
    /usr/share/zypper/** r,
    /usr/bin/gpg2 px -> /usr/lib/nagios/plugins/check_zypper//gpg,
    /usr/bin/uuidgen px -> /usr/lib/nagios/plugins/check_zypper//uuidgen,
    /var/log/zypper.log w,
  }
  profile rpm {
    #include <abstractions/base>
    #include <abstractions/rpm>
    /bin/rpm rmix,
  }
}
openSUSE Build Service is sponsored by
Places