>>>>> "SJS" == Stephen John Smoogen <[email protected]> writes:
SJS> Selinux may have issues and I am trying to work through a proper SJS> way to update the selinux policy for it without over-writing items. You might need new policy if the new nagios does things that the old one didn't, like call out to different programs, connect to different network sockets, etc. However, since you moved files around, your biggest problem would be file contexts. Best thing to do is look at the existing rules: # semanage fcontext -l | grep nagios will show you: /var/spool/nagios(/.*)? all files system_u:object_r:nagios_spool_t:s0 /var/run/nagios.* all files system_u:object_r:nagios_var_run_t:s0 /var/log/nagios(/.*)? all files system_u:object_r:nagios_log_t:s0 So, hmm, the existing policy does already categorize things in those directories differently, and moving things around between those directories might upset the existing policy (though it might not). You'll definitely want to run permissive for a bit and collect AVCs. - J< _______________________________________________ epel-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
