I'm not too familiar with SELinux, but is this something that could be rolled into the tarball/RPM? Cheers, Bernard
________________________________ From: Jason A. Smith [mailto:[EMAIL PROTECTED] Sent: Mon 12/06/2006 19:54 To: Bernard Li Cc: David Martin; [email protected] Subject: Re: [Ganglia-general] no graphs! -- rrdtool: permission denied (onRHEL 4) Check the email archives, someone posted a recipe for how to make the correct SELinux rules last year: http://sourceforge.net/mailarchive/message.php?msg_id=10659480 Note, I haven't tried it myself yet as our ganglia server is still running on RHEL3. ~Jason On Mon, 2006-06-12 at 22:40, Bernard Li wrote: > Yup it's the good ol' SELinux issue ;-) I wish someone can write a > SELinux rule so that we don't need to outright disable it. > > Anyways, thanks for reporting back. > > Cheers, > > Bernard > > ______________________________________________________________________ > From: [EMAIL PROTECTED] on behalf of David > Martin > Sent: Mon 12/06/2006 19:39 > To: David Martin > Cc: [email protected] > Subject: Re: [Ganglia-general] no graphs! -- rrdtool: permission > denied (onRHEL 4) > > > > > SELinux was getting in the way. The "solution" I found was to turn > off SELinux for httpd, as suggested in: > > http://fedora.redhat.com/docs/selinux-faq-fc3/index.html#using-s-c- > securitylevel > > The following line in /var/log/messages (which I really should have > noticed immediately) was reporting the problem: > > Jun 12 22:19:53 vca1 kernel: audit(1150165193.088:1516): avc: > denied { execute } for pid=25575 comm="sh" name="rrdtool" dev=dm-0 > ino=9126034 scontext=root:system_r:httpd_sys_script_t > tcontext=root:object_r:usr_t tclass=file > > On Jun 12, 2006, at 9:22 PM, David Martin wrote: > > > > > Hi, > > > > In /var/log/httpd/error_log, I get lines like the following when I > > try to load the ganglia web page. There appears to be one line per > > graph. > > > > sh: /usr/local/rrdtool/bin/rrdtool: Permission denied > > > > None of the graphs show up in the webpage. > > The rrdtool executable as well as all parent directories are world > > readable and executable. > > gmetad is running in its default configuration as nobody. > > I'm using the standard Apache installation in RHEL 4, which has php > > enabled. > > I did change RRDTOOL in /var/www/html/ganglia/conf.php to > /usr/local/ > > rrdtool/bin/rrdtool. > > I can run rrdtool from an unprivileged account with no problem. > > > > Any idea what's going on? > > > > dm > > > > ps. versions: > > RHEL 4 > > rrdtool 1.2.13 (default installation into /usr/local from source) > > ganglia-gmetad-3.0.3-1.fc4.i386.rpm > > ganglia-web-3.0.3-1.fc4.i386.rpm > > > > > > > > _______________________________________________ > > Ganglia-general mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/ganglia-general > > > > _______________________________________________ > Ganglia-general mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/ganglia-general > > > > > ______________________________________________________________________ > > _______________________________________________ > Ganglia-general mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/ganglia-general
