On 03/13/2013 12:01 AM, Stephen H. Dawson wrote: > > Can Nagios run under SELinux? >
Yes it can, but the requirements to do so are close to "permissive", since there's a plethora of programs (plugins) that run under the Nagios umbrella. In order for it to be possible, Nagios needs permissions to: * create any number of outgoing network sockets * create incoming network sockets (as some plugins work by setting up a listener and then sending a request) * create raw sockets (for ping) * execute suid root programs (for ping) * create, modify and write files, pipes and sockets on the local fs * connect to local sockets (for local database checks) * fork() and run without a tty * probably a bunch of other things It's quite a daunting task to get everything right with regards to selinux, which is why I guess noone's done it yet. -- Andreas Ericsson andreas.erics...@op5.se OP5 AB www.op5.se Tel: +46 8-230225 Fax: +46 8-230231 Considering the successes of the wars on alcohol, poverty, drugs and terror, I think we should give some serious thought to declaring war on peace. ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar _______________________________________________ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null