I have installed the following packages from the RPMForge repository:
# rpm -qa | grep nagios
nagios-3.2.0-1.el5.rf
nagios-plugins-1.4.13-1.el5.rf
nagios-nrpe-2.12-1.el5.rf
nagios-devel-3.2.0-1.el5.rf
nagios-plugins-nrpe-2.12-1.el5.rf
Everything went fine, but on "service nagios start" I get:
Running configuration check... CONFIG ERROR!
Restart aborted. Check your Nagios configuration.
After some research I found what follows in /var/log/audit/audit.log:
type=AVC msg=audit(1254468284.696:233): avc: denied { read } for
pid=7291 comm="nagios" name="checkresults" dev=sda2 ino=486245
scontext=root:system_r:nagios_t:s0
tcontext=system_u:object_r:var_t:s0 tclass=dir
SELinux denies nagios excess to /var/nagios/spool/checkresults.
But in /var/selinux/targeted/nagios.te one can read:
module nagios 1.0;
require {
type nagios_t;
type var_t;
class dir read;
}
#============= nagios_t ==============
allow nagios_t var_t:dir read;
Next I tried to grand excess to /var/nagios with:
# chcon -R -r system_r -t nagios_t nagios
chcon: failed to change context of nagios to
system_u:system_r:nagios_t: Permission denied
chcon: failed to change context of nagios/archives to
system_u:system_r:nagios_t: Permission denied
chcon: failed to change context of nagios/spool to
system_u:system_r:nagios_t: Permission denied
chcon: failed to change context of nagios/spool/checkresults to
system_u:system_r:nagios_t: Permission denied
chcon: failed to change context of nagios/rw to
system_u:system_r:nagios_t: Permission denied
Can anybody tell me how to run nagios without disabling SELinux or
setting it to permissive?
Andreas Bock
--
----------------------------------------------------------------------
Uni Hamburg - Dpt. Mathematik
IT-Gruppe
_______________________________________________
users mailing list
[email protected]
http://lists.rpmforge.net/mailman/listinfo/users
