Am Freitag, den 02.10.2009, 09:41 +0200 schrieb Andreas Bock:
> I have installed the following packages from the RPMForge repository:
>
> # rpm -qa | grep nagios
> nagios-3.2.0-1.el5.rf
> nagios-plugins-1.4.13-1.el5.rf
> nagios-nrpe-2.12-1.el5.rf
> nagios-devel-3.2.0-1.el5.rf
> nagios-plugins-nrpe-2.12-1.el5.rf
>
> Everything went fine, but on "service nagios start" I get:
>
> Running configuration check... CONFIG ERROR!
> Restart aborted. Check your Nagios configuration.
>
> After some research I found what follows in /var/log/audit/audit.log:
>
> type=AVC msg=audit(1254468284.696:233): avc: denied { read } for
> pid=7291 comm="nagios" name="checkresults" dev=sda2 ino=486245
> scontext=root:system_r:nagios_t:s0
> tcontext=system_u:object_r:var_t:s0 tclass=dir
>
> SELinux denies nagios excess to /var/nagios/spool/checkresults.
> But in /var/selinux/targeted/nagios.te one can read:
>
> module nagios 1.0;
>
> require {
> type nagios_t;
> type var_t;
> class dir read;
> }
>
> #============= nagios_t ==============
> allow nagios_t var_t:dir read;
>
>
> Next I tried to grand excess to /var/nagios with:
>
> # chcon -R -r system_r -t nagios_t nagios
> chcon: failed to change context of nagios to
> system_u:system_r:nagios_t: Permission denied
> chcon: failed to change context of nagios/archives to
> system_u:system_r:nagios_t: Permission denied
> chcon: failed to change context of nagios/spool to
> system_u:system_r:nagios_t: Permission denied
> chcon: failed to change context of nagios/spool/checkresults to
> system_u:system_r:nagios_t: Permission denied
> chcon: failed to change context of nagios/rw to
> system_u:system_r:nagios_t: Permission denied
>
> Can anybody tell me how to run nagios without disabling SELinux or
> setting it to permissive?
I fiddled with that for quite some time and didn't make it. So far I
have not seen one correct implementation of nagios+selinux on CentOS. If
you manage to get it running tell me. The biggest problem here is that
CentoOS ships with nagios selinux-defintions though it does not ship
nagios, so i am not able to make my own nagios-selinux-module.
Chris
financial.com AG
Munich head office/Hauptsitz München: Maria-Probst-Str. 19 | 80939 München |
Germany
Frankfurt branch office/Niederlassung Frankfurt: Messeturm |
Friedrich-Ebert-Anlage 49 | 60327 Frankfurt | Germany
Management board/Vorstand: Dr. Steffen Boehnert | Dr. Alexis Eisenhofer | Dr.
Yann Samson | Matthias Wiederwach
Supervisory board/Aufsichtsrat: Dr. Dr. Ernst zur Linden (chairman/Vorsitzender)
Register court/Handelsregister: Munich – HRB 128 972 | Sales tax ID
number/St.Nr.: DE205 370 553
_______________________________________________
users mailing list
[email protected]
http://lists.rpmforge.net/mailman/listinfo/users
