Hi !
I’m struggling with SELinux blocking SNMP script from reading log file (oVirt
node manually installed on CentOS 7).
Log file is readable by all (chmod ugo+r).
Scripts working fine when executed from terminal.
I did not dig deep into CentOS internals, I’m mostly use Debian and SuSE. As
far as I know, SELinux can’t be turned off on oVirt node.
Thanks in advance for any suggestion(s).
**********************
option in snmpd.conf
extend .1.3.6.1.4.1.2021.7890.5 checkraid /opt/4anvcheckraid_hp.sh
**********************
script 4anvcheckraid_hp.sh
#!/bin/bash
LOGFILE='/var/log/anvraidcheck.log'
if [ ! -f $LOGFILE ]; then
exit 0
fi
# Variant 1 with sed
sed '/^[ \t]*$/d' $LOGFILE | while read line; do
echo "$line"
exit 1
done
# Variant 2 without sed
while read line
do
if [[ "$line" =~ [^[:space:]] ]]; then
echo "$line"
exit 1
fi
done < $LOGFILE
**********************
SELinux audit log:
type=AVC msg=audit(1590673970.198:469304): avc: denied { read } for
pid=12142 comm="sed" name="anvraidcheck.log" dev="dm-8" ino=138
scontext=system_u:system_r:snmpd_t:s0 tcontext=system_u:object_r:cron_log_t:s0
tclass=file permissive=0
type=AVC msg=audit(1590673970.197:469303): avc: denied { read } for
pid=12141 comm="4anvcheckraid_h" name="anvraidcheck.log" dev="dm-8" ino=138
scontext=system_u:system_r:snmpd_t:s0 tcontext=system_u:object_r:cron_log_t:s0
tclass=file permissive=0
_______________________________________________
Users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/[email protected]/message/MYWS2S57UP5GISJ7APXVJO6NVCVEFM22/
