----- "mjn" <[EMAIL PROTECTED]> wrote: > Nagios folks- > > Has anyone resolved all of the selinux issues when installing nagios > > on Fedora 8? > > Specifically, I am getting these: > > type=AVC msg=audit(1200663995.088:64): avc: denied { read } for > pid=3488 comm="ping" name="nagios.cmd" dev=dm-0 ino=16652317 > scontext=system_u:system_r:ping_t:s0 > tcontext=system_u:object_r:nagios_log_t:s0 tclass=fifo_file > > type=AVC msg=audit(1200657768.283:14207): avc: denied { read } for > > pid=7676 comm="sendmail" name="nagios.cmd" dev=dm-0 ino=16652317 > scontext=system_u:system_r:sendmail_t:s0 > tcontext=system_u:object_r:nagios_log_t:s0 tclass=fifo_file > > I don't know what effect the ping denies are having but all of my e- > mail and page alerts are coming across with no content (I know they > are from nagios because of the from-address but there is no subject or > > body text). > > I followed this handy guide: > http://www.rickwargo.com/2006/10/29/fc6-selinux-and-nagios/ > > But my problem persists. I've searched around and haven't found much > > that is helpful on the SELinux front as far as taking audit data and > > correcting your policies to allow things. > > Has anyone else either had experience with SELinux and can help me > correct these problems or is there a set of instructions geared more > > toward newer versions of Fedora that would provide the information? > > Some system information: > Fedora 8 2.6.21-2952.fc8xen SMP > nagios-2.10-5.fc8 > nagios-plugins-*-1.4.8-9.fc8 > checkpolicy-2.0.4-1.fc8 > policycoreutils-2.0.33-3.fc8 > selinux-policy-devel-3.0.8-73.fc8 > selinux-policy-targeted-3.0.8-73.fc8 > selinux-policy-3.0.8-73.fc8 > policycoreutils-gui-2.0.33-3.fc8 > > Thanks!
It looks like you need to add the following exceptions to your policy. #============= ping_t ============== allow ping_t nagios_log_t:fifo_file read; #============= sendmail_t ============== allow sendmail_t nagios_log_t:fifo_file read; The easiest way would be to use audit2allow. Try this. ausearch -m AVC | audit2allow -M nagios semodule -i nagios.pp > -- > ____________________________________ > Mike Neuharth <[EMAIL PROTECTED]> > Server Operations Manager > phn: 612.625.1957 > cal: http://tinyurl.com/3jc2v > ===================================== > College of Food, Agricultural, and Natural Resource Sciences > University of Minnesota > http://www.cfans.umn.edu/ > > > > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Nagios-users mailing list > Nagios-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/nagios-users > ::: Please include Nagios version, plugin version (-v) and OS when > reporting any issue. > ::: Messages without supporting info will risk being sent to /dev/null ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null