Am Mittwoch, den 16.02.2011, 23:34 +0100 schrieb Christoph Maser: > > I have to correct myself, actually /var/spool/nagios is in the policy. I > did only look at the source files of selinux-policy but there is also a > huge patch in that package wich includes a lot of nagios policy changes. > But I did identify a few problems with the nagios policy module as > shipped in C5: > > - init script: it is possible to start nagios as root or nagios user on > the command line but not using the init script. the init script is > context initrc_exec_t and that context is not allowed > > - pid file: actually nagios drops its privs before writing the pid file, > so the init script can not be in /var/run. workaround: put the pid file > under /var/log/nagios > > - command file: by default nagios installs the command file in > $LOGDIR/rw wich would be /var/log/nagios/rw but fifo access for > httpd_nagios_script_t is only allowed for /var/spool/nagios. Setting > $LOGDIR to /var/spool/nagios is not a solution since that breaks a lot > of other policies. workaround: patch Makefiles so the command file > location can be set seperatley > > I will try to fix the last 2 ones, but I have no idea how to deal with > the init script. Does anyone have an idea how to deal with it? > > Chris >
So i did make those changes and committed an update. A fresh install of the package on CentOS 5 now works with selinux enabled, only the init script does not work unless one changes the file context of the init script to something else than initrc_exec_t. Chris _______________________________________________ users mailing list [email protected] http://lists.rpmforge.net/mailman/listinfo/users
