View Issue Details

IDProjectCategoryView StatusLast Update
0016505CentOS-8selinux-policypublic2019-10-09 19:31
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionwon't fix 
Product Version8.0.1905 
Target VersionFixed in Version 
Summary0016505: SELinux and Zabbix
DescriptionInstalling the latest Zabbix version 4.2.6 with SELinux in enforcing mode caused a lot of "avc deny" messages (some of them prevented the zabbix-server from starting).
Steps To ReproduceInstall Zabbix 4.2 with MariaDB. For example follow this guide but keep SELinux in enforcing mode:
Additional InformationI have fixed this by these settings:

setsebool -P daemons_enable_cluster_mode 1
setsebool -P httpd_can_connect_zabbix 1
setsebool -P httpd_can_network_connect 1
setsebool -P zabbix_can_network 1

You an put the following stuff to a file named myzabbix.te and then run these commands:

checkmodule -m -o myzabbix.mod myzabbix.te
semodule_package -o myzabbix.pp -m myzabbix.mod
semodule -i myzabbix.pp

# -------------------------------------------------------------------------------------------
module myzabbix 1.0;

require {
        type zabbix_var_run_t;
        type zabbix_agent_t;
        type mysqld_etc_t;
        type zabbix_t;
        type mysqld_var_run_t;
        type var_lib_t;
        class file { open read };
        class sock_file { create unlink write };
        class capability dac_override;

#============= zabbix_agent_t ==============
allow zabbix_agent_t mysqld_etc_t:file { open read };
allow zabbix_agent_t mysqld_var_run_t:sock_file write;
allow zabbix_agent_t var_lib_t:file { open read };

#============= zabbix_t ==============
allow zabbix_t self:capability dac_override;
allow zabbix_t zabbix_var_run_t:sock_file { create unlink write };
# -------------------------------------------------------------------------------------------
TagsNo tags attached.




2019-10-09 19:31

manager   ~0035410

CentOS does not ship zabbix.

Issue History

Date Modified Username Field Change
2019-10-01 09:17 fansari New Issue
2019-10-09 19:31 TrevorH Status new => closed
2019-10-09 19:31 TrevorH Resolution open => won't fix
2019-10-09 19:31 TrevorH Note Added: 0035410