View Issue Details

IDProjectCategoryView StatusLast Update
0018324CentOS-7selinux-policypublic2021-10-07 12:56
ReporterLukasz1990 Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionwon't fix 
Product Version7.9.2009 
Summary0018324: SElinux zabbix template postgres
DescriptionHello

I have problem with SElinux which block templates postgres. If i disable selinux all things work but if selinux is enabled appearing error in dashboard zabbix that "Value "/var/lib/zabbix/postgresql/pgsql.replication.status.sql: Permission denied" of type "string" is not suitable for value type "Numeric (unsigned)"

I use audit2allow tool
I set:
semanage permissive -a zabbix_agent_t
ausearch -r -m avc -ts today | grep zabbix
ausearch -r -m avc -ts today | grep zabbix | audit2allow -M zabbix_module

and tool generate:
module zabbix_megacli1 1.0;

require {
        type default_t;
        type zabbix_agent_t;
        type zabbix_var_lib_t;
        class file { open read };
}

#============= zabbix_agent_t ==============

#!!!! WARNING: 'default_t' is a base type.
#allow zabbix_agent_t default_t:file read;
allow zabbix_agent_t zabbix_var_lib_t:file { open read };

if I installing module disappears problem in zabbix and all items and triggers good works

My question whether I have to install module or exists other solution on example use semanage and restorecon?

I asking because I trying added labels SElinux to template postgres but this not help

If logs will need please give me know
TagsNo tags attached.
abrt_hash
URL

Activities

TrevorH

TrevorH

2021-10-07 12:56

manager   ~0038657

This is not a bug in CentOS, this is a configuration issue. You need to seek support in one of the support venues like Libera Chat IRC #centos channel, the centos mailing list, the selinux mailing list (most likely to help) or the CentOS forums. You can also read the wiki page listed below.

Useful resources for SELinux: https://wiki.centos.org/HowTos/SELinux | https://wiki.centos.org/TipsAndTricks/SelinuxBooleans | https://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/ | https://www.youtube.com/watch?v=bQqX3RWn0Yw | https://opensource.com/business/13/11/selinux-policy-guide | http://freecomputerbooks.com/The-SELinux-Notebook-The-Foundations.html

Issue History

Date Modified Username Field Change
2021-10-07 12:50 Lukasz1990 New Issue
2021-10-07 12:56 TrevorH Status new => closed
2021-10-07 12:56 TrevorH Resolution open => won't fix
2021-10-07 12:56 TrevorH Note Added: 0038657