View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0006731 | CentOS-6 | selinux-policy | public | 2013-11-10 21:00 | 2013-11-11 17:03 |
Reporter | learath | Assigned To | |||
Priority | normal | Severity | minor | Reproducibility | always |
Status | assigned | Resolution | open | ||
Platform | x86_64 | OS | CentOS | OS Version | 6.4 |
Product Version | 6.4 | ||||
Summary | 0006731: selinux breaks check_mrtgtraf nagios plugin | ||||
Description | nagios-plugins-mrtgtraf-1.4.16-10.el6.x86_64 is unable to access mrtg logfiles required to function. | ||||
Steps To Reproduce | Enable selinux with default policy Install MRTG and monitor one or more devices Install Nagios and nagios-plugins-mrtgtraf Define a service in Nagios to monitor an MRTG graph similar to: define service{ use generic-service ; Inherit values from a template host_name router service_description Port 2 Bandwidth Usage check_command check_local_mrtgtraf!/var/lib/mrtg/my_router.log!AVG!1000000,1000000!5000000,5000000!10 } | ||||
Additional Information | This SELinux policy will correct the issue: require { type nagios_system_plugin_t; type nagios_t; type mrtg_var_lib_t; type nagios_log_t; type var_lib_t; class process { siginh noatsecure rlimitinh }; class file { write read getattr open }; class dir search; } #============= nagios_system_plugin_t ============== #!!!! This avc is allowed in the current policy allow nagios_system_plugin_t mrtg_var_lib_t:file { read getattr open }; allow nagios_system_plugin_t mrtg_var_lib_t:dir search; #allow nagios_system_plugin_t nagios_log_t:file write; allow nagios_system_plugin_t var_lib_t:dir search; #============= nagios_t ============== #allow nagios_t nagios_system_plugin_t:process { siginh rlimitinh noatsecure }; | ||||
Tags | No tags attached. | ||||
Could you please check from which repo you pull the nagios RPMs? I'm assuming EPEL or repoforge. | |
yum info nagios-plugins-mrtgtraf Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.ash.fastserv.com * epel: mirror.symnds.com * extras: centos.aol.com * updates: centos.mirror.nac.net Installed Packages Name : nagios-plugins-mrtgtraf Arch : x86_64 Version : 1.4.16 Release : 10.el6 Size : 39 k Repo : installed From repo : epel Summary : Nagios Plugin - check_mrtgtraf URL : http://nagiosplug.sourceforge.net/ License : GPLv2+ Description : Provides check_mrtgtraf support for Nagios. |
|
That nagios-packages are not provided by CentOS. The EPEL support venues would be better suited for this issue. | |
The bug is in Available Packages Name : selinux-policy-targeted Arch : noarch Version : 3.7.19 Release : 195.el6_4.18 Size : 2.8 M Repo : updates Summary : SELinux targeted base policy URL : http://oss.tresys.com/repos/refpolicy/ License : GPLv2+ Description : SELinux Reference policy targeted base module. which provides an incomplete nagios.pp. |
|
Please feel free to post this upstream at there bugzilla at https://bugzilla.redhat.com. No, you don't need an active subscription to do that. Once it gets fixed upstream, CentOS will inherit the fix. | |
Date Modified | Username | Field | Change |
---|---|---|---|
2013-11-10 21:00 | learath | New Issue | |
2013-11-11 16:32 | tigalch | Note Added: 0018327 | |
2013-11-11 16:33 | learath | Note Added: 0018328 | |
2013-11-11 16:47 | tigalch | Note Added: 0018329 | |
2013-11-11 16:47 | tigalch | Status | new => feedback |
2013-11-11 16:55 | learath | Note Added: 0018330 | |
2013-11-11 16:55 | learath | Status | feedback => assigned |
2013-11-11 17:03 | tigalch | Note Added: 0018331 |