[Nagiosplug-devel] [ nagiosplug-Bugs-3552859 ] SELinux is preventing ping (ping_t) "read write"

SourceForge.net noreply at sourceforge.net
Wed Aug 1 01:30:01 CEST 2012

Previous message: [Nagiosplug-devel] [ nagiosplug-Bugs-3552858 ] Add support for monitoring jabber server-to-server connectiv
Next message: [Nagiosplug-devel] [ nagiosplug-Bugs-3552860 ] check_dns plugin doesn't output correct the results
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Bugs item #3552859, was opened at 2012-07-31 16:30
Message generated for change (Tracker Item Submitted) made by calestyo
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=3552859&group_id=29880

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Cálestyo (calestyo)
Assigned to: Nobody/Anonymous (nobody)
Summary: SELinux is preventing ping (ping_t) "read write" 

Initial Comment:
Hi.

This is from the old / soon to be disabled again Nagios Plugins bug tracker that used to be at Nagios itself.
I've just copied this bug over. I'm not the original reporter and have no idea about the thoughts about this bug.

This used to be: http://tracker.nagios.org/view.php?id=117
--------------------------------------------------------------------------------
tonvoon:
--------------------------------------------------------------------------------
Errors in /var/log/messages:

Dec 10 15:50:12 hostname setroubleshoot: SELinux is preventing ping (ping_t) "read write" to /usr/local/nagios/var/spool/checkresults/checkt30dqT (usr_t).
For complete SELinux messages. run sealert -l 0d9dbc11-44d8-49bd-a42a-c350a082fd48

The fix suggested by sealert does not fix the problem since the file name is random. Changing the security context of the directory does not work either.

Proposed solution:
Add to Nagios policy file:
require {
        type usr_t;
        type ping_t;
        class file { read write };
}

#============= ping_t ==============
allow ping_t usr_t:file { read write };


Also see:
http://blog.pas.net.au/2009/05/fighting-with-selinux-and-nagios/

--------------------------------------------------------------------------------
ageric:
--------------------------------------------------------------------------------
The blog linked to talks about /bin/ping and some ping_t selinux policy stuff, so this must be plugin-related. Originally, this bug was posted in "Nagios Core", but the core never has and never will ship an SELinux policy file.

If the plugins project doesn't either, I suggest just closing it with "won't fix" and ask the reporter to re-file the bug with his distribution. 

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=3552859&group_id=29880

Previous message: [Nagiosplug-devel] [ nagiosplug-Bugs-3552858 ] Add support for monitoring jabber server-to-server connectiv
Next message: [Nagiosplug-devel] [ nagiosplug-Bugs-3552860 ] check_dns plugin doesn't output correct the results
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Devel mailing list