[users] Nagios 3.2.3 SELinux

Pavel Kankovsky peak at argo.troja.mff.cuni.cz
Tue Jan 11 23:40:24 CET 2011

On Wed, 5 Jan 2011, Scott Reese wrote:

> Since the files aren't where the SELinux policy expects them to be, it
> generates denials and Nagios doesn't work.

Denials are caused by incorrect contexts. And contexts are not initialized
correctly because files and directories are not at expected places.

Missing file context rules can be added with "semanage fcontext" and 
existing files and directories relabeled with "fixfiles restore".

Anyway, the easiest solution would probably be to change the package 
layout to follow FHS, as expected by the standard policy and its file 
context rules.

> Yury had previously asked if the SELinux policy could be packaged and
> shipped with the Nagios RPMs.

This is probably something that should be avoided because the policy
module needs to be installed separately. RPM does no label new objects
correctly if a new policy is installed together with affected packages
(this happened several times during the lifetime of RHEL 5).

Pavel Kankovsky aka Peak                          / Jeremiah 9:21        \
"For death is come up into our MS Windows(tm)..." \ 21st century edition /

More information about the users mailing list