ntp-offset: chronyc: error while loading shared libraries: libffi.so.6: failed to map segment from shared object

[markuslf]

This issue respects the following points:

• [X] This is a bug, not a question or a setup/configuration issue.
• [X] This issue is not already reported on Github (I've searched it).
• [X] I use the latest release of the Monitoring Plugins (https://github.com/Linuxfabrik/monitoring-plugins/releases).
• [X] I agree to follow Monitoring Plugins's Code of Conduct.

Bug description

Compiled version on Rocky 8 due to

type=AVC msg=audit(1665320084.052:71695): avc:  denied  { map } for  pid=713074 comm="chronyc" path="/usr/lib64/nagios/plugins/libffi.so.6" dev="dm-0" ino=4216169 scontext=system_u:system_r:chronyc_t:s0 tcontext=system_u:object_r:nagios_unconfined_plugin_exec_t:s0 tclass=file permissive=0
type=SYSCALL msg=audit(1665320084.052:71695): arch=c000003e syscall=9 success=no exit=-13 a0=0 a1=207628 a2=5 a3=802 items=0 ppid=713069 pid=713074 auid=4294967295 uid=993 gid=990 euid=993 suid=993 fsuid=993 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm="chronyc" exe="/usr/bin/chronyc" subj=system_u:system_r:chronyc_t:s0 key=(null)ARCH=x86_64 SYSCALL=mmap AUID="unset" UID="icinga" GID="icinga" EUID="icinga" SUID="icinga" FSUID="icinga" EGID="icinga" SGID="icinga" FSGID="icinga"
type=PROCTITLE msg=audit(1665320084.052:71695): proctitle=6368726F6E796300747261636B696E67

Steps to reproduce - Plugin call

'/usr/lib64/nagios/plugins/ntp-offset' '--critical' '1001' '--warning' '800'

Steps to reproduce - Plugin Version

[14:55:14 root@001-p-vcs01 Rocky8 ~]$ /usr/lib64/nagios/plugins/ntp-offset --version ntp-offset: v2022071401 by Linuxfabrik GmbH, Zurich/Switzerland

Steps to reproduce - Data

No response

Python version

No response

Environment

Linux 04.18.0-372.9.1.el8.x86_64 #1 SMP Tue May 10 14:48:47 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

Application

No response

Python modules

No response

Additional info

No response

[markuslf]

You have to apply the new SELinux client policy.