alvagante
commented
11 years ago +1
Closed salderma closed 11 years ago
alvagante
commented
11 years ago +1
salderma
commented
11 years ago Premature... success. Puppet sets the file correctly, but apparently it's not sufficient. Still receiving a denial...
kernel: type=1400 audit(1382729146.117:163643): avc: denied { getattr } for pid=30742 comm="check_yum" path="/usr/bin/yum" dev=dm-0 ino=789834 scontext=unconfined_u:system_r:nagios_system_plugin_t:s0 tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file
I apologize for the premature PR. To me implies that the issue is related to the yum binary, not the nrpe check. I'm not sure if there is a way we can correct this. I imagine its out of scope for the nagios module.
alvagante
commented
11 years ago No problem, the commit doesn't harm. If is something that can be fixed working on the check_yum plugin, we can do it in this module, otherwise, of course, not.
I have tested on OracleLinux. Based selinux properties from existing checks provided by plugin package -
ls -axlZ check_load
-rwxr-xr-x. root root system_u:object_r:nagios_system_plugin_exec_t:s0 check_load
ls -axlZ check_yum
-rwxr-xr-x. root root system_u:object_r:bin_t:s0 check_yum
After puppet agent run -
ls -axlZ check_yum
-rwxr-xr-x. root root system_u:object_r:nagios_system_plugin_exec_t:s0 check_yum