The current workaround is to semanage permissive -a zabbix_agent_t until we can fix our rabezbxzabbixagent SELinux module to let the zabbix user use sudo to run things like lvs.
On some investigation I found that this might be specific and due to how our pam stack is configured as the servers are configured as part of a freeipa domain.
I'm preparing a pr to address this and it should be ready after some more testing.
Some new policy seems to have been enforced and sudo (in UserParameters) for things like some app/lvm template are getting denied.
The new(?) SELinux bools don't seem to work. I tried:
The current workaround is to
semanage permissive -a zabbix_agent_t
until we can fix ourrabezbxzabbixagent
SELinux module to let thezabbix
user use sudo to run things likelvs
.On some investigation I found that this might be specific and due to how our pam stack is configured as the servers are configured as part of a freeipa domain.
I'm preparing a pr to address this and it should be ready after some more testing.