Permission denied error with Nvidia Sensors template using nvidia-smi

[manas-suleman]

Hello,

I am trying to add Nvidia Sensors template to monitor the GPU on a server running Rocky Linux 8. I added the UserParameters to the agent config on the GPU server as described here https://github.com/zabbix/community-...ntegration/6.0

I get the following error from the Nvidia Sensor items:

Value of type "string" is not suitable for value type "Numeric (float)". Value "sh: /usr/bin/nvidia-smi: Permission denied" Upon investigating, I see that selinux is restricting this.

cat /var/log/audit/audit.log

type=AVC msg=audit(1692020151.457:28333): avc: denied { execute } for pid=2053039 comm="sh" name="nvidia-smi" dev="dm-0" ino=2071468 scontext=system_u:system_r:zabbix_agent_t:s0 tcontext=system_ubject_r:xserver_exec_t:s0 tclass=file permissive=0
Code:

cat /var/log/messages

SELinux is preventing /usr/bin/bash from execute access on the file /usr/bin/nvidia-smi. For complete SELinux messages run: sealert -l 33213cc2-0991-4736-913f-f1750a8ff497
SELinux is preventing /usr/bin/bash from execute access on the file /usr/bin/nvidia-smi.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that bash should be allowed execute access on the nvidia-smi file by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'sh' --raw | audit2allow -M my-sh#012# semodule -X 300 -i my-sh.pp#012

from zabbix server:

zabbix_get -s gpuserver -k gpu.free​

sh: /usr/bin/nvidia-smi: Permission denied I don't want to disable selinux and don't wanna go with the suggestions provided by selinux logs as I'm not sure if they are the best ones. Please share the appropriate fix for this issue.

Thanks,