May
08
2015
I have found a few difficulties with pnp4nagios and SElinux:
So here are my notes:
module httpd_pnp4nagios 1.0;
require {
type httpd_t;
type nagios_var_lib_t;
class dir { getattr search open read };
class file { getattr open read };
}
#============= httpd_t ==============
allow httpd_t nagios_var_lib_t:dir { getattr search open read };
allow httpd_t nagios_var_lib_t:file { getattr open read };
With the above policy we give privileges on httpd to directories with the tag nagios_var_lib_t (like /var/lib/pnp4nagios/ ).
Checking the module:
# checkmodule -M -m -o httpd_pnp4nagios.mod httpd_pnp4nagios.te
Creating the module:
# semodule_package -o httpd_pnp4nagios.pp -m httpd_pnp4nagios.mod
And finally install the policy:
# semodule -i httpd_pnp4nagios.pp
Tag(s):
pnp4nagios,
selinux