On Mon, 2009-11-09 at 15:27 -0800, John Oliver wrote:
[root@mda-services4 ~]# grep nagios /var/log/audit/audit.log |
audit2allow
#============= nagios_t ==============
allow nagios_t var_t:dir read;
[root@mda-services4 ~]# grep nagios /var/log/audit/audit.log |
audit2allow -M nagios
******************** IMPORTANT ***********************
To make this policy package active, execute:
semodule -i nagios.pp
[root@mda-services4 ~]# semodule -i nagios.pp
libsepol.print_missing_requirements: nagios's global requirements were
not met: type/attribute nagios_t
libsemanage.semanage_link_sandbox: Link packages failed
semodule: Failed!
What on Earth does that mean???
It means you (probably) did something that is not so smart:
My guess is that you have overwritten the distributed nagios module.
I think that, because you show me this:
semodule -i nagios.pp
And i assume you have probably did that before.
The problem is that you are trying to install (and have been installing)
a custom module with the same name of a distributed module:
[root@notebook3 admin]# semodule -l | grep nagios
nagios 1.8.0
In simple human language:
You have overwritten the nagios module that came with you distribution
with a custom nagios module.
To undo this, either for a update of selinux-policy and selinux-policy
(this should overwrite you custom nagios module with the one that comes
with your distribution) or you can just install the distribution nagios
modules from:
[root@notebook3 admin]# ls /usr/share/selinux/targeted | grep nagios
nagios.pp.bz2
The lesson to be learned from this experience is:
If you decide to install a custom module; then make sure that you give
it a unigue name (for example: grep nagios /var/log/audit/audit.log |
audit2allow -M mynagios; semodule -i mynagios.pp)
Because if there is already a module installed by that name you will
overwrite it.