On 01/10/2010 12:32 PM, Jouni Viikari wrote:
I wonder why I started to get tons of this kind of *warnings*:
We have added a new policy for nagios plugins. All domains created by this
policy are "permissive domains". So
AVC messages are reported, but access is allowed.
SELinux is preventing /usr/lib/nagios/plugins/check_http
"create"
access.
Detailed Description
[check_imap has a permissive type (nagios_system_plugin_t). This access
was not denied.]
SELinux denied access requested by check_http. It is not expected that
this access is required by check_http and this access may signal an
intrusion attempt. It is also possible that the specific version or
configuration of the application is causing it to require additional
access.
If I remember correctly this started when I did
#restorecon /usr/lib/nagios/plugins
BR,
Jouni
#rpm -qi selinux-policy
Name : selinux-policy
Version : 3.6.32
Release : 66.fc12
...
--
selinux mailing list
selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux Could you send me your
'/var/log/audit/audit.log' at mgrepl(a)redhat.com
Regards,
Miroslav