zabbix server/agent on F34 - users - Fedora mailing-lists

30 Apr 2021


      I installed F34 in a VM and installed the zabbix server and agent.  I 
have updated the system to the latest.  When I run the zabbix server and 
agent I get a lot of SELinux alerts.
SELinux is preventing zabbix_agentd from getattr access on the fifo_file 
/run/initctl
   Source Context system_u:system_r:zabbix_agent_t:s0
   Target Context                system_u:object_r:initctl_t:s0
   Target Objects                /run/initctl [ fifo_file ]
   Source                        zabbix_agentd
   Source Path                   zabbix_agentd
SELinux is preventing zabbix_agentd from getattr access on the sock_file 
/run/systemd/journal/dev-log.
   Source Context system_u:system_r:zabbix_agent_t:s0
   Target Context                system_u:object_r:devlog_t:s0
   Target Objects                /run/systemd/journal/dev-log [ sock_file ]
   Source                        zabbix_agentd
   Source Path                   zabbix_agentd
SELinux is preventing zabbix_agentd from getattr access on the file 
/proc/kcore
   Source Context system_u:system_r:zabbix_agent_t:s0
   Target Context                system_u:object_r:proc_kcore_t:s0
   Target Objects                /proc/kcore [ file ]
   Source                        zabbix_agentd
   Source Path                   zabbix_agentd
SELinux is preventing sh from execute_no_trans access on the file 
/usr/bin/rpm
   Source Context system_u:system_r:zabbix_agent_t:s0
   Target Context                system_u:object_r:rpm_exec_t:s0
   Target Objects                /usr/bin/rpm [ file ]
   Source                        sh
   Source Path                   sh
Here are the installed packages
zabbix.x86_64 1:5.0.10-1.fc34                     @updates
zabbix-agent.x86_64 1:5.0.10-1.fc34                     @updates
zabbix-dbfiles-mysql.noarch 1:5.0.10-1.fc34                     @updates
zabbix-selinux.noarch 1:5.0.10-1.fc34                     @updates
zabbix-server.noarch 1:5.0.10-1.fc34                     @updates
zabbix-server-mysql.x86_64 1:5.0.10-1.fc34                     @updates
zabbix-web.noarch 1:5.0.10-1.fc34                     @updates
zabbix-web-mysql.noarch 1:5.0.10-1.fc34                     @updates
selinux-policy-targeted.noarch 34.3-1.fc34                         @updates
selinux-policy.noarch 34.3-1.fc34                         @updates
So is this a bug in the zabbix-selinux package or the zabbix_agentd 
package?
Any help is appreciated.
Paolo