Nagios nrpe and sudo
Martin Ebourne
lists at ebourne.me.uk
Mon Jan 30 22:19:30 UTC 2006
On Mon, 2006-01-30 at 22:11 +0000, Martin Ebourne wrote:
> On Mon, 2006-01-30 at 10:28 -0500, Stephen Smalley wrote:
> > amanda_t looks odd there.
> > ls -Z /usr/sbin/smartctl
>
> # ls -Z /usr/sbin/smartctl
> -rwxr-xr-x root root system_u:object_r:fsadm_exec_t /usr/sbin/smartctl
>
> > sudo selinux patch has been reverted in rawhide, possibly should be done
> > in FC4 as well. bug 178429
>
> Rebuilt FC4 sudo-1.6.8p8-2.4 without the two selinux patches: that's
> fixed it thanks! I'm not using NOEXEC though.
Further to this, I note that I don't even need the
inetd_child_disable_trans boolean set now. By default nrpe running under
xinetd is allowed to sudo. Should this not be controlled?
What protection does running xinetd under selinux give?
Cheers,
Martin.
More information about the selinux
mailing list