Nagios Web Interface and SELinux
Daniel J Walsh
dwalsh at redhat.com
Fri Aug 31 21:10:48 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Michael Thomas wrote:
> Daniel J Walsh wrote:
>> Ryan Skadberg wrote:
>>> I have been trying to get nagios up and running on 2 different
>>> machines. One running FC5 and one running FC6. Nagios itself starts
>>> up fine, but the web interface fails miserably.
>>>
>>> When looking at /var/log/messages, I see things like:
>>> Dec 3 11:38:17 xray kernel: audit(1165174697.348:289): avc: denied
>>> { execute_no_trans } for pid=22237 comm="httpd" name="tac.cgi"
>>> dev=dm-0 ino=11272226 scontext=user_u:system_r:httpd_t:s0
>>> tcontext=system_u:object_r:lib_t:s0 tclass=file
>>>
>> Where is this file located? Looks like this needs a context like
>> httpd_sys_content_t or httpd_sys_script_t.
>>
>>
>> chcon -R -t httpd_sys_content_t PATH_TO_DIR
>
> I just ran into the same problem on EPEL-5. It appears that the path
> for the nagios cgi scripts is wrong in
> /etc/selinux/targeted/contexts/files/file_contexts:
>
> # grep nagios /etc/selinux/targeted/contexts/files/file_contexts
> /usr/lib(64)?/nagios/cgi/.+ -- system_u:object_r:nagios_cgi_exec_t:s0
> [...]
>
> This should be:
>
> /usr/lib(64)?/nagios/cgi-bin/.+ --
>
> --Wart
You can add this yourself for now. I will update the U2 selinux policy
to fix this.
semodule fcontext -a -t nagios_cgi_exec_t \
"/usr/lib(64)?/nagios/cgi-bin/.+"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFG2IPYrlYvE4MpobMRAsSbAKDHe0g9A646OEU6xCx50B2pNn6PEACeM+aO
1QJvVWEkDGBmfSI1ty4cQPY=
=X4vZ
-----END PGP SIGNATURE-----
More information about the selinux
mailing list