Bug 1053205
Summary: | Support for zabbix 2.2 | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Orion Poplawski <orion> |
Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
Status: | CLOSED ERRATA | QA Contact: | Milos Malik <mmalik> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 6.5 | CC: | dwalsh, lvrabec, mdavis, mmalik, rstory, ssekidde |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | selinux-policy-3.7.19-247.el6 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-10-14 07:59:19 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Orion Poplawski
2014-01-14 20:44:06 UTC
We need to add all changes from Fedora/RHEL7 to RHEL6. Any progress here? The /proc issue in particular is causing issues with the agent not being able to see what is running. Thanks. Looking much better with 3.7.19-235.el6, thanks. I think we may still be missing labelling /var/log/zabbixsrv with zabbix_log_t, and /var/lib/zabbixsrv with ?. 6ad0c8b0fd802bfaf1d88546da3811024a8e3259 makes show that anything /var/log/zabbix.* gets this label. patch sent. Is this version available for testing anywhere? http://people.redhat.com/dwalsh/SELinux/RHEL6 is still at -235. I have the tmp issue with zabbix20-2.0.12-2.el6.x86_64 from epel. Can I jump on the bandwagon here, or should I open another bug? # semodule -l|grep zab zabbix 1.2.0 type=AVC msg=audit(1411960498.800:626057): avc: denied { write } for pid=2078 comm="zabbix_server" name="tmp" dev=dm-0 ino=265028 scontext=unconfined_u:system_r:zabbix_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=dir # find /var/lib/ -inum 265028 /var/lib/zabbixsrv/tmp Still have issues with selinux-policy-3.7.19-251.el6.noarch type=AVC msg=audit(1412031795.159:696259): avc: denied { read } for pid=7596 comm="zabbix_server" name="zabbix_server.log" dev=dm-2 ino=655532 scontext=unconfined_u:system_r:zabbix_t:s0 tcontext=unconfined_u:object_r:var_log_t:s0 tclass=file drwxrwxr-x. root zabbixsrv system_u:object_r:var_log_t:s0 /var/log/zabbixsrv type=AVC msg=audit(1412031921.258:696276): avc: denied { read } for pid=7825 comm="fping" path="/var/lib/zabbixsrv/tmp/zabbix_server_7796.pinger" dev=dm-2 ino=131270 scontext=unconfined_u:system_r:ping_t:s0 tcontext=unconfined_u:object_r:zabbix_var_lib_t:s0 tclass=file Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2014-1568.html |