Bug 1071400

Summary: [PATCH] Munin plugins can't run unconfined
Product: Red Hat Enterprise Linux 7 Reporter: Lubomir Rintel <lkundrak>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED NOTABUG QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.0CC: dwalsh, mmalik, mtruneck
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 871106 Environment:
Last Closed: 2014-03-03 09:57:49 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 871106    
Bug Blocks:    

Description Lubomir Rintel 2014-02-28 16:49:30 UTC 
Hi,

thanks for the el6 fix!

This also affects el7; it does not know about munin_unconfined_plugin_exec_t type.


+++ This bug was initially created as a clone of Bug #871106 +++

Description of problem:

It's rather hard to hook certain monitoring plugins to munin with Enforcing SELinux. Nagios module deals with similar trouble by having unconfined types for such plugins.

Version-Release number of selected component (if applicable):

selinux-policy-3.7.19-155.el6_3.noarch

Additional info:

Attaching proposed changes to policy package (patches for el6, fedora and vanilla policy; not sure which ones are useful and what's the chance of getting this fixed in RHEL without having a paid contract).

--- Additional comment from Lubomir Rintel on 2012-10-29 12:04:12 EDT ---



--- Additional comment from Lubomir Rintel on 2012-10-29 12:04:22 EDT ---



--- Additional comment from Miroslav Grepl on 2012-10-29 12:38:47 EDT ---

Sounds good. I added it to Fedora. Will backport.

--- Additional comment from Michal Trunecka on 2012-11-07 09:41:03 EST ---



--- Additional comment from errata-xmlrpc on 2013-02-21 03:31:58 EST ---

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0314.html
Comment 1 Miroslav Grepl 2014-03-03 09:57:49 UTC 
Should be there.

seinfo -t |grep unconfined_munin
   unconfined_munin_plugin_exec_t
   unconfined_munin_plugin_tmp_t
   unconfined_munin_plugin_t