Bug 730404
Summary: | Zabbix Web-Interface falsely reports Zabbix-Server as down when running in SELinux enforced mode | ||
---|---|---|---|
Product: | [Fedora] Fedora EPEL | Reporter: | Joti <joti.mail> |
Component: | zabbix | Assignee: | Dan Horák <dan> |
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | el6 | CC: | benl, dan, hairyairey, jeff, madko, nelsonab, richlv, volker27 |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-10-05 10:47:21 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Joti
2011-08-12 19:32:52 UTC
The quoted Zabbix Forum link is out of date - this is more up to date http://www.zabbix.com/forum/showthread.php?t=23878 Note that the solution I have quoted: semanage port -a -t http_port_t -p tcp 10051 works, but not after a reboot. I am still working on a solution will post it here and in the Zabbix Forum when I get one. One of the solutions is to turn on one this boolean: httpd_can_network_connect Run `setsebool httpd_can_network_connect=1' to have it persistent. this problem is still not resolved.... I added a note on the 2.0.8-3 README. David's suggestion is a bit too permissive. In the README I suggest to audit2allow and create a policy module to make it persistent. A README will not help a user. The package should work when installed by the user. on 6.4, being close to disabling selinux, i opted for httpd_can_network_connect. given that i suspect ldap auth also to require connectivity, this should save the remaining sanity i might have :) Since I can't think of a better solution than that and it being documented, I guess we can close this issue. |