Description of problem: nagios fails to start when selinux is enforcing Steps to Reproduce: 1. set selinux enforcing 2. install nagios 3. start nagios Actual results: nagios fails to start and the following lines appear in audit.log type=AVC msg=audit(1382560915.041:76533): avc: denied { read } for pid=22198 comm="nagios" name="checkresults" dev="vda" ino=136157 scontext=system_u:system_r:nagios_t:s0 tcontext=system_u:object_r:nagios_log_t:s0 tclass=dir type=SYSCALL msg=audit(1382560915.041:76533): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=7fdc36a2e990 a2=90800 a3=0 items=0 ppid=22197 pid=22198 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="nagios" exe="/usr/sbin/nagios" subj=system_u:system_r:nagios_t:s0 key=(null) type=SERVICE_START msg=audit(1382560915.050:76534): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="nagios" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed' Expected results: nagios starts Additional info: I tried using audit2allow to create a module to get around this, but it failed to load for some reason.
Reassigning to component selinux-policy-targeted. I think that's the right place; please correct me if I'm wrong.
Hi, Could you paste here output of: "$rpm -q selinux-policy" I have actual selinux-policy packages (selinux-policy-3.12.1-74.18.fc19.noarch) and everything is all right. #============= nagios_t ============== #!!!! This avc is allowed in the current policy allow nagios_t nagios_log_t:dir read; Could update your selinux-policy package and re-test it? Thank you.
Confirmed: it is working now. Thanks!