Description of problem: nagios 4.0.8 from EPEL7 fails to start, as it can't create the socket file /var/log/nagios/rw/nagios.qh due to permission issues. There are two reasons for this, this bug report will explain the first one. I'll submit a second report that covers the second problem that can occur. The directory /var/log/nagios/rw/ does not exist and nagios does not seem to be able to create it. How to repeat: [root@centospkgtest ~]# cat /etc/redhat-release CentOS Linux release 7.2.1511 (Core) [root@centospkgtest ~]# yum list nagios Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: artfiles.org * epel: epel.besthosting.ua * extras: artfiles.org * updates: centos.arlionprojects.com Installed Packages nagios.x86_64 4.0.8-1.el7 @epel [root@centospkgtest ~]# setenforce Permissive [root@centospkgtest ~]# getenforce Permissive [root@centospkgtest ~]# systemctl start nagios [root@centospkgtest ~]# systemctl status nagios ● nagios.service - Nagios Network Monitoring Loaded: loaded (/usr/lib/systemd/system/nagios.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Tue 2015-12-15 14:28:06 CET; 6s ago Docs: http://www.nagios.org/documentation Process: 1426 ExecStart=/usr/sbin/nagios /etc/nagios/nagios.cfg (code=exited, status=1/FAILURE) Process: 1424 ExecStartPre=/usr/sbin/nagios -v /etc/nagios/nagios.cfg (code=exited, status=0/SUCCESS) Main PID: 1426 (code=exited, status=1/FAILURE) Dec 15 14:28:06 centospkgtest systemd[1]: Starting Nagios Network Monitoring... Dec 15 14:28:06 centospkgtest systemd[1]: Started Nagios Network Monitoring. Dec 15 14:28:06 centospkgtest systemd[1]: nagios.service: main process exite...E Dec 15 14:28:06 centospkgtest systemd[1]: Unit nagios.service entered failed.... Dec 15 14:28:06 centospkgtest systemd[1]: nagios.service failed. Hint: Some lines were ellipsized, use -l to show in full. [root@centospkgtest ~]# cat /var/log/nagios/nagios.log [1450186086] Nagios 4.0.8 starting... (PID=1426) [1450186086] Local time is Tue Dec 15 14:28:06 CET 2015 [1450186086] LOG VERSION: 2.0 [1450186086] qh: Failed to init socket '/var/log/nagios/rw/nagios.qh'. bind() failed: No such file or directory [1450186086] Error: Failed to initialize query handler. Aborting [root@centospkgtest ~]# install -d -m 755 -o nagios -g nagios /var/log/nagios/rw [root@centospkgtest ~]# ls -ld /var/log/nagios/rw drwxr-xr-x. 2 nagios nagios 6 Dec 15 14:28 /var/log/nagios/rw [root@centospkgtest ~]# rm /var/log/nagios/nagios.log [root@centospkgtest ~]# systemctl start nagios[root@centospkgtest ~]# systemctl status nagios● nagios.service - Nagios Network Monitoring Loaded: loaded (/usr/lib/systemd/system/nagios.service; disabled; vendor preset: disabled) Active: active (running) since Tue 2015-12-15 14:29:10 CET; 3s ago Docs: http://www.nagios.org/documentation Process: 1440 ExecStartPre=/usr/sbin/nagios -v /etc/nagios/nagios.cfg (code=exited, status=0/SUCCESS) Main PID: 1441 (nagios) CGroup: /system.slice/nagios.service ├─1441 /usr/sbin/nagios /etc/nagios/nagios.cfg ├─1443 /usr/sbin/nagios --worker /var/log/nagios/rw/nagios.qh ├─1444 /usr/sbin/nagios --worker /var/log/nagios/rw/nagios.qh ├─1445 /usr/sbin/nagios --worker /var/log/nagios/rw/nagios.qh ├─1446 /usr/sbin/nagios --worker /var/log/nagios/rw/nagios.qh ├─1447 /usr/sbin/nagios /etc/nagios/nagios.cfg ├─1448 /usr/lib64/nagios/plugins/check_ping -H 127.0.0.1 -w 3000.0... └─1449 /usr/bin/ping -n -U -w 30 -c 5 127.0.0.1 Dec 15 14:29:10 centospkgtest nagios[1441]: wproc: Successfully registered m...r Dec 15 14:29:10 centospkgtest nagios[1441]: wproc: Registry request: name=Co...5 Dec 15 14:29:10 centospkgtest nagios[1441]: wproc: Registry request: name=Co...3 Dec 15 14:29:10 centospkgtest nagios[1441]: wproc: Registry request: name=Co...6 Dec 15 14:29:10 centospkgtest nagios[1441]: wproc: Registry request: name=Co...4 Dec 15 14:29:10 centospkgtest nagios[1441]: wproc: Registry request: name=Co...3 Dec 15 14:29:10 centospkgtest nagios[1441]: wproc: Registry request: name=Co...6 Dec 15 14:29:10 centospkgtest nagios[1441]: wproc: Registry request: name=Co...4 Dec 15 14:29:11 centospkgtest nagios[1441]: Successfully launched command fi...7 Dec 15 14:29:11 centospkgtest nagios[1441]: Successfully launched command fi...7 Hint: Some lines were ellipsized, use -l to show in full. [root@centospkgtest ~]# cat /var/log/nagios/nagios.log [1450186150] Nagios 4.0.8 starting... (PID=1441) [1450186150] Local time is Tue Dec 15 14:29:10 CET 2015 [1450186150] LOG VERSION: 2.0 [1450186150] qh: Socket '/var/log/nagios/rw/nagios.qh' successfully initialized [1450186150] qh: core query handler registered [1450186150] nerd: Channel hostchecks registered successfully [1450186150] nerd: Channel servicechecks registered successfully [1450186150] nerd: Channel opathchecks registered successfully [1450186150] nerd: Fully initialized and ready to rock! [1450186150] wproc: Successfully registered manager as @wproc with query handler [1450186150] wproc: Registry request: name=Core Worker 1445;pid=1445 [1450186150] wproc: Registry request: name=Core Worker 1443;pid=1443 [1450186150] wproc: Registry request: name=Core Worker 1446;pid=1446 [1450186150] wproc: Registry request: name=Core Worker 1444;pid=1444 [1450186151] Successfully launched command file worker with pid 1447 Manually creating /var/log/nagios/rw allows the socket to be created, at least if SELinux is disabled (see my other bug report about this). However, I wonder if /var/log is the appropriate location for a socket file. Shouldn't this rather be put unter /var/run/nagios then? I'd suggest to change the value of "query_socket" in /etc/nagios/nagios.cfg to "/var/run/nagios/nagios.qh" instead - this directory is already created by /usr/lib/tmpfiles.d/nagios.conf by default.
See BUG#1291734 for the second issue related to creating the socket file if SELinux is enabled. I suggest fixing this bug first, once the socket location has been decided, the SELinux policy should be updated accordingly.
nagios-4.0.8-2.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-eed09b5974
Hello. Looking at patch in EPEL git: +#!!!! This avc is allowed in the current policy +allow nagios_t nagios_spool_t:sock_file { write create unlink }; +#!!!! This avc can be allowed using the boolean 'daemons_enable_cluster_mode' +allow nagios_t self:unix_stream_socket connectto; Do you think, that ... 1. these comments should be part of patch? 2. it's a good idea to modify settings, which can be set by selinux booleans? 3. selinux settings should go into nagios main package instead of nagios-selinux? 4. selinux policy updates should be a part of nagios\*src.rpm, instead of selinux-policy package? May be all of above comments are irrelevant and this bug should be reported against selinux-policy package, instead of nagios package. Because there are changes in nagios after udpate to v4, there are required changes in selinux policy. But because nagios module is a part of upstream selinux-policy-contrib, there is no need to add another module to nagios package, but it's better to fix this in selinux-policy package. Please, consider removaol of this patch and update and change component of this but to selinux-policy.
I agree that this should probably be fixed in selinux-policy instead.
nagios-4.0.8-2.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-eed09b5974
To resolve this problem in CentOS, I'm create a directory /var/log/nagios/rw that not exist and apply permission to user that have access. My case is 'nagios'. mkdir /var/log/nagios/rw chmod 777 /var/log/nagios/rw And resolve all your problems. :-)
Van: I'm aware that this problem can be solved by manually creating /var/log/nagios/rw (as I wrote in the initial report). The point is, I should not have to do that myself, the RPM package should create all the necessary directories itself.
nagios-4.0.8-2.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.