Created attachment 1247256 [details]
output from audit2allow -a
Description of problem:
I tried to set up a zabbix userparameter which uses redis-cli to retrieve redis stats. The zabbix GUI complains with "could not connect to redis at 127.0.0.1:6379: permission denied". When I turn of selinux, it works. Setting the "zabbix_can_network"sebool to "on" does not help.
audit2allow shows a missing type enforcement allow rule from zabbix_agent_t to redis_port_t:tcp_socket
Version-Release number of selected component (if applicable):
How reproducible: always
Steps to Reproduce:
1.setup zabbix userparameter using the redis-cli
2.set up and observe a zabbix item for redis in the zabbix server
Zabbix server GUI shows error: "could not connect to redis at 127.0.0.1:6379: permission denied"
No error - zabbix should have access to the redis tcp port
Created attachment 1247257 [details]
output from audit2allow -w -a
Could you collect raw SELinux denials and attach them here?
# ausearch -m avc -m user_avc -m selinux_err -m user_selinux_err -i -ts today
Created attachment 1247572 [details]
output from 'ausearch -m avc -m user_avc -m selinux_err -m user_selinux_err -i -ts today'
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.