Bug 1468431 - Zabbix agent fails to start due to being unable to disable coredumps
Zabbix agent fails to start due to being unable to disable coredumps
Status: NEW
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: selinux-policy (Show other bugs)
7.3
x86_64 Linux
unspecified Severity medium
: rc
: ---
Assigned To: Lukas Vrabec
Milos Malik
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-07 01:11 EDT by Mark Keir
Modified: 2017-11-06 10:13 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Bugzilla 1323518 None None None 2017-07-07 01:11 EDT

  None (edit)
Description Mark Keir 2017-07-07 01:11:31 EDT
Description of problem:
Zabbix agent starts, then exits.  The log captured is:

27385:20170707:011506.471 using configuration file: /etc/zabbix/zabbix_agentd.conf
 27385:20170707:011506.471 cannot set resource limit: [13] Permission denied
 27385:20170707:011506.471 cannot disable core dump, exiting...

Version-Release number of selected component (if applicable):
rpm -qa 'selinux*'
selinux-policy-targeted-3.13.1-102.el7_3.16.noarch
selinux-policy-3.13.1-102.el7_3.16.noarch


How reproducible:
Always, when selinux is enforcing.  Applicable to RHEL7.3.

Steps to Reproduce:
1. Install zabbix-agent-3.2.2-1.el7.x86_64.
2. Ensure selinux is enabled
3. systemctl start zabbix-agent

Actual results:
Fails to start

Expected results:
Service starts

Additional info:
Reported as fixed in https://bugzilla.redhat.com/show_bug.cgi?id=1323518
Workaround https://lvrabec-selinux.rhcloud.com/2016/09/19/creating-local-module-quickly-in-cil/
Comment 2 Milos Malik 2017-07-10 05:15:29 EDT
# rpm -qa selinux\*
selinux-policy-targeted-3.13.1-102.el7_3.18.noarch
selinux-policy-3.13.1-102.el7_3.18.noarch
# sesearch -s zabbix_agent_t -A -C -p setrlimit

# sesearch -s zabbix_agent_t -D -C -p setrlimit

# 

It's neither fixed nor dontaudit-ed in the latest policy for RHEL-7.3.

Note You need to log in before you can comment on or make changes to this bug.