From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20051010 Firefox/1.0.7 (Ubuntu package 1.0.7) Description of problem: I just got done packaging Cacti for Fedora Extras. Its been approved but it doesn't work with SELinux. Cacti stores log files in /var/log/cacti/ and round robin database files in /var/lib/cacti/rra/ To fix this problem it is possible to run the following commands: chcon -R -t httpd_sys_content_t /var/log/cacti/ chcon -R -t httpd_sys_content_t /var/lib/cacti/rra/ It was suggested to me to get new contexts for Cacti incorperated: https://www.redhat.com/archives/fedora-extras-list/2006-January/msg01169.html Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Install cacti 2. verify Selinux is enabled (targeted) 3. watch cacti fail. Additional info:
Does it work with chcon -R -t httpd_log_t /var/log/cacti/ chcon --R -t httpd_var_lib_t /var/lib/cacti/rra/
The logs seem to work now (can be read) but rra doesn't seem to work. I assume you wanted -R instead of --R. Here's the audit logs: type=AVC msg=audit(1139522179.714:56): avc: denied { search } for pid=2851 comm="rrdtool" name="rra" dev=hda2 ino=5505259 scontext=root:system_r:httpd_sys_script_t tcontext=system_u:object_r:httpd_var_lib_t tclass=dir type=SYSCALL msg=audit(1139522179.714:56): arch=40000003 syscall=5 success=no exit=-13 a0=805f048 a1=0 a2=1b6 a3=805d660 items=1 pid=2851 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 comm="rrdtool" exe="/usr/bin/rrdtool" type=CWD msg=audit(1139522179.714:56): cwd="/usr/share/cacti" type=PATH msg=audit(1139522179.714:56): item=0 name="/usr/share/cacti/rra/localhost_traffic_in_18.rrd" flags=101 inode=5505259 dev=03:02 mode=040755 ouid=101 ogid=0 rdev=00:00 type=AVC msg=audit(1139522179.770:57): avc: denied { search } for pid=2852 comm="rrdtool" name="rra" dev=hda2 ino=5505259 scontext=root:system_r:httpd_sys_script_t tcontext=system_u:object_r:httpd_var_lib_t tclass=dir type=SYSCALL msg=audit(1139522179.770:57): arch=40000003 syscall=5 success=no exit=-13 a0=9682cd8 a1=0 a2=1b6 a3=9683c80 items=1 pid=2852 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 comm="rrdtool" exe="/usr/bin/rrdtool" type=CWD msg=audit(1139522179.770:57): cwd="/usr/share/cacti" type=PATH msg=audit(1139522179.770:57): item=0 name="/usr/share/cacti/rra/localhost_proc_7.rrd" flags=101 inode=5505259 dev=03:02 mode=040755 ouid=101 ogid=0 rdev=00:00
Ok lets go back to chcon -R -t httpd_sys_content_t /var/lib/cacti/rra/ Updated in 2.2.19-2
Sorry, haven't had time to test this, I'll try to do it this weekend or early next week.
Sorry this is long overdue. This has corrected the issues cacti was having.