Summary: SELinux is preventing /usr/sbin/nrpe "read" access on nrpe.cfg. Detailed Description: [SELinux is in permissive mode. This access was not denied.] SELinux denied access requested by nrpe. It is not expected that this access is required by nrpe and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context unconfined_u:system_r:nrpe_t:s0 Target Context system_u:object_r:nrpe_etc_t:s0 Target Objects nrpe.cfg [ file ] Source nrpe Source Path /usr/sbin/nrpe Port <Unknown> Host (removed) Source RPM Packages nrpe-2.12-14.fc14.1 Target RPM Packages Policy RPM selinux-policy-3.9.7-3.fc14 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.35.6-43.fc14.x86_64 #1 SMP Wed Oct 13 21:23:02 UTC 2010 x86_64 x86_64 Alert Count 2 First Seen 2010-10-22T14:53:12 EDT Last Seen 2010-10-22T14:53:12 EDT Local ID 66de6ca4-582f-4732-a075-b6e58688b079 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1287773592.661:36052): avc: denied { read } for pid=2815 comm="nrpe" name="nrpe.cfg" dev=dm-1 ino=180 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:nrpe_etc_t:s0 tclass=file node=(removed) type=AVC msg=audit(1287773592.661:36052): avc: denied { open } for pid=2815 comm="nrpe" name="nrpe.cfg" dev=dm-1 ino=180 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:nrpe_etc_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1287773592.661:36052): arch=c000003e syscall=2 success=yes exit=3 a0=609620 a1=0 a2=1b6 a3=0 items=0 ppid=2814 pid=2815 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=1 comm="nrpe" exe="/usr/sbin/nrpe" subj=unconfined_u:system_r:nrpe_t:s0 key=(null) Hash String generated from catchall,nrpe,nrpe_t,nrpe_etc_t,file,read audit2allow suggests: #============= nrpe_t ============== allow nrpe_t nrpe_etc_t:file { read open };
I get this error even after relabeling. Here's what the labels are: $ ls -lsadZ /usr/sbin/nrpe /etc/nagios /etc/nagios/nrpe.cfg drwxr-xr-x. root root system_u:object_r:nagios_etc_t:s0 /etc/nagios/ -rw-r--r--. root root system_u:object_r:nrpe_etc_t:s0 /etc/nagios/nrpe.cfg -rwxr-xr-x. root root system_u:object_r:nrpe_exec_t:s0 /usr/sbin/nrpe* Versions: 0:libselinux-2.0.96-5.fc14.x86_64 0:libselinux-devel-2.0.96-5.fc14.x86_64 0:libselinux-python-2.0.96-5.fc14.x86_64 0:libselinux-utils-2.0.96-5.fc14.x86_64 0:selinux-policy-3.9.7-3.fc14.noarch 0:selinux-policy-targeted-3.9.7-3.fc14.noarch
Oh, and this is with: 0:nrpe-2.12-14.fc14.1.x86_64
You can add these rules for now using # grep avc /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Fixed in selinux-policy-3.9.7-6.fc14
selinux-policy-3.9.7-7.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-7.fc14
selinux-policy-3.9.7-7.fc14 has been pushed to the Fedora 14 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-7.fc14
selinux-policy-3.9.7-7.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.