This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 868310 - nagios-plugins-linux_raid cannot access perl modules
nagios-plugins-linux_raid cannot access perl modules
Status: CLOSED WONTFIX
Product: Fedora EPEL
Classification: Fedora
Component: nagios-plugins (Show other bugs)
el6
x86_64 Linux
unspecified Severity high
: ---
: ---
Assigned To: Scott Wilkerson
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-10-19 09:28 EDT by Patrick MacArthur
Modified: 2015-09-11 10:51 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-09-11 10:51:29 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Patrick MacArthur 2012-10-19 09:28:15 EDT
Description of problem: If implicit use of the embedded perl interpreter is turned off, then the check_linux_raid script will not be able to access the utils.pm file and the plugin will fail to run.


Version-Release number of selected component (if applicable): nagios-plugins-linux_raid-1.4.16-5.el6.x86_64


How reproducible:
Always, if embedded perl interpreter is not used for check_linux_raid script

Steps to Reproduce:
1. Configure Nagios with at least one service that uses the check_linux_raid plugin
2. Turn off use_embedded_perl_interpreter_implicitly in /etc/nagios/nagios.cfg.
3. Reload Nagios.
4. Update to latest nagios-plugins-linux_raid.
5. Force a check of a service that uses the check_linux_raid plugin

  
Actual results:
Software RAID plugin returns CRITICAL status with message "(null)".

Expected results:
Software RAID plugin returns normally indicating status of RAID.

Additional info:
Changing the file context of the script to nagios_unconfined_plugin_exec_t fixes the problem, but that is obviously undesirable.

The audit message for this error:
type=AVC msg=audit(1350651109.153:98634): avc:  denied  { getattr } for  pid=18591 comm="check_linux_rai" path="/usr/lib64/nagios/plugins/utils.pm" dev=dm-0 ino=2359437 scontext=system_u:system_r:nagios_checkdisk_plugin_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
type=SYSCALL msg=audit(1350651109.153:98634): arch=c000003e syscall=4 success=no exit=-13 a0=ed4630 a1=7fff72a04da0 a2=7fff72a04da0 a3=2e736c6974752f73 items=0 ppid=18590 pid=18591 auid=4294967295 uid=498 gid=496 euid=498 suid=498 fsuid=498 egid=496 sgid=496 fsgid=496 tty=(none) ses=4294967295 comm="check_linux_rai" exe="/usr/bin/perl" subj=system_u:system_r:nagios_checkdisk_plugin_t:s0 key=(null)
Comment 1 Erik M Jacobs 2013-12-29 14:29:10 EST
I believe some components were missing from the original audit message.  When running in "permissive" mode, the following additional components are noted:

----
time->Sun Dec 29 19:15:32 2013
type=SYSCALL msg=audit(1388344532.714:21826): arch=c000003e syscall=2 success=yes exit=4 a0=24608a0 a1=0 a2=1b6 a3=7f8b7204dd50 items=0 ppid=48186 pid=48187 auid=4294967295 uid=497 gid=496 euid=497 suid=497 fsuid=497 egid=496 sgid=496 fsgid=496 tty=(none) ses=4294967295 comm="check_linux_rai" exe="/usr/bin/perl" subj=system_u:system_r:nagios_checkdisk_plugin_t:s0 key=(null)
type=AVC msg=audit(1388344532.714:21826): avc:  denied  { open } for  pid=48187 comm="check_linux_rai" name="utils.pm" dev=dm-1 ino=2103356 scontext=system_u:system_r:nagios_checkdisk_plugin_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
type=AVC msg=audit(1388344532.714:21826): avc:  denied  { read } for  pid=48187 comm="check_linux_rai" name="utils.pm" dev=dm-1 ino=2103356 scontext=system_u:system_r:nagios_checkdisk_plugin_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
----
time->Sun Dec 29 19:15:32 2013
type=SYSCALL msg=audit(1388344532.714:21825): arch=c000003e syscall=4 success=yes exit=0 a0=24548d0 a1=7fff7e748710 a2=7fff7e748710 a3=2e736c6974752f73 items=0 ppid=48186 pid=48187 auid=4294967295 uid=497 gid=496 euid=497 suid=497 fsuid=497 egid=496 sgid=496 fsgid=496 tty=(none) ses=4294967295 comm="check_linux_rai" exe="/usr/bin/perl" subj=system_u:system_r:nagios_checkdisk_plugin_t:s0 key=(null)
type=AVC msg=audit(1388344532.714:21825): avc:  denied  { getattr } for  pid=48187 comm="check_linux_rai" path="/usr/lib64/nagios/plugins/utils.pm" dev=dm-1 ino=2103356 scontext=system_u:system_r:nagios_checkdisk_plugin_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
----
time->Sun Dec 29 19:15:32 2013
type=SYSCALL msg=audit(1388344532.714:21827): arch=c000003e syscall=16 success=no exit=-25 a0=4 a1=5401 a2=7fff7e748480 a3=48 items=0 ppid=48186 pid=48187 auid=4294967295 uid=497 gid=496 euid=497 suid=497 fsuid=497 egid=496 sgid=496 fsgid=496 tty=(none) ses=4294967295 comm="check_linux_rai" exe="/usr/bin/perl" subj=system_u:system_r:nagios_checkdisk_plugin_t:s0 key=(null)
type=AVC msg=audit(1388344532.714:21827): avc:  denied  { ioctl } for  pid=48187 comm="check_linux_rai" path="/usr/lib64/nagios/plugins/utils.pm" dev=dm-1 ino=2103356 scontext=system_u:system_r:nagios_checkdisk_plugin_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
Comment 3 Scott Wilkerson 2015-09-11 10:51:29 EDT
Referenced version of package is no longer in use

Note You need to log in before you can comment on or make changes to this bug.