Description of problem: For nagios, there exists a nagios_unconfined_plugin_exec_t file context that can be used for plugins that not yet have a dedicated context. But, the current policy assigns bin_t to all files in /usr/lib(64)?/nagios/plugins that does not have a specific context. By comparison, munin plugins in /usr/share/munin/plugins that does not have a specific selinux file context get unconfined_munin_plugin_exec_t automatically. Doing the same for nagios plugins would make life easier for those who build a lot of there own plugins. Three files in /usr/lib(64)?/nagios/plugins from the nagios-plugins package get the context bin_t from the current policy so something like replacing: /usr/lib/nagios/plugins(/.*)? system_u:object_r:bin_t:s0 with: /usr/lib/nagios/plugins/.* system_u:object_r:nagios_unconfined_plugin_exec_t:s0 /usr/lib/nagios/plugins/negate system_u:object_r:bin_t:s0 /usr/lib/nagios/plugins/urlize system_u:object_r:bin_t:s0 /usr/lib/nagios/plugins/utils.sh system_u:object_r:bin_t:s0 should do the trick. Version-Release number of selected component (if applicable): selinux-policy-targeted 3.11.1-90
Yes, good point.
commit 74a92a2b0d9919c7f04c9fcca68d7f7dc916c531 Author: Miroslav Grepl <mgrepl> Date: Thu Apr 18 13:19:19 2013 +0200 Label all nagios plugin as unconfined by default
selinux-policy-3.11.1-91.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/selinux-policy-3.11.1-91.fc18
Package selinux-policy-3.11.1-91.fc18: * should fix your issue, * was pushed to the Fedora 18 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.11.1-91.fc18' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-6018/selinux-policy-3.11.1-91.fc18 then log in and leave karma (feedback).
Wow, that was quick! selinux-policy-3.11.1-91 fixes this.
selinux-policy-3.11.1-91.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.