[CentOS-devel] Re: [packagers] Nagios + selinux

Dag Wieers

dag at wieers.com
Fri Mar 2 10:11:37 UTC 2007


On Thu, 1 Mar 2007, Christoph Maser wrote:

> it seems the rpmforge nagios package does not work out of the box if
> selinux is turned on. A log from someone complaining about it (the
> nagios cgis) not working:
> 
> ---
> [Thu Mar 01 15:58:30 2007] [notice] suEXEC mechanism enabled
> (wrapper: /usr/sbin/suexec)
> [Thu Mar 01 15:58:30 2007] [notice] Digest: generating secret for digest authentication ...
> [Thu Mar 01 15:58:30 2007] [notice] Digest: done
> [Thu Mar 01 15:58:30 2007] [notice] LDAP: Built with OpenLDAP LDAP SDK
> [Thu Mar 01 15:58:30 2007] [notice] LDAP: SSL support unavailable
> [Thu Mar 01 15:58:30 2007] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads.
> [Thu Mar 01 15:58:30 2007] [notice] Apache/2.0.52 (CentOS) configured -- resuming normal operations
> [Thu Mar 01 15:58:38 2007] [error] [client 127.0.0.1] (13)Permission denied: exec of '/usr/lib/nagios/cgi/status.cgi' failed, referer: http://127.0.0.1/nagios/side.html
> [Thu Mar 01 15:58:38 2007] [error] [client 127.0.0.1] Premature end of script headers: status.cgi, referer: http://127.0.0.1/nagios/side.html
> [Thu Mar 01 15:58:39 2007] [error] [client 127.0.0.1] (13)Permission denied: exec of '/usr/lib/nagios/cgi/tac.cgi' failed, referer: http://127.0.0.1/nagios/side.html
> ---
> 
> I would like to make proper rules for this rpm but i have absolutely no 
> clue about selinux and policies. Any hints what to read, where to start?

Yes, selinux is pretty complicated and I have no good experience of it 
myself. I always but it to permissive. I would love to add selinux 
capabilities to my packages, though I don't know how I can help you with 
it.

Please let me know if you have learned more and tell me what specific 
changes are required.

Thanks in advance !
--   dag wieers,  dag at wieers.com,  http://dag.wieers.com/   --
[all I want is a warm bed and a kind word and unlimited power]



More information about the CentOS-devel mailing list