[CentOS-docs] Contribution to wiki: nagios incompatibility with centos 5.2

Mon Sep 14 14:37:24 UTC 2009
Ralph Angenendt <ralph.angenendt at gmail.com>

On Mon, 2009-09-14 at 16:24 +0200, Christoph Maser wrote:
> Am Montag, den 14.09.2009, 16:15 +0200 schrieb Ralph Angenendt:
> > On Mon, 2009-09-14 at 16:11 +0200, Martin Boel, Silverbullet wrote:
> > > workaround is to execute the command: chcon -R httpd_sys_content_t
> > > /var/nagios
> >
> > Is that still the case in 5.3?
> 
> And also does that solve all problems with nagios? What about plugin
> execution or external command files? I rather think you should use the
> contexts
>  - system_u:object_r:nagios_log_t:s0
>  - system_u:object_r:nagios_spool_t:s0
>  - system_u:object_r:nagios_exec_t:s0
>  - system_u:object_r:nrpe_etc_t:s0
>  - system_u:object_r:httpd_nagios_script_exec_t:s0
> 
> Actually it would be propably up to me to set these correctly in the
> rpmforge package....
> Maybe some selinux guru can help me out?

I'd say take a sneak peak into Fedoraland, but their SELinux is a tad
more advanced than what we have.

You know that you'd have to write a *complete* policy for containing
Nagios that way? Can nagios even be seen as its own application
deserving its own domain or isn't much of nagios run from apache anyway
which would mean that you'd need the apache policies in place?

Ralph