Am Montag, den 14.09.2009, 16:37 +0200 schrieb Ralph Angenendt: > On Mon, 2009-09-14 at 16:24 +0200, Christoph Maser wrote: > > Am Montag, den 14.09.2009, 16:15 +0200 schrieb Ralph Angenendt: > > > On Mon, 2009-09-14 at 16:11 +0200, Martin Boel, Silverbullet wrote: > > > > workaround is to execute the command: chcon -R httpd_sys_content_t > > > > /var/nagios > > > > > > Is that still the case in 5.3? > > > > And also does that solve all problems with nagios? What about plugin > > execution or external command files? I rather think you should use the > > contexts > > - system_u:object_r:nagios_log_t:s0 > > - system_u:object_r:nagios_spool_t:s0 > > - system_u:object_r:nagios_exec_t:s0 > > - system_u:object_r:nrpe_etc_t:s0 > > - system_u:object_r:httpd_nagios_script_exec_t:s0 > > > > Actually it would be propably up to me to set these correctly in the > > rpmforge package.... > > Maybe some selinux guru can help me out? > > I'd say take a sneak peak into Fedoraland, but their SELinux is a tad > more advanced than what we have. > > You know that you'd have to write a *complete* policy for containing > Nagios that way? Can nagios even be seen as its own application > deserving its own domain or isn't much of nagios run from apache anyway > which would mean that you'd need the apache policies in place? > > Ralph Erm these contexts already are in CentOS..... So i guess the policy is too... financial.com AG Munich head office/Hauptsitz München: Maria-Probst-Str. 19 | 80939 München | Germany Frankfurt branch office/Niederlassung Frankfurt: Messeturm | Friedrich-Ebert-Anlage 49 | 60327 Frankfurt | Germany Management board/Vorstand: Dr. Steffen Boehnert (CEO/Vorsitzender) | Dr. Alexis Eisenhofer | Dr. Yann Samson | Matthias Wiederwach Supervisory board/Aufsichtsrat: Dr. Dr. Ernst zur Linden (chairman/Vorsitzender) Register court/Handelsregister: Munich – HRB 128 972 | Sales tax ID number/St.Nr.: DE205 370 553