[Xymon] EL7 SELinux (was Re: error running report.sh
J.C. Cleaver
cleaver at terabithia.org
Thu Mar 17 15:45:24 CET 2016
On Wed, March 16, 2016 5:51 am, Francois Claire wrote:
> Le 16/03/2016 04:38, J.C. Cleaver a écrit :
>> Hi, This appears, from my testing, to be an SELinux issue -- although
>> I'm still trying to debug precisely what is happening here on the EL7
>> side.
>
>
> Hi JC,
>
>
>
> Here's what I do on my Centos 7 box to keep xymon working with selinux
> enabled:
>
> semanage fcontext -a -t httpd_sys_rw_content_t "/var/cache/xymon(/.*)?"
> restorecon -Rv /var/cache/xymon
> semanage fcontext -a -t httpd_sys_script_exec_t
> "/usr/libexec/xymon/showgraph.cgi"
> restorecon -Rv /usr/share/xymon/cgi-bin/showgraph.sh
> semanage fcontext -a -t httpd_sys_rw_content_t "/etc/xymon(/.*)?"
> restorecon -Rv /etc/xymon
>
Thanks,
This is roughly what happens inside the xymon RPM on install (although the
package is using httpd_cache_t instead of httpd_sys_rw_content), but the
bigger problem here I believe was that the xymon policy module wasn't
being loaded properly, alas.
If you're using the RPMs, in theory an upgrade to 4.3.26-3 followed by a
complete restorecon (/sbin/restorecon -R /usr/libexec/xymon/cgiwrap
/usr/share/xymon/cgi-* /var/cache/xymon /var/run/xymon /var/lib/xymon
/var/lib/xymon/configs /var/lib/xymon/tmp) should let you use it without
any further changes. If you might also be able to test that on a side box,
I'd appreciate it.
SELinux policy sync across releases, let alone distributions, is not
particularly unfrustrating...
Regards,
-jc
More information about the Xymon
mailing list