[Xymon] Conn test fails after server reboot - solved
cleaver at terabithia.org
cleaver at terabithia.org
Tue Jul 17 12:51:04 CEST 2012
> On Thu, 2012-07-12 at 10:35 +0100, John Horne wrote:
> Hello,
>
> Sorry, but this turned out to be an SELinux problem. 'fping' is denied
> write access to files in the ~/server/tmp directory on the Xymon server.
> However, fping records its results in that directory, and Xymon looks at
> them to see if a client is alive or not. Since there were no results,
> because of SELinux, Xymon figured that all the clients were down.
>
> I have created a local SELinux policy to allow writes for fping and that
> seems to work. (I have rebooted the Xymon server and it didn't show any
> red ping/conn tests.)
>
> The clients don't use 'fping' so they don't have this problem.
>
> Why did restarting the Xymon service (not the server) allow the tests to
> turn green? Not sure.
>
SELinux policies distinguish between appending, writing, and seeking in
many cases. I don't recall the details, but I remember needing to futz
with different policies to figure out what was going on as well. Was
anything interesting going on in the audit logs at the time?
-jc
More information about the Xymon
mailing list