[refpolicy] Using nagios with SELinux on Debian

All of lore.kernel.org
 help / color / mirror / Atom feed

From: gereon.kremer@cs.rwth-aachen.de (Gereon Kremer)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] Using nagios with SELinux on Debian
Date: Wed, 21 May 2014 13:30:14 +0200	[thread overview]
Message-ID: <537C8E46.8040407@cs.rwth-aachen.de> (raw)

Hi all,

I'm trying to use nagios on a debian with SELinux.
Although there is a nagios policy, there are various avc denials, mostly
plugins that are denied to access /var/lib/nagios3/spool/

I looked through the nagios policy and it seems that some things are
just incomplete:
There are several classes of plugins (admin, checkdisk, mail. services,
system, unconfined) but they all try to access the same spool folder and
there are no rules to allow this access: Neither rules that allow all
plugins to access a specific file class, nor a rule that labels the
spool folder. (there is a rule for /var/spool/nagios3/, but this folder
does not exist on my machine...)
Also, the webserver (apache in my case) tries to access cache files
which is not allows by the nagios policy...

What is the status of this policy? Should it actually work? Or is it
just broken for debian?

-- 
Gereon Kremer
Lehr- und Forschungsgebiet Theorie Hybrider Systeme
RWTH Aachen
Tel: +49 241 80 21243

next             reply	other threads:[~2014-05-21 11:30 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-05-21 11:30 Gereon Kremer [this message]
2014-05-21 13:32 ` [refpolicy] Using nagios with SELinux on Debian Mika Pflüger
2014-06-10  4:05 ` Russell Coker

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=537C8E46.8040407@cs.rwth-aachen.de \
    --to=gereon.kremer@cs.rwth-aachen.de \
    --cc=refpolicy@oss.tresys.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.