Nagios Web Interface and SELinux
Michael Thomas
wart at kobold.org
Wed Aug 29 22:37:18 UTC 2007
Daniel J Walsh wrote:
> Ryan Skadberg wrote:
>> I have been trying to get nagios up and running on 2 different
>> machines. One running FC5 and one running FC6. Nagios itself starts
>> up fine, but the web interface fails miserably.
>>
>> When looking at /var/log/messages, I see things like:
>> Dec 3 11:38:17 xray kernel: audit(1165174697.348:289): avc: denied
>> { execute_no_trans } for pid=22237 comm="httpd" name="tac.cgi"
>> dev=dm-0 ino=11272226 scontext=user_u:system_r:httpd_t:s0
>> tcontext=system_u:object_r:lib_t:s0 tclass=file
>>
> Where is this file located? Looks like this needs a context like
> httpd_sys_content_t or httpd_sys_script_t.
>
>
> chcon -R -t httpd_sys_content_t PATH_TO_DIR
I just ran into the same problem on EPEL-5. It appears that the path
for the nagios cgi scripts is wrong in
/etc/selinux/targeted/contexts/files/file_contexts:
# grep nagios /etc/selinux/targeted/contexts/files/file_contexts
/usr/lib(64)?/nagios/cgi/.+ -- system_u:object_r:nagios_cgi_exec_t:s0
[...]
This should be:
/usr/lib(64)?/nagios/cgi-bin/.+ --
--Wart
More information about the fedora-selinux-list
mailing list