Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 377329 - sec-policy/selinux-nagios nrpe config not viewable from nrpe_t
Summary: sec-policy/selinux-nagios nrpe config not viewable from nrpe_t
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Hardened (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: SE Linux Bugs
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-08-01 20:55 UTC by Matthew Thode ( prometheanfire )
Modified: 2011-08-14 20:50 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2011-08-01 20:55:08 UTC 
type=AVC msg=audit(1312230830.140:46): avc:  denied  { read } for  pid=1711 comm="nrpe" name="nrpe.cfg" dev=vda3 ino=6958 scontext=system_u:system_r:nrpe_t tcontext=system_u:object_r:nrpe_etc_t tclass=file

Reproducible: Always
Comment 1 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2011-08-01 20:57:02 UTC 
type=SYSCALL msg=audit(1312230830.140:46): arch=c000003e syscall=2 success=no exit=-13 a0=4ca00b9e040 a1=0 a2=1b6 a3=0 items=0 ppid=1710 pid=1711 auid=4294967295 uid=103 gid=110 euid=103 suid=103 fsuid=103 egid=110 sgid=110 fsgid=110 tty=(none) ses=4294967295 comm="nrpe" exe="/usr/bin/nrpe" subj=system_u:system_r:nrpe_t key=(null)
Comment 2 Sven Vermeulen (RETIRED) gentoo-dev 2011-08-12 21:48:52 UTC 
Should be available in hardened-dev overlay, selinux-nagios-2.20110726-r1
Comment 3 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2011-08-14 08:47:59 UTC 
working now, but I get the following for the check-disk plugin

type=AVC msg=audit(1313311496.131:89): avc:  denied  { getattr } for  pid=3430 comm="check_disk" path="/var" dev=dm-3 ino=2 scontext=system_u:system_r:nagios_checkdisk_plugin_t tcontext=system_u:object_r:var_t tclass=dir
type=SYSCALL msg=audit(1313311496.131:89): arch=c000003e syscall=4 success=no exit=-13 a0=7e75c8394a25 a1=9d9dcc6fd60 a2=9d9dcc6fd60 a3=4 items=0 ppid=3429 pid=3430 auid=0 uid=103 gid=110 euid=103 suid=103 fsuid=103 egid=110 sgid=110 fsgid=110 tty=(none) ses=1 comm="check_disk" exe="/usr/lib64/nagios/plugins/check_disk" subj=system_u:system_r:nagios_checkdisk_plugin_t key=(null)
type=AVC msg=audit(1313311511.189:90): avc:  denied  { read } for  pid=3434 comm="check_disk" name="mtab" dev=vda3 ino=7304 scontext=system_u:system_r:nagios_checkdisk_plugin_t tcontext=system_u:object_r:etc_t tclass=file
type=SYSCALL msg=audit(1313311511.189:90): arch=c000003e syscall=2 success=no exit=-13 a0=4a49fd08260 a1=0 a2=1b6 a3=0 items=0 ppid=3433 pid=3434 auid=0 uid=103 gid=110 euid=103 suid=103 fsuid=103 egid=110 sgid=110 fsgid=110 tty=(none) ses=1 comm="check_disk" exe="/usr/lib64/nagios/plugins/check_disk" subj=system_u:system_r:nagios_checkdisk_plugin_t key=(null)
type=AVC msg=audit(1313311511.189:91): avc:  denied  { read } for  pid=3434 comm="check_disk" name="mtab" dev=vda3 ino=7304 scontext=system_u:system_r:nagios_checkdisk_plugin_t tcontext=system_u:object_r:etc_t tclass=file
type=SYSCALL msg=audit(1313311511.189:91): arch=c000003e syscall=2 success=no exit=-13 a0=4a49fd08260 a1=0 a2=1b6 a3=0 items=0 ppid=3433 pid=3434 auid=0 uid=103 gid=110 euid=103 suid=103 fsuid=103 egid=110 sgid=110 fsgid=110 tty=(none) ses=1 comm="check_disk" exe="/usr/lib64/nagios/plugins/check_disk" subj=system_u:system_r:nagios_checkdisk_plugin_t key=(null)
Comment 4 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2011-08-14 20:50:12 UTC 
Opening bug 379199 for the nrpe plugin issue