From: gereon.kremer@cs.rwth-aachen.de (Gereon Kremer) Date: Wed, 21 May 2014 13:30:14 +0200 Subject: [refpolicy] Using nagios with SELinux on Debian Message-ID: <537C8E46.8040407@cs.rwth-aachen.de> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Hi all, I'm trying to use nagios on a debian with SELinux. Although there is a nagios policy, there are various avc denials, mostly plugins that are denied to access /var/lib/nagios3/spool/ I looked through the nagios policy and it seems that some things are just incomplete: There are several classes of plugins (admin, checkdisk, mail. services, system, unconfined) but they all try to access the same spool folder and there are no rules to allow this access: Neither rules that allow all plugins to access a specific file class, nor a rule that labels the spool folder. (there is a rule for /var/spool/nagios3/, but this folder does not exist on my machine...) Also, the webserver (apache in my case) tries to access cache files which is not allows by the nagios policy... What is the status of this policy? Should it actually work? Or is it just broken for debian? -- Gereon Kremer Lehr- und Forschungsgebiet Theorie Hybrider Systeme RWTH Aachen Tel: +49 241 80 21243