On Wed, March 16, 2016 5:51 am, Francois Claire wrote:
Le 16/03/2016 04:38, J.C. Cleaver a écrit :
Hi, This appears, from my testing, to be an SELinux issue -- although
I'm still trying to debug precisely what is happening here on the EL7
side.
Hi JC,
Here's what I do on my Centos 7 box to keep xymon working with selinux
enabled:
semanage fcontext -a -t httpd_sys_rw_content_t "/var/cache/xymon(/.*)?"
restorecon -Rv /var/cache/xymon
semanage fcontext -a -t httpd_sys_script_exec_t
"/usr/libexec/xymon/showgraph.cgi"
restorecon -Rv /usr/share/xymon/cgi-bin/showgraph.sh
semanage fcontext -a -t httpd_sys_rw_content_t "/etc/xymon(/.*)?"
restorecon -Rv /etc/xymon
Thanks,
This is roughly what happens inside the xymon RPM on install (although the
package is using httpd_cache_t instead of httpd_sys_rw_content), but the
bigger problem here I believe was that the xymon policy module wasn't
being loaded properly, alas.
If you're using the RPMs, in theory an upgrade to 4.3.26-3 followed by a
complete restorecon (/sbin/restorecon -R /usr/libexec/xymon/cgiwrap
/usr/share/xymon/cgi-* /var/cache/xymon /var/run/xymon /var/lib/xymon
/var/lib/xymon/configs /var/lib/xymon/tmp) should let you use it without
any further changes. If you might also be able to test that on a side box,
I'd appreciate it.
SELinux policy sync across releases, let alone distributions, is not
particularly unfrustrating...
Regards,
-jc