You’d want to look at the contents of the audit log (varies depending on the distribution). I believe there are tools (audit2allow rings a bell) that can help you construct necessary rule changes, but also it may be clearer what specifically is not being allowed.
On Dec 12, 2018, at 12:50 PM, Frank M. Ramaekers <user-dbd5c100cfe9@xymon.invalid> wrote:
Well, I have xymon mostly setup, but I’m having difficulty when drilling down into a service that is monitored:
Exec failed for /home/xymon/server/bin/svcstatus.cgi: Permission denied
I thought turning on the httpd_sys_script_exec_t would do the trick:
-rwxr-xr-x. xymon apache unconfined_u:object_r:httpd_sys_script_exec_t:s0 svcstatus.cgi
…that didn’t help….I’ve verified that it is a SELinux permissions by ‘setenforce 0’ and the script works.
What am I missing?
Frank M. Ramaekers Jr. | Systems Analyst I | CIS Mainframe Services
Unisys | Skype: XXX-XXX-XXXX | user-c2b5816a0b33@xymon.invalid
<image001.png>
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all devices.
<image002.jpg> <image003.jpg> <image004.jpg><image005.jpg><image006.jpg><image007.jpg><image008.jpg>
--
____
|| \\UTGERS, |---------------------------*O*---------------------------
||_// the State | Ryan Novosielski - user-46c89e614701@xymon.invalid
|| \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS Campus
|| \\ of NJ | Office of Advanced Research Computing - MSB C630, Newark
`'