You’d want to look at the contents of the audit log (varies depending on the distribution). I believe there are tools (audit2allow rings a bell) that can help you construct necessary rule changes, but also it may be clearer what specifically is not being allowed.
On Dec 12, 2018, at 12:50 PM, Frank M. Ramaekers <FRamaekers at ailife.com> wrote:
Well, I have xymon mostly setup, but I’m having difficulty when drilling down into a service that is monitored:
Exec failed for /home/xymon/server/bin/svcstatus.cgi: Permission denied
I thought turning on the httpd_sys_script_exec_t would do the trick: -rwxr-xr-x. xymon apache unconfined_u:object_r:httpd_sys_script_exec_t:s0 svcstatus.cgi
…that didn’t help….I’ve verified that it is a SELinux permissions by ‘setenforce 0’ and the script works.
What am I missing?
Frank M. Ramaekers Jr. | Systems Analyst I | CIS Mainframe Services Unisys | Skype: 512-387-3949 | Francis.Ramaekers at Unisys.com
<image001.png>
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all devices. <image002.jpg> <image003.jpg> <image004.jpg><image005.jpg><image006.jpg><image007.jpg><image008.jpg>
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon
--
|| \\UTGERS, |---------------------------*O*--------------------------- ||_// the State | Ryan Novosielski - novosirj at rutgers.edu || \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS Campus || \\ of NJ | Office of Advanced Research Computing - MSB C630, Newark `'