On Wed, March 16, 2016 5:51 am, Francois Claire wrote:
Le 16/03/2016 04:38, J.C. Cleaver a écrit :
Hi, This appears, from my testing, to be an SELinux issue -- although I'm still trying to debug precisely what is happening here on the EL7 side.
Hi JC,
Here's what I do on my Centos 7 box to keep xymon working with selinux enabled:
semanage fcontext -a -t httpd_sys_rw_content_t "/var/cache/xymon(/.*)?" restorecon -Rv /var/cache/xymon semanage fcontext -a -t httpd_sys_script_exec_t "/usr/libexec/xymon/showgraph.cgi" restorecon -Rv /usr/share/xymon/cgi-bin/showgraph.sh semanage fcontext -a -t httpd_sys_rw_content_t "/etc/xymon(/.*)?" restorecon -Rv /etc/xymon
Thanks,
This is roughly what happens inside the xymon RPM on install (although the package is using httpd_cache_t instead of httpd_sys_rw_content), but the bigger problem here I believe was that the xymon policy module wasn't being loaded properly, alas.
If you're using the RPMs, in theory an upgrade to 4.3.26-3 followed by a complete restorecon (/sbin/restorecon -R /usr/libexec/xymon/cgiwrap /usr/share/xymon/cgi-* /var/cache/xymon /var/run/xymon /var/lib/xymon /var/lib/xymon/configs /var/lib/xymon/tmp) should let you use it without any further changes. If you might also be able to test that on a side box, I'd appreciate it.
SELinux policy sync across releases, let alone distributions, is not particularly unfrustrating...
Regards, -jc