On Mon, 2009-09-14 at 16:24 +0200, Christoph Maser wrote: > Am Montag, den 14.09.2009, 16:15 +0200 schrieb Ralph Angenendt: > > On Mon, 2009-09-14 at 16:11 +0200, Martin Boel, Silverbullet wrote: > > > workaround is to execute the command: chcon -R httpd_sys_content_t > > > /var/nagios > > > > Is that still the case in 5.3? > > And also does that solve all problems with nagios? What about plugin > execution or external command files? I rather think you should use the > contexts > - system_u:object_r:nagios_log_t:s0 > - system_u:object_r:nagios_spool_t:s0 > - system_u:object_r:nagios_exec_t:s0 > - system_u:object_r:nrpe_etc_t:s0 > - system_u:object_r:httpd_nagios_script_exec_t:s0 > > Actually it would be propably up to me to set these correctly in the > rpmforge package.... > Maybe some selinux guru can help me out? I'd say take a sneak peak into Fedoraland, but their SELinux is a tad more advanced than what we have. You know that you'd have to write a *complete* policy for containing Nagios that way? Can nagios even be seen as its own application deserving its own domain or isn't much of nagios run from apache anyway which would mean that you'd need the apache policies in place? Ralph
