You are here

Selinux issue with Opsview Agent for RHEL 7

3 posts / 0 new
Last post
bkurt
bkurt's picture
Selinux issue with Opsview Agent for RHEL 7

I just tried installing the latest opsview agent I could get from your site on a fresh RHEL 7 installation and there appears to be an issue with

the opsview PREINST script in the agent rpm.  It looks like the useradd command for the nagios user wants to set a default home directory of /var/log/nagios.  However, this fails due to an selinux issue and then the nagios user never gets created.  A workaround could be to run the install in permissive mode and then re-enable selinux, but I thought I would bring this up.

 

I'm trying to install opsview-agent.x86_64 0:4.6.0.398-1 and here is output that I  receive:

useradd: cannot create directory /var/log/nagios
Unexpected error adding user "nagios"
  Installing : opsview-agent-4.6.0.398-1.x86_64                                                                                                                                            4/4
warning: user nagios does not exist - using root
warning: user nagios does not exist - using root
warning: user nagios does not exist - using root
warning: user nagios does not exist - using root

...clipped most warnings for clarity
warning: user nagios does not exist - using root
warning: user nagios does not exist - using root
su: user nagios does not exist

The message I see in the audit log is the following:

type=AVC msg=audit(1415297817.102:467): avc:  denied  { write } for  pid=30184 comm="useradd" name="log" dev="dm-1" ino=67109020 scontext=unconfined_u:system_r:useradd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_log_t:s0 tclass=dir

 

bkurt
bkurt's picture
Bump for RHEL 7 help

Hoping that the lack of response of this is due to the newness of RHEL 7.  Is anyone else having this issue with this package?

MICHAEL HODGDON
mhodgdon's picture
This works for now

Same issue, managed to work around by doing the following albeit I didn't spend much time looking for proper solution.

semanage fcontext -a -f d -t user_home_dir_t /var/log/nagios

semanage fcontext -a -f d -t user_home_t /var/log/nagios/*

restorecon -v -R /var/log/nagios

chown -R nagios.nagios /var/log/nagios

yum reinstall <rpm(s)>