Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-10610

SELinux breaks agent modules

XMLWordPrintable

    • Icon: Incident report Incident report
    • Resolution: Unresolved
    • Icon: Trivial Trivial
    • None
    • None
    • Installation (I)
    • None

      The zabbix_agent_t SELinux context distributed as a part of selinux-policy-targeted is not friendly to 3rd party modules.

      See:

      /var/log/audit/audit.log
      type=AVC msg=audit(1459676594.764:2605): avc:  denied  { open } for  pid=20604 comm="zabbix_agentd" path="/vagrant/src/.libs/libzbxpgsql.so" dev="vboxsf" ino=570 scontext=system_u:system_r:zabbix_agent_t:s0 tcontext=system_u:object_r:vmblock_t:s0 tclass=file
      

      Some booleans can be used to allow modules to load, such as:

      allow zabbix_agent_t modules_object_t:file { execute open };
      

      But... this is not simple to extend for module packagers.

            zabbix.dev Zabbix Development Team
            ryan.armstrong Ryan Armstrong
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated: