Zabbix Agent2 PersistenBuffer problem with SeLinux

XMLWordPrintable

    • Type: Problem report
    • Resolution: Unresolved
    • Priority: Trivial
    • None
    • Affects Version/s: 7.4.10
    • Component/s: Agent2 (G)
    • Environment:
      NAME="AlmaLinux"
      VERSION="10.1 (Heliotrope Lion)"

      I had a problem with creating PersistenBufferFile on AlmaLinux, SeLinux kept blocking me, to fix this problem I had to create a separate policy for the Buffer file.

      Steps to reproduce:

      1. Config:
        BufferSize=1024
        EnablePersistentBuffer=1
        PersistentBufferPeriod=1h
        PersistentBufferFile=/var/lib/zabbix/buffer.db
      2. Selinux labels:
        system_u:object_r:zabbix_var_lib_t:s0 /var/lib/zabbix/buffer.db

      Result:
      Cannot prepare result cache: remove /var/lib/zabbix/buffer.db: permission denied.
      Cannot prepare result cache: remove /var/lib/zabbix/buffer.db: no such file or directory.
      Expected:

      Fix:

      module zabbix_buffer_fix 1.0;

      require

      {         type zabbix_agent_t;         type zabbix_var_lib_t;         class file \{ create lock open read unlink write }

      ;
              class dir { add_name remove_name write };
      }

      #============= zabbix_agent_t ==============

      allow zabbix_agent_t zabbix_var_lib_t:dir { add_name remove_name write };

      allow zabbix_agent_t zabbix_var_lib_t:file { lock open read unlink write };
      allow zabbix_agent_t zabbix_var_lib_t:file create;

      **

        1. zabbix_buffer_fix.pp
          1 kB
          KapitanKaszanka
        2. zabbix_buffer_fix.te
          0.4 kB
          KapitanKaszanka

            Assignee:
            Oleksii Zagorskyi
            Reporter:
            KapitanKaszanka
            Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: