Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-7537

zabbix agent can't get proc.num[anyproc] when selinux is in enforcing mode ScientificLinux 6.3

XMLWordPrintable

    • Icon: Incident report Incident report
    • Resolution: Won't fix
    • Icon: Critical Critical
    • None
    • 2.0.10
    • Agent (G)
    • ScientificLinux 6.3

      After autoupdate from your repository, zabbix agent stopped collectiong proc.cum items on machines with enforcing selinux. Previously we had 2.0.9 and it was working fine. No changes were made to machine since 2.0.9

      Line from audit.log (we had many of these in logs with variating PID)

      type=SYSCALL msg=audit(1386919882.361:4431138): arch=c000003e syscall=4 success=no exit=-13 a0=7fff2fcb5b90 a1=7fff2fcb42c0 a2=7fff2fcb42c0 a3=0 items=0 ppid=21023 pid=21028 auid=0 uid=498 gid=496 euid=498 suid=498 fsuid=498 egid=496 sgid
      =496 fsgid=496 tty=(none) ses=77988 comm="zabbix_agentd" exe="/usr/sbin/zabbix_agentd" subj=system_u:system_r:zabbix_agent_t:s0 key=(null)
      type=AVC msg=audit(1386919882.361:4431139): avc: denied

      { getattr }

      for pid=21028 comm="zabbix_agentd" path="/proc/52/cmdline" dev=proc ino=112758410 scontext=system_u:system_r:zabbix_agent_t:s0 tcontext=system_u:system_r:kernel_t:s0 t
      class=file

            Unassigned Unassigned
            michal.paal Michal Paal
            Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: