I have been fighting a problem with Nagios this morning. I can confirm that SELinux is causing the problem. For short term it is acceptable to set "Permissive" mode, but for long term we need to have SELinux running.
The problem started when I upgraded the Nagios host server from CentOS 7.2 to 7.3. That brought in a major new version of Nagios. My environment looks like this:
OS = CentOS 7 64-bit, kernel = 3.10.0-327.3.1
Nagios = version 4.0.8-1 installed from CentOS repository
The error message from /var/log/nagios/nagios.log:
Code: Select all
[1450277255] Nagios 4.0.8 starting... (PID=23335)
[1450277255] Local time is Wed Dec 16 08:47:35 CST 2015
[1450277255] LOG VERSION: 2.0
[1450277255] qh: Failed to init socket '/var/log/nagios/rw/nagios.qh'. unlink()
failed: Permission denied
[1450277255] Error: Failed to initialize query handler. Aborting
Code: Select all
[root@itdata nagios]# ll -Z /var/log/nagios
drwxr-x---. nagios nagios system_u:object_r:nagios_log_t:s0 archives
-rw-r--r--. nagios nagios system_u:object_r:nagios_log_t:s0 nagios.log
-rw-r--r--. nagios nagios system_u:object_r:nagios_log_t:s0 objects.cache
-rw-------. nagios nagios system_u:object_r:nagios_log_t:s0 retention.dat
drwxr-xr-x. nagios nagios system_u:object_r:nagios_log_t:s0 rw
drwxr-x---. nagios nagios system_u:object_r:nagios_log_t:s0 spool
-rw-rw-r--. nagios nagios system_u:object_r:nagios_log_t:s0 status.dat
[root@itdata nagios]# ll -Z rw
srw-rw----. nagios nagios system_u:object_r:nagios_log_t:s0 nagios.qh
What should the SELinux context and permissions be for the rw directory?
Thanks - Bill Gee