Unable to write to check_result_path

[pratik.patel]

same issue.... I have PM you log

[pratik.patel]

[root@xxxxx ]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28

[pratik.patel]

selinux is in enforcing mode and due to security I am not suppose to disable it. In my company every machine running centos 7 has selinux in enforcing mode.

When I disabled it to check whether it solves my issue or not and it did solve my issue but I do not wan to make it disabled.

So do you have any other solution with selinux enabled ?

Thanks,
Pratik

[dwhitfield]

When you say same issue, you mean you are not able to run the upgrade with SELinux turned off?

We do not support SELinux in enforcing, but if you have an SELinux expert in your organization, they may be able to get it working. I know some customers have gotten it working. It's likely you'll have to turn if off for upgrades, but if you can script the appropriate context that may end up not being a big deal.

[pratik.patel]

with selinux enabled I am able to run upgrade.

with same issue mean to say (selinux enabled):
Error: Unable to write to check_result_path ('/usr/local/nagios/var/spool/checkresults') - Permission denied

getting below message:
PROFILE BUILD FAILED
Array
(
)
CODE: 1

when I disable selinux above issues are solved.

[dwhitfield]

when I disable selinux above issues are solved.

For clarity, you mean all of the issues, or just the profile issue?

While https://support.nagios.com/forum/viewto ... =7&t=33090 is strictly speaking for Core, it may help you set up your SE Linux context correctly.

[pratik.patel]

both profile issue and check_result_path permission issue. I don't know what else is hidden in nagios xi

[dwhitfield]

I don't know what else is hidden in nagios xi

In large part, /usr/local/nagios vs. /usr/local/nagiosxi.

It will vary some from version to version, but there's also the following:

Code: Select all

/run/systemd/generator.late/nagiosxi.service
/run/systemd/generator.late/runlevel5.target.wants/nagiosxi.service
/run/systemd/generator.late/runlevel4.target.wants/nagiosxi.service
/run/systemd/generator.late/runlevel3.target.wants/nagiosxi.service
/run/systemd/generator.late/runlevel2.target.wants/nagiosxi.service
/sys/fs/cgroup/systemd/system.slice/nagiosxi.service
/etc/httpd/conf.d/ssl.conf.nagiosxibackup
/etc/httpd/conf.d/nagiosxi.conf
/etc/rc.d/init.d/nagiosxi
/etc/rc.d/rc2.d/S99nagiosxi
/etc/rc.d/rc3.d/S99nagiosxi
/etc/rc.d/rc4.d/S99nagiosxi
/etc/rc.d/rc5.d/S99nagiosxi
/etc/cron.d/nagiosxi
/etc/logrotate.d/nagiosxi
/var/lib/yum/repos/x86_64/7/nagiosxi-deps
/var/lib/yum/yumdb/n/072cf97190d0b3d4fe50664c6a7e4fd4954889fc-nagiosxi-deps-el7-5.4.3-1-noarch
/var/lib/mysql/nagiosxi
/var/cache/yum/x86_64/7/nagiosxi-deps
/var/tmp/yum-nagios-CoRuMV/x86_64/7/nagiosxi-deps
/usr/local/nagios/share/images/logos/nagiosxiserver.png
/usr/local/nagios/libexec/check_nagiosxiserver.php
/store/backups/mysql/
/store/backups/nagiosxi

[pratik.patel]

We do not support SELinux in enforcing, but if you have an SELinux expert in your organization, they may be able to get it working. I know some customers have gotten it working. It's likely you'll have to turn if off for upgrades, but if you can script the appropriate context that may end up not being a big deal.

Is this specified in any of your document that you do not support selinux in enforcing? And company using centos 7 always has selinux enabled due to PCI compliance.

[dwhitfield]

2. We recommend and will only support installing Nagios XI on a newly installed, “clean” system (a bare
minimal install with nothing else installed or configured).

https://assets.nagios.com/downloads/nag ... -Linux.pdf

SELinux is not in enforcing by default, and thus is something configured.

This is not to say that once you get things installed you can't turn it on. We certainly have customers that do that. However, if you run into issues, we may have you turn it off as a trouble-shooting step. We do not test SELinux in enforcing mode, so even if you can get it to work, we cannot guarantee it will continue to work.