Hi

I have rhel8 box with zabbix 5.4 installed. Working nicely


I am trying to use router BGP json template.
which uses ssh.run
I have made a slight change to it to use ssh keys.

I have set the ssh key location in zabbix server config

and when i am in permissive mode it works.

when i turn it on to enforcing it fails

I tried
# made sure to log do not log
semodule -DB

ausearch -ts recent | audit2allow -D -M zabbix-fix
and then loading the module (i did it in permissive mode so it should capture all of the warnings)
it doesn't work

I'm at a loss.

zabbix home
/home/zabbix
ssh -> /home/zabbix/.ssh


drwx------. 2 zabbix zabbix unconfined_ubject_r:ssh_home_t:s0 77 Jan 13 18:17 .ssh
drwxr-xr-x. 3 zabbix zabbix unconfined_ubject_r:user_home_dir_t:s0 181 Jan 13 19:12 .


I have to run it in permissive mode - which i don't want to do .. but i can't seem to find the issue
I think .. is the contect for .ssh

user_home_dir_t is for /home/zabbix and audit2allow always references it !
bit .ssh is ssh_home_t

the error from zabbix - test item is can not access <file name>

when i turn into the user I can access the file