Hello,
My issue is similar to the one described here: https://www.zabbix.com/forum/zabbix-...ustom-template. I am trying to add Nvidia Sensors template to monitor the GPU on a server. I added the UserParameters to the agent config on the GPU server as described here https://github.com/zabbix/community-...ntegration/6.0.
I get the following error from the Nvidia Sensor items:
Upon investigating, I see that selinux is restricting this.
I don't want to disable selinux and don't wanna go with the suggestions provided by selinux logs as I'm not sure if they are the best ones. Please share the fix for this issue.
Thanks,
My issue is similar to the one described here: https://www.zabbix.com/forum/zabbix-...ustom-template. I am trying to add Nvidia Sensors template to monitor the GPU on a server. I added the UserParameters to the agent config on the GPU server as described here https://github.com/zabbix/community-...ntegration/6.0.
I get the following error from the Nvidia Sensor items:
Value of type "string" is not suitable for value type "Numeric (float)". Value "sh: /usr/bin/nvidia-smi: Permission denied"
Code:
cat /var/log/audit/audit.log
type=AVC msg=audit(1692020151.457:28333): avc: denied { execute } for pid=2053039 comm="sh" name="nvidia-smi" dev="dm-0" ino=2071468 scontext=system_u:system_r:zabbix_agent_t:s0 tcontext=system_u
bject_r:xserver_exec_t:s0 tclass=file permissive=0
bject_r:xserver_exec_t:s0 tclass=file permissive=0
Code:
cat /var/log/messages
SELinux is preventing /usr/bin/bash from execute access on the file /usr/bin/nvidia-smi. For complete SELinux messages run: sealert -l 33213cc2-0991-4736-913f-f1750a8ff497
SELinux is preventing /usr/bin/bash from execute access on the file /usr/bin/nvidia-smi.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that bash should be allowed execute access on the nvidia-smi file by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'sh' --raw | audit2allow -M my-sh#012# semodule -X 300 -i my-sh.pp#012
SELinux is preventing /usr/bin/bash from execute access on the file /usr/bin/nvidia-smi.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that bash should be allowed execute access on the nvidia-smi file by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'sh' --raw | audit2allow -M my-sh#012# semodule -X 300 -i my-sh.pp#012
Code:
zabbix_get -s gpuserver -k gpu.free
sh: /usr/bin/nvidia-smi: Permission denied
Thanks,