Zabbix 3.2 on Centos 7 w selinux enabled.
I've got a strange problem with the agent and PSK that I dont have with the proxy, which both run on the same box.
On startup, the agent is throwing this error in the logs
"cannot open file "/var/lib/zabbix/.psk": [13] Permission denied"
The proxy also reads that same file w/o out any problems.
I created this semod
And I stopped getting these.
Now I'm getting
Now if I 'su - zabbix' and run 'zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf'
Everything works fine!
Anyone have any suggestions as to why this might be.
I've got a strange problem with the agent and PSK that I dont have with the proxy, which both run on the same box.
On startup, the agent is throwing this error in the logs
"cannot open file "/var/lib/zabbix/.psk": [13] Permission denied"
The proxy also reads that same file w/o out any problems.
Code:
[root@zabbix-proxy ~]# ls -laZ /var/lib/zabbix/.psk -rw-r-----. zabbix zabbix system_u:object_r:zabbix_var_lib_t:s0 /var/lib/zabbix/.psk
Code:
module zabbix_agentd_readPSK 1.0;
require {
type zabbix_agent_t;
type zabbix_var_lib_t;
class file open;
}
#============= zabbix_agent_t ==============
allow zabbix_agent_t zabbix_var_lib_t:file open;
Code:
avc: denied { open } for pid=2347 comm="zabbix_agentd" path="/var/lib/zabbix/.psk" dev="dm-0" ino=9130341 scontext=system_u:system_r:zabbix_agent_t:s0 tcontext=system_u:object_r:zabbix_var_lib_t:s0 tclass=file
Code:
avc: denied { read } for pid=5104 comm="zabbix_agentd" name=".psk" dev="dm-0" ino=9130341 scontext=system_u:system_r:zabbix_agent_t:s0 tcontext=system_u:object_r:zabbix_var_lib_t:s0 tclass=file
Now if I 'su - zabbix' and run 'zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf'
Everything works fine!
Anyone have any suggestions as to why this might be.