RRDCached在CentOS/Rocky8更新後被SELinux擋下
有一台安裝Librenms/CentOS 8的機器,在不小心手滑的狀況下
更新到最新的版本
上面有跑RRDCached,更新重啟後發現被SELinux攔下
搜尋了一下,發現有類似的狀況
要調整rrdcached的SELinux規則如下
cat > rrdcached_librenms.te << EOF module rrdcached_librenms 1.0; require { type httpd_t; type httpd_sys_rw_content_t; type rrdcached_t; type var_run_t; class capability { dac_read_search fsetid }; class dir { getattr search }; class file { getattr lock map open read write }; class sock_file { create setattr unlink write }; class unix_stream_socket connectto; class tcp_socket { listen }; } #============= httpd_t ============== allow httpd_t rrdcached_t:unix_stream_socket connectto; allow httpd_t var_run_t:sock_file write; #============= rrdcached_t ============== allow rrdcached_t httpd_sys_rw_content_t:dir { getattr search }; allow rrdcached_t httpd_sys_rw_content_t:file map; allow rrdcached_t httpd_sys_rw_content_t:file { getattr lock open read write }; allow rrdcached_t self:capability { dac_read_search fsetid }; allow rrdcached_t var_run_t:sock_file { create setattr unlink }; allow rrdcached_t self:tcp_socket { listen }; EOF checkmodule -M -m -o rrdcached_librenms.mod rrdcached_librenms.te semodule_package -o rrdcached_librenms.pp -m rrdcached_librenms.mod semodule -i rrdcached_librenms.pp
即可修復此狀況