Nagios - SELinux AVC Denial
 

Hi all (apologies if I shouldn't post this here, please tell me and Ill move the question elsewhere)

I'm a noob as they say at Linux but trying to learn. I'm trying to run a program called Nagios on Fedora. A slight niggle is that when I fist start the PC I cannot logon to the browser localhost to access the nagios control console. I always get a star in the top right corner of the screen saying (see below)

I have found if I run a terminal as root and type "service httpd restart" it starts ok and works fine. Is there a way (dummy's guide if possible) to do this automatically when I start the pc?

Thanks in advance

Dave

SummarySELinux is preventing /bin/ping (ping_t) "read write" to /usr/local/nagios/var/rw/nagios.cmd (usr_t).Detailed DescriptionSELinux denied access requested by /bin/ping. It is not expected that this access is required by /bin/ping and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.Allowing AccessSometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for /usr/local/nagios/var/rw/nagios.cmd, restorecon -v /usr/local/nagios/var/rw/nagios.cmd If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report against this package.

If you could, put SELinux in permissive mode. It should work, but you loose the SELinux protection.
I have Nagios running on a F7 too, and SELinux in permissive mode was the only way to get it running. Not only the web interface itself, but you will found problems in running some check_commands, nrpe checks and receiving nsca asynchronous data.

Until someone create a SE policy or whatever to nagios, I think this is the only way...