Nagios unconfined plugin cannot monitor systemd services

Solution Verified - Updated -

Issue

  • Custom Nagios plugins executing as nagios_unconfined_plugin_t SELinux domain cannot execute systemctl status commands
  • The systemctl status command hangs for 25 seconds and returns nothing

  • A USER_AVC related to init_t and nagios_unconfined_plugin_t is seen in the audit log

    type=USER_AVC msg=...: pid=1028 uid=81 ... subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  denied  { send_msg } for msgtype=method_return ... spid=1 tpid=4800 scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:nagios_unconfined_plugin_t:s0 tclass=dbus permissive=0  exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'

Environment

  • Red Hat Enterprise Linux 8
    • nagios
    • SELinux

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content