nrpe service unable to access puppet summary file on rhev manager

Solution Verified - Updated -

Issue

  • Problem with a nagios nrpe check which is trying to access the puppet summary file /var/lib/puppet/state/last_run_summary.yaml. This is failing because of a selinux issue on this RHEV manager server. The /var/log/audit/audit.log file display a denied message for the nrpe service process on the puppet file which indicates that this is an selinux issue.

  • Below is message

type=AVC msg=audit(1390356067.205:292816): avc:  denied  { search } for  pid=32477 comm="check_puppet_ag" name="spool" dev=vda2 ino=787121 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_spool_t:s0 tclass=dir
type=SYSCALL msg=audit(1390356067.205:292816): arch=c000003e syscall=4 success=no exit=-13 a0=79f0a0 a1=7fff42e234d0 a2=7fff42e234d0 a3=326e6f687479702f items=0 ppid=32476 pid=32477 auid=1192 uid=493 gid=492 euid=493 suid=493 fsuid=493 egid=492 sgid=492 fsgid=492 tty=(none) ses=31185 comm="check_puppet_ag" exe="/usr/bin/python" subj=unconfined_u:system_r:nrpe_t:s0 key=(null)
type=AVC msg=audit(1390356067.321:292817): avc:  denied  { search } for  pid=32477 comm="check_puppet_ag" name="puppet" dev=vda2 ino=5026 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:puppet_var_lib_t:s0 tclass=dir

Environment

  • Red Hat Enterprise Linux 6.2

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content