Skip to content

Commit

Permalink
Add selinux workaround for zabbix-server
Browse files Browse the repository at this point in the history 
the server, as the agent, have issues with running selinux. their
shipped policy isn't complete. As a workaround we provide our own
selinux module.
  • Loading branch information
@bastelfreak
bastelfreak committed Jun 5, 2017
1 parent bd2fb4b commit b28a27f
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 0 deletions.
9 changes: 9 additions & 0 deletions files/zabbix-server.te
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
module zabbix-server 1.0;

require {
type zabbix_t;
class process setrlimit;
}

#============= zabbix_t ==============
allow zabbix_t self:process setrlimit;
6 changes: 6 additions & 0 deletions manifests/server.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -561,6 +561,12 @@
selboolean{'zabbix_can_network':
persistent => true,
value => 'on',
notify => Service[$server_service_name],
}
-> selinux::module{'zabbix-server':
ensure => 'present',
source_te => 'puppet:///modules/zabbix/zabbix-server.te',
before => Service[$server_service_name],
}
}
}

0 comments on commit b28a27f

Please sign in to comment.