RockyLinux 9.4 (Hyper-V VM), fresh install of LibreNMS

The install and initial setup was relatively smooth however now that I am trying to add devices/hosts I am unable to with the error that it cannot ping.

Web UI validation shows:

INFO: fping FAILURES can be ignored if running LibreNMS in a jail without ::1. You may want to test it manually: fping ::1
FAIL: /usr/sbin/fping could not be executed. /usr/sbin/fping must have CAP_NET_RAW capability (getcap) or suid. Selinux exclusions may be required. (/usr/sbin/fping: cannot bind source address : Permission denied)
FAIL: /usr/sbin/fping should have CAP_NET_RAW!
Fix:
setcap cap_net_raw+ep /usr/sbin/fping

Validation via console shows:
[librenms@LibreNMS-H5 ~]$ ./validate.php

[OK] Composer Version: 2.7.6
[OK] Dependencies up-to-date.
[WARN] You have no devices.
[FIX]:
Consider adding a device such as localhost: /addhost
[OK] Database connection successful
[OK] Database Schema is current
[OK] SQL Server meets minimum requirements
[OK] lower_case_table_names is enabled
[OK] MySQL engine is optimal
[OK] Database and column collations are correct
[OK] Database schema correct
[OK] MySQL and PHP time match
[OK] Locks are functional
[OK] Python poller wrapper is polling
[OK] Redis is unavailable
[OK] rrd_dir is writable
[OK] rrdtool version ok
[WARN] Your install is over 24 hours out of date, last update: Wed, 05 Jun 2024 13:16:33 +0000
[FIX]:
Make sure your daily.sh cron is running and run ./daily.sh by hand to see if there are any errors.

I run: setcap cap_net_raw+ep /usr/sbin/fping
with no errors and it appears to run without problems.

Despite running the apparent ‘fix’ the problem never seems to be resolved. I can manually run fping from console and it exists in the location that LibreNMS is expecting.

Where else can I look or what else can I try?

It’s definitely an SELinux problem. There are deny events in the audit log for fping via http. I’ve set SELinux to permissive temporarily and validation now works without that error as well as adding devices.

have you followed these instructions regarding selinux?

If they do not work please open a PR or reply to use with working policies so we can fix the documentation.

Those were the exact instructions I followed. Here is the output of running them again.

[root@server user]# semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/html(/.)?’
File context for /opt/librenms/html(/.)? already defined, modifying instead
[root@server user]# semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/(rrd|storage)(/.)?’
File context for /opt/librenms/(rrd|storage)(/.)? already defined, modifying instead
[root@server user]# semanage fcontext -a -t httpd_log_t "/opt/librenms/logs(/.)?"
File context for /opt/librenms/logs(/.)? already defined, modifying instead
[root@server user]# semanage fcontext -a -t httpd_cache_t '/opt/librenms/cache(/.)?’
File context for /opt/librenms/cache(/.)? already defined, modifying instead
[root@server user]# semanage fcontext -a -t bin_t ‘/opt/librenms/librenms-service.py’
File context for /opt/librenms/librenms-service.py already defined, modifying instead
[root@server user]# restorecon -RFvv /opt/librenms
Relabeled /opt/librenms/.env from system_u:object_r:httpd_sys_rw_content_t:s0 to system_u:object_r:usr_t:s0
[root@server user]# setsebool -P httpd_can_sendmail=1
[root@server user]# setsebool -P httpd_execmem 1
[root@server user]# chcon -t httpd_sys_rw_content_t /opt/librenms/.env
[root@server user]# checkmodule -M -m -o http_fping.mod http_fping.tt
checkmodule: unable to open http_fping.tt: No such file or directory
[root@server user]# cd /opt
[root@server opt]# checkmodule -M -m -o http_fping.mod http_fping.tt
[root@server opt]# semodule_package -o http_fping.pp -m http_fping.mod
[root@server opt]# semodule -i http_fping.pp

I also rebooted the server and it still doesn’t work without setting SELinux to premissive.