@JohnnyBBravo Thanks for reporting back, glad you sorted out your issue
Actually, i found out i was still having issues with rrdcached. Even though the service started, i didn’t get any graphs and after some digging i foud it was still missing SElinux permissions.
The final iteration (that actually works) is now:
module rrdcached_librenms 1.0;
require {
type httpd_t;
type httpd_sys_rw_content_t;
type rrdcached_t;
type var_run_t;
class capability { dac_read_search fsetid };
class dir { add_name getattr remove_name search write };
class file { create getattr lock map open read rename setattr write };
class sock_file { create setattr unlink write };
class unix_stream_socket connectto;
class tcp_socket { accept listen };
class tcp_socket name_connect;
type ephemeral_port_t;
}
#============= httpd_t ==============
allow httpd_t rrdcached_t:unix_stream_socket connectto;
allow httpd_t var_run_t:sock_file write;
allow httpd_t ephemeral_port_t:tcp_socket name_connect;
#============= rrdcached_t ==============
allow rrdcached_t httpd_sys_rw_content_t:dir { add_name getattr remove_name search write };
allow rrdcached_t httpd_sys_rw_content_t:file map;
allow rrdcached_t httpd_sys_rw_content_t:file { create getattr lock open read rename setattr write };
allow rrdcached_t self:capability { dac_read_search fsetid };
allow rrdcached_t var_run_t:sock_file { create setattr unlink };
allow rrdcached_t self:tcp_socket { accept listen };
Hope this helps whoever gets stuck with using rrdcached over tcp
1 Like