>>>> "SJS" == Stephen John Smoogen
<smooge(a)gmail.com> writes:
SJS> Selinux may have issues and I am trying to work through a proper
SJS> way to update the selinux policy for it without over-writing items.
You might need new policy if the new nagios does things that the old one
didn't, like call out to different programs, connect to different
network sockets, etc. However, since you moved files around, your
biggest problem would be file contexts.
Best thing to do is look at the existing rules:
# semanage fcontext -l | grep nagios
will show you:
/var/spool/nagios(/.*)? all files
system_u:object_r:nagios_spool_t:s0
/var/run/nagios.* all files
system_u:object_r:nagios_var_run_t:s0
/var/log/nagios(/.*)? all files
system_u:object_r:nagios_log_t:s0
So, hmm, the existing policy does already categorize things in those
directories differently, and moving things around between those
directories might upset the existing policy (though it might not).
You'll definitely want to run permissive for a bit and collect AVCs.
- J<