Tag Archives: selinux - Page 2

Kraków DevOPS Meetup #3: Docker

docker

Tommorow I’ll give another talk at #Kraków #DevOPS meetup which will take place in The Base office. I’ll cover the subject of Docker integration with Red Hat / CentOS and Fedora as well as I’ll tell something about Docker SELinux collaboration.

Presentations / Lightning talks:

  • Communication between Docker containers – Zaiste 
  • RedHat/Fedora/CentOS & SELinux + Docker – we have a long way to go babe – Maciek Lasyk 
  • Docker + Ansible + MariaDB + tt-rss – Łukasz Proszek
  • Local development with Docker – Mirosław Nagaś
  • + Q&A with all speakers 

If you’d like to join – just register at the meetup webpage: http://www.meetup.com/Krakow-DevOps/events/165916812/

SELinux && Ganglia / Multicast && Apache && RRDs

SELinuxWhile setting up test server with Ganglia triad (gmetad, gmond, gweb over Apache) I had only 2 SELinux alerts to solve. First one regarding to denial of /var/lib/ganglia/rrd access by httpd process (while accessing ganglia-web interface):

In order to resolve that I just added SELinux contexts to rrdtool binary and /var/lib/ganglia/rrds dir:

The last SELinux alert was regarding to Apache trying to access port 8652 by socket connection (on ganglia-web I saw error like “fsockopen 8652 access denied”):

So I had to create local policy for this particular occasion as there is no ganglia modules for SELinux (maybe I should create one…?). Firstly let’s check that there’s no even one module:

So let’s create this policy:

After this everything should work like a charm. To confirm that We have this new policy working: