Zabbix and selinux

Using Zabbix I am monitoring MySQL instance data.

To allow the Zabbix agent to connect MySQL and run MySQL command we need to add an exception for SELinux rules.

module zabbix_agent_mysql 1.0;

require {
    type mysqld_t;
    type mysqld_etc_t;
    type zabbix_agent_t;
    type zabbix_var_lib_t;
    class file { open read };
    class unix_stream_socket connectto;

#============= zabbix_agent_t ==============
allow zabbix_agent_t mysqld_etc_t:file { open read };

#!!!! This avc can be allowed using the boolean 'daemons_enable_cluster_mode'
allow zabbix_agent_t mysqld_t:unix_stream_socket connectto;
allow zabbix_agent_t zabbix_var_lib_t:file { open read };

Leave a Reply

Your email address will not be published. Required fields are marked *