openMetrics PMDA (OpenMetrics PMDA)
SELinux CONSIDERATIONS
Scripted config files are executed by the pmdaopenmetrics PMDA
with the same SELinux context and policy as the local pmcd(1).
For simple scripts, such as the load average example described
above, this is normally fine. However AVC errors may result for
scripts that make library or system calls that are restricted by
the prevailing SELinux context and policies. In these cases it
is not feasible to unilaterally grant pmcd or it's PMDAs an
unconfined execution policy. In these site specific cases it
will be necessary to create a local SELinux policy module. This
can be done by capturing the AVC record(s) from the local audit
log, generate a local policy module using audit2allow, and then
load the new module using semodule, e.g. as follows :
$ sudo grep '^type=AVC.*pcp' /var/log/audit/audit.log \
| audit2allow -M mypolicy
$ sudo semodule -i mypolicy.pp
If these local policies need to be persistent across reboots,
then a scriptlet similar to the above example may be added to the
local pmcd RC file (typically /etc/pcp/pmcd/rc.local). For
further details, see audit2allow(1) and semodule(1).
