How to Create SELinux policies for Zabbix

What SeLinux ?

Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies, including mandatory access controls (MAC).

SELinux is a set of kernel modifications and user-space tools that have been added to various Linux distributions. Its architecture strives to separate enforcement of security decisions from the security policy itself, and streamlines the amount of software involved with security policy enforcement. The key concepts underlying SELinux can be traced to several earlier projects by the United States National Security Agency (NSA).

Configure SeLinux

When running the zabbix server when Selinux is in starting mode

You will get an error message in /var/log/zabbix/zabbix_server.log

cannot set resource limit: [13] Permission denied


First as the message says zabbix server needs to set some resource limits.

To do so will need to have permissions from selinux. Run the following to see the error and transform it into a format that selinux can load later.

Load this policy with :

At this point zabbix server can be started :

If you need to connect to a database such as mysql/postgreSQL you will need to allow zabbix server again … (note: I used mysql/mariadb)

Load this policy with :

Note: This may apply to any other version of Linux distros/versions that use Selinux though I only tried on CentOS 7.

Leave a reply:

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Site Footer