After updating from EL 6.1 to 6.2, the Nagios “check_disk” plugin suddenly stopped working with “Permission denied” errors. This problem is related to the SElinux policy (you *are* running with SElinux enabled, aren’t you?).
By default, these AVC denials are not logged in /var/log/audit/audit.log which makes this problem harder to spot (if you want, you can enable all audit-messages by running semodule -DB).
There are at least two relevant entries in Bugzilla:
- Bug 771245 – nagios-plugins-disk fails when checking /boot on RHEL6.2 boxes
- Bug 768055 – SELinux silent denials of Nagios NRPE check of /boot
Fortunately, there is a simple workaround while we wait for an updated selinux-policy package. As root, do the following:
chcon -t nagios_unconfined_plugin_exec_t /usr/lib64/nagios/plugins/check_disk
Or, for 32-bit systems:
chcon -t nagios_unconfined_plugin_exec_t /usr/lib/nagios/plugins/check_disk
No need to restart anything; just wait until Nagios re-checks the service and the problem should be gone. Enjoy!