I found a problem, that if we enable the SELinux, then the client installation will fail, if we disable it, then the installation will succeed.
Do we have a requirement to disable the SELinux for the client installation?
If so, why we do not mention it in the document?
This is a good question, and I definitely don’t know the answer myself.
Does the client seem to function normally once SELinux is reenabled?
Do you know what about SELinux would prevent the installation?
The answer seems to vary depending on how you have SELinux set up. Some people are able to install without disabling SELinux, some are not.
BigFix on Linux (as my users love to tell me) does not do things in the normal Linux fashion. I have to get an ear full every time a new sysadmin comes on board, so I feel your pain. BUT, we have gotten it to work with SELinux and AppArmor applied.
Questions:
Is the installation failing or is the service not starting?
What Distro and Version are you instilling on?
Some common things to check…
I am far from a Linux guru, but am glad to help as I can.
-c
Reviving old conversation as to keep everything in one spot for next victim.
ctan,
Number 1 and 2 do seem like keys to wrangle SELinux
My BigFix agent has these labels
-rwxr-xr-x. root root system_u:object_r:bin_t:s0 /opt/BESClient/bin/BESClient
but when launched via systemd ends up unconfined
unconfined_u:system_r:initrc_t:s0 root 21897 1 2 Jan30 ? 00:30:35 /opt/BESClient/bin/BESClient
Can you outline your semanage commands? This thread makes it sound as though it needs to run unconfined. https://www.ibm.com/developerworks/community/forums/html/topic?id=77777777-0000-0000-0000-000014734035
As far as the port, do you know what needs to be defined so I could bind the port with
semanage port -a -t bes_port_t -p tcp 52311
semanage port -a -t bes_port_t -p udp 52311