{"id":260,"date":"2017-06-08T20:07:36","date_gmt":"2017-06-09T00:07:36","guid":{"rendered":"https:\/\/www.grumpyland.com\/blog\/?p=260"},"modified":"2017-06-08T20:08:34","modified_gmt":"2017-06-09T00:08:34","slug":"how-to-use-newrelic-with-selinux","status":"publish","type":"post","link":"https:\/\/www.grumpyland.com\/blog\/260\/how-to-use-newrelic-with-selinux\/","title":{"rendered":"How to use NewRelic with SELinux"},"content":{"rendered":"

NewRelic doesn’t seem to work with SELinux out of the box and it appears it’s out of the scope of NR’s support<\/a>. So, here’s how to run NR while having SELinux protection.<\/p>\n

First, we’re going to create the rule file:<\/p>\n

# mkdir ~\/newrelic\r\n# cd ~\/newrelic\r\n# nano newrelic.te<\/pre>\n
The contents of the file should be:
\nIt’s a bit more than what it needs if you use only certain features of newrelic, but this seems to get all, if not most of them.<\/p>\n
module newrelic 1.0;\r\n\r\nrequire {\r\n\ttype httpd_t;\r\n\ttype tmp_t;\r\n\ttype initrc_var_run_t;\r\n\ttype initrc_tmp_t;\r\n\ttype initrc_t;\r\n\tclass sock_file write;\r\n\tclass unix_stream_socket connectto;\r\n\tclass file { read write open };\r\n}\r\n\r\n#============= httpd_t ==============\r\nallow httpd_t initrc_t:unix_stream_socket connectto;\r\nallow httpd_t initrc_tmp_t:file open;\r\nallow httpd_t initrc_var_run_t:file { read write };\r\nallow httpd_t tmp_t:sock_file write;<\/pre>\n
Then we’re going to add this to SELinux<\/p>\n
# checkmodule -M -m -o newrelic.mod newrelic.te\r\n# semodule_package -m newrelic.mod -o newrelic.pp\r\n# sudo semodule -i newrelic.pp<\/pre>\n
That’s it!<\/p>\n","protected":false},"excerpt":{"rendered":"
NewRelic doesn’t seem to work with SELinux out of the box and it appears it’s out of the scope of NR’s support. So, here’s how to run NR while having SELinux protection. First, we’re going to create the rule file: # mkdir ~\/newrelic # cd ~\/newrelic # nano newrelic.te The contents of the file should […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"_vp_format_video_url":"","_vp_image_focal_point":[],"footnotes":""},"categories":[15],"tags":[20,45,47,46],"class_list":["post-260","post","type-post","status-publish","format-standard","hentry","category-tutorial","tag-centos","tag-newrelic","tag-rhel","tag-selinux"],"_links":{"self":[{"href":"https:\/\/www.grumpyland.com\/blog\/wp-json\/wp\/v2\/posts\/260","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.grumpyland.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.grumpyland.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.grumpyland.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.grumpyland.com\/blog\/wp-json\/wp\/v2\/comments?post=260"}],"version-history":[{"count":3,"href":"https:\/\/www.grumpyland.com\/blog\/wp-json\/wp\/v2\/posts\/260\/revisions"}],"predecessor-version":[{"id":263,"href":"https:\/\/www.grumpyland.com\/blog\/wp-json\/wp\/v2\/posts\/260\/revisions\/263"}],"wp:attachment":[{"href":"https:\/\/www.grumpyland.com\/blog\/wp-json\/wp\/v2\/media?parent=260"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.grumpyland.com\/blog\/wp-json\/wp\/v2\/categories?post=260"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.grumpyland.com\/blog\/wp-json\/wp\/v2\/tags?post=260"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}