Collect data in ITE Work with SELinux

You may encounter these issues when you try to deploy collectd on a host that's running SELinux:

collectd's LogFile plug-in doesn't have persmissions to write to its log.
collectd can't establish a network connection and you see the CURL failed with status 7 error.

If you're running SELinux and want to deploy collectd, follow one of the following options so you don't encounter any failures.

Option 1:

Run the collectd process type in permissive mode:

semanage permissive -a collectd_t

SELinux won't deny access to collectd anymore, but you may still see the SELinux denial message.

Option 2:

Fix the blocked network connection for collectd:
```
setsebool -P collectd_tcp_network_connect 1
```
Fix the permission denied for the LogFile plug-in. collectd's log is also available from syslog, and shouldn't require any changes to access from there. Use /var/log/collectd.log in collectd.conf for the LogFile plug-in.

Create the mypolicy.te file with this content:

module mypolicy 1.0;

require {
type var_log_t;
type collectd_t;
class dir { add_name read write };
class file { create open write };
}

#============= collectd_t ==============

allow collectd_t var_log_t:dir { add_name write };
allow collectd_t var_log_t:file open;
allow collectd_t var_log_t:file create;

Compile mypolicy.te:

$ checkmodule -M -m -o mypolicy.mod mypolicy.te
$ semodule_package -o mypolicy.pp -m mypolicy.mod

Apply the policy package mypolicy.pp to SELinux:
```
$ semodule -i mypolicy.pp
```

Documentation

Collect data in ITE Work with SELinux

Option 1:

Option 2: