collectd: Control SELinux domain permissiveness

It seems with each new release of Fedora, some feature or other of *collectd* gets broken. In Feodra 36, the *interfaces* plugin does not seem to work reliably, and the *md* plugin logs a *lot* of errors. While these issues are investigated upstream, we either need to manage our own policy for collectd or mark the `collectd_t` domain permissive. I chose the latter because I'm lazy and I don't consider collectd to be that big of a threat to security.
2022-07-24 10:32:29 -05:00
parent 6f11a4cf3a
commit c9dbaa32b9
2 changed files with 11 additions and 0 deletions
--- a/host_vars/nvr1.pyrocufflink.blue.yml
+++ b/host_vars/nvr1.pyrocufflink.blue.yml
@@ -1,3 +1,8 @@
 collectd_plugins:
  md: true
  thermal: true
+
+# collectd generates a bunch of AVC denials on Fedora 36.  We'll mark
+# its domain permissive until the problems are identified and resolved
+# upstream.
+collectd_selinux_permissive: true