Ping Results ICMP ping Timed out 0.8.8b

[ndhami23]

Hi,
I have setup a new server on CentOS release 6.4 OS and install cacti 0.8.8b on it, everything is fine but i am getting ICMP ping Timed out for Ping Results. when i checked the log i am getting

Dec 27 15:42:23 cacti-ipnet kernel: type=1400 audit(1388138243.303:33420): avc: denied { create } for pid=23069 comm="ping" scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=rawip_socket

log messages related to selinux. when i disable selinux icmp timed out error goes away but i dont want to disable selinux on my server for security reason. Is there any way to solve this issue either disabling selinux for icmp or any other way?

Thank you in advance !!!

[duffrecords]

I'm having the same problem. I tried creating the following SELinux policy based on recommendations from audit2allow:

Code: Select all

module httpd_ping 1.0;

require {
	type httpd_t;
	class capability net_raw;
	class rawip_socket { getopt create setopt };
}

#============= httpd_t ==============
allow httpd_t self:capability net_raw;
allow httpd_t self:rawip_socket { getopt create setopt };

However, ICMP ping still times out but now no denials appear in audit.log. This may not be the smartest way to go about fixing it but, on a scale of scalpel to hatchet, it's probably somewhat closer to the former.