ICMP device down detection not working due to SELinux

[dieselboy]

Cacti 1.1.24
OS Centos 7
PHP 5.4
Using cmd.php
Apache 2.4.6

In the device settings I have down device detection using icmp ping. This is saying icmp timeout, unless I set selinux to permissive. I'm trying to find a solution which is not disabling selinux but it's proving extremely difficult. I've found a number of threads and they mostly end with the OP stating they've disabled SELinux and it's fixed. Or they've applied some strange selinux policy effectively disabling selinux anyway.

I've done pretty well with everything working to this point with selinux enabled and I'd hope to keep it enabled. Can anyone here point me in the right direction to get "downed device detection" / icmp ping working without breaking the security of the server? I was hoping to find a solution that allows httpd to send a ping and that's it or something along those lines. To be honest I'm not actually sure if it's possible but I'm keen to try and find out.

Please could someone whom knows more than me on this provide some guidance? Or point me in a positive direction?

Many thanks

[dieselboy]

Found this: https://bugzilla.redhat.com/show_bug.cgi?id=958239

[dieselboy]

Bump.

Does cacti work with SELinux enabled?

[sdunne]

Have you set the selinux boolean httpd_can_network_connect to true ??

I have cacti running selinux enforced under OEL7.4 with the 1.1.24 tarball and mariadb 10.2.9.

it's doable.