Documentation: Remove wrong selinux description

refs #6704
Icinga · Aug 29, 2014 · a7aba78 · a7aba78
1 parent ee5b0af
commit a7aba78
Show file tree

Hide file tree

Showing 2 changed files with 0 additions and 75 deletions.
diff --git a/doc/2-getting-started.md b/doc/2-getting-started.md
@@ -749,61 +749,6 @@ Change "www-data" to the user you're using to run queries.
 > Packages will do that automatically. Verify that by running `id <your-webserver-user>` and skip this
 > step.
 
-> **Note**
->
-> With SELinux enabled in `targetted` or `permissive` mode, you need to add a
-> new policy allowing external users to access the external command pipe fifo.
-> The [external command pipe SELinux policy documentation](#external-command-pipe-selinux-policy)
-> provides details on that.
-
-#### <a id="external-command-pipe-selinux-policy"></a> SELinux Policy for External Command Pipe
-
-First, verify that the `/var/log/audit/audit.log` contains errors when accessing
-the external command pipe `icinga2.cmd` and use the [audit2allow](http://fedoraproject.org/wiki/SELinux/audit2allow)
-tool to generate a type enforcement policy.
-
-    # grep 'icinga2.cmd' /var/log/audit/audit.log | audit2allow -m icinga2 > icinga2.te
-
-The generated policy looks like this:
-
-    # cat icinga2.te
-
-    module icinga2 1.0;
-
-    require {
-    	type var_run_t;
-    	type httpd_t;
-    	type ping_t;
-    	class fifo_file { write read getattr open };
-    }
-
-    #============= httpd_t ==============
-    allow httpd_t var_run_t:fifo_file { write getattr open };
-
-    #============= ping_t ==============
-    allow ping_t var_run_t:fifo_file read;
-
-Now tell `audit2allow` to generate a custom policy module which can be imported
-using the `semodule` command.
-
-    # grep 'icinga2.cmd' /var/log/audit/audit.log | audit2allow -M icinga2
-    ******************** IMPORTANT ***********************
-    To make this policy package active, execute:
-
-    semodule -i icinga2.pp
-
-    # semodule -i icinga2.pp
-
-If you want to remove a custom policy module, obtain a list of modules and
-remove it by its name.
-
-    # semodule -l
-    # semodule -r icinga2
-
-That way your [user interfaces](setting-up-icinga2-user-interfaces) and other
-tools may write to the command pipe without disabling SELinux.
-
-
 ## <a id="setting-up-livestatus"></a> Setting up Livestatus
 
 The [MK Livestatus](http://mathias-kettner.de/checkmk_livestatus.html) project
@@ -851,13 +796,6 @@ are expected to be in `/var/log/icinga2/compat`. A different path can be set usi
 
     # icinga2-enable-feature compatlog
 
-> **Note**
->
-> With SELinux enabled in `targetted` or `permissive` mode, you need to add a
-> new policy allowing external users to access the Livestatus unix socket.
-> The [external command pipe SELinux policy documentation](#external-command-pipe-selinux-policy)
-> provides details on that.
-
 ## <a id="setting-up-icinga2-user-interfaces"></a> Setting up Icinga 2 User Interfaces
 
 Icinga 2 is compatible with Icinga 1.x user interfaces by providing additional

diff --git a/doc/3-monitoring-basics.md b/doc/3-monitoring-basics.md
@@ -1631,12 +1631,6 @@ a forced service check:
     Oct 17 15:01:25 icinga-server icinga2: Executing external command: [1382014885] SCHEDULE_FORCED_SVC_CHECK;localhost;ping4;1382014885
     Oct 17 15:01:25 icinga-server icinga2: Rescheduling next check for service 'ping4'
 
-> **Note**
->
-> With SELinux enabled in `targetted` or `permissive` mode, you need to add a
-> new policy allowing external users to access the external command pipe fifo.
-> The [external command pipe SELinux policy documentation](#external-command-pipe-selinux-policy)
-> provides details on that.
 
 ### <a id="external-command-list"></a> External Command List
 
@@ -1899,13 +1893,6 @@ Other to the Icinga 1.x Addon, Icinga 2 supports two socket types
 Details on the configuration can be found in the [LivestatusListener](#objecttype-livestatuslistener)
 object configuration.
 
-> **Note**
->
-> With SELinux enabled in `targetted` or `permissive` mode, you need to add a
-> new policy allowing external users to access the Livestatus unix socket.
-> The [external command pipe SELinux policy documentation](#external-command-pipe-selinux-policy)
-> provides details on that.
-
 ### <a id="livestatus-get-queries"></a> Livestatus GET Queries
 
 > **Note**