CentOS - Oct 2014 - Centos 6.5 - Fping - SE Linux - Missing type enforcement (TE) allow rule

Hi gents,

I seem to have a small issue with fping and Observium(a monitoring 
solution). The particular VPS I'm using does have SELinux enabled and it 
seems to be causing issues when the httpd process is attempting to use 
Fping?

Here is what I know so far :

Output from "audit2why -a" :

---------------
type=AVC msg=audit(1414265994.125:6744): avc:  denied  { create } for  
pid=8968 comm="fping" scontext=unconfined_u:system_r:httpd_t:s0
       Was caused by:
                 Missing type enforcement (TE) allow rule.

                 You can use audit2allow to generate a loadable module 
to allow this access.

---------------

Which does seem to confirm that something is wrong between httpd and fping.

I then ran "audit2allow -M fping-httpd < audit2allow" which did
create
both the .te and .pp files. The issue is that inside the .te file, I 
have a warning saying that the rules already exists! Which does make 
sense since I had to allow those particular function for the Mysql
connection to function properly.

---------------
.te file :

"module fping-httpd 1.0;

require {
         type httpd_t;
         class capability net_raw;
         class rawip_socket create;
}

#============= httpd_t =============
#!!!! This avc is allowed in the current policy
allow httpd_t self:capability net_raw;
allow httpd_t self:rawip_socket create;
"
---------------

Is the "Missing type enforcement" related to all of this? I really
don't
want to disable SELinux and would rather learn to actually use it properly.

Thank you!

On Sat, Oct 25, 2014 at 04:22:38PM -0400, admin wrote:
> #!!!! This avc is allowed in the current policy
> allow httpd_t self:capability net_raw;
> allow httpd_t self:rawip_socket create;
This confusing output means that the first "allow" line is in the
current policy, and the second is not.

-- greg