Many issues reported with scanning subnets and updating host statuses are related to SElinux being enabled. So far the solution was to completely disable SElinux, but this was more workaround than anything else. Robert was kind enough to share SElinux policy that should be used with phpipam if SElinux is enabled on your server.

Basically it permits the opening of raw IP sockets for non-root users, that are required for executing ping command.

1) Create the file http_ping.tt and add the following to it:

module http_ping 1.0;

require {
type httpd_t;
class capability net_raw;
class rawip_socket { getopt create setopt write read };
}

#============= httpd_t ==============
allow httpd_t self:capability net_raw;
allow httpd_t self:rawip_socket { getopt create setopt write read };

2) Run the following commands (as root user):

checkmodule -M -m -o http_ping.mod http_ping.tt
semodule_package -o http_ping.pp -m http_ping.mod
semodule -i http_ping.pp

This also helps to check status, with setenforce 0:

[root@ipam selinux]# getenforce
Enforcing
[root@ipam selinux]# setenforce 0
[root@ipam selinux]# getenforce
Permissive
[root@ipam selinux]#

than add correct permission to ping

[root@ipam selinux]# ls -ls `which fping`
88 -rwxr-xr-x. 1 root root 89927 Apr  3 17:11 /usr/local/sbin/fping
[root@ipam selinux]# chmod 4755 /usr/local/sbin/fping
[root@ipam selinux]# ls -ls `which fping`
88 -rwsr-xr-x. 1 root root 89927 Apr  3 17:11 /usr/local/sbin/fping
[root@ipam selinux]#

brm