Bug 158056
Summary: | snmpd don't report running processes | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 4 | Reporter: | Mikkel Kruse Johnsen <mkj.lib> |
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 4.0 | CC: | matt, rvokal |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | RHBA-2005-645 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-10-05 16:34:25 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 156322 |
Description
Mikkel Kruse Johnsen
2005-05-18 08:56:55 UTC
This seems to be a SELinux issue. Can you please try if this also happens on your system when you have SELinux turned off? eg. try `setenforce 0` and `service snmpd restart` Yes it seems to be a SELinux problem. After running "setenforce 0" it worked and stopped working again after "setenforce 1". Are you seeing any avc messages in /var/log/messages or /var/log/audit/audit.log? Dan There is no avc messages in /var/log/messages and I don't have audit running (no /var/log/audit/audit.log file). Ok can you update to selinux policy rpms in U1. They are available in ftp://people.redhat.com/dwalsh/SELinux/RHEL4/u1 Check to see if it works. If not, could you try install selinux-policy-targeted-sources cd /etc/selinux/targeted/src/policy make enableaudit; make load Then try to cause the problem and see if there are AVC messages. Dan Doing: cd /etc/selinux/targeted/src/policy make enableaudit; make load Resulted in: May 19 16:50:01 mandio kernel: audit(1116514201.474:0): avc: denied { search } for pid=13916 exe=/usr/sbin/snmpd name=1 dev=proc ino=65538 scontext=user_u:system_r:snmpd_t tcontext=user_u:system_r:unconfined_t tclass=dir Being printed in /var/log/messages Olso updated to: policycoreutils-1.18.1-4.3.i386.rpm setools-1.5.1-5.1.i386.rpm and did: cd /etc/selinux/targeted/src/policy make enableaudit; make load Reported the same avc error. Ok one last thing. do setenforce 0 run snmp and see if it reports any other errors. Dan Doing "setenforce 0" resulted in the following the first run, but any runs after did'nt print anything. --- May 19 17:22:54 mandio kernel: audit(1116516174.636:0): avc: denied { search } for pid=13916 exe=/usr/sbin/snmpd name=1 dev=proc ino=65538 scontext=user_u:system_r:snmpd_t tcontext=user_u:system_r:unconfined_t tclass=dir May 19 17:22:54 mandio kernel: audit(1116516174.636:0): avc: denied { read } for pid=13916 exe=/usr/sbin/snmpd name=status dev=proc ino=65540 scontext=user_u:system_r:snmpd_t tcontext=user_u:system_r:unconfined_t tclass=file May 19 17:22:54 mandio kernel: audit(1116516174.636:0): avc: denied { getattr } for pid=13916 exe=/usr/sbin/snmpd path=/proc/1/status dev=proc ino=65540 scontext=user_u:system_r:snmpd_t tcontext=user_u:system_r:unconfined_t tclass=file May 19 17:22:54 mandio kernel: audit(1116516174.639:0): avc: denied { search } for pid=13916 exe=/usr/sbin/snmpd name=1814 dev=proc ino=118882306 scontext=user_u:system_r:snmpd_t tcontext=user_u:system_r:syslogd_t tclass=dir May 19 17:22:54 mandio kernel: audit(1116516174.639:0): avc: denied { read } for pid=13916 exe=/usr/sbin/snmpd name=status dev=proc ino=118882308 scontext=user_u:system_r:snmpd_t tcontext=user_u:system_r:syslogd_t tclass=file May 19 17:22:54 mandio kernel: audit(1116516174.639:0): avc: denied { getattr } for pid=13916 exe=/usr/sbin/snmpd path=/proc/1814/status dev=proc ino=118882308 scontext=user_u:system_r:snmpd_t tcontext=user_u:system_r:syslogd_t tclass=file May 19 17:22:54 mandio kernel: audit(1116516174.640:0): avc: denied { search } for pid=13916 exe=/usr/sbin/snmpd name=1845 dev=proc ino=120913922 scontext=user_u:system_r:snmpd_t tcontext=user_u:system_r:portmap_t tclass=dir May 19 17:22:54 mandio kernel: audit(1116516174.640:0): avc: denied { read } for pid=13916 exe=/usr/sbin/snmpd name=status dev=proc ino=120913924 scontext=user_u:system_r:snmpd_t tcontext=user_u:system_r:portmap_t tclass=file May 19 17:22:54 mandio kernel: audit(1116516174.641:0): avc: denied { getattr } for pid=13916 exe=/usr/sbin/snmpd path=/proc/1845/status dev=proc ino=120913924 scontext=user_u:system_r:snmpd_t tcontext=user_u:system_r:portmap_t tclass=file May 19 17:22:54 mandio kernel: audit(1116516174.642:0): avc: denied { search } for pid=13916 exe=/usr/sbin/snmpd name=3161 dev=proc ino=207159298 scontext=user_u:system_r:snmpd_t tcontext=root:system_r:unconfined_t tclass=dir May 19 17:22:54 mandio kernel: audit(1116516174.642:0): avc: denied { read } for pid=13916 exe=/usr/sbin/snmpd name=status dev=proc ino=207159300 scontext=user_u:system_r:snmpd_t tcontext=root:system_r:unconfined_t tclass=file May 19 17:22:54 mandio kernel: audit(1116516174.643:0): avc: denied { getattr } for pid=13916 exe=/usr/sbin/snmpd path=/proc/3161/status dev=proc ino=207159300 scontext=user_u:system_r:snmpd_t tcontext=root:system_r:unconfined_t tclass=file May 19 17:22:54 mandio kernel: audit(1116516174.643:0): avc: denied { search } for pid=13916 exe=/usr/sbin/snmpd name=3270 dev=proc ino=214302722 scontext=user_u:system_r:snmpd_t tcontext=user_u:system_r:ntpd_t tclass=dir May 19 17:22:54 mandio kernel: audit(1116516174.643:0): avc: denied { read } for pid=13916 exe=/usr/sbin/snmpd name=status dev=proc ino=214302724 scontext=user_u:system_r:snmpd_t tcontext=user_u:system_r:ntpd_t tclass=file May 19 17:22:54 mandio kernel: audit(1116516174.643:0): avc: denied { getattr } for pid=13916 exe=/usr/sbin/snmpd path=/proc/3270/status dev=proc ino=214302724 scontext=user_u:system_r:snmpd_t tcontext=user_u:system_r:ntpd_t tclass=file May 19 17:22:54 mandio kernel: audit(1116516174.643:0): avc: denied { search } for pid=13916 exe=/usr/sbin/snmpd name=15085 dev=proc ino=988610562 scontext=user_u:system_r:snmpd_t tcontext=system_u:system_r:unconfined_t tclass=dir May 19 17:22:54 mandio kernel: audit(1116516174.643:0): avc: denied { read } for pid=13916 exe=/usr/sbin/snmpd name=status dev=proc ino=988610564 scontext=user_u:system_r:snmpd_t tcontext=system_u:system_r:unconfined_t tclass=file May 19 17:22:54 mandio kernel: audit(1116516174.643:0): avc: denied { getattr } for pid=13916 exe=/usr/sbin/snmpd path=/proc/15085/status dev=proc ino=988610564 scontext=user_u:system_r:snmpd_t tcontext=system_u:system_r:unconfined_t tclass=file May 19 17:22:54 mandio kernel: audit(1116516174.644:0): avc: denied { search } for pid=13916 exe=/usr/sbin/snmpd name=16230 dev=proc ino=1063649282 scontext=user_u:system_r:snmpd_t tcontext=user_u:system_r:httpd_t tclass=dir May 19 17:22:54 mandio kernel: audit(1116516174.644:0): avc: denied { read } for pid=13916 exe=/usr/sbin/snmpd name=status dev=proc ino=1063649284 scontext=user_u:system_r:snmpd_t tcontext=user_u:system_r:httpd_t tclass=file May 19 17:22:54 mandio kernel: audit(1116516174.644:0): avc: denied { getattr } for pid=13916 exe=/usr/sbin/snmpd path=/proc/16230/status dev=proc ino=1063649284 scontext=user_u:system_r:snmpd_t tcontext=user_u:system_r:httpd_t tclass=file ---- Ok, I am going to add policy to allow this. Problem is it will take a while to get it into RHEL4/U2. You can set snmpd_disable_trans to disable snmp transition for now, if you want this behaviour to work. setsebool -P snmpd_disable_trans=1 service snmpd restart An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2005-645.html |