Bug 161833
| Summary: | snmptrapd refuses to start | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Charles C. Van Tilburg <ctilburg> |
| Component: | beecrypt | Assignee: | Paul Nasrat <nobody+pnasrat> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 3 | CC: | alfred-ganz+bug, j, sundaram |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | i386 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2005-09-05 07:37:14 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Charles C. Van Tilburg
2005-06-27 16:46:40 UTC
gpg also refuses to work from within thunderbird. I have reverted to selinux-policy-targeted-1.17.30-3.9 and the problem(s) go away. Fixed in selinux-policy-targeted-1.17.30-3.16 Any idea when that will hit the network? Today. This does not seem to be fixed: > service snmptrapd start Starting snmptrapd: /usr/sbin/snmptrapd: error while loading shared libraries: libbeecrypt.so.6: cannot enable executable stack as shared object requires: Permission denied audit(1121268331.738:0): avc: denied { execmem } for pid=3637 comm=snmptrapd scontext=root:system_r:snmpd_t tcontext=root:system_r:snmpd_t tclass=process > ls -lZ `locate libbeecrypt` lrwxrwxrwx root root system_u:object_r:lib_t /usr/lib/libbeecrypt.so.6 -> libbeecrypt.so.6.2.0* -rwxr-xr-x root root system_u:object_r:shlib_t /usr/lib/libbeecrypt.so.6.2.0* snmpd fails in the same way. > rpm -q kernel selinux-policy-targeted beecrypt kernel-2.6.11-1.35_FC3 selinux-policy-targeted-1.17.30-3.16 beecrypt-3.1.0-6 I have all the same software as you, and mine does work... perhaps something needs to be reset? I downgraded to the prior version of targeted before I upgraded again. I just did a reboot with full relabel (touch /.autorelabel) and the problem persists. Yes the problem is with beecrypt If you run execstack -c /usr/lib/libbeecrypt.so.6 Does it work? FWIW, [ctilburg@axp ~]$ execstack -q /usr/lib/libbeecrypt.so.6 X /usr/lib/libbeecrypt.so.6 more precisely, the problem is with net-snmp-5.2.1.2-FC3.1.i386.rpm. I am running net-snmp-5.2.1-10.FC3 and snmptrapd works fine. Re: #8, yes, if I do execstack -c, snmpd will at least start but I have no way
to properly verify that the change doesn't break something.
Re: #10, I beg to differ:
> rpm -qa \*snmp\*
net-snmp-5.2.1-10.FC3
net-snmp-libs-5.2.1-10.FC3
I don't have 5.2.1.2-FC3.1 yet as it hasn't propagated to my local mirror.
Still, I really doubt that net-snmp is implicated here; it just has a special
selinux context that doesn't allow loading of the beecrypt libraries.
OK, my bad. I'll change it back to beecrypt... but... I find it confusing that we are both running the same kernel, library, and selinux targeted policy, but yours fails and mine does not. I also did an autorelabel, and mine continues to work just fine. I just saw the new net-snmp come over the net and assumed you had a more recent version that mine. Got mine to fail. Mystery solved. Turns out I had .rpmnew files in my /etc/selinux tree. Mv them to be the files, reboot, and now I get what you get. Hmmm... maybe not just beecrypt... an execstack scan of /usr/lib for those marked X, and then an rpm -q --whatprovides reveals more: bogl-devel-0.1.18-4 bogl-0.1.18-4 libdv-devel-0.103-1 libdv-0.103-1 flac-devel-1.1.0-7 flac-1.1.0-7 compat-libgcj-8-3.3.4.2 gdk-pixbuf-devel-0.22.0-16.fc3 gdk-pixbuf-0.22.0-16.fc3 Glide3-devel-20010520-33 Glide3-20010520-33 libgnat-3.4.3-22.fc3 guile-devel-1.6.4-14 guile-1.6.4-14 SDL-1.2.7-8 SDL-devel-1.2.7-8 libsilc-0.9.12-7 libsilc-devel-0.9.12-7 also xorg-x11-devel-6.8.2-1.FC3.13 The good news is that according to rpm -q --whatrequires, none of these are required by anything on my system. Oops... don't like that behaviour... the inclusion of the version number breaks the --whatprovides. here are the correct non-obvious results, some of which look rather important: bogl-bterm-0.1.18-4 pwlib-1.6.5-11 libdv-tools-0.103-1 compat-gcc-java-8-3.3.4.2 gnome-print-devel-0.37-10 gtkhtml-devel-1.1.9-10 gtk+-1.2.10-33 gtkhtml-1.1.9-10 gdk-pixbuf-gnome-0.22.0-16.fc3 gcc-gnat-3.4.3-22.fc3 g-wrap-devel-1.3.4-7 g-wrap-1.3.4-7 SDL_net-1.2.5-2 SDL_mixer-1.2.5-4 kdeaddons-3.3.1-1 SDL_image-devel-1.2.3-6 openmotif-devel-2.2.3-6.FC3.1 Xaw3d-devel-1.5-23 qt-devel-3.3.4-0.fc3.0 xorg-x11-deprecated-libs-devel-6.8.2-1.FC3.13 libxfce4mcs-devel-4.2.1-3.fc3 I have abandoned FC3 in favor of FC4. *** Bug 163928 has been marked as a duplicate of this bug. *** Reporter has moved onto FC4. Presuming fixed (In reply to comment #2) > Fixed in selinux-policy-targeted-1.17.30-3.16 Still fails: [root@AG-IPMM lib]# rpm -q selinux-policy-targeted selinux-policy-targeted-1.17.30-3.16 [root@AG-IPMM lib]# service snmptrapd start Starting snmptrapd: /usr/sbin/snmptrapd: error while loading shared libraries: libbeecrypt.so.6: cannot enable executable stack as shared object requires: Permission denied [FAILED] [root@AG-IPMM lib]# |