Bug 163928

Summary: Can't start snmptrapd anymore
Product: [Fedora] Fedora Reporter: Alfred Ganz <alfred-ganz+bug>
Component: beecryptAssignee: Paul Nasrat <nobody+pnasrat>
Status: CLOSED DUPLICATE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 3   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-07-22 16:36:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Alfred Ganz 2005-07-22 01:20:35 UTC
Description of problem:
I used to be able to start snmptrapd, definitely with the original release of
FC3, but no longer with the latest FC3 updates. I am not able to determine when
the problem started unfortunately.
I am running with vanilla targeted policy, no modifications after install, just
reboot. 
I assume that snmptrapd isn't allowed to have the dynamic library in question,
but I don't really understand the audit error message and what to do about it.
I tried to start several earlier versions of snmptrapd (starting with the cdrom
version), but always get the same errors.

Version-Release number of selected component (if applicable):
net-snmp-5.2.1.2-FC3.1, selinux-policy-targeted-1.17.30-3.16,
policycoreutils-1.18.1-2.12
 
How reproducible:
Always

Steps to Reproduce:
1./etc/init.d/snmptrapd start
2.Note, you would need some configuration, but you never get there
3.
 
Actual results:
The logs show:  
Jul 21 21:06:48 network kernel: audit(1121994408.952:4): avc:  denied  { execmem
} for  pid=6942 comm="snmptrapd" scontext=root:system_r:snmpd_t
tcontext=root:system_r:snmpd_t tclass=process
Jul 21 21:06:48 network snmptrapd: /usr/sbin/snmptrapd: error while loading
shared libraries: libbeecrypt.so.6: cannot enable executable stack as shared
object requires: Permission denied

Expected results:
With proper configuration files the daemon is started and does its thing.

Additional info:
Please let me know what you need.

Thanks, AG

Comment 1 Daniel Walsh 2005-07-22 11:56:18 UTC
Try execstack -c libbeecrypt.so.6

Comment 2 Alfred Ganz 2005-07-22 14:47:15 UTC
Yes this worked, thank you!

But why are you building traps for me without sending out some sort of warning,
nowhere in the updates for selinux did I see a warning that this might happen
with the latest targeted ploicy.

Comment 3 Paul Nasrat 2005-07-22 16:36:28 UTC

*** This bug has been marked as a duplicate of 161833 ***