From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050416 Fedora/1.0.3-1.3.1 Firefox/1.0.3 Description of problem: Snmpd won't start with selinux-policy-targeted 1.17.30-2.96 and kernel 2.6.11-1.14_FC3 Here's the end of the stack trace: open("/etc/selinux/config", O_RDONLY) = -1 EACCES (Permission denied) open("/proc/mounts", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f87000 read(3, "rootfs / rootfs rw 0 0\n/proc /pr"..., 1024) = 503 close(3) = 0 munmap(0xb7f87000, 4096) = 0 open("/var/log/snmpd.log", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3 clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb7f69708) = 25407 --- SIGCHLD (Child exited) @ 0 (0) --- exit_group(0) = ? I suspect selinux but I don't havec avc denied logs in /var/log/messages or dmesg Version-Release number of selected component (if applicable): net-snmp-5.1.2-11 selinux-policy-targeted-1.17.30-2.96 kernel-2.6.11-1.14_FC3 How reproducible: Always Steps to Reproduce: 1. start snmpd with this policy and this kernel Additional info:
YOu can test whether SELinux is the problem by turning off enforcing mode setenforce 0 Try to start snmpd. If it still fails, it is probably not SELinux.
I've done that, it still fails but I get the following lines in /var/log/messages: avc: denied { read } for pid=2358 exe=/usr/sbin/snmpd name=config dev=sda2 ino=1233440 scontext=root:system_r:snmpd_t tcontext=system_u:object_r:selinux_config_t tclass=file avc: denied { getattr } for pid=2358 exe=/usr/sbin/snmpd path=/etc/selinux/config dev=sda2 ino=1233440 scontext=root:system_r:snmpd_t tcontext=system_u:object_r:selinux_config_t tclass=file And after another service snmpd restart, still in the logs : avc: denied { getattr } for pid=2400 exe=/usr/sbin/snmpd path=/home/gauret/.rpmmacros dev=sda5 ino=16926925 scontext=root:system_r:snmpd_t tcontext=user_u:object_r:user_home_t tclass=file avc: denied { read } for pid=2400 exe=/usr/sbin/snmpd name=.rpmmacros dev=sda5 ino=16926925 scontext=root:system_r:snmpd_t tcontext=user_u:object_r:user_home_t tclass=file I have no idea why snmpd is trying to open my .rpmmacros file... The strace is still the same, and my snmpd.conf is almost default: # egrep -v '(^#|^$)' /etc/snmp/snmpd.conf com2sec notConfigUser default public group notConfigGroup v1 notConfigUser group notConfigGroup v2c notConfigUser view systemview included .1.3.6.1.2.1.1 view systemview included .1.3.6.1.2.1.25.1.1 view all included .1 80 access notConfigGroup "" any noauth exact all none none syslocation Paris syscontact Aurelien Bompard pass .1.3.6.1.4.1.4413.4.1 /usr/bin/ucd5820stat Do you think this is an snmpd bug or a policy one ? Thanks
Then it is a snmp bug, or configuration problem, not an SELinux bug.
This might be a net-snmp bug. I'm about to push a new version of net-snmp in Fedora updates, should appear really soon.
Snmpd starts fine with net-snmp-5.2.1-10.FC3. Thanks !