Bug 155533 - snmpd segfaults at startup
snmpd segfaults at startup
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: net-snmp (Show other bugs)
3
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Radek Vokal
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-04-21 03:02 EDT by Aurelien Bompard
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-04-26 03:36:41 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Aurelien Bompard 2005-04-21 03:02:51 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050416 Fedora/1.0.3-1.3.1 Firefox/1.0.3

Description of problem:
Snmpd won't start with selinux-policy-targeted 1.17.30-2.96 and kernel 2.6.11-1.14_FC3

Here's the end of the stack trace:
open("/etc/selinux/config", O_RDONLY)   = -1 EACCES (Permission denied)
open("/proc/mounts", O_RDONLY)          = 3
fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f87000
read(3, "rootfs / rootfs rw 0 0\n/proc /pr"..., 1024) = 503
close(3)                                = 0
munmap(0xb7f87000, 4096)                = 0
open("/var/log/snmpd.log", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb7f69708) = 25407
--- SIGCHLD (Child exited) @ 0 (0) ---
exit_group(0)                           = ?

I suspect selinux but I don't havec avc denied logs in /var/log/messages or dmesg

Version-Release number of selected component (if applicable):
net-snmp-5.1.2-11 selinux-policy-targeted-1.17.30-2.96 kernel-2.6.11-1.14_FC3

How reproducible:
Always

Steps to Reproduce:
1. start snmpd with this policy and this kernel
  

Additional info:
Comment 1 Daniel Walsh 2005-04-21 07:07:12 EDT
YOu can test whether SELinux is the problem by turning off enforcing mode

setenforce 0
Try to start snmpd.

If it still fails, it is probably not SELinux.

Comment 2 Aurelien Bompard 2005-04-21 12:37:01 EDT
I've done that, it still fails but I get the following lines in /var/log/messages:
avc:  denied  { read } for  pid=2358 exe=/usr/sbin/snmpd name=config dev=sda2
ino=1233440 scontext=root:system_r:snmpd_t
tcontext=system_u:object_r:selinux_config_t tclass=file
avc:  denied  { getattr } for  pid=2358 exe=/usr/sbin/snmpd
path=/etc/selinux/config dev=sda2 ino=1233440 scontext=root:system_r:snmpd_t
tcontext=system_u:object_r:selinux_config_t tclass=file

And after another service snmpd restart, still in the logs :
avc:  denied  { getattr } for  pid=2400 exe=/usr/sbin/snmpd
path=/home/gauret/.rpmmacros dev=sda5 ino=16926925
scontext=root:system_r:snmpd_t tcontext=user_u:object_r:user_home_t tclass=file
avc:  denied  { read } for  pid=2400 exe=/usr/sbin/snmpd name=.rpmmacros
dev=sda5 ino=16926925 scontext=root:system_r:snmpd_t
tcontext=user_u:object_r:user_home_t tclass=file

I have no idea why snmpd is trying to open my .rpmmacros file...

The strace is still the same, and my snmpd.conf is almost default:
# egrep -v '(^#|^$)' /etc/snmp/snmpd.conf
com2sec notConfigUser  default       public
group   notConfigGroup v1           notConfigUser
group   notConfigGroup v2c           notConfigUser
view    systemview    included   .1.3.6.1.2.1.1
view    systemview    included   .1.3.6.1.2.1.25.1.1
view    all           included   .1                  80
access  notConfigGroup ""      any       noauth    exact  all none none
syslocation Paris
syscontact Aurelien Bompard
pass .1.3.6.1.4.1.4413.4.1 /usr/bin/ucd5820stat

Do you think this is an snmpd bug or a policy one ?
Thanks
Comment 3 Daniel Walsh 2005-04-21 12:54:47 EDT
Then it is a snmp bug, or configuration problem,  not an SELinux bug.
Comment 4 Radek Vokal 2005-04-25 05:23:17 EDT
This might be a net-snmp bug. I'm about to push a new version of net-snmp in
Fedora updates, should appear really soon. 
Comment 5 Aurelien Bompard 2005-04-26 03:36:41 EDT
Snmpd starts fine with net-snmp-5.2.1-10.FC3. Thanks !

Note You need to log in before you can comment on or make changes to this bug.