Bug 155533 - snmpd segfaults at startup
Summary: snmpd segfaults at startup
Alias: None
Product: Fedora
Classification: Fedora
Component: net-snmp   
(Show other bugs)
Version: 3
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Radek Vokal
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2005-04-21 07:02 UTC by Aurelien Bompard
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-04-26 07:36:41 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Aurelien Bompard 2005-04-21 07:02:51 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050416 Fedora/1.0.3-1.3.1 Firefox/1.0.3

Description of problem:
Snmpd won't start with selinux-policy-targeted 1.17.30-2.96 and kernel 2.6.11-1.14_FC3

Here's the end of the stack trace:
open("/etc/selinux/config", O_RDONLY)   = -1 EACCES (Permission denied)
open("/proc/mounts", O_RDONLY)          = 3
fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f87000
read(3, "rootfs / rootfs rw 0 0\n/proc /pr"..., 1024) = 503
close(3)                                = 0
munmap(0xb7f87000, 4096)                = 0
open("/var/log/snmpd.log", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb7f69708) = 25407
--- SIGCHLD (Child exited) @ 0 (0) ---
exit_group(0)                           = ?

I suspect selinux but I don't havec avc denied logs in /var/log/messages or dmesg

Version-Release number of selected component (if applicable):
net-snmp-5.1.2-11 selinux-policy-targeted-1.17.30-2.96 kernel-2.6.11-1.14_FC3

How reproducible:

Steps to Reproduce:
1. start snmpd with this policy and this kernel

Additional info:

Comment 1 Daniel Walsh 2005-04-21 11:07:12 UTC
YOu can test whether SELinux is the problem by turning off enforcing mode

setenforce 0
Try to start snmpd.

If it still fails, it is probably not SELinux.

Comment 2 Aurelien Bompard 2005-04-21 16:37:01 UTC
I've done that, it still fails but I get the following lines in /var/log/messages:
avc:  denied  { read } for  pid=2358 exe=/usr/sbin/snmpd name=config dev=sda2
ino=1233440 scontext=root:system_r:snmpd_t
tcontext=system_u:object_r:selinux_config_t tclass=file
avc:  denied  { getattr } for  pid=2358 exe=/usr/sbin/snmpd
path=/etc/selinux/config dev=sda2 ino=1233440 scontext=root:system_r:snmpd_t
tcontext=system_u:object_r:selinux_config_t tclass=file

And after another service snmpd restart, still in the logs :
avc:  denied  { getattr } for  pid=2400 exe=/usr/sbin/snmpd
path=/home/gauret/.rpmmacros dev=sda5 ino=16926925
scontext=root:system_r:snmpd_t tcontext=user_u:object_r:user_home_t tclass=file
avc:  denied  { read } for  pid=2400 exe=/usr/sbin/snmpd name=.rpmmacros
dev=sda5 ino=16926925 scontext=root:system_r:snmpd_t
tcontext=user_u:object_r:user_home_t tclass=file

I have no idea why snmpd is trying to open my .rpmmacros file...

The strace is still the same, and my snmpd.conf is almost default:
# egrep -v '(^#|^$)' /etc/snmp/snmpd.conf
com2sec notConfigUser  default       public
group   notConfigGroup v1           notConfigUser
group   notConfigGroup v2c           notConfigUser
view    systemview    included   .
view    systemview    included   .
view    all           included   .1                  80
access  notConfigGroup ""      any       noauth    exact  all none none
syslocation Paris
syscontact Aurelien Bompard
pass . /usr/bin/ucd5820stat

Do you think this is an snmpd bug or a policy one ?

Comment 3 Daniel Walsh 2005-04-21 16:54:47 UTC
Then it is a snmp bug, or configuration problem,  not an SELinux bug.

Comment 4 Radek Vokal 2005-04-25 09:23:17 UTC
This might be a net-snmp bug. I'm about to push a new version of net-snmp in
Fedora updates, should appear really soon. 

Comment 5 Aurelien Bompard 2005-04-26 07:36:41 UTC
Snmpd starts fine with net-snmp-5.2.1-10.FC3. Thanks !

Note You need to log in before you can comment on or make changes to this bug.