Bug 155533 – snmpd segfaults at startup

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 155533 - snmpd segfaults at startup

Summary:	snmpd segfaults at startup

Status:	CLOSED ERRATA

Aliases:	None

Product:	Fedora
Classification:	Fedora
Component:	net-snmp (Show other bugs)
Sub Component:
Version:	3
Hardware:	i386 Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Radek Vokal
QA Contact:
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2005-04-21 03:02 EDT by Aurelien Bompard
Modified:	2007-11-30 17:11 EST (History)
CC List:	0 users

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2005-04-26 03:36:41 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Aurelien Bompard 2005-04-21 03:02:51 EDT

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050416 Fedora/1.0.3-1.3.1 Firefox/1.0.3

Description of problem:
Snmpd won't start with selinux-policy-targeted 1.17.30-2.96 and kernel 2.6.11-1.14_FC3

Here's the end of the stack trace:
open("/etc/selinux/config", O_RDONLY)   = -1 EACCES (Permission denied)
open("/proc/mounts", O_RDONLY)          = 3
fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f87000
read(3, "rootfs / rootfs rw 0 0\n/proc /pr"..., 1024) = 503
close(3)                                = 0
munmap(0xb7f87000, 4096)                = 0
open("/var/log/snmpd.log", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb7f69708) = 25407
--- SIGCHLD (Child exited) @ 0 (0) ---
exit_group(0)                           = ?

I suspect selinux but I don't havec avc denied logs in /var/log/messages or dmesg

Version-Release number of selected component (if applicable):
net-snmp-5.1.2-11 selinux-policy-targeted-1.17.30-2.96 kernel-2.6.11-1.14_FC3

How reproducible:
Always

Steps to Reproduce:
1. start snmpd with this policy and this kernel
  

Additional info:

Comment 1 Daniel Walsh 2005-04-21 07:07:12 EDT

YOu can test whether SELinux is the problem by turning off enforcing mode

setenforce 0
Try to start snmpd.

If it still fails, it is probably not SELinux.

Comment 2 Aurelien Bompard 2005-04-21 12:37:01 EDT

I've done that, it still fails but I get the following lines in /var/log/messages:
avc:  denied  { read } for  pid=2358 exe=/usr/sbin/snmpd name=config dev=sda2
ino=1233440 scontext=root:system_r:snmpd_t
tcontext=system_u:object_r:selinux_config_t tclass=file
avc:  denied  { getattr } for  pid=2358 exe=/usr/sbin/snmpd
path=/etc/selinux/config dev=sda2 ino=1233440 scontext=root:system_r:snmpd_t
tcontext=system_u:object_r:selinux_config_t tclass=file

And after another service snmpd restart, still in the logs :
avc:  denied  { getattr } for  pid=2400 exe=/usr/sbin/snmpd
path=/home/gauret/.rpmmacros dev=sda5 ino=16926925
scontext=root:system_r:snmpd_t tcontext=user_u:object_r:user_home_t tclass=file
avc:  denied  { read } for  pid=2400 exe=/usr/sbin/snmpd name=.rpmmacros
dev=sda5 ino=16926925 scontext=root:system_r:snmpd_t
tcontext=user_u:object_r:user_home_t tclass=file

I have no idea why snmpd is trying to open my .rpmmacros file...

The strace is still the same, and my snmpd.conf is almost default:
# egrep -v '(^#|^$)' /etc/snmp/snmpd.conf
com2sec notConfigUser  default       public
group   notConfigGroup v1           notConfigUser
group   notConfigGroup v2c           notConfigUser
view    systemview    included   .1.3.6.1.2.1.1
view    systemview    included   .1.3.6.1.2.1.25.1.1
view    all           included   .1                  80
access  notConfigGroup ""      any       noauth    exact  all none none
syslocation Paris
syscontact Aurelien Bompard
pass .1.3.6.1.4.1.4413.4.1 /usr/bin/ucd5820stat

Do you think this is an snmpd bug or a policy one ?
Thanks

Comment 3 Daniel Walsh 2005-04-21 12:54:47 EDT

Then it is a snmp bug, or configuration problem,  not an SELinux bug.

Comment 4 Radek Vokal 2005-04-25 05:23:17 EDT

This might be a net-snmp bug. I'm about to push a new version of net-snmp in
Fedora updates, should appear really soon.

Comment 5 Aurelien Bompard 2005-04-26 03:36:41 EDT

Snmpd starts fine with net-snmp-5.2.1-10.FC3. Thanks !

Note You need to log in before you can comment on or make changes to this bug.