Bug 158056 - snmpd don't report running processes
snmpd don't report running processes
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: selinux-policy-targeted (Show other bugs)
4.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks: 156322
  Show dependency treegraph
 
Reported: 2005-05-18 04:56 EDT by Mikkel Kruse Johnsen
Modified: 2007-11-30 17:07 EST (History)
2 users (show)

See Also:
Fixed In Version: RHBA-2005-645
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-10-05 12:34:25 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Mikkel Kruse Johnsen 2005-05-18 04:56:55 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Fedora/1.0.4-1.3.1 Firefox/1.0.4

Description of problem:
Running snmpget against a server running httpd (and "proc httpd 30 5" in the config) reports:

[root@dogwood rrdtool]# snmpget -v 2c mandio.cbs.dk -c library .1.3.6.1.4.1.2021.2.1.3.1 .1.3.6.1.4.1.2021.2.1.4.1 .1.3.6.1.4.1.2021.2.1.5.1
UCD-SNMP-MIB::prMin.1 = INTEGER: 5
UCD-SNMP-MIB::prMax.1 = INTEGER: 30
UCD-SNMP-MIB::prCount.1 = INTEGER: 0

And the server is running httpd:
.....
29475 ?        S      1:12 /usr/sbin/httpd
29476 ?        S      1:59 /usr/sbin/httpd
29477 ?        S      1:44 /usr/sbin/httpd
31041 ?        S      1:02 /usr/sbin/httpd
31042 ?        S      0:41 /usr/sbin/httpd
31043 ?        S      0:38 /usr/sbin/httpd
31511 ?        Ss     0:00 sshd: root@pts/0
31517 pts/0    Ss     0:00 -bash
31591 ?        S      0:00 /usr/sbin/snmpd -Lsd -Lf /dev/null -p /var/run/snmpd -a
31806 ?        S      0:09 /usr/sbin/httpd
31921 pts/0    R+     0:00 ps ax
[root@mandio log]#


Version-Release number of selected component (if applicable):
net-snmp-5.1.2-11

How reproducible:
Always

Steps to Reproduce:
1. snmpget -v 2c mandio.cbs.dk -c library .1.3.6.1.4.1.2021.2.1.3.1 .1.3.6.1.4.1.2021.2.1.4.1 .1.3.6.1.4.1.2021.2.1.5.1
  

Actual Results:  UCD-SNMP-MIB::prMin.1 = INTEGER: 5
UCD-SNMP-MIB::prMax.1 = INTEGER: 30
UCD-SNMP-MIB::prCount.1 = INTEGER: 0

Expected Results:  UCD-SNMP-MIB::prMin.1 = INTEGER: 5
UCD-SNMP-MIB::prMax.1 = INTEGER: 30
UCD-SNMP-MIB::prCount.1 = INTEGER: 23 (some number)

Additional info:
Comment 1 Radek Vokal 2005-05-19 03:39:01 EDT
This seems to be a SELinux issue. Can you please try if this also happens on
your system when you have SELinux turned off? eg. try `setenforce 0` and
`service snmpd restart` 


Comment 2 Mikkel Kruse Johnsen 2005-05-19 03:53:18 EDT
Yes it seems to be a SELinux problem. After running "setenforce 0" it worked and
stopped working again after "setenforce 1".
Comment 4 Daniel Walsh 2005-05-19 10:13:15 EDT
Are you seeing any avc messages in /var/log/messages or /var/log/audit/audit.log?

Dan
Comment 5 Mikkel Kruse Johnsen 2005-05-19 10:30:09 EDT
There is no avc messages in /var/log/messages and I don't have audit running (no
/var/log/audit/audit.log file).
Comment 6 Daniel Walsh 2005-05-19 10:34:25 EDT
Ok can you update to selinux policy rpms in U1.
They are available in 

ftp://people.redhat.com/dwalsh/SELinux/RHEL4/u1

Check to see if it works.  If not, could you try
install selinux-policy-targeted-sources

cd /etc/selinux/targeted/src/policy
make enableaudit; make load

Then try to cause the problem and see if there are AVC messages.

Dan
Comment 7 Mikkel Kruse Johnsen 2005-05-19 10:57:53 EDT
Doing:

cd /etc/selinux/targeted/src/policy
make enableaudit; make load

Resulted in:

May 19 16:50:01 mandio kernel: audit(1116514201.474:0): avc:  denied  { search }
for  pid=13916 exe=/usr/sbin/snmpd name=1 dev=proc ino=65538
scontext=user_u:system_r:snmpd_t tcontext=user_u:system_r:unconfined_t tclass=dir

Being printed in /var/log/messages

Olso updated to:

policycoreutils-1.18.1-4.3.i386.rpm
setools-1.5.1-5.1.i386.rpm

and did:
cd /etc/selinux/targeted/src/policy
make enableaudit; make load

Reported the same avc error.

Comment 8 Daniel Walsh 2005-05-19 11:02:18 EDT
Ok one last thing.  do

setenforce 0
run snmp and see if it reports any other errors.

Dan
Comment 9 Mikkel Kruse Johnsen 2005-05-19 11:27:08 EDT
Doing "setenforce 0" resulted in the following the first run, but any runs after
did'nt print anything.


---
May 19 17:22:54 mandio kernel: audit(1116516174.636:0): avc:  denied  { search }
for  pid=13916 exe=/usr/sbin/snmpd name=1 dev=proc ino=65538
scontext=user_u:system_r:snmpd_t tcontext=user_u:system_r:unconfined_t tclass=dir
May 19 17:22:54 mandio kernel: audit(1116516174.636:0): avc:  denied  { read }
for  pid=13916 exe=/usr/sbin/snmpd name=status dev=proc ino=65540
scontext=user_u:system_r:snmpd_t tcontext=user_u:system_r:unconfined_t tclass=file
May 19 17:22:54 mandio kernel: audit(1116516174.636:0): avc:  denied  { getattr
} for  pid=13916 exe=/usr/sbin/snmpd path=/proc/1/status dev=proc ino=65540
scontext=user_u:system_r:snmpd_t tcontext=user_u:system_r:unconfined_t tclass=file
May 19 17:22:54 mandio kernel: audit(1116516174.639:0): avc:  denied  { search }
for  pid=13916 exe=/usr/sbin/snmpd name=1814 dev=proc ino=118882306
scontext=user_u:system_r:snmpd_t tcontext=user_u:system_r:syslogd_t tclass=dir
May 19 17:22:54 mandio kernel: audit(1116516174.639:0): avc:  denied  { read }
for  pid=13916 exe=/usr/sbin/snmpd name=status dev=proc ino=118882308
scontext=user_u:system_r:snmpd_t tcontext=user_u:system_r:syslogd_t tclass=file
May 19 17:22:54 mandio kernel: audit(1116516174.639:0): avc:  denied  { getattr
} for  pid=13916 exe=/usr/sbin/snmpd path=/proc/1814/status dev=proc
ino=118882308 scontext=user_u:system_r:snmpd_t
tcontext=user_u:system_r:syslogd_t tclass=file
May 19 17:22:54 mandio kernel: audit(1116516174.640:0): avc:  denied  { search }
for  pid=13916 exe=/usr/sbin/snmpd name=1845 dev=proc ino=120913922
scontext=user_u:system_r:snmpd_t tcontext=user_u:system_r:portmap_t tclass=dir
May 19 17:22:54 mandio kernel: audit(1116516174.640:0): avc:  denied  { read }
for  pid=13916 exe=/usr/sbin/snmpd name=status dev=proc ino=120913924
scontext=user_u:system_r:snmpd_t tcontext=user_u:system_r:portmap_t tclass=file
May 19 17:22:54 mandio kernel: audit(1116516174.641:0): avc:  denied  { getattr
} for  pid=13916 exe=/usr/sbin/snmpd path=/proc/1845/status dev=proc
ino=120913924 scontext=user_u:system_r:snmpd_t
tcontext=user_u:system_r:portmap_t tclass=file
May 19 17:22:54 mandio kernel: audit(1116516174.642:0): avc:  denied  { search }
for  pid=13916 exe=/usr/sbin/snmpd name=3161 dev=proc ino=207159298
scontext=user_u:system_r:snmpd_t tcontext=root:system_r:unconfined_t tclass=dir
May 19 17:22:54 mandio kernel: audit(1116516174.642:0): avc:  denied  { read }
for  pid=13916 exe=/usr/sbin/snmpd name=status dev=proc ino=207159300
scontext=user_u:system_r:snmpd_t tcontext=root:system_r:unconfined_t tclass=file
May 19 17:22:54 mandio kernel: audit(1116516174.643:0): avc:  denied  { getattr
} for  pid=13916 exe=/usr/sbin/snmpd path=/proc/3161/status dev=proc
ino=207159300 scontext=user_u:system_r:snmpd_t
tcontext=root:system_r:unconfined_t tclass=file
May 19 17:22:54 mandio kernel: audit(1116516174.643:0): avc:  denied  { search }
for  pid=13916 exe=/usr/sbin/snmpd name=3270 dev=proc ino=214302722
scontext=user_u:system_r:snmpd_t tcontext=user_u:system_r:ntpd_t tclass=dir
May 19 17:22:54 mandio kernel: audit(1116516174.643:0): avc:  denied  { read }
for  pid=13916 exe=/usr/sbin/snmpd name=status dev=proc ino=214302724
scontext=user_u:system_r:snmpd_t tcontext=user_u:system_r:ntpd_t tclass=file
May 19 17:22:54 mandio kernel: audit(1116516174.643:0): avc:  denied  { getattr
} for  pid=13916 exe=/usr/sbin/snmpd path=/proc/3270/status dev=proc
ino=214302724 scontext=user_u:system_r:snmpd_t tcontext=user_u:system_r:ntpd_t
tclass=file
May 19 17:22:54 mandio kernel: audit(1116516174.643:0): avc:  denied  { search }
for  pid=13916 exe=/usr/sbin/snmpd name=15085 dev=proc ino=988610562
scontext=user_u:system_r:snmpd_t tcontext=system_u:system_r:unconfined_t tclass=dir
May 19 17:22:54 mandio kernel: audit(1116516174.643:0): avc:  denied  { read }
for  pid=13916 exe=/usr/sbin/snmpd name=status dev=proc ino=988610564
scontext=user_u:system_r:snmpd_t tcontext=system_u:system_r:unconfined_t tclass=file
May 19 17:22:54 mandio kernel: audit(1116516174.643:0): avc:  denied  { getattr
} for  pid=13916 exe=/usr/sbin/snmpd path=/proc/15085/status dev=proc
ino=988610564 scontext=user_u:system_r:snmpd_t
tcontext=system_u:system_r:unconfined_t tclass=file
May 19 17:22:54 mandio kernel: audit(1116516174.644:0): avc:  denied  { search }
for  pid=13916 exe=/usr/sbin/snmpd name=16230 dev=proc ino=1063649282
scontext=user_u:system_r:snmpd_t tcontext=user_u:system_r:httpd_t tclass=dir
May 19 17:22:54 mandio kernel: audit(1116516174.644:0): avc:  denied  { read }
for  pid=13916 exe=/usr/sbin/snmpd name=status dev=proc ino=1063649284
scontext=user_u:system_r:snmpd_t tcontext=user_u:system_r:httpd_t tclass=file
May 19 17:22:54 mandio kernel: audit(1116516174.644:0): avc:  denied  { getattr
} for  pid=13916 exe=/usr/sbin/snmpd path=/proc/16230/status dev=proc
ino=1063649284 scontext=user_u:system_r:snmpd_t tcontext=user_u:system_r:httpd_t
tclass=file
----
Comment 10 Daniel Walsh 2005-05-19 11:43:14 EDT
Ok, I am going to add policy to allow this.  Problem is it will take a while to
get it into RHEL4/U2.  You can set snmpd_disable_trans to disable snmp transition
for now, if you want this behaviour to work.
setsebool -P snmpd_disable_trans=1
service snmpd restart
Comment 11 Red Hat Bugzilla 2005-10-05 12:34:25 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2005-645.html

Note You need to log in before you can comment on or make changes to this bug.