Bug 211870 - AVC thrown when doing SNMP Querry of Disk Usage
AVC thrown when doing SNMP Querry of Disk Usage
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: selinux-policy-targeted (Show other bugs)
4.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-10-23 12:23 EDT by Chris Stankaitis
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version: RHBA-2007-0171
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-05-01 18:48:00 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Chris Stankaitis 2006-10-23 12:23:19 EDT
Description of problem:

When our cacti system does an snmp query of our linux boxes and hits the OID
which involves partitions and diskspace, the system will start throwing AVC.  it
does not appear to affect SNMP's ability to get results from the SNMP MIB's
however as cacti is still able to graph, however /var/log/messages is full of spam.

Version-Release number of selected component (if applicable):

net-snmp-utils-5.1.2-11.EL4.6.i386
net-snmp-libs-5.1.2-11.EL4.6.i386
net-snmp-5.1.2-11.EL4.6.i386


How reproducible:

Always


Steps to Reproduce:

1. snmpwalk -v 1 -c $communitystring $hostname
2. on host - tail -f /var/log/messages

  
Actual results:


Oct 23 16:18:19 devgate kernel: audit(1161620299.027:222): avc:  denied  {
getattr } for  pid=1760 comm="snmpd" name="/" dev=usbfs ino=1024
scontext=user_u:system_r:snmpd_t tcontext=system_u:object_r:usbfs_t tclass=dir
Oct 23 16:18:19 devgate kernel: audit(1161620299.028:223): avc:  denied  {
getattr } for  pid=1760 comm="snmpd" name="/" dev=hdb1 ino=2
scontext=user_u:system_r:snmpd_t tcontext=system_u:object_r:boot_t tclass=dir
Oct 23 16:18:19 devgate kernel: audit(1161620299.029:224): avc:  denied  {
getattr } for  pid=1760 comm="snmpd" name="/" dev=hdb5 ino=2
scontext=user_u:system_r:snmpd_t tcontext=system_u:object_r:home_root_t tclass=dir
Oct 23 16:18:19 devgate kernel: audit(1161620299.031:225): avc:  denied  {
getattr } for  pid=1760 comm="snmpd" name="/" dev=binfmt_misc ino=4598
scontext=user_u:system_r:snmpd_t tcontext=system_u:object_r:binfmt_misc_fs_t
tclass=dir
Oct 23 16:18:19 devgate kernel: audit(1161620299.321:226): avc:  denied  {
getattr } for  pid=1760 comm="snmpd" name="/" dev=usbfs ino=1024
scontext=user_u:system_r:snmpd_t tcontext=system_u:object_r:usbfs_t tclass=dir
Oct 23 16:18:19 devgate kernel: audit(1161620299.322:227): avc:  denied  {
getattr } for  pid=1760 comm="snmpd" name="/" dev=hdb1 ino=2
scontext=user_u:system_r:snmpd_t tcontext=system_u:object_r:boot_t tclass=dir
Oct 23 16:18:19 devgate kernel: audit(1161620299.324:228): avc:  denied  {
getattr } for  pid=1760 comm="snmpd" name="/" dev=hdb5 ino=2
scontext=user_u:system_r:snmpd_t tcontext=system_u:object_r:home_root_t tclass=dir
Oct 23 16:18:19 devgate kernel: audit(1161620299.326:229): avc:  denied  {
getattr } for  pid=1760 comm="snmpd" name="/" dev=binfmt_misc ino=4598
scontext=user_u:system_r:snmpd_t tcontext=system_u:object_r:binfmt_misc_fs_t
tclass=dir
Oct 23 16:18:19 devgate kernel: audit(1161620299.338:230): avc:  denied  {
getattr } for  pid=1760 comm="snmpd" name="/" dev=usbfs ino=1024
scontext=user_u:system_r:snmpd_t tcontext=system_u:object_r:usbfs_t tclass=dir
Oct 23 16:18:19 devgate kernel: audit(1161620299.339:231): avc:  denied  {
getattr } for  pid=1760 comm="snmpd" name="/" dev=hdb1 ino=2
scontext=user_u:system_r:snmpd_t tcontext=system_u:object_r:boot_t tclass=dir
Oct 23 16:18:19 devgate kernel: audit(1161620299.340:232): avc:  denied  {
getattr } for  pid=1760 comm="snmpd" name="/" dev=hdb5 ino=2
scontext=user_u:system_r:snmpd_t tcontext=system_u:object_r:home_root_t tclass=dir
Oct 23 16:18:19 devgate kernel: audit(1161620299.342:233): avc:  denied  {
getattr } for  pid=1760 comm="snmpd" name="/" dev=binfmt_misc ino=4598
scontext=user_u:system_r:snmpd_t tcontext=system_u:object_r:binfmt_misc_fs_t
tclass=dir

# audit2allow -d
allow snmpd_t binfmt_misc_fs_t:dir getattr;
allow snmpd_t boot_t:dir getattr;
allow snmpd_t home_root_t:dir getattr;
allow snmpd_t usbfs_t:dir getattr;



Expected results:

no AVC's no syslog spam
Comment 1 Chris Stankaitis 2006-10-23 12:24:45 EDT
BAH forgot to note:

selinux-policy-targeted-1.17.30-2.126.noarch
Comment 2 Chris Stankaitis 2006-11-20 14:38:57 EST
been almost a month, can someone take a look at this and comment?
Comment 3 Chris Stankaitis 2007-01-25 12:28:22 EST
Still a problem in selinux-policy-targeted-1.17.30-2.140.noarch can someone
please address this?
Comment 4 Daniel Walsh 2007-01-29 09:55:09 EST
Fixed in 1.17.30-2.142
Comment 5 Chris Stankaitis 2007-01-30 09:15:24 EST
thanks Dan!
Comment 11 Red Hat Bugzilla 2007-05-01 18:48:00 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2007-0171.html

Note You need to log in before you can comment on or make changes to this bug.