Description of problem: snmpd startup generated warnings/error. Version-Release number of selected component (if applicable): selinux-policy-targeted-2.4.6-30.el5 net-snmp-5.3.1-14.el5 How reproducible: Always Steps to Reproduce: 1.Run in SELinux enforcing mode 2.service snmpd start 3. Actual results: Mar 23 11:13:43 dakar-lap setroubleshoot: SELinux is preventing /usr/sbin/snmpd (snmpd_t) "read" access to sendmail.cf (etc_mail_t). For complete SELinux messages. run sealert -l af0d74e2-26cf-4301-b07f-7ac2029fb5da Mar 23 11:13:43 dakar-lap setroubleshoot: SELinux is preventing /usr/sbin/snmpd (snmpd_t) "getattr" access to /etc/mail/sendmail.cf (etc_mail_t). For complete SELinux messages. run sealert -l d8430316-b15a-4ab9-8670-81d025a437f3 Mar 23 11:13:43 dakar-lap setroubleshoot: SELinux is preventing /usr/sbin/snmpd (snmpd_t) "search" access to mqueue (mqueue_spool_t). For complete SELinux messages. run sealert -l 949f4f8b-4677-4bdd-96c9-a8bd2623dda1 Mar 23 11:13:43 dakar-lap setroubleshoot: SELinux is preventing /usr/sbin/snmpd (snmpd_t) "read" access to statistics (sendmail_log_t). For complete SELinux messages. run sealert -l db3bb240-d843-4644-a38f-3ae5cae7a806 Expected results: No error messages Additional info: net-snmp is compiled with support for module mibII/mta_sendmail that can give you mailqueue stats. In order to do this, it needs to read sendmail.cf and queue contents.
Please attach /var/log/audit/audit.log
Created attachment 150773 [details] audit log for snmp avc denied messages
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
Fixed in selinux-policy-targeted-2.4.6-69.el5
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2007-0544.html