Bug 444061 - Squid's default SNMP port isn't assigned correct SELinux context
Summary: Squid's default SNMP port isn't assigned correct SELinux context
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy   
(Show other bugs)
Version: 5.3
Hardware: i386
OS: Linux
low
low
Target Milestone: rc
: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Keywords: SELinux
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-04-24 20:17 UTC by Chris Robertson
Modified: 2008-05-06 20:02 UTC (History)
0 users

Fixed In Version: u2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-05-06 20:02:19 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Chris Robertson 2008-04-24 20:17:13 UTC
Description of problem:
Squid's default SNMP port (UDP port 3401) isn't assigned the correct SELinux
policy.  Squid won't start with SELinux in enforcing mode and SNMP enabled. 

Version-Release number of selected component (if applicable):
squid-2.6.STABLE6-5.el5_1.3
selinux-policy-2.4.6-106.el5_1.3

How reproducible:
Always

Steps to Reproduce:
1. Install Squid RPM
2. Modify squid.conf directive snmp_port from its commented value of "snmp_port
0" to "snmp_port 3401"
3. Attempt to start Squid
  
Actual results:

Squid doesn't start.  cache.log mentions failure to open SNMP port 3401.

Expected results:
Squid starts and listens for SNMP queries on port 3401.

Additional info:
Fixable by "semanage port -a -t http_cache_port_t -p udp 3401"

Comment 1 Martin Nagy 2008-05-02 16:58:21 UTC
I can confirm this. Changing component to selinux-policy.

Comment 2 Daniel Walsh 2008-05-06 20:02:19 UTC
This is already fixed in u2 policy

Snapshot available on 

http://people.redhat.com/dwalsh/SELinux/RHEL5

selinux-policy-2.4.6-137.el5


Note You need to log in before you can comment on or make changes to this bug.