Description of problem: The default targeted policy prevents freeradius to connect to net-snmp socket as smux client. In certain configurations, this is desired behavior. Version-Release number of selected component (if applicable): How reproducible: always Steps to Reproduce: 1. Edit /etc/snmp/snmpd.conf, add these lines: smuxpeer 1.3.6.1.4.1.3317.1.3.1. verysecret view systemview included .1.3.6.1.2.1.67 2. Edit /etc/raddb/radiusd.conf, find "snmp = no", change to "snmp = yes" 3. Edit /etc/raddb/snmp.conf, make sure the smux_password is set (should be able to just uncomment the line), e.g.: smux_password = verysecret 4. Restart the snmp and radius services: % service snmpd restart % service radiusd restart 5. Perform a snmp walk on the radius mibs: % snmpwalk -c public -v2c localhost 1.3.6.1.2.1.67 Actual results: net-snmp and freeradius are unable to communicate. To get avc, it is necessary to install enableaudit base module. Expected results: freeradius should be able to connect to net-snmp Additional info: IMHO adding boolean is good idea, while this behavior is desired it is not always needed. The allow rule is allow radiusd_t snmp_port_t:tcp_socket name_connect;
Fixed in selinux-policy-2.4.6-152.el5
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2009-0163.html