Bug 524639 - SELinux is preventing snmpd (snmpd_t) "getattr" to /root/.rpmmacros (user_home_dir_t)
Summary: SELinux is preventing snmpd (snmpd_t) "getattr" to /root/.rpmmacros (user_hom...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy
Version: 5.4
Hardware: All
OS: Linux
low
medium
Target Milestone: rc
: ---
Assignee: Daniel Walsh
QA Contact: BaseOS QE
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-09-21 15:17 UTC by Milos Malik
Modified: 2012-10-02 13:35 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-10-15 18:35:49 UTC


Attachments (Terms of Use)

Description Milos Malik 2009-09-21 15:17:12 UTC
Description of problem:
SELinux is preventing snmpd (snmpd_t) "getattr" to /root/.rpmmacros
(user_home_dir_t).

Version-Release number of selected component (if applicable):
selinux-policy-2.4.6-255.el5.noarch
selinux-policy-devel-2.4.6-255.el5.noarch
selinux-policy-minimum-2.4.6-255.el5.noarch
selinux-policy-targeted-2.4.6-255.el5.noarch
selinux-policy-mls-2.4.6-255.el5.noarch
selinux-policy-strict-2.4.6-255.el5.noarch
net-snmp-devel-5.3.2.2-7.el5_4.2
net-snmp-5.3.2.2-7.el5_4.2
net-snmp-libs-5.3.2.2-7.el5_4.2
net-snmp-utils-5.3.2.2-7.el5_4.2
net-snmp-perl-5.3.2.2-7.el5_4.2

How reproducible:
always

Steps to Reproduce:
# setenforce 1
# /etc/init.d/snmpd start
Starting snmpd:                                            [  OK  ]
# less /var/log/audit/audit.log
  
Actual results:
type=AVC msg=audit(1253545632.050:3935): avc:  denied  { getattr } for  pid=6705 comm="snmpd" path="/root/.rpmmacros" dev=md0 ino=654173 scontext=root:system_r:snmpd_t:s0 tcontext=system_u:object_r:user_home_dir_t:s0 tclass=file
type=SYSCALL msg=audit(1253545632.050:3935): arch=80000016 syscall=106 success=no exit=-13 a0=3ffffa04ac8 a1=3ffffa04b18 a2=3ffffa04b18 a3=20000e3a600 items=0 ppid=1 pid=6705 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=599 comm="snmpd" exe="/usr/sbin/snmpd" subj=root:system_r:snmpd_t:s0 key=(null)

Expected results:
no AVCs

Additional info:

Comment 2 Milos Malik 2009-09-21 15:24:30 UTC
Following command does not help, new AVC appears each time when snmpd service is started.

restorecon -v /root/.rpmmacros

Comment 3 Milos Malik 2009-09-21 15:29:41 UTC
To be precise slighly different AVC appears (target context = user_home_dir_t vs. user_home_t).

type=AVC msg=audit(1253546483.292:3963): avc:  denied  { getattr } for  pid=22098 comm="snmpd" path="/root/.rpmmacros" dev=dm-0 ino=1047145 scontext=root:system_r:snmpd_t:s0 tcontext=root:object_r:user_home_t:s0 tclass=file
type=SYSCALL msg=audit(1253546483.292:3963): arch=40000003 syscall=195 success=no exit=-13 a0=bf885930 a1=bf885998 a2=a29ff4 a3=5 items=0 ppid=1 pid=22098 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=577 comm="snmpd" exe="/usr/sbin/snmpd" subj=root:system_r:snmpd_t:s0 key=(null)

Comment 4 Daniel Walsh 2009-09-22 02:40:29 UTC
How about you remove the /root/.rpmmacros file and the problem goes away.

snmpd for some reason is executing some rpm code which is trying to look at this file.


Note You need to log in before you can comment on or make changes to this bug.