Bug 524639 - SELinux is preventing snmpd (snmpd_t) "getattr" to /root/.rpmmacros (user_home_dir_t)
SELinux is preventing snmpd (snmpd_t) "getattr" to /root/.rpmmacros (user_hom...
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy (Show other bugs)
5.4
All Linux
low Severity medium
: rc
: ---
Assigned To: Daniel Walsh
BaseOS QE
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-09-21 11:17 EDT by Milos Malik
Modified: 2012-10-02 09:35 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-10-15 14:35:49 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Milos Malik 2009-09-21 11:17:12 EDT
Description of problem:
SELinux is preventing snmpd (snmpd_t) "getattr" to /root/.rpmmacros
(user_home_dir_t).

Version-Release number of selected component (if applicable):
selinux-policy-2.4.6-255.el5.noarch
selinux-policy-devel-2.4.6-255.el5.noarch
selinux-policy-minimum-2.4.6-255.el5.noarch
selinux-policy-targeted-2.4.6-255.el5.noarch
selinux-policy-mls-2.4.6-255.el5.noarch
selinux-policy-strict-2.4.6-255.el5.noarch
net-snmp-devel-5.3.2.2-7.el5_4.2
net-snmp-5.3.2.2-7.el5_4.2
net-snmp-libs-5.3.2.2-7.el5_4.2
net-snmp-utils-5.3.2.2-7.el5_4.2
net-snmp-perl-5.3.2.2-7.el5_4.2

How reproducible:
always

Steps to Reproduce:
# setenforce 1
# /etc/init.d/snmpd start
Starting snmpd:                                            [  OK  ]
# less /var/log/audit/audit.log
  
Actual results:
type=AVC msg=audit(1253545632.050:3935): avc:  denied  { getattr } for  pid=6705 comm="snmpd" path="/root/.rpmmacros" dev=md0 ino=654173 scontext=root:system_r:snmpd_t:s0 tcontext=system_u:object_r:user_home_dir_t:s0 tclass=file
type=SYSCALL msg=audit(1253545632.050:3935): arch=80000016 syscall=106 success=no exit=-13 a0=3ffffa04ac8 a1=3ffffa04b18 a2=3ffffa04b18 a3=20000e3a600 items=0 ppid=1 pid=6705 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=599 comm="snmpd" exe="/usr/sbin/snmpd" subj=root:system_r:snmpd_t:s0 key=(null)

Expected results:
no AVCs

Additional info:
Comment 2 Milos Malik 2009-09-21 11:24:30 EDT
Following command does not help, new AVC appears each time when snmpd service is started.

restorecon -v /root/.rpmmacros
Comment 3 Milos Malik 2009-09-21 11:29:41 EDT
To be precise slighly different AVC appears (target context = user_home_dir_t vs. user_home_t).

type=AVC msg=audit(1253546483.292:3963): avc:  denied  { getattr } for  pid=22098 comm="snmpd" path="/root/.rpmmacros" dev=dm-0 ino=1047145 scontext=root:system_r:snmpd_t:s0 tcontext=root:object_r:user_home_t:s0 tclass=file
type=SYSCALL msg=audit(1253546483.292:3963): arch=40000003 syscall=195 success=no exit=-13 a0=bf885930 a1=bf885998 a2=a29ff4 a3=5 items=0 ppid=1 pid=22098 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=577 comm="snmpd" exe="/usr/sbin/snmpd" subj=root:system_r:snmpd_t:s0 key=(null)
Comment 4 Daniel Walsh 2009-09-21 22:40:29 EDT
How about you remove the /root/.rpmmacros file and the problem goes away.

snmpd for some reason is executing some rpm code which is trying to look at this file.

Note You need to log in before you can comment on or make changes to this bug.