Description of problem: SELinux is preventing snmpd (snmpd_t) "getattr" to /root/.rpmmacros (user_home_dir_t). Version-Release number of selected component (if applicable): selinux-policy-2.4.6-255.el5.noarch selinux-policy-devel-2.4.6-255.el5.noarch selinux-policy-minimum-2.4.6-255.el5.noarch selinux-policy-targeted-2.4.6-255.el5.noarch selinux-policy-mls-2.4.6-255.el5.noarch selinux-policy-strict-2.4.6-255.el5.noarch net-snmp-devel-5.3.2.2-7.el5_4.2 net-snmp-5.3.2.2-7.el5_4.2 net-snmp-libs-5.3.2.2-7.el5_4.2 net-snmp-utils-5.3.2.2-7.el5_4.2 net-snmp-perl-5.3.2.2-7.el5_4.2 How reproducible: always Steps to Reproduce: # setenforce 1 # /etc/init.d/snmpd start Starting snmpd: [ OK ] # less /var/log/audit/audit.log Actual results: type=AVC msg=audit(1253545632.050:3935): avc: denied { getattr } for pid=6705 comm="snmpd" path="/root/.rpmmacros" dev=md0 ino=654173 scontext=root:system_r:snmpd_t:s0 tcontext=system_u:object_r:user_home_dir_t:s0 tclass=file type=SYSCALL msg=audit(1253545632.050:3935): arch=80000016 syscall=106 success=no exit=-13 a0=3ffffa04ac8 a1=3ffffa04b18 a2=3ffffa04b18 a3=20000e3a600 items=0 ppid=1 pid=6705 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=599 comm="snmpd" exe="/usr/sbin/snmpd" subj=root:system_r:snmpd_t:s0 key=(null) Expected results: no AVCs Additional info:
Following command does not help, new AVC appears each time when snmpd service is started. restorecon -v /root/.rpmmacros
To be precise slighly different AVC appears (target context = user_home_dir_t vs. user_home_t). type=AVC msg=audit(1253546483.292:3963): avc: denied { getattr } for pid=22098 comm="snmpd" path="/root/.rpmmacros" dev=dm-0 ino=1047145 scontext=root:system_r:snmpd_t:s0 tcontext=root:object_r:user_home_t:s0 tclass=file type=SYSCALL msg=audit(1253546483.292:3963): arch=40000003 syscall=195 success=no exit=-13 a0=bf885930 a1=bf885998 a2=a29ff4 a3=5 items=0 ppid=1 pid=22098 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=577 comm="snmpd" exe="/usr/sbin/snmpd" subj=root:system_r:snmpd_t:s0 key=(null)
How about you remove the /root/.rpmmacros file and the problem goes away. snmpd for some reason is executing some rpm code which is trying to look at this file.