Description of problem: Version-Release number of selected component (if applicable): net-snmp-5.3.2.2-20.el5 net-snmp-devel-5.3.2.2-20.el5 net-snmp-libs-5.3.2.2-20.el5 net-snmp-utils-5.3.2.2-20.el5 selinux-policy-2.4.6-331.el5 selinux-policy-devel-2.4.6-331.el5 selinux-policy-minimum-2.4.6-331.el5 selinux-policy-mls-2.4.6-331.el5 selinux-policy-strict-2.4.6-331.el5 selinux-policy-targeted-2.4.6-331.el5 How reproducible: always Steps to Reproduce: 1. append following line to /etc/sysconfig/snmptrapd.options file: OPTIONS="-Lsd -x /var/agentx/master" 2. append following line to /etc/snmp/snmpd.conf file: master agentx # service snmpd restart # service snmptrapd restart # ausearch -m avc -ts recent Actual results: ---- type=PATH msg=audit(09/04/2012 11:56:09.759:292) : item=0 name=(null) inode=68220 dev=03:03 mode=socket,755 ouid=root ogid=root rdev=00:00 obj=root:object_r:snmpd_var_lib_t:s0 type=SOCKETCALL msg=audit(09/04/2012 11:56:09.759:292) : nargs=3 a0=7 a1=bfa6165a a2=6e type=SOCKADDR msg=audit(09/04/2012 11:56:09.759:292) : saddr=local /var/agentx/master type=SYSCALL msg=audit(09/04/2012 11:56:09.759:292) : arch=i386 syscall=socketcall(connect) success=no exit=-13(Permission denied) a0=3 a1=bfa61570 a2=436678 a3=bfa6165a items=1 ppid=18787 pid=18788 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts0 ses=48 comm=snmptrapd exe=/usr/sbin/snmptrapd subj=root:system_r:snmpd_t:s0 key=(null) type=AVC msg=audit(09/04/2012 11:56:09.759:292) : avc: denied { connectto } for pid=18788 comm=snmptrapd path=/var/agentx/master scontext=root:system_r:snmpd_t:s0 tcontext=root:system_r:snmpd_t:s0 tclass=unix_stream_socket ---- Expected results: * no AVCs
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux release for currently deployed products. This request is not yet committed for inclusion in a release.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-0060.html