First Last Prev Next    This bug is not in your last search results.
Bug 854194 - SELinux prevents /usr/sbin/snmptrapd (snmpd_t) from connectto operation on /var/agentx/master socket
SELinux prevents /usr/sbin/snmptrapd (snmpd_t) from connectto operation on /v...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy (Show other bugs)
5.9
All Linux
medium Severity medium
: rc
: ---
Assigned To: Miroslav Grepl
Milos Malik
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-09-04 06:08 EDT by Milos Malik
Modified: 2013-01-07 22:34 EST (History)
1 user (show)

See Also:
Fixed In Version: selinux-policy-2.4.6-332.el5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-01-07 22:34:26 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Milos Malik 2012-09-04 06:08:19 EDT 
Description of problem:


Version-Release number of selected component (if applicable):
net-snmp-5.3.2.2-20.el5
net-snmp-devel-5.3.2.2-20.el5
net-snmp-libs-5.3.2.2-20.el5
net-snmp-utils-5.3.2.2-20.el5
selinux-policy-2.4.6-331.el5
selinux-policy-devel-2.4.6-331.el5
selinux-policy-minimum-2.4.6-331.el5
selinux-policy-mls-2.4.6-331.el5
selinux-policy-strict-2.4.6-331.el5
selinux-policy-targeted-2.4.6-331.el5

How reproducible:
always

Steps to Reproduce:
1. append following line to /etc/sysconfig/snmptrapd.options file:
OPTIONS="-Lsd -x /var/agentx/master"
2. append following line to /etc/snmp/snmpd.conf file:
master agentx
# service snmpd restart
# service snmptrapd restart
# ausearch -m avc -ts recent

Actual results:
----
type=PATH msg=audit(09/04/2012 11:56:09.759:292) : item=0 name=(null) inode=68220 dev=03:03 mode=socket,755 ouid=root ogid=root rdev=00:00 obj=root:object_r:snmpd_var_lib_t:s0 
type=SOCKETCALL msg=audit(09/04/2012 11:56:09.759:292) : nargs=3 a0=7 a1=bfa6165a a2=6e 
type=SOCKADDR msg=audit(09/04/2012 11:56:09.759:292) : saddr=local /var/agentx/master 
type=SYSCALL msg=audit(09/04/2012 11:56:09.759:292) : arch=i386 syscall=socketcall(connect) success=no exit=-13(Permission denied) a0=3 a1=bfa61570 a2=436678 a3=bfa6165a items=1 ppid=18787 pid=18788 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts0 ses=48 comm=snmptrapd exe=/usr/sbin/snmptrapd subj=root:system_r:snmpd_t:s0 key=(null) 
type=AVC msg=audit(09/04/2012 11:56:09.759:292) : avc:  denied  { connectto } for  pid=18788 comm=snmptrapd path=/var/agentx/master scontext=root:system_r:snmpd_t:s0 tcontext=root:system_r:snmpd_t:s0 tclass=unix_stream_socket 
----

Expected results:
 * no AVCs
Comment 1 RHEL Product and Program Management 2012-09-04 06:28:41 EDT 
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux release.  Product Management has
requested further review of this request by Red Hat Engineering, for
potential inclusion in a Red Hat Enterprise Linux release for currently
deployed products.  This request is not yet committed for inclusion in
a release.
Comment 6 errata-xmlrpc 2013-01-07 22:34:26 EST 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0060.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.