Here is an interesting one
Richard Irving
rirving at antient.org
Sat Mar 5 02:04:50 UTC 2005
Recently, I was playing with the hook programs that can be run,
and read via the snmpd daemon....
(like a remote df, or a remote iostat... etc)
The snmpd daemon is given a program to run, if a certain
MIB is strobed...
This runs fine, when I as root, spawn the SNMPD daemon.
However, when the automatic boot in rc5.d starts it,
(and it is the identical script file I use to start it with
manually), during init, it appears to work, as the daemon starts....
but, I get no data back. I -do-, however, find the following
in the logs, however....
Mar 4 17:00:02 smoker kernel: audit(1109973602.066:0): avc: denied { write } for pid=1180
exe=/usr/sbin/snmpd path=pipe:[135310] dev=pipefs ino=135310 scontext=user_u:system_r:snmpd_t
tcontext=user_u:system_r:snmpd_t tclass=fifo_file
The source and the targets appear to be the same, yet it is denied.
????
Ideas ?
init script:
-rwxr-xr-x root root system_u:object_r:initrc_exec_t /etc/rc.d/init.d/snmpd
An example of a Target file, ran by snmpd:
-r-xr-xr-x root root root:object_r:etc_t /etc/snmp/snmpload
It looks as though it cannot properly inherit the childs pipe, when ran by init ?
More information about the fedora-selinux-list
mailing list