Here is an interesting one

Richard Irving rirving at
Sat Mar 5 02:04:50 UTC 2005

  Recently, I was playing with the hook programs that can be run,
and read via the snmpd daemon....

(like a remote df, or a remote iostat... etc)

The snmpd daemon is given a program to run, if a certain
MIB is strobed...

  This runs fine, when I as root, spawn the SNMPD daemon.

    However, when the automatic boot in rc5.d starts it,
(and it is the identical script file I use to start it with
manually), during init, it appears to work, as the daemon starts....

  but, I get no data back. I -do-, however, find the following
in the logs, however....

   Mar  4 17:00:02 smoker kernel: audit(1109973602.066:0): avc:  denied  { write } for  pid=1180 
exe=/usr/sbin/snmpd path=pipe:[135310] dev=pipefs ino=135310 scontext=user_u:system_r:snmpd_t 
tcontext=user_u:system_r:snmpd_t tclass=fifo_file

  The source and the targets appear to be the same, yet it is denied.


    Ideas ?

   init script:

-rwxr-xr-x  root     root     system_u:object_r:initrc_exec_t  /etc/rc.d/init.d/snmpd

An example of a Target file, ran by snmpd:

-r-xr-xr-x  root     root     root:object_r:etc_t              /etc/snmp/snmpload

   It looks as though it cannot properly inherit the childs pipe, when ran by init ?

More information about the fedora-selinux-list mailing list