SELinux troubleshooting
Daniel J Walsh
dwalsh at redhat.com
Fri Dec 1 21:59:05 UTC 2006
Lopez, Denise wrote:
>
> Hello everyone,
>
> I keep getting the following messages in my messages log about every
> 30 seconds or so. I have SELinux set to enforcing and targeted mode.
> If I do a getenforce on the command line it returns enforcing.
>
> Dec 1 12:31:03 dev kernel: audit(1165005063.015:258313): avc: denied
> { getattr } for pid=31342 comm="snmpd" name="/" dev=sda3 ino=2
> scontext=system_u:system_r:snmpd_t
> tcontext=system_u:object_r:home_root_t tclass=dir
>
> I need help deciphering what is happening. I have a snmpd daemon
> running that responds to queries from a Nagios host that performs
> service checks.
>
snmp is trying to getattr /home. Which is being denied by SELinux. The
latest policy looks like this is allowed. So you can either update to
the latest policy, or you can use
grep snmpd_t /var/log/audit/audit.log | audit2allow -M mysnmp
And load your own custom policy.
> Thanks in advance.
>
> Denise Lopez
>
> UCLA Center for Digital Humanities
>
> Network Services
>
> Systems Engineer
>
> 337 Charles E. Young Drive East
>
> PPB 1020
>
> Los Angeles, CA 90095
>
> 310/206-8216
>
> ------------------------------------------------------------------------
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
More information about the fedora-selinux-list
mailing list