SELinux is preventing zenity...
Dominick Grift
domg472 at gmail.com
Fri Dec 18 09:11:53 UTC 2009
On Thu, Dec 17, 2009 at 08:36:00PM -0500, Steve Blackwell wrote:
> I have a UPS that sends an SNMP trap when the main power goes out.
> I wrote my snmptrapd.conf file to execute a script when the trap is
> received. The script simply calls zenity to pop up a message.
>
> Here's my problem. If I start snmptrapd from the command line
> everything works beautifully but if I have the system start it at boot
> time or via System->Administration->Services, the trap gets logged
Because when you start it manually it gets executed in the users environment which is unrestricted/ unprotected in el5
> in /var/log/messages but the zenity window doesn't get displayed and I
> get these SELinux messages in /var/log/messages.
>
> SELinux is preventing the zenity from using potentially mislabeled
> files (XO)...
>
> SELinux is preventing zenity (snmpd_t) "name_connect" to <Unknown>
> <xserver_port_t>...
>
> I've looked at the ouput of
>
> # ps -ef | grep snmptrapd
>
> and it is identical in both cases so I don't understand why one works
> and the other doesn't. I tried
>
> # cat /var/log/messages | audit2allow -m local
The avc denial gets logged to /var/log/audit/audit.log:
ausearch -m avc -ts yesterday | grep snmpt_t | audit2allow -M mysnmp | semodule -i mysnmp.pp
>
> but that just produced a file that said:
>
> module local 1.0;
>
> and nothing else.
>
> I'm running RHEL5.4 with SELinux in enforcing mode.
>
> Any help would be appreciated.
>
> Thanks,
> Steve
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20091218/e63c619b/attachment.sig>
More information about the fedora-selinux-list
mailing list