roblems with AVC in setting up snmpd

Unbehagen, Bret Earl (SD) beunbehagen at liberty.edu
Thu Feb 2 20:01:39 UTC 2006 

Ok, I am not totally sure what the error is saying, but I can tell you
that it is an SELinux error.

I think (and this is the part I am unsure about), snmpd is trying access
a file with the context of system_u:object_r:tmp_t and it needs to have
root:system_r:snmpd_t. To see a file's context use the ls -Z, and to
change it use chcon.
Or and (I don't recommend this) you could disable SELinux by changing
SELINUX=targeted to disabled or permissive in the /etc/selinux/config

Bret

-----Original Message-----
From: redhat-list-bounces at redhat.com
[mailto:redhat-list-bounces at redhat.com] On Behalf Of Yong Lee
Sent: Thursday, February 02, 2006 1:25 AM
To: redhat-list at redhat.com
Subject: roblems with AVC in setting up snmpd


Hi all,

I think this is just a configuration/policy issue and i would appreciate
any advice you can send my way.  I am trying to play around with the
snmpd daemon on my machine to set up some network monitoring.  In doing
this, i have configured the sndmpd.conf file using the 'snmpconf' tool
and then i started the agent: 

service snmpd start

I query the agent with snmpwalk and i get back some results but in the
message log for the snmp machine with snmpd, i see the message log
outputting many log lines dealing with AVC permission issues.  Following
is a snippet of the logs that I am seeing :

Feb  1 21:50:24 yongs kernel: audit(1138859423.574:136900): avc:  denied
{ read } for  pid=16748 comm="snmpd" name="tmp" dev=dm-0 ino=9093496
scontext=root:system_r:snmpd_t tcontext=system_u:object_r:usr_t
tclass=lnk_file Feb  1 21:50:24 yongs kernel:
audit(1138859423.574:136901): avc:  denied { getattr } for  pid=16748
comm="snmpd" name="tmp" dev=dm-0 ino=18825217
scontext=root:system_r:snmpd_t tcontext=system_u:object_r:tmp_t
tclass=dir Feb  1 21:50:24 yongs kernel: audit(1138859423.575:136902):
avc:  denied { getattr } for  pid=16748 comm="snmpd" name="tmp" dev=dm-0
ino=22003716 scontext=root:system_r:snmpd_t
tcontext=system_u:object_r:tmp_t tclass=dir Feb  1 21:50:24 yongs
kernel: audit(1138859423.575:136903): avc:  denied { read } for
pid=16748 comm="snmpd" name="tmp" dev=dm-0 ino=9093496
scontext=root:system_r:snmpd_t tcontext=system_u:object_r:usr_t
tclass=lnk_file Feb  1 21:50:24 yongs kernel:
audit(1138859423.575:136904): avc:  denied { getattr } for  pid=16748
comm="snmpd" name="tmp" dev=dm-0 ino=18825217
scontext=root:system_r:snmpd_t tcontext=system_u:object_r:tmp_t
tclass=dir Feb  1 21:50:24 yongs kernel: audit(1138859423.575:136905):
avc:  denied { search } for  pid=16748 comm="snmpd" name="net" dev=proc
ino=-268435348 scontext=root:system_r:snmpd_t
tcontext=system_u:object_r:sysctl_net_t tclass=dir Feb  1 21:50:24 yongs
kernel: audit(1138859423.575:136906): avc:  denied { search } for
pid=16748 comm="snmpd" name="net" dev=proc
ino=-268435348 scontext=root:system_r:snmpd_t
tcontext=system_u:object_r:sysctl_net_t tclass=dir Feb  1 21:50:24 yongs
kernel: audit(1138859423.576:136907): avc:  denied { search } for
pid=16748 comm="snmpd" name="net" dev=proc
ino=-268435348 scontext=root:system_r:snmpd_t
tcontext=system_u:object_r:sysctl_net_t tclass=dir Feb  1 21:50:24 yongs
kernel: audit(1138859423.576:136908): avc:  denied { search } for
pid=16748 comm="snmpd" name="net" dev=proc
ino=-268435348 scontext=root:system_r:snmpd_t
tcontext=system_u:object_r:sysctl_net_t tclass=dir Feb  1 21:50:24 yongs
kernel: audit(1138859423.576:136909): avc:  denied { search } for
pid=16748 comm="snmpd" name="net" dev=proc
ino=-268435348 scontext=root:system_r:snmpd_t
tcontext=system_u:object_r:sysctl_net_t tclass=dir Feb  1 21:51:18 yongs
kernel: audit(1138859478.011:136931): avc:  denied { signull } for
pid=16748 comm="snmpd" scontext=root:system_r:snmpd_t
tcontext=user_u:system_r:unconfined_t tclass=process Feb  1 21:51:18
yongs kernel: audit(1138859478.011:136932): avc:  denied { signull } for
pid=16748 comm="snmpd" scontext=root:system_r:snmpd_t
tcontext=user_u:system_r:unconfined_t tclass=process Feb  1 21:51:18
yongs kernel: audit(1138859478.011:136933): avc:  denied { signull } for
pid=16748 comm="snmpd" scontext=root:system_r:snmpd_t
tcontext=user_u:system_r:unconfined_t tclass=process Feb  1 21:51:18
yongs kernel: audit(1138859478.011:136934): avc:  denied { signull } for
pid=16748 comm="snmpd" scontext=root:system_r:snmpd_t
tcontext=root:system_r:unconfined_t tclass=process Feb  1 21:51:18 yongs
kernel: audit(1138859478.015:136935): avc:  denied { getattr } for
pid=16748 comm="snmpd" name="/" dev=usbfs ino=1213
scontext=root:system_r:snmpd_t tcontext=system_u:object_r:usbfs_t
tclass=dir
Feb  1 21:51:18 yongs kernel: audit(1138859478.015:136936): avc:  denied
{ getattr } for  pid=16748 comm="snmpd" name="/" dev=sda1 ino=2
scontext=root:system_r:snmpd_t tcontext=system_u:object_r:boot_t
tclass=dir Feb  1 21:51:18 yongs kernel: audit(1138859478.015:136937):
avc:  denied { getattr } for  pid=16748 comm="snmpd" name="/"
dev=binfmt_misc
ino=4359 scontext=root:system_r:snmpd_t
tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir Feb  1 21:51:18
yongs kernel: audit(1138859478.018:136938): avc:  denied { getattr } for
pid=16748 comm="snmpd" name="/" dev=usbfs ino=1213
scontext=root:system_r:snmpd_t tcontext=system_u:object_r:usbfs_t
tclass=dir
Feb  1 21:51:18 yongs kernel: audit(1138859478.019:136939): avc:  denied
{ getattr } for  pid=16748 comm="snmpd" name="/" dev=sda1 ino=2
scontext=root:system_r:snmpd_t tcontext=system_u:object_r:boot_t
tclass=dir Feb  1 21:51:18 yongs kernel: audit(1138859478.019:136940):
avc:  denied { getattr } for  pid=16748 comm="snmpd" name="/"
dev=binfmt_misc
ino=4359 scontext=root:system_r:snmpd_t
tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir Feb  1 21:51:18
yongs kernel: audit(1138859478.023:136941): avc:  denied { getattr } for
pid=16748 comm="snmpd" name="/" dev=usbfs ino=1213
scontext=root:system_r:snmpd_t tcontext=system_u:object_r:usbfs_t
tclass=dir
Feb  1 21:51:18 yongs kernel: audit(1138859478.023:136942): avc:  denied
{ getattr } for  pid=16748 comm="snmpd" name="/" dev=sda1 ino=2
scontext=root:system_r:snmpd_t tcontext=system_u:object_r:boot_t
tclass=dir Feb  1 21:51:18 yongs kernel: audit(1138859478.024:136943):
avc:  denied { getattr } for  pid=16748 comm="snmpd" name="/"
dev=binfmt_misc
ino=4359 scontext=root:system_r:snmpd_t
tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir Feb  1 21:51:18
yongs kernel: audit(1138859478.027:136944): avc:  denied { getattr } for
pid=16748 comm="snmpd" name="/" dev=usbfs ino=1213
scontext=root:system_r:snmpd_t tcontext=system_u:object_r:usbfs_t
tclass=dir
Feb  1 21:51:18 yongs kernel: audit(1138859478.027:136945): avc:  denied
{ getattr } for  pid=16748 comm="snmpd" name="/" dev=sda1 ino=2
scontext=root:system_r:snmpd_t tcontext=system_u:object_r:boot_t
tclass=dir Feb  1 21:51:18 yongs kernel: audit(1138859478.027:136946):
avc:  denied { getattr } for  pid=16748 comm="snmpd" name="/"
dev=binfmt_misc
ino=4359 scontext=root:system_r:snmpd_t
tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir Feb  1 21:51:18
yongs kernel: audit(1138859478.030:136947): avc:  denied { getattr } for
pid=16748 comm="snmpd" name="/" dev=usbfs ino=1213
scontext=root:system_r:snmpd_t tcontext=system_u:object_r:usbfs_t
tclass=dir
Feb  1 21:51:18 yongs kernel: audit(1138859478.030:136948): avc:  denied
{ getattr } for  pid=16748 comm="snmpd" name="/" dev=sda1 ino=2
scontext:

I am using the default policies with RHEL4, 

Linux yongs 2.6.9-22.0.2.ELsmp #1 SMP Thu Jan 5 17:13:01 EST 2006 i686
i686 i386 GNU/Linux

I am trying to run snmpd with the process and disk monitoring

I am using the following snmp versions :
net-snmp-libs-5.1.2-11.EL4.6
net-snmp-5.1.2-11.EL4.6
net-snmp-utils-5.1.2-11.EL4.6





--
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

More information about the redhat-list mailing list