[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: Problems with snmpd following update.
- From: Stephen Smalley <sds tycho nsa gov>
- To: David Rye <d rye roadtech co uk>
- Cc: fedora-selinux-list redhat com
- Subject: Re: Problems with snmpd following update.
- Date: Wed, 01 Feb 2006 14:13:09 -0500
On Wed, 2006-02-01 at 18:54 +0000, David Rye wrote:
> Which on my limited understanding looks correct and I think means that
> snmpd executes with a
> custom policy indicated by the snmpd_exec_t bit.
>
> Does this mean that there is a bug in the policy for snmpd defined by
> the rpm
> selinux-policy-targeted-1.17.30-3.19 ?
No, it means that libbeecrypt.so.6 is incorrectly marked by the
toolchain as requiring an executable stack. This was corrected in FC4.
Use execstack -c to clear the marking to avoid triggering an executable
stack there so that you don't have to allow it in policy (which would
expose you to risk). The /etc/selinux/config denials are just noise;
libselinux always tries to open it from constructor, so any program that
happens to link with it triggers attempts there, which are normally
silenced in enforcing mode by dontaudit rules.
--
Stephen Smalley
National Security Agency
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]