[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Problems with snmpd following update.



On Wed, 2006-02-01 at 18:54 +0000, David Rye wrote:
> Which on my limited understanding looks correct and I think means that
> snmpd executes with a
> custom policy indicated by the snmpd_exec_t bit.
> 
> Does this mean that there is a bug in the policy for snmpd defined by
> the rpm
> selinux-policy-targeted-1.17.30-3.19 ?

No, it means that libbeecrypt.so.6 is incorrectly marked by the
toolchain as requiring an executable stack.  This was corrected in FC4.
Use execstack -c to clear the marking to avoid triggering an executable
stack there so that you don't have to allow it in policy (which would
expose you to risk).  The /etc/selinux/config denials are just noise;
libselinux always tries to open it from constructor, so any program that
happens to link with it triggers attempts there, which are normally
silenced in enforcing mode by dontaudit rules.
 
-- 
Stephen Smalley
National Security Agency


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]