[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Problems with snmpd following update.



Daniel J Walsh wrote:
> 
> David Rye wrote:
> > Have run in to a problem on a couple of servers that I have updated in
> > the last week or so.
> >
> > snmpd does not start after a reboot, the following log extract is from
> > /var/log/messages on server f4.
> >
> > Jan 31 17:26:54 f4 acpid: acpid startup succeeded
> > Jan 31 17:26:54 f4 kernel: audit(1138728414.530:2): avc:  denied  {
> > execmem } fo
> > r  pid=5278 comm="snmpd" scontext=user_u:system_r:snmpd_t
> > tcontext=user_u:system
> > _r:snmpd_t tclass=process
> > Jan 31 17:26:54 f4 snmpd: /usr/sbin/snmpd: error while loading shared
> > libraries:
> >  libbeecrypt.so.6: cannot enable executable stack as shared object
> > requires: Per
> > mission denied
> > Jan 31 17:26:54 f4 snmpd: snmpd startup failed
> >
> >
> >
> >
> Does it work if you
> execstack -c /usr/lib/libbeecrypt.so.6

Yes and no.

snmpd starts but the following entery is added to /var/log/messages

Feb  1 18:31:48 workstation1 kernel: audit(1138818708.669:5): avc:  
denied  { search } for  pid=3176 comm="snmpd" 
scontext=root:system_r:snmpd_t 
tcontext=system_u:object_r:sysctl_dev_t 
tclass=dir

snmpwalk will then display the mib tree or at any rate most of it.

However while running snmpwalk 9000 additional avc: eneries were 
added to /var/log/messages.

Feb  1 18:37:33 workstation1 kernel: audit(1138819053.932:7): avc:  
denied  { signull } for  pid=3285 comm="snmpd" 
scontext=root:system_r:snmpd_t 
tcontext=root:system_r:unconfined_t 
tclass=process

Feb  1 18:37:33 workstation1 kernel: audit(1138819053.932:8): avc:  
denied  { signull } for  pid=3285 comm="snmpd" 
scontext=root:system_r:snmpd_t 
tcontext=root:system_r:unconfined_t 
tclass=process

Feb  1 18:37:33 workstation1 kernel: audit(1138819053.932:9): avc:  
denied  { signull } for  pid=3285 comm="snmpd" 
scontext=root:system_r:snmpd_t 
tcontext=root:system_r:unconfined_t 
tclass=process

Feb  1 18:37:33 workstation1 kernel: audit(1138819053.932:10): avc:  
denied  { signull } for  pid=3285 comm="snmpd" 
scontext=root:system_r:snmpd_t 
tcontext=root:system_r:unconfined_t 
tclass=process

Feb  1 18:37:33 workstation1 kernel: audit(1138819053.932:11): avc:  
denied  { signull } for  pid=3285 comm="snmpd" 
scontext=root:system_r:snmpd_t 
tcontext=root:system_r:unconfined_t 
tclass=process

Feb  1 18:37:33 workstation1 kernel: audit(1138819053.932:12): avc:  
denied  { signull } for  pid=3285 comm="snmpd" 
scontext=root:system_r:snmpd_t 
tcontext=root:system_r:unconfined_t 
tclass=process

Feb  1 18:37:33 workstation1 kernel: audit(1138819053.932:13): avc:  
denied  { signull } for  pid=3285 comm="snmpd" 
scontext=root:system_r:snmpd_t 
tcontext=root:system_r:unconfined_t 
tclass=process

Feb  1 18:37:33 workstation1 kernel: audit(1138819053.932:14): avc:  
denied  { signull } for  pid=3285 comm="snmpd" 
scontext=root:system_r:snmpd_t 
tcontext=root:system_r:unconfined_t 
tclass=process

Feb  1 18:37:33 workstation1 kernel: audit(1138819053.956:15): avc:  
denied  { getattr } for  pid=3285 comm="snmpd" name="/" dev=usbfs
ino=1392 
scontext=root:system_r:snmpd_t 
tcontext=system_u:object_r:usbfs_t 
tclass=dir

Feb  1 18:37:33 workstation1 kernel: audit(1138819053.962:16): avc:  
denied  { getattr } for  pid=3285 comm="snmpd" name="/" dev=hda1 ino=2 
scontext=root:system_r:snmpd_t 
tcontext=system_u:object_r:boot_t 
tclass=dir

Feb  1 18:37:34 workstation1 kernel: audit(1138819054.000:17): avc:  
denied  { getattr } for  pid=3285 comm="snmpd" name="/" dev=usbfs
ino=1392 
scontext=root:system_r:snmpd_t 
tcontext=system_u:object_r:usbfs_t 
tclass=dir

Feb  1 18:37:34 workstation1 kernel: audit(1138819054.002:18): avc:  
denied  { getattr } for  pid=3285 comm="snmpd" name="/" dev=hda1 ino=2 
scontext=root:system_r:snmpd_t 
tcontext=system_u:object_r:boot_t 
tclass=dir

Feb  1 18:37:34 workstation1 kernel: audit(1138819054.018:19): avc:  
denied  { getattr } for  pid=3285 comm="snmpd" name="/" dev=usbfs
ino=1392 
scontext=root:system_r:snmpd_t 
tcontext=system_u:object_r:usbfs_t 
tclass=dir

Feb  1 18:37:34 workstation1 kernel: audit(1138819054.020:20): avc:  
denied  { getattr } for  pid=3285 comm="snmpd" name="/" dev=hda1 ino=2 
scontext=root:system_r:snmpd_t 
tcontext=system_u:object_r:boot_t 
tclass=dir

Feb  1 18:37:34 workstation1 kernel: audit(1138819054.035:21): avc:  
denied  { getattr } for  pid=3285 comm="snmpd" name="/" dev=usbfs
ino=1392 
scontext=root:system_r:snmpd_t 
tcontext=system_u:object_r:usbfs_t 
tclass=dir

Feb  1 18:37:34 workstation1 kernel: audit(1138819054.055:22): avc:  
denied  { getattr } for  pid=3285 comm="snmpd" name="/" dev=hda1 ino=2 
scontext=root:system_r:snmpd_t 
tcontext=system_u:object_r:boot_t 
tclass=dir

Feb  1 18:37:34 workstation1 kernel: audit(1138819054.071:23): avc:  
denied  { getattr } for  pid=3285 comm="snmpd" name="/" dev=usbfs
ino=1392 
scontext=root:system_r:snmpd_t 
tcontext=system_u:object_r:usbfs_t 
tclass=dir

Feb  1 18:37:34 workstation1 kernel: audit(1138819054.073:24): avc:  
denied  { getattr } for  pid=3285 comm="snmpd" name="/" dev=hda1 ino=2 
scontext=root:system_r:snmpd_t 
tcontext=system_u:object_r:boot_t 
tclass=dir

Feb  1 18:37:34 workstation1 kernel: audit(1138819054.092:25): avc:  
denied  { getattr } for  pid=3285 comm="snmpd" name="/" dev=usbfs
ino=1392 
scontext=root:system_r:snmpd_t 
tcontext=system_u:object_r:usbfs_t 
tclass=dir

Feb  1 18:37:34 workstation1 kernel: audit(1138819054.095:26): avc:  
denied  { getattr } for  pid=3285 comm="snmpd" name="/" dev=hda1 ino=2 
scontext=root:system_r:snmpd_t 
tcontext=system_u:object_r:boot_t 
tclass=dir

Feb  1 18:37:34 workstation1 kernel: audit(1138819054.111:27): avc:  
denied  { getattr } for  pid=3285 comm="snmpd" name="/" dev=usbfs
ino=1392 
scontext=root:system_r:snmpd_t 
tcontext=system_u:object_r:usbfs_t 
tclass=dir

Feb  1 18:37:34 workstation1 kernel: audit(1138819054.111:28): avc:  
denied  { getattr } for  pid=3285 comm="snmpd" name="/" dev=hda1 ino=2 
scontext=root:system_r:snmpd_t 
tcontext=system_u:object_r:boot_t 
tclass=dir

Feb  1 18:37:36 workstation1 kernel: audit(1138819056.112:29): avc:  
denied  { getattr } for  pid=3285 comm="snmpd" name="tmp" dev=hda2
ino=9895940 
scontext=root:system_r:snmpd_t 
tcontext=system_u:object_r:tmp_t 
tclass=dir

Feb  1 18:37:36 workstation1 kernel: audit(1138819056.135:30): avc:  
denied  { read } for  pid=3285 comm="snmpd" name="tmp" dev=hda2
ino=3915910 
scontext=root:system_r:snmpd_t 
tcontext=system_u:object_r:usr_t 
tclass=lnk_file

Feb  1 18:37:36 workstation1 kernel: audit(1138819056.135:31): avc:  
denied  { getattr } for  pid=3285 comm="snmpd" name="tmp" dev=hda2
ino=4374529 
scontext=root:system_r:snmpd_t 
tcontext=system_u:object_r:tmp_t 
tclass=dir

Feb  1 18:37:42 workstation1 kernel: audit(1138819062.738:32): avc:  
denied  { getattr } for  pid=3285 comm="snmpd" name="tmp" dev=hda2
ino=9895940 
scontext=root:system_r:snmpd_t tcontext=system_u:object_r:tmp_t 
tclass=dir

Feb  1 18:37:42 workstation1 kernel: audit(1138819062.738:33): avc:  
denied  { read } for  pid=3285 comm="snmpd" name="tmp" dev=hda2
ino=3915910 
scontext=root:system_r:snmpd_t 
tcontext=system_u:object_r:usr_t 
tclass=lnk_file

Feb  1 18:37:42 workstation1 kernel: audit(1138819062.738:34): avc:  
denied  { getattr } for  pid=3285 comm="snmpd" name="tmp" dev=hda2
ino=4374529 
scontext=root:system_r:snmpd_t 
tcontext=system_u:object_r:tmp_t 
tclass=dir

Feb  1 18:37:44 workstation1 kernel: audit(1138819063.999:35): avc:  
denied  { getattr } for  pid=3285 comm="snmpd" name="tmp" dev=hda2
ino=9895940 
scontext=root:system_r:snmpd_t 
tcontext=system_u:object_r:tmp_t 
tclass=dir

Feb  1 18:37:44 workstation1 kernel: audit(1138819063.999:36): avc:  
denied  { read } for  pid=3285 comm="snmpd" name="tmp" dev=hda2
ino=3915910 
scontext=root:system_r:snmpd_t 
tcontext=system_u:object_r:usr_t 
tclass=lnk_file

------snip another 6000 odd lines all getattr or read on file tmp----

inode 
3915910  sym link /usr/tmp to /var/tmp
4374529	/tmp
9895940	/var/tmp


> > Running
> > execstack -q /usr/lib/libbeecrypt.so.6
> > gives
> > X /usr/lib/libbeecrypt.so.6
> >
> > So the library is explisitly marked as requiring an executable stack.
> >
> > looking at the obvious rpms yields the following
> >
> > kernel-2.6.12-1.1381_FC3              was kernel-2.6.11-1.14_FC3
> > net-snmp-5.2.1.2-FC3.1                unchanged
> > net-snmp-libs-5.2.1.2-FC3.1           unchanged
> > selinux-policy-targeted-1.17.30-3.19  was
> > selinux-policy-targeted-1.17.30-2.96
> > libselinux-1.19.1-8                   unchanged
> > beecrypt-3.1.0-6                      unchanged
> >
> >
> > Any suggestions appreciated.
> >
> >

-- 
J. David Rye
http://www.roadrunner.uk.com
http://www.rha.org.uk
mailto://d rye roadtech co uk


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]