Can't get snmpd working on selinux system

ChrisBartram · 11-08-2007, 02:10 PM

-Never worked on a selinux enabled box before; seems it's interfering with the snmpd daemon's access to it's config file (/etc/snmp/snmpd.conf).

uname -a
Linux zzz.zzz.zzz 2.6.9-55.0.0.0.2.ELsmp #1 SMP Wed May 2 14:59:56 PDT 2007 i686 i686 i386 GNU/Linux

snmpd -v
NET-SNMP version: 5.1.2

I get the following error when I try to start snmpd;

kernel: audit(1194378789.325:8): avc: denied { read } for pid=4257 comm="snmpd" name="snmpd.conf" dev=dm-0 ino=118759 scontext=root:system_r:snmpd_t tcontext=user_u

bject_r:user_home_t tclass=file

I was able to chcon -u root snmpd.conf - but trying to set the role or type gives me a "permission denied". I'm root!?

What am I missing? Or better yet what is the secret incantation I need to get the permissions correct on this file so I can get snmpd running?

TIA,
-Chris

VanDaMe · 09-01-2008, 01:31 AM

any solution for this issue?

w3bd3vil · 09-01-2008, 03:31 AM

Add a policy to selinux for snmpd.
you could use system-config-selinux

A tutorial I searched for you

Quote:

http://www.redhatmagazine.com/2007/0...policy-module/

or disable selinux??

Quote:

setenforce 0

unSpawn · 09-01-2008, 12:24 PM

Quote:

Originally Posted by VanDaMe

any solution for this issue?

Please do not resurrect stale threads (over than four to six months old).
The chance you'll get an answer from the OP is rare.
Next time better create your own thread.

Quote:

Originally Posted by w3bd3vil

or disable selinux??

Disabling SE Linux lowers the security posture of the machine.
I would appreciate it if people don't give that kind of "advice".
At least not until all other options have been tested thoroughly.
Thanks for understanding.

w3bd3vil · 09-01-2008, 12:46 PM

Quote:

At least not until all other options have been tested thoroughly.

Yup, I gave him a tutorial to understand if he still couldnt do it, then maybe...