Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 155533 - snmpd segfaults at startup
Summary: snmpd segfaults at startup
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: net-snmp
Version: 3
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Radek Vokal
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-04-21 07:02 UTC by Aurelien Bompard
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-04-26 07:36:41 UTC


Attachments (Terms of Use)

Description Aurelien Bompard 2005-04-21 07:02:51 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050416 Fedora/1.0.3-1.3.1 Firefox/1.0.3

Description of problem:
Snmpd won't start with selinux-policy-targeted 1.17.30-2.96 and kernel 2.6.11-1.14_FC3

Here's the end of the stack trace:
open("/etc/selinux/config", O_RDONLY)   = -1 EACCES (Permission denied)
open("/proc/mounts", O_RDONLY)          = 3
fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f87000
read(3, "rootfs / rootfs rw 0 0\n/proc /pr"..., 1024) = 503
close(3)                                = 0
munmap(0xb7f87000, 4096)                = 0
open("/var/log/snmpd.log", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb7f69708) = 25407
--- SIGCHLD (Child exited) @ 0 (0) ---
exit_group(0)                           = ?

I suspect selinux but I don't havec avc denied logs in /var/log/messages or dmesg

Version-Release number of selected component (if applicable):
net-snmp-5.1.2-11 selinux-policy-targeted-1.17.30-2.96 kernel-2.6.11-1.14_FC3

How reproducible:
Always

Steps to Reproduce:
1. start snmpd with this policy and this kernel
  

Additional info:

Comment 1 Daniel Walsh 2005-04-21 11:07:12 UTC
YOu can test whether SELinux is the problem by turning off enforcing mode

setenforce 0
Try to start snmpd.

If it still fails, it is probably not SELinux.



Comment 2 Aurelien Bompard 2005-04-21 16:37:01 UTC
I've done that, it still fails but I get the following lines in /var/log/messages:
avc:  denied  { read } for  pid=2358 exe=/usr/sbin/snmpd name=config dev=sda2
ino=1233440 scontext=root:system_r:snmpd_t
tcontext=system_u:object_r:selinux_config_t tclass=file
avc:  denied  { getattr } for  pid=2358 exe=/usr/sbin/snmpd
path=/etc/selinux/config dev=sda2 ino=1233440 scontext=root:system_r:snmpd_t
tcontext=system_u:object_r:selinux_config_t tclass=file

And after another service snmpd restart, still in the logs :
avc:  denied  { getattr } for  pid=2400 exe=/usr/sbin/snmpd
path=/home/gauret/.rpmmacros dev=sda5 ino=16926925
scontext=root:system_r:snmpd_t tcontext=user_u:object_r:user_home_t tclass=file
avc:  denied  { read } for  pid=2400 exe=/usr/sbin/snmpd name=.rpmmacros
dev=sda5 ino=16926925 scontext=root:system_r:snmpd_t
tcontext=user_u:object_r:user_home_t tclass=file

I have no idea why snmpd is trying to open my .rpmmacros file...

The strace is still the same, and my snmpd.conf is almost default:
# egrep -v '(^#|^$)' /etc/snmp/snmpd.conf
com2sec notConfigUser  default       public
group   notConfigGroup v1           notConfigUser
group   notConfigGroup v2c           notConfigUser
view    systemview    included   .1.3.6.1.2.1.1
view    systemview    included   .1.3.6.1.2.1.25.1.1
view    all           included   .1                  80
access  notConfigGroup ""      any       noauth    exact  all none none
syslocation Paris
syscontact Aurelien Bompard
pass .1.3.6.1.4.1.4413.4.1 /usr/bin/ucd5820stat

Do you think this is an snmpd bug or a policy one ?
Thanks

Comment 3 Daniel Walsh 2005-04-21 16:54:47 UTC
Then it is a snmp bug, or configuration problem,  not an SELinux bug.

Comment 4 Radek Vokal 2005-04-25 09:23:17 UTC
This might be a net-snmp bug. I'm about to push a new version of net-snmp in
Fedora updates, should appear really soon. 

Comment 5 Aurelien Bompard 2005-04-26 07:36:41 UTC
Snmpd starts fine with net-snmp-5.2.1-10.FC3. Thanks !


Note You need to log in before you can comment on or make changes to this bug.