Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 158056 - snmpd don't report running processes
Summary: snmpd don't report running processes
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: selinux-policy-targeted
Version: 4.0
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 156322
TreeView+ depends on / blocked
 
Reported: 2005-05-18 08:56 UTC by Mikkel Kruse Johnsen
Modified: 2007-11-30 22:07 UTC (History)
2 users (show)

Fixed In Version: RHBA-2005-645
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-10-05 16:34:25 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2005:645 qe-ready SHIPPED_LIVE SELinux policy bug fix update 2005-10-05 04:00:00 UTC

Description Mikkel Kruse Johnsen 2005-05-18 08:56:55 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Fedora/1.0.4-1.3.1 Firefox/1.0.4

Description of problem:
Running snmpget against a server running httpd (and "proc httpd 30 5" in the config) reports:

[root@dogwood rrdtool]# snmpget -v 2c mandio.cbs.dk -c library .1.3.6.1.4.1.2021.2.1.3.1 .1.3.6.1.4.1.2021.2.1.4.1 .1.3.6.1.4.1.2021.2.1.5.1
UCD-SNMP-MIB::prMin.1 = INTEGER: 5
UCD-SNMP-MIB::prMax.1 = INTEGER: 30
UCD-SNMP-MIB::prCount.1 = INTEGER: 0

And the server is running httpd:
.....
29475 ?        S      1:12 /usr/sbin/httpd
29476 ?        S      1:59 /usr/sbin/httpd
29477 ?        S      1:44 /usr/sbin/httpd
31041 ?        S      1:02 /usr/sbin/httpd
31042 ?        S      0:41 /usr/sbin/httpd
31043 ?        S      0:38 /usr/sbin/httpd
31511 ?        Ss     0:00 sshd: root@pts/0
31517 pts/0    Ss     0:00 -bash
31591 ?        S      0:00 /usr/sbin/snmpd -Lsd -Lf /dev/null -p /var/run/snmpd -a
31806 ?        S      0:09 /usr/sbin/httpd
31921 pts/0    R+     0:00 ps ax
[root@mandio log]#


Version-Release number of selected component (if applicable):
net-snmp-5.1.2-11

How reproducible:
Always

Steps to Reproduce:
1. snmpget -v 2c mandio.cbs.dk -c library .1.3.6.1.4.1.2021.2.1.3.1 .1.3.6.1.4.1.2021.2.1.4.1 .1.3.6.1.4.1.2021.2.1.5.1
  

Actual Results:  UCD-SNMP-MIB::prMin.1 = INTEGER: 5
UCD-SNMP-MIB::prMax.1 = INTEGER: 30
UCD-SNMP-MIB::prCount.1 = INTEGER: 0

Expected Results:  UCD-SNMP-MIB::prMin.1 = INTEGER: 5
UCD-SNMP-MIB::prMax.1 = INTEGER: 30
UCD-SNMP-MIB::prCount.1 = INTEGER: 23 (some number)

Additional info:

Comment 1 Radek Vokal 2005-05-19 07:39:01 UTC
This seems to be a SELinux issue. Can you please try if this also happens on
your system when you have SELinux turned off? eg. try `setenforce 0` and
`service snmpd restart` 




Comment 2 Mikkel Kruse Johnsen 2005-05-19 07:53:18 UTC
Yes it seems to be a SELinux problem. After running "setenforce 0" it worked and
stopped working again after "setenforce 1".

Comment 4 Daniel Walsh 2005-05-19 14:13:15 UTC
Are you seeing any avc messages in /var/log/messages or /var/log/audit/audit.log?

Dan

Comment 5 Mikkel Kruse Johnsen 2005-05-19 14:30:09 UTC
There is no avc messages in /var/log/messages and I don't have audit running (no
/var/log/audit/audit.log file).

Comment 6 Daniel Walsh 2005-05-19 14:34:25 UTC
Ok can you update to selinux policy rpms in U1.
They are available in 

ftp://people.redhat.com/dwalsh/SELinux/RHEL4/u1

Check to see if it works.  If not, could you try
install selinux-policy-targeted-sources

cd /etc/selinux/targeted/src/policy
make enableaudit; make load

Then try to cause the problem and see if there are AVC messages.

Dan


Comment 7 Mikkel Kruse Johnsen 2005-05-19 14:57:53 UTC
Doing:

cd /etc/selinux/targeted/src/policy
make enableaudit; make load

Resulted in:

May 19 16:50:01 mandio kernel: audit(1116514201.474:0): avc:  denied  { search }
for  pid=13916 exe=/usr/sbin/snmpd name=1 dev=proc ino=65538
scontext=user_u:system_r:snmpd_t tcontext=user_u:system_r:unconfined_t tclass=dir

Being printed in /var/log/messages

Olso updated to:

policycoreutils-1.18.1-4.3.i386.rpm
setools-1.5.1-5.1.i386.rpm

and did:
cd /etc/selinux/targeted/src/policy
make enableaudit; make load

Reported the same avc error.



Comment 8 Daniel Walsh 2005-05-19 15:02:18 UTC
Ok one last thing.  do

setenforce 0
run snmp and see if it reports any other errors.

Dan

Comment 9 Mikkel Kruse Johnsen 2005-05-19 15:27:08 UTC
Doing "setenforce 0" resulted in the following the first run, but any runs after
did'nt print anything.


---
May 19 17:22:54 mandio kernel: audit(1116516174.636:0): avc:  denied  { search }
for  pid=13916 exe=/usr/sbin/snmpd name=1 dev=proc ino=65538
scontext=user_u:system_r:snmpd_t tcontext=user_u:system_r:unconfined_t tclass=dir
May 19 17:22:54 mandio kernel: audit(1116516174.636:0): avc:  denied  { read }
for  pid=13916 exe=/usr/sbin/snmpd name=status dev=proc ino=65540
scontext=user_u:system_r:snmpd_t tcontext=user_u:system_r:unconfined_t tclass=file
May 19 17:22:54 mandio kernel: audit(1116516174.636:0): avc:  denied  { getattr
} for  pid=13916 exe=/usr/sbin/snmpd path=/proc/1/status dev=proc ino=65540
scontext=user_u:system_r:snmpd_t tcontext=user_u:system_r:unconfined_t tclass=file
May 19 17:22:54 mandio kernel: audit(1116516174.639:0): avc:  denied  { search }
for  pid=13916 exe=/usr/sbin/snmpd name=1814 dev=proc ino=118882306
scontext=user_u:system_r:snmpd_t tcontext=user_u:system_r:syslogd_t tclass=dir
May 19 17:22:54 mandio kernel: audit(1116516174.639:0): avc:  denied  { read }
for  pid=13916 exe=/usr/sbin/snmpd name=status dev=proc ino=118882308
scontext=user_u:system_r:snmpd_t tcontext=user_u:system_r:syslogd_t tclass=file
May 19 17:22:54 mandio kernel: audit(1116516174.639:0): avc:  denied  { getattr
} for  pid=13916 exe=/usr/sbin/snmpd path=/proc/1814/status dev=proc
ino=118882308 scontext=user_u:system_r:snmpd_t
tcontext=user_u:system_r:syslogd_t tclass=file
May 19 17:22:54 mandio kernel: audit(1116516174.640:0): avc:  denied  { search }
for  pid=13916 exe=/usr/sbin/snmpd name=1845 dev=proc ino=120913922
scontext=user_u:system_r:snmpd_t tcontext=user_u:system_r:portmap_t tclass=dir
May 19 17:22:54 mandio kernel: audit(1116516174.640:0): avc:  denied  { read }
for  pid=13916 exe=/usr/sbin/snmpd name=status dev=proc ino=120913924
scontext=user_u:system_r:snmpd_t tcontext=user_u:system_r:portmap_t tclass=file
May 19 17:22:54 mandio kernel: audit(1116516174.641:0): avc:  denied  { getattr
} for  pid=13916 exe=/usr/sbin/snmpd path=/proc/1845/status dev=proc
ino=120913924 scontext=user_u:system_r:snmpd_t
tcontext=user_u:system_r:portmap_t tclass=file
May 19 17:22:54 mandio kernel: audit(1116516174.642:0): avc:  denied  { search }
for  pid=13916 exe=/usr/sbin/snmpd name=3161 dev=proc ino=207159298
scontext=user_u:system_r:snmpd_t tcontext=root:system_r:unconfined_t tclass=dir
May 19 17:22:54 mandio kernel: audit(1116516174.642:0): avc:  denied  { read }
for  pid=13916 exe=/usr/sbin/snmpd name=status dev=proc ino=207159300
scontext=user_u:system_r:snmpd_t tcontext=root:system_r:unconfined_t tclass=file
May 19 17:22:54 mandio kernel: audit(1116516174.643:0): avc:  denied  { getattr
} for  pid=13916 exe=/usr/sbin/snmpd path=/proc/3161/status dev=proc
ino=207159300 scontext=user_u:system_r:snmpd_t
tcontext=root:system_r:unconfined_t tclass=file
May 19 17:22:54 mandio kernel: audit(1116516174.643:0): avc:  denied  { search }
for  pid=13916 exe=/usr/sbin/snmpd name=3270 dev=proc ino=214302722
scontext=user_u:system_r:snmpd_t tcontext=user_u:system_r:ntpd_t tclass=dir
May 19 17:22:54 mandio kernel: audit(1116516174.643:0): avc:  denied  { read }
for  pid=13916 exe=/usr/sbin/snmpd name=status dev=proc ino=214302724
scontext=user_u:system_r:snmpd_t tcontext=user_u:system_r:ntpd_t tclass=file
May 19 17:22:54 mandio kernel: audit(1116516174.643:0): avc:  denied  { getattr
} for  pid=13916 exe=/usr/sbin/snmpd path=/proc/3270/status dev=proc
ino=214302724 scontext=user_u:system_r:snmpd_t tcontext=user_u:system_r:ntpd_t
tclass=file
May 19 17:22:54 mandio kernel: audit(1116516174.643:0): avc:  denied  { search }
for  pid=13916 exe=/usr/sbin/snmpd name=15085 dev=proc ino=988610562
scontext=user_u:system_r:snmpd_t tcontext=system_u:system_r:unconfined_t tclass=dir
May 19 17:22:54 mandio kernel: audit(1116516174.643:0): avc:  denied  { read }
for  pid=13916 exe=/usr/sbin/snmpd name=status dev=proc ino=988610564
scontext=user_u:system_r:snmpd_t tcontext=system_u:system_r:unconfined_t tclass=file
May 19 17:22:54 mandio kernel: audit(1116516174.643:0): avc:  denied  { getattr
} for  pid=13916 exe=/usr/sbin/snmpd path=/proc/15085/status dev=proc
ino=988610564 scontext=user_u:system_r:snmpd_t
tcontext=system_u:system_r:unconfined_t tclass=file
May 19 17:22:54 mandio kernel: audit(1116516174.644:0): avc:  denied  { search }
for  pid=13916 exe=/usr/sbin/snmpd name=16230 dev=proc ino=1063649282
scontext=user_u:system_r:snmpd_t tcontext=user_u:system_r:httpd_t tclass=dir
May 19 17:22:54 mandio kernel: audit(1116516174.644:0): avc:  denied  { read }
for  pid=13916 exe=/usr/sbin/snmpd name=status dev=proc ino=1063649284
scontext=user_u:system_r:snmpd_t tcontext=user_u:system_r:httpd_t tclass=file
May 19 17:22:54 mandio kernel: audit(1116516174.644:0): avc:  denied  { getattr
} for  pid=13916 exe=/usr/sbin/snmpd path=/proc/16230/status dev=proc
ino=1063649284 scontext=user_u:system_r:snmpd_t tcontext=user_u:system_r:httpd_t
tclass=file
----

Comment 10 Daniel Walsh 2005-05-19 15:43:14 UTC
Ok, I am going to add policy to allow this.  Problem is it will take a while to
get it into RHEL4/U2.  You can set snmpd_disable_trans to disable snmp transition
for now, if you want this behaviour to work.
setsebool -P snmpd_disable_trans=1
service snmpd restart


Comment 11 Red Hat Bugzilla 2005-10-05 16:34:25 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2005-645.html



Note You need to log in before you can comment on or make changes to this bug.