Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 161833 - snmptrapd refuses to start
Summary: snmptrapd refuses to start
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: beecrypt
Version: 3
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Paul Nasrat
QA Contact:
URL:
Whiteboard:
: 163928 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-06-27 16:46 UTC by Charles C. Van Tilburg
Modified: 2007-11-30 22:11 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-09-05 07:37:14 UTC


Attachments (Terms of Use)

Description Charles C. Van Tilburg 2005-06-27 16:46:40 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Fedora/1.0.4-1.3.1 Firefox/1.0.4

Description of problem:
install of selinux-policy-targeted-1.17.30-3.13 breaks snmptrapd:

[root@axp init.d]# ./snmptrapd start
Starting snmptrapd: /usr/sbin/snmptrapd: error while loading shared libraries: libbeecrypt.so.6: cannot enable executable stack as shared object requires: Permission denied

Version-Release number of selected component (if applicable):
net-snmp-5.2.1-10.FC3 beecrypt-3.1.0-6 selinux-policy-targeted-1.17.30-3.13

How reproducible:
Always

Steps to Reproduce:
1. cd /etc/init.d
2. ./snmptrapd start
3.
  

Actual Results:  Starting snmptrapd: /usr/sbin/snmptrapd: error while loading shared libraries: libbeecrypt.so.6: cannot enable executable stack as shared object requires: Permission denied

Expected Results:  [OK]

Additional info:

Comment 1 Charles C. Van Tilburg 2005-06-28 12:35:22 UTC
gpg also refuses to work from within thunderbird.

I have reverted to selinux-policy-targeted-1.17.30-3.9 and the
problem(s) go away.

Comment 2 Daniel Walsh 2005-07-03 15:56:40 UTC
Fixed in selinux-policy-targeted-1.17.30-3.16

Comment 3 Charles C. Van Tilburg 2005-07-03 20:22:19 UTC
Any idea when that will hit the network?

Comment 4 Daniel Walsh 2005-07-05 10:57:28 UTC
Today.

Comment 5 Jason Tibbitts 2005-07-13 15:28:59 UTC
This does not seem to be fixed:

> service snmptrapd start
Starting snmptrapd: /usr/sbin/snmptrapd: error while loading shared libraries:
libbeecrypt.so.6: cannot enable executable stack as shared object requires:
Permission denied

audit(1121268331.738:0): avc:  denied  { execmem } for  pid=3637 comm=snmptrapd
scontext=root:system_r:snmpd_t tcontext=root:system_r:snmpd_t tclass=process

> ls -lZ `locate libbeecrypt`
lrwxrwxrwx  root     root     system_u:object_r:lib_t         
/usr/lib/libbeecrypt.so.6 -> libbeecrypt.so.6.2.0*
-rwxr-xr-x  root     root     system_u:object_r:shlib_t       
/usr/lib/libbeecrypt.so.6.2.0*

snmpd fails in the same way.

> rpm -q kernel selinux-policy-targeted beecrypt
kernel-2.6.11-1.35_FC3
selinux-policy-targeted-1.17.30-3.16
beecrypt-3.1.0-6


Comment 6 Charles C. Van Tilburg 2005-07-13 15:50:40 UTC
I have all the same software as you, and mine does
work... perhaps something needs to be reset?  I
downgraded to the prior version of targeted before
I upgraded again.

Comment 7 Jason Tibbitts 2005-07-13 16:25:03 UTC
I just did a reboot with full relabel (touch /.autorelabel) and the problem
persists.

Comment 8 Daniel Walsh 2005-07-13 16:31:08 UTC
Yes the problem is with beecrypt

If you run 

 execstack -c /usr/lib/libbeecrypt.so.6

Does it work?

Comment 9 Charles C. Van Tilburg 2005-07-13 16:45:07 UTC
FWIW, 

[ctilburg@axp ~]$ execstack -q /usr/lib/libbeecrypt.so.6
X /usr/lib/libbeecrypt.so.6



Comment 10 Charles C. Van Tilburg 2005-07-13 17:21:02 UTC
more precisely, the problem is with 
net-snmp-5.2.1.2-FC3.1.i386.rpm.  I am 
running net-snmp-5.2.1-10.FC3 and 
snmptrapd works fine.





Comment 11 Jason Tibbitts 2005-07-13 17:33:55 UTC
Re: #8, yes, if I do execstack -c, snmpd will at least start but I have no way
to properly verify that the change doesn't break something.

Re: #10, I beg to differ:

> rpm -qa \*snmp\*
net-snmp-5.2.1-10.FC3
net-snmp-libs-5.2.1-10.FC3

I don't have 5.2.1.2-FC3.1 yet as it hasn't propagated to my local mirror. 
Still, I really doubt that net-snmp is implicated here; it just has a special
selinux context that doesn't allow loading of the beecrypt libraries.

Comment 12 Charles C. Van Tilburg 2005-07-13 17:41:08 UTC
OK, my bad.  I'll change it back to beecrypt... but...

I find it confusing that we are both running the same 
kernel, library, and selinux targeted policy, but yours
fails and mine does not.  I also did an autorelabel,
and mine continues to work just fine.

I just saw the new net-snmp come over the net and 
assumed you had a more recent version that mine.

Comment 13 Charles C. Van Tilburg 2005-07-13 18:22:53 UTC
Got mine to fail.  Mystery solved.

Turns out I had .rpmnew files in my /etc/selinux tree.  

Mv them to be the files, reboot, and now I get what you get.

Comment 14 Charles C. Van Tilburg 2005-07-13 19:02:04 UTC
Hmmm... maybe not just beecrypt... an execstack scan
of /usr/lib for those marked X, and then an rpm -q
--whatprovides reveals more:

bogl-devel-0.1.18-4
bogl-0.1.18-4
libdv-devel-0.103-1
libdv-0.103-1
flac-devel-1.1.0-7
flac-1.1.0-7
compat-libgcj-8-3.3.4.2
gdk-pixbuf-devel-0.22.0-16.fc3
gdk-pixbuf-0.22.0-16.fc3
Glide3-devel-20010520-33
Glide3-20010520-33
libgnat-3.4.3-22.fc3
guile-devel-1.6.4-14
guile-1.6.4-14
SDL-1.2.7-8
SDL-devel-1.2.7-8
libsilc-0.9.12-7
libsilc-devel-0.9.12-7


Comment 15 Charles C. Van Tilburg 2005-07-13 19:33:17 UTC
also xorg-x11-devel-6.8.2-1.FC3.13

The good news is that according to rpm -q 
--whatrequires, none of these are required 
by anything on my system.

Comment 16 Charles C. Van Tilburg 2005-07-13 20:00:57 UTC
Oops... don't like that behaviour... the inclusion
of the version number breaks the --whatprovides.

here are the correct non-obvious results, some of
which look rather important:

bogl-bterm-0.1.18-4
pwlib-1.6.5-11
libdv-tools-0.103-1
compat-gcc-java-8-3.3.4.2
gnome-print-devel-0.37-10
gtkhtml-devel-1.1.9-10
gtk+-1.2.10-33
gtkhtml-1.1.9-10
gdk-pixbuf-gnome-0.22.0-16.fc3
gcc-gnat-3.4.3-22.fc3
g-wrap-devel-1.3.4-7
g-wrap-1.3.4-7
SDL_net-1.2.5-2
SDL_mixer-1.2.5-4
kdeaddons-3.3.1-1
SDL_image-devel-1.2.3-6
openmotif-devel-2.2.3-6.FC3.1
Xaw3d-devel-1.5-23
qt-devel-3.3.4-0.fc3.0
xorg-x11-deprecated-libs-devel-6.8.2-1.FC3.13
libxfce4mcs-devel-4.2.1-3.fc3

Comment 17 Charles C. Van Tilburg 2005-07-20 15:15:44 UTC
I have abandoned FC3 in favor of FC4.

Comment 18 Paul Nasrat 2005-07-22 16:36:47 UTC
*** Bug 163928 has been marked as a duplicate of this bug. ***

Comment 19 Rahul Sundaram 2005-09-05 07:37:14 UTC
Reporter has moved onto FC4. Presuming fixed

Comment 20 Nigel Horne 2005-10-17 10:13:17 UTC
(In reply to comment #2)
> Fixed in selinux-policy-targeted-1.17.30-3.16

Still fails:

[root@AG-IPMM lib]# rpm -q selinux-policy-targeted
selinux-policy-targeted-1.17.30-3.16
[root@AG-IPMM lib]# service snmptrapd start
Starting snmptrapd: /usr/sbin/snmptrapd: error while loading shared
libraries: libbeecrypt.so.6: cannot enable executable stack as shared
object requires: Permission denied
                                                           [FAILED]
[root@AG-IPMM lib]#


Note You need to log in before you can comment on or make changes to this bug.