Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-6983

SELINUX policy denies net-snmp's access to /run/net-snmp

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • rhel-9.2.0
    • net-snmp
    • None
    • None
    • rhel-sst-cs-system-management
    • ssg_core_services
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • If docs needed, set a value
    • None

      Description of problem:

      SELINUX denies net-snmp permission to create unix domain sockets in the /run/net-snmp directory.

      Version-Release number of selected component (if applicable):

      net-snmp-5.9.1-7.el9_0.1.x86_64

      How reproducible:

      Always

      Steps to Reproduce:
      1. Add "agentaddress /run/net-snmp/snmpd.sock" to config.
      2.
      3.

      Actual results:

      /var/log/audit/audit.log:type=AVC msg=audit(1671232991.834:42): avc: denied

      { create }

      for pid=1099 comm="snmpd" name="snmpd.sock" scontext=system_u:system_r:snmpd_t:s0 tcontext=system_u:object_r:snmpd_var_run_t:s0 tclass=sock_file permissive=1

      Expected results:

      Success.

      Additional info:

              rhn-engineering-lvrabec Lukas Vrabec
              minfrin Graham Leggett
              Lukas Vrabec Lukas Vrabec
              RHEL SST CS base utils QE Bot RHEL SST CS base utils QE Bot
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: