Dear Daniel, Thanks for the help. I decided to create a custom policy with audit2allow. It seemed to work since I am not getting any more avc denied messages. I did see the following errors though and I was wondering what they meant. This means the custom policy was applied. Dec 4 15:45:10 dev kernel: security: 3 users, 4 roles, 355 types, 26 bools Dec 4 15:45:10 dev kernel: security: 55 classes, 22587 rules I was just wondering what these meant? Dec 4 15:45:10 dev dbus: Can't send to audit system: USER_AVC pid=3327 uid=81 loginuid=-1 message=avc: received policyload notice (seqno=3) Dec 4 15:45:10 dev dbus: Can't send to audit system: USER_AVC pid=3327 uid=81 loginuid=-1 message=avc: 0 AV entries and 0/512 buckets used, longest chain length 0 Thanks in advance. Denise Lopez UCLA Center for Digital Humanities Network Services Systems Engineer 337 Charles E. Young Drive East PPB 1020 Los Angeles, CA 90095 310/206-8216 -----Original Message----- From: Daniel J Walsh [mailto:dwalsh@xxxxxxxxxx] Sent: Friday, December 01, 2006 1:59 PM To: Lopez, Denise Cc: fedora-selinux-list@xxxxxxxxxx Subject: Re: SELinux troubleshooting Lopez, Denise wrote: > > Hello everyone, > > I keep getting the following messages in my messages log about every > 30 seconds or so. I have SELinux set to enforcing and targeted mode. > If I do a getenforce on the command line it returns enforcing. > > Dec 1 12:31:03 dev kernel: audit(1165005063.015:258313): avc: denied > { getattr } for pid=31342 comm="snmpd" name="/" dev=sda3 ino=2 > scontext=system_u:system_r:snmpd_t > tcontext=system_u:object_r:home_root_t tclass=dir > > I need help deciphering what is happening. I have a snmpd daemon > running that responds to queries from a Nagios host that performs > service checks. > snmp is trying to getattr /home. Which is being denied by SELinux. The latest policy looks like this is allowed. So you can either update to the latest policy, or you can use grep snmpd_t /var/log/audit/audit.log | audit2allow -M mysnmp And load your own custom policy. > Thanks in advance. > > Denise Lopez > > UCLA Center for Digital Humanities > > Network Services > > Systems Engineer > > 337 Charles E. Young Drive East > > PPB 1020 > > Los Angeles, CA 90095 > > 310/206-8216 > > ------------------------------------------------------------------------ > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
