On Thu, Dec 17, 2009 at 08:36:00PM -0500, Steve Blackwell wrote: > I have a UPS that sends an SNMP trap when the main power goes out. > I wrote my snmptrapd.conf file to execute a script when the trap is > received. The script simply calls zenity to pop up a message. > > Here's my problem. If I start snmptrapd from the command line > everything works beautifully but if I have the system start it at boot > time or via System->Administration->Services, the trap gets logged Because when you start it manually it gets executed in the users environment which is unrestricted/ unprotected in el5 > in /var/log/messages but the zenity window doesn't get displayed and I > get these SELinux messages in /var/log/messages. > > SELinux is preventing the zenity from using potentially mislabeled > files (XO)... > > SELinux is preventing zenity (snmpd_t) "name_connect" to <Unknown> > <xserver_port_t>... > > I've looked at the ouput of > > # ps -ef | grep snmptrapd > > and it is identical in both cases so I don't understand why one works > and the other doesn't. I tried > > # cat /var/log/messages | audit2allow -m local The avc denial gets logged to /var/log/audit/audit.log: ausearch -m avc -ts yesterday | grep snmpt_t | audit2allow -M mysnmp | semodule -i mysnmp.pp > > but that just produced a file that said: > > module local 1.0; > > and nothing else. > > I'm running RHEL5.4 with SELinux in enforcing mode. > > Any help would be appreciated. > > Thanks, > Steve > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Attachment:
pgpEZsIl2Msw6.pgp
Description: PGP signature
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
