Re: SELinux is preventing zenity...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Dec 17, 2009 at 08:36:00PM -0500, Steve Blackwell wrote:
> I have a UPS that sends an SNMP trap when the main power goes out.
> I wrote my snmptrapd.conf file to execute a script when the trap is
> received. The script simply calls zenity to pop up a message.
> 
> Here's my problem. If I start snmptrapd from the command line
> everything works beautifully but if I have the system start it at boot
> time or via System->Administration->Services, the trap gets logged

Because when you start it manually it gets executed in the users environment which is unrestricted/ unprotected in el5

> in /var/log/messages but the zenity window doesn't get displayed and I
> get these SELinux messages in /var/log/messages.
> 
> SELinux is preventing the zenity from using potentially mislabeled
> files (XO)...
> 
> SELinux is preventing zenity (snmpd_t) "name_connect" to <Unknown>
> <xserver_port_t>...
> 
> I've looked at the ouput of
> 
> # ps -ef | grep snmptrapd
> 
> and it is identical in both cases so I don't understand why one works
> and the other doesn't. I tried
> 
> # cat /var/log/messages | audit2allow -m local

The avc denial gets logged to /var/log/audit/audit.log:

ausearch -m avc -ts yesterday | grep snmpt_t | audit2allow -M mysnmp | semodule -i mysnmp.pp

> 
> but that just produced a file that said:
> 
> module local 1.0;
> 
> and nothing else.
> 
> I'm running RHEL5.4 with SELinux in enforcing mode.
> 
> Any help would be appreciated.
> 
> Thanks,
> Steve
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

Attachment: pgpEZsIl2Msw6.pgp
Description: PGP signature

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux