Ok, I am not totally sure what the error is saying, but I can tell you that it is an SELinux error. I think (and this is the part I am unsure about), snmpd is trying access a file with the context of system_u:object_r:tmp_t and it needs to have root:system_r:snmpd_t. To see a file's context use the ls -Z, and to change it use chcon. Or and (I don't recommend this) you could disable SELinux by changing SELINUX=targeted to disabled or permissive in the /etc/selinux/config Bret -----Original Message----- From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Yong Lee Sent: Thursday, February 02, 2006 1:25 AM To: redhat-list@xxxxxxxxxx Subject: roblems with AVC in setting up snmpd Hi all, I think this is just a configuration/policy issue and i would appreciate any advice you can send my way. I am trying to play around with the snmpd daemon on my machine to set up some network monitoring. In doing this, i have configured the sndmpd.conf file using the 'snmpconf' tool and then i started the agent: service snmpd start I query the agent with snmpwalk and i get back some results but in the message log for the snmp machine with snmpd, i see the message log outputting many log lines dealing with AVC permission issues. Following is a snippet of the logs that I am seeing : Feb 1 21:50:24 yongs kernel: audit(1138859423.574:136900): avc: denied { read } for pid=16748 comm="snmpd" name="tmp" dev=dm-0 ino=9093496 scontext=root:system_r:snmpd_t tcontext=system_u:object_r:usr_t tclass=lnk_file Feb 1 21:50:24 yongs kernel: audit(1138859423.574:136901): avc: denied { getattr } for pid=16748 comm="snmpd" name="tmp" dev=dm-0 ino=18825217 scontext=root:system_r:snmpd_t tcontext=system_u:object_r:tmp_t tclass=dir Feb 1 21:50:24 yongs kernel: audit(1138859423.575:136902): avc: denied { getattr } for pid=16748 comm="snmpd" name="tmp" dev=dm-0 ino=22003716 scontext=root:system_r:snmpd_t tcontext=system_u:object_r:tmp_t tclass=dir Feb 1 21:50:24 yongs kernel: audit(1138859423.575:136903): avc: denied { read } for pid=16748 comm="snmpd" name="tmp" dev=dm-0 ino=9093496 scontext=root:system_r:snmpd_t tcontext=system_u:object_r:usr_t tclass=lnk_file Feb 1 21:50:24 yongs kernel: audit(1138859423.575:136904): avc: denied { getattr } for pid=16748 comm="snmpd" name="tmp" dev=dm-0 ino=18825217 scontext=root:system_r:snmpd_t tcontext=system_u:object_r:tmp_t tclass=dir Feb 1 21:50:24 yongs kernel: audit(1138859423.575:136905): avc: denied { search } for pid=16748 comm="snmpd" name="net" dev=proc ino=-268435348 scontext=root:system_r:snmpd_t tcontext=system_u:object_r:sysctl_net_t tclass=dir Feb 1 21:50:24 yongs kernel: audit(1138859423.575:136906): avc: denied { search } for pid=16748 comm="snmpd" name="net" dev=proc ino=-268435348 scontext=root:system_r:snmpd_t tcontext=system_u:object_r:sysctl_net_t tclass=dir Feb 1 21:50:24 yongs kernel: audit(1138859423.576:136907): avc: denied { search } for pid=16748 comm="snmpd" name="net" dev=proc ino=-268435348 scontext=root:system_r:snmpd_t tcontext=system_u:object_r:sysctl_net_t tclass=dir Feb 1 21:50:24 yongs kernel: audit(1138859423.576:136908): avc: denied { search } for pid=16748 comm="snmpd" name="net" dev=proc ino=-268435348 scontext=root:system_r:snmpd_t tcontext=system_u:object_r:sysctl_net_t tclass=dir Feb 1 21:50:24 yongs kernel: audit(1138859423.576:136909): avc: denied { search } for pid=16748 comm="snmpd" name="net" dev=proc ino=-268435348 scontext=root:system_r:snmpd_t tcontext=system_u:object_r:sysctl_net_t tclass=dir Feb 1 21:51:18 yongs kernel: audit(1138859478.011:136931): avc: denied { signull } for pid=16748 comm="snmpd" scontext=root:system_r:snmpd_t tcontext=user_u:system_r:unconfined_t tclass=process Feb 1 21:51:18 yongs kernel: audit(1138859478.011:136932): avc: denied { signull } for pid=16748 comm="snmpd" scontext=root:system_r:snmpd_t tcontext=user_u:system_r:unconfined_t tclass=process Feb 1 21:51:18 yongs kernel: audit(1138859478.011:136933): avc: denied { signull } for pid=16748 comm="snmpd" scontext=root:system_r:snmpd_t tcontext=user_u:system_r:unconfined_t tclass=process Feb 1 21:51:18 yongs kernel: audit(1138859478.011:136934): avc: denied { signull } for pid=16748 comm="snmpd" scontext=root:system_r:snmpd_t tcontext=root:system_r:unconfined_t tclass=process Feb 1 21:51:18 yongs kernel: audit(1138859478.015:136935): avc: denied { getattr } for pid=16748 comm="snmpd" name="/" dev=usbfs ino=1213 scontext=root:system_r:snmpd_t tcontext=system_u:object_r:usbfs_t tclass=dir Feb 1 21:51:18 yongs kernel: audit(1138859478.015:136936): avc: denied { getattr } for pid=16748 comm="snmpd" name="/" dev=sda1 ino=2 scontext=root:system_r:snmpd_t tcontext=system_u:object_r:boot_t tclass=dir Feb 1 21:51:18 yongs kernel: audit(1138859478.015:136937): avc: denied { getattr } for pid=16748 comm="snmpd" name="/" dev=binfmt_misc ino=4359 scontext=root:system_r:snmpd_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir Feb 1 21:51:18 yongs kernel: audit(1138859478.018:136938): avc: denied { getattr } for pid=16748 comm="snmpd" name="/" dev=usbfs ino=1213 scontext=root:system_r:snmpd_t tcontext=system_u:object_r:usbfs_t tclass=dir Feb 1 21:51:18 yongs kernel: audit(1138859478.019:136939): avc: denied { getattr } for pid=16748 comm="snmpd" name="/" dev=sda1 ino=2 scontext=root:system_r:snmpd_t tcontext=system_u:object_r:boot_t tclass=dir Feb 1 21:51:18 yongs kernel: audit(1138859478.019:136940): avc: denied { getattr } for pid=16748 comm="snmpd" name="/" dev=binfmt_misc ino=4359 scontext=root:system_r:snmpd_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir Feb 1 21:51:18 yongs kernel: audit(1138859478.023:136941): avc: denied { getattr } for pid=16748 comm="snmpd" name="/" dev=usbfs ino=1213 scontext=root:system_r:snmpd_t tcontext=system_u:object_r:usbfs_t tclass=dir Feb 1 21:51:18 yongs kernel: audit(1138859478.023:136942): avc: denied { getattr } for pid=16748 comm="snmpd" name="/" dev=sda1 ino=2 scontext=root:system_r:snmpd_t tcontext=system_u:object_r:boot_t tclass=dir Feb 1 21:51:18 yongs kernel: audit(1138859478.024:136943): avc: denied { getattr } for pid=16748 comm="snmpd" name="/" dev=binfmt_misc ino=4359 scontext=root:system_r:snmpd_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir Feb 1 21:51:18 yongs kernel: audit(1138859478.027:136944): avc: denied { getattr } for pid=16748 comm="snmpd" name="/" dev=usbfs ino=1213 scontext=root:system_r:snmpd_t tcontext=system_u:object_r:usbfs_t tclass=dir Feb 1 21:51:18 yongs kernel: audit(1138859478.027:136945): avc: denied { getattr } for pid=16748 comm="snmpd" name="/" dev=sda1 ino=2 scontext=root:system_r:snmpd_t tcontext=system_u:object_r:boot_t tclass=dir Feb 1 21:51:18 yongs kernel: audit(1138859478.027:136946): avc: denied { getattr } for pid=16748 comm="snmpd" name="/" dev=binfmt_misc ino=4359 scontext=root:system_r:snmpd_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir Feb 1 21:51:18 yongs kernel: audit(1138859478.030:136947): avc: denied { getattr } for pid=16748 comm="snmpd" name="/" dev=usbfs ino=1213 scontext=root:system_r:snmpd_t tcontext=system_u:object_r:usbfs_t tclass=dir Feb 1 21:51:18 yongs kernel: audit(1138859478.030:136948): avc: denied { getattr } for pid=16748 comm="snmpd" name="/" dev=sda1 ino=2 scontext: I am using the default policies with RHEL4, Linux yongs 2.6.9-22.0.2.ELsmp #1 SMP Thu Jan 5 17:13:01 EST 2006 i686 i686 i386 GNU/Linux I am trying to run snmpd with the process and disk monitoring I am using the following snmp versions : net-snmp-libs-5.1.2-11.EL4.6 net-snmp-5.1.2-11.EL4.6 net-snmp-utils-5.1.2-11.EL4.6 -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
