Hi! I am writing some kind of application (https://trac.luffy.cx/lldpd) that behaves like an AgentX using NetSNMP API. I would like to do some privilege separation and chrooting. However, NetSNMP API do a lot of things that makes the task a bit difficult: - It tries to read a lot of MIB. This is not possible since it is chrooted. I have tried to set MIB and MIBDIRS to some other values but without success:
Cannot find module (HOST-RESOURCES-MIB): At line 0 in (none) Cannot find module (HOST-RESOURCES-TYPES): At line 0 in (none) Cannot find module (UCD-DLMOD-MIB): At line 0 in (none) Cannot find module (UCD-DISKIO-MIB): At line 0 in (none) What is the best way to avoid to load any MIB without rewriting init_agent or init_snmp? Some netsnmp_ds_set_string? - It tries to use a persistent store. I am not interested in this feature but I did not find an easy way to disable it. Therefore, I get some errors when exiting: Creating directory: /var Failed to create the persistent directory for /var/lib/snmp/lldpAgent.conf read_config_store open failure on /var/lib/snmp/lldpAgent.conf How to disable this feature? My main problem is with the socket. Actually, if NETSNMP_AGENTX_SOCKET starts with "/", I chroot into the base directory containing the socket and use netsnmp_ds_set_string to change the socket to the basename of the file. However, the user has to configure snmpd to give additional permissions on this socket. I would prefer to handle the opening of the socket in the privileged part of the application. If I just initialize the agent while outside the chroot, I won't be able to reconnect in case of problems. Would it be possible to write a custom transport which inherits and replaces Unix one with a netsnmp_unix_transport() function that will handle correctly the opening of the socket? From the code source, it seems that I could use netsnmp_tdomain_register. How to ensure that my new transport will override the actual one? Any idea will be welcome. Thanks. -- I WILL NOT FAKE MY WAY THROUGH LIFE I WILL NOT FAKE MY WAY THROUGH LIFE I WILL NOT FAKE MY WAY THROUGH LIFE -+- Bart Simpson on chalkboard in episode 7F03 ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Net-snmp-users mailing list [email protected] Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
