Re: Segment Fault Latest SNMPD on RHEL 6.3 from Init Script

Thu, 31 May 2012 00:51:07 -0700 

    [ First - *please* don't mail me privately, without copying
     any responses to the mailing list.  I don't have the time
     or inclination to offer private, unpaid, SNMP consultancy.
     Keep discussions to the list, where others can both learn
     and offer advice.  Thanks.   ]


On 30 May 2012 17:03, Bob O'Neil <b...@robocomai.com> wrote:
> Hi Dave, just for some follow up, it turns out the crash occurred as a
> result of SELinux blocking, the default for the RHEL 6 platform install.

I'm not too surprised if the agent doesn't work too well when it's
blocked by SELinux restrictions, but it shouldn't crash.
   What sort of SELinux exceptions are you seeing?


>  Do you off hand know how I could perhaps change SELinux
> to allow this as part of say a custom RPM, say for example, to set the
> Process Domain for snmpd to permissive?

It's been a while since I looked at SELinux in any detail,
but I seem to recall that  disabled/permissive/enforcing  is
a global settings, rather than per-process.
   (But I could be wrong).

I'd have that that you would need to either set SELinux to permissive
for the system as a whole, or determine exactly what is being blocked,
and tweak the SELinux policy to authorise that.


> Is there anything in the Net-SNMP project that already does this.

Not that I'm aware.
There does seem to be a
    /usr/share/selinux/targeted/snmp.pp
           file on my RedHat (actually Scientific Linux) box,
but that will be vendor-supplied, rather than anything we've put together.
I'd need to look at the source RPM to see what the SNMP settings
actually are - the .pp file is binary format, and doesn't seem to be
human readable.

Dave

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Reply via email to