Re: snmp Permission denied on mounted filesystems

I have just run the command with : restorecon -R -v /home/work/exports I am still getting errors though. Apr 16 12:24:28 sargas snmpd[23987]: /home/users: Permission denied Apr 16 12:24:28 sargas snmpd[23987]: /home/work: Permission denied Apr 16 12:24:28 sargas snmpd[23987]: /home/work/exports: Permission denied On 16 April 2010 12:11, Sandro Janke <gui1ty_fedora(a)penguinpee.nl&gt; wrote: > On 04/16/2010 01:51 AM, Paul Ward wrote: >> I have run the command as follows but I am still getting the permission issues. >> >> Apr 16 11:48:13 sargas snmpd[23987]: /home/work/exports: Permission denied >> >> # restorecon -v /home/work/exports >> restorecon reset context /home/work/exports:->system_u:object_r:user_home_t > > Without the -R switch only the directory itself will be labeled. I'm > pretty sure you want to run restorecon as suggested by dwalsh. > > What does 'ausearch -m -ts recent' tell? You can pipe the output to > audit2why or audit2allow like: > > ausearch -m avc -ts recent | audit2why > ausearch -m avc -ts recent | audit2allow -M mysnmp > > The latter will generate a loadable module. There is some documentation > at [1] about creating and loading your own modules. > > [1] > http://docs.fedoraproject.org/selinux-user-guide/f12/en-US/sect-Security-... > >> ls -lZd /home/work/exports >> >> drwxrwxr-x  oracle   dba      system_u:object_r:user_home_t >> /home/work/exports >> >> Whats next? >> Do I need to restart something? >> >> >> >> >> On 16 April 2010 11:11, Sandro Janke <gui1ty_fedora(a)penguinpee.nl&gt; wrote: >>> On 04/16/2010 12:33 AM, Paul Ward wrote: >>>>> What does 'rpm -qv selinux-policy-targeted' say? >>>>> What are the settings in /etc/selinux/config? >>>> >>>> My server shows the following selinux packages. >>>> >>>> selinux-policy-targeted-1.17.30-2.152.el4 >>>> selinux-policy-targeted-sources-1.17.30-2.152.el4 >>>> >>>> I have run: >>>> snmpwalk -v 2c -c public .iso >>>> cd /etc/selinux/targeted/src/policy >>>> audit2allow -d -l -o domains/misc/local.te >>>> make load >>>> >>>> Until no more errors were found, this fixed theoriginal errors from >>>> selinux, but not the permissions. >>>> >>>>> Try running restorecon -R -v /home >>>> >>>> If I run >>>> >>>> restorecon -R -v /home >>>> >>>> Would this affect a production servers running or should I do this in >>>> a mainaintance window? >>> >>> Well, you can try to run it with the -n switch first to show you what >>> would happen. According to the man page: "It can be run at any time to >>> correct errors..." >>> >>>> On 15 April 2010 19:05, Sandro Janke <gui1ty_fedora(a)penguinpee.nl&gt; wrote: >>>>> On 04/15/2010 06:49 AM, Paul Ward wrote: >>>>>> Hi all, >>>>>> >>>>>> I am sure this comes up a lot but have spent hours trying to find th >>>>>> eanswers with no success apart from disabling selinux which I don't >>>>>> want to do. >>>>>> >>>>>> Apr 15 16:48:26 sargas snmpd[23987]: /home/appl: Permission denied >>>>>> >>>>>> The following filesystems are mounted with same issue. >>>>>> >>>>>> /dev/sda7             3.9G  427M  3.3G  12% /home/appl >>>>>> /dev/sda6             4.0G  2.7G  1.2G  71% /home/users >>>>>> /dev/sda8             3.9G  2.5G  1.2G  68% /home/work >>>>>> >>>>>> ls -ldZ /home/appl/ >>>>>> drwxr-xr-x  root     root                                      /home/appl/ >>>>> >>>>> This shows that the directory has not been labeled, yet. >>>>> >>>>>> /usr/sbin/sestatus >>>>>> SELinux status:         enabled >>>>>> SELinuxfs mount:        /selinux >>>>>> Current mode:           enforcing >>>>>> >>>>> >>>>> Could it be that you don't have any policy package installed? >>>>> >>>>> What does 'rpm -qv selinux-policy-targeted' say? >>>>> What are the settings in /etc/selinux/config? >>>>> >>>>>> What do I need to do to fix this chcon? If so what is the full comman >>>>>> / context to enter? >>>>>> >>>>>> Thanks >>>>>> -- >>>>>> selinux mailing list >>>>>> selinux(a)lists.fedoraproject.org >>>>>> https://admin.fedoraproject.org/mailman/listinfo/selinux >>>>> >>>>> >>>> -- >>>> selinux mailing list >>>> selinux(a)lists.fedoraproject.org >>>> https://admin.fedoraproject.org/mailman/listinfo/selinux >>> >>> >