snmp Permission denied on mounted filesystems

Paul Ward pnward at googlemail.com
Fri Apr 16 00:28:18 UTC 2010 

I should add ausearch found nothing.

 ausearch -m avc -ts recent
<no matches>


On 16 April 2010 12:25, Paul Ward <pnward at googlemail.com> wrote:
> I have just run the command with : restorecon -R -v /home/work/exports
>
> I am still getting errors though.
>
> Apr 16 12:24:28 sargas snmpd[23987]: /home/users: Permission denied
> Apr 16 12:24:28 sargas snmpd[23987]: /home/work: Permission denied
> Apr 16 12:24:28 sargas snmpd[23987]: /home/work/exports: Permission denied
>
>
>
>
> On 16 April 2010 12:11, Sandro Janke <gui1ty_fedora at penguinpee.nl> wrote:
>> On 04/16/2010 01:51 AM, Paul Ward wrote:
>>> I have run the command as follows but I am still getting the permission issues.
>>>
>>> Apr 16 11:48:13 sargas snmpd[23987]: /home/work/exports: Permission denied
>>>
>>> # restorecon -v /home/work/exports
>>> restorecon reset context /home/work/exports:->system_u:object_r:user_home_t
>>
>> Without the -R switch only the directory itself will be labeled. I'm
>> pretty sure you want to run restorecon as suggested by dwalsh.
>>
>> What does 'ausearch -m -ts recent' tell? You can pipe the output to
>> audit2why or audit2allow like:
>>
>> ausearch -m avc -ts recent | audit2why
>> ausearch -m avc -ts recent | audit2allow -M mysnmp
>>
>> The latter will generate a loadable module. There is some documentation
>> at [1] about creating and loading your own modules.
>>
>> [1]
>> http://docs.fedoraproject.org/selinux-user-guide/f12/en-US/sect-Security-Enhanced_Linux-Fixing_Problems-Allowing_Access_audit2allow.html
>>
>>> ls -lZd /home/work/exports
>>>
>>> drwxrwxr-x  oracle   dba      system_u:object_r:user_home_t
>>> /home/work/exports
>>>
>>> Whats next?
>>> Do I need to restart something?
>>>
>>>
>>>
>>>
>>> On 16 April 2010 11:11, Sandro Janke <gui1ty_fedora at penguinpee.nl> wrote:
>>>> On 04/16/2010 12:33 AM, Paul Ward wrote:
>>>>>> What does 'rpm -qv selinux-policy-targeted' say?
>>>>>> What are the settings in /etc/selinux/config?
>>>>>
>>>>> My server shows the following selinux packages.
>>>>>
>>>>> selinux-policy-targeted-1.17.30-2.152.el4
>>>>> selinux-policy-targeted-sources-1.17.30-2.152.el4
>>>>>
>>>>> I have run:
>>>>> snmpwalk -v 2c -c public .iso
>>>>> cd /etc/selinux/targeted/src/policy
>>>>> audit2allow -d -l -o domains/misc/local.te
>>>>> make load
>>>>>
>>>>> Until no more errors were found, this fixed theoriginal errors from
>>>>> selinux, but not the permissions.
>>>>>
>>>>>> Try running restorecon -R -v /home
>>>>>
>>>>> If I run
>>>>>
>>>>> restorecon -R -v /home
>>>>>
>>>>> Would this affect a production servers running or should I do this in
>>>>> a mainaintance window?
>>>>
>>>> Well, you can try to run it with the -n switch first to show you what
>>>> would happen. According to the man page: "It can be run at any time to
>>>> correct errors..."
>>>>
>>>>> On 15 April 2010 19:05, Sandro Janke <gui1ty_fedora at penguinpee.nl> wrote:
>>>>>> On 04/15/2010 06:49 AM, Paul Ward wrote:
>>>>>>> Hi all,
>>>>>>>
>>>>>>> I am sure this comes up a lot but have spent hours trying to find th
>>>>>>> eanswers with no success apart from disabling selinux which I don't
>>>>>>> want to do.
>>>>>>>
>>>>>>> Apr 15 16:48:26 sargas snmpd[23987]: /home/appl: Permission denied
>>>>>>>
>>>>>>> The following filesystems are mounted with same issue.
>>>>>>>
>>>>>>> /dev/sda7             3.9G  427M  3.3G  12% /home/appl
>>>>>>> /dev/sda6             4.0G  2.7G  1.2G  71% /home/users
>>>>>>> /dev/sda8             3.9G  2.5G  1.2G  68% /home/work
>>>>>>>
>>>>>>> ls -ldZ /home/appl/
>>>>>>> drwxr-xr-x  root     root                                      /home/appl/
>>>>>>
>>>>>> This shows that the directory has not been labeled, yet.
>>>>>>
>>>>>>> /usr/sbin/sestatus
>>>>>>> SELinux status:         enabled
>>>>>>> SELinuxfs mount:        /selinux
>>>>>>> Current mode:           enforcing
>>>>>>>
>>>>>>
>>>>>> Could it be that you don't have any policy package installed?
>>>>>>
>>>>>> What does 'rpm -qv selinux-policy-targeted' say?
>>>>>> What are the settings in /etc/selinux/config?
>>>>>>
>>>>>>> What do I need to do to fix this chcon? If so what is the full comman
>>>>>>> / context to enter?
>>>>>>>
>>>>>>> Thanks
>>>>>>> --
>>>>>>> selinux mailing list
>>>>>>> selinux at lists.fedoraproject.org
>>>>>>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>>>>>>
>>>>>>
>>>>> --
>>>>> selinux mailing list
>>>>> selinux at lists.fedoraproject.org
>>>>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>>>>
>>>>
>>
>

More information about the selinux mailing list