Summary: | net-analyzer/net-snmp incorrect security context of /usr/sbin/snmpd | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Oleg Gawriloff <barzog> |
Component: | SELinux | Assignee: | Jason Zaman <perfinion> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | selinux |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | sec-policy r5 | ||
Package list: | Runtime testing required: | --- |
Description
Oleg Gawriloff
2015-04-09 17:52:04 UTC
can you post ls -lZ /etc/init.d/snmpd or whatever the init script is called. it should be snmpd_initrc_exec_t, is that correct? are there any other binaries that get installed that are missing labels? the policy fc file mentions /usr/sbin/snmptrap -- gen_context(system_u:object_r:snmpd_exec_t,s0) /usr/sbin/snmptrapd -- gen_context(system_u:object_r:snmpd_exec_t,s0) are those still correct as well? if the only thing missing is /usr/sbin/snmpd, then i'll add that to the policy. Thanks! gawriloff@albatros2-vbox1 ~ $ ls -lZ /etc/init.d/snmpd -rwxr-xr-x. 1 root root system_u:object_r:snmpd_initrc_exec_t 797 апр 9 16:06 /etc/init.d/snmpd gawriloff@albatros2-vbox1 ~ $ ls -lZ /usr/sbin/snmp* -rwxr-xr-x. 1 root root system_u:object_r:snmpd_exec_t 31456 апр 9 16:06 /usr/sbin/snmpd -rwxr-xr-x. 1 root root system_u:object_r:snmpd_exec_t 31520 апр 9 16:06 /usr/sbin/snmptrapd So, yes. It seems only /usr/sbin/snmpd have missing label. sent this upstream. will apply to our repo once its been applied up there. it'll be in the next release. in policy -r5 r5 policy has been stabilized |