Problems with snmpd following update.
Stephen Smalley
sds at tycho.nsa.gov
Wed Feb 1 19:13:09 UTC 2006
On Wed, 2006-02-01 at 18:54 +0000, David Rye wrote:
> Which on my limited understanding looks correct and I think means that
> snmpd executes with a
> custom policy indicated by the snmpd_exec_t bit.
>
> Does this mean that there is a bug in the policy for snmpd defined by
> the rpm
> selinux-policy-targeted-1.17.30-3.19 ?
No, it means that libbeecrypt.so.6 is incorrectly marked by the
toolchain as requiring an executable stack. This was corrected in FC4.
Use execstack -c to clear the marking to avoid triggering an executable
stack there so that you don't have to allow it in policy (which would
expose you to risk). The /etc/selinux/config denials are just noise;
libselinux always tries to open it from constructor, so any program that
happens to link with it triggers attempts there, which are normally
silenced in enforcing mode by dontaudit rules.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list