Home / server / Questions / 255685
In Process
80skeys
Asked: 2011-04-05 15:09:46 +0800 CST

3ware SNMP plugin does not work with selinux

  • 772

Anyone have experience using 3ware's SNMP library under SELINUX? I get the following error: 

snmpget -v 2c -c pub hostname TW-RAID-MIB::twRaidUnitStatus.1
Error in packet
Reason: noCreation (That table does not support row creation or that object can not ever be created)
Failed object: TW-RAID-MIB::twRaidUnitStatus.1

If disable selinux and restart snmpd, the snmpget works fine.

I've taken the following steps, none of which fixes the problem:

  • yum update net-snmp
  • yum update selinux-policy
  • /sbin/restorecon -R -v /etc/snmp /var/net-snmp /usr/share/snmp /dev/twa*
selinux

1 Answers

  1. The following policy allows net-snmp + 3ware snmp to work with selinux. Not an ideal solution as it allows snmpd access to all files of type device_t and var_t. It really just needs access to /dev/twa*, /var/net-snmp, /usr/share/snmp and some misc. libraries and config files. If anyone can make a better policy I'd like to see it.

    policy_module(snmp, 1.0)

require {
  type snmpd_exec_t;
  type snmpd_t;
  type device_t;
  type var_t;
}

allow snmpd_t device_t : file rw_file_perms;
allow snmpd_t device_t : chr_file rw_file_perms;
allow snmpd_t device_t : dir rw_dir_perms;
allow snmpd_t var_t : file rw_file_perms;
allow snmpd_t var_t : file create_file_perms;
allow snmpd_t var_t : dir rw_dir_perms;
allow snmpd_t var_t : lnk_file { getattr read write create };
    • 0