snmpd 报错处理

marinercn

kernel: audit(1230408260.683:52106): avc:  denied  { getattr } for  pid=17889 comm="snmpd" name="/" dev=dm-1 ino=2 scontext=system_u:system_r:snmpd_t tcontext=system_u:object_r:tmp_t tclass=dir
[root@EMD3STY ~]# audit2allow -d
allow snmpd_t file_t:dir getattr;
allow snmpd_t tmp_t:dir getattr;
修改/etc/selinux/targeted/src/policy/domains/program/snmpd.te
发现没有这个文件：/etc/selinux/targeted/src/policy/domains/program/snmpd.te
原因是没有安装：selinux-policy-targeted-sources-1.17.30-2.145.noarch.rpm
安装之前先安装：selinux-policy-targeted-1.17.30-2.145.noarch.rpm
修改：/etc/selinux/targeted/src/policy/domains/program/snmpd.te
添加：
allow snmpd_t file_t:dir getattr;
allow snmpd_t tmp_t:dir getattr;
然后执行
#cd  /etc/selinux/targeted/src/policy
#make load
#setfiles file_contexts/file_contexts /usr/share/snmp

或者直接关掉selinux
方法一：修改：# vi /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - SELinux is fully disabled.
SELINUX=enforcing
# SELINUXTYPE= type of policy in use. Possible values are:
#       targeted - Only targeted network daemons are protected.
#       strict - Full SELinux protection.
SELINUXTYPE=targeted
SELINUX=enforcing  修改为SELINUX=disabled
方法二：echo "/usr/sbin/setenforce 0" >> /etc/rc.local
方法三：
/usr/sbin/setenforce 0 立刻关闭 SELINUX
/usr/sbin/setenforce 1 立刻启用 SELINUX


本文来自ChinaUnix博客，如果查看原文请点：http://blog.chinaunix.net/u2/87724/showart_2111569.html