SELinux and MegaRAID snmp

[masahiko]

I'm using SNMP tools provided by LSI (14.11.01.00_Linux-x64_MSM ) to check the status of MegaRAID.
However, when SELinux is enforcing, it fails to get the information.
Please show me how to configure the SELinux to enable the snmp.



It seems that snmpd check the raid status as follows,

1. snmpd calls "lsi_mrdsnmpmain".
2. lsi_mrdsnpmain gets the RAID information from the daemon, "lsi_mrdsnpagent", via shared memory.

Here is the log from /var/log/audit/audit.log

type=ANOM_ABEND msg=audit(1427756122.292:460): auid=0 uid=0 gid=0 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=25973 comm="lsi_mrdsnmpagen" exe="/etc/lsi_mrdsnmp/lsi_mrdsnmpagent" sig=6
type=ANOM_ABEND msg=audit(1427756134.371:461): auid=0 uid=0 gid=0 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=25980 comm="lsi_mrdsnmpagen" exe="/etc/lsi_mrdsnmp/lsi_mrdsnmpagent" sig=6
...
...
type=AVC msg=audit(1428657508.272:355): avc: denied { read write } for pid=13839 comm="lsi_mrdsnmpmain" path=2F535953563030303838346239202864656C6574656429 dev="tmpfs" ino=0 scontext=system_u:system_r:snmpd_t:s0 tcontext=system_u:object_r:initrc_state_t:s0 tclass=file permissive=1
type=SYSCALL msg=audit(1428657508.272:355): arch=c000003e syscall=30 success=yes exit=139998496559104 a0=0 a1=0 a2=0 a3=7ffdcbc5cab0 items=0 ppid=1624 pid=13839 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="lsi_mrdsnmpmain" exe="/etc/lsi_mrdsnmp/lsi_mrdsnmpm

[aks]

Can't you just do something like: grep -i avc /var/log/audit/audit.log | audit2allow -M megaraid.pp ?

Also have a look at the FAQ http://wiki.centos.org/HowTos/SELinux