| Summary: | Server kernel disables kmem support needed by snmpd | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Marc Krämer <mageia> |
| Component: | RPM Packages | Assignee: | Guillaume Rousse <guillomovitch> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | Normal | CC: | guillomovitch, lewyssmith |
| Version: | 7 | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | net-snmp-5.8-2.mga7.src.rpm | CVE: | |
| Status comment: | |||
|
Description
Marc Krämer
2019-06-28 01:20:23 CEST
snmpd works if "-r" is added to /etc/sysconfig/snmpd as default option, which prevents snmpd from failing if kmem is not readable. I think it is suffcient to change net-snmp Assigning to tmb initially; CC'ing Guillaume in case - he heads committers of net-snmp which seems to be the package in question. CC:
(none) =>
guillomovitch, lewyssmith CONFIG_DEVKMEM is intentionally disabled as part of kernel hardening for mga7 onwards I haven't disabled it in mga6 as I try to avoid regressions in an already released stable distro That's ok for, so net-snmp should honor the changed behavior preferable at compile time, if not possible, at least by changing the default options or systemd unit. Source RPM:
kernel-5.1.14-1.mga7.src.rpm =>
net-snmp-5.8-2.mga7.src.rpm I just updated net-snmp package to pass -r option by default to snmpd. However, according to the manual page, this option doesn't just ignore failure to read /dev/kmem, but actually disable root privileges at startup, meaning it could have additional side effects. Status:
NEW =>
RESOLVED |