On Sun, Sep 7, 2008 at 12:48 AM, Stuart Sears <stuart@xxxxxxxxxxx> wrote:
>>>> Whenever I run
>>>>
>>>> /sbin/service rpcbind restart
>>>>
>>>> I get everything OK, but Selinux pops up a message indicating:
>>>>
>>>> "AVC denial"
>>>>
>>>> After the rpcbind restart, no progress regarding nfs being able to start.
>>>>
>>>> Yes, I am running F9.
>>> I don't run F9 -so I cannot be much help if I don't have system to look at.
>>> But google "AVC denial" it has been discussed in this list before.
>>> Perhaps someone who has solved this will be kind to share it that with you.
>>
>> Thanks, Aldo. I have just noticed that with Selinux set in permissive
>> mode, NFS starts correctly.
>>
>> Any ideas, you or others?
>
> we need far more information than that to be of assistance!
>
> An 'AVC denial' is just telling you that SELinux has prevented something
> from happening on your system. We'd need the actual denial message to
> see what it's complaining about - click on the "Sheriff's badge" in your
> system tray and tell us what it says.
Thanks, Stuart. The required information is below:
------------------------------
Summary:
SELinux is preventing the rpcbind from using potentially mislabeled files
(./services).
Detailed Description:
SELinux has denied rpcbind access to potentially mislabeled file(s)
(./services). This means that SELinux will not allow rpcbind to use these files.
It is common for users to edit files in their home directory or tmp directories
and then move (mv) them to system directories. The problem is that the files end
up with the wrong file context which confined applications are not allowed to
access.
Allowing Access:
If you want rpcbind to access this files, you need to relabel them using
restorecon -v './services'. You might want to relabel the entire directory using
restorecon -R -v '.'.
Additional Information:
Source Context unconfined_u:system_r:rpcbind_t:s0
Target Context unconfined_u:object_r:rpm_script_tmp_t:s0
Target Objects ./services [ file ]
Source rpcbind
Source Path /sbin/rpcbind
Port <Unknown>
Host mypc
Source RPM Packages rpcbind-0.1.4-16.fc9
Target RPM Packages
Policy RPM selinux-policy-3.3.1-84.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name home_tmp_bad_labels
Host Name mypc
Platform Linux mypc 2.6.25.14-108.fc9.i686 #1 SMP Mon Aug 4
14:08:11 EDT 2008 i686 i686
Alert Count 73
First Seen Sat 06 Sep 2008 10:36:32 PM WEST
Last Seen Sun 07 Sep 2008 10:42:52 AM WEST
Local ID 1107afa5-a33e-457b-b65c-e7fec26fb64d
Line Numbers
Raw Audit Messages
host=mypc type=AVC msg=audit(1220780572.503:49): avc: denied { read
} for pid=4150 comm="rpcbind" name="services" dev=dm-0 ino=11649032
scontext=unconfined_u:system_r:rpcbind_t:s0
tcontext=unconfined_u:object_r:rpm_script_tmp_t:s0 tclass=file
host=mypc type=SYSCALL msg=audit(1220780572.503:49): arch=40000003
syscall=5 success=no exit=-13 a0=30ef06 a1=80000 a2=1b6 a3=80000
items=0 ppid=4149 pid=4150 auid=500 uid=32 gid=0 euid=32 suid=32
fsuid=32 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="rpcbind"
exe="/sbin/rpcbind" subj=unconfined_u:system_r:rpcbind_t:s0 key=(null)
------------------------------
Paul
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
