On Sun, Sep 7, 2008 at 12:33 PM, Stuart Sears <stuart@xxxxxxxxxxx> wrote: > [...edited...] >>> An 'AVC denial' is just telling you that SELinux has prevented >>> something from happening on your system. We'd need the actual >>> denial message to see what it's complaining about - click on the >>> "Sheriff's badge" in your system tray and tell us what it says. >> >> Thanks, Stuart. The required information is below: >> >> ------------------------------ Summary: >> >> SELinux is preventing the rpcbind from using potentially mislabeled >> files (./services). >> >> Detailed Description: >> >> SELinux has denied rpcbind access to potentially mislabeled file(s) >> (./services). This means that SELinux will not allow rpcbind to use >> these files. It is common for users to edit files in their home >> directory or tmp directories and then move (mv) them to system >> directories. The problem is that the files end up with the wrong file >> context which confined applications are not allowed to access. >> >> Allowing Access: >> >> If you want rpcbind to access this files, you need to relabel them >> using restorecon -v './services'. You might want to relabel the >> entire directory using restorecon -R -v '.'. >> >> Additional Information: >> >> Source Context unconfined_u:system_r:rpcbind_t:s0 >> Target Context >> unconfined_u:object_r:rpm_script_tmp_t:s0 Target Objects >> ./services [ file ] > > okay, the rpcbind service is trying to access a file called 'services' > (the ./ path puzzles me, but I suspect /etc/services here) which is > mislabelled > > if ls -Z /etc/services looks like this: > -rw-r--r-- root root system_u:object_r:rpm_script_tmp_t:s0 /etc/services > > try correcting the labels like this... > restorecon -v /etc/services > > which should tell you it is doing this - > restorecon reset /etc/services context > system_u:object_r:rpm_script_tmp_t:s0->system_u:object_r:etc_t:s0 > > Then try restarting the rpcbind (and probably nfs) services. > > incidentally, blindly following the advice of setroubleshoot is not > always the correct response - in some cases all its advice boils down to > is "If you want me to shut up and stop bothering you, try this..." > Sometimes it is supposed to bother you :) Thanks a lot, Stuart. The command restorecon -v /etc/services solved the problem. Can the problem that I reported be considered a bug of Selinux? Paul -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
