Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 296685 Details for
Bug 435793
AVC denial on mount of read-only NFS
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
selinux_alert.txt
selinux_alert.txt (text/plain), 2.32 KB, created by
Warren Togami
on 2008-03-03 22:27:11 UTC
(
hide
)
Description:
selinux_alert.txt
Filename:
MIME Type:
Creator:
Warren Togami
Created:
2008-03-03 22:27:11 UTC
Size:
2.32 KB
patch
obsolete
> >Summary: > >SELinux is preventing the nfs daemon from allowing remote clients to write local >files. > >Detailed Description: > >SELinux has preventing the nfs daemon (nfsd) from writing files on the local >system. If you have not exported any file systems (rw), this could signals an >intrusion. > >Allowing Access: > >If you want to export writable file systems using nfs you need to turn on the >nfs_export_all_rw boolean: "setsebool -P nfs_export_all_rw=1". > >The following command will allow this access: > >setsebool -P nfs_export_all_rw=1 > >Additional Information: > >Source Context system_u:system_r:nfsd_t:s0 >Target Context system_u:object_r:lvm_control_t:s0 >Target Objects control [ chr_file ] >Source rpc.mountd >Source Path /usr/sbin/rpc.mountd >Port <Unknown> >Host newcaprica.boston.redhat.com >Source RPM Packages nfs-utils-1.1.0-6.fc8 >Target RPM Packages >Policy RPM selinux-policy-3.0.8-87.fc8 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Enforcing >Plugin Name nfs_export_all_rw >Host Name newcaprica.boston.redhat.com >Platform Linux newcaprica.boston.redhat.com 2.6.24.3-13.fc8 > #1 SMP Wed Feb 27 22:48:05 EST 2008 x86_64 x86_64 >Alert Count 1 >First Seen Mon 03 Mar 2008 02:45:54 AM EST >Last Seen Mon 03 Mar 2008 02:45:54 AM EST >Local ID 538b026d-6ca6-48d1-b490-883bf892a25d >Line Numbers > >Raw Audit Messages > >host=newcaprica.boston.redhat.com type=AVC msg=audit(1204530354.521:30): avc: denied { write } for pid=2457 comm="rpc.mountd" name="control" dev=tmpfs ino=259 scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:object_r:lvm_control_t:s0 tclass=chr_file > >host=newcaprica.boston.redhat.com type=SYSCALL msg=audit(1204530354.521:30): arch=c000003e syscall=2 success=no exit=-13 a0=7fffb55d5860 a1=2 a2=0 a3=0 items=0 ppid=1 pid=2457 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="rpc.mountd" exe="/usr/sbin/rpc.mountd" subj=system_u:system_r:nfsd_t:s0 key=(null) > >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=296685">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 435793
: 296685