Bug 1037917

Summary: [nfslock&rpc.statd] service nfslock restart fail with: Opening /var/run/rpc.statd.pid failed: Permission denied
Product: Red Hat Enterprise Linux 7 Reporter: JianHong Yin <jiyin>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED CURRENTRELEASE QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: high Docs Contact:
Priority: high    
Version: 7.0CC: jiyin, steved
Target Milestone: rcKeywords: Regression, TestBlocker
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-02-18 01:19:28 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description JianHong Yin 2013-12-04 04:13:54 UTC 
Description of problem:
service nfslock restart fail. with err log: 
 Opening /var/run/rpc.statd.pid failed: Permission denied

Version-Release number of selected component (if applicable):
------------------------------------------------
TimeInfo  : 2013-12-03 22:40:46
CaseName  : /CoreOS/nfs-utils/commands/utils/rpc-statd
$HOSTNAME : dell-pr7610-01.lab.bos.redhat.com
DistroInfo: RedHatEnterpriseWorkstation 7.0 : RHEL-7.0-20131123.0
kernelInfo: Linux dell-pr7610-01.lab.bos.redhat.com 3.10.0-54.el7.x86_64 #1 SMP Thu Nov 21 15:34:15 EST 2013 x86_64 x86_64 x86_64 GNU/Linux
packageInfo
	libnfsidmap-0.25-7.el7.x86_64
	package libsss_idmap is not installed
	nfs-utils-1.2.9-0.3.el7.x86_64
------------------------------------------------

How reproducible:
100%

Steps to Reproduce:
1. rpc.statd -p 33445 && pkill rpc.statd
2. echo -e "STATDARG=\"-p 12345\"" >/etc/sysconfig/nfs
3. service_nfs restart && service nfslock restart


Actual results:
service nfslock restart fail, with log:
Dec  3 22:40:54 dell-pr7610-01 systemd: Starting NFS Mount Daemon...
Dec  3 22:40:54 dell-pr7610-01 rpc.mountd[10749]: Version 1.2.9 starting
Dec  3 22:40:54 dell-pr7610-01 systemd: Started NFS Mount Daemon.
Dec  3 22:40:54 dell-pr7610-01 systemd: Starting NFS Server...
Dec  3 22:40:54 dell-pr7610-01 kernel: [  105.407401] NFSD: starting 90-second grace period (net ffffffff8196d500)
Dec  3 22:40:55 dell-pr7610-01 systemd: Started NFS Server.
Dec  3 22:40:55 dell-pr7610-01 systemd: Starting NFSv4 ID-name mapping daemon...
Dec  3 22:40:55 dell-pr7610-01 systemd: Starting NFS Remote Quota Server...
Dec  3 22:40:55 dell-pr7610-01 systemd: Started NFSv4 ID-name mapping daemon.
Dec  3 22:40:55 dell-pr7610-01 systemd: Started NFS Remote Quota Server.
Dec  3 22:40:57 dell-pr7610-01 systemd: Starting NFS file locking service....
Dec  3 22:40:57 dell-pr7610-01 rpc.statd[10817]: Version 1.2.9 starting
Dec  3 22:40:57 dell-pr7610-01 rpc.statd[10817]: Opening /var/run/rpc.statd.pid failed: Permission denied
Dec  3 22:40:57 dell-pr7610-01 systemd: nfs-lock.service: control process exited, code=exited status=1
Dec  3 22:40:57 dell-pr7610-01 systemd: Failed to start NFS file locking service..
Dec  3 22:40:57 dell-pr7610-01 systemd: Unit nfs-lock.service entered failed state.

Expected results:
works fine like test in RHEL6

Additional info:
Comment 3 Steve Dickson 2013-12-11 19:33:27 UTC 
This seems to be a SELinux issue... Doing a setenforce 0 make the problem
go away...
Comment 4 Miroslav Grepl 2014-02-17 16:15:15 UTC 
Any AVC msgs? Does it work with

# restorecon -R -v /var/run/rpc.statd.pid
Comment 5 JianHong Yin 2014-02-18 01:19:28 UTC 
not reproduced in latest snapshot build: RHEL-7.0-20140214.0;
and the orig distro build: RHEL-7.0-20131123.0 has been delete from lab.

so close.
Comment 6 JianHong Yin 2014-02-18 01:20:25 UTC 
latest test log:
  https://beaker.engineering.redhat.com/jobs/594186
  http://beaker-archive.app.eng.bos.redhat.com/beaker-logs/2014/02/5941/594186/1230616/19211140/TESTOUT.log