Bug 118946
Summary: | NFSD won't serve files | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | G.Wolfe Woodbury <redwolfe> |
Component: | policy | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED RAWHIDE | QA Contact: | Brian Brock <bbrock> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | Keywords: | Security |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2004-04-06 23:52:08 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 114961 |
Description
G.Wolfe Woodbury
2004-03-23 01:22:44 UTC
Could you include the avc messages? The avc messages are 14 MB at the moment, they are at: http://wolves.homeip.net/~ggw/texts/nfsd.avc Fixed in policy-1.9-15 under policy 1.9-15 I get "permission denied" from the mounting machine no matter what sort of shenanigans I play with the firewall and permissions. /etc/exports: /srv 10.11.12.0/255.255.255.0(rw,sync,no_root_squash) /home/Fedora 10.11.12.0/255.255.255.0(rw,sync) avc's when starting NFSd: Mar 27 03:31:38 tembo kernel: audit(1080376298.281:0): avc: denied { getattr } for pid=2299 exe=/usr/sbin/exportfs path=/srv dev=hdb3 ino=2 scontext=root:system_r:nfsd_t tcontext=system_u:object_r:default_t tclass=dir Mar 27 03:31:38 tembo kernel: audit(1080376298.283:0): avc: denied { getattr } for pid=2299 exe=/usr/sbin/exportfs path=/home dev=hda6 ino=2 scontext=root:system_r:nfsd_t tcontext=system_u:object_r:home_root_t tclass=dir Mar 27 03:31:38 tembo nfs: Starting NFS services: succeeded Mar 27 03:31:38 tembo nfs: rpc.rquotad startup succeeded Mar 27 03:31:38 tembo kernel: Installing knfsd (copyright (C) 1996 okir.de). Mar 27 03:31:39 tembo kernel: SELinux: initialized (dev , type nfsd), uses genfs_contexts Mar 27 03:31:39 tembo nfs: rpc.nfsd startup succeeded Mar 27 03:31:39 tembo kernel: audit(1080376299.212:0): avc: denied { getattr } for pid=2323 exe=/usr/sbin/rpc.mountd path=/home dev=hda6 ino=2 scontext=root:system_r:nfsd_t tcontext=system_u:object_r:home_root_t tclass=dir Mar 27 03:31:39 tembo kernel: audit(1080376299.214:0): avc: denied { getattr } for pid=2323 exe=/usr/sbin/rpc.mountd path=/srv dev=hdb3 ino=2 scontext=root:system_r:nfsd_t tcontext=system_u:object_r:default_t tclass=dir Mar 27 03:31:39 tembo nfs: rpc.mountd startup succeeded Mar 27 03:32:19 tembo kernel: audit(1080376339.645:0): avc: denied { getattr } for pid=2324 exe=/usr/sbin/rpc.mountd path=/srv dev=hdb3 ino=2 scontext=root:system_r:nfsd_t tcontext=system_u:object_r:default_t tclass=dir Mar 27 03:32:19 tembo rpc.mountd: authenticated mount request from wolves.private:822 for /srv (/srv) Mar 27 03:32:19 tembo kernel: audit(1080376339.767:0): avc: denied { getattr } for pid=2324 exe=/usr/sbin/rpc.mountd path=/srv dev=hdb3 ino=2 scontext=root:system_r:nfsd_t tcontext=system_u:object_r:default_t tclass=dir Mar 27 03:32:19 tembo rpc.mountd: can't stat exported dir /srv: Permission denied ls -Z for /srv: drwxrwsrwx ggw ggw system_u:object_r:default_t srv ls -Z for /usr/sbin/rpc.nfsd -rwxr-xr-x+ root root system_u:object_r:nfsd_exec_t /usr/sbin/rpc.nfsd As of policy 1.9.2-12 in enforcing mode, NFS mount from another machine works as specified. |