Bug 2456368
| Summary: | avc: denied { create } for comm="rpc.mountd" scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:system_r:nfsd_t:s0 tclass=netlink_generic_socket permissive=0 | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Yongcheng Yang <yoyang> |
| Component: | selinux-policy | Assignee: | Zdenek Pytela <zpytela> |
| Status: | NEW --- | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | rawhide | CC: | dwalsh, lvrabec, mmalik, omosnacek, pkoncity, vmojzis, zpytela |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
There is a new avc denied warning emit for rpc.mountd when mounting nfs in version 3: [root@kvm-01-guest02 ~]# >/var/log/audit/audit.log [root@kvm-01-guest02 ~]# grep denied /var/log/audit/audit.log [root@kvm-01-guest02 ~]# ./repro.sh [root@kvm-01-guest02 ~]# grep denied /var/log/audit/audit.log type=AVC msg=audit(1775631690.243:814): avc: denied { create } for pid=6004 comm="rpc.mountd" scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:system_r:nfsd_t:s0 tclass=netlink_generic_socket permissive=0 type=AVC msg=audit(1775631690.492:817): avc: denied { create } for pid=6004 comm="rpc.mountd" scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:system_r:nfsd_t:s0 tclass=netlink_generic_socket permissive=0 [root@kvm-01-guest02 ~]# [root@kvm-01-guest02 ~]# cat repro.sh #!/bin/bash mkdir -p /export /mnt/localhost systemctl restart nfs-server exportfs -ua exportfs localhost:/export mount -t nfs -ov3,sec=sys localhost:/export /mnt/localhost umount /mnt/localhost [root@kvm-01-guest02 ~]# rpm -q nfs-utils selinux-policy nfs-utils-2.9.1-0.fc45.x86_64 selinux-policy-43.6-1.fc45.noarch [root@kvm-01-guest02 ~]# Reproducible: Always Steps to Reproduce: 1. export an nfs localhost 2. mounting the export in vers=3 3. check the /var/log/audit/audit.log