| Summary: |
SELinux is preventing /sbin/rpc.statd from 'write' accesses on the sock_file rpcbind.sock. |
| Product: |
[Fedora] Fedora
|
Reporter: |
Frank Murphy <frankly3d> |
| Component: |
systemd | Assignee: |
Lennart Poettering <lpoetter> |
| Status: |
CLOSED
NEXTRELEASE
|
QA Contact: |
Fedora Extras Quality Assurance <extras-qa> |
| Severity: |
unspecified
|
Docs Contact: |
|
| Priority: |
unspecified
|
|
|
| Version: |
16 | CC: |
dominick.grift, dwalsh, harald, johannbg, kay, lpoetter, metherid, mgrepl, mschmidt, notting, plautrba, steved
|
| Target Milestone: |
--- | |
|
| Target Release: |
--- | |
|
| Hardware: |
x86_64 | |
|
| OS: |
Unspecified | |
|
| Whiteboard: |
abrt_hash:d8c6aa544305134fbc4e4970e4fddc48affa8ec696969389d799e2d0c8197348 |
|
Fixed In Version:
|
|
Doc Type:
|
Bug Fix
|
|---|
|
Doc Text:
|
|
Story Points:
|
---
|
|---|
|
Clone Of:
|
|
Environment:
|
|
|---|
|
Last Closed:
|
2011-09-21 18:43:59 UTC
|
Type:
|
---
|
|---|
|
Regression:
|
---
|
Mount Type:
|
---
|
|---|
|
Documentation:
|
---
|
CRM:
|
|
|---|
|
Verified Versions:
|
|
Category:
|
---
|
|---|
|
oVirt Team:
|
---
|
RHEL 7.3 requirements from Atomic Host:
|
|
|---|
|
Cloudforms Team:
|
---
|
Target Upstream Version:
|
|
|---|
|
Embargoed:
|
|
| |
|---|
abrt version: 2.0.5 executable: /usr/bin/python hashmarkername: setroubleshoot kernel: 3.0.0-3.fc16.x86_64 reason: SELinux is preventing /sbin/rpc.statd from 'write' accesses on the sock_file rpcbind.sock. time: Thu Aug 4 17:27:21 2011 description: :SELinux is preventing /sbin/rpc.statd from 'write' accesses on the sock_file rpcbind.sock. : :***** Plugin catchall (100. confidence) suggests *************************** : :If you believe that rpc.statd should be allowed write access on the rpcbind.sock sock_file by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep rpc.statd /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context system_u:system_r:rpcd_t:s0 :Target Context system_u:object_r:var_run_t:s0 :Target Objects rpcbind.sock [ sock_file ] :Source rpc.statd :Source Path /sbin/rpc.statd :Port <Unknown> :Host (removed) :Source RPM Packages nfs-utils-1.2.4-3.fc16 :Target RPM Packages :Policy RPM selinux-policy-3.10.0-10.fc16 :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) : 3.0-0.rc7.git10.1.fc16.x86_64 #1 SMP Fri Jul 22 : 01:50:34 UTC 2011 x86_64 x86_64 :Alert Count 205 :First Seen Sun 10 Jul 2011 10:54:05 IST :Last Seen Sat 30 Jul 2011 09:21:03 IST :Local ID ce9adec0-edc8-4c63-a7b8-d2cf997a09ee : :Raw Audit Messages :type=AVC msg=audit(1312014063.633:16): avc: denied { write } for pid=1204 comm="rpc.statd" name="rpcbind.sock" dev=tmpfs ino=16515 scontext=system_u:system_r:rpcd_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file : : :type=SYSCALL msg=audit(1312014063.633:16): arch=x86_64 syscall=connect success=no exit=EACCES a0=c a1=7fffbc1d22d0 a2=17 a3=8 items=0 ppid=1202 pid=1204 auid=4294967295 uid=29 gid=29 euid=29 suid=29 fsuid=29 egid=29 sgid=29 fsgid=29 tty=(none) ses=4294967295 comm=rpc.statd exe=/sbin/rpc.statd subj=system_u:system_r:rpcd_t:s0 key=(null) : :Hash: rpc.statd,rpcd_t,var_run_t,sock_file,write : :audit2allow : :#============= rpcd_t ============== :allow rpcd_t var_run_t:sock_file write; : :audit2allow -R : :#============= rpcd_t ============== :allow rpcd_t var_run_t:sock_file write; :