| Summary: | SELinux is preventing /sbin/rpc.statd from 'write' accesses on the sock_file rpcbind.sock. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Frank Murphy <frankly3d> |
| Component: | systemd | Assignee: | Lennart Poettering <lpoetter> |
| Status: | CLOSED NEXTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 16 | CC: | dominick.grift, dwalsh, harald, johannbg, kay, lpoetter, metherid, mgrepl, mschmidt, notting, plautrba, steved |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:d8c6aa544305134fbc4e4970e4fddc48affa8ec696969389d799e2d0c8197348 | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-09-21 18:43:59 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
I believe systemd created this sock file, but does not seem to have created it with the correct label. rpcbind does not use socket activation, so systemd is not involved. Yes it does. rpm -q rpcbind -l | grep socket /lib/systemd/system/rpcbind.socket *** Bug 733127 has been marked as a duplicate of this bug. *** I believe this is fixed in systemd-35-1.fc16 OK, closing then, please reopen when this continues to exist. |
abrt version: 2.0.5 executable: /usr/bin/python hashmarkername: setroubleshoot kernel: 3.0.0-3.fc16.x86_64 reason: SELinux is preventing /sbin/rpc.statd from 'write' accesses on the sock_file rpcbind.sock. time: Thu Aug 4 17:27:21 2011 description: :SELinux is preventing /sbin/rpc.statd from 'write' accesses on the sock_file rpcbind.sock. : :***** Plugin catchall (100. confidence) suggests *************************** : :If you believe that rpc.statd should be allowed write access on the rpcbind.sock sock_file by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep rpc.statd /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context system_u:system_r:rpcd_t:s0 :Target Context system_u:object_r:var_run_t:s0 :Target Objects rpcbind.sock [ sock_file ] :Source rpc.statd :Source Path /sbin/rpc.statd :Port <Unknown> :Host (removed) :Source RPM Packages nfs-utils-1.2.4-3.fc16 :Target RPM Packages :Policy RPM selinux-policy-3.10.0-10.fc16 :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) : 3.0-0.rc7.git10.1.fc16.x86_64 #1 SMP Fri Jul 22 : 01:50:34 UTC 2011 x86_64 x86_64 :Alert Count 205 :First Seen Sun 10 Jul 2011 10:54:05 IST :Last Seen Sat 30 Jul 2011 09:21:03 IST :Local ID ce9adec0-edc8-4c63-a7b8-d2cf997a09ee : :Raw Audit Messages :type=AVC msg=audit(1312014063.633:16): avc: denied { write } for pid=1204 comm="rpc.statd" name="rpcbind.sock" dev=tmpfs ino=16515 scontext=system_u:system_r:rpcd_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file : : :type=SYSCALL msg=audit(1312014063.633:16): arch=x86_64 syscall=connect success=no exit=EACCES a0=c a1=7fffbc1d22d0 a2=17 a3=8 items=0 ppid=1202 pid=1204 auid=4294967295 uid=29 gid=29 euid=29 suid=29 fsuid=29 egid=29 sgid=29 fsgid=29 tty=(none) ses=4294967295 comm=rpc.statd exe=/sbin/rpc.statd subj=system_u:system_r:rpcd_t:s0 key=(null) : :Hash: rpc.statd,rpcd_t,var_run_t,sock_file,write : :audit2allow : :#============= rpcd_t ============== :allow rpcd_t var_run_t:sock_file write; : :audit2allow -R : :#============= rpcd_t ============== :allow rpcd_t var_run_t:sock_file write; :