Bug 733127
Summary: | SELinux prevents the NFS server from coming up. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Steve Dickson <steved> |
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 16 | CC: | awilliam, dominick.grift, dwalsh, goeran, mgrepl |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | selinux-policy-3.10.0-38.fc16 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-10-09 19:34:29 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Steve Dickson
2011-08-24 20:20:56 UTC
AVC msgs would be fine. *** This bug has been marked as a duplicate of bug 728307 *** Shouldn't this have been a duplicate of bug 732968 rather than bug 728307? I'm not sure either is correct. 732968 is a different bug - Steve specifically says at the end of it that he hits an SELinux issue which he'll 'file as a separate bug', i.e., this one - and 728307 is claimed to be fixed, whereas this is still extant, I just hit it with current nfs-utils and systemd and selinux-policy. Re-opening this bug, for now. as stated above, I can reproduce with: [root@adam images]# rpm -q nfs-utils systemd selinux-policy-targeted nfs-utils-1.2.4-8.fc16.x86_64 systemd-36-3.fc16.x86_64 selinux-policy-targeted-3.10.0-32.fc16.noarch I think the system is actually booted with systemd-35-1, not 36-3, as I've been up for a while. But #728307 was claimed to be fixed in 35-1. I don't get any AVCs, in /var/log/audit.log , sealert, or /var/log/messages . But the bug definitely goes away if you do setenforce Permissive. It's trivial to reproduce - just set any valid /etc/exports , ensure nfs-utils is installed, and run 'systemctl start nfs-server.service' . > I'm not sure either is correct. Um, neither am I. I wonder what I was thinking. I filed a bug of my own at the time, bug 739946. Maybe I should have added the information to this one instead. *** This bug has been marked as a duplicate of bug 739946 *** Adam, could you test it with the latest policy. It looks ok and working. If it doesn't work for you, please could you test it with # semodule -DB still doesn't work. [root@adam adamw]# getenforce Enforcing [root@adam adamw]# systemctl start nfs-server.service Job failed. See system logs and 'systemctl status' for details. [root@adam adamw]# man semodule [root@adam adamw]# semodule -DB [root@adam adamw]# systemctl start nfs-server.service Job failed. See system logs and 'systemctl status' for details. [root@adam adamw]# setenforce Permissive [root@adam adamw]# systemctl start nfs-server.service [root@adam adamw]# rpm -q selinux-policy selinux-policy-3.10.0-32.fc16.noarch Adam, please try to re-test it with the latest build http://koji.fedoraproject.org/koji/buildinfo?buildID=266665 Looks good! selinux-policy-3.10.0-38.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/FEDORA-2011-13775 selinux-policy-3.10.0-38.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report. |