| Summary: | SELinux is preventing /sbin/rpc.statd from 'unlink' accesses on the file rpc.statd.pid. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Charles R. Anderson <cra> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 16 | CC: | dominick.grift, dwalsh, mgrepl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:222bf75711efc7a179cae5d0412fbf029a8323e0cb415a6f763e147188846c3f | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-10-31 10:08:53 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
This was the sequence of events: 1. Install from Fedora 16 Final RC2 Live Desktop x86_64 2. yum install nfs-utils 3. systemctl start rpcbind.service 4. systemctl start nfs-lock.service (fails) 5. setenforce 0 6. mount -t nfs ... 7. Report these AVCs (write & unlink on rpc.statd.pid) *** This bug has been marked as a duplicate of bug 750103 *** |
libreport version: 2.0.6 executable: /usr/bin/python hashmarkername: setroubleshoot kernel: 3.1.0-5.fc16.x86_64 reason: SELinux is preventing /sbin/rpc.statd from 'unlink' accesses on the file rpc.statd.pid. time: Mon Oct 31 04:45:43 2011 description: :SELinux is preven(removed)ing /sbin/rpc.s(removed)a(removed)d from 'unlink' accesses on (removed)he file rpc.s(removed)a(removed)d.pid. : :***** Plugin ca(removed)chall (100. confidence) sugges(removed)s *************************** : :If you believe (removed)ha(removed) rpc.s(removed)a(removed)d should be allowed unlink access on (removed)he rpc.s(removed)a(removed)d.pid file by defaul(removed). :Then you should repor(removed) (removed)his as a bug. :You can genera(removed)e a local policy module (removed)o allow (removed)his access. :Do :allow (removed)his access for now by execu(removed)ing: :# grep rpc.s(removed)a(removed)d /var/log/audi(removed)/audi(removed).log | audi(removed)2allow -M mypol :# semodule -i mypol.pp : :Addi(removed)ional Informa(removed)ion: :Source Con(removed)ex(removed) sys(removed)em_u:sys(removed)em_r:rpcd_(removed):s0 :Targe(removed) Con(removed)ex(removed) unconfined_u:objec(removed)_r:var_run_(removed):s0 :Targe(removed) Objec(removed)s rpc.s(removed)a(removed)d.pid [ file ] :Source rpc.s(removed)a(removed)d :Source Pa(removed)h /sbin/rpc.s(removed)a(removed)d :Por(removed) <Unknown> :Hos(removed) (removed) :Source RPM Packages nfs-u(removed)ils-1.2.5-1.fc16 :Targe(removed) RPM Packages :Policy RPM selinux-policy-3.10.0-46.fc16 :Selinux Enabled True :Policy Type (removed)arge(removed)ed :Enforcing Mode Permissive :Hos(removed) Name (removed) :Pla(removed)form Linux (removed) 3.1.0-5.fc16.x86_64 #1 SMP Thu Oc(removed) 27 : 03:46:50 UTC 2011 x86_64 x86_64 :Aler(removed) Coun(removed) 3 :Firs(removed) Seen Mon 31 Oc(removed) 2011 04:44:24 AM EDT :Las(removed) Seen Mon 31 Oc(removed) 2011 04:44:56 AM EDT :Local ID bc46459b-1495-4a72-ba5e-9a512ef7e1fa : :Raw Audi(removed) Messages :(removed)ype=AVC msg=audi(removed)(1320050696.71:152): avc: denied { unlink } for pid=8281 comm="rpc.s(removed)a(removed)d" name="rpc.s(removed)a(removed)d.pid" dev=(removed)mpfs ino=53684 scon(removed)ex(removed)=sys(removed)em_u:sys(removed)em_r:rpcd_(removed):s0 (removed)con(removed)ex(removed)=unconfined_u:objec(removed)_r:var_run_(removed):s0 (removed)class=file : : :(removed)ype=SYSCALL msg=audi(removed)(1320050696.71:152): arch=x86_64 syscall=unlink success=yes exi(removed)=0 a0=7fdd9c9a3284 a1=7fffd0a6fa88 a2=0 a3=7fffd0a6fab0 i(removed)ems=0 ppid=8280 pid=8281 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 (removed)(removed)y=(none) ses=4294967295 comm=rpc.s(removed)a(removed)d exe=/sbin/rpc.s(removed)a(removed)d subj=sys(removed)em_u:sys(removed)em_r:rpcd_(removed):s0 key=(null) : :Hash: rpc.s(removed)a(removed)d,rpcd_(removed),var_run_(removed),file,unlink : :audi(removed)2allow : :#============= rpcd_(removed) ============== :allow rpcd_(removed) var_run_(removed):file unlink; : :audi(removed)2allow -R : :#============= rpcd_(removed) ============== :allow rpcd_(removed) var_run_(removed):file unlink; :