Description of problem: SELinux is preventing /usr/sbin/rpcbind from 'search' accesses on the directory /var/lib/sss. ***** Plugin catchall (100. confidence) suggests *************************** If vous pensez que rpcbind devrait être autorisé à accéder search sur sss directory par défaut. Then vous devriez rapporter ceci en tant qu'anomalie. Vous pouvez générer un module de stratégie local pour autoriser cet accès. Do autoriser cet accès pour le moment en exécutant : # grep rpcbind /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:rpcbind_t:s0 Target Context system_u:object_r:sssd_var_lib_t:s0 Target Objects /var/lib/sss [ dir ] Source rpcbind Source Path /usr/sbin/rpcbind Port <Inconnu> Host (removed) Source RPM Packages rpcbind-0.2.1-0.fc19.x86_64 Target RPM Packages sssd-common-1.11.0-0.1.beta2.fc19.x86_64 Policy RPM selinux-policy-3.12.1-71.fc19.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.10.9-200.fc19.x86_64 #1 SMP Wed Aug 21 19:27:58 UTC 2013 x86_64 x86_64 Alert Count 16 First Seen 2013-08-23 11:11:57 CEST Last Seen 2013-08-28 16:05:36 CEST Local ID 7516b866-270b-4407-ba3a-0f1a0638d0e5 Raw Audit Messages type=AVC msg=audit(1377698736.770:99): avc: denied { search } for pid=767 comm="rpcbind" name="sss" dev="dm-2" ino=23782 scontext=system_u:system_r:rpcbind_t:s0 tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=dir type=SYSCALL msg=audit(1377698736.770:99): arch=x86_64 syscall=connect success=no exit=EACCES a0=5 a1=7fff93d55fb0 a2=6e a3=ffff8000 items=0 ppid=1 pid=767 auid=4294967295 uid=32 gid=32 euid=32 suid=32 fsuid=32 egid=32 sgid=32 fsgid=32 ses=4294967295 tty=(none) comm=rpcbind exe=/usr/sbin/rpcbind subj=system_u:system_r:rpcbind_t:s0 key=(null) Hash: rpcbind,rpcbind_t,sssd_var_lib_t,dir,search Additional info: reporter: libreport-2.1.6 hashmarkername: setroubleshoot kernel: 3.10.9-200.fc19.x86_64 type: libreport Potential duplicate: bug 1000710
3c041704b745db9a195fa07fa5a2a558f33492c1 fixes this in git.
Description of problem: Just applied the latest update of rpcbind Additional info: reporter: libreport-2.1.6 hashmarkername: setroubleshoot kernel: 3.10.9-200.fc19.x86_64 type: libreport
Description of problem: Updated rpcbind package: Updating : rpcbind-0.2.1-0.fc19.x86_64 Cleanup : rpcbind-0.2.0-21.fc19.x86_64 Verifying : rpcbind-0.2.1-0.fc19.x86_64 Verifying : rpcbind-0.2.0-21.fc19.x86_64 Additional info: reporter: libreport-2.1.6 hashmarkername: setroubleshoot kernel: 3.10.9-200.fc19.x86_64 type: libreport
Description of problem: Happened while doing a 'yum update' of the following packages (probably the rpcbind pacakge is the culprit): Updated: fedpkg.noarch 0:1.14-1.fc19 libcacard.x86_64 2:1.6.0-5.fc19 libvirt.x86_64 0:1.1.1-3.fc19 libvirt-client.x86_64 0:1.1.1-3.fc19 libvirt-daemon.x86_64 0:1.1.1-3.fc19 libvirt-daemon-config-network.x86_64 0:1.1.1-3.fc19 libvirt-daemon-config-nwfilter.x86_64 0:1.1.1-3.fc19 libvirt-daemon-driver-interface.x86_64 0:1.1.1-3.fc19 libvirt-daemon-driver-libxl.x86_64 0:1.1.1-3.fc19 libvirt-daemon-driver-lxc.x86_64 0:1.1.1-3.fc19 libvirt-daemon-driver-network.x86_64 0:1.1.1-3.fc19 libvirt-daemon-driver-nodedev.x86_64 0:1.1.1-3.fc19 libvirt-daemon-driver-nwfilter.x86_64 0:1.1.1-3.fc19 libvirt-daemon-driver-qemu.x86_64 0:1.1.1-3.fc19 libvirt-daemon-driver-secret.x86_64 0:1.1.1-3.fc19 libvirt-daemon-driver-storage.x86_64 0:1.1.1-3.fc19 libvirt-daemon-driver-uml.x86_64 0:1.1.1-3.fc19 libvirt-daemon-driver-vbox.x86_64 0:1.1.1-3.fc19 libvirt-daemon-driver-xen.x86_64 0:1.1.1-3.fc19 libvirt-daemon-kvm.x86_64 0:1.1.1-3.fc19 libvirt-daemon-qemu.x86_64 0:1.1.1-3.fc19 libvirt-debuginfo.x86_64 0:1.1.1-3.fc19 libvirt-devel.x86_64 0:1.1.1-3.fc19 libvirt-docs.x86_64 0:1.1.1-3.fc19 libvirt-lock-sanlock.x86_64 0:1.1.1-3.fc19 libvirt-python.x86_64 0:1.1.1-3.fc19 qemu-common.x86_64 2:1.6.0-5.fc19 qemu-img.x86_64 2:1.6.0-5.fc19 qemu-kvm.x86_64 2:1.6.0-5.fc19 qemu-system-x86.x86_64 2:1.6.0-5.fc19 rpcbind.x86_64 0:0.2.1-0.fc19 virt-install.noarch 0:0.10.0-2.git948b5359.fc19 virt-manager.noarch 0:0.10.0-2.git948b5359.fc19 virt-manager-common.noarch 0:0.10.0-2.git948b5359.fc19 Dependency Updated: openbios.noarch 0:1.1.svn1198-2.fc19 qemu.x86_64 2:1.6.0-5.fc19 qemu-system-alpha.x86_64 2:1.6.0-5.fc19 qemu-system-arm.x86_64 2:1.6.0-5.fc19 qemu-system-cris.x86_64 2:1.6.0-5.fc19 qemu-system-lm32.x86_64 2:1.6.0-5.fc19 qemu-system-m68k.x86_64 2:1.6.0-5.fc19 qemu-system-microblaze.x86_64 2:1.6.0-5.fc19 qemu-system-mips.x86_64 2:1.6.0-5.fc19 qemu-system-moxie.x86_64 2:1.6.0-5.fc19 qemu-system-or32.x86_64 2:1.6.0-5.fc19 qemu-system-ppc.x86_64 2:1.6.0-5.fc19 qemu-system-s390x.x86_64 2:1.6.0-5.fc19 qemu-system-sh4.x86_64 2:1.6.0-5.fc19 qemu-system-sparc.x86_64 2:1.6.0-5.fc19 qemu-system-unicore32.x86_64 2:1.6.0-5.fc19 qemu-system-xtensa.x86_64 2:1.6.0-5.fc19 qemu-user.x86_64 2:1.6.0-5.fc19 Additional info: reporter: libreport-2.1.6 hashmarkername: setroubleshoot kernel: 3.10.7-200.fc19.x86_64 type: libreport
Description of problem: Updated to rpcbind-0.2.0-21 Additional info: reporter: libreport-2.1.6 hashmarkername: setroubleshoot kernel: 3.10.9-200.fc19.x86_64 type: libreport
Description of problem: yum update. SELinux appeared during update. Additional info: reporter: libreport-2.1.6 hashmarkername: setroubleshoot kernel: 3.10.9-200.fc19.x86_64 type: libreport
commit 5c27ee04a9f648e67231a624aa66b99972e21abe Author: Dan Walsh <dwalsh> Date: Mon Aug 26 15:56:12 2013 -0400 Allow rpcbind to use nsswitch Has been added. Lukas, we need to do a new F19 update today.
selinux-policy-3.12.1-74.1.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-74.1.fc19
Package selinux-policy-3.12.1-74.1.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-74.1.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-15819/selinux-policy-3.12.1-74.1.fc19 then log in and leave karma (feedback).
(In reply to Fedora Update System from comment #9) > Package selinux-policy-3.12.1-74.1.fc19: > * should fix your issue, > * was pushed to the Fedora 19 testing repository, > * should be available at your local mirror within two days. > Update it with: > # su -c 'yum update --enablerepo=updates-testing > selinux-policy-3.12.1-74.1.fc19' > as soon as you are able to. > Please go to the following url: > https://admin.fedoraproject.org/updates/FEDORA-2013-15819/selinux-policy-3. > 12.1-74.1.fc19 > then log in and leave karma (feedback). Enabled the repo and applied the update. No problems indicated. No warnings in the logs. I don't have a good password for the admin link.
selinux-policy-3.12.1-74.1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.