Hide Forgot
Description of problem: When accessing an NFS4+KRB5 share rpc.gssd attempts to fork and SUID an instance of itself to the user that wants to access the share. The current SELinux policy forbids this. Version-Release number of selected component (if applicable): selinux-policy-3.12.1-103.el7.noarch How reproducible: Steps to Reproduce: 1. Mount an NFS4 share with sec=krb5 Actual results: Access fails. Expected results: Mount works and a new rpc.gssd running as the user can be found. Additional information: SELinux is preventing /usr/sbin/rpc.gssd from using the setgid capability. For complete SELinux messages. # audit2allow -Ra require { type gssd_t; class capability setgid; } #============= gssd_t ============== allow gssd_t self:capability setgid;
commit 357fcb0c57fe768d1f553a9a5afa0c4ab9b5c241 Author: Miroslav Grepl <mgrepl> Date: Tue Jan 7 09:04:13 2014 +0100 Add setgid cap for rpc.gssd to make NFS4+KRB5 share working
This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request.