From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.2) Gecko/20040809 Description of problem: During boot to targeted, permissive mode, the logfile /var/log/messages gets three avc for portmap. NFS configuration is default [doing nothing]: /etc/exports is empty (no exported NFS directories) and there are no NFS imports (no mounts from other machines). Version-Release number of selected component (if applicable): selinux-policy-targeted-1.17.2-1 How reproducible: Always Steps to Reproduce: 1. boot into targeted, permissive mode with empty /etc/exports and no NFS imports; but default portmap configuration. 2. 3. Actual Results: Aug 24 07:40:41 fc3test1 kernel: audit(1093358440.882:0): avc: denied { read write } for pid=2396 exe=/sbin/portmap path=/dev/console dev=ramfs ino=806 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file Aug 24 07:40:41 fc3test1 kernel: audit(1093358440.892:0): avc: denied { search } for pid=2397 exe=/sbin/portmap dev=ramfs ino=805 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:ramfs_t tclass=dir Aug 24 07:40:41 fc3test1 kernel: audit(1093358440.897:0): avc: denied { getattr } for pid=2397 exe=/sbin/portmap path=/dev/null dev=ramfs ino=807 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file Expected Results: No complaints. Additional info:
Looks like you are using /dev/ on a ram file system. This is not currently supported. Dan
It's the result of default FC3T1 Workstation install, plus all up2date; I didn't change any configuration setting "manually." I agree, it does look like /dev is in ramfs; but that's the way that FC3T1+up2date set it up, so if it's not supposed to be that way, then that is a bug.
Latest policy should support /dev/ on tmpfs. Please try selinux-policy-strict-1.17.11-2
Fixed in current release