Description of problem: The portmap daemon does not start up with the current targeted policy since it is not allowed to use the route netlink socket. This is used through the glibc functions related to RPC. It's only read access which is needed, similar to what has been done for nscd. Version-Release number of selected component (if applicable): selinux-policy-targeted-1.17.30-2.11 How reproducible: always Steps to Reproduce: 1.start portmap 2. 3. Actual results: Oct 30 11:24:05 fw kernel: audit(1099160645.162:0): avc: denied { create } for pid=2209 exe=/sbin/portmap scontext=user_u:system_r:portmap_t tcontext=user_u:system_r:portmap_t tclass=netlink_route_socket Expected results: No such message Additional info: The attached patch fixes the problem for me.
Created attachment 105980 [details] add required permissions
Fixed in selinux-policy-targeted-1.17.30-2.14
Confirmed fixed.