Bug 1403427 - rpc.statd - SELinux is preventing systemd from create access on the unix_stream_socket Unknown
Summary: rpc.statd - SELinux is preventing systemd from create access on the unix_stre...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 25
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Lukas Vrabec
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-12-10 07:44 UTC by Peter Bieringer
Modified: 2016-12-14 15:21 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-12-14 15:21:32 UTC
Type: Bug

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Peter Bieringer 2016-12-10 07:44:14 UTC 
Description of problem:
SELinux is preventing systemd from create access on the unix_stream_socket Unknown

Version-Release number of selected component (if applicable):
selinux-policy-devel-3.13.1-225.1.fc25.noarch
selinux-policy-targeted-3.13.1-225.1.fc25.noarch
selinux-policy-3.13.1-225.1.fc25.noarch


How reproducible:
accessing NFS share on a QNAP


Actual results:
Not working

Additional info:
SELinux is preventing rpc.statd from write access on the file /run/rpc.statd.lock.#012#012*****  Plugin catchall (100. confidence) suggests   **************************#012#012If you believe that rpc.statd should be allowed write access on the rpc.statd.lock file by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'rpc.statd' --raw | audit2allow -M my-rpcstatd#012# semodule -X 300 -i my-rpcstatd.pp#012


# ausearch -c 'rpc.statd'
----
time->Tue Dec  6 21:30:55 2016
type=AVC msg=audit(1481056255.705:487): avc:  denied  { write } for  pid=20061 comm="rpc.statd" path="/run/rpc.statd.lock" dev="tmpfs" ino=48753 scontext=system_u:system_r:rpcd_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
----
time->Tue Dec  6 21:30:55 2016
type=AVC msg=audit(1481056255.734:490): avc:  denied  { write } for  pid=20067 comm="rpc.statd" name="rpcbind.sock" dev="tmpfs" ino=987818 scontext=system_u:system_r:rpcd_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file permissive=0
----
Comment 1 Lukas Vrabec 2016-12-14 15:21:32 UTC 
Please run:
# restorecon -Rv / 

To fix your issue.
Note You need to log in before you can comment on or make changes to this bug.