1410236 – A dependency job for rpc-statd.service failed.

Bug 1410236 - A dependency job for rpc-statd.service failed.

Summary: A dependency job for rpc-statd.service failed.

Keywords:
Status:	CLOSED EOL
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	25
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Assignee:	Lukas Vrabec
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-01-04 21:05 UTC by Bernie Hoefer
Modified:	2017-12-12 10:15 UTC (History)
CC List:	18 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-12-12 10:15:05 UTC
Type:	Bug
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Bernie Hoefer 2017-01-04 21:05:50 UTC

Description of problem:

On a fresh install of Fedora 25, attempting to mount a NFS share results in this error:

  A dependency job for rpc-statd.service failed. See 'journalctl -xe'
  for details.
  mount.nfs: rpc.statd is not running but is required for remote locking.
  mount.nfs: Either use '-o nolock' to keep locks local, or start statd.

Using journalctl, we see these entries:

Jan 04 15:12:32 hostname kernel: FS-Cache: Loaded
Jan 04 15:12:32 hostname kernel: FS-Cache: Netfs 'nfs' registered for caching
Jan 04 15:12:32 hostname kernel: Key type dns_resolver registered
Jan 04 15:12:32 hostname kernel: NFS: Registering the id_resolver key type
Jan 04 15:12:32 hostname kernel: Key type id_resolver registered
Jan 04 15:12:32 hostname kernel: Key type id_legacy registered
Jan 04 15:12:32 hostname audit[1]: AVC avc:  denied  { create } for  pid=1 comm="systemd" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=unix_stream_socket permissive=0
Jan 04 15:12:32 hostname systemd[1]: rpcbind.socket: Failed to listen on sockets: Permission denied
Jan 04 15:12:32 hostname systemd[1]: Failed to listen on RPCbind Server Activation Socket.
Jan 04 15:12:32 hostname systemd[1]: Dependency failed for NFS status monitor for NFSv2/3 locking..
Jan 04 15:12:32 hostname systemd[1]: rpc-statd.service: Job rpc-statd.service/start failed with result 'dependency'.
Jan 04 15:12:32 hostname systemd[1]: rpcbind.socket: Unit entered failed state.
Jan 04 15:12:32 hostname systemd[1]: Reached target RPC Port Mapper.
Jan 04 15:12:32 hostname systemd[1]: Starting Preprocess NFS configuration...
Jan 04 15:12:32 hostname systemd[1]: Reached target Host and Network Name Lookups.
Jan 04 15:12:32 hostname systemd[1]: Started Preprocess NFS configuration.
Jan 04 15:12:32 hostname audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=nfs-config comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Jan 04 15:12:32 hostname audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=nfs-config comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Jan 04 15:12:32 hostname rpc.statd[1387]: Version 1.3.3 starting
Jan 04 15:12:32 hostname rpc.statd[1387]: Flags: TI-RPC
Jan 04 15:12:33 hostname rpc.statd[1387]: Failed to register (statd, 1, udp): svc_reg() err: RPC: Remote system error - Connection refused
Jan 04 15:12:33 hostname rpc.statd[1387]: Failed to register (statd, 1, tcp): svc_reg() err: RPC: Remote system error - Connection refused
Jan 04 15:12:33 hostname rpc.statd[1387]: Failed to register (statd, 1, udp6): svc_reg() err: RPC: Remote system error - Connection refused
Jan 04 15:12:33 hostname rpc.statd[1387]: Failed to register (statd, 1, tcp6): svc_reg() err: RPC: Remote system error - Connection refused
Jan 04 15:12:33 hostname rpc.statd[1387]: failed to create RPC listeners, exiting
Jan 04 15:12:35 hostname dbus-daemon[1008]: [system] Activating service name='org.fedoraproject.Setroubleshootd' requested by ':1.17' (uid=0 pid=984 comm="/usr/sbin/sedispatch " label="system_u:system_r:audisp_t:s0") (using servicehelper)
Jan 04 15:12:39 hostname dbus-daemon[1008]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd'
Jan 04 15:12:40 hostname setroubleshoot[1389]: SELinux is preventing systemd from create access on the unix_stream_socket Unknown. For complete SELinux messages. run sealert -l 5a9a6461-94bd-4d19-94af-55ed1f22a3c4
Jan 04 15:12:40 hostname python3[1389]: SELinux is preventing systemd from create access on the unix_stream_socket Unknown.

   *****  Plugin catchall (100. confidence) suggests   **************************

   If you believe that systemd should be allowed create access on the Unknown unix_stream_socket by default.
   Then you should report this as a bug.
   You can generate a local policy module to allow this access.
   Do
   allow this access for now by executing:
   # ausearch -c 'systemd' --raw | audit2allow -M my-systemd
   # semodule -X 300 -i my-systemd.pp



Version-Release number of selected component (if applicable):

selinux-policy-3.13.1-225.3.fc25.noarch
systemd-231-10.fc25.x86_64



Steps to reproduce:

Install Fedora 25 (Xfce Desktop base environment).

Execute "mkdir -p /home/user/point".

Create an entry in /etc/fstab like this:

  nfsserver  /export/share  /home/user/point  nfs  defaults  0 0

Execute "mount /home/user/point".



Actual results:

Error is outputted and NFS share is not mounted.



Expected results:

NFS share is mounted with no errors.



Additional info:

This seems similar to BZ 1402083, "SELinux prevents systemd from starting nfs.service" except in this case the NFS Mount Daemon never starts.  (Plus that bug was fixed in the selinux-policy RPM version I am running.)

Running the "ausearch" and "semodule" commands as suggested in the journalctl output just results in newer AVC denied events.  (setopt, bind & listen)

Comment 1 Bernie Hoefer 2017-01-09 00:36:20 UTC

I just encountered this again on another fresh install of Fedora 25.  This time with autofs on a 32-bit system running KDE.  It appears that Fedora 25's NFS mounting ability is broken, out of the box (even with updates as of today).

I would like to increase this bug's severity to high since many others will (have?) encountered this, but it seems like it is now locked to medium.

Comment 2 Christian Dersch 2017-01-23 15:13:54 UTC

I get this too (fresh Fedora 25 installation) :(

Comment 3 Christian Dersch 2017-01-23 15:15:22 UTC

And it also works with disabled SELinux here.

Comment 4 Zbigniew Jędrzejewski-Szmek 2017-01-28 02:39:58 UTC

> Jan 04 15:12:32 hostname systemd[1]: rpcbind.socket: Failed to listen on sockets: Permission denied

This is between selinux and rpcbind unit configuration. Reassigning to selinux, since the policy most likely needs to change.

Comment 5 Mohamed El Morabity 2017-03-08 21:56:55 UTC

Same issue too

$ rpm -q selinux-policy
selinux-policy-3.13.1-225.11.fc25.noarch

Comment 6 Fedora End Of Life 2017-12-12 10:15:05 UTC

Fedora 25 changed to end-of-life (EOL) status on 2017-12-12. Fedora 25 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.