Description of problem: On a fresh install of Fedora 25, attempting to mount a NFS share results in this error: A dependency job for rpc-statd.service failed. See 'journalctl -xe' for details. mount.nfs: rpc.statd is not running but is required for remote locking. mount.nfs: Either use '-o nolock' to keep locks local, or start statd. Using journalctl, we see these entries: Jan 04 15:12:32 hostname kernel: FS-Cache: Loaded Jan 04 15:12:32 hostname kernel: FS-Cache: Netfs 'nfs' registered for caching Jan 04 15:12:32 hostname kernel: Key type dns_resolver registered Jan 04 15:12:32 hostname kernel: NFS: Registering the id_resolver key type Jan 04 15:12:32 hostname kernel: Key type id_resolver registered Jan 04 15:12:32 hostname kernel: Key type id_legacy registered Jan 04 15:12:32 hostname audit[1]: AVC avc: denied { create } for pid=1 comm="systemd" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=unix_stream_socket permissive=0 Jan 04 15:12:32 hostname systemd[1]: rpcbind.socket: Failed to listen on sockets: Permission denied Jan 04 15:12:32 hostname systemd[1]: Failed to listen on RPCbind Server Activation Socket. Jan 04 15:12:32 hostname systemd[1]: Dependency failed for NFS status monitor for NFSv2/3 locking.. Jan 04 15:12:32 hostname systemd[1]: rpc-statd.service: Job rpc-statd.service/start failed with result 'dependency'. Jan 04 15:12:32 hostname systemd[1]: rpcbind.socket: Unit entered failed state. Jan 04 15:12:32 hostname systemd[1]: Reached target RPC Port Mapper. Jan 04 15:12:32 hostname systemd[1]: Starting Preprocess NFS configuration... Jan 04 15:12:32 hostname systemd[1]: Reached target Host and Network Name Lookups. Jan 04 15:12:32 hostname systemd[1]: Started Preprocess NFS configuration. Jan 04 15:12:32 hostname audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=nfs-config comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Jan 04 15:12:32 hostname audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=nfs-config comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Jan 04 15:12:32 hostname rpc.statd[1387]: Version 1.3.3 starting Jan 04 15:12:32 hostname rpc.statd[1387]: Flags: TI-RPC Jan 04 15:12:33 hostname rpc.statd[1387]: Failed to register (statd, 1, udp): svc_reg() err: RPC: Remote system error - Connection refused Jan 04 15:12:33 hostname rpc.statd[1387]: Failed to register (statd, 1, tcp): svc_reg() err: RPC: Remote system error - Connection refused Jan 04 15:12:33 hostname rpc.statd[1387]: Failed to register (statd, 1, udp6): svc_reg() err: RPC: Remote system error - Connection refused Jan 04 15:12:33 hostname rpc.statd[1387]: Failed to register (statd, 1, tcp6): svc_reg() err: RPC: Remote system error - Connection refused Jan 04 15:12:33 hostname rpc.statd[1387]: failed to create RPC listeners, exiting Jan 04 15:12:35 hostname dbus-daemon[1008]: [system] Activating service name='org.fedoraproject.Setroubleshootd' requested by ':1.17' (uid=0 pid=984 comm="/usr/sbin/sedispatch " label="system_u:system_r:audisp_t:s0") (using servicehelper) Jan 04 15:12:39 hostname dbus-daemon[1008]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd' Jan 04 15:12:40 hostname setroubleshoot[1389]: SELinux is preventing systemd from create access on the unix_stream_socket Unknown. For complete SELinux messages. run sealert -l 5a9a6461-94bd-4d19-94af-55ed1f22a3c4 Jan 04 15:12:40 hostname python3[1389]: SELinux is preventing systemd from create access on the unix_stream_socket Unknown. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that systemd should be allowed create access on the Unknown unix_stream_socket by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'systemd' --raw | audit2allow -M my-systemd # semodule -X 300 -i my-systemd.pp Version-Release number of selected component (if applicable): selinux-policy-3.13.1-225.3.fc25.noarch systemd-231-10.fc25.x86_64 Steps to reproduce: Install Fedora 25 (Xfce Desktop base environment). Execute "mkdir -p /home/user/point". Create an entry in /etc/fstab like this: nfsserver /export/share /home/user/point nfs defaults 0 0 Execute "mount /home/user/point". Actual results: Error is outputted and NFS share is not mounted. Expected results: NFS share is mounted with no errors. Additional info: This seems similar to BZ 1402083, "SELinux prevents systemd from starting nfs.service" except in this case the NFS Mount Daemon never starts. (Plus that bug was fixed in the selinux-policy RPM version I am running.) Running the "ausearch" and "semodule" commands as suggested in the journalctl output just results in newer AVC denied events. (setopt, bind & listen)
I just encountered this again on another fresh install of Fedora 25. This time with autofs on a 32-bit system running KDE. It appears that Fedora 25's NFS mounting ability is broken, out of the box (even with updates as of today). I would like to increase this bug's severity to high since many others will (have?) encountered this, but it seems like it is now locked to medium.
I get this too (fresh Fedora 25 installation) :(
And it also works with disabled SELinux here.
> Jan 04 15:12:32 hostname systemd[1]: rpcbind.socket: Failed to listen on sockets: Permission denied This is between selinux and rpcbind unit configuration. Reassigning to selinux, since the policy most likely needs to change.
Same issue too $ rpm -q selinux-policy selinux-policy-3.13.1-225.11.fc25.noarch
Fedora 25 changed to end-of-life (EOL) status on 2017-12-12. Fedora 25 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.