Description of problem: Fedora 27 desktop, running a VirtualBox VM. This VM mounts an NFS export from the Fedora host OS, and sometimes (when accessing that NFS share) an SEalert is displayed. SELinux is preventing rpc.mountd from 'read' accesses on the blk_file nvme0n1p6. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that rpc.mountd should be allowed read access on the nvme0n1p6 blk_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'rpc.mountd' --raw | audit2allow -M my-rpcmountd # semodule -X 300 -i my-rpcmountd.pp Additional Information: Source Context system_u:system_r:nfsd_t:s0 Target Context system_u:object_r:nvme_device_t:s0 Target Objects nvme0n1p6 [ blk_file ] Source rpc.mountd Source Path rpc.mountd Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-283.29.fc27.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.15.13-300.fc27.x86_64 #1 SMP Mon Mar 26 19:06:57 UTC 2018 x86_64 x86_64 Alert Count 45 First Seen 2018-03-30 16:10:02 PDT Last Seen 2018-03-31 16:25:17 PDT Local ID aa5fa0a8-c1cd-43e7-8bb0-0fff75132600 Raw Audit Messages type=AVC msg=audit(1522538717.1:46253): avc: denied { read } for pid=2238 comm="rpc.mountd" name="nvme0n1p6" dev="devtmpfs" ino=2472 scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:object_r:nvme_device_t:s0 tclass=blk_file permissive=0 Hash: rpc.mountd,nfsd_t,nvme_device_t,blk_file,read Version-Release number of selected component: selinux-policy-3.13.1-283.29.fc27.noarch Additional info: component: selinux-policy reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.15.13-300.fc27.x86_64 type: libreport
selinux-policy-3.13.1-283.32.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-d3085b9774
selinux-policy-3.13.1-283.32.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-d3085b9774
selinux-policy-3.13.1-283.32.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.