Description of problem: SELinux denials are preventing ganesha.nfsd from accessing krb5.keytab, used for Kerberised NFSv4: type=AVC msg=audit(1532787508.212:6375): avc: denied { read } for pid=25722 comm="ganesha.nfsd" name="krb5.keytab" dev="sda4" ino=1935 scontext=system_u:system_r:nfsd_t:s0 tcontext=unconfined_u:object_r:krb5_keytab_t:s0 tclass=file permissive=1 type=AVC msg=audit(1532787508.212:6376): avc: denied { open } for pid=25722 comm="ganesha.nfsd" path="/etc/krb5.keytab" dev="sda4" ino=1935 scontext=system_u:system_r:nfsd_t:s0 tcontext=unconfined_u:object_r:krb5_keytab_t:s0 tclass=file permissive=1 type=AVC msg=audit(1532787508.212:6377): avc: denied { lock } for pid=25722 comm="ganesha.nfsd" path="/etc/krb5.keytab" dev="sda4" ino=1935 scontext=system_u:system_r:nfsd_t:s0 tcontext=unconfined_u:object_r:krb5_keytab_t:s0 tclass=file permissive=1 /etc/krb5.keytab has context unconfined_u:object_r:krb5_keytab_t:s0. Works in permissive mode, refuses to start when enforcing. Version-Release number of selected component (if applicable): selinux-policy-targeted-3.14.1-32.fc28.noarch nfs-ganesha-2.6.2-2.fc28.x86_64
selinux-policy-3.14.1-37.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-c2fc5a1fab
selinux-policy-3.14.1-37.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-c2fc5a1fab
selinux-policy-3.14.1-37.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.