Description of problem: ganesha.nfsd triggers a bunch of denials when it attempts to work with blkid.<...> files: type=AVC msg=audit(1532787508.178:6366): avc: denied { write } for pid=25722 comm="ganesha.nfsd" name="blkid.tab" dev="tmpfs" ino=924372 scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:object_r:fsadm_var_run_t:s0 tclass=file permissive=1 type=AVC msg=audit(1532787508.178:6367): avc: denied { write } for pid=25722 comm="ganesha.nfsd" name="blkid" dev="tmpfs" ino=745863 scontext=system_u:system_r:nfsd_t:s0 tcontext=unconfined_u:object_r:fsadm_var_run_t:s0 tclass=dir permissive=1 type=AVC msg=audit(1532787508.178:6368): avc: denied { add_name } for pid=25722 comm="ganesha.nfsd" name="blkid.tab-PhakGK" scontext=system_u:system_r:nfsd_t:s0 tcontext=unconfined_u:object_r:fsadm_var_run_t:s0 tclass=dir permissive=1 type=AVC msg=audit(1532787508.178:6369): avc: denied { create } for pid=25722 comm="ganesha.nfsd" name="blkid.tab-PhakGK" scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:object_r:fsadm_var_run_t:s0 tclass=file permissive=1 type=AVC msg=audit(1532787508.178:6370): avc: denied { setattr } for pid=25722 comm="ganesha.nfsd" name="blkid.tab-PhakGK" dev="tmpfs" ino=928536 scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:object_r:fsadm_var_run_t:s0 tclass=file permissive=1 type=AVC msg=audit(1532787508.178:6371): avc: denied { remove_name } for pid=25722 comm="ganesha.nfsd" name="blkid.tab.old" dev="tmpfs" ino=916298 scontext=system_u:system_r:nfsd_t:s0 tcontext=unconfined_u:object_r:fsadm_var_run_t:s0 tclass=dir permissive=1 type=AVC msg=audit(1532787508.178:6372): avc: denied { unlink } for pid=25722 comm="ganesha.nfsd" name="blkid.tab.old" dev="tmpfs" ino=916298 scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:object_r:fsadm_var_run_t:s0 tclass=file permissive=1 type=AVC msg=audit(1532787508.178:6373): avc: denied { link } for pid=25722 comm="ganesha.nfsd" name="blkid.tab" dev="tmpfs" ino=924372 scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:object_r:fsadm_var_run_t:s0 tclass=file permissive=1 type=AVC msg=audit(1532787508.178:6374): avc: denied { rename } for pid=25722 comm="ganesha.nfsd" name="blkid.tab-PhakGK" dev="tmpfs" ino=928536 scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:object_r:fsadm_var_run_t:s0 tclass=file permissive=1 Version-Release number of selected component (if applicable): nfs-ganesha-2.6.2-2.fc28.x86_64 selinux-policy-targeted-3.14.1-32.fc28.noarch
selinux-policy-3.14.1-37.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-c2fc5a1fab
selinux-policy-3.14.1-37.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-c2fc5a1fab
selinux-policy-3.14.1-37.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.