Description of problem: During CKI xfstests - nfsv4.2 [1] we hit this avc issue: SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: permissive Mode from config file: permissive Policy MLS status: enabled Policy deny_unknown status: allowed Memory protection checking: actual (secure) Max kernel policy version: 33 selinux-policy-34.14-1.fc35.noarch ---- time->Sat Jul 17 11:06:29 2021 type=AVC msg=audit(1626534389.922:893): avc: denied { name_bind } for pid=560797 comm="rpcbind" src=64008 scontext=system_u:system_r:rpcbind_t:s0 tcontext=system_u:object_r:traceroute_port_t:s0 tclass=udp_socket permissive=1 Version-Release number of selected component (if applicable): selinux-policy-34.14-1.fc35.noarch How reproducible: We've hit this only once so far. Steps to Reproduce: 1. Run the test [1] setting TEST_PARAM_FSTYPE=nfs4 Additional info: [1] https://gitlab.com/cki-project/kernel-tests/-/tree/main/filesystems/xfs/xfstests
This bug appears to have been reported against 'rawhide' during the Fedora 35 development cycle. Changing version to 35.
Still reproducible on Rawhide type=AVC msg=audit(1650608280.922:873): avc: denied { name_bind } for pid=897864 comm="rpcbind" src=63924 scontext=system_u:system_r:rpcbind_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=udp_socket permissive=1 SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: permissive Mode from config file: permissive Policy MLS status: enabled Policy deny_unknown status: allowed Memory protection checking: actual (secure) Max kernel policy version: 33 selinux-policy-36.6-1.fc37.noarch
Full audit time->Fri Apr 22 08:56:18 2022 type=PROCTITLE msg=audit(1650632178.843:878): proctitle=2F7573722F62696E2F72706362696E64002D77002D66 type=SOCKADDR msg=audit(1650632178.843:878): saddr=0A00F315000000000000000000000000000000000000000000000000 type=SYSCALL msg=audit(1650632178.843:878): arch=c000003e syscall=49 success=yes exit=0 a0=b a1=7ffea561a210 a2=1c a3=7ffea561a118 items=0 ppid=1 pid=726458 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="rpcbind" exe="/usr/bin/rpcbind" subj=system_u:system_r:rpcbind_t:s0 key=(null) type=AVC msg=audit(1650632178.843:878): avc: denied { name_bind } for pid=726458 comm="rpcbind" src=62229 scontext=system_u:system_r:rpcbind_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=udp_socket permissive=1
This bug appears to have been reported against 'rawhide' during the Fedora Linux 37 development cycle. Changing version to 37.
it still seem to be reproducible on Rawhide. SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: permissive Mode from config file: permissive Policy MLS status: enabled Policy deny_unknown status: allowed Memory protection checking: actual (secure) Max kernel policy version: 33 selinux-policy-37.14-1.fc38.noarch ---- time->Fri Nov 11 07:03:55 2022 type=AVC msg=audit(1668168235.324:1082): avc: denied { name_bind } for pid=636213 comm="rpcbind" src=64007 scontext=system_u:system_r:rpcbind_t:s0 tcontext=system_u:object_r:traceroute_port_t:s0 tclass=udp_socket permissive=1 https://datawarehouse.cki-project.org/kcidb/tests/5934260
*** This bug has been marked as a duplicate of bug 1758147 ***