Description of problem: mount -t nfs4 causes the following error: nfsopen: open(/var/lib/nfs/rpc_pipefs/nfs/clnt3/idmap): Permission denied Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
I assume this is after the change in kernel to set it as S_IFIFO rather than S_IFSOCK In the future with selinux problems can you include any denials in either /var/log/messages or /var/log/audit/audit.log ? I suspect we just need to include allow rpcd_t rpc_pipefs_t:fifo_file { read write }; in policy. In BZ 204848 I have attached an selinux policy module which includes that denial. We may also need to go back through rpcidmapd policy and see if the old policy for allowing sockets is still needed since things like /var/lib/nfs/rpc_pipefs/nfs/clnt3/idmap are no longer sockets... I don't know
Fixed in selinux-policy-2.3.13-3
We don't have a RHEL5 beta2 yet. Setting version to rhel5-beta1.