Description of problem: The system log gives the error "rpc.idmapd[2148]: nfsopen: open(/var/lib/nfs/rpc_pipefs/nfs/clnt0/idmap): Permission denied". The problematic audit entries are: ##### type=AVC msg=audit(1161170267.497:8): avc: denied { read write } for pid=2148 comm="rpc.idmapd" name="idmap" dev=rpc_pipefs ino=1843 scontext=system_u:system_r:rpcd_t:s0 tcontext=system_u:object_r:rpc_pipefs_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1161170267.497:8): arch=c000003e syscall=2 success=no exit=-13 a0=55555566a178 a1=2 a2=0 a3=7fff204a9cb0 items=0 ppid=1 pid=2148 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="rpc.idmapd" exe="/usr/sbin/rpc.idmapd" subj=system_u:system_r:rpcd_t:s0 key=(null) ##### The referenced file, "/var/lib/nfs/rpc_pipefs/nfs/clnt0/idmap", is a named pipe (fifo) in kernel-2.6.18-1.2200.fc5, but it was a socket in kernel-2.6.17-1.2187_FC5. I believe the relevant change in the kernel source is in the function "rpc_mkpipe" in the file "kernel-2.6.18/linux-2.6.18.x86_64/net/sunrpc/rpc_pipe.c". Version-Release number of selected component (if applicable): kernel-2.6.18-1.2200.fc5 nfs-utils-1.0.8-3.fc5
All of these bugs should be fixed in FC6, You could attempt to use the FC6 policy on FC5 or upgrade. Or you could use audit2allow -M mypolicy -i /var/log/audit/audit.log and build local customized policy