Description of problem: Mounting NFS4 shares from a server with the sec=krb5 option via "mount -t nfs4 -o sec=krb5 myserver:/export/home /mnt" is denied by SELinux: type=AVC msg=audit(1161427060.578:34): avc: denied { read write } for pid=1793 comm="rpc.idmapd" name="idmap" dev=rpc_pipefs ino=1342 scontext=system_u:system_r:rpcd_t:s0 tcontext=system_u:object_r:rpc_pipefs_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1161427060.578:34): arch=40000003 syscall=5 success=no exit=-13 a0=83ac8f4 a1=8002 a2=0 a3=8002 items=0 ppid=1 pid=1793 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="rpc.idmapd" exe="/usr/sbin/rpc.idmapd" subj=system_u:system_r:rpcd_t:s0 key=(null) type=AVC msg=audit(1161427060.578:35): avc: denied { read write } for pid=1820 comm="rpc.gssd" name="krb5" dev=rpc_pipefs ino=1343 scontext=system_u:system_r:gssd_t:s0 tcontext=system_u:object_r:rpc_pipefs_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1161427060.578:35): arch=40000003 syscall=5 success=no exit=-13 a0=bf86e448 a1=8002 a2=0 a3=8002 items=0 ppid=1 pid=1820 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="rpc.gssd" exe="/usr/sbin/rpc.gssd" subj=system_u:system_r:gssd_t:s0 key=(null) It works in permissive mode. Version-Release number of selected component (if applicable): selinux-policy-targeted-2.3.7-2.fc5
All of these bugs should be fixed in FC6, You could attempt to use the FC6 policy on FC5 or upgrade. Or you could use audit2allow -M mypolicy -i /var/log/audit/audit.log and build local customized policy