Description of problem: added an nfs share to expose a folder under /tmp. It works well but stat -f fails on the mount: stat: cannot read file system information for '/mnt/nfs': Input/output error and an AVC is logged Version-Release number of selected component (if applicable): selinux-policy-38.9-1.fc39.noarch How reproducible: all the time Steps to Reproduce: 1. define an nfs export /tmp/todel 127.0.0.1(rw,all_squash,anonuid=12345,anongid=12346,sec=sys) 2. mount it mount 127.0.0.1:/tmp/todel /mnt/nfs -t nfs -o nfsvers=3 -o sec=sys 3. access it with stat -f: $ stat -f /mnt/nfs stat: cannot read file system information for '/mnt/nfs': Input/output error also from podman $ podman run -v /mnt/nfs:/nas --rm -ti registry.fedoraproject.org/fedora:37 bash Error: statfs /mnt/nfs: input/output error Actual results: # ausearch -m AVC -ts recent | audit2why type=AVC msg=audit(1680632459.060:1061): avc: denied { getattr } for pid=1635 comm="nfsd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem permissive=0 Was caused by: Missing type enforcement (TE) allow rule. You can use audit2allow to generate a loadable module to allow this access. Expected results: should work I think Additional info: # sesearch -A -s kernel_t -c filesystem allow domain proc_t:filesystem getattr; allow domain security_t:filesystem getattr; allow domain sysfs_t:filesystem getattr; allow kernel_t filesystem_type:filesystem { mount unmount }; allow kernel_t fs_t:filesystem getattr; allow kernel_t noxattrfs:filesystem getattr; [ nfs_export_all_ro ]:True allow kernel_t noxattrfs:filesystem getattr; [ nfs_export_all_rw ]:True # seinfo -t tmpfs_t -x Types: 1 type tmpfs_t alias ramfs_t, file_type, filesystem_type, mountpoint, non_auth_file_type, non_security_file_type, polyparent; # seinfo -t fs_t -x Types: 1 type fs_t alias { cephfs_t vxfs_t inotifyfs_t }, filesystem_type; I don't understand why it fails for a tmpfs_t folder, but works for non tmpfs_t folder.
This bug appears to have been reported against 'rawhide' during the Fedora Linux 39 development cycle. Changing version to 39.
FEDORA-2023-a2dacfbdcb has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2023-a2dacfbdcb
FEDORA-2023-a2dacfbdcb has been pushed to the Fedora 39 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-a2dacfbdcb` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-a2dacfbdcb See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2023-a2dacfbdcb has been pushed to the Fedora 39 stable repository. If problem still persists, please make note of it in this bug report.