Fedora Account System
Red Hat Associate
Red Hat Customer
There is a new avc denied warning emit for rpc.mountd when mounting nfs in version 3: [root@kvm-01-guest02 ~]# >/var/log/audit/audit.log [root@kvm-01-guest02 ~]# grep denied /var/log/audit/audit.log [root@kvm-01-guest02 ~]# ./repro.sh [root@kvm-01-guest02 ~]# grep denied /var/log/audit/audit.log type=AVC msg=audit(1775631690.243:814): avc: denied { create } for pid=6004 comm="rpc.mountd" scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:system_r:nfsd_t:s0 tclass=netlink_generic_socket permissive=0 type=AVC msg=audit(1775631690.492:817): avc: denied { create } for pid=6004 comm="rpc.mountd" scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:system_r:nfsd_t:s0 tclass=netlink_generic_socket permissive=0 [root@kvm-01-guest02 ~]# [root@kvm-01-guest02 ~]# cat repro.sh #!/bin/bash mkdir -p /export /mnt/localhost systemctl restart nfs-server exportfs -ua exportfs localhost:/export mount -t nfs -ov3,sec=sys localhost:/export /mnt/localhost umount /mnt/localhost [root@kvm-01-guest02 ~]# rpm -q nfs-utils selinux-policy nfs-utils-2.9.1-0.fc45.x86_64 selinux-policy-43.6-1.fc45.noarch [root@kvm-01-guest02 ~]# Reproducible: Always Steps to Reproduce: 1. export an nfs localhost 2. mounting the export in vers=3 3. check the /var/log/audit/audit.log