Description of problem:

SELinux has denied the /usr/sbin/rpc.mountd (nfsd_t) "getattr" access to device
/dev/dmmidi. /dev/dmmidi is mislabeled, this device has the default label of the
/dev directory, which should not happen. All Character and/or Block Devices
should have a label. You can attempt to change the label of the file using
restorecon -v /dev/dmmidi. If this device remains labeled device_t, then this is
a bug in SELinux policy. Please file a bug report against the selinux-policy
package. If you look at the other similar devices labels, ls -lZ /dev/SIMILAR,
and find a type that would work for /dev/dmmidi, you can use chcon -t
SIMILAR_TYPE /dev/dmmidi, If this fixes the problem, you can make this permanent
by executing semanage fcontext -a -t SIMILAR_TYPE /dev/dmmidi If the restorecon
changes the context, this indicates that the application that created the
device, created it without using SELinux APIs. If you can figure out which
application created the device, please file a bug report against this application.


Version-Release number of selected component (if applicable):

selinux-policy-2.6.4-67.fc7

How reproducible:

export a directory over NFS (i exported a sub-tree of /media) while SELinux is
in enforcing mode. mount it remotely and access files on it. rpc.mountd will
begin generating denial audit messages at a rate of (in my case) several per hour.

Additional info:

no apparent ill effects other than the audit messages --- the NFS-exported
directory works well and is accessible. hence, low priority.

however, this also seems like a low-hanging fruit; adding a file label to the
default policy should fix it. i do not know what label would best work,
unfortunately.