Description of problem: Selinux prevents the rpcbind service from starting and because of this nfs doesn't work. Version-Release number of selected component (if applicable): selinux-policy-targeted-3.3.1-111.fc9.noarch rpcbind-0.1.7-1.fc9.x86_64 How reproducible: Boot an up2date F9 Steps to Reproduce: 1. Boot 2. rpcbind causes an AVC 3. nfs doesn't start completely and because of this you are unable to mount nfs volumes Actual results: Nfs does not work Expected results: All related services should start as they did before Additional info: With SELinux in permissive mode, after restarting the rpcbind and nfs services, mounting nfs volumes works as expected. Samenvatting: SELinux is preventing rpcbind (rpcbind_t) "setgid" rpcbind_t. Gedetailleerde omschrijving: SELinux denied access requested by rpcbind. It is not expected that this access is required by rpcbind and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additionele informatie: Source Context unconfined_u:system_r:rpcbind_t:s0 Target Context unconfined_u:system_r:rpcbind_t:s0 Target Objects None [ capability ] Bron rpcbind Source Path /sbin/rpcbind Poort <Onbekend> Host morphius.lokaal.net Source RPM Packages rpcbind-0.1.7-1.fc9 Target RPM Packages Policy RPM selinux-policy-3.3.1-111.fc9 SELinux aangezet True Policy Type targeted MLS aangezet True Enforcing Mode Enforcing Pluginnaam catchall Hostnaam morphius.lokaal.net Platform Linux morphius.lokaal.net 2.6.27.7-53.fc9.x86_64 #1 SMP Thu Nov 27 02:05:02 EST 2008 x86_64 x86_64 Aantal waarschuwingen 6 Eerst gezien op za 13 dec 2008 20:50:16 CET Laatst gezien op do 18 dec 2008 18:42:21 CET Local ID 66dbb0f8-16b7-4236-9097-4773acff4d99 Regelnummers Raw Audit Messages node=morphius.lokaal.net type=AVC msg=audit(1229622141.655:68): avc: denied { setgid } for pid=12192 comm="rpcbind" capability=6 scontext=unconfined_u:system_r:rpcbind_t:s0 tcontext=unconfined_u:system_r:rpcbind_t:s0 tclass=capability node=morphius.lokaal.net type=SYSCALL msg=audit(1229622141.655:68): arch=c000003e syscall=106 success=no exit=-1 a0=20 a1=20 a2=1 a3=7f62d3e456f0 items=0 ppid=1 pid=12192 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="rpcbind" exe="/sbin/rpcbind" subj=unconfined_u:system_r:rpcbind_t:s0 key=(null)
Fixed in selinux-policy-3.3.1-115.fc9 Yum update to this release.