Description of problem: SELinux is preventing rpc.statd (rpcd_t) "listen" rpcd_t. Version-Release number of selected component (if applicable): Source RPM Packages nfs-utils-1.2.0-4.fc12 Policy RPM selinux-policy-3.6.15-1.fc12 How reproducible: once Steps to Reproduce: 1.observe acl 2. 3. Actual results: acl Expected results: no acl Additional info: Summary: SELinux is preventing rpc.statd (rpcd_t) "listen" rpcd_t. Detailed Description: [SELinux is in permissive mode, the operation would have been denied but was permitted due to permissive mode.] SELinux denied access requested by rpc.statd. It is not expected that this access is required by rpc.statd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context unconfined_u:system_r:rpcd_t:s0 Target Context unconfined_u:system_r:rpcd_t:s0 Target Objects None [ udp_socket ] Source rpc.statd Source Path /sbin/rpc.statd Port <Unknown> Host jerry-opti755 Source RPM Packages nfs-utils-1.2.0-4.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.15-1.fc12 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Permissive Plugin Name catchall Host Name jerry-opti755 Platform Linux jerry-opti755 2.6.30-0.1.2.32.rc8.xendom0.fc12.x86_64 #1 SMP Thu Jun 4 17:46:39 EDT 2009 x86_64 x86_64 Alert Count 1 First Seen Wed 24 Jun 2009 09:26:48 AM CDT Last Seen Wed 24 Jun 2009 09:26:48 AM CDT Local ID db6b62c6-9644-4d6b-829a-29201f1ce580 Line Numbers Raw Audit Messages node=jerry-opti755 type=AVC msg=audit(1245853608.230:41793): avc: denied { listen } for pid=29164 comm="rpc.statd" lport=51263 scontext=unconfined_u:system_r:rpcd_t:s0 tcontext=unconfined_u:system_r:rpcd_t:s0 tclass=udp_socket node=jerry-opti755 type=SYSCALL msg=audit(1245853608.230:41793): arch=c000003e syscall=50 success=yes exit=0 a0=7 a1=80 a2=0 a3=7fff90f1cda0 items=0 ppid=29163 pid=29164 auid=2355 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=24 comm="rpc.statd" exe="/sbin/rpc.statd" subj=unconfined_u:system_r:rpcd_t:s0 key=(null)
rpc.statd should not be listening on udp sockets. I think this is a case of SELinux blocking before the DAC call does.
I'm no longer seeing rpc.statd denials.