abrt version: 2.0.5 executable: /usr/bin/python hashmarkername: setroubleshoot kernel: 3.0.1-3.fc16.i686.PAE reason: SELinux is preventing /sbin/rpcbind from 'unlink' accesses on the sock_file rpcbind.sock. time: Thu Aug 11 14:08:41 2011 description: :SELinux is preventing /sbin/rpcbind from 'unlink' accesses on the sock_file rpcbind.sock. : :***** Plugin catchall (100. confidence) suggests *************************** : :If you believe that rpcbind should be allowed unlink access on the rpcbind.sock sock_file by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep rpcbind /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context system_u:system_r:rpcbind_t:s0 :Target Context system_u:object_r:var_run_t:s0 :Target Objects rpcbind.sock [ sock_file ] :Source rpcbind :Source Path /sbin/rpcbind :Port <Neznámé> :Host (removed) :Source RPM Packages rpcbind-0.2.0-13.fc16 :Target RPM Packages :Policy RPM selinux-policy-3.10.0-15.fc16 :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) 3.0.1-3.fc16.i686.PAE #1 SMP Mon Aug 8 : 18:13:53 UTC 2011 i686 i686 :Alert Count 3 :First Seen Út 9. srpen 2011, 10:31:56 CEST :Last Seen Út 9. srpen 2011, 12:38:17 CEST :Local ID 0da11295-9f5c-4417-becc-0edd43f0ef01 : :Raw Audit Messages :type=AVC msg=audit(1312886297.16:27): avc: denied { unlink } for pid=884 comm="rpcbind" name="rpcbind.sock" dev=tmpfs ino=12824 scontext=system_u:system_r:rpcbind_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file : : :type=SYSCALL msg=audit(1312886297.16:27): arch=i386 syscall=unlink success=no exit=EACCES a0=895958 a1=0 a2=898340 a3=bfd5456e items=0 ppid=1 pid=884 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=rpcbind exe=/sbin/rpcbind subj=system_u:system_r:rpcbind_t:s0 key=(null) : :Hash: rpcbind,rpcbind_t,var_run_t,sock_file,unlink : :audit2allow : :#============= rpcbind_t ============== :allow rpcbind_t var_run_t:sock_file unlink; : :audit2allow -R : :#============= rpcbind_t ============== :allow rpcbind_t var_run_t:sock_file unlink; :
I believe this sock_file is being created by systemd and being mirlabeled
*** Bug 731283 has been marked as a duplicate of this bug. ***
rpcbind does not use systemd style socket actviation afaik, so systemd is not involved.
Does restorecon -R -v /var/run/rpcbind* fix the issue?
Lennart are you sure? rpm -q rpcbind -l | grep socket /lib/systemd/system/rpcbind.socket
As of current updates-testing, this is no longer issue here and the bug could be closed.
(In reply to comment #5) > Lennart are you sure? > > rpm -q rpcbind -l | grep socket > /lib/systemd/system/rpcbind.socket Oh, interesting. I wasn't aware of that. Good to know. Thanks!