libreport version: 2.0.6 executable: /usr/bin/python hashmarkername: setroubleshoot kernel: 3.1.0-5.fc16.x86_64 reason: SELinux is preventing /sbin/rpc.statd from 'write' accesses on the file rpc.statd.pid. time: Sun Oct 30 20:16:32 2011 description: :SELinux is preven(removed)ing /sbin/rpc.s(removed)a(removed)d from 'wri(removed)e' accesses on (removed)he file rpc.s(removed)a(removed)d.pid. : :***** Plugin ca(removed)chall (100. confidence) sugges(removed)s *************************** : :If you believe (removed)ha(removed) rpc.s(removed)a(removed)d should be allowed wri(removed)e access on (removed)he rpc.s(removed)a(removed)d.pid file by defaul(removed). :Then you should repor(removed) (removed)his as a bug. :You can genera(removed)e a local policy module (removed)o allow (removed)his access. :Do :allow (removed)his access for now by execu(removed)ing: :# grep rpc.s(removed)a(removed)d /var/log/audi(removed)/audi(removed).log | audi(removed)2allow -M mypol :# semodule -i mypol.pp : :Addi(removed)ional Informa(removed)ion: :Source Con(removed)ex(removed) sys(removed)em_u:sys(removed)em_r:rpcd_(removed):s0 :Targe(removed) Con(removed)ex(removed) unconfined_u:objec(removed)_r:var_run_(removed):s0 :Targe(removed) Objec(removed)s rpc.s(removed)a(removed)d.pid [ file ] :Source rpc.s(removed)a(removed)d :Source Pa(removed)h /sbin/rpc.s(removed)a(removed)d :Por(removed) <Unknown> :Hos(removed) (removed) :Source RPM Packages nfs-u(removed)ils-1.2.5-1.fc16 :Targe(removed) RPM Packages :Policy RPM selinux-policy-3.10.0-46.fc16 :Selinux Enabled True :Policy Type (removed)arge(removed)ed :Enforcing Mode Enforcing :Hos(removed) Name (removed) :Pla(removed)form Linux (removed) 3.1.0-5.fc16.x86_64 #1 SMP Thu Oc(removed) 27 : 03:46:50 UTC 2011 x86_64 x86_64 :Aler(removed) Coun(removed) 2 :Firs(removed) Seen Sun 30 Oc(removed) 2011 08:14:58 PM EDT :Las(removed) Seen Sun 30 Oc(removed) 2011 08:15:41 PM EDT :Local ID b979e6f2-3dbb-4bc2-a848-e7c70b0fec0e : :Raw Audi(removed) Messages :(removed)ype=AVC msg=audi(removed)(1320020141.260:91): avc: denied { wri(removed)e } for pid=2284 comm="rpc.s(removed)a(removed)d" name="rpc.s(removed)a(removed)d.pid" dev=(removed)mpfs ino=27781 scon(removed)ex(removed)=sys(removed)em_u:sys(removed)em_r:rpcd_(removed):s0 (removed)con(removed)ex(removed)=unconfined_u:objec(removed)_r:var_run_(removed):s0 (removed)class=file : : :(removed)ype=SYSCALL msg=audi(removed)(1320020141.260:91): arch=x86_64 syscall=open success=no exi(removed)=EACCES a0=7fc2f7f3b284 a1=241 a2=1b6 a3=7ffff6b11550 i(removed)ems=0 ppid=2283 pid=2284 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 (removed)(removed)y=(none) ses=4294967295 comm=rpc.s(removed)a(removed)d exe=/sbin/rpc.s(removed)a(removed)d subj=sys(removed)em_u:sys(removed)em_r:rpcd_(removed):s0 key=(null) : :Hash: rpc.s(removed)a(removed)d,rpcd_(removed),var_run_(removed),file,wri(removed)e : :audi(removed)2allow : :#============= rpcd_(removed) ============== :allow rpcd_(removed) var_run_(removed):file wri(removed)e; : :audi(removed)2allow -R : :#============= rpcd_(removed) ============== :allow rpcd_(removed) var_run_(removed):file wri(removed)e; :
Have you ever started rpcd directly? # restorecon -R -v /var/run/rpc* Should fix your issue. If I am wrong, please reopen the bug. Thank you.
*** Bug 750162 has been marked as a duplicate of this bug. ***
I need some advice then. How are you supposed to mount an NFS filesystem in Fedora 16? It failed to mount until I performed this sequence of events: 1. Install from Fedora 16 Final RC2 Live Desktop x86_64 2. yum install nfs-utils 3. systemctl start rpcbind.service 4. systemctl start nfs-lock.service (fails) 5. setenforce 0 6. mount -t nfs ... 7. Report these AVCs (write & unlink on rpc.statd.pid)
Created attachment 530943 [details] script of NFS mount attempt Full script of session with attempt to mount an NFS filesystem right after a fresh install of Fedora 16 Final RC2 Live Desktop x86_64. If the procedure I followed was incorrect in such a way as to cause a mislabeled file to be created, then the process is fragile and improvement as well as explanation for the proper procedure would be appreciated. Thanks.
How about # yum update --enablerepo=updates testing and # systemctl start nfs-lock.service I am able to start this service.