Additional info: libreport version: 2.0.18 kernel: 3.6.5-1.fc17.x86_64 description: :SELinux is preventing /usr/sbin/rpc.statd from 'write' accesses on the sock_file rpcbind.sock. : :***** Plugin catchall (100. confidence) suggests *************************** : :If you believe that rpc.statd should be allowed write access on the rpcbind.sock sock_file by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep rpc.statd /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context system_u:system_r:rpcd_t:s0 :Target Context system_u:object_r:var_run_t:s0 :Target Objects rpcbind.sock [ sock_file ] :Source rpc.statd :Source Path /usr/sbin/rpc.statd :Port <Unknown> :Host (removed) :Source RPM Packages nfs-utils-1.2.6-5.fc17.x86_64 :Target RPM Packages :Policy RPM selinux-policy-3.10.0-156.fc17.noarch :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) 3.6.5-1.fc17.x86_64 #1 SMP Wed Oct : 31 19:37:18 UTC 2012 x86_64 x86_64 :Alert Count 5 :First Seen 2012-11-03 03:16:48 EET :Last Seen 2012-11-03 03:16:48 EET :Local ID c3670616-104b-44b1-b35b-5c98b13e5be0 : :Raw Audit Messages :type=AVC msg=audit(1351905408.613:79): avc: denied { write } for pid=2686 comm="rpc.statd" name="rpcbind.sock" dev="tmpfs" ino=16091 scontext=system_u:system_r:rpcd_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file : : :type=SYSCALL msg=audit(1351905408.613:79): arch=x86_64 syscall=connect success=no exit=EACCES a0=c a1=7fffe29302d0 a2=17 a3=8 items=0 ppid=2685 pid=2686 auid=4294967295 uid=29 gid=29 euid=29 suid=29 fsuid=29 egid=29 sgid=29 fsgid=29 tty=(none) ses=4294967295 comm=rpc.statd exe=/usr/sbin/rpc.statd subj=system_u:system_r:rpcd_t:s0 key=(null) : :Hash: rpc.statd,rpcd_t,var_run_t,sock_file,write : :audit2allow : :#============= rpcd_t ============== :allow rpcd_t var_run_t:sock_file write; : :audit2allow -R : :#============= rpcd_t ============== :allow rpcd_t var_run_t:sock_file write; : Potential duplicate bug: 728307
Created attachment 637335 [details] File: type
Created attachment 637336 [details] File: hashmarkername
*** Bug 872769 has been marked as a duplicate of this bug. ***
I backported fixes from F18. You can fix it using # restorecon -R -v /var/run/rpcbind* for now. commit e978330f72afcd56e47360657a8ae0e824f3f046 Author: rhatdan <dwalsh> Date: Tue Oct 30 11:52:54 2012 -0400 Add interface to make sure rpcbind.sock is created with the correct label
selinux-policy-3.10.0-159.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-159.fc17
Package selinux-policy-3.10.0-159.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-159.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-17782/selinux-policy-3.10.0-159.fc17 then log in and leave karma (feedback).
selinux-policy-3.10.0-159.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.