Description of problem: Since upgrading to F-19, NFS is not working for me unless I set SELinux to permissive. The following is in /var/log/messages: Jul 3 07:33:45 snowball2 exportfs[762]: exportfs: Failed to stat /media/realcrypt1/filmy: No such file or directory Jul 3 07:33:45 snowball2 exportfs[762]: exportfs: Failed to stat /media/realcrypt1/stand-up: No such file or directory Jul 3 07:33:45 snowball2 exportfs[762]: exportfs: Failed to stat /media/realcrypt1/tv: No such file or directory Jul 3 07:33:45 snowball2 kernel: [ 25.985633] NFSD: starting 90-second grace period (net ffffffff81cba800) Jul 3 07:33:45 snowball2 systemd[1]: Started NFS Server. Jul 3 07:33:46 snowball2 systemd[1]: Starting NFS Mount Daemon... Jul 3 07:33:46 snowball2 systemd[1]: Starting NFS Remote Quota Server... Jul 3 07:33:46 snowball2 systemd[1]: Starting NFSv4 ID-name mapping daemon... Jul 3 07:33:46 snowball2 systemd[1]: Started NFS Remote Quota Server. Jul 3 07:33:46 snowball2 systemd[1]: Started NFSv4 ID-name mapping daemon. Jul 3 07:33:46 snowball2 systemd[1]: Started NFS Mount Daemon. Jul 3 07:33:46 snowball2 rpc.mountd[822]: Could not bind socket: (13) Permission denied Jul 3 07:33:46 snowball2 rpc.mountd[822]: Could not bind socket: (13) Permission denied Jul 3 07:33:46 snowball2 rpc.mountd[822]: Could not bind socket: (13) Permission denied Jul 3 07:33:46 snowball2 rpc.mountd[822]: Could not bind socket: (13) Permission denied Jul 3 07:33:46 snowball2 rpc.mountd[822]: Could not bind socket: (13) Permission denied Jul 3 07:33:46 snowball2 rpc.mountd[822]: Could not bind socket: (13) Permission denied Jul 3 07:33:46 snowball2 rpc.mountd[895]: Version 1.2.7 starting Version-Release number of selected component (if applicable): selinux-policy-targeted-3.12.1-54.fc19.noarch How reproducible: always Steps to Reproduce: 1. systemctl restart rpcbind.service Actual results: could not bind socket Expected results: nfs works Additional info: I have already tried full re-labeling, but it it did not help.
Julian, what does # ausearch -m avc
Created attachment 768309 [details] ausearch -m avc It does return a lot.
Output from /var/log/messages when restarting nfs.service in enforcing and permissive mode. Jul 3 17:49:01 snowball2 systemd[1]: Stopping NFS Remote Quota Server... Jul 3 17:49:01 snowball2 systemd[1]: Stopping NFS Mount Daemon... Jul 3 17:49:01 snowball2 systemd[1]: Stopping NFSv4 ID-name mapping daemon... Jul 3 17:49:01 snowball2 rpc.mountd[895]: Caught signal 15, un-registering and exiting. Jul 3 17:49:01 snowball2 systemd[1]: Stopping NFS Server... Jul 3 17:49:01 snowball2 kernel: [ 2151.481108] nfsd: last server has exited, flushing export cache Jul 3 17:49:01 snowball2 systemd[1]: Starting NFS Server... Jul 3 17:49:01 snowball2 exportfs[4062]: exportfs: Failed to stat /media/realcrypt1/filmy: No such file or directory Jul 3 17:49:01 snowball2 exportfs[4062]: exportfs: Failed to stat /media/realcrypt1/stand-up: No such file or directory Jul 3 17:49:01 snowball2 exportfs[4062]: exportfs: Failed to stat /media/realcrypt1/tv: No such file or directory Jul 3 17:49:01 snowball2 kernel: [ 2151.506195] NFSD: starting 90-second grace period (net ffffffff81cba800) Jul 3 17:49:01 snowball2 systemd[1]: Started NFS Server. Jul 3 17:49:01 snowball2 systemd[1]: Starting NFS Mount Daemon... Jul 3 17:49:01 snowball2 systemd[1]: Starting NFS Remote Quota Server... Jul 3 17:49:01 snowball2 systemd[1]: Starting NFSv4 ID-name mapping daemon... Jul 3 17:49:01 snowball2 systemd[1]: Started NFSv4 ID-name mapping daemon. Jul 3 17:49:01 snowball2 systemd[1]: Started NFS Remote Quota Server. Jul 3 17:49:01 snowball2 rpc.mountd[4082]: Could not bind socket: (13) Permission denied Jul 3 17:49:01 snowball2 rpc.mountd[4082]: Could not bind socket: (13) Permission denied Jul 3 17:49:01 snowball2 rpc.mountd[4082]: Could not bind socket: (13) Permission denied Jul 3 17:49:01 snowball2 rpc.mountd[4082]: Could not bind socket: (13) Permission denied Jul 3 17:49:01 snowball2 rpc.mountd[4082]: Could not bind socket: (13) Permission denied Jul 3 17:49:01 snowball2 rpc.mountd[4082]: Could not bind socket: (13) Permission denied Jul 3 17:49:01 snowball2 rpc.mountd[4090]: Version 1.2.7 starting Jul 3 17:49:01 snowball2 systemd[1]: Started NFS Mount Daemon. Jul 3 17:49:13 snowball2 dbus-daemon[619]: dbus[619]: avc: received setenforce notice (enforcing=0) Jul 3 17:49:13 snowball2 dbus[619]: avc: received setenforce notice (enforcing=0) Jul 3 17:49:13 snowball2 dbus[1756]: avc: received setenforce notice (enforcing=0) Jul 3 17:49:13 snowball2 dbus[2366]: avc: received setenforce notice (enforcing=0) Jul 3 17:49:13 snowball2 dbus[1645]: avc: received setenforce notice (enforcing=0) Jul 3 17:49:15 snowball2 systemd[1]: Stopping NFS Remote Quota Server... Jul 3 17:49:15 snowball2 systemd[1]: Stopping NFS Mount Daemon... Jul 3 17:49:15 snowball2 systemd[1]: Stopping NFSv4 ID-name mapping daemon... Jul 3 17:49:15 snowball2 rpc.mountd[4090]: Caught signal 15, un-registering and exiting. Jul 3 17:49:15 snowball2 systemd[1]: Stopping NFS Server... Jul 3 17:49:15 snowball2 systemd[1]: Starting NFS Server... Jul 3 17:49:15 snowball2 kernel: [ 2165.498373] nfsd: last server has exited, flushing export cache Jul 3 17:49:15 snowball2 exportfs[4114]: exportfs: Failed to stat /media/realcrypt1/filmy: No such file or directory Jul 3 17:49:15 snowball2 exportfs[4114]: exportfs: Failed to stat /media/realcrypt1/stand-up: No such file or directory Jul 3 17:49:15 snowball2 exportfs[4114]: exportfs: Failed to stat /media/realcrypt1/tv: No such file or directory Jul 3 17:49:15 snowball2 kernel: [ 2165.517265] NFSD: starting 90-second grace period (net ffffffff81cba800) Jul 3 17:49:15 snowball2 systemd[1]: Started NFS Server. Jul 3 17:49:15 snowball2 systemd[1]: Starting NFS Mount Daemon... Jul 3 17:49:15 snowball2 systemd[1]: Starting NFS Remote Quota Server... Jul 3 17:49:15 snowball2 systemd[1]: Starting NFSv4 ID-name mapping daemon... Jul 3 17:49:15 snowball2 systemd[1]: Started NFSv4 ID-name mapping daemon. Jul 3 17:49:15 snowball2 systemd[1]: Started NFS Remote Quota Server. Jul 3 17:49:15 snowball2 rpc.mountd[4143]: Version 1.2.7 starting Jul 3 17:49:15 snowball2 systemd[1]: Started NFS Mount Daemon. Jul 3 17:49:19 snowball2 fprintd[3994]: ** Message: No devices in use, exit
Nothing in those logs about rpcbind or nfs, all about running wine on your machine. Seems you also have hundreds of wine_t processes running, which is strange since unconfined_u:unconfined_r:wine_t:s0-s0:c0.c1023 is not even a valid label anymore?
Keep in mind that audit.log might is years old (Fedora was first installed on this machine in May 2011) which probably explains obsolete labels. I was suspecting there is nothing rpcbind-related in the logs. Having said that, please have a look at comment 2: rpc.mountd fails initially, but after setting SELinux in permissive mode, the "could not bind socket" error is gone.
Ok, could you re-test it in permissive and run # ausearch -m avc -ts recent Thank you.
Hmm, colour me confused. Turns out that the problem has fixed itself sometime between 3 July and today. ausearch -m avc -ts recent returns nothing. The last "Could not bind socket: (13) Permission denied" was recorded in the logs on 7 July, 09:14. The first yum update after that included the following packages which could be of interest: kernel-3.9.9-301.fc19.x86_64 selinux-policy-targeted-3.12.1-59.fc19.noarch In any case, it works now.