AVC for rpcbind

Bert Todger btodger at yahoo.com
Sat Dec 13 14:45:39 UTC 2008 

Hello all,

Following a yum update to my two F9 machines I now find that the NFS
services I have enabled to share files between the machines fails. On
closer inspection it seems that rpcbind is now denied on both machines.

I have absolutely no idea what rpcbind does, but I do know putting them
into permissive mode allows rpcbind and then the NFS services start
normally.

What should I do? 

Thanks in advance

BT


Summary:

SELinux is preventing rpcbind (rpcbind_t) "setgid" rpcbind_t. 

Detailed Description:

SELinux denied access requested by rpcbind. It is not expected that this
access is required by rpcbind and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration
of the application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ Or
you can disable SELinux protection altogether. Disabling SELinux
protection is not recommended. Please file a bug report against this
package.

Additional Information:

Source Context:         unconfined_u:system_r:rpcbind_t:s0
Target Context:         unconfined_u:system_r:rpcbind_t:s0
Target Objects:         None [ capability ]
Source:         rpcbind
Source Path:    /sbin/rpcbind
Port:   <Unknown>
Host:   mydomain.com
Source RPM Packages:    rpcbind-0.1.7-1.fc9
Target RPM Packages:    
Policy RPM:     selinux-policy-3.3.1-111.fc9
Selinux Enabled:        True
Policy Type:    targeted
MLS Enabled:    True
Enforcing Mode:         Enforcing
Plugin Name:    catchall
Host Name:      mydomain.com
Platform:       Linux mydomain.com 2.6.26.6-79.fc9.i686 #1 SMP Fri Oct
17 14:52:14 EDT 2008 i686 i686
Alert Count:    1
First Seen:     Fri Dec 12 19:51:54 2008
Last Seen:      Fri Dec 12 19:51:54 2008
Local ID:       88e9ae88-4654-4ee6-99a1-34a6dafdcff5
Line Numbers:   

Raw Audit Messages :

node=mydomain.com type=AVC msg=audit(1229111514.633:6512): avc: denied {
setgid } for pid=20774 comm="rpcbind" capability=6
scontext=unconfined_u:system_r:rpcbind_t:s0
tcontext=unconfined_u:system_r:rpcbind_t:s0 tclass=capability

node=mydomain.com type=SYSCALL msg=audit(1229111514.633:6512):
arch=40000003 syscall=214 success=no exit=-1 a0=20 a1=2db9bc a2=2105b0
a3=bf9daeb0 items=0 ppid=20773 pid=20774 auid=4294967295 uid=0 gid=0
euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295
comm="rpcbind" exe="/sbin/rpcbind"
subj=unconfined_u:system_r:rpcbind_t:s0 key=(null)

More information about the fedora-selinux-list mailing list