today's authconfig update triggered an SELinux warning

Daniel J Walsh dwalsh at redhat.com
Wed Aug 1 16:00:47 UTC 2007 

Joe Smith wrote:
> SELinux is preventing /sbin/rpc.statd (rpcd_t) "search" to (sysctl_fs_t).
>
> From /var/log/messages:
> ...
> Aug  1 09:42:56 duros yum: Updated: authconfig.i386 5.3.15-1.fc7
> Aug  1 09:42:58 duros rpc.statd[2014]: Caught signal 15, 
> un-registering and exiting.
> Aug  1 09:42:59 duros rpc.statd[5279]: Version 1.1.0 Starting
> Aug  1 09:43:02 duros sm-notify[5282]: sm-notify running as root. 
> chown /var/lib/nfs/sm to choose different user
> Aug  1 09:43:02 duros Backgrounding to notify hosts...
> Aug  1 09:43:02 duros yum: Updated: nfs-utils.i386 1:1.1.0-1.fc7
> Aug  1 09:43:03 duros yum: Updated: authconfig-gtk.i386 5.3.15-1.fc7
> Aug  1 09:43:04 duros setroubleshoot:      SELinux is preventing 
> /usr/sbin/sm-notify (rpcd_t) "search" to <Unknown> (sysctl_fs_t). For 
> complete SELinux messages. run sealert -l 
> 498c64ce-3b7a-4009-be3c-ce4989e007b3
> Aug  1 09:43:04 duros setroubleshoot:      SELinux is preventing 
> /sbin/rpc.statd (rpcd_t) "search" to <Unknown> (sysctl_fs_t).      For 
> complete SELinux messages. run sealert -l 
> 498c64ce-3b7a-4009-be3c-ce4989e007b3
> ...
>
> * What does this message mean?
>
> Usually I can make some sense of SELinux' inscrutable gibberish (I 
> kid, I kid), but this one is new to me. My guess would be a directory 
> access of some kind--to what?
>
It means the rpc.statd program is trolling around in /proc/sys/fs
> * Why am I running rpc.statd?
I think it is used when you nfs mount a remote directory.  Started by 
the nfslock script.
>
> I thought that was for NFS, which I'm not using, although I do have 
> nfs-utils installed for some reason.
>
It is installed by default.  You can remove it, if you do not intend to 
use nfs.
> Rpm tells me that nothing else requires nfs-utils, is there any reason 
> not to simply remove it? Authconfig appears to want rpc.statd running 
> at least. Maybe I don't need authconfig either.
I think it has nothing to do with authconfig. 
>
> Any clues appreciated.
>
> <Joe
>

More information about the fedora-list mailing list