selinux stops nfs?

[Daniel J Walsh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

William John Murray wrote:
>     Hello all,
>             I am trying to persuade an F9 box to export an filesystem
> with nfs. It seems to be unwilling:
> 
> Oct 27 10:49:41 RAL-161-1-14 rpcbind: rpcbind terminating on signal.
> Restart with "rpcbind -w"
> Oct 27 10:49:41 RAL-161-1-14 setroubleshoot: SELinux is preventing the
> rpcbind from using potentially mislabeled files
> (/home/murray/.xsession-errors). For complete SELinux messages. run
> sealert -l 14ad5007-8011-4b44-91e9-a4d0932e2f5e
> Oct 27 10:49:42 RAL-161-1-14 mountd[20260]: Caught signal 15,
> un-registering and exiting.
> Oct 27 10:49:42 RAL-161-1-14 kernel: nfsd: last server has exited
> 
> Now SElinux is in permissive mode. But the error claims that 
> 
> SELinux is preventing the rpcbind from using potentially mislabeled
> files
> (/home/murray/.xsession-errors).
> 
> Now this seems odd - this file is not one I am trying to export. And I
> have definitely got 'permissive' set. But I do the following anyway:
> 
> restorecon -v '/home/murray/.xsession-errors'
> 
> And restarting nfs gives the same error all over again.
> 
>    What am I doing wrong?
>         Thank you,
>          Bill
> 
> 
You can safely ignore this.

The setroubleshoot is a catchall and it is incorrect.  This is what is
happening:

When you login gdm sets stderr for all of the applications it executes
including the gnome panel to ~/.xsession-errors.

When you execute any system-config-* apps like system-config-services
stderr gets passed down and eventually it gets to the confined
application nfsd.  When the selinux kernel sees this it reports and
error and closes the file descriptor, and reports this ugly avc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkkGEr8ACgkQrlYvE4MpobN2awCg54G8tR4TCt4Qssnz9W/bt6FF
jmIAnA3mPD2fdMW6My1R/Kcl39ISc9CH
=+jUX
-----END PGP SIGNATURE-----