NFS statd fails to start
Stuart Sears
stuart at sjsears.com
Sun Sep 7 11:33:00 UTC 2008
Paul Smith wrote:
> On Sun, Sep 7, 2008 at 12:48 AM, Stuart Sears <stuart at sjsears.com>
[...edited...]
>> An 'AVC denial' is just telling you that SELinux has prevented
>> something from happening on your system. We'd need the actual
>> denial message to see what it's complaining about - click on the
>> "Sheriff's badge" in your system tray and tell us what it says.
>
> Thanks, Stuart. The required information is below:
>
> ------------------------------ Summary:
>
> SELinux is preventing the rpcbind from using potentially mislabeled
> files (./services).
>
> Detailed Description:
>
> SELinux has denied rpcbind access to potentially mislabeled file(s)
> (./services). This means that SELinux will not allow rpcbind to use
> these files. It is common for users to edit files in their home
> directory or tmp directories and then move (mv) them to system
> directories. The problem is that the files end up with the wrong file
> context which confined applications are not allowed to access.
>
> Allowing Access:
>
> If you want rpcbind to access this files, you need to relabel them
> using restorecon -v './services'. You might want to relabel the
> entire directory using restorecon -R -v '.'.
>
> Additional Information:
>
> Source Context unconfined_u:system_r:rpcbind_t:s0
> Target Context
> unconfined_u:object_r:rpm_script_tmp_t:s0 Target Objects
> ./services [ file ]
okay, the rpcbind service is trying to access a file called 'services'
(the ./ path puzzles me, but I suspect /etc/services here) which is
mislabelled
if ls -Z /etc/services looks like this:
-rw-r--r-- root root system_u:object_r:rpm_script_tmp_t:s0 /etc/services
try correcting the labels like this...
restorecon -v /etc/services
which should tell you it is doing this -
restorecon reset /etc/services context
system_u:object_r:rpm_script_tmp_t:s0->system_u:object_r:etc_t:s0
Then try restarting the rpcbind (and probably nfs) services.
incidentally, blindly following the advice of setroubleshoot is not
always the correct response - in some cases all its advice boils down to
is "If you want me to shut up and stop bothering you, try this..."
Sometimes it is supposed to bother you :)
Regards,
Stuart
--
Stuart Sears RHCA etc.
"It's today!" said Piglet.
"My favourite day," said Pooh.
More information about the fedora-list
mailing list