NFS statd fails to start

Paul Smith phhs80 at gmail.com
Sun Sep 7 11:49:17 UTC 2008 

On Sun, Sep 7, 2008 at 12:33 PM, Stuart Sears <stuart at sjsears.com> wrote:
> [...edited...]
>>> An 'AVC denial' is just telling you that SELinux has prevented
>>> something from happening on your system. We'd need the actual
>>> denial message to see what it's complaining about - click on the
>>> "Sheriff's badge" in your system tray and tell us what it says.
>>
>> Thanks, Stuart. The required information is below:
>>
>> ------------------------------ Summary:
>>
>> SELinux is preventing the rpcbind from using potentially mislabeled
>> files (./services).
>>
>> Detailed Description:
>>
>> SELinux has denied rpcbind access to potentially mislabeled file(s)
>> (./services). This means that SELinux will not allow rpcbind to use
>> these files. It is common for users to edit files in their home
>> directory or tmp directories and then move (mv) them to system
>> directories. The problem is that the files end up with the wrong file
>> context which confined applications are not allowed to access.
>>
>> Allowing Access:
>>
>> If you want rpcbind to access this files, you need to relabel them
>> using restorecon -v './services'. You might want to relabel the
>> entire directory using restorecon -R -v '.'.
>>
>> Additional Information:
>>
>> Source Context                unconfined_u:system_r:rpcbind_t:s0
>> Target Context
>> unconfined_u:object_r:rpm_script_tmp_t:s0 Target Objects
>> ./services [ file ]
>
> okay, the rpcbind service is trying to access a file called 'services'
> (the ./ path puzzles me, but I suspect /etc/services here) which is
> mislabelled
>
> if ls -Z /etc/services looks like this:
> -rw-r--r--  root root system_u:object_r:rpm_script_tmp_t:s0 /etc/services
>
> try correcting the labels like this...
> restorecon -v /etc/services
>
> which should tell you it is doing this -
> restorecon reset /etc/services context
> system_u:object_r:rpm_script_tmp_t:s0->system_u:object_r:etc_t:s0
>
> Then try restarting the rpcbind (and probably nfs) services.
>
> incidentally, blindly following the advice of setroubleshoot is not
> always the correct response - in some cases all its advice boils down to
> is "If you want me to shut up and stop bothering you, try this..."
> Sometimes it is supposed to bother you :)

Thanks a lot, Stuart. The command

restorecon -v /etc/services

solved the problem.

Can the problem that I reported be considered a bug of Selinux?

Paul

More information about the fedora-list mailing list