portmap

Daniel J Walsh dwalsh at redhat.com
Wed Feb 2 19:05:25 UTC 2005 

Jared W. Robinson wrote:

>I'm having the same problem -- and it happened after I upgraded my
>system. So, I put my machine into permissive mode, and today, I've been
>restarting portmap and watching /var/log/messages to see what happens.
>Here's what I've done so far:
>
>restorecon -v /lib/libnsl.so.1
>restorecon -v /lib/libnsl-2.3.4.so
>restorecon -v /lib/tls/libc-2.3.4.so
>restorecon -v /var/run/nscd/socket
>
>But, I still get this denied message:
>Feb  2 11:07:28 dev-zelda nscd: 13668 avc:  denied  { shmempwd } for scontext=root:system_r:portmap_t tcontext=user_u:system_r:unconfined_t tclass=nscd 
>
>Anyone have a clue of what to do for that?
>
>- Jared
>
>On Wed, Feb 02, 2005 at 06:58:56PM +0100, Andrzej Kąkolewski wrote:
>  
>
>>Now I have this messages:
>>
>>audit(1107366819.358:0): avc:  denied  { read } for  pid=3410
>>exe=/sbin/portmap name=libc.so.6 dev=dm-0 ino=8700100
>>scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t
>>tclass=lnk_file
>>
>>audit(1107366819.376:0): avc:  denied  { read } for  pid=3410
>>exe=/sbin/portmap name=libc.so.6 dev=dm-0 ino=8700100
>>scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t
>>tclass=lnk_file
>>
>>audit(1107366819.391:0): avc:  denied  { read } for  pid=3410
>>exe=/sbin/portmap name=libc.so.6 dev=dm-0 ino=8699916
>>scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t
>>tclass=lnk_file
>>
>>audit(1107366819.601:0): avc:  denied  { read } for  pid=3411
>>exe=/sbin/portmap name=passwd dev=dm-0 ino=10374678
>>scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t
>>tclass=file
>>
>>audit(1107366819.615:0): avc:  denied  { write } for  pid=3411
>>exe=/sbin/portmap name=log dev=tmpfs ino=7175
>>scontext=user_u:system_r:portmap_t tcontext=user_u:object_r:device_t
>>tclass=sock_file
>>
>>restorecon -v for libc.so.6 do nothing
>>
>>
>>On Wed, 02 Feb 2005 11:50:00 -0500
>>Colin Walters <walters at redhat.com> wrote:
>>
>>    
>>
>>>On Wed, 2005-02-02 at 17:49 +0100, Andrzej Kąkolewski wrote:
>>>      
>>>
>>>>Hello
>>>>I'm getting this avc message in /var/log/messages:
>>>>
>>>>audit(1107361904.516:0): avc:  denied  { read } for  pid=3588
>>>>exe=/sbin/portmap name=libnsl.so.1 dev=dm-0 ino=8700082
>>>>scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t
>>>>tclass=lnk_file
>>>>        
>>>>
>>>Looks like the file context got corrupted; try:
>>>
>>>restorecon -v /lib/libnsl.so.1
>>>
>>>
>>>--
>>>fedora-selinux-list mailing list
>>>fedora-selinux-list at redhat.com
>>>http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>>      
>>>
>>-- 
>>Pozdrawiam
>>Andrzej Kąkolewski
>>Mail: k_andrzej_85 at o2.pl
>>JID: gnr at jabber.atman.pl
>>
>>--
>>fedora-selinux-list mailing list
>>fedora-selinux-list at redhat.com
>>http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>    
>>
>
>  
>
You do not have a labeled file system.  Either you upgraded or you 
booted without SELinux support I would suspect.

THe easiest way to cleanup is
touch /.autorelabel
reboot

Dan

More information about the fedora-selinux-list mailing list