selinux breaks nfs

dragoran dragoran at feuerpokemon.de
Tue Apr 25 14:35:47 UTC 2006 

dragoran wrote:
> hello
> I tryed to share a partition using nfs (using system-config-nfs), but 
> selinux prevents it from beeing mounted:
> audit(1145781795.498:64): avc:  denied  { dac_override } for  
> pid=26228 comm="rpc.mountd" capability=1 
> scontext=system_u:system_r:nfsd_t:s0 
> tcontext=system_u:system_r:nfsd_t:s0 tclass=capability
> audit(1145781795.498:65): avc:  denied  { dac_read_search } for  
> pid=26228 comm="rpc.mountd" capability=2 
> scontext=system_u:system_r:nfsd_t:s0 
> tcontext=system_u:system_r:nfsd_t:s0 tclass=capability
> audit(1145781795.498:66): avc:  denied  { dac_override } for  
> pid=26228 comm="rpc.mountd" capability=1 
> scontext=system_u:system_r:nfsd_t:s0 
> tcontext=system_u:system_r:nfsd_t:s0 tclass=capability
> audit(1145781795.498:67): avc:  denied  { dac_read_search } for  
> pid=26228 comm="rpc.mountd" capability=2 
> scontext=system_u:system_r:nfsd_t:s0 
> tcontext=system_u:system_r:nfsd_t:s0 tclass=capability
> audit(1145781817.496:68): avc:  denied  { dac_override } for  
> pid=26228 comm="rpc.mountd" capability=1 
> scontext=system_u:system_r:nfsd_t:s0 
> tcontext=system_u:system_r:nfsd_t:s0 tclass=capability
> audit(1145781817.496:69): avc:  denied  { dac_read_search } for  
> pid=26228 comm="rpc.mountd" capability=2 
> scontext=system_u:system_r:nfsd_t:s0 
> tcontext=system_u:system_r:nfsd_t:s0 tclass=capability
> audit(1145781817.496:70): avc:  denied  { dac_override } for  
> pid=26228 comm="rpc.mountd" capability=1 
> scontext=system_u:system_r:nfsd_t:s0 
> tcontext=system_u:system_r:nfsd_t:s0 tclass=capability
> audit(1145781817.496:71): avc:  denied  { dac_read_search } for  
> pid=26228 comm="rpc.mountd" capability=2 
> scontext=system_u:system_r:nfsd_t:s0 
> tcontext=system_u:system_r:nfsd_t:s0 tclass=capability
> All boleans for nfs are set to true, if I do setenforce 0 it works.
> I am using selinux-policy-targeted-2.2.34-3.fc5 (from updates testing) 
> on FC x86_64.
>
> -- 
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
>
any ideas? or should I bugzilla this?

More information about the fedora-selinux-list mailing list