F8 avc: denied during NFS mount

Lamont Peterson lamont at lamontpeterson.org
Fri Feb 1 18:31:07 UTC 2008 

All,

I got this while mounting via "ls /net/server/":

Summary
    SELinux is preventing rpc.statd (rpcd_t) "write" to pipe (automount_t).

Detailed Description
    SELinux denied access requested by rpc.statd. It is not expected that this
    access is required by rpc.statd and this access may signal an intrusion
    attempt. It is also possible that the specific version or configuration of
    the application is causing it to require additional access.

Allowing Access
    You can generate a local policy module to allow this access - see
    http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can 
disable
    SELinux protection altogether. Disabling SELinux protection is not
    recommended. Please file a 
http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
    against this package.

Additional Information        

Source Context                system_u:system_r:rpcd_t:s0
Target Context                system_u:system_r:automount_t:s0
Target Objects                pipe [ fifo_file ]
Affected RPM Packages         
Policy RPM                    selinux-policy-3.0.8-74.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.catchall
Host Name                     reaver.lamontpeterson.net
Platform                      Linux reaver.lamontpeterson.net 2.6.23.9-85.fc8 
#1
                              SMP Fri Dec 7 15:49:36 EST 2007 x86_64 x86_64
Alert Count                   1
First Seen                    Fri 18 Jan 2008 05:35:16 PM MST
Last Seen                     Fri 18 Jan 2008 05:35:16 PM MST
Local ID                      1b3c736c-2edb-4c23-8440-c423dca231f0
Line Numbers                  

Raw Audit Messages            

avc: denied { write } for comm=rpc.statd dev=pipefs path=pipe:[605687] 
pid=8732
scontext=system_u:system_r:rpcd_t:s0 tclass=fifo_file
tcontext=system_u:system_r:automount_t:s0
-- 
Lamont Peterson <lamont at lamontpeterson.org
[ http://lamontpeterson.org/ ]
GPG Key fingerprint: C51E DD83 B03F D147 A974  939C 5D13 289C 17F1 FFBE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20080201/46b46b70/attachment.sig>

More information about the fedora-selinux-list mailing list