F8 avc: denied during NFS mount
Lamont Peterson
lamont at lamontpeterson.org
Fri Feb 1 18:31:07 UTC 2008
All,
I got this while mounting via "ls /net/server/":
Summary
SELinux is preventing rpc.statd (rpcd_t) "write" to pipe (automount_t).
Detailed Description
SELinux denied access requested by rpc.statd. It is not expected that this
access is required by rpc.statd and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of
the application is causing it to require additional access.
Allowing Access
You can generate a local policy module to allow this access - see
http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can
disable
SELinux protection altogether. Disabling SELinux protection is not
recommended. Please file a
http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
against this package.
Additional Information
Source Context system_u:system_r:rpcd_t:s0
Target Context system_u:system_r:automount_t:s0
Target Objects pipe [ fifo_file ]
Affected RPM Packages
Policy RPM selinux-policy-3.0.8-74.fc8
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name plugins.catchall
Host Name reaver.lamontpeterson.net
Platform Linux reaver.lamontpeterson.net 2.6.23.9-85.fc8
#1
SMP Fri Dec 7 15:49:36 EST 2007 x86_64 x86_64
Alert Count 1
First Seen Fri 18 Jan 2008 05:35:16 PM MST
Last Seen Fri 18 Jan 2008 05:35:16 PM MST
Local ID 1b3c736c-2edb-4c23-8440-c423dca231f0
Line Numbers
Raw Audit Messages
avc: denied { write } for comm=rpc.statd dev=pipefs path=pipe:[605687]
pid=8732
scontext=system_u:system_r:rpcd_t:s0 tclass=fifo_file
tcontext=system_u:system_r:automount_t:s0
--
Lamont Peterson <lamont at lamontpeterson.org
[ http://lamontpeterson.org/ ]
GPG Key fingerprint: C51E DD83 B03F D147 A974 939C 5D13 289C 17F1 FFBE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20080201/46b46b70/attachment.sig>
More information about the fedora-selinux-list
mailing list