F8 avc: denied during NFS mount

Daniel J Walsh dwalsh at redhat.com
Sat Feb 2 03:30:00 UTC 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Lamont Peterson wrote:
> All,
> 
> I got this while mounting via "ls /net/server/":
> 
> Summary
>     SELinux is preventing rpc.statd (rpcd_t) "write" to pipe (automount_t).
> 
> Detailed Description
>     SELinux denied access requested by rpc.statd. It is not expected that this
>     access is required by rpc.statd and this access may signal an intrusion
>     attempt. It is also possible that the specific version or configuration of
>     the application is causing it to require additional access.
> 
> Allowing Access
>     You can generate a local policy module to allow this access - see
>     http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can 
> disable
>     SELinux protection altogether. Disabling SELinux protection is not
>     recommended. Please file a 
> http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
>     against this package.
> 
> Additional Information        
> 
> Source Context                system_u:system_r:rpcd_t:s0
> Target Context                system_u:system_r:automount_t:s0
> Target Objects                pipe [ fifo_file ]
> Affected RPM Packages         
> Policy RPM                    selinux-policy-3.0.8-74.fc8
> Selinux Enabled               True
> Policy Type                   targeted
> MLS Enabled                   True
> Enforcing Mode                Enforcing
> Plugin Name                   plugins.catchall
> Host Name                     reaver.lamontpeterson.net
> Platform                      Linux reaver.lamontpeterson.net 2.6.23.9-85.fc8 
> #1
>                               SMP Fri Dec 7 15:49:36 EST 2007 x86_64 x86_64
> Alert Count                   1
> First Seen                    Fri 18 Jan 2008 05:35:16 PM MST
> Last Seen                     Fri 18 Jan 2008 05:35:16 PM MST
> Local ID                      1b3c736c-2edb-4c23-8440-c423dca231f0
> Line Numbers                  
> 
> Raw Audit Messages            
> 
> avc: denied { write } for comm=rpc.statd dev=pipefs path=pipe:[605687] 
> pid=8732
> scontext=system_u:system_r:rpcd_t:s0 tclass=fifo_file
> tcontext=system_u:system_r:automount_t:s0
> 
> 
> ------------------------------------------------------------------------
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
This can be safely ignored and will be don't audited in the next release
of policy.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkej47gACgkQrlYvE4MpobMHxwCgu4+hISYsqyJ6RDdkxXahpgVo
bLEAnApL/HhQurypUIGCZPpvpdmi9gBf
=F/Mu
-----END PGP SIGNATURE-----

More information about the fedora-selinux-list mailing list