F8 avc: denied during NFS mount
Daniel J Walsh
dwalsh at redhat.com
Sat Feb 2 03:30:00 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Lamont Peterson wrote:
> All,
>
> I got this while mounting via "ls /net/server/":
>
> Summary
> SELinux is preventing rpc.statd (rpcd_t) "write" to pipe (automount_t).
>
> Detailed Description
> SELinux denied access requested by rpc.statd. It is not expected that this
> access is required by rpc.statd and this access may signal an intrusion
> attempt. It is also possible that the specific version or configuration of
> the application is causing it to require additional access.
>
> Allowing Access
> You can generate a local policy module to allow this access - see
> http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can
> disable
> SELinux protection altogether. Disabling SELinux protection is not
> recommended. Please file a
> http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
> against this package.
>
> Additional Information
>
> Source Context system_u:system_r:rpcd_t:s0
> Target Context system_u:system_r:automount_t:s0
> Target Objects pipe [ fifo_file ]
> Affected RPM Packages
> Policy RPM selinux-policy-3.0.8-74.fc8
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name plugins.catchall
> Host Name reaver.lamontpeterson.net
> Platform Linux reaver.lamontpeterson.net 2.6.23.9-85.fc8
> #1
> SMP Fri Dec 7 15:49:36 EST 2007 x86_64 x86_64
> Alert Count 1
> First Seen Fri 18 Jan 2008 05:35:16 PM MST
> Last Seen Fri 18 Jan 2008 05:35:16 PM MST
> Local ID 1b3c736c-2edb-4c23-8440-c423dca231f0
> Line Numbers
>
> Raw Audit Messages
>
> avc: denied { write } for comm=rpc.statd dev=pipefs path=pipe:[605687]
> pid=8732
> scontext=system_u:system_r:rpcd_t:s0 tclass=fifo_file
> tcontext=system_u:system_r:automount_t:s0
>
>
> ------------------------------------------------------------------------
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
This can be safely ignored and will be don't audited in the next release
of policy.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkej47gACgkQrlYvE4MpobMHxwCgu4+hISYsqyJ6RDdkxXahpgVo
bLEAnApL/HhQurypUIGCZPpvpdmi9gBf
=F/Mu
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list