Respin of K12Linux-F9: SELinux prevents rpcbind from starting
Peter Scheie
peter at scheie.homedns.org
Thu Jan 1 14:47:41 UTC 2009
Peter Scheie wrote:
> Warren Togami wrote:
>> Peter Scheie wrote:
>>> Warren,
>>> I did a rebuild of the F9 K12Linux using the livecd-creator script,
>>> as we discussed. Build-wise it's fine. But when I boot the
>>> resulting ISO, SELinux is preventing rpcbind from starting. I was
>>> able to make it work by following the steps that the AVC monitor
>>> suggests; but for demo purposes, this should not be a requirement.
>>> Is this something that can be fixed in the kickstart file? Or where?
>>>
>>
>> What is the exact AVC line that prints to /var/lib/audit/audit.log?
>>
>> Warren
>>
> type=AVC msg=audit(1230067347.404:17): avc: denied { setgid } for
> pid=4369 comm="rpcbind" capability=6
> scontext=unconfined_u:system_r:rpcbind_t:s0
> tcontext=unconfined_u:system_r:rpcbind_t:s0 tclass=capability
> type=SYSCALL msg=audit(1230067347.404:17): arch=40000003 syscall=214
> success=no exit=-1 a0=20 a1=2db9bc a2=2105b0 a3=bfe073c0 items=0 ppid=1
> pid=4369 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
> fsgid=0 tty=(none) ses=1 comm="rpcbind" exe="/sbin/rpcbind"
> subj=unconfined_u:system_r:rpcbind_t:s0 key=(null)
>
Found this on the matter:
https://www.redhat.com/archives/fedora-devel-list/2008-December/msg01614.html
Looks like they fixed it, though. I did another build and there were no
conflicts between selinux and rpcbind.
Peter
More information about the K12Linux-devel-list
mailing list