Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora SELinux Support (http://www.linux-archive.org/fedora-selinux-support/)
-   -   F8 avc: denied during NFS mount (http://www.linux-archive.org/fedora-selinux-support/44850-f8-avc-denied-during-nfs-mount.html)

Lamont Peterson 02-01-2008 05:31 PM

F8 avc: denied during NFS mount
 
All,

I got this while mounting via "ls /net/server/":

Summary
SELinux is preventing rpc.statd (rpcd_t) "write" to pipe (automount_t).

Detailed Description
SELinux denied access requested by rpc.statd. It is not expected that this
access is required by rpc.statd and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of
the application is causing it to require additional access.

Allowing Access
You can generate a local policy module to allow this access - see
http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can
disable
SELinux protection altogether. Disabling SELinux protection is not
recommended. Please file a
http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
against this package.

Additional Information

Source Context system_u:system_r:rpcd_t:s0
Target Context system_u:system_r:automount_t:s0
Target Objects pipe [ fifo_file ]
Affected RPM Packages
Policy RPM selinux-policy-3.0.8-74.fc8
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name plugins.catchall
Host Name reaver.lamontpeterson.net
Platform Linux reaver.lamontpeterson.net 2.6.23.9-85.fc8
#1
SMP Fri Dec 7 15:49:36 EST 2007 x86_64 x86_64
Alert Count 1
First Seen Fri 18 Jan 2008 05:35:16 PM MST
Last Seen Fri 18 Jan 2008 05:35:16 PM MST
Local ID 1b3c736c-2edb-4c23-8440-c423dca231f0
Line Numbers

Raw Audit Messages

avc: denied { write } for comm=rpc.statd dev=pipefs path=pipe:[605687]
pid=8732
scontext=system_u:system_r:rpcd_t:s0 tclass=fifo_file
tcontext=system_u:system_r:automount_t:s0
--
Lamont Peterson <lamont@lamontpeterson.org
[ http://lamontpeterson.org/ ]
GPG Key fingerprint: C51E DD83 B03F D147 A974 939C 5D13 289C 17F1 FFBE
--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

Daniel J Walsh 02-02-2008 02:30 AM

F8 avc: denied during NFS mount
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Lamont Peterson wrote:
> All,
>
> I got this while mounting via "ls /net/server/":
>
> Summary
> SELinux is preventing rpc.statd (rpcd_t) "write" to pipe (automount_t).
>
> Detailed Description
> SELinux denied access requested by rpc.statd. It is not expected that this
> access is required by rpc.statd and this access may signal an intrusion
> attempt. It is also possible that the specific version or configuration of
> the application is causing it to require additional access.
>
> Allowing Access
> You can generate a local policy module to allow this access - see
> http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can
> disable
> SELinux protection altogether. Disabling SELinux protection is not
> recommended. Please file a
> http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
> against this package.
>
> Additional Information
>
> Source Context system_u:system_r:rpcd_t:s0
> Target Context system_u:system_r:automount_t:s0
> Target Objects pipe [ fifo_file ]
> Affected RPM Packages
> Policy RPM selinux-policy-3.0.8-74.fc8
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name plugins.catchall
> Host Name reaver.lamontpeterson.net
> Platform Linux reaver.lamontpeterson.net 2.6.23.9-85.fc8
> #1
> SMP Fri Dec 7 15:49:36 EST 2007 x86_64 x86_64
> Alert Count 1
> First Seen Fri 18 Jan 2008 05:35:16 PM MST
> Last Seen Fri 18 Jan 2008 05:35:16 PM MST
> Local ID 1b3c736c-2edb-4c23-8440-c423dca231f0
> Line Numbers
>
> Raw Audit Messages
>
> avc: denied { write } for comm=rpc.statd dev=pipefs path=pipe:[605687]
> pid=8732
> scontext=system_u:system_r:rpcd_t:s0 tclass=fifo_file
> tcontext=system_u:system_r:automount_t:s0
>
>
> ------------------------------------------------------------------------
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
This can be safely ignored and will be don't audited in the next release
of policy.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkej47gACgkQrlYvE4MpobMHxwCgu4+hISYsqy J6RDdkxXahpgVo
bLEAnApL/HhQurypUIGCZPpvpdmi9gBf
=F/Mu
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list


All times are GMT. The time now is 07:07 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.