Re: selinux stops nfs?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

William John Murray wrote:
>     Hello all,
>             I am trying to persuade an F9 box to export an filesystem
> with nfs. It seems to be unwilling:
> 
> Oct 27 10:49:41 RAL-161-1-14 rpcbind: rpcbind terminating on signal.
> Restart with "rpcbind -w"
> Oct 27 10:49:41 RAL-161-1-14 setroubleshoot: SELinux is preventing the
> rpcbind from using potentially mislabeled files
> (/home/murray/.xsession-errors). For complete SELinux messages. run
> sealert -l 14ad5007-8011-4b44-91e9-a4d0932e2f5e
> Oct 27 10:49:42 RAL-161-1-14 mountd[20260]: Caught signal 15,
> un-registering and exiting.
> Oct 27 10:49:42 RAL-161-1-14 kernel: nfsd: last server has exited
> 
> Now SElinux is in permissive mode. But the error claims that 
> 
> SELinux is preventing the rpcbind from using potentially mislabeled
> files
> (/home/murray/.xsession-errors).
> 
> Now this seems odd - this file is not one I am trying to export. And I
> have definitely got 'permissive' set. But I do the following anyway:
> 
> restorecon -v '/home/murray/.xsession-errors'
> 
> And restarting nfs gives the same error all over again.
> 
>    What am I doing wrong?
>         Thank you,
>          Bill
> 
> 
You can safely ignore this.

The setroubleshoot is a catchall and it is incorrect.  This is what is
happening:

When you login gdm sets stderr for all of the applications it executes
including the gnome panel to ~/.xsession-errors.

When you execute any system-config-* apps like system-config-services
stderr gets passed down and eventually it gets to the confined
application nfsd.  When the selinux kernel sees this it reports and
error and closes the file descriptor, and reports this ugly avc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkkGEr8ACgkQrlYvE4MpobN2awCg54G8tR4TCt4Qssnz9W/bt6FF
jmIAnA3mPD2fdMW6My1R/Kcl39ISc9CH
=+jUX
-----END PGP SIGNATURE-----

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux