On Tue, 2008-12-16 at 10:57 -0500, David P. Quigley wrote:
> On Mon, 2008-12-15 at 20:52 -0500, Tom Lane wrote:
> > "Jerry Amundson" <jamundso@xxxxxxxxx> writes:
> > > In case it was missed, note jkeating's very recent post "Coordination
> > > of updates and reading of bodhi comments".
> >
> > Yeah, that may explain it. At first I didn't think it was selinux,
> > because of the lack of any selinux complaints in my logs. However,
> > looking back to the last boot found
> >
> > Dec 14 19:21:46 rh2 rpcbind: setgid to 'rpc' (32) failed: Operation not permitted
> > Dec 14 19:21:48 rh2 setroubleshoot: SELinux is preventing rpcbind (rpcbind_t) "setgid" rpcbind_t. For complete SELinux messages. run sealert -l 2e7e0f7b-d206-4999-a02c-91bf0cc9d1e2
> >
> > For anyone who needs a fix right now, I can confirm that reverting
> > rpcbind to rpcbind-0.1.4-14.fc9 (the latest prior version I could find
> > on the download servers) makes the NFS and AFP problems go away.
> >
> > regards, tom lane
> >
>
> I'm not sure if he fix for this is in the SELinux policy package yet but
> if you don't want to revert your rpcbind package this policy module
> should be a temporary fix.
>
> policy_module(myrpcbind, 1.0)
>
> require {
> type rpcbind_t;
> }
>
> allow rpcbind_t self:capability setgid;
>
>
> 1) Create directory, enter directory, and copy the policy module into
> myrpcbind.te in that directory.
>
> 2) make -f /usr/share/selinux/devel/Makefile
>
> 3) as root /usr/sbin/semodule -i myrpcbind.pp
>
> Dave
>
Supposedly the fix is in updates-testing, so that is another option.
yum --enablerepo=updates-testing update selinux-policy*
Dave
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
