Re: portmap

[Daniel J Walsh <dwalsh@xxxxxxxxxx>]

Jared W. Robinson wrote:

> I'm having the same problem -- and it happened after I upgraded my
> system. So, I put my machine into permissive mode, and today, I've been
> restarting portmap and watching /var/log/messages to see what happens.
> Here's what I've done so far:
>
> restorecon -v /lib/libnsl.so.1
> restorecon -v /lib/libnsl-2.3.4.so
> restorecon -v /lib/tls/libc-2.3.4.so
> restorecon -v /var/run/nscd/socket
>
> But, I still get this denied message:
> Feb  2 11:07:28 dev-zelda nscd: 13668 avc:  denied  { shmempwd } for scontext=root:system_r:portmap_t tcontext=user_u:system_r:unconfined_t tclass=nscd 
>
> Anyone have a clue of what to do for that?
>
> - Jared
>
> On Wed, Feb 02, 2005 at 06:58:56PM +0100, Andrzej KÄkolewski wrote:
>  
>
> > Now I have this messages:
> >
> > audit(1107366819.358:0): avc:  denied  { read } for  pid=3410
> > exe=/sbin/portmap name=libc.so.6 dev=dm-0 ino=8700100
> > scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t
> > tclass=lnk_file
> >
> > audit(1107366819.376:0): avc:  denied  { read } for  pid=3410
> > exe=/sbin/portmap name=libc.so.6 dev=dm-0 ino=8700100
> > scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t
> > tclass=lnk_file
> >
> > audit(1107366819.391:0): avc:  denied  { read } for  pid=3410
> > exe=/sbin/portmap name=libc.so.6 dev=dm-0 ino=8699916
> > scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t
> > tclass=lnk_file
> >
> > audit(1107366819.601:0): avc:  denied  { read } for  pid=3411
> > exe=/sbin/portmap name=passwd dev=dm-0 ino=10374678
> > scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t
> > tclass=file
> >
> > audit(1107366819.615:0): avc:  denied  { write } for  pid=3411
> > exe=/sbin/portmap name=log dev=tmpfs ino=7175
> > scontext=user_u:system_r:portmap_t tcontext=user_u:object_r:device_t
> > tclass=sock_file
> >
> > restorecon -v for libc.so.6 do nothing
> >
> >
> > On Wed, 02 Feb 2005 11:50:00 -0500
> > Colin Walters <walters@xxxxxxxxxx> wrote:
> >
> >    
> >
> > > On Wed, 2005-02-02 at 17:49 +0100, Andrzej KÄkolewski wrote:
> > >      
> > >
> > > > Hello
> > > > I'm getting this avc message in /var/log/messages:
> > > >
> > > > audit(1107361904.516:0): avc:  denied  { read } for  pid=3588
> > > > exe=/sbin/portmap name=libnsl.so.1 dev=dm-0 ino=8700082
> > > > scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t
> > > > tclass=lnk_file
> > > >        
> > > Looks like the file context got corrupted; try:
> > >
> > > restorecon -v /lib/libnsl.so.1
> > >
> > >
> > > --
> > > fedora-selinux-list mailing list
> > > fedora-selinux-list@xxxxxxxxxx
> > > http://www.redhat.com/mailman/listinfo/fedora-selinux-list
> > >      
> > --
> > Pozdrawiam
> > Andrzej KÄkolewski
> > Mail: k_andrzej_85@xxxxx
> > JID: gnr@xxxxxxxxxxxxxxx
> >
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list@xxxxxxxxxx
> > http://www.redhat.com/mailman/listinfo/fedora-selinux-list
> >    
>
>  
You do not have a labeled file system.  Either you upgraded or you 
booted without SELinux support I would suspect.

THe easiest way to cleanup is
touch /.autorelabel
reboot

Dan