Re: NFSD warning?

Dominick Grift <domg472@xxxxxxxxx> · Thu, 26 Aug 2010 11:58:52 +0200



On 08/26/2010 11:48 AM, Arthur Dent wrote:
> Hello all,
> 
> Working with Dominick to solve my clamd denial problem has caused me to
> use ausearch more often than I normally would.
> 
> This has revealed a large and constant amount of these messages:

Do semodule -B to hide any denials that are should not be displayed
(they are hidden on purpose)

> ----
> time->Thu Aug 26 10:37:51 2010
> type=AVC msg=audit(1282815471.028:55622): avc:  denied  { 0x400000 } for
> pid=1223 comm="nfsd" name="" dev=sda11 ino=28365
> scontext=system_u:system_r:kernel_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
> ----
> time->Thu Aug 26 10:37:51 2010
> type=AVC msg=audit(1282815471.028:55623): avc:  denied  { 0x400000 } for
> pid=1221 comm="nfsd" name="" dev=sda11 ino=28365
> scontext=system_u:system_r:kernel_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
> ----
> time->Thu Aug 26 10:37:51 2010
> type=AVC msg=audit(1282815471.063:55624): avc:  denied  { 0x400000 } for
> pid=1221 comm="nfsd" name="" dev=sda11 ino=28365
> scontext=system_u:system_r:kernel_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
> ----
> time->Thu Aug 26 10:37:51 2010
> type=AVC msg=audit(1282815471.076:55625): avc:  denied  { 0x400000 } for
> pid=1223 comm="nfsd" name="" dev=sda11 ino=28365
> scontext=system_u:system_r:kernel_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
> ----
> time->Thu Aug 26 10:37:51 2010
> type=AVC msg=audit(1282815471.101:55626): avc:  denied  { 0x400000 } for
> pid=1223 comm="nfsd" name="" dev=sda11 ino=28365
> scontext=system_u:system_r:kernel_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
> ----
> time->Thu Aug 26 10:37:51 2010
> type=AVC msg=audit(1282815471.122:55627): avc:  denied  { 0x400000 } for
> pid=1223 comm="nfsd" name="" dev=sda11 ino=28365
> scontext=system_u:system_r:kernel_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
> ----
> time->Thu Aug 26 10:37:51 2010
> type=AVC msg=audit(1282815471.136:55628): avc:  denied  { 0x400000 } for
> pid=1223 comm="nfsd" name="" dev=sda11 ino=28365
> scontext=system_u:system_r:kernel_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
> ----
> time->Thu Aug 26 10:37:51 2010
> type=AVC msg=audit(1282815471.154:55629): avc:  denied  { 0x400000 } for
> pid=1223 comm="nfsd" name="" dev=sda11 ino=28365
> scontext=system_u:system_r:kernel_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
> ----
> time->Thu Aug 26 10:43:30 2010
> type=AVC msg=audit(1282815810.307:55648): avc:  denied  { 0x400000 } for
> pid=1223 comm="nfsd" name="" dev=sda11 ino=28365
> scontext=system_u:system_r:kernel_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
> ----
> time->Thu Aug 26 10:43:30 2010
> type=AVC msg=audit(1282815810.321:55649): avc:  denied  { 0x400000 } for
> pid=1223 comm="nfsd" name="" dev=sda11 ino=28365
> scontext=system_u:system_r:kernel_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
> ----
> time->Thu Aug 26 10:43:30 2010
> type=AVC msg=audit(1282815810.335:55650): avc:  denied  { 0x400000 } for
> pid=1223 comm="nfsd" name="" dev=sda11 ino=28365
> scontext=system_u:system_r:kernel_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
> ----
> time->Thu Aug 26 10:43:30 2010
> type=AVC msg=audit(1282815810.354:55651): avc:  denied  { 0x400000 } for
> pid=1223 comm="nfsd" name="" dev=sda11 ino=28365
> scontext=system_u:system_r:kernel_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
> ----

https://bugzilla.redhat.com/show_bug.cgi?id=576207

> /dev/sda11 is a Fat32 partition mounted in /etc/fstab with the line: 
> /dev/sda11		/mnt/tempstore		vfat	users,rw,uid=mark 0 2
> 
> and shared as an NFS mount on my desktop.
> 
> # cat /etc/exports 
> /home/mark                     192.168.2.4(rw,async,no_subtree_check,nohide,no_root_squash)
> /mnt/tempstore                 192.168.2.4(rw,async,no_subtree_check,nohide,no_root_squash)
> /mnt/datastore                 192.168.2.4(rw,async,no_subtree_check,nohide,no_root_squash)
> /mnt/f11                       192.168.2.4(rw,async,no_subtree_check,nohide,no_root_squash)
> 
> Are the avcs a problem and how do I stop them? Audit2allow does not
> produce anything on these messages....

semodule -B

> Thanks
> 
> Mark
> 
> 
> 
> 
> 
> --
> selinux mailing list
> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux


Attachment:
signature.asc

Description: OpenPGP digital signature
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux