Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 118946
Summary: | NFSD won't serve files | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | G.Wolfe Woodbury <redwolfe> |
Component: | policy | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED RAWHIDE | QA Contact: | Brian Brock <bbrock> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | Keywords: | Security |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2004-04-06 23:52:08 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 114961 |
Description
G.Wolfe Woodbury
2004-03-23 01:22:44 UTC
Could you include the avc messages? The avc messages are 14 MB at the moment, they are at: http://wolves.homeip.net/~ggw/texts/nfsd.avc Fixed in policy-1.9-15 under policy 1.9-15 I get "permission denied" from the mounting machine no matter what sort of shenanigans I play with the firewall and permissions. /etc/exports: /srv 10.11.12.0/255.255.255.0(rw,sync,no_root_squash) /home/Fedora 10.11.12.0/255.255.255.0(rw,sync) avc's when starting NFSd: Mar 27 03:31:38 tembo kernel: audit(1080376298.281:0): avc: denied { getattr } for pid=2299 exe=/usr/sbin/exportfs path=/srv dev=hdb3 ino=2 scontext=root:system_r:nfsd_t tcontext=system_u:object_r:default_t tclass=dir Mar 27 03:31:38 tembo kernel: audit(1080376298.283:0): avc: denied { getattr } for pid=2299 exe=/usr/sbin/exportfs path=/home dev=hda6 ino=2 scontext=root:system_r:nfsd_t tcontext=system_u:object_r:home_root_t tclass=dir Mar 27 03:31:38 tembo nfs: Starting NFS services: succeeded Mar 27 03:31:38 tembo nfs: rpc.rquotad startup succeeded Mar 27 03:31:38 tembo kernel: Installing knfsd (copyright (C) 1996 okir.de). Mar 27 03:31:39 tembo kernel: SELinux: initialized (dev , type nfsd), uses genfs_contexts Mar 27 03:31:39 tembo nfs: rpc.nfsd startup succeeded Mar 27 03:31:39 tembo kernel: audit(1080376299.212:0): avc: denied { getattr } for pid=2323 exe=/usr/sbin/rpc.mountd path=/home dev=hda6 ino=2 scontext=root:system_r:nfsd_t tcontext=system_u:object_r:home_root_t tclass=dir Mar 27 03:31:39 tembo kernel: audit(1080376299.214:0): avc: denied { getattr } for pid=2323 exe=/usr/sbin/rpc.mountd path=/srv dev=hdb3 ino=2 scontext=root:system_r:nfsd_t tcontext=system_u:object_r:default_t tclass=dir Mar 27 03:31:39 tembo nfs: rpc.mountd startup succeeded Mar 27 03:32:19 tembo kernel: audit(1080376339.645:0): avc: denied { getattr } for pid=2324 exe=/usr/sbin/rpc.mountd path=/srv dev=hdb3 ino=2 scontext=root:system_r:nfsd_t tcontext=system_u:object_r:default_t tclass=dir Mar 27 03:32:19 tembo rpc.mountd: authenticated mount request from wolves.private:822 for /srv (/srv) Mar 27 03:32:19 tembo kernel: audit(1080376339.767:0): avc: denied { getattr } for pid=2324 exe=/usr/sbin/rpc.mountd path=/srv dev=hdb3 ino=2 scontext=root:system_r:nfsd_t tcontext=system_u:object_r:default_t tclass=dir Mar 27 03:32:19 tembo rpc.mountd: can't stat exported dir /srv: Permission denied ls -Z for /srv: drwxrwsrwx ggw ggw system_u:object_r:default_t srv ls -Z for /usr/sbin/rpc.nfsd -rwxr-xr-x+ root root system_u:object_r:nfsd_exec_t /usr/sbin/rpc.nfsd As of policy 1.9.2-12 in enforcing mode, NFS mount from another machine works as specified. |