1450765 – When starting ypbind, rpcbind crashes.

Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1450765 - When starting ypbind, rpcbind crashes.

Summary: When starting ypbind, rpcbind crashes.

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	rpcbind
Sub Component:
Version:	25
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Steve Dickson
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Duplicates (5):	1451159 1451278 1451504 1455181 1455708 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-05-15 07:17 UTC by Yu Watanabe
Modified:	2017-06-12 13:50 UTC (History)
CC List:	21 users (show)
Fixed In Version:	rpcbind-0.2.4-6.rc1.fc25 rpcbind-0.2.4-6.rc2.fc25 rpcbind-0.2.4-7.rc1.fc26 rpcbind-0.2.4-7.rc2.fc26
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-06-06 03:02:08 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Yu Watanabe 2017-05-15 07:17:14 UTC

Description of problem:

When try to start ypbind, rpcbind crashes as follows:
========
May 15 16:08:57 systemd[1]: Starting NIS/YP (Network Information Service) Clients to NIS Domain Binder...
May 15 16:08:57 ypbind[18359]: Binding NIS service
May 15 16:08:57 rpcbind[17003]: rpcbind: pmap_prot.c:50: xdr_pmap: Assertion `regs != NULL' failed.
May 15 16:08:57 systemd[1]: rpcbind.service: Main process exited, code=killed, status=6/ABRT
May 15 16:08:57 systemd[1]: rpcbind.service: Unit entered failed state.
May 15 16:08:57 systemd[1]: rpcbind.service: Failed with result 'signal'.
May 15 16:08:57 systemd[1]: Starting RPC Bind...
May 15 16:08:57 systemd[1]: Started RPC Bind.
May 15 16:08:59 rpcbind[18363]: rpcbind: pmap_prot.c:50: xdr_pmap: Assertion `regs != NULL' failed.
May 15 16:08:59 systemd[1]: rpcbind.service: Main process exited, code=killed, status=6/ABRT
May 15 16:08:59 systemd[1]: rpcbind.service: Unit entered failed state.
May 15 16:08:59 systemd[1]: rpcbind.service: Failed with result 'signal'.
(snip)
========

Version-Release number of selected component (if applicable):

rpcbind-0.2.4-5.rc1.fc25.x86_64
ypbind-1.38-7.fc25.x86_64

How reproducible:

always

Steps to Reproduce:
1. $ sudo systemctl (re)start ypbind.service
2. see journal
3.

Comment 1 JM 2017-05-15 11:17:32 UTC

Same problem her with 

rpcbind-0.2.4-5.rc1.fc25.x86_64
ypbind-1.38-7.fc25.x86_64

Workaround is for the moment a downgrade of rpcbind.

Comment 2 RobbieTheK 2017-05-15 15:54:51 UTC

Confirmed same here.

Comment 3 Edgar Hoch 2017-05-15 16:59:47 UTC

This upgrade of rpcbind (rpcbind-0.2.4-5.rc1.fc25.x86_64) should be tacken back from ujpdates repo as soon as possible! rpcbind crashes on computers running ypbind!

rpcbind-0.2.4-5.rc1.fc25.x86_64 should be replaced by the old rpcbind-0.2.4-5.fc25.x86_64 but with a higher release number a.s.a.p. so the old working version is updated automatically! Then the "fix" can be fixed and tested and prepared for a working update...


And request for repo admins:

Please keep more than one version in the repo (at least three)!

Now, rpcbind-0.2.4-5.fc25.x86_64 was removed from updates repo
and replaced by the erroneous package rpcbind-0.2.4-5.rc1.fc25.x86_64.

If dnf upgrade was run and rpcbind-0.2.4-5.rc1.fc25.x86_64 was installed, then dnf downgrade is only possibly to the fedora base version rpcbind-0.2.3-11.rc1.fc25 but not to the previous version!
The only way to downgrade to the previous (working) version is to download the previous version manually from koji:

https://koji.fedoraproject.org/koji/packageinfo?packageID=1164
https://koji.fedoraproject.org/koji/buildinfo?buildID=871356

https://kojipkgs.fedoraproject.org//packages/rpcbind/0.2.4/5.fc25/x86_64/rpcbind-0.2.4-5.fc25.x86_64.rpm

Comment 4 Fedora Update System 2017-05-15 17:38:19 UTC

rpcbind-0.2.4-7.rc1.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-283a7d7b7f

Comment 5 Fedora Update System 2017-05-15 17:38:42 UTC

rpcbind-0.2.4-6.rc1.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-08d7fe9178

Comment 6 Edgar Hoch 2017-05-15 17:52:25 UTC

Thanks, Steve, for the fast rebuild of a new package!

This version works with ypbind again!

Comment 7 Fedora Update System 2017-05-16 06:09:34 UTC

rpcbind-0.2.4-7.rc1.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-283a7d7b7f

Comment 8 Yu Watanabe 2017-05-16 07:07:12 UTC

rpcbind-0.2.4-6.rc1.fc25.x86_64 works fine with ypbind for me. Thanks a lot!

Comment 9 Steve Dickson 2017-05-16 19:05:01 UTC

*** Bug 1451159 has been marked as a duplicate of this bug. ***

Comment 10 Steve Dickson 2017-05-16 19:05:32 UTC

*** Bug 1451278 has been marked as a duplicate of this bug. ***

Comment 11 Eric 2017-05-16 19:11:42 UTC

As mentioned in 1451159, it still not working for me.

$ rpm -q rpcbind
rpcbind-0.2.4-6.rc1.fc25.x86_64
$ uname -r
4.10.15-200.fc25.x86_64

(gdb) run
Starting program: /usr/sbin/rpcbind -w -f
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
*** Error in `/usr/sbin/rpcbind': free(): invalid pointer: 0x00007ffffffdd2c0 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x791fb)[0x7ffff74301fb]
/lib64/libc.so.6(+0x8288a)[0x7ffff743988a]
/lib64/libc.so.6(cfree+0x4c)[0x7ffff743d2bc]
/lib64/libtirpc.so.3(xdr_bytes+0x6d)[0x7ffff7bc2bbd]
/usr/sbin/rpcbind(+0x6a20)[0x55555555aa20]
/usr/sbin/rpcbind(+0x4305)[0x555555558305]
/lib64/libtirpc.so.3(svc_getreq_common+0x224)[0x7ffff7bbbce4]
/lib64/libtirpc.so.3(svc_getreq_poll+0x75)[0x7ffff7bbbe95]
/usr/sbin/rpcbind(+0x777d)[0x55555555b77d]
/usr/sbin/rpcbind(+0x3726)[0x555555557726]
/lib64/libc.so.6(__libc_start_main+0xf1)[0x7ffff73d7401]
/usr/sbin/rpcbind(+0x392a)[0x55555555792a]

Comment 12 Fedora Update System 2017-05-17 01:07:16 UTC

rpcbind-0.2.4-6.rc1.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-08d7fe9178

Comment 13 Fedora Update System 2017-05-17 21:03:14 UTC

rpcbind-0.2.4-6.rc1.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.

Comment 14 Steve Dickson 2017-05-18 17:45:41 UTC

*** Bug 1451504 has been marked as a duplicate of this bug. ***

Comment 15 Eric 2017-05-18 19:04:39 UTC

Please re-open.

Comment 16 John Kissane 2017-05-19 08:42:36 UTC

(In reply to Fedora Update System from comment #13)
> rpcbind-0.2.4-6.rc1.fc25 has been pushed to the Fedora 25 stable repository.
> If problems still persist, please make note of it in this bug report.

I installed this version as a test. After a reboot, I had a lot of problems after logging in as Chrome, Evolution, Firefox wouldn't start while Dropbox complained it couldn't write to my home directory. YP did work however as otherwise I wouldn't have been able to log in at all.

This is my work PC so downgraded to rpcbind-0.2.3-11.rc1.fc25.x86_64 which brought things back to normal.

Comment 17 Francesco Simula 2017-05-19 16:00:57 UTC

I admit not being very thorough in testing this but I have a ypbind-authenticated system here and the latest version (0.2.4-6.rc1) does NOT correct the problem of ypbind immediately crashing as soon as rpcbind is upgraded (and becoming unable to restart).

Comment 18 Igor Mammedov 2017-05-21 19:03:06 UTC

Update to rpcbind-0.2.4-6.rc1.fc25 doesn't work for me, it still crashes on attempt to mount or list mounts on server like in comment 11.

crash is random but in 1-10 mounts it crashes with:

*** Error in `/usr/bin/rpcbind': free(): invalid pointer: 0x00007fff63707600 ***
=========
/lib64/libc.so.6(+0x791fb)[0x7ff6952c01fb]
/lib64/libc.so.6(+0x8288a)[0x7ff6952c988a]
/lib64/libc.so.6(cfree+0x4c)[0x7ff6952cd2bc]
/lib64/libtirpc.so.3(xdr_bytes+0x6d)[0x7ff695a529dd]
/usr/bin/rpcbind(+0x6a20)[0x562451f72a20]
/usr/bin/rpcbind(+0x4305)[0x562451f70305]
/lib64/libtirpc.so.3(svc_getreq_common+0x231)[0x7ff695a4bba1]
/lib64/libtirpc.so.3(svc_getreq_poll+0x75)[0x7ff695a4bd45]
/usr/bin/rpcbind(+0x777d)[0x562451f7377d]
/usr/bin/rpcbind(+0x3726)[0x562451f6f726]
/lib64/libc.so.6(__libc_start_main+0xf1)[0x7ff695267401]
/usr/bin/rpcbind(+0x392a)[0x562451f6f92a]
========

Comment 19 Igor Mammedov 2017-05-21 19:32:37 UTC

Downgrading to rpcbind-0.2.3-11.rc1.fc25 fixes issue.

As clients I've used native macos tools (nfsv4) and kodi-17.1 on windows 10 (I think it uses userspace libnfs to do the job).

Comment 20 nicofonk 2017-05-21 20:25:47 UTC

(In reply to Igor Mammedov from comment #19)
> Downgrading to rpcbind-0.2.3-11.rc1.fc25 fixes issue.
> 
> As clients I've used native macos tools (nfsv4) and kodi-17.1 on windows 10
> (I think it uses userspace libnfs to do the job).

Thx for the workaround it works fine one fedora 26

Comment 22 Fedora Update System 2017-05-31 17:51:12 UTC

rpcbind-0.2.4-7.rc2.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-204ada5777

Comment 23 Fedora Update System 2017-05-31 17:52:23 UTC

rpcbind-0.2.4-6.rc2.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-94c0774edd

Comment 24 Fedora Update System 2017-06-01 03:18:32 UTC

rpcbind-0.2.4-7.rc2.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-204ada5777

Comment 25 Fedora Update System 2017-06-01 07:06:37 UTC

rpcbind-0.2.4-6.rc2.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-94c0774edd

Comment 26 Steve Dickson 2017-06-01 17:18:47 UTC

*** Bug 1455708 has been marked as a duplicate of this bug. ***

Comment 27 Steve Dickson 2017-06-01 17:19:40 UTC

*** Bug 1455181 has been marked as a duplicate of this bug. ***

Comment 28 Steve Dickson 2017-06-01 17:32:46 UTC

*** Bug 1451567 has been marked as a duplicate of this bug. ***

Comment 29 Fedora Update System 2017-06-06 03:02:08 UTC

rpcbind-0.2.4-6.rc2.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.

Comment 30 Francesco Simula 2017-06-07 08:10:57 UTC

I tried the 0.2.4-6.rc2 version of a Fedora 25 installation and the bug remains unaltered; please do not close the report.

Comment 31 John Kissane 2017-06-09 15:59:07 UTC

(In reply to Fedora Update System from comment #29)
> rpcbind-0.2.4-6.rc2.fc25 has been pushed to the Fedora 25 stable repository.
> If problems still persist, please make note of it in this bug report.

Just did a reboot after updating to that version and can confirm everything is working fine.

Comment 32 Steve Dickson 2017-06-09 18:16:42 UTC

(In reply to Francesco Simula from comment #30)
> I tried the 0.2.4-6.rc2 version of a Fedora 25 installation and the bug
> remains unaltered; please do not close the report.

Can you please post the error messages your seeing

Comment 33 Fedora Update System 2017-06-09 18:58:11 UTC

rpcbind-0.2.4-7.rc1.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.

Comment 34 Fedora Update System 2017-06-09 19:16:44 UTC

rpcbind-0.2.4-7.rc2.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.

Comment 35 Francesco Simula 2017-06-12 09:29:54 UTC

(In reply to Steve Dickson from comment #32)
> (In reply to Francesco Simula from comment #30)
> > I tried the 0.2.4-6.rc2 version of a Fedora 25 installation and the bug
> > remains unaltered; please do not close the report.
> 
> Can you please post the error messages your seeing

I get this from "journalctl -f", hope it helps (the only thing that seems to be relevant is the SElinux alert...):

[cut]
Jun 12 11:18:20 yokkar sudo[3692]:  fsimula : TTY=pts/0 ; PWD=/apotto/home1/homedirs/fsimula ; USER=root ; COMMAND=/bin/dnf -y update
Jun 12 11:18:20 yokkar audit[3692]: USER_CMD pid=3692 uid=10027 auid=10027 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/apotto/home1/homedirs/fsimula" cmd=646E66202D7920757064617465 terminal=pts/0 res=success'
Jun 12 11:18:20 yokkar audit[3692]: CRED_REFR pid=3692 uid=0 auid=10027 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
Jun 12 11:18:20 yokkar sudo[3692]: pam_systemd(sudo:session): Cannot create session: Already occupied by a session
Jun 12 11:18:20 yokkar audit[3692]: USER_START pid=3692 uid=0 auid=10027 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
Jun 12 11:18:20 yokkar sudo[3692]: pam_unix(sudo:session): session opened for user root by (uid=0)
Jun 12 11:18:45 yokkar systemd[1]: Reloading.
Jun 12 11:18:45 yokkar systemd[1]: [/usr/lib/systemd/system/xpra.service:16] Failed to parse protect system value, ignoring: strict
Jun 12 11:18:45 yokkar systemd[1]: [/usr/lib/systemd/system/xpra.service:19] Unknown lvalue 'ProtectKernelTunables' in section 'Service'
Jun 12 11:18:45 yokkar systemd[1]: [/usr/lib/systemd/system/xpra.service:20] Unknown lvalue 'ProtectControlGroups' in section 'Service'
Jun 12 11:18:45 yokkar systemd[1]: [/usr/lib/systemd/system/fwupd.service:13] Unknown lvalue 'ProtectControlGroups' in section 'Service'
Jun 12 11:18:45 yokkar systemd[1]: [/usr/lib/systemd/system/fwupd.service:15] Unknown lvalue 'ProtectKernelModules' in section 'Service'
Jun 12 11:18:45 yokkar systemd[1]: rpcbind.socket: Socket unit configuration has changed while unit has been running, and some socket file descriptors have not been opened yet. The socket unit is not fully functional until restarted.
Jun 12 11:18:45 yokkar systemd[1]: Closed RPCbind Server Activation Socket.
Jun 12 11:18:45 yokkar systemd[1]: Stopping RPCbind Server Activation Socket.
Jun 12 11:18:45 yokkar systemd[1]: rpcbind.socket: Socket service rpcbind.service already active, refusing.
Jun 12 11:18:45 yokkar systemd[1]: Failed to listen on RPCbind Server Activation Socket.
Jun 12 11:18:45 yokkar systemd[1]: Reached target RPC Port Mapper.
Jun 12 11:18:45 yokkar systemd[1]: Reloading.
Jun 12 11:18:45 yokkar systemd[1]: [/usr/lib/systemd/system/xpra.service:16] Failed to parse protect system value, ignoring: strict
Jun 12 11:18:45 yokkar systemd[1]: [/usr/lib/systemd/system/xpra.service:19] Unknown lvalue 'ProtectKernelTunables' in section 'Service'
Jun 12 11:18:45 yokkar systemd[1]: [/usr/lib/systemd/system/xpra.service:20] Unknown lvalue 'ProtectControlGroups' in section 'Service'
Jun 12 11:18:45 yokkar systemd[1]: [/usr/lib/systemd/system/fwupd.service:13] Unknown lvalue 'ProtectControlGroups' in section 'Service'
Jun 12 11:18:45 yokkar systemd[1]: [/usr/lib/systemd/system/fwupd.service:15] Unknown lvalue 'ProtectKernelModules' in section 'Service'
Jun 12 11:18:45 yokkar systemd[1]: rpcbind.socket: Socket service rpcbind.service already active, refusing.
Jun 12 11:18:45 yokkar systemd[1]: Failed to listen on RPCbind Server Activation Socket.
Jun 12 11:18:45 yokkar systemd[1]: Reloading.
Jun 12 11:18:45 yokkar systemd[1]: [/usr/lib/systemd/system/xpra.service:16] Failed to parse protect system value, ignoring: strict
Jun 12 11:18:45 yokkar systemd[1]: [/usr/lib/systemd/system/xpra.service:19] Unknown lvalue 'ProtectKernelTunables' in section 'Service'
Jun 12 11:18:45 yokkar systemd[1]: [/usr/lib/systemd/system/xpra.service:20] Unknown lvalue 'ProtectControlGroups' in section 'Service'
Jun 12 11:18:45 yokkar systemd[1]: [/usr/lib/systemd/system/fwupd.service:13] Unknown lvalue 'ProtectControlGroups' in section 'Service'
Jun 12 11:18:45 yokkar systemd[1]: [/usr/lib/systemd/system/fwupd.service:15] Unknown lvalue 'ProtectKernelModules' in section 'Service'
Jun 12 11:18:45 yokkar systemd[1]: rpcbind.socket: Socket service rpcbind.service already active, refusing.
Jun 12 11:18:45 yokkar systemd[1]: Failed to listen on RPCbind Server Activation Socket.
Jun 12 11:18:46 yokkar systemd[1]: Reloading.
Jun 12 11:18:46 yokkar systemd[1]: [/usr/lib/systemd/system/xpra.service:16] Failed to parse protect system value, ignoring: strict
Jun 12 11:18:46 yokkar systemd[1]: [/usr/lib/systemd/system/xpra.service:19] Unknown lvalue 'ProtectKernelTunables' in section 'Service'
Jun 12 11:18:46 yokkar systemd[1]: [/usr/lib/systemd/system/xpra.service:20] Unknown lvalue 'ProtectControlGroups' in section 'Service'
Jun 12 11:18:46 yokkar systemd[1]: [/usr/lib/systemd/system/fwupd.service:13] Unknown lvalue 'ProtectControlGroups' in section 'Service'
Jun 12 11:18:46 yokkar systemd[1]: [/usr/lib/systemd/system/fwupd.service:15] Unknown lvalue 'ProtectKernelModules' in section 'Service'
Jun 12 11:18:46 yokkar systemd[1]: Stopping NIS/YP (Network Information Service) Clients to NIS Domain Binder...
Jun 12 11:18:46 yokkar systemd[1]: Stopped NIS/YP (Network Information Service) Clients to NIS Domain Binder.
Jun 12 11:18:46 yokkar audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=ypbind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Jun 12 11:18:46 yokkar audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=ypbind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Jun 12 11:18:46 yokkar systemd[1]: Stopping RPC Bind...
Jun 12 11:18:46 yokkar systemd[1]: Stopped RPC Bind.
Jun 12 11:18:46 yokkar audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rpcbind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Jun 12 11:18:46 yokkar audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rpcbind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Jun 12 11:18:46 yokkar systemd[1]: Listening on RPCbind Server Activation Socket.
Jun 12 11:18:46 yokkar systemd[1]: Starting RPC Bind...
Jun 12 11:18:46 yokkar audit[3813]: AVC avc:  denied  { execute } for  pid=3813 comm="sh" name="systemd-tmpfiles" dev="dm-1" ino=33591631 scontext=system_u:system_r:rpcbind_t:s0 tcontext=system_u:object_r:systemd_tmpfiles_exec_t:s0 tclass=file permissive=0
Jun 12 11:18:46 yokkar audit[3813]: AVC avc:  denied  { getattr } for  pid=3813 comm="sh" path="/usr/bin/systemd-tmpfiles" dev="dm-1" ino=33591631 scontext=system_u:system_r:rpcbind_t:s0 tcontext=system_u:object_r:systemd_tmpfiles_exec_t:s0 tclass=file permissive=0
Jun 12 11:18:46 yokkar audit[3813]: AVC avc:  denied  { getattr } for  pid=3813 comm="sh" path="/usr/bin/systemd-tmpfiles" dev="dm-1" ino=33591631 scontext=system_u:system_r:rpcbind_t:s0 tcontext=system_u:object_r:systemd_tmpfiles_exec_t:s0 tclass=file permissive=0
Jun 12 11:18:46 yokkar rpcbind[3812]: sh: /usr/bin/systemd-tmpfiles: Permission denied
Jun 12 11:18:46 yokkar rpcbind[3812]: rpcbind: /run/rpcbind/rpcbind.lock: No such file or directory
Jun 12 11:18:46 yokkar systemd[1]: rpcbind.service: Main process exited, code=exited, status=1/FAILURE
Jun 12 11:18:46 yokkar systemd[1]: Failed to start RPC Bind.
Jun 12 11:18:46 yokkar audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rpcbind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Jun 12 11:18:46 yokkar systemd[1]: Dependency failed for NIS/YP (Network Information Service) Clients to NIS Domain Binder.
Jun 12 11:18:46 yokkar systemd[1]: ypbind.service: Job ypbind.service/start failed with result 'dependency'.
Jun 12 11:18:46 yokkar systemd[1]: rpcbind.service: Unit entered failed state.
Jun 12 11:18:46 yokkar systemd[1]: rpcbind.service: Failed with result 'exit-code'.
Jun 12 11:18:48 yokkar systemd[1]: Reloading.
Jun 12 11:18:48 yokkar systemd[1]: [/usr/lib/systemd/system/xpra.service:16] Failed to parse protect system value, ignoring: strict
Jun 12 11:18:48 yokkar systemd[1]: [/usr/lib/systemd/system/xpra.service:19] Unknown lvalue 'ProtectKernelTunables' in section 'Service'
Jun 12 11:18:48 yokkar systemd[1]: [/usr/lib/systemd/system/xpra.service:20] Unknown lvalue 'ProtectControlGroups' in section 'Service'
Jun 12 11:18:48 yokkar systemd[1]: [/usr/lib/systemd/system/fwupd.service:13] Unknown lvalue 'ProtectControlGroups' in section 'Service'
Jun 12 11:18:48 yokkar systemd[1]: [/usr/lib/systemd/system/fwupd.service:15] Unknown lvalue 'ProtectKernelModules' in section 'Service'
Jun 12 11:18:49 yokkar dbus-daemon[1022]: [system] Activating service name='org.fedoraproject.Setroubleshootd' requested by ':1.91' (uid=0 pid=995 comm="/usr/sbin/sedispatch " label="system_u:system_r:audisp_t:s0") (using servicehelper)
Jun 12 11:18:49 yokkar systemd[1]: Starting RPC Bind...
Jun 12 11:18:49 yokkar audit[3925]: AVC avc:  denied  { execute } for  pid=3925 comm="sh" name="systemd-tmpfiles" dev="dm-1" ino=33591631 scontext=system_u:system_r:rpcbind_t:s0 tcontext=system_u:object_r:systemd_tmpfiles_exec_t:s0 tclass=file permissive=0
Jun 12 11:18:49 yokkar audit[3925]: AVC avc:  denied  { getattr } for  pid=3925 comm="sh" path="/usr/bin/systemd-tmpfiles" dev="dm-1" ino=33591631 scontext=system_u:system_r:rpcbind_t:s0 tcontext=system_u:object_r:systemd_tmpfiles_exec_t:s0 tclass=file permissive=0
Jun 12 11:18:49 yokkar audit[3925]: AVC avc:  denied  { getattr } for  pid=3925 comm="sh" path="/usr/bin/systemd-tmpfiles" dev="dm-1" ino=33591631 scontext=system_u:system_r:rpcbind_t:s0 tcontext=system_u:object_r:systemd_tmpfiles_exec_t:s0 tclass=file permissive=0
Jun 12 11:18:49 yokkar rpcbind[3924]: sh: /usr/bin/systemd-tmpfiles: Permission denied
Jun 12 11:18:49 yokkar rpcbind[3924]: rpcbind: /run/rpcbind/rpcbind.lock: No such file or directory
Jun 12 11:18:49 yokkar systemd[1]: rpcbind.service: Main process exited, code=exited, status=1/FAILURE
Jun 12 11:18:49 yokkar systemd[1]: Failed to start RPC Bind.
Jun 12 11:18:49 yokkar systemd[1]: rpcbind.service: Unit entered failed state.
Jun 12 11:18:49 yokkar audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rpcbind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Jun 12 11:18:49 yokkar systemd[1]: rpcbind.service: Failed with result 'exit-code'.
Jun 12 11:18:49 yokkar systemd[1]: Starting RPC Bind...
Jun 12 11:18:49 yokkar audit[3928]: AVC avc:  denied  { execute } for  pid=3928 comm="sh" name="systemd-tmpfiles" dev="dm-1" ino=33591631 scontext=system_u:system_r:rpcbind_t:s0 tcontext=system_u:object_r:systemd_tmpfiles_exec_t:s0 tclass=file permissive=0
Jun 12 11:18:49 yokkar audit[3928]: AVC avc:  denied  { getattr } for  pid=3928 comm="sh" path="/usr/bin/systemd-tmpfiles" dev="dm-1" ino=33591631 scontext=system_u:system_r:rpcbind_t:s0 tcontext=system_u:object_r:systemd_tmpfiles_exec_t:s0 tclass=file permissive=0
Jun 12 11:18:49 yokkar audit[3928]: AVC avc:  denied  { getattr } for  pid=3928 comm="sh" path="/usr/bin/systemd-tmpfiles" dev="dm-1" ino=33591631 scontext=system_u:system_r:rpcbind_t:s0 tcontext=system_u:object_r:systemd_tmpfiles_exec_t:s0 tclass=file permissive=0
Jun 12 11:18:49 yokkar rpcbind[3927]: sh: /usr/bin/systemd-tmpfiles: Permission denied
Jun 12 11:18:49 yokkar rpcbind[3927]: rpcbind: /run/rpcbind/rpcbind.lock: No such file or directory
Jun 12 11:18:49 yokkar systemd[1]: rpcbind.service: Main process exited, code=exited, status=1/FAILURE
Jun 12 11:18:49 yokkar systemd[1]: Failed to start RPC Bind.
Jun 12 11:18:49 yokkar audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rpcbind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Jun 12 11:18:49 yokkar systemd[1]: rpcbind.service: Unit entered failed state.
Jun 12 11:18:49 yokkar systemd[1]: rpcbind.service: Failed with result 'exit-code'.
Jun 12 11:18:49 yokkar systemd[1]: Starting RPC Bind...
Jun 12 11:18:49 yokkar audit[3931]: AVC avc:  denied  { execute } for  pid=3931 comm="sh" name="systemd-tmpfiles" dev="dm-1" ino=33591631 scontext=system_u:system_r:rpcbind_t:s0 tcontext=system_u:object_r:systemd_tmpfiles_exec_t:s0 tclass=file permissive=0
Jun 12 11:18:49 yokkar audit[3931]: AVC avc:  denied  { getattr } for  pid=3931 comm="sh" path="/usr/bin/systemd-tmpfiles" dev="dm-1" ino=33591631 scontext=system_u:system_r:rpcbind_t:s0 tcontext=system_u:object_r:systemd_tmpfiles_exec_t:s0 tclass=file permissive=0
Jun 12 11:18:49 yokkar audit[3931]: AVC avc:  denied  { getattr } for  pid=3931 comm="sh" path="/usr/bin/systemd-tmpfiles" dev="dm-1" ino=33591631 scontext=system_u:system_r:rpcbind_t:s0 tcontext=system_u:object_r:systemd_tmpfiles_exec_t:s0 tclass=file permissive=0
Jun 12 11:18:49 yokkar rpcbind[3930]: sh: /usr/bin/systemd-tmpfiles: Permission denied
Jun 12 11:18:49 yokkar rpcbind[3930]: rpcbind: /run/rpcbind/rpcbind.lock: No such file or directory
Jun 12 11:18:49 yokkar systemd[1]: rpcbind.service: Main process exited, code=exited, status=1/FAILURE
Jun 12 11:18:49 yokkar systemd[1]: Failed to start RPC Bind.
Jun 12 11:18:49 yokkar audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rpcbind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Jun 12 11:18:49 yokkar systemd[1]: rpcbind.service: Unit entered failed state.
Jun 12 11:18:49 yokkar systemd[1]: rpcbind.service: Failed with result 'exit-code'.
Jun 12 11:18:49 yokkar systemd[1]: Starting RPC Bind...
Jun 12 11:18:49 yokkar audit[3934]: AVC avc:  denied  { execute } for  pid=3934 comm="sh" name="systemd-tmpfiles" dev="dm-1" ino=33591631 scontext=system_u:system_r:rpcbind_t:s0 tcontext=system_u:object_r:systemd_tmpfiles_exec_t:s0 tclass=file permissive=0
Jun 12 11:18:49 yokkar audit[3934]: AVC avc:  denied  { getattr } for  pid=3934 comm="sh" path="/usr/bin/systemd-tmpfiles" dev="dm-1" ino=33591631 scontext=system_u:system_r:rpcbind_t:s0 tcontext=system_u:object_r:systemd_tmpfiles_exec_t:s0 tclass=file permissive=0
Jun 12 11:18:49 yokkar audit[3934]: AVC avc:  denied  { getattr } for  pid=3934 comm="sh" path="/usr/bin/systemd-tmpfiles" dev="dm-1" ino=33591631 scontext=system_u:system_r:rpcbind_t:s0 tcontext=system_u:object_r:systemd_tmpfiles_exec_t:s0 tclass=file permissive=0
Jun 12 11:18:49 yokkar rpcbind[3933]: sh: /usr/bin/systemd-tmpfiles: Permission denied
Jun 12 11:18:49 yokkar rpcbind[3933]: rpcbind: /run/rpcbind/rpcbind.lock: No such file or directory
Jun 12 11:18:49 yokkar systemd[1]: rpcbind.service: Main process exited, code=exited, status=1/FAILURE
Jun 12 11:18:49 yokkar systemd[1]: Failed to start RPC Bind.
Jun 12 11:18:49 yokkar audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rpcbind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Jun 12 11:18:49 yokkar systemd[1]: rpcbind.service: Unit entered failed state.
Jun 12 11:18:49 yokkar systemd[1]: rpcbind.service: Failed with result 'exit-code'.
Jun 12 11:18:49 yokkar systemd[1]: Starting RPC Bind...
Jun 12 11:18:49 yokkar audit[3937]: AVC avc:  denied  { execute } for  pid=3937 comm="sh" name="systemd-tmpfiles" dev="dm-1" ino=33591631 scontext=system_u:system_r:rpcbind_t:s0 tcontext=system_u:object_r:systemd_tmpfiles_exec_t:s0 tclass=file permissive=0
Jun 12 11:18:49 yokkar audit[3937]: AVC avc:  denied  { getattr } for  pid=3937 comm="sh" path="/usr/bin/systemd-tmpfiles" dev="dm-1" ino=33591631 scontext=system_u:system_r:rpcbind_t:s0 tcontext=system_u:object_r:systemd_tmpfiles_exec_t:s0 tclass=file permissive=0
Jun 12 11:18:49 yokkar audit[3937]: AVC avc:  denied  { getattr } for  pid=3937 comm="sh" path="/usr/bin/systemd-tmpfiles" dev="dm-1" ino=33591631 scontext=system_u:system_r:rpcbind_t:s0 tcontext=system_u:object_r:systemd_tmpfiles_exec_t:s0 tclass=file permissive=0
Jun 12 11:18:49 yokkar rpcbind[3936]: sh: /usr/bin/systemd-tmpfiles: Permission denied
Jun 12 11:18:49 yokkar rpcbind[3936]: rpcbind: /run/rpcbind/rpcbind.lock: No such file or directory
Jun 12 11:18:49 yokkar systemd[1]: rpcbind.service: Main process exited, code=exited, status=1/FAILURE
Jun 12 11:18:49 yokkar systemd[1]: Failed to start RPC Bind.
Jun 12 11:18:49 yokkar audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rpcbind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Jun 12 11:18:49 yokkar systemd[1]: rpcbind.service: Unit entered failed state.
Jun 12 11:18:49 yokkar systemd[1]: rpcbind.service: Failed with result 'exit-code'.
Jun 12 11:18:49 yokkar systemd[1]: rpcbind.service: Start request repeated too quickly.
Jun 12 11:18:49 yokkar systemd[1]: Failed to start RPC Bind.
Jun 12 11:18:49 yokkar systemd[1]: rpcbind.socket: Unit entered failed state.
Jun 12 11:18:49 yokkar systemd[1]: rpcbind.service: Failed with result 'start-limit-hit'.
Jun 12 11:18:49 yokkar sudo[3692]: pam_unix(sudo:session): session closed for user root
Jun 12 11:18:49 yokkar audit[3692]: USER_END pid=3692 uid=0 auid=10027 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
Jun 12 11:18:49 yokkar audit[3692]: CRED_DISP pid=3692 uid=0 auid=10027 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
Jun 12 11:18:49 yokkar dbus-daemon[1022]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd'
Jun 12 11:18:50 yokkar setroubleshoot[3923]: SELinux is preventing sh from execute access on the file /usr/bin/systemd-tmpfiles. For complete SELinux messages. run sealert -l 4aaa5f9c-da54-44f6-88bd-2b12318a13d9
Jun 12 11:18:50 yokkar python3[3923]: SELinux is preventing sh from execute access on the file /usr/bin/systemd-tmpfiles.
                                      
                                      *****  Plugin catchall (100. confidence) suggests   **************************
                                      
                                      If you believe that sh should be allowed execute access on the systemd-tmpfiles file by default.
                                      Then you should report this as a bug.
                                      You can generate a local policy module to allow this access.
                                      Do
                                      allow this access for now by executing:
                                      # ausearch -c 'sh' --raw | audit2allow -M my-sh
                                      # semodule -X 300 -i my-sh.pp
                                      
Jun 12 11:18:50 yokkar setroubleshoot[3923]: SELinux is preventing sh from getattr access on the file /usr/bin/systemd-tmpfiles. For complete SELinux messages. run sealert -l e818b9fc-d706-48a2-9321-37ebe6581101
Jun 12 11:18:50 yokkar python3[3923]: SELinux is preventing sh from getattr access on the file /usr/bin/systemd-tmpfiles.
                                      
                                      *****  Plugin catchall (100. confidence) suggests   **************************
                                      
                                      If you believe that sh should be allowed getattr access on the systemd-tmpfiles file by default.
                                      Then you should report this as a bug.
                                      You can generate a local policy module to allow this access.
                                      Do
                                      allow this access for now by executing:
                                      # ausearch -c 'sh' --raw | audit2allow -M my-sh
                                      # semodule -X 300 -i my-sh.pp
                                      
Jun 12 11:18:51 yokkar setroubleshoot[3923]: SELinux is preventing sh from getattr access on the file /usr/bin/systemd-tmpfiles. For complete SELinux messages. run sealert -l e818b9fc-d706-48a2-9321-37ebe6581101
Jun 12 11:18:51 yokkar python3[3923]: SELinux is preventing sh from getattr access on the file /usr/bin/systemd-tmpfiles.
                                      
                                      *****  Plugin catchall (100. confidence) suggests   **************************
                                      
                                      If you believe that sh should be allowed getattr access on the systemd-tmpfiles file by default.
                                      Then you should report this as a bug.
                                      You can generate a local policy module to allow this access.
                                      Do
                                      allow this access for now by executing:
                                      # ausearch -c 'sh' --raw | audit2allow -M my-sh
                                      # semodule -X 300 -i my-sh.pp
                                      
Jun 12 11:18:51 yokkar gnome-shell[2227]: Allocating size to ShellEmbeddedWindow 0x55dc4ebb1160 without calling gtk_widget_get_preferred_width/height(). How does the code know the size to allocate?
Jun 12 11:18:53 yokkar setroubleshoot[3923]: SELinux is preventing sh from execute access on the file /usr/bin/systemd-tmpfiles. For complete SELinux messages. run sealert -l 4aaa5f9c-da54-44f6-88bd-2b12318a13d9
Jun 12 11:18:53 yokkar python3[3923]: SELinux is preventing sh from execute access on the file /usr/bin/systemd-tmpfiles.
                                      
                                      *****  Plugin catchall (100. confidence) suggests   **************************
                                      
                                      If you believe that sh should be allowed execute access on the systemd-tmpfiles file by default.
                                      Then you should report this as a bug.
                                      You can generate a local policy module to allow this access.
                                      Do
                                      allow this access for now by executing:
                                      # ausearch -c 'sh' --raw | audit2allow -M my-sh
                                      # semodule -X 300 -i my-sh.pp
                                      
Jun 12 11:18:53 yokkar setroubleshoot[3923]: SELinux is preventing sh from getattr access on the file /usr/bin/systemd-tmpfiles. For complete SELinux messages. run sealert -l e818b9fc-d706-48a2-9321-37ebe6581101
Jun 12 11:18:53 yokkar python3[3923]: SELinux is preventing sh from getattr access on the file /usr/bin/systemd-tmpfiles.
                                      
                                      *****  Plugin catchall (100. confidence) suggests   **************************
                                      
                                      If you believe that sh should be allowed getattr access on the systemd-tmpfiles file by default.
                                      Then you should report this as a bug.
                                      You can generate a local policy module to allow this access.
                                      Do
                                      allow this access for now by executing:
                                      # ausearch -c 'sh' --raw | audit2allow -M my-sh
                                      # semodule -X 300 -i my-sh.pp
                                      
Jun 12 11:18:53 yokkar setroubleshoot[3923]: SELinux is preventing sh from getattr access on the file /usr/bin/systemd-tmpfiles. For complete SELinux messages. run sealert -l e818b9fc-d706-48a2-9321-37ebe6581101
Jun 12 11:18:53 yokkar python3[3923]: SELinux is preventing sh from getattr access on the file /usr/bin/systemd-tmpfiles.
                                      
                                      *****  Plugin catchall (100. confidence) suggests   **************************
                                      
                                      If you believe that sh should be allowed getattr access on the systemd-tmpfiles file by default.
                                      Then you should report this as a bug.
                                      You can generate a local policy module to allow this access.
                                      Do
                                      allow this access for now by executing:
                                      # ausearch -c 'sh' --raw | audit2allow -M my-sh
                                      # semodule -X 300 -i my-sh.pp
                                      
Jun 12 11:18:53 yokkar setroubleshoot[3923]: SELinux is preventing sh from execute access on the file /usr/bin/systemd-tmpfiles. For complete SELinux messages. run sealert -l 4aaa5f9c-da54-44f6-88bd-2b12318a13d9
Jun 12 11:18:53 yokkar python3[3923]: SELinux is preventing sh from execute access on the file /usr/bin/systemd-tmpfiles.
                                      
                                      *****  Plugin catchall (100. confidence) suggests   **************************
                                      
                                      If you believe that sh should be allowed execute access on the systemd-tmpfiles file by default.
                                      Then you should report this as a bug.
                                      You can generate a local policy module to allow this access.
                                      Do
                                      allow this access for now by executing:
                                      # ausearch -c 'sh' --raw | audit2allow -M my-sh
                                      # semodule -X 300 -i my-sh.pp
                                      
Jun 12 11:18:53 yokkar setroubleshoot[3923]: SELinux is preventing sh from getattr access on the file /usr/bin/systemd-tmpfiles. For complete SELinux messages. run sealert -l e818b9fc-d706-48a2-9321-37ebe6581101
Jun 12 11:18:53 yokkar python3[3923]: SELinux is preventing sh from getattr access on the file /usr/bin/systemd-tmpfiles.
                                      
                                      *****  Plugin catchall (100. confidence) suggests   **************************
                                      
                                      If you believe that sh should be allowed getattr access on the systemd-tmpfiles file by default.
                                      Then you should report this as a bug.
                                      You can generate a local policy module to allow this access.
                                      Do
                                      allow this access for now by executing:
                                      # ausearch -c 'sh' --raw | audit2allow -M my-sh
                                      # semodule -X 300 -i my-sh.pp
                                      
Jun 12 11:18:53 yokkar setroubleshoot[3923]: SELinux is preventing sh from getattr access on the file /usr/bin/systemd-tmpfiles. For complete SELinux messages. run sealert -l e818b9fc-d706-48a2-9321-37ebe6581101
Jun 12 11:18:53 yokkar python3[3923]: SELinux is preventing sh from getattr access on the file /usr/bin/systemd-tmpfiles.
                                      
                                      *****  Plugin catchall (100. confidence) suggests   **************************
                                      
                                      If you believe that sh should be allowed getattr access on the systemd-tmpfiles file by default.
                                      Then you should report this as a bug.
                                      You can generate a local policy module to allow this access.
                                      Do
                                      allow this access for now by executing:
                                      # ausearch -c 'sh' --raw | audit2allow -M my-sh
                                      # semodule -X 300 -i my-sh.pp
                                      
Jun 12 11:18:53 yokkar setroubleshoot[3923]: SELinux is preventing sh from execute access on the file /usr/bin/systemd-tmpfiles. For complete SELinux messages. run sealert -l 4aaa5f9c-da54-44f6-88bd-2b12318a13d9
Jun 12 11:18:53 yokkar python3[3923]: SELinux is preventing sh from execute access on the file /usr/bin/systemd-tmpfiles.
                                      
                                      *****  Plugin catchall (100. confidence) suggests   **************************
                                      
                                      If you believe that sh should be allowed execute access on the systemd-tmpfiles file by default.
                                      Then you should report this as a bug.
                                      You can generate a local policy module to allow this access.
                                      Do
                                      allow this access for now by executing:
                                      # ausearch -c 'sh' --raw | audit2allow -M my-sh
                                      # semodule -X 300 -i my-sh.pp
                                      
Jun 12 11:18:53 yokkar setroubleshoot[3923]: SELinux is preventing sh from getattr access on the file /usr/bin/systemd-tmpfiles. For complete SELinux messages. run sealert -l e818b9fc-d706-48a2-9321-37ebe6581101
Jun 12 11:18:53 yokkar python3[3923]: SELinux is preventing sh from getattr access on the file /usr/bin/systemd-tmpfiles.
                                      
                                      *****  Plugin catchall (100. confidence) suggests   **************************
                                      
                                      If you believe that sh should be allowed getattr access on the systemd-tmpfiles file by default.
                                      Then you should report this as a bug.
                                      You can generate a local policy module to allow this access.
                                      Do
                                      allow this access for now by executing:
                                      # ausearch -c 'sh' --raw | audit2allow -M my-sh
                                      # semodule -X 300 -i my-sh.pp
                                      
Jun 12 11:18:53 yokkar setroubleshoot[3923]: SELinux is preventing sh from getattr access on the file /usr/bin/systemd-tmpfiles. For complete SELinux messages. run sealert -l e818b9fc-d706-48a2-9321-37ebe6581101
Jun 12 11:18:53 yokkar python3[3923]: SELinux is preventing sh from getattr access on the file /usr/bin/systemd-tmpfiles.
                                      
                                      *****  Plugin catchall (100. confidence) suggests   **************************
                                      
                                      If you believe that sh should be allowed getattr access on the systemd-tmpfiles file by default.
                                      Then you should report this as a bug.
                                      You can generate a local policy module to allow this access.
                                      Do
                                      allow this access for now by executing:
                                      # ausearch -c 'sh' --raw | audit2allow -M my-sh
                                      # semodule -X 300 -i my-sh.pp
                                      
Jun 12 11:18:53 yokkar setroubleshoot[3923]: SELinux is preventing sh from execute access on the file /usr/bin/systemd-tmpfiles. For complete SELinux messages. run sealert -l 4aaa5f9c-da54-44f6-88bd-2b12318a13d9
Jun 12 11:18:53 yokkar python3[3923]: SELinux is preventing sh from execute access on the file /usr/bin/systemd-tmpfiles.
                                      
                                      *****  Plugin catchall (100. confidence) suggests   **************************
                                      
                                      If you believe that sh should be allowed execute access on the systemd-tmpfiles file by default.
                                      Then you should report this as a bug.
                                      You can generate a local policy module to allow this access.
                                      Do
                                      allow this access for now by executing:
                                      # ausearch -c 'sh' --raw | audit2allow -M my-sh
                                      # semodule -X 300 -i my-sh.pp
                                      
Jun 12 11:18:54 yokkar setroubleshoot[3923]: SELinux is preventing sh from getattr access on the file /usr/bin/systemd-tmpfiles. For complete SELinux messages. run sealert -l e818b9fc-d706-48a2-9321-37ebe6581101
Jun 12 11:18:54 yokkar python3[3923]: SELinux is preventing sh from getattr access on the file /usr/bin/systemd-tmpfiles.
                                      
                                      *****  Plugin catchall (100. confidence) suggests   **************************
                                      
                                      If you believe that sh should be allowed getattr access on the systemd-tmpfiles file by default.
                                      Then you should report this as a bug.
                                      You can generate a local policy module to allow this access.
                                      Do
                                      allow this access for now by executing:
                                      # ausearch -c 'sh' --raw | audit2allow -M my-sh
                                      # semodule -X 300 -i my-sh.pp
                                      
Jun 12 11:18:54 yokkar setroubleshoot[3923]: SELinux is preventing sh from getattr access on the file /usr/bin/systemd-tmpfiles. For complete SELinux messages. run sealert -l e818b9fc-d706-48a2-9321-37ebe6581101
Jun 12 11:18:54 yokkar python3[3923]: SELinux is preventing sh from getattr access on the file /usr/bin/systemd-tmpfiles.
                                      
                                      *****  Plugin catchall (100. confidence) suggests   **************************
                                      
                                      If you believe that sh should be allowed getattr access on the systemd-tmpfiles file by default.
                                      Then you should report this as a bug.
                                      You can generate a local policy module to allow this access.
                                      Do
                                      allow this access for now by executing:
                                      # ausearch -c 'sh' --raw | audit2allow -M my-sh
                                      # semodule -X 300 -i my-sh.pp
                                      
Jun 12 11:18:57 yokkar setroubleshoot[3923]: SELinux is preventing sh from execute access on the file /usr/bin/systemd-tmpfiles. For complete SELinux messages. run sealert -l 4aaa5f9c-da54-44f6-88bd-2b12318a13d9
Jun 12 11:18:57 yokkar python3[3923]: SELinux is preventing sh from execute access on the file /usr/bin/systemd-tmpfiles.
                                      
                                      *****  Plugin catchall (100. confidence) suggests   **************************
                                      
                                      If you believe that sh should be allowed execute access on the systemd-tmpfiles file by default.
                                      Then you should report this as a bug.
                                      You can generate a local policy module to allow this access.
                                      Do
                                      allow this access for now by executing:
                                      # ausearch -c 'sh' --raw | audit2allow -M my-sh
                                      # semodule -X 300 -i my-sh.pp
                                      
Jun 12 11:19:00 yokkar setroubleshoot[3923]: SELinux is preventing sh from getattr access on the file /usr/bin/systemd-tmpfiles. For complete SELinux messages. run sealert -l e818b9fc-d706-48a2-9321-37ebe6581101
Jun 12 11:19:00 yokkar python3[3923]: SELinux is preventing sh from getattr access on the file /usr/bin/systemd-tmpfiles.
                                      
                                      *****  Plugin catchall (100. confidence) suggests   **************************
                                      
                                      If you believe that sh should be allowed getattr access on the systemd-tmpfiles file by default.
                                      Then you should report this as a bug.
                                      You can generate a local policy module to allow this access.
                                      Do
                                      allow this access for now by executing:
                                      # ausearch -c 'sh' --raw | audit2allow -M my-sh
                                      # semodule -X 300 -i my-sh.pp
                                      
Jun 12 11:19:03 yokkar setroubleshoot[3923]: SELinux is preventing sh from getattr access on the file /usr/bin/systemd-tmpfiles. For complete SELinux messages. run sealert -l e818b9fc-d706-48a2-9321-37ebe6581101
Jun 12 11:19:03 yokkar python3[3923]: SELinux is preventing sh from getattr access on the file /usr/bin/systemd-tmpfiles.
                                      
                                      *****  Plugin catchall (100. confidence) suggests   **************************
                                      
                                      If you believe that sh should be allowed getattr access on the systemd-tmpfiles file by default.
                                      Then you should report this as a bug.
                                      You can generate a local policy module to allow this access.
                                      Do
                                      allow this access for now by executing:
                                      # ausearch -c 'sh' --raw | audit2allow -M my-sh
                                      # semodule -X 300 -i my-sh.pp
[/cut]

Comment 36 Steve Dickson 2017-06-12 13:50:11 UTC

OK SELinux is denying the creating of /run/rpcbind 

audit[3813]: AVC avc:  denied  { execute } for  pid=3813 comm="sh" name="systemd-tmpfiles" dev="dm-1" ino=33591631 scontext=system_u:system_r:rpcbind_t:s0 tcontext=system_u:object_r:systemd_tmpfiles_exec_t:s0 tclass=file permissive=0

audit[3813]: AVC avc:  denied  { getattr } for  pid=3813 comm="sh" path="/usr/bin/systemd-tmpfiles" dev="dm-1" ino=33591631 scontext=system_u:system_r:rpcbind_t:s0 tcontext=system_u:object_r:systemd_tmpfiles_exec_t:s0 tclass=file permissive=0

audit[3813]: AVC avc:  denied  { getattr } for  pid=3813 comm="sh" path="/usr/bin/systemd-tmpfiles" dev="dm-1" ino=33591631 scontext=system_u:system_r:rpcbind_t:s0 tcontext=system_u:object_r:systemd_tmpfiles_exec_t:s0 tclass=file permissive=0


rpcbind[3812]: sh: /usr/bin/systemd-tmpfiles: Permission denied
rpcbind[3812]: rpcbind: /run/rpcbind/rpcbind.lock: No such file or directory
systemd[1]: rpcbind.service: Main process exited, code=exited, status=1/FAILURE
systemd[1]: Failed to start RPC Bind.

I've open up bug 1460720 and I will also need your 
   /var/log/audit/audit.log

Please attach it to bug 1460720

Note You need to log in before you can comment on or make changes to this bug.

belegdol
daytooner
edgar.hoch
fche
fedoraproject
francesco.simula
igeorgex
imammedo
jiyin
john.kissane
kelk1
mjc
ngaywood
nicofonk
riel
rkudyba
rstonehouse
stepglenn
steved
tagoh
xzhou