View Full Version : FC8: rpcbind and SeLinux still not playing nice

20th August 2008, 02:59 PM
I am having a problem with SELinux and NFS on FC8. I did not have this problem with FC7.

Aug 20 08:15:36 n4tkhvc1 kernel: type=1400 audit(1219238136.482:130): avc: denied { read } for pid=2221 comm="rpcbind" name="hosts.deny" dev=md2 ino=72432 scontext=system_u:system_r:rpcbind_t:s0 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file

I know that this a SELinux policy problem but don't know how to go about fixing correctly.

I found this thread but turning off SELinux not what I want to do as I am actually using it.


20th August 2008, 04:43 PM
The problem is most likely portmapper being replaced with rpcbind (which uses portmap and protmap is calling host.denny.)

First check for an selinx-policy-targeted update.
Koji is down so I can't see the update logs but there could be one in updates-testing or in koji.

In the mean time relabel your system.
in a root term
touch /.autorelabel

After rebooting try to trigger the message again.
If it comes up (and there is no new policy update referring to it) then

grep for the avc message from /var/log/audit/audit.log into a yourallow.log file
then use the audit2allow
# audit2allow -i /yourallow.log -M myrpcbind
# checkmodule -M -m -o myrpcbind.mod myrpcbind.te
# semodule_package -o myrpcbind.pp -m myrpcbind.mod
# semodule -i myrpcbind.pp


20th August 2008, 04:50 PM

Thanks I will try the relabel, Tonight.

I hesitate to create modules as I am concerned that I will open things to much and some update will correct the problem later and cause problems.


20th August 2008, 05:29 PM
If and when, you can remove modules
semodule -r myrpcbind