NFSD warning?
Arthur Dent
misc.lists at blueyonder.co.uk
Thu Aug 26 09:48:47 UTC 2010
Hello all,
Working with Dominick to solve my clamd denial problem has caused me to
use ausearch more often than I normally would.
This has revealed a large and constant amount of these messages:
----
time->Thu Aug 26 10:31:37 2010
type=SYSCALL msg=audit(1282815097.754:55608): arch=40000003 syscall=300
success=no exit=-13 a0=9 a1=243c883 a2=bf8d6de0 a3=0 items=0 ppid=1
pid=1228 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=(none) ses=4294967295 comm="rpc.mountd"
exe="/usr/sbin/rpc.mountd" subj=system_u:system_r:nfsd_t:s0 key=(null)
type=AVC msg=audit(1282815097.754:55608): avc: denied { getattr } for
pid=1228 comm="rpc.mountd" path="/proc/kcore" dev=proc ino=4026531989
scontext=system_u:system_r:nfsd_t:s0
tcontext=system_u:object_r:proc_kcore_t:s0 tclass=file
----
time->Thu Aug 26 10:31:37 2010
type=SYSCALL msg=audit(1282815097.756:55609): arch=40000003 syscall=5
success=no exit=-13 a0=243bca8 a1=8000 a2=0 a3=243bc68 items=0 ppid=1
pid=1228 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=(none) ses=4294967295 comm="rpc.mountd"
exe="/usr/sbin/rpc.mountd" subj=system_u:system_r:nfsd_t:s0 key=(null)
type=AVC msg=audit(1282815097.756:55609): avc: denied { read } for
pid=1228 comm="rpc.mountd" name="sda11" dev=devtmpfs ino=5616
scontext=system_u:system_r:nfsd_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
----
time->Thu Aug 26 10:37:51 2010
type=AVC msg=audit(1282815471.028:55622): avc: denied { 0x400000 } for
pid=1223 comm="nfsd" name="" dev=sda11 ino=28365
scontext=system_u:system_r:kernel_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
----
time->Thu Aug 26 10:37:51 2010
type=AVC msg=audit(1282815471.028:55623): avc: denied { 0x400000 } for
pid=1221 comm="nfsd" name="" dev=sda11 ino=28365
scontext=system_u:system_r:kernel_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
----
time->Thu Aug 26 10:37:51 2010
type=AVC msg=audit(1282815471.063:55624): avc: denied { 0x400000 } for
pid=1221 comm="nfsd" name="" dev=sda11 ino=28365
scontext=system_u:system_r:kernel_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
----
time->Thu Aug 26 10:37:51 2010
type=AVC msg=audit(1282815471.076:55625): avc: denied { 0x400000 } for
pid=1223 comm="nfsd" name="" dev=sda11 ino=28365
scontext=system_u:system_r:kernel_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
----
time->Thu Aug 26 10:37:51 2010
type=AVC msg=audit(1282815471.101:55626): avc: denied { 0x400000 } for
pid=1223 comm="nfsd" name="" dev=sda11 ino=28365
scontext=system_u:system_r:kernel_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
----
time->Thu Aug 26 10:37:51 2010
type=AVC msg=audit(1282815471.122:55627): avc: denied { 0x400000 } for
pid=1223 comm="nfsd" name="" dev=sda11 ino=28365
scontext=system_u:system_r:kernel_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
----
time->Thu Aug 26 10:37:51 2010
type=AVC msg=audit(1282815471.136:55628): avc: denied { 0x400000 } for
pid=1223 comm="nfsd" name="" dev=sda11 ino=28365
scontext=system_u:system_r:kernel_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
----
time->Thu Aug 26 10:37:51 2010
type=AVC msg=audit(1282815471.154:55629): avc: denied { 0x400000 } for
pid=1223 comm="nfsd" name="" dev=sda11 ino=28365
scontext=system_u:system_r:kernel_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
----
time->Thu Aug 26 10:43:30 2010
type=AVC msg=audit(1282815810.307:55648): avc: denied { 0x400000 } for
pid=1223 comm="nfsd" name="" dev=sda11 ino=28365
scontext=system_u:system_r:kernel_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
----
time->Thu Aug 26 10:43:30 2010
type=AVC msg=audit(1282815810.321:55649): avc: denied { 0x400000 } for
pid=1223 comm="nfsd" name="" dev=sda11 ino=28365
scontext=system_u:system_r:kernel_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
----
time->Thu Aug 26 10:43:30 2010
type=AVC msg=audit(1282815810.335:55650): avc: denied { 0x400000 } for
pid=1223 comm="nfsd" name="" dev=sda11 ino=28365
scontext=system_u:system_r:kernel_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
----
time->Thu Aug 26 10:43:30 2010
type=AVC msg=audit(1282815810.354:55651): avc: denied { 0x400000 } for
pid=1223 comm="nfsd" name="" dev=sda11 ino=28365
scontext=system_u:system_r:kernel_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
----
time->Thu Aug 26 10:45:04 2010
type=SYSCALL msg=audit(1282815904.588:55656): arch=40000003 syscall=11
success=yes exit=0 a0=15559d0 a1=bf9c9f7c a2=303840 a3=41904 items=0
ppid=3571 pid=3572 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="procmail"
exe="/usr/bin/procmail" subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1282815904.588:55656): avc: denied { noatsecure }
for pid=3572 comm="procmail" scontext=system_u:system_r:sendmail_t:s0
tcontext=system_u:system_r:procmail_t:s0 tclass=process
type=AVC msg=audit(1282815904.588:55656): avc: denied { siginh } for
pid=3572 comm="procmail" scontext=system_u:system_r:sendmail_t:s0
tcontext=system_u:system_r:procmail_t:s0 tclass=process
type=AVC msg=audit(1282815904.588:55656): avc: denied { rlimitinh }
for pid=3572 comm="procmail" scontext=system_u:system_r:sendmail_t:s0
tcontext=system_u:system_r:procmail_t:s0 tclass=process
/dev/sda11 is a Fat32 partition mounted in /etc/fstab with the line:
/dev/sda11 /mnt/tempstore vfat users,rw,uid=mark 0 2
and shared as an NFS mount on my desktop.
# cat /etc/exports
/home/mark 192.168.2.4(rw,async,no_subtree_check,nohide,no_root_squash)
/mnt/tempstore 192.168.2.4(rw,async,no_subtree_check,nohide,no_root_squash)
/mnt/datastore 192.168.2.4(rw,async,no_subtree_check,nohide,no_root_squash)
/mnt/f11 192.168.2.4(rw,async,no_subtree_check,nohide,no_root_squash)
Are the avcs a problem and how do I stop them? Audit2allow does not
produce anything on these messages....
Thanks
Mark
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20100826/8c981daf/attachment.bin
More information about the selinux
mailing list