NFSD warning?
Dominick Grift
domg472 at gmail.com
Thu Aug 26 09:58:52 UTC 2010
On 08/26/2010 11:48 AM, Arthur Dent wrote:
> Hello all,
>
> Working with Dominick to solve my clamd denial problem has caused me to
> use ausearch more often than I normally would.
>
> This has revealed a large and constant amount of these messages:
Do semodule -B to hide any denials that are should not be displayed
(they are hidden on purpose)
> ----
> time->Thu Aug 26 10:37:51 2010
> type=AVC msg=audit(1282815471.028:55622): avc: denied { 0x400000 } for
> pid=1223 comm="nfsd" name="" dev=sda11 ino=28365
> scontext=system_u:system_r:kernel_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
> ----
> time->Thu Aug 26 10:37:51 2010
> type=AVC msg=audit(1282815471.028:55623): avc: denied { 0x400000 } for
> pid=1221 comm="nfsd" name="" dev=sda11 ino=28365
> scontext=system_u:system_r:kernel_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
> ----
> time->Thu Aug 26 10:37:51 2010
> type=AVC msg=audit(1282815471.063:55624): avc: denied { 0x400000 } for
> pid=1221 comm="nfsd" name="" dev=sda11 ino=28365
> scontext=system_u:system_r:kernel_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
> ----
> time->Thu Aug 26 10:37:51 2010
> type=AVC msg=audit(1282815471.076:55625): avc: denied { 0x400000 } for
> pid=1223 comm="nfsd" name="" dev=sda11 ino=28365
> scontext=system_u:system_r:kernel_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
> ----
> time->Thu Aug 26 10:37:51 2010
> type=AVC msg=audit(1282815471.101:55626): avc: denied { 0x400000 } for
> pid=1223 comm="nfsd" name="" dev=sda11 ino=28365
> scontext=system_u:system_r:kernel_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
> ----
> time->Thu Aug 26 10:37:51 2010
> type=AVC msg=audit(1282815471.122:55627): avc: denied { 0x400000 } for
> pid=1223 comm="nfsd" name="" dev=sda11 ino=28365
> scontext=system_u:system_r:kernel_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
> ----
> time->Thu Aug 26 10:37:51 2010
> type=AVC msg=audit(1282815471.136:55628): avc: denied { 0x400000 } for
> pid=1223 comm="nfsd" name="" dev=sda11 ino=28365
> scontext=system_u:system_r:kernel_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
> ----
> time->Thu Aug 26 10:37:51 2010
> type=AVC msg=audit(1282815471.154:55629): avc: denied { 0x400000 } for
> pid=1223 comm="nfsd" name="" dev=sda11 ino=28365
> scontext=system_u:system_r:kernel_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
> ----
> time->Thu Aug 26 10:43:30 2010
> type=AVC msg=audit(1282815810.307:55648): avc: denied { 0x400000 } for
> pid=1223 comm="nfsd" name="" dev=sda11 ino=28365
> scontext=system_u:system_r:kernel_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
> ----
> time->Thu Aug 26 10:43:30 2010
> type=AVC msg=audit(1282815810.321:55649): avc: denied { 0x400000 } for
> pid=1223 comm="nfsd" name="" dev=sda11 ino=28365
> scontext=system_u:system_r:kernel_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
> ----
> time->Thu Aug 26 10:43:30 2010
> type=AVC msg=audit(1282815810.335:55650): avc: denied { 0x400000 } for
> pid=1223 comm="nfsd" name="" dev=sda11 ino=28365
> scontext=system_u:system_r:kernel_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
> ----
> time->Thu Aug 26 10:43:30 2010
> type=AVC msg=audit(1282815810.354:55651): avc: denied { 0x400000 } for
> pid=1223 comm="nfsd" name="" dev=sda11 ino=28365
> scontext=system_u:system_r:kernel_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
> ----
https://bugzilla.redhat.com/show_bug.cgi?id=576207
> /dev/sda11 is a Fat32 partition mounted in /etc/fstab with the line:
> /dev/sda11 /mnt/tempstore vfat users,rw,uid=mark 0 2
>
> and shared as an NFS mount on my desktop.
>
> # cat /etc/exports
> /home/mark 192.168.2.4(rw,async,no_subtree_check,nohide,no_root_squash)
> /mnt/tempstore 192.168.2.4(rw,async,no_subtree_check,nohide,no_root_squash)
> /mnt/datastore 192.168.2.4(rw,async,no_subtree_check,nohide,no_root_squash)
> /mnt/f11 192.168.2.4(rw,async,no_subtree_check,nohide,no_root_squash)
>
> Are the avcs a problem and how do I stop them? Audit2allow does not
> produce anything on these messages....
semodule -B
> Thanks
>
> Mark
>
>
>
>
>
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20100826/20d3fbf5/attachment.bin
More information about the selinux
mailing list