Enviada: Ter Ago 14, 2007 10:16 pm Assunto: SELinux não deixa NFS funcionar direito [Resolvido]
Fala Comunidade,
Tô tentando compartilhar um diretório baseado numa máquina FC7 com um cliente Kurumin 7 e tô apanhando
Primeiro a máquina Kurumin 7 dizia que o servidor Fedora tava fora do ar, descobri que o problema era o firewall do Fedora q tava barrando a porta SunRPC.
Agora na hora que eu mando o Kurumin montar o compartilhamento, o SELinux barra dois processos do serviço nfs:
Citação:
Summary
SELinux is preventing /sbin/rpc.statd (rpcd_t) "write" to <Unknown>
(sysctl_fs_t).
Detailed Description
SELinux denied access requested by /sbin/rpc.statd. It is not expected that
this access is required by /sbin/rpc.statd and this access may signal an
intrusion attempt. It is also possible that the specific version or
configuration of the application is causing it to require additional access.
Allowing Access
Sometimes labeling problems can cause SELinux denials. You could try to
restore the default system file context for <Unknown>, restorecon -v
<Unknown> If this does not work, there is currently no automatic way to
allow this access. Instead, you can generate a local policy module to allow
this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385
Or you can disable SELinux protection altogether. Disabling SELinux
protection is not recommended. Please file a
http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package.
Additional Information
Source Context system_u:system_r:rpcd_t
Target Context system_u:object_r:sysctl_fs_t
Target Objects None [ file ]
Affected RPM Packages nfs-utils-1.1.0-3.fc7 [application]
Policy RPM
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Permissive
Plugin Name plugins.catchall_file
Host Name fedora7.wvaeditora
Platform Linux fedora7.wvaeditora 2.6.21-1.3228.fc7 #1 SMP
Tue Jun 12 15:37:31 EDT 2007 i686 athlon
Alert Count 2
First Seen Ter 14 Ago 2007 21:46:24 BRT
Last Seen Ter 14 Ago 2007 21:47:26 BRT
Local ID a8f8ae16-8432-47b1-9294-ecdd4312d6dd
Line Numbers
Summary
SELinux is preventing /usr/sbin/sm-notify (rpcd_t) "read" to /usr/sbin/sm-
notify (bin_t).
Detailed Description
SELinux denied access requested by /usr/sbin/sm-notify. It is not expected
that this access is required by /usr/sbin/sm-notify and this access may
signal an intrusion attempt. It is also possible that the specific version
or configuration of the application is causing it to require additional
access.
Allowing Access
Sometimes labeling problems can cause SELinux denials. You could try to
restore the default system file context for /usr/sbin/sm-notify, restorecon
-v /usr/sbin/sm-notify If this does not work, there is currently no
automatic way to allow this access. Instead, you can generate a local
policy module to allow this access - see http://fedora.redhat.com/docs
/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection
altogether. Disabling SELinux protection is not recommended. Please file a
http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package.
Additional Information
Source Context system_u:system_r:rpcd_t
Target Context system_u:object_r:bin_t
Target Objects /usr/sbin/sm-notify [ file ]
Affected RPM Packages nfs-utils-1.1.0-3.fc7 [application]nfs-
utils-1.1.0-3.fc7 [target]
Policy RPM
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Permissive
Plugin Name plugins.catchall_file
Host Name fedora7.wvaeditora
Platform Linux fedora7.wvaeditora 2.6.21-1.3228.fc7 #1 SMP
Tue Jun 12 15:37:31 EDT 2007 i686 athlon
Alert Count 2
First Seen Ter 14 Ago 2007 21:46:23 BRT
Last Seen Ter 14 Ago 2007 21:47:26 BRT
Local ID 4461bcca-d435-43ac-91a1-d82b9a183393
Line Numbers
FAQ
Pesquisar
Grupos
Perfil
Entrar e ver Mensagens Particulares
Login
