SCIENTIFIC-LINUX-DEVEL Archives

August 2017

SCIENTIFIC-LINUX-DEVEL@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Kerberized NFS issue with 7.3 + updates
From:
Orion Poplawski <[log in to unmask]>
Reply To:
Orion Poplawski <[log in to unmask]>
Date:
Thu, 31 Aug 2017 11:30:13 -0600
Content-Type:
text/plain
Parts/Attachments:
text/plain (23 lines) 
On a SL 7.3 + updates, and a 7.4 machine I was seeing trouble mounting
sec=krb5 nfs mounts.  audit.log had a lot of:

type=AVC msg=audit(1504198638.609:3046): avc:  denied  { read } for  pid=17510
comm="rpc.gssd" scontext=system_u:system_r:gssd_t:s0
tcontext=system_u:system_r:unconfined_service_t:s0 tclass=key
type=AVC msg=audit(1504198638.609:3047): avc:  denied  { write } for
pid=17510 comm="rpc.gssd" scontext=system_u:system_r:gssd_t:s0
tcontext=system_u:system_r:unconfined_service_t:s0 tclass=key

Ran audit2allow to create a local policy and that got mounts working again.
Although I think I've seen these on machines without ill effects as well, but
not sure.

I've filed https://bugzilla.redhat.com/show_bug.cgi?id=1487350

-- 
Orion Poplawski
Technical Manager                          720-772-5637
NWRA, Boulder/CoRA Office             FAX: 303-415-9702
3380 Mitchell Lane                       [log in to unmask]
Boulder, CO 80301                   http://www.nwra.com

ATOM RSS1 RSS2