On a SL 7.3 + updates, and a 7.4 machine I was seeing trouble mounting
sec=krb5 nfs mounts. audit.log had a lot of:
type=AVC msg=audit(1504198638.609:3046): avc: denied { read } for pid=17510
comm="rpc.gssd" scontext=system_u:system_r:gssd_t:s0
tcontext=system_u:system_r:unconfined_service_t:s0 tclass=key
type=AVC msg=audit(1504198638.609:3047): avc: denied { write } for
pid=17510 comm="rpc.gssd" scontext=system_u:system_r:gssd_t:s0
tcontext=system_u:system_r:unconfined_service_t:s0 tclass=key
Ran audit2allow to create a local policy and that got mounts working again.
Although I think I've seen these on machines without ill effects as well, but
not sure.
I've filed https://bugzilla.redhat.com/show_bug.cgi?id=1487350
--
Orion Poplawski
Technical Manager 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane [log in to unmask]
Boulder, CO 80301 http://www.nwra.com