SCIENTIFIC-LINUX-DEVEL Archives

August 2017

SCIENTIFIC-LINUX-DEVEL@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Kerberized NFS issue with 7.3 + updates
From:
Pat Riehecky <[log in to unmask]>
Reply To:
Pat Riehecky <[log in to unmask]>
Date:
Thu, 31 Aug 2017 13:15:59 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (31 lines) 
That is an interesting denial!

Thanks for the report!

Pat

On 08/31/2017 12:30 PM, Orion Poplawski wrote:
> On a SL 7.3 + updates, and a 7.4 machine I was seeing trouble mounting
> sec=krb5 nfs mounts.  audit.log had a lot of:
>
> type=AVC msg=audit(1504198638.609:3046): avc:  denied  { read } for  pid=17510
> comm="rpc.gssd" scontext=system_u:system_r:gssd_t:s0
> tcontext=system_u:system_r:unconfined_service_t:s0 tclass=key
> type=AVC msg=audit(1504198638.609:3047): avc:  denied  { write } for
> pid=17510 comm="rpc.gssd" scontext=system_u:system_r:gssd_t:s0
> tcontext=system_u:system_r:unconfined_service_t:s0 tclass=key
>
> Ran audit2allow to create a local policy and that got mounts working again.
> Although I think I've seen these on machines without ill effects as well, but
> not sure.
>
> I've filed https://bugzilla.redhat.com/show_bug.cgi?id=1487350
>

-- 
Pat Riehecky

Fermi National Accelerator Laboratory
www.fnal.gov
www.scientificlinux.org

ATOM RSS1 RSS2