LISTSERV - SCIENTIFIC-LINUX-DEVEL Archives

That is an interesting denial!

Thanks for the report!

Pat

On 08/31/2017 12:30 PM, Orion Poplawski wrote:
> On a SL 7.3 + updates, and a 7.4 machine I was seeing trouble mounting
> sec=krb5 nfs mounts.  audit.log had a lot of:
>
> type=AVC msg=audit(1504198638.609:3046): avc:  denied  { read } for  pid=17510
> comm="rpc.gssd" scontext=system_u:system_r:gssd_t:s0
> tcontext=system_u:system_r:unconfined_service_t:s0 tclass=key
> type=AVC msg=audit(1504198638.609:3047): avc:  denied  { write } for
> pid=17510 comm="rpc.gssd" scontext=system_u:system_r:gssd_t:s0
> tcontext=system_u:system_r:unconfined_service_t:s0 tclass=key
>
> Ran audit2allow to create a local policy and that got mounts working again.
> Although I think I've seen these on machines without ill effects as well, but
> not sure.
>
> I've filed https://bugzilla.redhat.com/show_bug.cgi?id=1487350
>

-- 
Pat Riehecky

Fermi National Accelerator Laboratory
www.fnal.gov
www.scientificlinux.org