That is an interesting denial! Thanks for the report! Pat On 08/31/2017 12:30 PM, Orion Poplawski wrote: > On a SL 7.3 + updates, and a 7.4 machine I was seeing trouble mounting > sec=krb5 nfs mounts. audit.log had a lot of: > > type=AVC msg=audit(1504198638.609:3046): avc: denied { read } for pid=17510 > comm="rpc.gssd" scontext=system_u:system_r:gssd_t:s0 > tcontext=system_u:system_r:unconfined_service_t:s0 tclass=key > type=AVC msg=audit(1504198638.609:3047): avc: denied { write } for > pid=17510 comm="rpc.gssd" scontext=system_u:system_r:gssd_t:s0 > tcontext=system_u:system_r:unconfined_service_t:s0 tclass=key > > Ran audit2allow to create a local policy and that got mounts working again. > Although I think I've seen these on machines without ill effects as well, but > not sure. > > I've filed https://bugzilla.redhat.com/show_bug.cgi?id=1487350 > -- Pat Riehecky Fermi National Accelerator Laboratory www.fnal.gov www.scientificlinux.org