1 |
On Mon, 2008-02-25 at 17:17 +0100, xake@×××××××××.net wrote: |
2 |
> As I can see the strange thing is that rpc.mountd tries to access |
3 |
> /dev/sd{a2,b1} on your system. I can not really see why it tries |
4 |
> that. |
5 |
> You can remove the ending "0 0" in your /etc/fstab for the nfs- |
6 |
> shares, |
7 |
> but I do not see how that would change things. |
8 |
|
9 |
I'll try that later on. |
10 |
|
11 |
> Just to clear out some things: |
12 |
> Are you able to mount the shares on the client? |
13 |
> DOes it work and what messages do you get in dmesg if you connect |
14 |
> with |
15 |
> SELinux in non-enforce mode? |
16 |
|
17 |
I am able to mount/use the shares on the client if SELinux is disabled |
18 |
or in permissive mode. |
19 |
|
20 |
In permissive mode, I get the following messages on the server's dmesg |
21 |
when I try to access the mount from a client: |
22 |
|
23 |
audit(1203952206.545:207): avc: denied { getattr } for pid=10453 |
24 |
comm="rpc.mountd" path="/dev/sda2" dev=tmpfs ino=3372 |
25 |
scontext=user_u:system_r:nfsd_t |
26 |
tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file |
27 |
|
28 |
audit(1203952206.545:208): avc: denied { read } for pid=10453 |
29 |
comm="rpc.mountd" name="sdb1" dev=tmpfs ino=2553 |
30 |
scontext=user_u:system_r:nfsd_t |
31 |
tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file |
32 |
|
33 |
audit(1203956454.493:209): avc: denied { getattr } for pid=10453 |
34 |
comm="rpc.mountd" path="/dev/sda2" dev=tmpfs ino=3372 |
35 |
scontext=user_u:system_r:nfsd_t |
36 |
tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file |
37 |
|
38 |
audit(1203956454.493:210): avc: denied { read } for pid=10453 |
39 |
comm="rpc.mountd" name="sdb1" dev=tmpfs ino=2553 |
40 |
scontext=user_u:system_r:nfsd_t |
41 |
tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file |
42 |
|
43 |
-- |
44 |
Loren Bandiera <lorenb@××××××××××××××.com> |
45 |
LB Technology Services, Inc. |
46 |
|
47 |
|
48 |
-- |
49 |
gentoo-hardened@l.g.o mailing list |