From: sven.vermeulen@siphos.be (Sven Vermeulen) Date: Mon, 31 Dec 2012 23:52:24 +0100 Subject: [refpolicy] [PATCH 05/12] Allow rpc admin to run exportfs In-Reply-To: <1356994351-29191-1-git-send-email-sven.vermeulen@siphos.be> References: <1356994351-29191-1-git-send-email-sven.vermeulen@siphos.be> Message-ID: <1356994351-29191-6-git-send-email-sven.vermeulen@siphos.be> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Running exportfs gives a failure:: exportfs: /proc/fs/nfs/exports:2: unknown keyword "uuid=98e15bcc:25161082:00000000:00000000" A related denial:: Dec 19 14:42:24 hpl kernel: [21543.035535] type=1400 audit(1355924544.121:1506): avc: denied { search } for pid=4139 comm="exportfs" name="/" dev="nfsd" ino=1 scontext=staff_u:sysadm_r:sysadm_t tcontext=system_u:object_r:nfsd_fs_t tclass=dir Granting fs_search_nfsd_t() provides what is needed to handle this properly. Signed-off-by: Sven Vermeulen --- rpc.if | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/rpc.if b/rpc.if index 694e1e8..3bd6446 100644 --- a/rpc.if +++ b/rpc.if @@ -415,4 +415,6 @@ interface(`rpc_admin',` files_list_tmp($1) admin_pattern($1, gssd_tmp_t) + + fs_search_nfsd_fs($1) ') -- 1.7.8.6