On 6/4/19 1:14 PM, Zbigniew Jędrzejewski-Szmek wrote:
> On Tue, Jun 04, 2019 at 12:42:35PM -0400, Steve Dickson wrote:
>> Hello,
>>
>> We are adding some new functionality to the NFS server that
>> will make it a bit more container friendly...
>>
>> This new functionality needs to do a chroot(2
On 6/4/19 12:45 PM, Matthew Garrett wrote:
> On Tue, Jun 4, 2019 at 9:42 AM Steve Dickson wrote:
>> AVC avc: denied { sys_chroot } for pid=2919 comm="rpc.mountd"
>> capability=18 scontext=system_u:system_r:nfsd_t:s0
>> tcontext=system_u:system_r:nfsd_t:s0 tclass=capability permissive=0
>
On Tue, Jun 04, 2019 at 12:42:35PM -0400, Steve Dickson wrote:
> Hello,
>
> We are adding some new functionality to the NFS server that
> will make it a bit more container friendly...
>
> This new functionality needs to do a chroot(2) system call.
> This systemcall is failing with EPERM due to
On Tue, Jun 4, 2019 at 9:42 AM Steve Dickson wrote:
> AVC avc: denied { sys_chroot } for pid=2919 comm="rpc.mountd"
> capability=18 scontext=system_u:system_r:nfsd_t:s0
> tcontext=system_u:system_r:nfsd_t:s0 tclass=capability permissive=0
This is an SELinux policy violation, nothing to do w
Hello,
We are adding some new functionality to the NFS server that
will make it a bit more container friendly...
This new functionality needs to do a chroot(2) system call.
This systemcall is failing with EPERM due to the
following AVC error:
AVC avc: denied { sys_chroot } for pid=2919 com