https://bugzilla.suse.com/show_bug.cgi?id=1193984 Bug ID: 1193984 Summary: SELinux: targeted: rpcinfo violation Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.3 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: screening-team-bugs@suse.de Reporter: okir@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- This is with Leap 15.3 and the targeted SELinux policy from MicroOS 5.1 This is a two-node configuration. Running rpcinfo on the client, trying to perform a NULL call to the server's rpcbind: /sbin/rpcinfo -T udp $server_ip portmapper The test user is tied to SELinux user staff_u. This results in the following audit message: audit: type=1400 audit(1640160326.582:12): avc: denied { name_bind } for pid=4754 comm="rpcinfo" src=690 scontext=staff_u:staff_r:staff_t:s0-s0:c0.c1023 tcontext=system_u:object_r:hi_reserved_port_t:s0 tclass=udp_socket permissive=1 It's possible that this is harmless (rpcinfo may just try to do a bindresvport() call in case it's running with privileges). However, in order to avoid noise, we may want to patch this out for euid != 0. -- You are receiving this mail because: You are on the CC list for the bug.