I emerged net-nds/portmap-5b-r9 (sec-policy/selinux-portmap-20050908 is a
DEPEND), and started portmap by the init.d script. However I am unable to mount
NFS filesystems. 

Oct 17 12:39:26 dynamo audit(1129567166.048:821): avc:  denied  { udp_send } for
 pid=18959 comm="mount" saddr=127.0.0.1 src=800 daddr=127.0.0.1 dest=111
netif=lo scontext=system_u:system_r:kernel_t
tcontext=system_u:object_r:netif_lo_t tclass=netif
Oct 17 12:39:26 dynamo audit(1129567166.084:822): avc:  denied  { udp_send } for
 pid=18959 comm="mount" saddr=128.192.xxx.client src=800
daddr=128.192.xxx.server dest=2049 netif=eth0
scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:netif_eth0_t
tclass=netif

It appears to at first try to contact the portmap daemon, then failing that,
trying to contact the NFS server directly. Similar results for trying to use TCP
(i.e. mount -o proto=tcp):

Oct 17 12:54:19 dynamo audit(1129568059.300:841): avc:  denied  { udp_send } for
 pid=19077 comm="mount" saddr=127.0.0.1 src=800 daddr=127.0.0.1 dest=111
netif=lo scontext=system_u:system_r:kernel_t
tcontext=system_u:object_r:netif_lo_t tclass=netif
Oct 17 12:54:19 dynamo audit(1129568059.336:842): avc:  denied  { send_msg } for
 pid=7 comm="events/1" saddr=128.192.xxx.client src=800 daddr=128.192.xxx.server
dest=2049 netif=eth0 scontext=system_u:system_r:kernel_t
tcontext=system_u:object_r:port_t tclass=tcp_socket

except in this case, it takes a long time to timeout (typical NFS/TCP timeout
cycle).

Reproducible: Always
Steps to Reproduce:
1. emerge portmap
2. /etc/init.d/portmap start
3. mount <some NFS filesystem>
Actual Results:  
mount: permission denied

Expected Results:  
It should have mounted the filesystem.

Portage 2.0.51.22-r3 (selinux/2005.1/x86/hardened, gcc-3.3.6, glibc-2.3.5-r2,
2.6.13-gentoo-r3
i686)=================================================================
System uname: 2.6.13-gentoo-r3 i686 Pentium III (Coppermine)
Gentoo Base System version 1.6.13
dev-lang/python:     2.3.5, 2.4.2
sys-apps/sandbox:    1.2.12
sys-devel/autoconf:  2.13, 2.59-r6
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils:  2.15.92.0.2-r10
sys-devel/libtool:   1.5.20
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-mcpu=i686 -O2 -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config
/usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-mcpu=i686 -O2 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks loadpolicy sandbox selinux sfperms strict"
GENTOO_MIRRORS="http://distfiles.gentoo.org
http://distro.ibiblio.org/pub/Linux/distributions/gentoo"
MAKEOPTS="-j4"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://gentoo.terry.uga.edu/gentoo-portage"
USE="berkdb crypt dlloader hardened ldap libwww mysql ncurses nls pam perl pic
python readline samba selinux ssl x86 zlib userland_GNU kernel_linux elibc_glibc"
Unset:  ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTDIR_OVERLAY

[ Searching for package 'selinux' in all categories among: ]
 * installed packages
[I--] [  ] sec-policy/selinux-base-policy-20050821 (0)
[I--] [  ] sec-policy/selinux-sudo-20050716 (0)
[I--] [  ] sec-policy/selinux-apache-20050211 (0)
[I--] [  ] sec-policy/selinux-mysql-20050605 (0)
[I--] [  ] sec-policy/selinux-portmap-20050908 (0)