Bug 1003571
Summary: | selinux: does not allow connection to tgtd when using iSNS | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Bruno Goncalves <bgoncalv> |
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED ERRATA | QA Contact: | Bruno Goncalves <bgoncalv> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 6.5 | CC: | bgoncalv, dwalsh, mmalik |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | selinux-policy-3.7.19-214.el6 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-11-21 10:50:23 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Bruno Goncalves
2013-09-02 11:59:52 UTC
this rule seems to solve the problem. cat tgtd_isns.te module tgtd_isns 1.0; require { type tgtd_t; type isns_port_t; class tcp_socket name_connect; } #============= tgtd_t ============== allow tgtd_t isns_port_t:tcp_socket name_connect; Any other ports it should be allowed to connect to ? 45c585c5b76bdd00d11b7beaf2ef31985b548526 fixes this in git I believe this is the only port, unless the user decides to use a port that is not the default one... We only care about defaults. Verified with selinux-policy-3.7.19-214.el6.noarch iscsiadm -m discoverydb -t isns -p 127.0.0.1 --discover Starting iscsid: [ OK ] [ OK ] 127.0.0.1:3260,1 iqn.2009-10.com.redhat:storage-1 iscsiadm -m node -l Logging in to [iface: isns_iface, target: iqn.2009-10.com.redhat:storage-1, portal: 127.0.0.1,3260] (multiple) Login to [iface: isns_iface, target: iqn.2009-10.com.redhat:storage-1, portal: 127.0.0.1,3260] successful. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-1598.html |