Bug 1316918
Summary: | SELinux does not allow Prosody to listen on port 5000 for mod_proxy65 | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Robert Scheck <redhat-bugzilla> | |
Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> | |
Status: | CLOSED ERRATA | QA Contact: | Jan Zarsky <jzarsky> | |
Severity: | medium | Docs Contact: | ||
Priority: | medium | |||
Version: | 7.2 | CC: | lvrabec, mgrepl, mmalik, plautrba, pvrabec, redhat-bugzilla, srandhaw, ssekidde, szidek | |
Target Milestone: | rc | |||
Target Release: | --- | |||
Hardware: | All | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | selinux-policy-3.13.1-70.el7 | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1322815 (view as bug list) | Environment: | ||
Last Closed: | 2016-11-04 02:44:54 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: |
Description
Robert Scheck
2016-03-11 13:38:56 UTC
Ah, now that I opened this bug, I noticed that jabber_interserver_port_t and jabber_client_port_t exist - but that still leaves the port 5000 thing. Just to be sure, could you attach AVCs? Thank you. Getting these AVCs required "semodule -DB": type=AVC msg=audit(1458862295.583:24106): avc: denied { name_bind } for pid=31134 comm="lua" src=5000 scontext=system_u:system_r:prosody_t:s0 tcontext=system_u:object_r:commplex_main_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1458862295.583:24106): arch=c000003e syscall=49 success=no exit=-13 a0=9 a1=29fc0d0 a2=1c a3=6 items=0 ppid=31133 pid=31134 auid=4294967295 uid=990 gid=987 euid=990 suid=990 fsuid=990 egid=987 sgid=987 fsgid=987 tty=(none) ses=4294967295 comm="lua" exe="/usr/bin/lua" subj=system_u:system_r:prosody_t:s0 key=(null) type=AVC msg=audit(1458862295.584:24107): avc: denied { name_bind } for pid=31134 comm="lua" src=5000 scontext=system_u:system_r:prosody_t:s0 tcontext=system_u:object_r:commplex_main_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1458862295.584:24107): arch=c000003e syscall=49 success=no exit=-13 a0=9 a1=29fea90 a2=10 a3=5 items=0 ppid=31133 pid=31134 auid=4294967295 uid=990 gid=987 euid=990 suid=990 fsuid=990 egid=987 sgid=987 fsgid=987 tty=(none) ses=4294967295 comm="lua" exe="/usr/bin/lua" subj=system_u:system_r:prosody_t:s0 key=(null) Cross-filed case 01606683 on the Red Hat customer portal. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2283.html |