Bug 1355960

Summary: Unable to start carbon-cache service which blocked by a port 7002 permission denied
Product: [Red Hat Storage] Red Hat Storage Console Reporter: Timothy Asir <tjeyasin>
Component: coreAssignee: Timothy Asir <tjeyasin>
core sub component: monitoring QA Contact: sds-qe-bugs
Status: CLOSED WONTFIX Docs Contact:
Severity: unspecified    
Priority: unspecified CC: mbukatov, mkudlej, nthomas
Version: 2   
Target Milestone: ---   
Target Release: 3   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: rhscon-core-0.0.34-1.el7scon.x86_64 rhscon-ceph-0.0.33-1.el7scon.x86_64 rhscon-ui-0.0.47-1.el7scon.noarch Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-03-23 04:03:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1326788    

Description Timothy Asir 2016-07-13 07:14:55 UTC 
Description of problem:
Unable to start carbon-cache service which blocked by a port 7002 permission denied.

The service log says: twisted.internet.error.CannotListenError: Couldn't listen on 0.0.0.0:7002: [Errno 13] Permission denied

Related AVC: type=SYSCALL msg=audit(1468343550.346:494): arch=c000003e syscall=49 success=no exit=-13 a0=9 a1=7ffc4b344fd0 a2=10 a3=0 items=0 ppid=1 pid=6644 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="carbon-cache" exe="/usr/bin/python2.7" subj=system_u:system_r:carbon_t:s0 key=(null)

# seinfo --portcon=7002
portcon udp 7002 system_u:object_r:afs_pt_port_t:s0
portcon tcp 1024-32767 system_u:object_r:unreserved_port_t:s0
portcon udp 1024-32767 system_u:object_r:unreserved_port_t:s0

Version-Release number of selected component (if applicable):
rhscon-core-0.0.33-1

How reproducible:
set rhscon-core server to selinux enforce mode
Comment 2 Timothy Asir 2016-07-13 09:24:59 UTC 
This could be an selinux issue.
Currently port 7002 is defined only for udp.

Workaround:
semanage port -a -p tcp -t afs_pt_port_t 7002