Bug 462284
Summary: | SELinux is preventing amandad (amanda_t) "name_bind" to <Unknown> (port_t). | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Julian C. Dunn <jdunn> |
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 9 | CC: | rvokal |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-11-17 22:05:45 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Julian C. Dunn
2008-09-15 05:11:45 UTC
Is this a customized port? Or part of a standard install? # semanage port -l | grep amanda amanda_port_t tcp 10080, 10081, 10082, 10083 amanda_port_t udp 10080, 10081 If this is a customized port you can add it to amanda_port_t by executing # semanage port -a -t amanda_port_t -p tcp 15313 If it is a standard port then I need to update the policy package. It's a standard install. However, upon examining the logs more I wonder if this bug is best assigned to the amanda owner. /var/log/messages says this: Sep 15 00:47:37 jupiter xinetd[2244]: START: amanda pid=3673 from=::ffff:192.168.5.7 Sep 15 00:47:38 jupiter setroubleshoot: SELinux is preventing the amandad (amanda_t) from binding to port 7481. For complete SELinux messages. run sealert -l da01281f-a98d-4e19-a20f-757f8574ee0f Sep 15 00:47:38 jupiter setroubleshoot: SELinux is preventing the amandad (amanda_t) from binding to port 7482. For complete SELinux messages. run sealert -l da01281f-a98d-4e19-a20f-757f8574ee0f Sep 15 00:47:38 jupiter setroubleshoot: SELinux is preventing the amandad (amanda_t) from binding to port 7483. For complete SELinux messages. run sealert -l da01281f-a98d-4e19-a20f-757f8574ee0f Sep 15 00:47:38 jupiter setroubleshoot: SELinux is preventing the amandad (amanda_t) from binding to port 7484. For complete SELinux messages. run sealert -l da01281f-a98d-4e19-a20f-757f8574ee0f Sep 15 00:47:38 jupiter setroubleshoot: SELinux is preventing the amandad (amanda_t) from binding to port 7485. For complete SELinux messages. run sealert -l da01281f-a98d-4e19-a20f-757f8574ee0f Sep 15 00:47:38 jupiter setroubleshoot: SELinux is preventing the amandad (amanda_t) from binding to port 7486. For complete SELinux messages. run sealert -l da01281f-a98d-4e19-a20f-757f8574ee0f Sep 15 00:47:38 jupiter setroubleshoot: SELinux is preventing the amandad (amanda_t) from binding to port 7487. For complete SELinux messages. run sealert -l da01281f-a98d-4e19-a20f-757f8574ee0f ... and so on, where the denied port # increments by one upon each failure. By the time I caught the error, it had incremented to 15313. I have no idea why amandad might be doing this. The previous amanda, amanda-2.5.2p1-10.fc9.i386, worked fine -- this is amanda-2.5.2p1-11.fc9.i386 I will allow it to bind to generic ports. Fixed in selinux-policy-3.3.1-91.fc9.noarch Closing all bugs that have been in modified for over a month. Please reopen if the bug is not actually fixed. |