Bug 517527

(this is F11 rebuild of F12 package of pidgin)
port 5298 is perfectly legitimate port to bind for Local-link XMPP Local LAN Messaging (http://xmpp.org/extensions/xep-0174.html).

bradford:~# grep 5298 /etc/services 
presence        5298/tcp                # XMPP Link-Local Messaging
presence        5298/udp                # XMPP Link-Local Messaging
bradford:~# 

===================

SELinux is preventing the users from running TCP servers in the usedomain.

Podrobný popis:

SELinux has denied the pidgin program from binding to a network port 5298 which
does not have an SELinux type associated with it. pidgin does not have an
SELinux policy defined for it when run by the user, so it runs in the users
domain. SELinux is currently setup to deny TCP server to run within the user
domain. If you did not expect programs like pidgin to bind to a network port,
then this could signal a intrusion attempt. If this system is running as an NIS
Client, turning on the allow_ypbind boolean, may fix the problem. setsebool -P
allow_ypbind=1.

Povolení přístupu:

If you want to allow user programs to run as TCP Servers, you can turn on the
user_tcp_server boolean, by executing: setsebool -P user_tcp_server=1

Příkaz pro opravu:

setsebool -P user_tcp_server=1

Další informace:

Kontext zdroje                staff_u:staff_r:staff_t:s0-s0:c0.c1023
Kontext cíle                 system_u:object_r:port_t:s0
Objekty cíle                 None [ tcp_socket ]
Zdroj                         pidgin
Cesta zdroje                  /usr/bin/pidgin
Port                          5298
Počítač                    bradford
RPM balíčky zdroje          pidgin-2.6.0-0.11.20090812.fc11
RPM balíčky cíle           
RPM politiky                  selinux-policy-3.6.12-72.fc11
Selinux povolen               True
Typ politiky                  targeted
MLS povoleno                  True
Vynucovací režim            Enforcing
Název zásuvného modulu     user_tcp_server
Název počítače            bradford
Platforma                     Linux bradford 2.6.29.6-217.2.3.fc11.x86_64 #1 SMP
                              Wed Jul 29 16:02:42 EDT 2009 x86_64 x86_64
Počet upozornění           1
Poprvé viděno               Pá 14. srpen 2009, 15:14:15 CEST
Naposledy viděno             Pá 14. srpen 2009, 15:14:15 CEST
Místní ID                   6af5fbba-7a7f-4ed6-9e66-e7472dcf192f
Čísla řádků              

Původní zprávy auditu      

node=bradford type=AVC msg=audit(1250255655.360:64): avc:  denied  { name_bind } for  pid=3122 comm="pidgin" src=5298 scontext=staff_u:staff_r:staff_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket

node=bradford type=SYSCALL msg=audit(1250255655.360:64): arch=c000003e syscall=49 success=no exit=-13 a0=11 a1=7ffffa2ae750 a2=10 a3=20 items=0 ppid=3121 pid=3122 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="pidgin" exe="/usr/bin/pidgin" subj=staff_u:staff_r:staff_t:s0-s0:c0.c1023 key=(null)