Bug 533438
Summary: | SELinux is preventing /usr/bin/python from connecting to port 38555. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Víctor Daniel Martínez O. <vdanielmo> |
Component: | abrt | Assignee: | Jiri Moskovcak <jmoskovc> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 12 | CC: | anton, cheguaka, dfediuck, dvlasenk, dwalsh, iprikryl, james.antill, jmoskovc, kklic, mgrepl, mnowak, npajkovs |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | setroubleshoot_trace_hash:f5fba03b09bc6b34fe63f54cb18b03305913d11d6a71142899dfbd6c5c4baf32 | ||
Fixed In Version: | 1.0.0-1.fc12 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-12-01 04:38:06 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Víctor Daniel Martínez O.
2009-11-06 18:54:29 UTC
Why would yum be trying to connect to this port? Related with this: https://bugzilla.redhat.com/show_bug.cgi?id=533502 https://bugzilla.redhat.com/show_bug.cgi?id=533439 I was trying to connect irc whit telepathy, but telepathy-idle, crashed. abrt poped, and I tried to submit the bug.abrt tried to download 29 debuginfo packages via yum, the the three selinux errors came. I've no idea why yum would want to connect to this port. I guess if the user has a network local mirror which is defined as: http://local.example.com:38555/fedora ...that would do it. I haven't a network local mirror... It's a live USB image without overlay persistence. This bug -> 533690 was filed after the same steps. 1.- telepathy-idle crash 2.- abrt pop 3.- Download of debuginfo... The final step is https://bugzilla.redhat.com/show_bug.cgi?id=518390#c4 because of the bug 518390 duplicated in 533589 (I also have a wifi enabled by networkmanager applet) Can you run: fgrep 3855 /var/cache/yum/*/metalink.xml /var/cache/yum/*/mirrorlist.txt http://isc.sans.org/port.html?port=38555 we sure there isn't something else here? Don't know what you mean. This pair of pair of bugs were filed with the same steps. Ports differ. bug 533438 med low Linu jmoskovc NEW SELinux is preventing /usr/bin/python from connecting to port 38555. bug 533439 med low Linu jmoskovc CLOS RAWHIDE SELinux is preventing /usr/bin/python "name_connect" access. bug 533689 med low Linu dwalsh CLOS DUPLICATE SELinux is preventing /usr/bin/python "name_connect" access. bug 533690 med low Linu dwalsh CLOS RAWHIDE SELinux is preventing /usr/bin/python from connecting to port 18475. Is there a complete url that the process is attempting to access? I can't seem to find it in the output. It might help me understand what is going on here. I think it has to do with this bug https://bugzilla.redhat.com/show_bug.cgi?id=518390. Because if I restart abrt before I try to send the bug, setroubleshoot doesn't pop with this error. Then continues with [root@localhost ~]# ps -ef | grep -i python liveuser 1763 1641 0 22:58 ? 00:00:00 python /usr/share/system-config-printer/applet.py liveuser 2123 1 0 22:59 ? 00:00:03 /usr/bin/python /usr/libexec/telepathy-butterfly root 2286 1 0 23:11 ? 00:00:02 /usr/bin/python -E /usr/sbin/setroubleshootd -f liveuser 2295 1 0 23:11 ? 00:00:03 /usr/bin/python -E /usr/bin/sealert -s liveuser 2330 1 2 23:16 ? 00:00:43 /usr/bin/python /usr/share/abrt/CCMainWindow.py root 2599 2333 1 23:46 ? 00:00:02 /usr/bin/python /usr/bin/yumdownloader --enablerepo=*debuginfo* --quiet glibc-debuginfo-2.11-2.i686 root 2603 2067 0 23:48 pts/0 00:00:00 grep -i python [root@localhost ~]# ps -ef | grep -i abrt liveuser 1912 1641 0 22:58 ? 00:00:00 abrt-applet root 2098 1 0 22:59 ? 00:00:00 /usr/sbin/abrtd liveuser 2330 1 2 23:16 ? 00:00:45 /usr/bin/python /usr/share/abrt/CCMainWindow.py liveuser 2332 2098 0 23:16 ? 00:00:00 /usr/sbin/abrtd root 2333 2098 0 23:16 ? 00:00:00 /bin/sh /usr/bin/abrt-debuginfo-install /var/cache/abrt/ccpp-1257826416-2101/coredump /var/run/abrt/tmp-2333-1257826571 /var/cache/abrt-di ¿Makes it sense? Tested against http://alt.fedoraproject.org/pub/alt/nightly-composes/desktop/desktop-i386-20091109.15.iso Only this bug 533427 stays. Can't reproduce this bug. No mirrorlist.txt file behind /var/cache/yum [root@localhost yum]# fgrep 3855 /var/cache/yum/*/*/*/metalink.xml [root@localhost yum]# Nothing. #9 was tested against this image too. So bug 518390 seems unrelated. Perhaps closed bug 533439 bug 533690 did the job. I now allow abrt to connect to any port. I had several other bugs where abrt was connecting to semi-random ports. selinux-policy-targeted-3.6.32-43.fc12.noarch abrt-1.0.0-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/abrt-1.0.0-1.fc12 abrt-1.0.0-1.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update abrt'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2009-12098 abrt-1.0.0-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report. |