Bug 590309
| Summary: | SELinux is preventing /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/bin/java from connecting to port 58974. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Reinhard <Reinhard.Scheck> |
| Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | 12 | CC: | dwalsh, mgrepl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | setroubleshoot_trace_hash:60e673777a6590183ee66e59929066292f2ac4016c3c0fb20e708ab81f1174d3 | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2010-05-10 11:24:55 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
*** This bug has been marked as a duplicate of bug 590308 *** |
Zusammenfassung: SELinux is preventing /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/bin/java from connecting to port 58974. Detaillierte Beschreibung: [SELinux ist in freizügigem Modus. Dieser Zugriff wurde nicht verweigert.] SELinux has denied java from connecting to a network port 58974 which does not have an SELinux type associated with it. If java should be allowed to connect on 58974, use the semanage command to assign 58974 to a port type that abrt_helper_t can connect to (ldap_port_t, dns_port_t, kerberos_port_t, ocsp_port_t). If java is not supposed to connect to 58974, this could signal a intrusion attempt. Zugriff erlauben: If you want to allow java to connect to 58974, you can execute semanage port -a -t PORT_TYPE -p tcp 58974 where PORT_TYPE is one of the following: ldap_port_t, dns_port_t, kerberos_port_t, ocsp_port_t. Zusätzliche Informationen: Quellkontext unconfined_u:system_r:abrt_helper_t:s0-s0:c0.c1023 Zielkontext system_u:object_r:port_t:s0 Zielobjekte None [ tcp_socket ] Quelle java Quellpfad /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre /bin/java Port 58974 Host (removed) RPM-Pakete der Quelle java-1.6.0-openjdk-1.6.0.0-37.b17.fc12 RPM-Pakete des Ziels Richtlinien-RPM selinux-policy-3.6.32-113.fc12 SELinux aktiviert True Richtlinientyp targeted Enforcing-Modus Permissive Plugin-Name connect_ports Rechnername (removed) Plattform Linux (removed) 2.6.32.11-99.fc12.x86_64 #1 SMP Mon Apr 5 19:59:38 UTC 2010 x86_64 x86_64 Anzahl der Alarme 0 Zuerst gesehen Sa 08 Mai 2010 20:40:43 CEST Zuletzt gesehen Sa 08 Mai 2010 20:40:43 CEST Lokale ID 7e4bb7a6-2706-49ce-aec1-e291e83e8cd0 Zeilennummern Raw-Audit-Meldungen node=(removed) type=AVC msg=audit(1273344043.170:26127): avc: denied { name_connect } for pid=4247 comm="java" dest=58974 scontext=unconfined_u:system_r:abrt_helper_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket node=(removed) type=SYSCALL msg=audit(1273344043.170:26127): arch=c000003e syscall=42 success=yes exit=0 a0=88 a1=7f4698aa5c20 a2=1c a3=7f4698aa59b0 items=0 ppid=4149 pid=4247 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=7 comm="java" exe="/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/bin/java" subj=unconfined_u:system_r:abrt_helper_t:s0-s0:c0.c1023 key=(null) Hash String generated from connect_ports,java,abrt_helper_t,port_t,tcp_socket,name_connect audit2allow suggests: #============= abrt_helper_t ============== #!!!! This avc can be allowed using the boolean 'allow_ypbind' allow abrt_helper_t port_t:tcp_socket name_connect;