Bug 773772

libreport version: 2.0.8
executable:     /usr/bin/python
hashmarkername: setroubleshoot
kernel:         3.1.0-7.fc16.i686
reason:         SELinux is preventing /usr/sbin/httpd.worker from 'name_bind' accesses on the tcp_socket .
time:           Thu 12 Jan 2012 04:40:11 PM EST

description:
:SELinux is preventing /usr/sbin/httpd.worker from 'name_bind' accesses on the tcp_socket .
:
:*****  Plugin bind_ports (92.2 confidence) suggests  *************************
:
:If you want to allow /usr/sbin/httpd.worker to bind to network port 9830
:Then you need to modify the port type.
:Do
:# semanage port -a -t PORT_TYPE -p tcp 9830
:    where PORT_TYPE is one of the following: ntop_port_t, http_cache_port_t, http_port_t, puppet_port_t, jboss_management_port_t.
:
:*****  Plugin catchall_boolean (7.83 confidence) suggests  *******************
:
:If you want to allow system to run with NIS
:Then you must tell SELinux about this by enabling the 'allow_ypbind' boolean.
:Do
:setsebool -P allow_ypbind 1
:
:*****  Plugin catchall (1.41 confidence) suggests  ***************************
:
:If you believe that httpd.worker should be allowed name_bind access on the  tcp_socket by default.
:Then you should report this as a bug.
:You can generate a local policy module to allow this access.
:Do
:allow this access for now by executing:
:# grep httpd.worker /var/log/audit/audit.log | audit2allow -M mypol
:# semodule -i mypol.pp
:
:Additional Information:
:Source Context                system_u:system_r:httpd_t:s0
:Target Context                system_u:object_r:unreserved_port_t:s0
:Target Objects                 [ tcp_socket ]
:Source                        httpd.worker
:Source Path                   /usr/sbin/httpd.worker
:Port                          9830
:Host                          (removed)
:Source RPM Packages           httpd-2.2.21-1.fc16
:Target RPM Packages           
:Policy RPM                    selinux-policy-3.10.0-71.fc16
:Selinux Enabled               True
:Policy Type                   targeted
:Enforcing Mode                Enforcing
:Host Name                     (removed)
:Platform                      Linux (removed) 3.1.0-7.fc16.i686 #1 SMP Tue Nov 1
:                              21:00:16 UTC 2011 i686 i686
:Alert Count                   1
:First Seen                    Thu 12 Jan 2012 04:38:24 PM EST
:Last Seen                     Thu 12 Jan 2012 04:38:24 PM EST
:Local ID                      8cdb2a1c-a180-4d85-b494-f0da81f0f20d
:
:Raw Audit Messages
:type=AVC msg=audit(1326404304.640:568): avc:  denied  { name_bind } for  pid=2762 comm="httpd.worker" src=9830 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket
:
:
:type=SYSCALL msg=audit(1326404304.640:568): arch=i386 syscall=socketcall success=no exit=EACCES a0=2 a1=bf89b260 a2=2ec1fc a3=21f045a8 items=0 ppid=2760 pid=2762 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=httpd.worker exe=/usr/sbin/httpd.worker subj=system_u:system_r:httpd_t:s0 key=(null)
:
:Hash: httpd.worker,httpd_t,unreserved_port_t,tcp_socket,name_bind
:
:audit2allow
:
:#============= httpd_t ==============
:#!!!! This avc can be allowed using the boolean 'allow_ypbind'
:
:allow httpd_t unreserved_port_t:tcp_socket name_bind;
:
:audit2allow -R
:
:#============= httpd_t ==============
:#!!!! This avc can be allowed using the boolean 'allow_ypbind'
:
:allow httpd_t unreserved_port_t:tcp_socket name_bind;
: