Bug 889362

Summary: SELinux blocks outgoing 5222/5223 connections (irc/jabber)
Product: OKD Reporter: Nam Duong <nduong>
Component: ContainersAssignee: Ram Ranganathan <ramr>
Status: CLOSED CURRENTRELEASE QA Contact: libra bugs <libra-bugs>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 2.xCC: bmeng, dmcphers, jhou, jofernan, mfisher, ramr, valerii.hiora
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-02-13 23:16:54 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Nam Duong 2012-12-20 22:50:31 UTC 
Description of problem:
Opening bug on behalf of our user:  https://openshift.redhat.com/community/forums/openshift/outgoing-jabber-connection-port-5222#comment-25881  

Can we allow outgoing connections?
Comment 1 Ram Ranganathan 2012-12-20 23:01:34 UTC 
Have a couple of other policy changes I need tkramer to confirm, so will fix along with that.
Comment 2 Ram Ranganathan 2013-01-08 02:08:31 UTC 
Fixed with pull request: https://github.com/openshift/li/pull/734
Comment 3 Jianwei Hou 2013-01-08 06:08:58 UTC 
Verified on devenv_2642

Steps:
1. Create an ruby-1.9 app

2. In app's repo, add following code to a conn.rb file
#! /usr/bin/env ruby

require 'net/telnet'

conn = Net::Telnet::new("Host" => "talk.google.com",
			"Port" => 5222,
			"Output_log" => "output_log",
			"Timeout" => 10,
			"Prompt" => /[$%#>] \z/)

3. Git push all changes

4. SSH into app gear, cd $OPENSHIFT_REPO_DIR
 ruby conn.rb

5. Check output logfile, make sure the connection was established successfully
[r19-2642t.dev.rhcloud.com repo]\> cat output_log 
Trying talk.google.com...
Connected to talk.google.com.

Also tried 5223, both ports are connected successfully.
Comment 4 Valerii Hiora 2013-01-12 12:22:49 UTC 
Still can reproduce it with my app. 
Should I perform any manual update to get it fixed?
Comment 5 Ram Ranganathan 2013-01-14 18:02:26 UTC 
 @Valerii, this has just been fixed in development and verified by QE - it should make its way to production in about a couple of weeks. HTH