Bug 1007558 - irssi can't listen on high ports, even with relevant booleans set
irssi can't listen on high ports, even with relevant booleans set
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
19
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Miroslav Grepl
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-09-12 14:36 EDT by Robin Powell
Modified: 2013-10-01 17:05 EDT (History)
4 users (show)

See Also:
Fixed In Version: selinux-policy-3.12.1-74.8.fc19
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-09-29 20:34:34 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Robin Powell 2013-09-12 14:36:58 EDT
irc_use_any_tcp_ports=_("Determine whether irc clients can listen on and connect to any unreserved TCP ports.") , so I expected running an irssi proxy to work, given:

rlpowell@stodi> sudo getsebool irssi_use_full_network
irssi_use_full_network --> on
rlpowell@stodi> sudo getsebool irc_use_any_tcp_ports
irc_use_any_tcp_ports --> on

But it doesn't:

type=AVC msg=audit(09/12/2013 11:31:30.525:158212) : avc:  denied  { listen } for  pid=18046 comm=irssi laddr=127.0.0.1 lport=31333 scontext=user_u:user_r:irc_t:s0 tcontext=user_u:user_r:irc_t:s0 tclass=tcp_socket

type=AVC msg=audit(09/12/2013 11:31:37.170:158217) : avc:  denied  { accept } for  pid=18046 comm=irssi laddr=127.0.0.1 lport=31333 scontext=user_u:user_r:irc_t:s0 tcontext=user_u:user_r:irc_t:s0 tclass=tcp_socket
Comment 1 Daniel Walsh 2013-09-16 14:14:15 EDT
d25a543520aa5fd43cf05fabb1d14a4244ada81f fixes this in git.
Comment 2 Lukas Vrabec 2013-09-18 06:42:40 EDT
back ported
Comment 3 Fedora Update System 2013-09-26 05:42:10 EDT
selinux-policy-3.12.1-74.8.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-74.8.fc19
Comment 4 Fedora Update System 2013-09-26 20:47:11 EDT
Package selinux-policy-3.12.1-74.8.fc19:
* should fix your issue,
* was pushed to the Fedora 19 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-74.8.fc19'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-17739/selinux-policy-3.12.1-74.8.fc19
then log in and leave karma (feedback).
Comment 5 Fedora Update System 2013-09-29 20:34:34 EDT
selinux-policy-3.12.1-74.8.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 6 Robin Powell 2013-10-01 17:05:21 EDT
Thank you so much! :D  It works.

Note You need to log in before you can comment on or make changes to this bug.