Bug 1118530 - OpenShift instances cannot access remote CVS server on port 2401
Summary: OpenShift instances cannot access remote CVS server on port 2401
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: OpenShift Online
Classification: Red Hat
Component: Containers
Version: 2.x
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 2.x
Assignee: Jhon Honce
QA Contact: libra bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-07-11 00:53 UTC by Stephen Gallagher
Modified: 2015-07-07 23:48 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-07-07 23:48:55 UTC


Attachments (Terms of Use)

Description Stephen Gallagher 2014-07-11 00:53:39 UTC
Description of problem:
I have an application (Review Board) that needs to be able to access a remote CVS (concurrent versions system) server. When I attempt to use the 'cvs' command-line utility from within an OpenShift console (or internally in the Review Board application), I encounter the following error:

CVSROOT=:pserver:anon:anon@cvs.opengroup.org:/cvs/MSB cvs co pegasus
cvs [checkout aborted]: connect to [cvs.opengroup.org]:2401 failed: Permission denied

This command works properly when run from my local Fedora system. I am guessing that there is likely an SELinux AVC occurring, but I have no way to verify this in OpenShift.

Version-Release number of selected component (if applicable):
Live OpenShift as of today (2014-07-10)

How reproducible:
Every time

Steps to Reproduce:
1. SSH into an OpenShift instance
2. run the command 'CVSROOT=:pserver:anon:anon@cvs.opengroup.org:/cvs/MSB cvs co pegasus'


Actual results:
cvs [checkout aborted]: connect to [cvs.opengroup.org]:2401 failed: Permission denied

Expected results:
The cvs command should start checking out the contents of the CVS code repository.

Additional info:
I submitted this to StackOverflow:
http://stackoverflow.com/questions/24616697/accessing-a-cvs-server-from-an-openshift-application-review-board

I was informed "The outgoing port (2401) is blocked by an SELinux policy. The best way to request the team to open it, and track the request, is to enter a bug with your use case", so here you go.

Comment 2 Stephen Gallagher 2014-08-04 15:33:23 UTC
Is there an approximate ETA on this? This is a blocking issue for some of our external interactions.

Comment 3 Meng Bo 2015-06-17 03:23:52 UTC
Verify fixed on devenv_5550, the cvs checkout works.

[root@ip-10-61-203-34 ~]# semanage port -l |grep cvs
cvs_port_t                     tcp      2401
cvs_port_t                     udp      2401


Note You need to log in before you can comment on or make changes to this bug.