Description of problem: SELinux is preventing named from 'open' accesses on the file /proc/sys/net/ipv4/ip_local_port_range. ***** Plugin catchall (100. confidence) suggests ************************** If vous pensez que named devrait être autorisé à accéder open sur ip_local_port_range file par défaut. Then vous devriez rapporter ceci en tant qu'anomalie. Vous pouvez générer un module de stratégie local pour autoriser cet accès. Do autoriser cet accès pour le moment en exécutant : # grep named /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:named_t:s0 Target Context system_u:object_r:sysctl_net_t:s0 Target Objects /proc/sys/net/ipv4/ip_local_port_range [ file ] Source named Source Path named Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-146.fc24.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 4.3.0-0.rc0.git7.1.fc24.x86_64 #1 SMP Fri Sep 4 14:36:30 UTC 2015 x86_64 x86_64 Alert Count 6 First Seen 2015-09-05 14:09:06 CEST Last Seen 2015-09-05 14:33:32 CEST Local ID 5ceca5fc-87b1-4221-8772-2a628b861564 Raw Audit Messages type=AVC msg=audit(1441456412.169:791): avc: denied { open } for pid=1592 comm="named" path="/proc/sys/net/ipv4/ip_local_port_range" dev="proc" ino=29564 scontext=system_u:system_r:named_t:s0 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=file permissive=1 Hash: named,named_t,sysctl_net_t,file,open Version-Release number of selected component: selinux-policy-3.13.1-146.fc24.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.3.0-0.rc0.git7.1.fc24.x86_64 type: libreport
*** This bug has been marked as a duplicate of bug 1260272 ***