Bug 1355960 - Unable to start carbon-cache service which blocked by a port 7002 permission denied
Summary: Unable to start carbon-cache service which blocked by a port 7002 permission ...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Storage Console
Classification: Red Hat Storage
Component: core
Version: 2
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: 3
Assignee: Timothy Asir
QA Contact: sds-qe-bugs
URL:
Whiteboard:
Depends On:
Blocks: 1326788
TreeView+ depends on / blocked
 
Reported: 2016-07-13 07:14 UTC by Timothy Asir
Modified: 2017-03-23 04:03 UTC (History)
3 users (show)

Fixed In Version: rhscon-core-0.0.34-1.el7scon.x86_64 rhscon-ceph-0.0.33-1.el7scon.x86_64 rhscon-ui-0.0.47-1.el7scon.noarch
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-03-23 04:03:38 UTC
Embargoed:

Attachments (Terms of Use)

Description Timothy Asir 2016-07-13 07:14:55 UTC 
Description of problem:
Unable to start carbon-cache service which blocked by a port 7002 permission denied.

The service log says: twisted.internet.error.CannotListenError: Couldn't listen on 0.0.0.0:7002: [Errno 13] Permission denied

Related AVC: type=SYSCALL msg=audit(1468343550.346:494): arch=c000003e syscall=49 success=no exit=-13 a0=9 a1=7ffc4b344fd0 a2=10 a3=0 items=0 ppid=1 pid=6644 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="carbon-cache" exe="/usr/bin/python2.7" subj=system_u:system_r:carbon_t:s0 key=(null)

# seinfo --portcon=7002
portcon udp 7002 system_u:object_r:afs_pt_port_t:s0
portcon tcp 1024-32767 system_u:object_r:unreserved_port_t:s0
portcon udp 1024-32767 system_u:object_r:unreserved_port_t:s0

Version-Release number of selected component (if applicable):
rhscon-core-0.0.33-1

How reproducible:
set rhscon-core server to selinux enforce mode
Comment 2 Timothy Asir 2016-07-13 09:24:59 UTC 
This could be an selinux issue.
Currently port 7002 is defined only for udp.

Workaround:
semanage port -a -p tcp -t afs_pt_port_t 7002
Note You need to log in before you can comment on or make changes to this bug.