Description of problem: SELinux is preventing unbound-anchor from 'name_bind' accesses on the udp_socket port 61000. ***** Plugin catchall_boolean (89.3 confidence) suggests ****************** If you want to allow nis to enabled Then you must tell SELinux about this by enabling the 'nis_enabled' boolean. Do setsebool -P nis_enabled 1 ***** Plugin catchall (11.6 confidence) suggests ************************** If you believe that unbound-anchor should be allowed name_bind access on the port 61000 udp_socket by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'unbound-anchor' --raw | audit2allow -M my-unboundanchor # semodule -X 300 -i my-unboundanchor.pp Additional Information: Source Context system_u:system_r:named_t:s0 Target Context system_u:object_r:port_t:s0 Target Objects port 61000 [ udp_socket ] Source unbound-anchor Source Path unbound-anchor Port 61000 Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.14.4-43.fc31.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 5.3.16-300.fc31.x86_64 #1 SMP Fri Dec 13 17:59:04 UTC 2019 x86_64 x86_64 Alert Count 1 First Seen 2019-12-30 06:30:02 SAST Last Seen 2019-12-30 06:30:02 SAST Local ID d77537b4-c833-40af-b0e2-b03659da56b8 Raw Audit Messages type=AVC msg=audit(1577680202.143:101): avc: denied { name_bind } for pid=1804 comm="unbound-anchor" src=61000 scontext=system_u:system_r:named_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=udp_socket permissive=0 Hash: unbound-anchor,named_t,port_t,udp_socket,name_bind Version-Release number of selected component: selinux-policy-3.14.4-43.fc31.noarch Additional info: component: selinux-policy reporter: libreport-2.11.3 hashmarkername: setroubleshoot kernel: 5.3.16-300.fc31.x86_64 type: libreport Potential duplicate: bug 1669731
*** This bug has been marked as a duplicate of bug 1667742 ***