Description of problem: SELinux is preventing rpcbind from 'name_bind' accesses on the udp_socket puerto 62528. ***** Plugin bind_ports (92.2 confidence) suggests ************************ Si quiere permitir que rpcbind se asocie al puerto de red 62528 Then you need to modify the port type. Do # semanage port -a -t TIPO_DE_PUERTO -p udp 62528 donde TIPO_DE_PUERTO es uno de los siguientes: agentx_port_t, apertus_ldp_port_t, comsat_port_t, dhcpc_port_t, dhcpd_port_t, dns_port_t, efs_port_t, flash_port_t, ftp_port_t, gdomap_port_t, hi_reserved_port_t, inetd_child_port_t, ipmi_port_t, ipp_port_t, kerberos_admin_port_t, kerberos_port_t, kprop_port_t, ktalkd_port_t, ldap_port_t, pki_ca_port_t, pop_port_t, portmap_port_t, printer_port_t, rlogin_port_t, rlogind_port_t, rndc_port_t, router_port_t, rsh_port_t, rsync_port_t, rtsp_port_t, rwho_port_t, smtp_port_t, spamd_port_t, swat_port_t, syslogd_port_t, uucpd_port_t. ***** Plugin catchall_boolean (7.83 confidence) suggests ****************** Si quiere allow system to run with NIS Then debe informar a SELinux de ello activando el indicador 'nis_enabled'. Puede leer la página de manual 'rpcbind_selinux' para más detalles. Do setsebool -P nis_enabled 1 ***** Plugin catchall (1.41 confidence) suggests ************************** Si cree que de manera predeterminada se debería permitir a rpcbind el acceso name_bind sobre puerto 62528 udp_socket. Then debería reportar esto como un error. Puede generar un módulo de política local para permitir este acceso. Do permita el acceso temporalmente ejecutando: # ausearch -c 'rpcbind' --raw | audit2allow -M mi-rpcbind # semodule -X 300 -i mi-rpcbind.pp Additional Information: Source Context system_u:system_r:rpcbind_t:s0 Target Context system_u:object_r:unreserved_port_t:s0 Target Objects puerto 62528 [ udp_socket ] Source rpcbind Source Path rpcbind Port 62528 Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM <Desconocido> Local Policy RPM selinux-policy-targeted-3.14.6-28.fc33.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 5.8.14-300.fc33.x86_64 #1 SMP Wed Oct 7 21:44:23 UTC 2020 x86_64 x86_64 Alert Count 2 First Seen 2020-10-16 09:51:08 CEST Last Seen 2020-10-17 08:40:07 CEST Local ID de05ebbb-b08c-4521-b613-e716c74d1dd9 Raw Audit Messages type=AVC msg=audit(1602916807.49:228): avc: denied { name_bind } for pid=3196 comm="rpcbind" src=62528 scontext=system_u:system_r:rpcbind_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=udp_socket permissive=0 Hash: rpcbind,rpcbind_t,unreserved_port_t,udp_socket,name_bind Additional info: component: selinux-policy reporter: libreport-2.14.0 hashmarkername: setroubleshoot kernel: 5.8.15-301.fc33.x86_64 type: libreport Potential duplicate: bug 1563792
Similar problem has been detected: Post upgrade to FC33. hashmarkername: setroubleshoot kernel: 5.8.16-300.fc33.x86_64 reason: SELinux is preventing rpcbind from 'name_bind' accesses on the udp_socket port 61846. type: libreport
Similar problem has been detected: No idea if this should be allowed or denied. I'm submitting just fYi. hashmarkername: setroubleshoot kernel: 5.9.16-200.fc33.x86_64 package: selinux-policy-targeted-3.14.6-33.fc33.noarch reason: SELinux is preventing rpcbind from 'name_bind' accesses on the udp_socket porte 63311. type: libreport
*** This bug has been marked as a duplicate of bug 1758147 ***