shouldn't this be allowed: avc: denied { name_bind } for comm='"amandad"' egid='6' euid='33' exe='"/usr/lib/amanda/amandad"' exit='-13' fsgid='6' fsuid='33' gid='6' items='0' pid='7178' scontext=system_u:system_r:amanda_t:s0 sgid='6' subj='system_u:system_r:amanda_t:s0' suid='33' tclass='tcp_socket' tcontext=system_u:object_r:reserved_port_t:s0 tty='(none)' uid='33' selinux-policy-2.4.1-3.fc6 amanda-client-2.5.0p2-4 Amanda server is an ancient Red Hat Linux Advanced Server release 2.1AS (Pensacola) but I guess that does not matter in this case. amanda-server-2.4.4p3-1.21as.1
Could you grab the AVC from /var/log/audit/audit.log. Not sure which port this is trying to listen on. It should be handled by the current policy.
Created attachment 140551 [details] part of audit.log and syslog sure, here is the result of # grep amanda /var/log/messages > /tmp/amanda-in-messages # grep amanda /var/log/audit/audit.log > /tmp/amanda-in-audit= # cd /tmp/ # tar cvjf logs-BZ213603.tar.bz2 amanda-in-*
Fixed in selinux-policy-2.4.3-10
Moving modified bugs to closed