Bug 234731 - ypserv not binding to a port <1024
ypserv not binding to a port <1024
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
6
All Linux
medium Severity medium
: ---
: ---
Assigned To: Steve Dickson
:
Depends On:
Blocks: 235363
  Show dependency treegraph
 
Reported: 2007-03-31 21:06 EDT by David Highley
Modified: 2007-11-30 17:12 EST (History)
2 users (show)

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-04-18 12:26:44 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Highley 2007-03-31 21:06:04 EDT
Description of problem:
Not binding to a low port.

Version-Release number of selected component (if applicable):
ypserv-2.19-3

How reproducible:
Everytime

Steps to Reproduce:
1.
2.
3.
  
Actual results:
From /var/log/messages:
Mar 31 12:36:02 douglas ypbind[2856]: Answer for domain 'highley-recommended.com
' from '10.2.2.7' on illegal port 32768.

Expected results:


Additional info:
ypserv seems to be binding to high ports. I tried -p and --port as options to
force it to use a port below 1024 but the service would not start. Ended up
adding --broken-server option to ypbind as a temporary work around.
Comment 1 Habig, Alec 2007-04-03 14:15:10 EDT
I can confirm this, although it seems to be a result of the new selinux policy,
selinux-policy-targeted-2.4.6-46.fc6 rather than ypserv itself, so should be
assigned to the selinux component instead of ypserv.

Backing out to selinux-policy-targeted-2.4.6-42 or setting selinux to permissive
cures the problem.
Comment 2 David Highley 2007-04-03 19:00:12 EDT
Darn, I thought I tested for that and checked the audit log. Will move it based
on your test results to a selinux policy issue.
Comment 3 Habig, Alec 2007-04-03 19:07:54 EDT
The audit log was pretty un-informative about what was happening - I never did
pin down an actual "deny" I could append to this bug report.  All I know is what
I did to let people log into my YP slave machines again after a morning of
flailing :)

Comment 5 Daniel Walsh 2007-04-05 09:26:45 EDT
Fixed in selinux-policy-2.4.6-52
Comment 6 Habig, Alec 2007-04-18 10:06:10 EDT
I can confirm that selinux-policy-2.4.6-54 (the version pushed on the updates
server) has cured this problem.

Note You need to log in before you can comment on or make changes to this bug.