Bug 234731 - ypserv not binding to a port <1024
Summary: ypserv not binding to a port <1024
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted   
(Show other bugs)
Version: 6
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Steve Dickson
QA Contact:
Depends On:
Blocks: 235363
TreeView+ depends on / blocked
Reported: 2007-04-01 01:06 UTC by David Highley
Modified: 2007-11-30 22:12 UTC (History)
2 users (show)

Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-04-18 16:26:44 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description David Highley 2007-04-01 01:06:04 UTC
Description of problem:
Not binding to a low port.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Actual results:
From /var/log/messages:
Mar 31 12:36:02 douglas ypbind[2856]: Answer for domain 'highley-recommended.com
' from '' on illegal port 32768.

Expected results:

Additional info:
ypserv seems to be binding to high ports. I tried -p and --port as options to
force it to use a port below 1024 but the service would not start. Ended up
adding --broken-server option to ypbind as a temporary work around.

Comment 1 Habig, Alec 2007-04-03 18:15:10 UTC
I can confirm this, although it seems to be a result of the new selinux policy,
selinux-policy-targeted-2.4.6-46.fc6 rather than ypserv itself, so should be
assigned to the selinux component instead of ypserv.

Backing out to selinux-policy-targeted-2.4.6-42 or setting selinux to permissive
cures the problem.

Comment 2 David Highley 2007-04-03 23:00:12 UTC
Darn, I thought I tested for that and checked the audit log. Will move it based
on your test results to a selinux policy issue.

Comment 3 Habig, Alec 2007-04-03 23:07:54 UTC
The audit log was pretty un-informative about what was happening - I never did
pin down an actual "deny" I could append to this bug report.  All I know is what
I did to let people log into my YP slave machines again after a morning of
flailing :)

Comment 5 Daniel Walsh 2007-04-05 13:26:45 UTC
Fixed in selinux-policy-2.4.6-52

Comment 6 Habig, Alec 2007-04-18 14:06:10 UTC
I can confirm that selinux-policy-2.4.6-54 (the version pushed on the updates
server) has cured this problem.

Note You need to log in before you can comment on or make changes to this bug.