Fedora Account System
Red Hat Associate
Red Hat Customer
Description of problem: SELinux is preventing /usr/bin/rpcbind from 'name_bind' accesses on the udp_socket porte 62813. ***** Plugin bind_ports (92.2 confidence) suggests ************************ Se si desidera permettere che /usr/bin/rpcbind si associ alla porta di rete 62813 Then you need to modify the port type. Do # semanage port -a -t PORT_TYPE -p udp 62813 dove PORT_TYPE è uno dei seguenti: agentx_port_t, apertus_ldp_port_t, comsat_port_t, dhcpc_port_t, dhcpd_port_t, dns_port_t, efs_port_t, flash_port_t, ftp_port_t, gdomap_port_t, hi_reserved_port_t, inetd_child_port_t, ipmi_port_t, ipp_port_t, kerberos_admin_port_t, kerberos_port_t, kprop_port_t, ktalkd_port_t, ldap_port_t, pki_ca_port_t, pop_port_t, portmap_port_t, printer_port_t, rlogin_port_t, rlogind_port_t, rndc_port_t, router_port_t, rsh_port_t, rsync_port_t, rtsp_port_t, rwho_port_t, smtp_port_t, spamd_port_t, swat_port_t, syslogd_port_t, uucpd_port_t. ***** Plugin catchall_boolean (7.83 confidence) suggests ****************** Se si desidera abilitare la seguente funzione: allow nis to enabled Then è necessario informare SELinux abilitando il booleano 'nis_enabled' . Do setsebool -P nis_enabled 1 ***** Plugin catchall (1.41 confidence) suggests ************************** Se si ritiene che a rpcbind debba essere consentito l'accesso name_bind su udp_socket porte 62813 per impostazione predefinita. Then si dovrebbe segnalare il problema come bug. È possibile generare un modulo di politica locale per consentire questo accesso. Do consentire questo accesso per ora eseguendo: # ausearch -c 'rpcbind' --raw | audit2allow -M my-$MODULE_NOME # semodule -X 300 -i mio-rpcbind.pp Additional Information: Source Context system_u:system_r:rpcbind_t:s0 Target Context system_u:object_r:unreserved_port_t:s0 Target Objects porte 62813 [ udp_socket ] Source rpcbind Source Path /usr/bin/rpcbind Port 62813 Host (removed) Source RPM Packages rpcbind-1.2.8-0.fc43.x86_64 Target RPM Packages SELinux Policy RPM selinux-policy-targeted-42.24-1.fc43.noarch Local Policy RPM selinux-policy-targeted-42.24-1.fc43.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 6.18.9-200.fc43.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Feb 6 21:43:09 UTC 2026 x86_64 Alert Count 1 First Seen 2026-02-16 16:34:16 CET Last Seen 2026-02-16 16:34:16 CET Local ID 76d8b5b7-14a7-4cd2-b50b-b35d230867ab Raw Audit Messages type=AVC msg=audit(1771256056.187:34): avc: denied { name_bind } for pid=917 comm="rpcbind" src=62813 scontext=system_u:system_r:rpcbind_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=udp_socket permissive=1 type=SYSCALL msg=audit(1771256056.187:34): arch=x86_64 syscall=bind success=yes exit=0 a0=c a1=7fff710b3330 a2=1c a3=1e1 items=0 ppid=1 pid=917 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=rpcbind exe=/usr/bin/rpcbind subj=system_u:system_r:rpcbind_t:s0 key=(null) Hash: rpcbind,rpcbind_t,unreserved_port_t,udp_socket,name_bind Version-Release number of selected component: selinux-policy-targeted-42.24-1.fc43.noarch Additional info: reporter: libreport-2.17.15 reason: SELinux is preventing /usr/bin/rpcbind from 'name_bind' accesses on the udp_socket porte 62813. package: selinux-policy-targeted-42.24-1.fc43.noarch component: selinux-policy hashmarkername: setroubleshoot type: libreport kernel: 6.18.9-200.fc43.x86_64 component: selinux-policy
Created attachment 2129692 [details] File: description
Created attachment 2129693 [details] File: os_info
*** This bug has been marked as a duplicate of bug 1758147 ***