Fedora Account System
Red Hat Associate
Red Hat Customer
Description of problem: Starting a VM with libvirt SELinux is preventing rpcbind from 'name_bind' accesses on the udp_socket port 65451. ***** Plugin bind_ports (92.2 confidence) suggests ************************ Si quiere permitir que rpcbind se asocie al puerto de red 65451 Then you need to modify the port type. Do # semanage port -a -t TIPO_DE_PUERTO -p udp 65451 donde TIPO_DE_PUERTO es uno de los siguientes: agentx_port_t, apertus_ldp_port_t, comsat_port_t, dhcpc_port_t, dhcpd_port_t, dns_port_t, efs_port_t, flash_port_t, ftp_port_t, gdomap_port_t, hi_reserved_port_t, inetd_child_port_t, ipmi_port_t, ipp_port_t, kerberos_admin_port_t, kerberos_port_t, kprop_port_t, ktalkd_port_t, ldap_port_t, pki_ca_port_t, pop_port_t, portmap_port_t, printer_port_t, rlogin_port_t, rlogind_port_t, rndc_port_t, router_port_t, rsh_port_t, rsync_port_t, rtsp_port_t, rwho_port_t, smtp_port_t, spamd_port_t, swat_port_t, syslogd_port_t, uucpd_port_t. ***** Plugin catchall_boolean (7.83 confidence) suggests ****************** Si quiere allow nis to enabled Then debe informar a SELinux de ello activando el indicador 'nis_enabled'. Do setsebool -P nis_enabled 1 ***** Plugin catchall (1.41 confidence) suggests ************************** Si cree que de manera predeterminada se debería permitir a rpcbind el acceso name_bind sobre port 65451 udp_socket. Then debería reportar esto como un error. Puede generar un módulo de política local para permitir este acceso. Do permita el acceso temporalmente ejecutando: # ausearch -c 'rpcbind' --raw | audit2allow -M mi-rpcbind # semodule -X 300 -i mi-rpcbind.pp Additional Information: Source Context system_u:system_r:rpcbind_t:s0 Target Context system_u:object_r:unreserved_port_t:s0 Target Objects port 65451 [ udp_socket ] Source rpcbind Source Path rpcbind Port 65451 Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-43.6-1.fc44.noarch Local Policy RPM selinux-policy-targeted-43.6-1.fc44.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 6.19.14-300.fc44.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Apr 23 15:17:50 UTC 2026 x86_64 Alert Count 252 First Seen 2024-05-13 07:14:59 CEST Last Seen 2026-04-29 07:26:01 CEST Local ID bc9346e5-67a1-482f-a7b7-8be648ecef97 Raw Audit Messages type=AVC msg=audit(1777440361.375:143): avc: denied { name_bind } for pid=2369 comm="rpcbind" src=65451 scontext=system_u:system_r:rpcbind_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=udp_socket permissive=0 Hash: rpcbind,rpcbind_t,unreserved_port_t,udp_socket,name_bind Version-Release number of selected component: selinux-policy-targeted-43.6-1.fc44.noarch Additional info: reporter: libreport-2.17.15 reason: SELinux is preventing rpcbind from 'name_bind' accesses on the udp_socket port 65451. package: selinux-policy-targeted-43.6-1.fc44.noarch component: selinux-policy hashmarkername: setroubleshoot type: libreport kernel: 6.19.14-300.fc44.x86_64 comment: Starting a VM with libvirt component: selinux-policy
Created attachment 2138548 [details] File: description
Created attachment 2138549 [details] File: os_info
*** This bug has been marked as a duplicate of bug 1758147 ***