Fedora Account System
Red Hat Associate
Red Hat Customer
Description of problem: Not sure why this happened. I just got a notification of an SELinux alert. SELinux is preventing /usr/bin/rpcbind from 'name_bind' accesses on the udp_socket port 62155. ***** Plugin bind_ports (92.2 confidence) suggests ************************ If you want to allow /usr/bin/rpcbind to bind to network port 62155 Then you need to modify the port type. Do # semanage port -a -t PORT_TYPE -p udp 62155 where PORT_TYPE is one of the following: agentx_port_t, apertus_ldp_port_t, comsat_port_t, dhcpc_port_t, dhcpd_port_t, dns_port_t, efs_port_t, flash_port_t, ftp_port_t, gdomap_port_t, hi_reserved_port_t, inetd_child_port_t, ipmi_port_t, ipp_port_t, kerberos_admin_port_t, kerberos_port_t, kprop_port_t, ktalkd_port_t, ldap_port_t, pki_ca_port_t, pop_port_t, portmap_port_t, printer_port_t, rlogin_port_t, rlogind_port_t, rndc_port_t, router_port_t, rsh_port_t, rsync_port_t, rtsp_port_t, rwho_port_t, smtp_port_t, spamd_port_t, swat_port_t, syslogd_port_t, uucpd_port_t. ***** Plugin catchall_boolean (7.83 confidence) suggests ****************** If you want to allow nis to enabled Then you must tell SELinux about this by enabling the 'nis_enabled' boolean. Do setsebool -P nis_enabled 1 ***** Plugin catchall (1.41 confidence) suggests ************************** If you believe that rpcbind should be allowed name_bind access on the port 62155 udp_socket by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'rpcbind' --raw | audit2allow -M my-rpcbind # semodule -X 300 -i my-rpcbind.pp Additional Information: Source Context system_u:system_r:rpcbind_t:s0 Target Context system_u:object_r:unreserved_port_t:s0 Target Objects port 62155 [ udp_socket ] Source rpcbind Source Path /usr/bin/rpcbind Port 62155 Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-44.1-1.fc44.noarch Local Policy RPM selinux-policy-targeted-44.1-1.fc44.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 6.19.14-300.fc44.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Apr 23 15:17:50 UTC 2026 x86_64 Alert Count 13 First Seen 2026-01-11 11:32:07 EST Last Seen 2026-05-19 06:21:49 EDT Local ID ee2ae2bc-c0a3-4c8b-aefb-a681d9df16c1 Raw Audit Messages type=AVC msg=audit(1779186109.67:5454): avc: denied { name_bind } for pid=3812524 comm="rpcbind" src=62155 scontext=system_u:system_r:rpcbind_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=udp_socket permissive=0 Hash: rpcbind,rpcbind_t,unreserved_port_t,udp_socket,name_bind Version-Release number of selected component: selinux-policy-targeted-44.1-1.fc44.noarch Additional info: reporter: libreport-2.17.15 component: selinux-policy kernel: 6.19.14-300.fc44.x86_64 type: libreport package: selinux-policy-targeted-44.1-1.fc44.noarch comment: Not sure why this happened. I just got a notification of an SELinux alert. reason: SELinux is preventing /usr/bin/rpcbind from 'name_bind' accesses on the udp_socket port 62155. hashmarkername: setroubleshoot component: selinux-policy
Created attachment 2141887 [details] File: description
Created attachment 2141888 [details] File: os_info
*** This bug has been marked as a duplicate of bug 1758147 ***