Description of problem: Some where a long the way we added listen call to a udp_socket for ccs. allow ccs_t self:udp_socket { create_socket_perms listen recv_msg send_msg }; This does not make sense on a udp socket and is usually caused when you call listen on a udp_socket. Without SELinux this causes EINVAL to be returned. but with SELinux it generates a nasty avc message.
Taking a quick look at the code... [brassow@hydrogen cluster]$ grep listen -r ccs ccs/daemon/ccsd.c: listen(sfds[0], 5); ccs/daemon/ccsd.c: if (listen(sock, backlog) < 0) ccs/daemon/cluster_mgr.c: if (listen(ccsd_fd, 15) < 0) { ccs/daemon/cluster_mgr.c: log_err("Unable to listen to socket.\n"); ccs/man/ccsd.8:cluster base port. "f" is the port number that listens for information requests Those sockets are all created with SOCK_STREAM. Has this bug already been fixed?
Well if it is only listening on TCP_SOCKETS then it should be ok.
Please reopen if there are further concerns.