Description of problem: Vino needs to be able to bind the vnc port for Gnome's remote desktop features. Summary SELinux is preventing /usr/libexec/vino-server (user_t) "name_bind" to <Unknown> (vnc_port_t). Detailed Description SELinux denied access requested by /usr/libexec/vino-server. It is not expected that this access is required by /usr/libexec/vino-server and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access You can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Additional Information Source Context user_u:user_r:user_t Target Context system_u:object_r:vnc_port_t Target Objects None [ tcp_socket ] Affected RPM Packages vino-2.18.0-1.fc7 [application] Policy RPM selinux-policy-2.6.4-28.fc7 Selinux Enabled True Policy Type strict MLS Enabled True Enforcing Mode Permissive Plugin Name plugins.catchall Host Name packetbane Platform Linux packetbane 2.6.22.1-33.fc7 #1 SMP Mon Jul 23 16:59:15 EDT 2007 x86_64 x86_64 Alert Count 1 First Seen Fri 27 Jul 2007 12:24:07 PM EDT Last Seen Fri 27 Jul 2007 12:24:07 PM EDT Local ID 60aba22b-91a4-4e02-b050-36af9df20cd6 Line Numbers Raw Audit Messages avc: denied { name_bind } for comm="vino-server" egid=500 euid=500 exe="/usr/libexec/vino-server" exit=0 fsgid=500 fsuid=500 gid=500 items=0 pid=3592 scontext=user_u:user_r:user_t:s0 sgid=500 src=5900 subj=user_u:user_r:user_t:s0 suid=500 tclass=tcp_socket tcontext=system_u:object_r:vnc_port_t:s0 tty=(none) uid=500
Are you running strict policy in permissive mode?
Yes I am... does it behave differently in permissive and enforcing?
Does setting on user_tcp_server fix your problem? setsebool -P user_tcp_server=1