type=AVC msg=audit(1194409964.031:84): avc: denied { name_bind } for pid=10771 comm="xinetd" src=5902 scontext=system_u:system_r:inetd_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1194409964.031:84): arch=c000003e syscall=49 success=no exit=-13 a0=6 a1=7fff0ff84d50 a2=1c a3=7fff0ff84d4c items=0 ppid=1 pid=10771 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="xinetd" exe="/usr/sbin/xinetd" subj=system_u:system_r:inetd_t:s0 key=(null) type=AVC msg=audit(1194409964.031:85): avc: denied { name_bind } for pid=10771 comm="xinetd" src=5903 scontext=system_u:system_r:inetd_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket vnc-ltsp-config-4.0-3 This package specifies a few ports to be served by xinetd to allow VNC-based XDMCP logins. SELInux is blocking this. type=AVC msg=audit(1194409964.031:83): avc: denied { name_bind } for pid=10771 comm="xinetd" src=2000 scontext=system_u:system_r:inetd_t:s0 tcontext=system_u:object_r:mail_port_t:s0 tclass=tcp_socket nbd-server being served by xinetd is also blocked. nbd-server is on TCP port 2000. Why is SELinux blocking these ports? What should we do?
You can add the ports to xinetd by executing # semanage port -a -t inetd_child_port_t -P tcp 5902 # semanage port -a -t inetd_child_port_t -P tcp 5903 You can add the other rule by executing # grep mail_port_t /var/log/audit/audit.log | audit2allow -M myxinetd #semodule -i myxinetd.pp
I will also put back the uncofined_domain for inetd in Fedora 8.
> # semanage port -a -t inetd_child_port_t -P tcp 5902 > # semanage port -a -t inetd_child_port_t -P tcp 5903 > # grep mail_port_t /var/log/audit/audit.log | audit2allow -M myxinetd > #semodule -i myxinetd.pp I need both of these? > I will also put back the uncofined_domain for inetd in Fedora 8. What will the effect of this be? > semanage port -a -t inetd_child_port_t -P tcp 5902 Is it proper to insert this (and matching removal) into the %post and %preun of ltsp-vnc-config?
No, I would just wait for the updated policy Fixed in selinux-policy-targeted-3.0.8-47.fc8.noarch.rpm
Should be 48 not 47
Bulk closing all bugs in Fedora updates in the modified state. If you bug is not fixed, please reopen.