Bug 376731 - selinux prevents xinetd from listening on nntp port 119 for leafnode
Summary: selinux prevents xinetd from listening on nntp port 119 for leafnode
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 8
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-11-12 00:23 UTC by Scott Douglas-Watson
Modified: 2008-01-30 19:20 UTC (History)
0 users

Fixed In Version: Current
Clone Of:
Environment:
Last Closed: 2008-01-30 19:20:37 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Scott Douglas-Watson 2007-11-12 00:23:07 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.8) Gecko/20071030 Fedora/2.0.0.8-2.fc8 Firefox/2.0.0.8

Description of problem:
After enabling leafnode with xinetd, I get the following denial message:

avc: denied { name_bind } for comm=xinetd egid=0 euid=0 exe=/usr/sbin/xinetd
exit=-13 fsgid=0 fsuid=0 gid=0 items=0 pid=7482
scontext=user_u:system_r:inetd_t:s0 sgid=0 src=119
subj=user_u:system_r:inetd_t:s0 suid=0 tclass=tcp_socket
tcontext=system_u:object_r:innd_port_t:s0 tty=(none) uid=0


Version-Release number of selected component (if applicable):
selinux-policy-3.0.8-47.fc8 Leafnode-1.11.6-2.fc8

How reproducible:
Always


Steps to Reproduce:
1. install leafnode
2. enable leafnode by editing /etc/xinetd.d/leafnode
3. restart xinetd

Actual Results:
Cannot connect to leafnode news server. setroubleshoot message appears in /var/log/messages

Expected Results:
Should be able to connect to leafnode

Additional info:

Comment 1 Daniel Walsh 2007-11-12 15:19:34 UTC
Fixed in selinux-policy-3.0.8-51.fc8

Comment 2 Daniel Walsh 2008-01-30 19:20:37 UTC
Bulk closing all bugs in Fedora updates in the modified state.  If you bug is
not fixed, please reopen.


Note You need to log in before you can comment on or make changes to this bug.