Bug 376731 - selinux prevents xinetd from listening on nntp port 119 for leafnode
selinux prevents xinetd from listening on nntp port 119 for leafnode
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
All Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2007-11-11 19:23 EST by Scott Douglas-Watson
Modified: 2008-01-30 14:20 EST (History)
0 users

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-01-30 14:20:37 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Scott Douglas-Watson 2007-11-11 19:23:07 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20071030 Fedora/ Firefox/

Description of problem:
After enabling leafnode with xinetd, I get the following denial message:

avc: denied { name_bind } for comm=xinetd egid=0 euid=0 exe=/usr/sbin/xinetd
exit=-13 fsgid=0 fsuid=0 gid=0 items=0 pid=7482
scontext=user_u:system_r:inetd_t:s0 sgid=0 src=119
subj=user_u:system_r:inetd_t:s0 suid=0 tclass=tcp_socket
tcontext=system_u:object_r:innd_port_t:s0 tty=(none) uid=0

Version-Release number of selected component (if applicable):
selinux-policy-3.0.8-47.fc8 Leafnode-1.11.6-2.fc8

How reproducible:

Steps to Reproduce:
1. install leafnode
2. enable leafnode by editing /etc/xinetd.d/leafnode
3. restart xinetd

Actual Results:
Cannot connect to leafnode news server. setroubleshoot message appears in /var/log/messages

Expected Results:
Should be able to connect to leafnode

Additional info:
Comment 1 Daniel Walsh 2007-11-12 10:19:34 EST
Fixed in selinux-policy-3.0.8-51.fc8
Comment 2 Daniel Walsh 2008-01-30 14:20:37 EST
Bulk closing all bugs in Fedora updates in the modified state.  If you bug is
not fixed, please reopen.

Note You need to log in before you can comment on or make changes to this bug.