Bug 379631 - xinetd : SElinux alert
Summary: xinetd : SElinux alert
Alias: None
Product: Fedora
Classification: Fedora
Component: xinetd
Version: 8
Hardware: i686
OS: Linux
Target Milestone: ---
Assignee: Jan Safranek
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2007-11-13 10:12 UTC by J.Jansen
Modified: 2007-11-30 22:12 UTC (History)
0 users

Clone Of:
Last Closed: 2007-11-15 14:02:07 UTC

Attachments (Terms of Use)
/etc/xinetd.conf (1001 bytes, application/octet-stream)
2007-11-15 13:13 UTC, J.Jansen
no flags Details
/etc/xinetd.d/* (2.24 KB, application/x-bzip)
2007-11-15 13:13 UTC, J.Jansen
no flags Details

Description J.Jansen 2007-11-13 10:12:59 UTC
Description of problem:
When starting xinetd I got the following alert from SElinux:

SELinux denied access requested by xinetd. It is not expected that this access
is required by xinetd and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.

Source Context:  system_u:system_r:inetd_t:s0Target
Context:  system_u:object_r:hi_reserved_port_t:s0Target Objects:  None [
tcp_socket ]Affected RPM Packages:  Policy
RPM:  selinux-policy-3.0.8-47.fc8Selinux Enabled:  TruePolicy Type:  targetedMLS
Enabled:  TrueEnforcing Mode:  EnforcingPlugin Name:  plugins.catchallHost
Name:  tarantellaPlatform:  Linux tarantella #1 SMP Thu Nov 8
21:41:26 EST 2007 i686 i686Alert Count:  1First Seen:  Tue 13 Nov 2007 11:05:16
AM CETLast Seen:  Tue 13 Nov 2007 11:05:16 AM CETLocal
ID:  4780cd3c-ab9a-4803-9d52-eee95a5ee613Line Numbers:  Raw Audit Messages :avc:
denied { name_bind } for comm=xinetd pid=4869
scontext=system_u:system_r:inetd_t:s0 src=904 tclass=tcp_socket

Version-Release number of selected component (if applicable):

How reproducible:
I just installed F8, installed all the updates and than install xinetd
So I have no idea

Steps to Reproduce:
Actual results:

Expected results:

Additional info:

Comment 1 Jan Safranek 2007-11-15 11:13:58 UTC
I am not able to reproduce the bug - I have fresh installation of F8, updated
and installed xinetd, but not SELinux alerts.

Could you please provide content of your /etc/xinetd.conf and /etc/xinetd.d/* ?

Thanks in advance

Comment 2 J.Jansen 2007-11-15 13:13:01 UTC
Created attachment 259761 [details]

Comment 3 J.Jansen 2007-11-15 13:13:52 UTC
Created attachment 259771 [details]

Comment 4 J.Jansen 2007-11-15 13:16:51 UTC
Created attachments for the requested files.

Note : I got the alert when the installation procedure of vmware stopped/started
xinetd. If I leave SELinux on I do not get a working version of vmware, probably
due to this SElinux alert against xinetd.

Comment 5 Jan Safranek 2007-11-15 14:01:54 UTC
Vmware adds its own service to /etc/xinetd.d/, which causes xinetd to listen on
port 904. SElinux does not know about that and rejects xinetd to listen on that
port. This is how SElinux works - it allow applications to do only what's
*explicitly* allowed.

You can:
a) create your own custom rule, allowing xinetd to listen on port 904 (man
b) disable SElinux
c) remove vmware :)

Note You need to log in before you can comment on or make changes to this bug.