Description of problem: Version-Release number of selected component (if applicable): munin-node-1.2.5-4.fc8 How reproducible: I would expect it to be easy to reproduce until the right SELinux policy adjustments are made. Steps to Reproduce: 1. Install F8 w/ updates in SELinux enforcing mode (the default). 2. Install munin-node: yum install munin munin-node 3. Attempt to start munin node: /sbin/service munin-node start 4. Check status: /sbin/service munin-node status Actual results: # /sbin/service munin-node status munin-node dead but subsys locked Message log contains: setroubleshoot: SELinux is preventing munin-node (munin_t) "name_bind" to <Unknown> (munin_port_t). For complete SELinux messages. run sealert -l a19998d2-e5fc-4aef-89ed-cd75f30b672b Expected results: That munin-node would be running. Additional info: Running the suggested sealert command yields: [root@beryllium ~]# sealert -l a19998d2-e5fc-4aef-89ed-cd75f30b672b Summary: SELinux is preventing munin-node (munin_t) "name_bind" to <Unknown> (munin_port_t). Detailed Description: SELinux denied access requested by munin-node. It is not expected that this access is required by munin-node and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context system_u:system_r:munin_t:s0 Target Context system_u:object_r:munin_port_t:s0 Target Objects None [ tcp_socket ] Source munin-node Source Path /usr/bin/perl Port 4949 Host beryllium.hq.REDACTED.com Source RPM Packages perl-5.8.8-36.fc8 Target RPM Packages Policy RPM selinux-policy-3.0.8-93.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name beryllium.hq.REDACTED.com Platform Linux beryllium.hq.REDACTED.com 2.6.24.3-34.fc8 #1 SMP Wed Mar 12 16:51:49 EDT 2008 x86_64 x86_64 Alert Count 1 First Seen Tue Mar 25 09:59:36 2008 Last Seen Tue Mar 25 09:59:36 2008 Local ID a19998d2-e5fc-4aef-89ed-cd75f30b672b Line Numbers Raw Audit Messages host=beryllium.hq.REDACTED.com type=AVC msg=audit(1206453576.530:1061): avc: denied { name_bind } for pid=28616 comm="munin-node" src=4949 scontext=system_u:system_r:munin_t:s0 tcontext=system_u:object_r:munin_port_t:s0 tclass=tcp_socket host=beryllium.hq.REDACTED.com type=SYSCALL msg=audit(1206453576.530:1061): arch=c000003e syscall=49 success=no exit=-13 a0=5 a1=b51800 a2=10 a3=3e2b1529f0 items=0 ppid=1 pid=28616 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="munin-node" exe="/usr/bin/perl" subj=system_u:system_r:munin_t:s0 key=(null)
This seems to be a duplicate of bug 428942. *** This bug has been marked as a duplicate of 428942 ***