481517 – (staff_u) SELinux is preventing the npviewer.bin (nsplugin_t) from connecting to port 1024.

Bug 481517 - (staff_u) SELinux is preventing the npviewer.bin (nsplugin_t) from connecting to port 1024.

Summary: (staff_u) SELinux is preventing the npviewer.bin (nsplugin_t) from connecting...

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	nspluginwrapper
Sub Component:
Version:	10
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Martin Stransky
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-01-25 23:18 UTC by Matěj Cepl
Modified:	2018-04-11 09:49 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2009-12-18 07:41:51 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Matěj Cepl 2009-01-25 23:18:02 UTC

I have no idea, what's the matter with port 1024 (looks suspiciously like 2^10, but I don't what's the significance of such similarlity).


Souhrn:

SELinux is preventing the npviewer.bin (nsplugin_t) from connecting to port
1024.

Podrobný popis:

SELinux has denied the npviewer.bin from connecting to a network port 1024 which
does not have an SELinux type associated with it. If npviewer.bin is supposed to
be allowed to connect on this port, you can use the semanage command to add this
port to a port type that nsplugin_t can connect to. semanage port -L will list
all port types. Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against the selinux-policy
package. If npviewer.bin is not supposed to bind to this port, this could signal
a intrusion attempt.

Povolení přístupu:

If you want to allow npviewer.bin to connect to this port semanage port -a -t
PORT_TYPE -p PROTOCOL 1024 Where PORT_TYPE is a type that nsplugin_t can
connect.

Další informace:

Kontext zdroje                staff_u:staff_r:nsplugin_t:s0-s0:c0.c1023
Kontext cíle                 system_u:object_r:port_t:s0
Objekty cíle                 None [ tcp_socket ]
Zdroj                         npviewer.bin
Cesta zdroje                  /usr/lib/nspluginwrapper/npviewer.bin
Port                          1024
Počítač                    viklef.ceplovi.cz
RPM balíčky zdroje          nspluginwrapper-1.3.0-2.fc10
RPM balíčky cíle           
RPM politiky                  selinux-policy-3.5.13-40.fc10
Selinux povolen               True
Typ politiky                  targeted
MLS povoleno                  True
Vynucovací režim            Enforcing
Název zásuvného modulu     connect_ports
Název počítače            viklef.ceplovi.cz
Platforma                     Linux viklef.ceplovi.cz 2.6.27.9-159.fc10.x86_64
                              #1 SMP Tue Dec 16 14:47:52 EST 2008 x86_64 x86_64
Počet upozornění           1
Poprvé viděno               Po 26. leden 2009, 00:03:55 CET
Naposledy viděno             Po 26. leden 2009, 00:03:55 CET
Místní ID                   fa00944d-ce01-46a3-bb16-3324d3945c8b
Čísla řádků              

Původní zprávy auditu      

node=viklef.ceplovi.cz type=AVC msg=audit(1232924635.6:336): avc:  denied  { name_connect } for  pid=4938 comm="npviewer.bin" dest=1024 scontext=staff_u:staff_r:nsplugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket

node=viklef.ceplovi.cz type=SYSCALL msg=audit(1232924635.6:336): arch=40000003 syscall=102 per=8 success=no exit=-13 a0=3 a1=37ab200 a2=1765de4 a3=0 items=0 ppid=30291 pid=4938 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="npviewer.bin" exe="/usr/lib/nspluginwrapper/npviewer.bin" subj=staff_u:staff_r:nsplugin_t:s0-s0:c0.c1023 key=(null)

Comment 1 Bug Zapper 2009-11-18 10:52:14 UTC

This message is a reminder that Fedora 10 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 10.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '10'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 10's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 10 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Comment 2 Bug Zapper 2009-12-18 07:41:51 UTC

Fedora 10 changed to end-of-life (EOL) status on 2009-12-17. Fedora 10 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.