Hide Forgot
(this is F11 rebuild of F12 package of pidgin) port 5298 is perfectly legitimate port to bind for Local-link XMPP Local LAN Messaging (http://xmpp.org/extensions/xep-0174.html). bradford:~# grep 5298 /etc/services presence 5298/tcp # XMPP Link-Local Messaging presence 5298/udp # XMPP Link-Local Messaging bradford:~# =================== SELinux is preventing the users from running TCP servers in the usedomain. Podrobný popis: SELinux has denied the pidgin program from binding to a network port 5298 which does not have an SELinux type associated with it. pidgin does not have an SELinux policy defined for it when run by the user, so it runs in the users domain. SELinux is currently setup to deny TCP server to run within the user domain. If you did not expect programs like pidgin to bind to a network port, then this could signal a intrusion attempt. If this system is running as an NIS Client, turning on the allow_ypbind boolean, may fix the problem. setsebool -P allow_ypbind=1. Povolení přístupu: If you want to allow user programs to run as TCP Servers, you can turn on the user_tcp_server boolean, by executing: setsebool -P user_tcp_server=1 Příkaz pro opravu: setsebool -P user_tcp_server=1 Další informace: Kontext zdroje staff_u:staff_r:staff_t:s0-s0:c0.c1023 Kontext cíle system_u:object_r:port_t:s0 Objekty cíle None [ tcp_socket ] Zdroj pidgin Cesta zdroje /usr/bin/pidgin Port 5298 Počítač bradford RPM balíčky zdroje pidgin-2.6.0-0.11.20090812.fc11 RPM balíčky cíle RPM politiky selinux-policy-3.6.12-72.fc11 Selinux povolen True Typ politiky targeted MLS povoleno True Vynucovací režim Enforcing Název zásuvného modulu user_tcp_server Název počítače bradford Platforma Linux bradford 2.6.29.6-217.2.3.fc11.x86_64 #1 SMP Wed Jul 29 16:02:42 EDT 2009 x86_64 x86_64 Počet upozornění 1 Poprvé viděno Pá 14. srpen 2009, 15:14:15 CEST Naposledy viděno Pá 14. srpen 2009, 15:14:15 CEST Místní ID 6af5fbba-7a7f-4ed6-9e66-e7472dcf192f Čísla řádků Původní zprávy auditu node=bradford type=AVC msg=audit(1250255655.360:64): avc: denied { name_bind } for pid=3122 comm="pidgin" src=5298 scontext=staff_u:staff_r:staff_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket node=bradford type=SYSCALL msg=audit(1250255655.360:64): arch=c000003e syscall=49 success=no exit=-13 a0=11 a1=7ffffa2ae750 a2=10 a3=20 items=0 ppid=3121 pid=3122 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="pidgin" exe="/usr/bin/pidgin" subj=staff_u:staff_r:staff_t:s0-s0:c0.c1023 key=(null)
Why are you assigning this to me? Please reassign to selinux-policy. Is this still an issue now with latest rawhide?
Sorry, forgot to add Dan to CC list.
This is not a bug it is a configuration issue. If you want to run services in user space you need to turn on the boolean.