Bug 575131 - SELinux is preventing the ktorrent (hotplug_t) from connecting to port 21526.
Summary: SELinux is preventing the ktorrent (hotplug_t) from connecting to port 21526.
Keywords:
Status: CLOSED DUPLICATE of bug 575130
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 12
Hardware: x86_64
OS: Linux
low
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: setroubleshoot_trace_hash:bf78d91ecf8...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-03-19 14:58 UTC by kerrgi
Modified: 2010-03-19 15:18 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-03-19 15:18:08 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description kerrgi 2010-03-19 14:58:10 UTC 
Summary:

SELinux is preventing the ktorrent (hotplug_t) from connecting to port 21526.

Detailed Description:

[SELinux is in permissive mode. This access was not denied.]

SELinux has denied the ktorrent from connecting to a network port 21526 which
does not have an SELinux type associated with it. If ktorrent is supposed to be
allowed to connect on this port, you can use the semanage command to add this
port to a port type that hotplug_t can connect to. semanage port -l will list
all port types. Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against the selinux-policy
package. If ktorrent is not supposed to connect to this port, this could signal
a intrusion attempt.

Allowing Access:

If you want to allow ktorrent to connect to this port semanage port -a -t
PORT_TYPE -p PROTOCOL 21526 Where PORT_TYPE is a type that hotplug_t can
connect.

Additional Information:

Source Context                unconfined_u:system_r:hotplug_t:s0
Target Context                system_u:object_r:port_t:s0
Target Objects                None [ tcp_socket ]
Source                        ktorrent
Source Path                   /usr/bin/ktorrent
Port                          21526
Host                          (removed)
Source RPM Packages           ktorrent-3.2.2-2.fc11
Target RPM Packages           
Policy RPM                    selinux-policy-3.6.12-78.fc11
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Plugin Name                   connect_ports
Host Name                     (removed)
Platform                      Linux (removed) 2.6.29.6-217.2.3.fc11.x86_64 #1 SMP
                              Wed Jul 29 16:02:42 EDT 2009 x86_64 x86_64
Alert Count                   1
First Seen                    Wed 26 Aug 2009 05:36:16 PM PDT
Last Seen                     Wed 26 Aug 2009 05:36:16 PM PDT
Local ID                      fe6d2393-b239-4a59-8251-034a6d77a9c2
Line Numbers                  

Raw Audit Messages            

node=(removed) type=AVC msg=audit(1251333376.393:143): avc:  denied  { name_connect } for  pid=3918 comm="ktorrent" dest=21526 scontext=unconfined_u:system_r:hotplug_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket

node=(removed) type=SYSCALL msg=audit(1251333376.393:143): arch=c000003e syscall=42 success=no exit=-115 a0=10 a1=10a5de0 a2=10 a3=7fff6daf23b0 items=0 ppid=1 pid=3918 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="ktorrent" exe="/usr/bin/ktorrent" subj=unconfined_u:system_r:hotplug_t:s0 key=(null)



Hash String generated from  connect_ports,ktorrent,hotplug_t,port_t,tcp_socket,name_connect
audit2allow suggests:

#============= hotplug_t ==============
#!!!! This avc can be allowed using the boolean 'allow_ypbind'

allow hotplug_t port_t:tcp_socket name_connect;
Comment 1 Miroslav Grepl 2010-03-19 15:18:08 UTC 

*** This bug has been marked as a duplicate of bug 575130 ***
Note You need to log in before you can comment on or make changes to this bug.