Zusammenfassung: SELinux is preventing /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/bin/java from connecting to port 58974. Detaillierte Beschreibung: [SELinux ist in freizügigem Modus. Dieser Zugriff wurde nicht verweigert.] SELinux has denied java from connecting to a network port 58974 which does not have an SELinux type associated with it. If java should be allowed to connect on 58974, use the semanage command to assign 58974 to a port type that abrt_helper_t can connect to (ldap_port_t, dns_port_t, kerberos_port_t, ocsp_port_t). If java is not supposed to connect to 58974, this could signal a intrusion attempt. Zugriff erlauben: If you want to allow java to connect to 58974, you can execute semanage port -a -t PORT_TYPE -p tcp 58974 where PORT_TYPE is one of the following: ldap_port_t, dns_port_t, kerberos_port_t, ocsp_port_t. Zusätzliche Informationen: Quellkontext unconfined_u:system_r:abrt_helper_t:s0-s0:c0.c1023 Zielkontext system_u:object_r:port_t:s0 Zielobjekte None [ tcp_socket ] Quelle java Quellpfad /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre /bin/java Port 58974 Host (removed) RPM-Pakete der Quelle java-1.6.0-openjdk-1.6.0.0-37.b17.fc12 RPM-Pakete des Ziels Richtlinien-RPM selinux-policy-3.6.32-113.fc12 SELinux aktiviert True Richtlinientyp targeted Enforcing-Modus Permissive Plugin-Name connect_ports Rechnername (removed) Plattform Linux (removed) 2.6.32.11-99.fc12.x86_64 #1 SMP Mon Apr 5 19:59:38 UTC 2010 x86_64 x86_64 Anzahl der Alarme 0 Zuerst gesehen Sa 08 Mai 2010 20:40:43 CEST Zuletzt gesehen Sa 08 Mai 2010 20:40:43 CEST Lokale ID 7e4bb7a6-2706-49ce-aec1-e291e83e8cd0 Zeilennummern Raw-Audit-Meldungen node=(removed) type=AVC msg=audit(1273344043.170:26127): avc: denied { name_connect } for pid=4247 comm="java" dest=58974 scontext=unconfined_u:system_r:abrt_helper_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket node=(removed) type=SYSCALL msg=audit(1273344043.170:26127): arch=c000003e syscall=42 success=yes exit=0 a0=88 a1=7f4698aa5c20 a2=1c a3=7f4698aa59b0 items=0 ppid=4149 pid=4247 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=7 comm="java" exe="/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/bin/java" subj=unconfined_u:system_r:abrt_helper_t:s0-s0:c0.c1023 key=(null) Hash String generated from connect_ports,java,abrt_helper_t,port_t,tcp_socket,name_connect audit2allow suggests: #============= abrt_helper_t ============== #!!!! This avc can be allowed using the boolean 'allow_ypbind' allow abrt_helper_t port_t:tcp_socket name_connect;
*** This bug has been marked as a duplicate of bug 590308 ***