Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 5 product line. The current stable release is 5.10. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 697804

Summary: SELinux denies any SCTP communication
Product: Red Hat Enterprise Linux 5 Reporter: Jan Safranek <jsafrane>
Component: selinux-policy-targetedAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED ERRATA QA Contact: Milos Malik <mmalik>
Severity: medium Docs Contact:
Priority: medium    
Version: 5.6CC: dwalsh, eteo, jrieden, mmalik
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: selinux-policy-2.4.6-306.el5 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-07-21 09:20:01 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jan Safranek 2011-04-19 10:33:26 UTC
Description of problem:
any process (even unconfined_t!) cannot listen on SCTP port

Version-Release number of selected component (if applicable):
selinux-policy-targeted-2.4.6-302.el5

How reproducible:
always

Steps to Reproduce:
1. yum install lksctp-tools
2. sctp_darn -l -H 127.0.0.1 -P 1234
  
Actual results:
sctp_darn: can not bind to 127.0.0.1:1234: Permission denied.

Apr 19 10:30:24 rhel5 kernel: type=1400 audit(1303201824.942:23): avc:  denied  { name_bind } for  pid=5187 comm="sctp_darn" src=1234 scontext=user_u:system_r:unconfined_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=rawip_socket


Expected results:
sctp_darn listening...

Comment 1 Miroslav Grepl 2011-04-19 11:13:06 UTC
I added a fix. We have this in RHEL6.

Comment 3 Miroslav Grepl 2011-05-19 15:26:49 UTC
Fixed in selinux-policy-2.4.6-306.el5

Comment 6 Eugene Teo (Security Response) 2011-07-20 00:44:08 UTC
(In reply to comment #1)
> I added a fix. We have this in RHEL6.

Can you please attach the fix to this bug? Thanks.

Comment 7 errata-xmlrpc 2011-07-21 09:20:01 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-1069.html

Comment 8 errata-xmlrpc 2011-07-21 11:56:32 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-1069.html