697804 – SELinux denies any SCTP communication

Bug 697804 - SELinux denies any SCTP communication

Summary: SELinux denies any SCTP communication

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	selinux-policy-targeted
Sub Component:
Version:	5.6
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Miroslav Grepl
QA Contact:	Milos Malik
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-04-19 10:33 UTC by Jan Safranek
Modified:	2012-10-16 11:24 UTC (History)
CC List:	4 users (show)
Fixed In Version:	selinux-policy-2.4.6-306.el5
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-07-21 09:20:01 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2011:1069	0	normal	SHIPPED_LIVE	selinux-policy bug fix and enhancement update	2011-07-21 09:18:27 UTC

Description Jan Safranek 2011-04-19 10:33:26 UTC

Description of problem:
any process (even unconfined_t!) cannot listen on SCTP port

Version-Release number of selected component (if applicable):
selinux-policy-targeted-2.4.6-302.el5

How reproducible:
always

Steps to Reproduce:
1. yum install lksctp-tools
2. sctp_darn -l -H 127.0.0.1 -P 1234
  
Actual results:
sctp_darn: can not bind to 127.0.0.1:1234: Permission denied.

Apr 19 10:30:24 rhel5 kernel: type=1400 audit(1303201824.942:23): avc:  denied  { name_bind } for  pid=5187 comm="sctp_darn" src=1234 scontext=user_u:system_r:unconfined_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=rawip_socket


Expected results:
sctp_darn listening...

Comment 1 Miroslav Grepl 2011-04-19 11:13:06 UTC

I added a fix. We have this in RHEL6.

Comment 3 Miroslav Grepl 2011-05-19 15:26:49 UTC

Fixed in selinux-policy-2.4.6-306.el5

Comment 6 Eugene Teo (Security Response) 2011-07-20 00:44:08 UTC

(In reply to comment #1)
> I added a fix. We have this in RHEL6.

Can you please attach the fix to this bug? Thanks.

Comment 7 errata-xmlrpc 2011-07-21 09:20:01 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-1069.html

Comment 8 errata-xmlrpc 2011-07-21 11:56:32 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-1069.html

Note You need to log in before you can comment on or make changes to this bug.