Hide Forgot
SELinux is preventing /usr/libexec/telepathy-gabble from 'name_connect' accesses on the tcp_socket port 7777. ***** Plugin connect_ports (85.9 confidence) suggests ********************** If you want to allow /usr/libexec/telepathy-gabble to connect to network port 7777 Then you need to modify the port type. Do # semanage port -a -t PORT_TYPE -p tcp 7777 where PORT_TYPE is one of the following: vnc_port_t, http_port_t, jabber_client_port_t, dns_port_t, commplex_port_t. ***** Plugin catchall_boolean (7.33 confidence) suggests ******************* If you want to allow the Telepathy connection managers to connect to any generic TCP port. Then you must tell SELinux about this by enabling the 'telepathy_tcp_connect_generic_network_ports' boolean. Do setsebool -P telepathy_tcp_connect_generic_network_ports 1 ***** Plugin catchall_boolean (7.33 confidence) suggests ******************* If you want to allow system to run with NIS Then you must tell SELinux about this by enabling the 'allow_ypbind' boolean. Do setsebool -P allow_ypbind 1 ***** Plugin catchall (1.35 confidence) suggests *************************** If you believe that telepathy-gabble should be allowed name_connect access on the port 7777 tcp_socket by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep telepathy-gabbl /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:telepathy_gabble_t:s0-s0 :c0.c1023 Target Context system_u:object_r:port_t:s0 Target Objects port 7777 [ tcp_socket ] Source telepathy-gabbl Source Path /usr/libexec/telepathy-gabble Port 7777 Host (removed) Source RPM Packages telepathy-gabble-0.12.0-1.fc15 Target RPM Packages Policy RPM selinux-policy-3.9.16-15.fc15 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 2.6.38.3-18.fc15.x86_64 #1 SMP Fri Apr 22 13:24:23 UTC 2011 x86_64 x86_64 Alert Count 1 First Seen St 27. duben 2011, 13:02:27 CEST Last Seen St 27. duben 2011, 13:02:27 CEST Local ID dd6562d8-830e-4849-8982-066132442b98 Raw Audit Messages type=AVC msg=audit(1303902147.611:58): avc: denied { name_connect } for pid=2962 comm="telepathy-gabbl" dest=7777 scontext=unconfined_u:unconfined_r:telepathy_gabble_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1303902147.611:58): arch=x86_64 syscall=connect success=no exit=EINPROGRESS a0=10 a1=7fff55c05c00 a2=10 a3=0 items=0 ppid=1 pid=2962 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm=telepathy-gabbl exe=/usr/libexec/telepathy-gabble subj=unconfined_u:unconfined_r:telepathy_gabble_t:s0-s0:c0.c1023 key=(null) Hash: telepathy-gabbl,telepathy_gabble_t,port_t,tcp_socket,name_connect audit2allow #============= telepathy_gabble_t ============== #!!!! This avc can be allowed using one of the these booleans: # telepathy_tcp_connect_generic_network_ports, allow_ypbind allow telepathy_gabble_t port_t:tcp_socket name_connect; audit2allow -R #============= telepathy_gabble_t ============== #!!!! This avc can be allowed using one of the these booleans: # telepathy_tcp_connect_generic_network_ports, allow_ypbind allow telepathy_gabble_t port_t:tcp_socket name_connect;
This happened when I was sending a file via Jabber file transfer. A file transfer proxy (XMPP "streamhost") may have been used for the transfer. Port 7777 is not unusual for XMPP file transfer proxies.
Fixed in selinux-policy-3.9.16-17.fc15