Hide Forgot
SELinux is preventing /usr/libexec/polkit-1/polkitd from 'name_bind' accesses on the tcp_socket port 877. ***** Plugin bind_ports (92.2 confidence) suggests ************************* If you want to allow /usr/libexec/polkit-1/polkitd to bind to network port 877 Then you need to modify the port type. Do # semanage port -a -t PORT_TYPE -p tcp 877 where PORT_TYPE is one of the following: . ***** Plugin catchall_boolean (7.83 confidence) suggests ******************* If you want to allow system to run with NIS Then you must tell SELinux about this by enabling the 'allow_ypbind' boolean. Do setsebool -P allow_ypbind 1 ***** Plugin catchall (1.41 confidence) suggests *************************** If you believe that polkitd should be allowed name_bind access on the port 877 tcp_socket by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep polkitd /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:policykit_t:s0-s0:c0.c1023 Target Context system_u:object_r:hi_reserved_port_t:s0 Target Objects port 877 [ tcp_socket ] Source polkitd Source Path /usr/libexec/polkit-1/polkitd Port 877 Host (removed) Source RPM Packages polkit-0.101-6.fc15 Target RPM Packages Policy RPM selinux-policy-3.9.16-23.fc15 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 2.6.38.6-26.rc1.fc15.x86_64 #1 SMP Mon May 9 20:45:15 UTC 2011 x86_64 x86_64 Alert Count 34 First Seen Wed 02 Nov 2011 03:56:39 PM CET Last Seen Wed 02 Nov 2011 04:03:51 PM CET Local ID 7bdbffc4-3ec3-4f5f-81e7-ed2cc1f0e8b4 Raw Audit Messages type=AVC msg=audit(1320246231.508:359): avc: denied { name_bind } for pid=1496 comm="polkitd" src=877 scontext=system_u:system_r:policykit_t:s0-s0:c0.c1023 tcontext=system_u:object_r:hi_reserved_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1320246231.508:359): arch=x86_64 syscall=bind success=no exit=EACCES a0=9 a1=7fff32acc680 a2=10 a3=2 items=0 ppid=1 pid=1496 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=polkitd exe=/usr/libexec/polkit-1/polkitd subj=system_u:system_r:policykit_t:s0-s0:c0.c1023 key=(null) Hash: polkitd,policykit_t,hi_reserved_port_t,tcp_socket,name_bind audit2allow #============= policykit_t ============== #!!!! This avc is allowed in the current policy allow policykit_t hi_reserved_port_t:tcp_socket name_bind; audit2allow -R #============= policykit_t ============== #!!!! This avc is allowed in the current policy allow policykit_t hi_reserved_port_t:tcp_socket name_bind;
Are you running with NIS?
Looks like this was allowed when you reported the bug. Reopen if it happens again.