Bug 812487 - Bip cannot bind to bitlbee(?)
Bip cannot bind to bitlbee(?)
Product: Fedora
Classification: Fedora
Component: bitlbee (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Robert Scheck
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2012-04-13 17:55 EDT by Adam Williamson
Modified: 2012-05-09 09:38 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-05-09 09:38:51 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Adam Williamson 2012-04-13 17:55:08 EDT
On my IRC proxy server machine I run Bitlbee - http://www.bitlbee.org/main.php/news.r.html - which proxies IM traffic and serves it out as IRC traffic, and I *also* run Bip - http://bip.milkypond.org/ - which is a classic IRC bouncer. I have Bip connected to some 'normal' IRC servers - Freenode, GIMPNet et al - but also to the Bitlbee server running on the same machine.

I just updated Bip and on restart it's suddenly failing, with an SELinux denial:

Apr 13 14:50:46 ircproxy kernel: [1130671.241638] type=1400 audit(1334353846.325:24): avc:  denied  { name_bind } for  pid=27865 comm="bip" src=17037 scontext=system_u:system_r:bitlbee_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket

it never used to do so. Is this a policy bug? Or do we need to ship some kind of policy in the Bip and/or Bitlbee package(s) to allow this? Or is it just something I need to enable as a sysadmin? Thanks!
Comment 1 Miroslav Grepl 2012-04-16 03:52:09 EDT
Did you setup 17037/tcp port?
Comment 2 Adam Williamson 2012-05-08 19:13:44 EDT
i picked the port, yeah. it's arbitrary.

Fedora Bugzappers volunteer triage team
Comment 3 Adam Williamson 2012-05-08 19:14:29 EDT
bip's default is 6667, the standard IRC port.
Comment 4 Daniel Walsh 2012-05-09 09:38:51 EDT
Then you need to execute 

semanage port -a -t ircd_port_t -p tcp 17037

Note You need to log in before you can comment on or make changes to this bug.