914816 – SElinux prevents jabberd (s2s) to connect to other jabber servers

Bug 914816 - SElinux prevents jabberd (s2s) to connect to other jabber servers

Summary: SElinux prevents jabberd (s2s) to connect to other jabber servers

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	18
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Miroslav Grepl
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-02-22 21:00 UTC by Štefan Gurský
Modified:	2013-03-03 22:41 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-03-03 22:41:56 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Debian BTS	697843	0	None	None	None	Never

Description Štefan Gurský 2013-02-22 21:00:15 UTC

Description of problem:
jabberd cannot do server to server connection.
AVC:

type=AVC msg=audit(1361563310.197:27464): avc:  denied  { name_connect } for  pid=32124 comm="s2s" dest=5269 scontext=system_u:system_r:jabberd_t:s0 tcontext=system_u:object_r:jabber_interserver_port_t:s0 tclass=tcp_socket


jabberd log:
feb 22 21:54:21 example.com jabberd/s2s[5048]: [-1] [88.86.102.50, port=5269] mio_connect error: Permission denied (13)


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. connect to jabberd using any client
2. do anything that would require contacting other jabber servers (eg.: adding contact)
  
Actual results:
jabberd cannot connect to other server, in client: error service-unavailable

Expected results:
jabberd connects to other jabber servers, in client: no error

Additional info:
Debian has the same thing reported, but with ejabberd (id 697843).

Comment 1 Miroslav Grepl 2013-02-25 12:11:25 UTC

Added.

commit 668f76a16870f1c783a57a5264216f9e0b360112
Author: Miroslav Grepl <mgrepl>
Date:   Mon Feb 25 13:10:14 2013 +0100

    Allow jabberd to connect to jabber_interserver_port_t

Comment 2 Fedora Update System 2013-03-01 13:04:04 UTC

selinux-policy-3.11.1-82.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/selinux-policy-3.11.1-82.fc18

Comment 3 Fedora Update System 2013-03-02 20:14:37 UTC

Package selinux-policy-3.11.1-82.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing selinux-policy-3.11.1-82.fc18'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-3309/selinux-policy-3.11.1-82.fc18
then log in and leave karma (feedback).

Comment 4 Fedora Update System 2013-03-03 22:41:58 UTC

selinux-policy-3.11.1-82.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.