Project

General

Profile

Bug #5981

Passenger opens up udp port

Added by Lukas Zapletal over 7 years ago. Updated almost 6 years ago.

Status:
Closed
Priority:
Normal
Category:
-
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:

Description

Staypuft installer:

# audit2why -wa
type=AVC msg=audit(1401197569.085:2565): avc:  denied  { name_bind } for  pid=9349 comm="ruby" src=17659 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=udp_socket

# audit2allow -R
corenet_udp_bind_generic_port(passenger_t)

We are re-testing to see if the port is random or not. Strange UDP port.


Related issues

Related to SELinux - Bug #8030: Permission denied - bind(2) on DNS lookup when creating a hostClosed2014-10-22

History

#1 Updated by Lukas Zapletal over 7 years ago

And another run:

type=AVC msg=audit(1401367752.666:1209): avc:  denied  { name_bind } for  pid=16698 comm="ruby" src=7108 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=udp_socket

Different UDP port is bound. Hmmmm.

#2 Updated by Luis Fernández almost 6 years ago

Do you have any update about what is triggering this alert on SELinux? I see it from time to time and I would like to understand it before polishing the module.

#3 Updated by Lukas Zapletal almost 6 years ago

  • Status changed from New to Closed

This was fixed in #8030 - it was a DNS Ruby library.

#4 Updated by Lukas Zapletal almost 6 years ago

  • Related to Bug #8030: Permission denied - bind(2) on DNS lookup when creating a host added

Also available in: Atom PDF