Project

General

Profile

Actions
Copy link

Bug #5981

closed

Passenger opens up udp port

Added by Lukas Zapletal over 10 years ago. Updated about 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Lukas Zapletal
Category:
-
Target version:
-
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Staypuft installer:

# audit2why -wa
type=AVC msg=audit(1401197569.085:2565): avc:  denied  { name_bind } for  pid=9349 comm="ruby" src=17659 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=udp_socket

# audit2allow -R
corenet_udp_bind_generic_port(passenger_t)

We are re-testing to see if the port is random or not. Strange UDP port.

Related issues 1 (0 open1 closed)

Related to SELinux - Bug #8030: Permission denied - bind(2) on DNS lookup when creating a hostClosed10/22/2014Actions
Actions
Copy link
 #1

Updated by Lukas Zapletal over 10 years ago

And another run:

type=AVC msg=audit(1401367752.666:1209): avc:  denied  { name_bind } for  pid=16698 comm="ruby" src=7108 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=udp_socket

Different UDP port is bound. Hmmmm.

Actions
Copy link
 #2

Updated by Luis Fernández about 9 years ago

Do you have any update about what is triggering this alert on SELinux? I see it from time to time and I would like to understand it before polishing the module.

Actions
Copy link
 #3

Updated by Lukas Zapletal about 9 years ago

  • Status changed from New to Closed

This was fixed in #8030 - it was a DNS Ruby library.

Actions
Copy link
 #4

Updated by Lukas Zapletal about 9 years ago

  • Related to Bug #8030: Permission denied - bind(2) on DNS lookup when creating a host added
Actions
Copy link

Also available in: Atom PDF