Bug #5981
closed
Passenger opens up udp port
Added by Lukas Zapletal over 10 years ago.
Updated about 9 years ago.
Description
Staypuft installer:
# audit2why -wa
type=AVC msg=audit(1401197569.085:2565): avc: denied { name_bind } for pid=9349 comm="ruby" src=17659 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=udp_socket
# audit2allow -R
corenet_udp_bind_generic_port(passenger_t)
We are re-testing to see if the port is random or not. Strange UDP port.
And another run:
type=AVC msg=audit(1401367752.666:1209): avc: denied { name_bind } for pid=16698 comm="ruby" src=7108 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=udp_socket
Different UDP port is bound. Hmmmm.
Do you have any update about what is triggering this alert on SELinux? I see it from time to time and I would like to understand it before polishing the module.
- Status changed from New to Closed
This was fixed in #8030 - it was a DNS Ruby library.
- Related to Bug #8030: Permission denied - bind(2) on DNS lookup when creating a host added
Also available in: Atom
PDF
Updated by 
Updated by