Project

General

Profile

Bug #8989

Allow connections to Docker

Added by Lukas Zapletal almost 6 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Lukas Zapletal
Category:
Compute resources
Target version:
1.8.0
Difficulty:
Triaged:
Bugzilla link:
Pull request:
https://github.com/theforeman/foreman-selinux/pull/42
Fixed in Releases:
Found in Releases:

Description

Port 2375

type=AVC msg=audit(1421352630.245:15331): avc:  denied  { name_connect } for  pid=4803 comm="ruby" 
dest=2375 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:port_t:s0
tclass=tcp_socket
type=SYSCALL msg=audit(1421352630.245:15331): arch=c000003e syscall=42 success=no exit=-115 a0=11
a1=e912a28 a2=10 a3=58a8 items=0 ppid=1 pid=4803 auid=0 uid=496 gid=495 euid=496 suid=496 fsuid=496
egid=495 sgid=495 fsgid=495 tty=(none) ses=6 comm="ruby" exe="/opt/rh/ruby193/root/usr/bin/ruby" 
subj=unconfined_u:system_r:passenger_t:s0 key=(null)

Related issues

Related to Docker - Bug #8986: Getting "Error - undefined method `delete' for nil:NilClass" while trying to stop a containerReady For Testing2015-01-15
Related to Docker - Bug #9463: Docker port suggestion should be 2376 or 2375New2015-02-19

Associated revisions

Revision 0d132f68 (diff)
Added by Lukas Zapletal almost 6 years ago

Fixes #8989 - Add docker_port_t port and boolean

Boolean passenger_can_connect_docker allows connections to newly created
docker_port_t which is not yet defined in RHEL7/Fedora. This can be used
when users starts Docker on TCP (defaults to UNIX sockets). IANA assigned
2375 and 2376 ports for http/https communication on 2015-01-09.

Denial:

type=AVC msg=audit(1421352630.245:15331): avc: denied { name_connect } for
pid=4803 comm="ruby" dest=2375 scontext=unconfined_u:system_r:passenger_t:s0
tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket

History

#1 Updated by The Foreman Bot almost 6 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman-selinux/pull/42 added
  • Pull request deleted ()

#2 Updated by Lukas Zapletal almost 6 years ago

Workaround:

semanage boolean --on passenger_can_connect_all

#3 Updated by Lukas Zapletal almost 6 years ago

  • Related to Bug #8986: Getting "Error - undefined method `delete' for nil:NilClass" while trying to stop a container added

#4 Updated by Dominic Cleal almost 6 years ago

  • Related to Bug #9463: Docker port suggestion should be 2376 or 2375 added

#5 Updated by Dominic Cleal almost 6 years ago

  • Category set to Compute resources
  • Assignee set to Lukas Zapletal
  • Legacy Backlogs Release (now unused) set to 28

#6 Updated by Anonymous almost 6 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

Also available in: Atom PDF