Bug #8989
Allow connections to Docker
Fixed in Releases:
Found in Releases:
Description
Port 2375
type=AVC msg=audit(1421352630.245:15331): avc: denied { name_connect } for pid=4803 comm="ruby" dest=2375 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1421352630.245:15331): arch=c000003e syscall=42 success=no exit=-115 a0=11 a1=e912a28 a2=10 a3=58a8 items=0 ppid=1 pid=4803 auid=0 uid=496 gid=495 euid=496 suid=496 fsuid=496 egid=495 sgid=495 fsgid=495 tty=(none) ses=6 comm="ruby" exe="/opt/rh/ruby193/root/usr/bin/ruby" subj=unconfined_u:system_r:passenger_t:s0 key=(null)
Related issues
Associated revisions
History
#1
Updated by The Foreman Bot over 7 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman-selinux/pull/42 added
- Pull request deleted (
)
#2
Updated by Lukas Zapletal over 7 years ago
Workaround:
semanage boolean --on passenger_can_connect_all
#3
Updated by Lukas Zapletal over 7 years ago
- Related to Bug #8986: Getting "Error - undefined method `delete' for nil:NilClass" while trying to stop a container added
#4
Updated by Dominic Cleal over 7 years ago
- Related to Bug #9463: Docker port suggestion should be 2376 or 2375 added
#5
Updated by Dominic Cleal over 7 years ago
- Category set to Compute resources
- Assignee set to Lukas Zapletal
- Legacy Backlogs Release (now unused) set to 28
#6
Updated by Anonymous over 7 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset 0d132f68c7ab6878c62c96dd500a3ff7f00f429f.
Fixes #8989 - Add docker_port_t port and boolean
Boolean passenger_can_connect_docker allows connections to newly created
docker_port_t which is not yet defined in RHEL7/Fedora. This can be used
when users starts Docker on TCP (defaults to UNIX sockets). IANA assigned
2375 and 2376 ports for http/https communication on 2015-01-09.
Denial:
type=AVC msg=audit(1421352630.245:15331): avc: denied { name_connect } for
pid=4803 comm="ruby" dest=2375 scontext=unconfined_u:system_r:passenger_t:s0
tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket