From: Linda K. <lin...@hp...> - 2011-04-22 03:44:54
|
Hi Joe, Joe Nall wrote: > On Apr 21, 2011, at 9:43 PM, Linda Knippers wrote: > >> Hi Jim, >> >> In our meeting today you mentioned that you had to disable a bind in order >> to get the network test daemon to run. Can you say a little more about >> that? What bind did you have to disable? >> >> What I'm seeing is that xinetd can't bind to the ports (EPERM) for the 2 >> lblnet_tst services so it disables them. I don't understand why the bind >> is failing though. It works in permissive mode so you'd think I'd find some >> AVCs but there aren't any. That makes me think there's a dontaudit rule >> that's hiding it. >> >> What problem did you see and how did you get around it? > > Are you sure you are not using ports that have been assigned types already? > > seinfo --portcon Wow, that was it. Thanks! I had tried picking different ports but managed to pick other ports the selinux cared about. I didn't know about that command and I didn't know that selinux would even enforce port assignments. There was no AVC either. :-( Thanks again Joe. You saved me a bunch of time. I hope you're doing well. -- ljk > > joe > > |