|Summary:||ypserv not binding to a port <1024|
|Product:||[Fedora] Fedora||Reporter:||David Highley <dhighley>|
|Component:||selinux-policy-targeted||Assignee:||Steve Dickson <steved>|
|Status:||CLOSED CURRENTRELEASE||QA Contact:|
|Fixed In Version:||Current||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2007-04-18 16:26:44 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
|Bug Depends On:|
Description David Highley 2007-04-01 01:06:04 UTC
Description of problem: Not binding to a low port. Version-Release number of selected component (if applicable): ypserv-2.19-3 How reproducible: Everytime Steps to Reproduce: 1. 2. 3. Actual results: From /var/log/messages: Mar 31 12:36:02 douglas ypbind: Answer for domain 'highley-recommended.com ' from '10.2.2.7' on illegal port 32768. Expected results: Additional info: ypserv seems to be binding to high ports. I tried -p and --port as options to force it to use a port below 1024 but the service would not start. Ended up adding --broken-server option to ypbind as a temporary work around.
Comment 1 Habig, Alec 2007-04-03 18:15:10 UTC
I can confirm this, although it seems to be a result of the new selinux policy, selinux-policy-targeted-2.4.6-46.fc6 rather than ypserv itself, so should be assigned to the selinux component instead of ypserv. Backing out to selinux-policy-targeted-2.4.6-42 or setting selinux to permissive cures the problem.
Comment 2 David Highley 2007-04-03 23:00:12 UTC
Darn, I thought I tested for that and checked the audit log. Will move it based on your test results to a selinux policy issue.
Comment 3 Habig, Alec 2007-04-03 23:07:54 UTC
The audit log was pretty un-informative about what was happening - I never did pin down an actual "deny" I could append to this bug report. All I know is what I did to let people log into my YP slave machines again after a morning of flailing :)
Comment 5 Daniel Walsh 2007-04-05 13:26:45 UTC
Fixed in selinux-policy-2.4.6-52
Comment 6 Habig, Alec 2007-04-18 14:06:10 UTC
I can confirm that selinux-policy-2.4.6-54 (the version pushed on the updates server) has cured this problem.