I also just wrote an setroubleshoot description for this error.
Summary
SELinux is preventing the users from running TCP servers in the
usedomain.
Detailed Description
SELinux has denied the nc program from binding to a network port
3333 which
does not have an SELinux type associated with it. nc does not have an
SELinux policy defined for it when run by the user, so it runs in
the users
domain. The userdomain currently does not allow TCP server to run
within
its domain. If you did not expect programs like nc to be network
bind, this
could signal a intrusion attempt. If this system is running as an NIS
Client, turning on the allow_ypbind boolean, may fix the problem.
setsebool
-P allow_ypbind=1.
Allowing Access
If you want to allow user programs to run as TCP Servers, you can
turn on
the user_tcp_server boolean, by executing: setsebool -P
user_tcp_server=1
The following command will allow this access:
setsebool -P user_tcp_server=1
Additional Information
Source Context root:user_r:user_t:s0-s15:c0.c1023
Target Context system_u:object_r:port_t
Target Objects None [ tcp_socket ]
Affected RPM Packages
Policy RPM
Selinux Enabled
Policy Type
MLS Enabled
Enforcing Mode
Plugin Name plugins.user_tcp_server
Host Name
Platform
Alert Count 1
Line Numbers 1
Raw Audit Messages
avc: denied { name_bind } for comm="nc" pid=31873
scontext=root:user_r:user_t:s0-s15:c0.c1023 src=3333 tclass=tcp_socket
tcontext=system_u:object_r:port_t:s0
--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp
