glusterfs: allow glusterd to bind to all TCP unreserved ports
Port 32767 seems to be needed by glfs_timer type=SYSCALL msg=audit(1678151692.991:193): arch=c000003e syscall=49 success=no exit=-13 a0=7 a1=43bc7241350 a2=10 a3=3968 items=0 ppid=1 pid=2401 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="glfs_timer" exe="/usr/bin/glusterfsd" subj=system_u:system_r:glusterd_t:s0 key=(null) type=AVC msg=audit(1678151692.991:193): avc: denied { name_bind } for pid=2401 comm="glfs_timer" src=32767 scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=0 Signed-off-by: Kenton Groombridge <me@concord.sh>
This commit is contained in:
parent
228e8e3f15
commit
bf546e4c4f
|
@ -108,6 +108,7 @@ corenet_tcp_connect_glusterd_port(glusterd_t)
|
|||
# Too coarse?
|
||||
corenet_sendrecv_all_server_packets(glusterd_t)
|
||||
corenet_tcp_bind_all_reserved_ports(glusterd_t)
|
||||
corenet_tcp_bind_all_unreserved_ports(glusterd_t)
|
||||
corenet_udp_bind_all_rpc_ports(glusterd_t)
|
||||
corenet_udp_bind_ipp_port(glusterd_t)
|
||||
|
||||
|
|
Loading…
Reference in New Issue