[DSE-Dev] Bug#697843: selinux-policy-default: jabberd_t cannot connect to jabber_interserver_port_t

Marius Gavrilescu marius at ieval.ro
Thu Jan 10 10:08:58 UTC 2013


Package: selinux-policy-default
Version: 2:2.20110726-12
Severity: normal

ejabberd tries to connect to another jabber server to send messages but
SELinux doesn't like that. The audit.log entries are:
    type=AVC msg=audit(1357780653.447:17535): avc:  denied  { name_connect } for  pid=2961 comm="beam" dest=5269 scontext=system_u:system_r:jabberd_t:s0 tcontext=system_u:object_r:jabber_interserver_port_t:s0 tclass=tcp_socket
    type=SYSCALL msg=audit(1357780653.447:17535): arch=c000003e syscall=42 success=no exit=-115 a0=14 a1=7f639e5a5d8c a2=10 a3=8da7 items=0 ppid=1 pid=2961 auid=111 uid=111 gid=114 euid=111 suid=111 fsuid=111 egid=114 sgid=114 fsgid=114 tty=(none) ses=5 comm="beam" exe="/usr/lib/erlang/erts-5.9.1/bin/beam" subj=system_u:system_r:jabberd_t:s0 key=(null)
    type=SOCKADDR msg=audit(1357780653.447:17535): saddr=02001495ADC2467D0000000000000000

-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages selinux-policy-default depends on:
ii  libpam-modules   1.1.3-7.1
ii  libselinux1      2.1.9-5
ii  libsepol1        2.1.4-3
ii  policycoreutils  2.1.10-9
ii  python           2.7.3~rc2-1

Versions of packages selinux-policy-default recommends:
ii  checkpolicy  2.1.8-2
ii  setools      3.3.7-3

Versions of packages selinux-policy-default suggests:
pn  logcheck        <none>
pn  syslog-summary  <none>

-- Configuration Files:
/etc/selinux/default/modules/active/file_contexts.local [Errno 13] Permission denied: u'/etc/selinux/default/modules/active/file_contexts.local'

-- debconf-show failed



More information about the SELinux-devel mailing list