[Bug 1357510] New: Erlang Port Mapper Daemon Activation Socket fails to start

Mon, 18 Jul 2016 05:01:37 -0700 

https://bugzilla.redhat.com/show_bug.cgi?id=1357510

            Bug ID: 1357510
           Summary: Erlang Port Mapper Daemon Activation Socket fails to
                    start
           Product: Fedora
           Version: 24
         Component: erlang
          Assignee: [email protected]
          Reporter: [email protected]
        QA Contact: [email protected]
                CC: [email protected], [email protected],
                    [email protected], [email protected], [email protected]
   External Bug ID: Red Hat Bugzilla 1293128



Description of problem:

I was trying to enable SSL in rabbitmq-server but it requires epmd to run.
SELinux prevents epmd to start.

Version-Release number of selected component (if applicable):

erlang-18.3.4-1.fc24.x86_64
erlang-erts-18.3.4-1.fc24.x86_64
selinux-policy-targeted-3.13.1-191.fc24.3.noarch

How reproducible:

Always.

Steps to Reproduce:
1. dnf install rabbitmq-server
2. systemctl enable epmd.socket epmd.service rabbitmq-server
3. configure SSL options in /etc/rabbitmq/rabbitmq.config
4. reboot

Actual results:

epmd.service has a dependency on epmd.socket but it cannot be activated:

audit[1]: AVC avc:  denied  { create } for  pid=1 comm="systemd"
scontext=system_u:system_r:init_t:s0
tcontext=system_u:system_r:unconfined_service_t:s0 tclass=tcp_socket
permissive=0

There is no setsebool toggle to allow systemd to open TCP sockets.

Expected results:

EPMD daemon should be able to start without socket activation.

Additional info:

After changing the epmd.service to not require systemd socket activation
with this patch below, but #1293128 occurs:

audit[7686]: AVC avc:  denied  { name_connect } for  pid=7686 comm="epmd"
dest=4369 scontext=system_u:system_r:init_t:s0
tcontext=system_u:object_r:epmd_port_t:s0 tclass=tcp_socket permissive=0

The patch is:

--- epmd.service.orig    2016-07-18 13:55:26.584086294 +0200
+++ epmd.service    2016-07-18 13:57:40.336416375 +0200
@@ -1,11 +1,11 @@
 [Unit]
 Description=Erlang Port Mapper Daemon
 After=network.target
-Requires=epmd.socket
+#Requires=epmd.socket

 [Service]
-ExecStart=/usr/bin/epmd -systemd
-#ExecStop=/usr/bin/epmd -kill
+ExecStart=/usr/bin/epmd -daemon
+ExecStop=/usr/bin/epmd -kill
 Type=notify
 StandardOutput=journal
 StandardError=journal

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
erlang mailing list
[email protected]
https://lists.fedoraproject.org/admin/lists/[email protected]

Reply via email to