try to disable the selinux module. I can setup devstack env on my fedora machine with selinux disabled
on my fedora machine, selinux is disable, and port 5000 look likes are still used by selinux, [ray@fedora devstack]$ sudo semanage port -l|grep 5000 cluster_port_t tcp 5149, 40040, 50006-50008 cluster_port_t udp 5149, 50006-50008 commplex_main_port_t tcp 5000 commplex_main_port_t udp 5000 [ray@fedora devstack]$ netstat -anp | grep 5000 tcp 0 0 0.0.0.0:5000 0.0.0.0:* LISTEN 6171/python [ray@fedora devstack]$ ps -ef | grep python ray 6171 5695 0 21:34 pts/3 00:00:07 python /opt/stack/keystone/bin/keystone-all --config-file /etc/keystone/keystone.conf --debug On Thu, Jul 17, 2014 at 10:23 PM, Rich Megginson <[email protected]> wrote: > On 07/16/2014 10:40 PM, Joe Jiang wrote: > > Hi all, > Thanks for your responds. > > I try to running # sudo semanage port -l|grep 5000 in my envrionment and > get same infomation. > >> ... > >> commplex_main_port_t tcp 5000 > >> commplex_main_port_t udp 5000 > then, I wanna remove this port(5000) from SELinux policy rules list use > this command(semanage port -d -p tcp -t commplex_port_t 5000), > the console echo is "/usr/sbin/semanage: Port tcp/5000 is defined in > policy, cannot be deleted", and 'udp/5000' is same reply. > Some sounds[1] say, this port is declared in the corenetwork source policy > which is compiled in the base module. > So, Have to recompile selinux module? > > > I think that's the only way to do it if you want to relabel port 5000. > > > > > > Thanks. > Joe. > > [1] > > http://www.redhat.com/archives/fedora-selinux-list/2009-September/msg00056.html > > > > > > >> Another problem with port 5000 in Fedora, and probably more recent > >> versions of RHEL, is the selinux policy: > >> > >> # sudo semanage port -l|grep 5000 > >> ... > >> commplex_main_port_t tcp 5000 > >> commplex_main_port_t udp 5000 > >> > >> There is some service called "commplex" that has already "claimed" port > >> 5000 for its use, at least as far as selinux goes. > > > > > > > > _______________________________________________ > OpenStack-dev mailing list > [email protected] > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >
_______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
