$ rtorrent https://tails.boum.org/torrents/files/tails-i386-1.3.torrent rtorrent: Could not open/bind port for listening: Permission denied # ausearch -ts recent | head ---- time->Sun Mar 1 15:32:32 2015 type=UNKNOWN[1327] msg=audit(1425220352.926:316): proctitle=72746F7272656E740068747470733A2F2F7461696C732E626F756D2E6F72672F746F7272656E74732F66696C65732F7461696C732D693338362D312E332E746F7272656E74 type=SOCKADDR msg=audit(1425220352.926:316): saddr=02001B0E000000000000000000000000 type=SYSCALL msg=audit(1425220352.926:316): arch=c000003e syscall=49 success=no exit=-13 a0=6 a1=3c74b208e30 a2=10 a3=3c74b208dd4 items=0 ppid=16115 pid=16290 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts0 ses=1 comm="rtorrent" exe="/usr/bin/rtorrent" subj=staff_u:sysadm_r:rtorrent_t:s0 key=(null) type=AVC msg=audit(1425220352.926:316): avc: denied { name_bind } for pid=16290 comm="rtorrent" src=6926 scontext=staff_u:sysadm_r:rtorrent_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=0 Granting "corenet_tcp_bind_all_unreserved_ports(rtorrent_t)" fixes this.
rtorrent seems to start from port 6926 and then iterates until 6999, then jumps to 6881 and goes on until 6926 again.
I've added TCP:6926 as an rtorrent_port_t so that we don't need to grant "all unreserved ports" usage to the application, yet still support the application as it is out-of-the-box. In repo, will be part of rev 4
Now in repo, ~arch
r4 is stable