Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 391909 - sec-policy/selinux-inetd needs to be allowed to bind to pop/imap ports
Summary: sec-policy/selinux-inetd needs to be allowed to bind to pop/imap ports
Status: VERIFIED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Hardened (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Sven Vermeulen (RETIRED)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-11-25 23:28 UTC by Stan Sander
Modified: 2012-01-29 11:25 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Patch to allow binding to pop_port_t (inetd.te.patch,390 bytes, patch)
2011-11-25 23:29 UTC, Stan Sander 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stan Sander 2011-11-25 23:28:31 UTC 
The current inetd policy does not allow xinetd to bind to pop_port_t.  This is needed if you run a pop or imap server out of xinetd.  

Nov 19 19:16:22 siren xinetd[3434]: bind failed (Permission denied (errno = 13)). service = imaps
Nov 19 19:16:22 siren xinetd[3434]: Service imaps failed to start and is deactivated.
Nov 19 19:16:22 siren xinetd[3434]: xinetd Version 2.3.14 started with loadavg options compiled in.
Nov 19 19:16:22 siren kernel: type=1400 audit(1321755382.057:233): avc:  denied  { name_bind } for  pid=3434 comm="xinetd" src=993 scontext=system_u:system_r:inetd_t tcontext=system_u:object_r:pop_port_t tclass=tcp_socket
Comment 1 Stan Sander 2011-11-25 23:29:23 UTC 
Created attachment 293777 [details, diff]
Patch to allow binding to pop_port_t
Comment 2 Sven Vermeulen (RETIRED) gentoo-dev 2011-11-27 18:37:15 UTC 
Thanks
Comment 3 Sven Vermeulen (RETIRED) gentoo-dev 2011-11-27 18:54:49 UTC 
Should be in hardened-dev overlay.
Comment 4 Sven Vermeulen (RETIRED) gentoo-dev 2011-12-05 21:16:29 UTC 
In portage tree, ~arch
Comment 5 Sven Vermeulen (RETIRED) gentoo-dev 2012-01-29 11:25:29 UTC 
Stabilized