[Bug 1357510] New: Erlang Port Mapper Daemon Activation Socket fails to start

https://bugzilla.redhat.com/show_bug.cgi?id=1357510 Bug ID: 1357510 Summary: Erlang Port Mapper Daemon Activation Socket fails to start Product: Fedora Version: 24 Component: erlang Assignee: lemenkov(a)gmail.com Reporter: zboszor(a)pr.hu QA Contact: extras-qa(a)fedoraproject.org CC: erlang(a)lists.fedoraproject.org, jeckersb(a)redhat.com, lemenkov(a)gmail.com, rhbugs(a)n-dimensional.de, s(a)shk.io External Bug ID: Red Hat Bugzilla 1293128 Description of problem: I was trying to enable SSL in rabbitmq-server but it requires epmd to run. SELinux prevents epmd to start. Version-Release number of selected component (if applicable): erlang-18.3.4-1.fc24.x86_64 erlang-erts-18.3.4-1.fc24.x86_64 selinux-policy-targeted-3.13.1-191.fc24.3.noarch How reproducible: Always. Steps to Reproduce: 1. dnf install rabbitmq-server 2. systemctl enable epmd.socket epmd.service rabbitmq-server 3. configure SSL options in /etc/rabbitmq/rabbitmq.config 4. reboot Actual results: epmd.service has a dependency on epmd.socket but it cannot be activated: audit[1]: AVC avc: denied { create } for pid=1 comm="systemd" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=tcp_socket permissive=0 There is no setsebool toggle to allow systemd to open TCP sockets. Expected results: EPMD daemon should be able to start without socket activation. Additional info: After changing the epmd.service to not require systemd socket activation with this patch below, but #1293128 occurs: audit[7686]: AVC avc: denied { name_connect } for pid=7686 comm="epmd" dest=4369 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:epmd_port_t:s0 tclass=tcp_socket permissive=0 The patch is: --- epmd.service.orig 2016-07-18 13:55:26.584086294 +0200 +++ epmd.service 2016-07-18 13:57:40.336416375 +0200 @@ -1,11 +1,11 @@ [Unit] Description=Erlang Port Mapper Daemon After=network.target -Requires=epmd.socket +#Requires=epmd.socket [Service] -ExecStart=/usr/bin/epmd -systemd -#ExecStop=/usr/bin/epmd -kill +ExecStart=/usr/bin/epmd -daemon +ExecStop=/usr/bin/epmd -kill Type=notify StandardOutput=journal StandardError=journal -- You are receiving this mail because: You are on the CC list for the bug.