https://bugzilla.redhat.com/show_bug.cgi?id=1357510
Bug ID: 1357510
Summary: Erlang Port Mapper Daemon Activation Socket fails to
start
Product: Fedora
Version: 24
Component: erlang
Assignee: lemenkov(a)gmail.com
Reporter: zboszor(a)pr.hu
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org, jeckersb(a)redhat.com,
lemenkov(a)gmail.com, rhbugs(a)n-dimensional.de, s(a)shk.io
External Bug ID: Red Hat Bugzilla 1293128
Description of problem:
I was trying to enable SSL in rabbitmq-server but it requires epmd to run.
SELinux prevents epmd to start.
Version-Release number of selected component (if applicable):
erlang-18.3.4-1.fc24.x86_64
erlang-erts-18.3.4-1.fc24.x86_64
selinux-policy-targeted-3.13.1-191.fc24.3.noarch
How reproducible:
Always.
Steps to Reproduce:
1. dnf install rabbitmq-server
2. systemctl enable epmd.socket epmd.service rabbitmq-server
3. configure SSL options in /etc/rabbitmq/rabbitmq.config
4. reboot
Actual results:
epmd.service has a dependency on epmd.socket but it cannot be activated:
audit[1]: AVC avc: denied { create } for pid=1 comm="systemd"
scontext=system_u:system_r:init_t:s0
tcontext=system_u:system_r:unconfined_service_t:s0 tclass=tcp_socket
permissive=0
There is no setsebool toggle to allow systemd to open TCP sockets.
Expected results:
EPMD daemon should be able to start without socket activation.
Additional info:
After changing the epmd.service to not require systemd socket activation
with this patch below, but #1293128 occurs:
audit[7686]: AVC avc: denied { name_connect } for pid=7686 comm="epmd"
dest=4369 scontext=system_u:system_r:init_t:s0
tcontext=system_u:object_r:epmd_port_t:s0 tclass=tcp_socket permissive=0
The patch is:
--- epmd.service.orig 2016-07-18 13:55:26.584086294 +0200
+++ epmd.service 2016-07-18 13:57:40.336416375 +0200
@@ -1,11 +1,11 @@
[Unit]
Description=Erlang Port Mapper Daemon
After=network.target
-Requires=epmd.socket
+#Requires=epmd.socket
[Service]
-ExecStart=/usr/bin/epmd -systemd
-#ExecStop=/usr/bin/epmd -kill
+ExecStart=/usr/bin/epmd -daemon
+ExecStop=/usr/bin/epmd -kill
Type=notify
StandardOutput=journal
StandardError=journal
--
You are receiving this mail because:
You are on the CC list for the bug.