On 02/12/2017 10:40 AM, Gordon Messmer wrote:> I'm not seeing those errors logged, either, so maybe your system > differs from mine. If I'm misreading, hopefully someone will chime in > to clarify.... Also, it might be useful to get the AVCs on your system. The bug entry indicated that you'd need to enable debugging (semodule -DB, and later use semodule -B to disable debugging) to get them. While in debugging mode, audit.log should contain confirmation that SELinux is blocking the port use. That log entry should tell us more about how to address the problem.
On 02/12/2017 01:43 PM, Gordon Messmer wrote:> On 02/12/2017 10:40 AM, Gordon Messmer wrote: >> I'm not seeing those errors logged, either, so maybe your system >> differs from mine. If I'm misreading, hopefully someone will chime >> in to clarify. > > > ... Also, it might be useful to get the AVCs on your system.? What do I install for this? BTW, this is a Centos7-armv7 image, but that should not make a difference in base C7 component availability.> The bug entry indicated that you'd need to enable debugging > (semodule -DB, and later use semodule -B to disable debugging) to get > them. While in debugging mode, audit.log should contain confirmation > that SELinux is blocking the port use. That log entry should tell us > more about how to address the problem. > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >
On 02/12/2017 10:50 AM, Robert Moskowitz wrote:> ? What do I install for this?You don't have to install anything. You'd just temporarily disable "dontaudit" rules by running "semodule -BD". Give named time to log additional "permission denied" errors, and then look for related AVC messages in /var/log/audit/audit.log. Send those logs to the list and we can troubleshoot further.