Jordan Erickson
2023-Oct-16 19:34 UTC
[Icecast] "Could not create listener socket on port" error only when using systemd service
On 10/16/23 10:37, Michael C Cambria wrote:> > Hi, > > I'm using icecast via Fedora 37 package and systemd service to start. > > I've added multiple <listen-socket> but get: > > "EROR connection/connection_setup_sockets Could not create listener > socket on port xxx"*snip* That error sounds like it could either be an issue relating to which user is starting the Icecast daemon (f.e. typically only root can listen on ports < 1024), or there'salready a service running on the requested port (which you seem to have verified it's not). What are these multiple listening sockets you've got going btw? Sounds related. Post the part of the config for this if you're able. Cheers, Jordan https://subj.am/ -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.xiph.org/pipermail/icecast/attachments/20231016/07588bd5/attachment.htm>
Petr Pisar
2023-Oct-17 08:51 UTC
[Icecast] "Could not create listener socket on port" error only when using systemd service
V?Mon, Oct 16, 2023 at 12:34:42PM -0700,?Jordan Erickson napsal(a):> On 10/16/23 10:37, Michael C Cambria wrote: > > I'm using icecast via Fedora 37 package and systemd service to start. > > > > I've added multiple <listen-socket> but get: > > > > "EROR connection/connection_setup_sockets Could not create listener > > socket on port xxx" > *snip* > > That error sounds like it could either be an issue relating to which user is > starting the Icecast daemon (f.e. typically only root can listen on ports < > 1024), or there'salready a service running on the requested port (which you > seem to have verified it's not). > > What are these multiple listening sockets you've got going btw? Sounds > related. Post the part of the config for this if you're able. >It's rather caused by a SELinux policy which only allows icecast daemon to listen on TCP/8000 port: # sesearch --allow -s icecast_t -c tcp_socket [...] allow icecast_t port_type:tcp_socket name_bind; [ icecast_use_any_tcp_ports ]:True allow icecast_t port_type:tcp_socket name_connect; [ icecast_use_any_tcp_ports ]:True allow icecast_t port_type:tcp_socket { recv_msg send_msg }; [ icecast_use_any_tcp_ports ]:True allow icecast_t soundd_port_t:tcp_socket { name_bind name_connect recv_msg send_msg }; If it's the cause, a corresponding log entry about denying the deamon to bind a socket to the nonstandard port should appear in /var/log/audit/audit.log when the deamon starts. If one indeed wants to use any port by icecast, one can enable icecast_use_any_tcp_ports SELinux boolean with # setsebool icecast_use_any_tcp_ports on The status can be queried like this: # getsebool icecast_use_any_tcp_ports icecast_use_any_tcp_ports --> on -- Petr -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: <http://lists.xiph.org/pipermail/icecast/attachments/20231017/35784daa/attachment.sig>