andy/glusterfs
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

glusterd: define max-port to 60999

Browse Source 
As glusterd scans through all the ports in its defined range, with RHEL
7.3 onwards any port beyond 60999 isn't within the ephemeral port range
and following AVC denial message is seen.

type=AVC msg=audit(1471946614.154:109): avc:  denied  { name_bind } for
pid=2302 comm="glusterd" src=61000 scontext=system_u:system_r:glusterd_t:s0
tcontext=system_u:object_r:ephemeral_port_t:s0 tclass=tcp_socket

Fix is to define the max port range to 60999 in glusterd.vol file. The
port range can be tweaked through a reconfigure of this configuration
file though.

Fixes: bz#1659857
Change-Id: I60fd4a421d8509b8dca4ca13b73999ae33965f72
Signed-off-by: Atin Mukherjee <amukherj@redhat.com>
This commit is contained in:
Atin Mukherjee 2018-12-17 09:17:44 +05:30
parent 0b4b111fbd
commit f9220c89ae
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
extras/glusterd.vol.in
View File

@ -12,5 +12,5 @@ volume management
# option lock-timer 180
# option transport.address-family inet6
# option base-port 49152
# option max-port 65535
option max-port 60999
end-volume