summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAtin Mukherjee <amukherj@redhat.com>2018-12-17 09:17:44 +0530
committerAtin Mukherjee <amukherj@redhat.com>2018-12-18 04:42:31 +0000
commitf9220c89ae848c72df8232163d5a990283f15f5a (patch)
tree7ce57763b1c7800e1cd8fcfe6fb04c2de037bb8f
parent0b4b111fbd80a5d400a07d61e2b99f230f9be76f (diff)
glusterd: define max-port to 60999
As glusterd scans through all the ports in its defined range, with RHEL 7.3 onwards any port beyond 60999 isn't within the ephemeral port range and following AVC denial message is seen. type=AVC msg=audit(1471946614.154:109): avc: denied { name_bind } for pid=2302 comm="glusterd" src=61000 scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:ephemeral_port_t:s0 tclass=tcp_socket Fix is to define the max port range to 60999 in glusterd.vol file. The port range can be tweaked through a reconfigure of this configuration file though. Fixes: bz#1659857 Change-Id: I60fd4a421d8509b8dca4ca13b73999ae33965f72 Signed-off-by: Atin Mukherjee <amukherj@redhat.com>
-rw-r--r--extras/glusterd.vol.in2
1 files changed, 1 insertions, 1 deletions
diff --git a/extras/glusterd.vol.in b/extras/glusterd.vol.in
index e59b17efcac..6141d8a736e 100644
--- a/extras/glusterd.vol.in
+++ b/extras/glusterd.vol.in
@@ -12,5 +12,5 @@ volume management
# option lock-timer 180
# option transport.address-family inet6
# option base-port 49152
-# option max-port 65535
+ option max-port 60999
end-volume