-
Bug
-
Resolution: Duplicate
-
Critical
-
None
-
RH415 - RHEL9.2-en-2-20240306
-
None
-
False
-
-
False
-
3
-
-
-
en-US (English)
Please fill in the following information:
| URL: | https://role.rhu.redhat.com/rol-rhu/app/courses/rh415-9.2/pages/ch08s06 |
| Reporter RHNID: | slauber |
| Section Title: | "Guided Exercise: Auditing the SELinux Policy" |
Section Id: selinux-auditing-ge **
Issue description:
step 1.8 fails to start httpd IF chapter 3 nbde exercises have been done.
error starting httpd is
(13)Permission denied: AH00072: make_sock: could not bind to address 0.0.0.0:80
and SELinux message show
avc: denied { name_bind } for pid=10818 comm="httpd" src=80 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:tangd_port_t:s0 tclass=tcp_socket permissive=0
Note the tangd_port_t for port 80.
This is a residual of the nbde_server role. Bug is actually in lab finish luks-review and lab finish luks-nbde.
The roles used in these exercises add tangd_port_t to port 80 and the finish script does not remove that mapping. It removes the tangd packages but needs to also run semanage port -d -t tangd_port_t -p tcp 80
This impacts finish scripts for luks-review cleanup of server[cd] AND luks-nbde cleanup of server[bcd] it breaks selinux-auditing (serverc) and selinux-review (serverd) when those exercises try to start httpd service. (multiple students reported this in class today)
Steps to reproduce:
Perform chapter 3 nbde exercises, then attempt ch08s06.
