diff options
| author | Atin Mukherjee <amukherj@redhat.com> | 2018-12-17 09:17:44 +0530 |
|---|---|---|
| committer | Atin Mukherjee <amukherj@redhat.com> | 2018-12-18 04:42:31 +0000 |
| commit | f9220c89ae848c72df8232163d5a990283f15f5a (patch) | |
| tree | 7ce57763b1c7800e1cd8fcfe6fb04c2de037bb8f /extras/glusterd.vol.in | |
| parent | 0b4b111fbd80a5d400a07d61e2b99f230f9be76f (diff) | |
| download | glusterfs-f9220c89ae848c72df8232163d5a990283f15f5a.tar.gz glusterfs-f9220c89ae848c72df8232163d5a990283f15f5a.tar.xz glusterfs-f9220c89ae848c72df8232163d5a990283f15f5a.zip | |
glusterd: define max-port to 60999
As glusterd scans through all the ports in its defined range, with RHEL
7.3 onwards any port beyond 60999 isn't within the ephemeral port range
and following AVC denial message is seen.
type=AVC msg=audit(1471946614.154:109): avc: denied { name_bind } for
pid=2302 comm="glusterd" src=61000 scontext=system_u:system_r:glusterd_t:s0
tcontext=system_u:object_r:ephemeral_port_t:s0 tclass=tcp_socket
Fix is to define the max port range to 60999 in glusterd.vol file. The
port range can be tweaked through a reconfigure of this configuration
file though.
Fixes: bz#1659857
Change-Id: I60fd4a421d8509b8dca4ca13b73999ae33965f72
Signed-off-by: Atin Mukherjee <amukherj@redhat.com>
Diffstat (limited to 'extras/glusterd.vol.in')
| -rw-r--r-- | extras/glusterd.vol.in | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/extras/glusterd.vol.in b/extras/glusterd.vol.in index e59b17efca..6141d8a736 100644 --- a/extras/glusterd.vol.in +++ b/extras/glusterd.vol.in @@ -12,5 +12,5 @@ volume management # option lock-timer 180 # option transport.address-family inet6 # option base-port 49152 -# option max-port 65535 + option max-port 60999 end-volume |