From f9220c89ae848c72df8232163d5a990283f15f5a Mon Sep 17 00:00:00 2001
From: Atin Mukherjee <amukherj@redhat.com>
Date: Mon, 17 Dec 2018 09:17:44 +0530
Subject: glusterd: define max-port to 60999

As glusterd scans through all the ports in its defined range, with RHEL
7.3 onwards any port beyond 60999 isn't within the ephemeral port range
and following AVC denial message is seen.

type=AVC msg=audit(1471946614.154:109): avc:  denied  { name_bind } for
pid=2302 comm="glusterd" src=61000 scontext=system_u:system_r:glusterd_t:s0
tcontext=system_u:object_r:ephemeral_port_t:s0 tclass=tcp_socket

Fix is to define the max port range to 60999 in glusterd.vol file. The
port range can be tweaked through a reconfigure of this configuration
file though.

Fixes: bz#1659857
Change-Id: I60fd4a421d8509b8dca4ca13b73999ae33965f72
Signed-off-by: Atin Mukherjee <amukherj@redhat.com>
---
 extras/glusterd.vol.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/extras/glusterd.vol.in b/extras/glusterd.vol.in
index e59b17efca..6141d8a736 100644
--- a/extras/glusterd.vol.in
+++ b/extras/glusterd.vol.in
@@ -12,5 +12,5 @@ volume management
 #   option lock-timer 180
 #   option transport.address-family inet6
 #   option base-port 49152
-#   option max-port  65535
+    option max-port  60999
 end-volume
-- 
cgit