Re: Bug#638322: nfs-common: rpc.statd binds to udp port 631 preventing cups startup
- To: Russell Coker <russell@coker.com.au>
- Cc: debian-devel@lists.debian.org, Ben Hutchings <ben@decadent.org.uk>, 638322@bugs.debian.org, "brian m. carlson" <sandals@crustytoothpaste.net>, Jan Möbius <jan_moebius@web.de>
- Subject: Re: Bug#638322: nfs-common: rpc.statd binds to udp port 631 preventing cups startup
- From: Guus Sliepen <guus@debian.org>
- Date: Fri, 19 Aug 2011 10:49:41 +0200
- Message-id: <[🔎] 20110819084941.GT30145@sliepen.org>
- Mail-followup-to: Guus Sliepen <guus@debian.org>, Russell Coker <russell@coker.com.au>, debian-devel@lists.debian.org, Ben Hutchings <ben@decadent.org.uk>, 638322@bugs.debian.org, "brian m. carlson" <sandals@crustytoothpaste.net>, Jan Möbius <jan_moebius@web.de>
- In-reply-to: <[🔎] 201108191013.17845.russell@coker.com.au>
- References: <20110818153916.19457.37751.reportbug@adenauer.informatik.rwth-aachen.de> <[🔎] 20110818190310.GB3521@crustytoothpaste.ath.cx> <[🔎] 1313711582.2799.76.camel@deadeye> <[🔎] 201108191013.17845.russell@coker.com.au>
On Fri, Aug 19, 2011 at 10:13:17AM +1000, Russell Coker wrote:
> Systems running SE Linux tend not to have this problem. In most cases the
> daemons which use RPC services are not permitted to bind to any of the ports
> that are reserved for services and therefore such a bind attempt fails with
> EPERM, glibc will just decrement the port number and try again when this
> happens.
>
> http://etbe.coker.com.au/2007/11/06/squid-and-se-linux/
>
> I mentioned this in the above blog post, I think it was in about 2002 that I
> wrote the policy to do this.
We could also patch bindresvport() to skip all ports mentioned in
/etc/services, to get similar behaviour as with SE Linux. Or patch the programs
using it to first try to bind to a static port that does not conflict with
those in /etc/services, and if that fails fall back to bindresvport().
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus@debian.org>
Attachment:
signature.asc
Description: Digital signature
Reply to: