Re: Bug#638322: nfs-common: rpc.statd binds to udp port 631 preventing cups startup

To: Russell Coker <russell@coker.com.au>
Cc: debian-devel@lists.debian.org, Ben Hutchings <ben@decadent.org.uk>, 638322@bugs.debian.org, "brian m. carlson" <sandals@crustytoothpaste.net>, Jan Möbius <jan_moebius@web.de>
Subject: Re: Bug#638322: nfs-common: rpc.statd binds to udp port 631 preventing cups startup
From: Guus Sliepen <guus@debian.org>
Date: Fri, 19 Aug 2011 10:49:41 +0200
Message-id: <[🔎] 20110819084941.GT30145@sliepen.org>
Mail-followup-to: Guus Sliepen <guus@debian.org>, Russell Coker <russell@coker.com.au>, debian-devel@lists.debian.org, Ben Hutchings <ben@decadent.org.uk>, 638322@bugs.debian.org, "brian m. carlson" <sandals@crustytoothpaste.net>, Jan Möbius <jan_moebius@web.de>
In-reply-to: <[🔎] 201108191013.17845.russell@coker.com.au>
References: <20110818153916.19457.37751.reportbug@adenauer.informatik.rwth-aachen.de> <[🔎] 20110818190310.GB3521@crustytoothpaste.ath.cx> <[🔎] 1313711582.2799.76.camel@deadeye> <[🔎] 201108191013.17845.russell@coker.com.au>

On Fri, Aug 19, 2011 at 10:13:17AM +1000, Russell Coker wrote:

> Systems running SE Linux tend not to have this problem.  In most cases the 
> daemons which use RPC services are not permitted to bind to any of the ports 
> that are reserved for services and therefore such a bind attempt fails with 
> EPERM, glibc will just decrement the port number and try again when this 
> happens.
> 
> http://etbe.coker.com.au/2007/11/06/squid-and-se-linux/
> 
> I mentioned this in the above blog post, I think it was in about 2002 that I 
> wrote the policy to do this.

We could also patch bindresvport() to skip all ports mentioned in
/etc/services, to get similar behaviour as with SE Linux. Or patch the programs
using it to first try to bind to a static port that does not conflict with
those in /etc/services, and if that fails fall back to bindresvport().

-- 
Met vriendelijke groet / with kind regards,
      Guus Sliepen <guus@debian.org>

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: Bug#638322: nfs-common: rpc.statd binds to udp port 631 preventing cups startup
  - From: Russell Coker <russell@coker.com.au>
- Re: Bug#638322: nfs-common: rpc.statd binds to udp port 631 preventing cups startup
  - From: Adam Borowski <kilobyte@angband.pl>

References:
- Bug#638322: nfs-common: rpc.statd binds to udp port 631 preventing cups startup
  - From: "brian m. carlson" <sandals@crustytoothpaste.net>
- Bug#638322: nfs-common: rpc.statd binds to udp port 631 preventing cups startup
  - From: Ben Hutchings <ben@decadent.org.uk>
- Re: Bug#638322: nfs-common: rpc.statd binds to udp port 631 preventing cups startup
  - From: Russell Coker <russell@coker.com.au>

Prev by Date: Bug#638419: ITP: openxenmanager -- full-featured graphical management tool for Xen using XenAPI
Next by Date: Re: mplayer2 is a very poor fork name used to confuse users.
Previous by thread: Re: Bug#638322: nfs-common: rpc.statd binds to udp port 631 preventing cups startup
Next by thread: Re: Bug#638322: nfs-common: rpc.statd binds to udp port 631 preventing cups startup
Index(es):
- Date
- Thread