My app binds to a random port prior to connecting to a well known port. If the random port is in use (errno == EADDRINUSE) the port number is incremented and a new bind is attempted. SELinux port labeling was causing errno==EACCES for ports that are under SELinux control. I found corenet_tcp_bind_all_ports() which fixed the problem - because now, my app is allowed to use those ports. Dan Walsh suggested corenet_tcp_bind_generic_port() instead - so my app doesn't use the ports managed by SELinux for other apps. So I changed my code to also increment the port and re-attempt a bind when errno==EACCES. I find that some non-SELinux controlled ports are also causing EACCES (but only in enforcing mode)... and EACCES is a problem I've never run into before on non-SELinux boxes... so I believe that SELinux is somehow preventing access to the un-controlled ports. Each of the ports listed below, the PRIOR port has an SELinux type shown by 'semanage port -l', yet these ports also get the EACCES error: 1702 2607 3261 3552 4691 5433 5704 6021 7001 8022 8119 8291 8293 9011 9223 9283 9293 9434 9702 13446 16002 -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
