
<div dir="ltr">try to disable the selinux module. I can setup devstack env on my fedora machine with selinux disabled<br><br>on my fedora machine, selinux is disable, and port 5000 look likes are still used by selinux,<br>

[ray@fedora devstack]$ sudo semanage port -l|grep 5000<br>cluster_port_t                 tcp      5149, 40040, 50006-50008<br>cluster_port_t                 udp      5149, 50006-50008<br>commplex_main_port_t           tcp      5000<br>

commplex_main_port_t           udp      5000<br><br>[ray@fedora devstack]$ netstat -anp | grep 5000<br><br>tcp        0      0 <a href="http://0.0.0.0:5000">0.0.0.0:5000</a>            0.0.0.0:*               LISTEN      6171/python         <br>

[ray@fedora devstack]$ ps -ef | grep python<br>ray       6171  5695  0 21:34 pts/3    00:00:07 python /opt/stack/keystone/bin/keystone-all --config-file /etc/keystone/keystone.conf --debug<br><br><br></div><div class="gmail_extra">

<br><br><div class="gmail_quote">On Thu, Jul 17, 2014 at 10:23 PM, Rich Megginson <span dir="ltr"><<a href="mailto:rmeggins@redhat.com" target="_blank">rmeggins@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">


  <div text="#000000" bgcolor="#FFFFFF"><div class="">

    <div>On 07/16/2014 10:40 PM, Joe Jiang

      wrote:<br>

    </div>

    <blockquote type="cite">

      <div style="line-height:1.7;color:#000000;font-size:14px;font-family:Arial">

        <div>Hi all,</div>

        <div><span style="line-height:1.7">Thanks for your responds.</span></div>

        <div><br>

        </div>

        <div>I try to running <span style="font-family:arial;white-space:pre-wrap;line-height:1.7"># sudo semanage

            port -l|grep 5000 in my envrionment and get same infomation.</span></div>

        <div><span style="font-family:arial;white-space:pre-wrap;line-height:1.7">>> ...</span></div>

        <div><span style="font-family:arial;white-space:pre-wrap;line-height:1.7">>> commplex_main_port_t tcp 5000</span></div>

        <div><span style="font-family:arial;white-space:pre-wrap;line-height:1.7">>> commplex_main_port_t udp 5000</span></div>

        <div><font face="arial"><span style="white-space:pre-wrap">then,

              I wanna remove this port(5000) from SELinux policy rules

              list use this command(semanage port -d -p tcp -t

              commplex_port_t 5000),</span></font></div>

        <div><font face="arial"><span style="white-space:pre-wrap">the

              console echo is "/usr/sbin/semanage: Port tcp/5000 is

              defined in policy, cannot be deleted"</span></font><span style="white-space:pre-wrap;font-family:arial;line-height:1.7">, and 'udp/5000' is same </span><font face="arial"><span style="white-space:pre-wrap">reply.</span></font></div>


        <div><font face="arial"><span style="white-space:pre-wrap">Some

              sounds[1] say, this port is declared in the corenetwork

              source policy which is </span></font><span style="font-family:arial;white-space:pre-wrap;line-height:normal">compiled in the base module.</span></div>

        <div><span style="font-family:arial;line-height:normal;white-space:pre-wrap">So, Have to recompile selinux

            module?</span></div>

      </div>

    </blockquote>

    <br></div>

    I think that's the only way to do it if you want to relabel port

    5000.<div class=""><br>

    <br>

    <br>

    <blockquote type="cite">

      <div style="line-height:1.7;color:#000000;font-size:14px;font-family:Arial">

        <div><span style="font-family:arial;line-height:normal;white-space:pre-wrap"><br>

          </span></div>

        <div><br>

        </div>

        <div><font face="arial"><span style="white-space:pre-wrap">Thanks.</span></font></div>

        <div><font face="arial"><span style="white-space:pre-wrap">

              Joe.</span></font></div>

        <div><font face="arial"><span style="white-space:pre-wrap"><br>

            </span></font></div>

        <div><font face="arial"><span style="white-space:pre-wrap">[1]</span></font></div>

        <div><font face="arial"><span style="white-space:pre-wrap"><a href="http://www.redhat.com/archives/fedora-selinux-list/2009-September/msg00056.html" target="_blank">http://www.redhat.com/archives/fedora-selinux-list/2009-September/msg00056.html</a></span></font></div>


        <br>

        <br>

        <br>

        <br>

        <pre>

>> Another problem with port 5000 in Fedora, and probably more recent

>> versions of RHEL, is the selinux policy:

>>  

>> # sudo semanage port -l|grep 5000

>> ...

>> commplex_main_port_t tcp 5000

>> commplex_main_port_t udp 5000

>>  

>> There is some service called "commplex" that has already "claimed" port

>> 5000 for its use, at least as far as selinux goes.


</pre>

      </div>

      <br>

      <br>

      <span title="neteasefooter"><span></span></span>

    </blockquote>

    <br>

  </div></div>


<br>_______________________________________________<br>

OpenStack-dev mailing list<br>

<a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>

<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>

<br></blockquote></div><br></div>