SELinux is preventing ping accessing icmp_socket on RHOCP4
Issue
- SELinux is preventing ping accessing icmp_socket
- ping with -I source address has this problem, -I NIC works fine
sh-4.4# ping -I 10.128.2.18 8.8.8.8
bind: Permission denied
- /var/log/audit/audit.log on worker node
type=AVC msg=audit(1637631198.704:101): avc: denied { node_bind } for pid=3181018 comm="ping" saddr=10.128.2.24 scontext=system_u:system_r:container_t:s0:c13,c07 tcontext=system_u:object_r:node_t:s0 tclass=icmp_socket permissive=0
Environment
- Red Hat OpenShift Container Platform (RHOCP) 4.X
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.