[Icecast] "Could not create listener socket on port" error only when using systemd service
Petr Pisar
petr.pisar at atlas.cz
Tue Oct 17 08:51:52 UTC 2023
V Mon, Oct 16, 2023 at 12:34:42PM -0700, Jordan Erickson napsal(a):
> On 10/16/23 10:37, Michael C Cambria wrote:
> > I'm using icecast via Fedora 37 package and systemd service to start.
> >
> > I've added multiple <listen-socket> but get:
> >
> > "EROR connection/connection_setup_sockets Could not create listener
> > socket on port xxx"
> *snip*
>
> That error sounds like it could either be an issue relating to which user is
> starting the Icecast daemon (f.e. typically only root can listen on ports <
> 1024), or there'salready a service running on the requested port (which you
> seem to have verified it's not).
>
> What are these multiple listening sockets you've got going btw? Sounds
> related. Post the part of the config for this if you're able.
>
It's rather caused by a SELinux policy which only allows icecast daemon to
listen on TCP/8000 port:
# sesearch --allow -s icecast_t -c tcp_socket
[...]
allow icecast_t port_type:tcp_socket name_bind; [ icecast_use_any_tcp_ports ]:True
allow icecast_t port_type:tcp_socket name_connect; [ icecast_use_any_tcp_ports ]:True
allow icecast_t port_type:tcp_socket { recv_msg send_msg }; [ icecast_use_any_tcp_ports ]:True
allow icecast_t soundd_port_t:tcp_socket { name_bind name_connect recv_msg send_msg };
If it's the cause, a corresponding log entry about denying the deamon to bind
a socket to the nonstandard port should appear in /var/log/audit/audit.log
when the deamon starts.
If one indeed wants to use any port by icecast, one can enable
icecast_use_any_tcp_ports SELinux boolean with
# setsebool icecast_use_any_tcp_ports on
The status can be queried like this:
# getsebool icecast_use_any_tcp_ports
icecast_use_any_tcp_ports --> on
-- Petr
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.xiph.org/pipermail/icecast/attachments/20231017/35784daa/attachment.sig>
More information about the Icecast
mailing list