[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Allowing httpd to connect to specific sockets

From: Jason L Tibbitts III <tibbs math uh edu>
To: fedora-selinux-list redhat com
Subject: Allowing httpd to connect to specific sockets
Date: 24 Sep 2007 12:42:01 -0500

So I have this AVC:

avc:  denied  { name_connect } for  pid=9045 comm="httpd" dest=9680 scontext=user_u:system_r:httpd_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket

which comes from a PHP script trying to open a socket.  This is no big
deal.  I believe that setting httpd_can_network_connect should fix it.
However, I was wondering if it's possible to restrict the destination
port to 9680, or restrict the destination host at all?

 - J<

Follow-Ups:
- Re: Allowing httpd to connect to specific sockets
  - From: Daniel J Walsh

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]