[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: Allowing httpd to connect to specific sockets
- From: Daniel J Walsh <dwalsh redhat com>
- To: Jason L Tibbitts III <tibbs math uh edu>
- Cc: fedora-selinux-list redhat com
- Subject: Re: Allowing httpd to connect to specific sockets
- Date: Mon, 24 Sep 2007 17:55:39 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jason L Tibbitts III wrote:
> So I have this AVC:
>
> avc: denied { name_connect } for pid=9045 comm="httpd" dest=9680 scontext=user_u:system_r:httpd_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
>
> which comes from a PHP script trying to open a socket. This is no big
> deal. I believe that setting httpd_can_network_connect should fix it.
> However, I was wondering if it's possible to restrict the destination
> port to 9680, or restrict the destination host at all?
>
> - J<
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list redhat com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Hope you don't mind but I answered in my blog.
http://danwalsh.livejournal.com/12928.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFG+DJbrlYvE4MpobMRAiH4AJ4u6HrNAnDB1Yp5gjWdMOlx6KwHwQCguAcA
h5GSxWz/Qp2XcGIdwJIDZrA=
=waZt
-----END PGP SIGNATURE-----
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]