[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: Starting stunnel from xinetd
- From: Daniel J Walsh <dwalsh redhat com>
- To: Ian Pilcher <arequipeno gmail com>
- Cc: fedora-selinux-list redhat com
- Subject: Re: Starting stunnel from xinetd
- Date: Tue, 18 Mar 2008 14:32:45 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ian Pilcher wrote:
> Running fully updated Fedora 8, trying to start stunnel from xinetd, and
> getting a couple of denials:
>
> type=AVC msg=audit(1205149512.996:2338): avc: denied { write } for
> pid=14322 comm="stunnel" name="random_seed" dev=md1 ino=819429
> scontext=unconfined_u:system_r:stunnel_t:s0-s0:c0.c1023
> tcontext=unconfined_u:object_r:stunnel_etc_t:s0 tclass=file
>
> type=AVC msg=audit(1205149512.998:2339): avc: denied { name_bind } for
> pid=14322 comm="stunnel" src=2873
> scontext=unconfined_u:system_r:stunnel_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
>
> Aren't these things that stunnel should be expected to do?
>
selinux-policy-3.0.8-95.fc8.src.rpm
Adds stunnel_system_domain to inetd_system_domain, which will allow
stunnel to transition to every domain that is defined as an
inetd_system_domain.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkfgCs0ACgkQrlYvE4MpobPsjwCcDRC7u94GGJrOHEgieZf9WM6Y
KLwAmgLJc7GeLsdgipGk4npGvxTrEKgo
=gH0I
-----END PGP SIGNATURE-----
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]