privoxy.te
Daniel J Walsh
dwalsh at redhat.com
Mon Nov 8 18:42:12 UTC 2004
Tom London wrote:
>Running strict/enforcing off of latest rawhide
>(selinux-policy-strict-1.18.2-2):
>
>privoxy generates:
>
>Nov 7 13:44:10 fedora kernel: audit(1099863850.432:0): avc: denied
>{ connect } for pid=14703 exe=/usr/sbin/privoxy
>scontext=system_u:system_r:privoxy_t
>tcontext=system_u:system_r:privoxy_t tclass=udp_socket
>Nov 7 13:44:10 fedora kernel: audit(1099863850.469:0): avc: denied
>{ connect } for pid=14703 exe=/usr/sbin/privoxy
>scontext=system_u:system_r:privoxy_t
>tcontext=system_u:system_r:privoxy_t tclass=tcp_socket
>
>This patch seems to fix it:
>--- SAVE/privoxy.te 2004-11-07 18:00:09.433732712 -0800
>+++ ./privoxy.te 2004-11-07 18:00:40.419276794 -0800
>@@ -18,6 +18,7 @@
> # Use the network.
> can_network(privoxy_t)
> allow privoxy_t port_t:{ tcp_socket udp_socket } name_bind;
>+allow privoxy_t self:{ tcp_socket udp_socket } connect;
> allow privoxy_t etc_t:file { getattr read };
> allow privoxy_t self:capability { setgid setuid };
> allow privoxy_t self:unix_stream_socket create_socket_perms ;
>
>
>tom
>
>
Added thanks.
Dan
More information about the fedora-selinux-list
mailing list