[Bug 164992] New: Mod_proxy does not work with SElinux default policy
Daniel J Walsh
dwalsh at redhat.com
Wed Aug 3 13:41:43 UTC 2005
Joe Orton wrote:
>I wonder whether this boolean should really just be "on" by default.
>
>----- Forwarded message from bugzilla at redhat.com -----
>
>From: bugzilla at redhat.com
>To: jorton at redhat.com
>Date: Wed, 3 Aug 2005 08:02:27 -0400
>Subject: [Bug 164992] New: Mod_proxy does not work with SElinux default policy
>
>Please do not reply directly to this email. All additional
>comments should be made in the comments box of this bug report.
>
>
>
>
>https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=164992
>
> Summary: Mod_proxy does not work with SElinux default policy
> Product: Fedora Core
> Version: fc4
> Platform: i386
> OS/Version: Linux
> Status: NEW
> Severity: low
> Priority: normal
> Component: httpd
> AssignedTo: jorton at redhat.com
> ReportedBy: trash_alias at swing.be
> Estimated Hours: 0.0
>
>
>>From Bugzilla Helper:
>User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050720 Fedora/1.0.6-1.1.fc4 Firefox/1.0.6
>
>Description of problem:
>Bad: mod_proxy fail if selinux is enabled
>
>[Wed Aug 03 13:52:12 2005] [debug] proxy_http.c(67): proxy: HTTP: canonicalising URL //webmail.XXX.be/exchange/
>[Wed Aug 03 13:52:12 2005] [debug] mod_proxy.c(419): Trying to run scheme_handler
>[Wed Aug 03 13:52:12 2005] [debug] proxy_http.c(1062): proxy: HTTP: serving URL https://webmail.XXX.be/exchange/
>[Wed Aug 03 13:52:12 2005] [debug] proxy_http.c(186): proxy: HTTP connecting https://webmail.XXX.be/exchange/ to webmail.XXX.be:443
>[Wed Aug 03 13:52:12 2005] [debug] proxy_util.c(1139): proxy: HTTP: fam 2 socket created to
>connect to webmail.XXX.be
>Bad: [Wed Aug 03 13:52:12 2005] [error] (13)Permission denied: proxy: HTTP: attempt to connect to 123.123.123.123:443 (webmail.XXX.be) failed
>
>
>Version-Release number of selected component (if applicable):
>selinux-policy-targeted-1.25.3-9 httpd-2.0.54-10.1
>
>How reproducible:
>Always
>
>Steps to Reproduce:
>1.setenforce 1
>2.access your http server configured ro reverse proxying
>3.fail with message: BAD gateway
>4. setenforce 0
>5. it work.
>
>
>Expected Results: I would expect the default policy to allow proxying and Message is not explicit and I had to search a long time to understand....
>
>Additional info:
>
>
>
We could allow apache to connect to apache ports by default, if that
would satisfy this.
--
More information about the fedora-selinux-list
mailing list