Privoxy and Port 8080
Joel Gomberg
obligor11-fedora at yahoo.com
Sat Apr 15 17:56:46 UTC 2006
I originally posted this message to the fedora users list. It was
suggested that I might have better luck here.
SELinux is blocking privoxy's access to my public library's online catalog:
http://oaklandlibrary.org:8080/ipac20/ipac.jsp?profile=#focus
SELinux denies access. With setenforce=0, access is permitted, so I'm
sure it's a SELinux issue. After perusing the SELinux FAQ, I issued
this command:
semanage port -a -p tcp -t http_port_t 8080.
The response was that port 8080 was already defined.
The denial message is:
type=AVC msg=audit(1145058006.474:1026): avc: denied { name_connect }
for pid=13185 comm="privoxy" dest=8080
scontext=system_u:system_r:privoxy_t:s0
I received a suggestion to issue this command:
semanage port -m -p tcp -t privoxy_t 8080
This changed the denial message slightly:
type=AVC msg=audit(1145112509.543:104): avc: denied { name_connect }
for pid=4137 comm="privoxy" dest=8080
scontext=system_u:system_r:privoxy_t:s0
tcontext=system_u:object_r:privoxy_t:s0 tclass=tcp_socket
I then issued these commands:
[root at alcibiades ~]# setenforce 0
[root at alcibiades ~]# audit2allow -i /var/log/audit/audit.log
and received this output [relevant to Privoxy]:
allow privoxy_t http_cache_port_t:tcp_socket name_connect;
allow privoxy_t self:tcp_socket name_connect;
I don't know how to proceed from here.
--
Joel
More information about the fedora-selinux-list
mailing list