selinux apache and mod_python
Paul Howarth
paul at city-fan.org
Mon Mar 13 14:07:24 UTC 2006
Lars Gullik Bjønnes wrote:
> I am having some difficutlies using different python libs that want to
> open priveledged ports on localhost or other hosts. f.ex. smtplib.
>
> What must be done SELinux wise to get this to work?
>
> I get (audit) errors like this:
>
> type=SOCKETCALL msg=audit(1142255739.103:87743): nargs=3 a0=ba1=b7cc90e0 a2=10
> type=AVC msg=audit(1142256578.528:87744): avc: denied { name_connect} for pi
> d=16624 comm="httpd" dest=25 scontext=root:system_r:httpd_t tcontext=system_u:object_r:smtp_port_t tclass=tcp_socket
> type=SYSCALL msg=audit(1142256578.528:87744): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfee0760 a2=3e5114 a3=b7d290c8 items=0 pid=16624 auid=500 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 comm="httpd" exe="/usr/sbin/httpd"
Does this help?
# setsebool httpd_can_network_connect 1
Paul.
More information about the fedora-selinux-list
mailing list