[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

httpd and tcp_connect

I'm receiving the following avc denial from a game package that's under review[1]:

Jan 21 10:55:49 localhost kernel: audit(1169405749.338:3): avc: denied { name_connect } for pid=2661 comm="httpd" dest=19382 scontext=user_u:system_r:httpd_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket

The package includes a php-based web application and a python daemon backend. The php webapp communicates with the python daemon through tcp sockets.

From the avc denial it appears that this communication fails because httpd is not allowed to establish tcp connections. This seems like a valid security restriction, except in this case I do want to allow it.

How can I configure the httpd policy to allow tcp connections, but only to localhost and only on the python daemon's ports (19380-19383)?

[1] https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=219972

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]