Re: privoxy.te

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Tom London wrote:

Running strict/enforcing off of latest rawhide
(selinux-policy-strict-1.18.2-2):

privoxy generates:

Nov 7 13:44:10 fedora kernel: audit(1099863850.432:0): avc: denied { connect } for pid=14703 exe=/usr/sbin/privoxy
scontext=system_u:system_r:privoxy_t
tcontext=system_u:system_r:privoxy_t tclass=udp_socket
Nov 7 13:44:10 fedora kernel: audit(1099863850.469:0): avc: denied { connect } for pid=14703 exe=/usr/sbin/privoxy
scontext=system_u:system_r:privoxy_t
tcontext=system_u:system_r:privoxy_t tclass=tcp_socket

This patch seems to fix it:
--- SAVE/privoxy.te     2004-11-07 18:00:09.433732712 -0800
+++ ./privoxy.te        2004-11-07 18:00:40.419276794 -0800
@@ -18,6 +18,7 @@
# Use the network.
can_network(privoxy_t)
allow privoxy_t port_t:{ tcp_socket udp_socket } name_bind;
+allow privoxy_t self:{ tcp_socket udp_socket } connect;
allow privoxy_t etc_t:file { getattr read };
allow privoxy_t self:capability { setgid setuid };
allow privoxy_t self:unix_stream_socket create_socket_perms ;


tom


Added thanks.

Dan

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux