Re: [Bug 164992] New: Mod_proxy does not work with SElinux default policy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Joe Orton wrote:

I wonder whether this boolean should really just be "on" by default.

----- Forwarded message from bugzilla@xxxxxxxxxx -----

From: bugzilla@xxxxxxxxxx
To: jorton@xxxxxxxxxx
Date: Wed, 3 Aug 2005 08:02:27 -0400
Subject: [Bug 164992]  New: Mod_proxy does not work with SElinux default policy

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.




https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=164992

          Summary: Mod_proxy does not work with SElinux default policy
          Product: Fedora Core
          Version: fc4
         Platform: i386
       OS/Version: Linux
           Status: NEW
         Severity: low
         Priority: normal
        Component: httpd
       AssignedTo: jorton@xxxxxxxxxx
       ReportedBy: trash_alias@xxxxxxxx
  Estimated Hours: 0.0


From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050720 Fedora/1.0.6-1.1.fc4 Firefox/1.0.6

Description of problem:
Bad: mod_proxy fail if selinux is enabled

[Wed Aug 03 13:52:12 2005] [debug] proxy_http.c(67): proxy: HTTP: canonicalising URL //webmail.XXX.be/exchange/
[Wed Aug 03 13:52:12 2005] [debug] mod_proxy.c(419): Trying to run scheme_handler
[Wed Aug 03 13:52:12 2005] [debug] proxy_http.c(1062): proxy: HTTP: serving URL https://webmail.XXX.be/exchange/
[Wed Aug 03 13:52:12 2005] [debug] proxy_http.c(186): proxy: HTTP connecting https://webmail.XXX.be/exchange/ to webmail.XXX.be:443
[Wed Aug 03 13:52:12 2005] [debug] proxy_util.c(1139): proxy: HTTP: fam 2 socket created to
connect to webmail.XXX.be
Bad: [Wed Aug 03 13:52:12 2005] [error] (13)Permission denied: proxy: HTTP: attempt to connect to 123.123.123.123:443 (webmail.XXX.be) failed


Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.25.3-9 httpd-2.0.54-10.1

How reproducible:
Always

Steps to Reproduce:
1.setenforce 1
2.access your http server configured ro reverse proxying
3.fail with message: BAD gateway
4. setenforce 0
5. it work.
Expected Results:  I would expect the default policy to allow proxying and Message is not explicit and I had to search a long time to understand....

Additional info:

We could allow apache to connect to apache ports by default, if that would satisfy this.

--


--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux