Re: [Bug 164992] New: Mod_proxy does not work with SElinux default policy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, Aug 15, 2005 at 11:59:52AM -0400, Daniel J Walsh wrote:
> can_network(httpd_t)
> can_kerberos(httpd_t)
> can_resolve(httpd_t)
> can_ypbind(httpd_t)
> can_ldap(httpd_t)
> allow httpd_t { http_port_t http_cache_port_t }:tcp_socket name_bind;
> # allow httpd to connect to mysql/posgresql
> allow httpd_t { postgresql_port_t mysqld_port_t }:tcp_socket name_connect;
> # allow httpd to work as a relay
> allow httpd_t { gopher_port_t ftp_port_t http_port_t http_cache_port_t 
> }:tcp_socket name_connect;

So this would allow connections to ports 80, 8080, etc etc?

Yes, that looks sufficient, but it does seem to defeat the point of 
having the boolean in the first place :)

joe

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux