I'm receiving the following avc denial from a game package that's under
review[1]:
Jan 21 10:55:49 localhost kernel: audit(1169405749.338:3): avc: denied
{ name_connect } for pid=2661 comm="httpd" dest=19382
scontext=user_u:system_r:httpd_t:s0 tcontext=system_u:object_r:port_t:s0
tclass=tcp_socket
The package includes a php-based web application and a python daemon
backend. The php webapp communicates with the python daemon through tcp
sockets.
From the avc denial it appears that this communication fails because
httpd is not allowed to establish tcp connections. This seems like a
valid security restriction, except in this case I do want to allow it.
How can I configure the httpd policy to allow tcp connections, but only
to localhost and only on the python daemon's ports (19380-19383)?
--Wart
[1] https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=219972
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
