-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ian Pilcher wrote:
> Running fully updated Fedora 8, trying to start stunnel from xinetd, and
> getting a couple of denials:
>
> type=AVC msg=audit(1205149512.996:2338): avc: denied { write } for
> pid=14322 comm="stunnel" name="random_seed" dev=md1 ino=819429
> scontext=unconfined_u:system_r:stunnel_t:s0-s0:c0.c1023
> tcontext=unconfined_u:object_r:stunnel_etc_t:s0 tclass=file
Confined apps writing to /etc is frowned upon. /etc/ should be
considered R/O. If you move this file to /var/run/stunnel and change
the config, it should work.
>
> type=AVC msg=audit(1205149512.998:2339): avc: denied { name_bind } for
> pid=14322 comm="stunnel" src=2873
> scontext=unconfined_u:system_r:stunnel_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
>
> Aren't these things that stunnel should be expected to do?
>
You have to define ports that stunnel can listen to.
semanage port -a -t stunnel_port_t -P tcp 2873
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkfVNjUACgkQrlYvE4MpobOHyACZAYtrw4H3PQOpzV+81lIlGj8c
0CsAn3LczPcZsMvsLbW5zZxdxEc+vqQg
=gKTI
-----END PGP SIGNATURE-----
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
