| Summary: | Port 9000 needs to be http_port_t | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Remi Collet <rcollet> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED ERRATA | QA Contact: | Michal Trunecka <mtruneck> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.4 | CC: | dwalsh, ebenes, mmalik, mtruneck, tlavigne |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | selinux-policy-3.7.19-218.el6 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-11-21 10:52:56 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-1598.html |
php-fpm listen (default configuration) on port 9000 On RHEL-7, # semanage port -l | grep http_port http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000 So Apache (via mod_proxy_cfgi) is able to connect to php-fpm On RHEL-6 http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443 So connection is not allowed type=AVC msg=audit(1380108605.792:25270): avc: denied { name_connect } for pid=11970 comm="httpd" dest=9000 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket Connection can be allowed using: # semanage port -a -t http_port_t -p tcp 9000 P.S. httpd 2.2 in RHEL-6 don't have mod_proxy_fcgi, but httpd24-httpd (in RHSCL) will have it.