Bug 1299154
Summary: | SELinux booleans to allow httpd access to pgpkeyserver_port_t and sieve_port_t | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Anthony Messina <amessina> |
Component: | selinux-policy-targeted | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED NOTABUG | QA Contact: | Ben Levenson <benl> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 23 | CC: | dwalsh |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-01-18 13:26:07 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Anthony Messina
2016-01-16 17:46:54 UTC
The proper way to do this is not to add booleans but to either change the labels on those ports or write custom policy for these ports. Something like semanage port -m -t http_port_t -p tcp 11371 Or # grep port_t /var/log/audit/audit.log | audit2allow -M myhttpd # semodule -i myhttpd.pp Otherwise we would end up with a boolean for every possible port that apache could be configured to connect to. |