Bug 587684
Summary: | SELinux is preventing /usr/sbin/httpd "name_bind" access . | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | marinalan |
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 12 | CC: | carlg, dwalsh, mgrepl |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | setroubleshoot_trace_hash:33de85aadff64502dd04a3791cc0e1e56336d8d318c0f77180fd0505095e3b7d | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-05-03 18:23:50 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
marinalan
2010-04-30 15:04:37 UTC
allow httpd_t soundd_port_t:tcp_socket name_bind; ?! Did you setup your httpd server to listen on port 8000? yes, sometimes i need to test php app, that for some reason demand everything to be in document root, i have recently set virtualhost configured in apache to listen and respond to http://localhost:8000 for one such app. But even before i established that virtual host and added "Listen 8000" directive in apache configuration files, I regularly have in /var/log/httpd/error_log lines like that ( when httpd starts) [error] avahi_entry_group_add_service_strlst("marina-home") failed: Invalid host name I am not sure if that has something to do with "name_bind" in /etc/hosts I have: -------------------------------------------------------------------------- 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 marina-home.localdomain ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 marina-home.localdomain Listen 8000 <VirtualHost _default_:8000> ServerAdmin marinalan DocumentRoot /home/marina/<some_directory_webroot_of_tested_php_app> ServerName marina-home Options FollowSymLinks </VirtualHost> I needed to use some port, because i use ssh remote port forwarding to have public url You can add this port by using audit2allow # grep name_bind /var/log/audit/audit.log | audit2allow -M myhttp # semodule -i myhttp.pp If you want to have a document root in /home/marina you will need to setup this directory to have labeling of httpd_sys_content_t. # semanage fcontext -a -t httpd_sys_content_t /home/marina ' /<some_directory_webroot_of_tested_php_app>(/.*)?' # restorecon -R -v /home/marina /home/marina/<some_directory_webroot_of_tested_php_app> |