Bug 785730

Summary: SELinux is preventing /usr/bin/polipo from 'name_connect' accesses on the None .
Product: [Fedora] Fedora Reporter: Wang Bin <wangbin.zibo>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 16CC: dominick.grift, dwalsh, mgrepl
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:e080230f1f1567f76c6f6ce0f52e90eb755e9d5b3a3471af823006fb60347242
Fixed In Version: selinux-policy-3.10.0-75.fc16 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-02-02 17:25:26 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: description none

Description Wang Bin 2012-01-30 13:38:18 UTC 
libreport version: 2.0.8
executable:     /usr/bin/python
hashmarkername: setroubleshoot
kernel:         3.2.2-1.fc16.x86_64
reason:         SELinux is preventing /usr/bin/polipo from 'name_connect' accesses on the None .
time:           2012年01月30日 星期一 21时31分11秒

description:    Binary file, 2174 bytes
Comment 1 Wang Bin 2012-01-30 13:38:21 UTC 
Created attachment 558330 [details]
File: description
Comment 2 Dominick Grift 2012-01-30 13:48:07 UTC 
To what service is polipo trying to connect to? (What is listening on TCP 8982?)
Comment 3 Wang Bin 2012-01-30 13:55:34 UTC 
It's a ssh proxy, in my /etc/polipo/config:

socksParentProxy=127.0.0.1:8982
socksProxyType=socks5
Comment 4 Dominick Grift 2012-01-30 14:04:47 UTC 
Can you try and use port tcp 8953?

It is a DNS port but polipo should be allowed to connect to it as far as i can tell.

Is there any particular reason why you are trying to use TCP 8982?
Comment 5 Dominick Grift 2012-01-30 14:20:10 UTC 
I guess we could build in a boolean that allows polipo to connect to any unreserved TCP port.
Comment 6 Miroslav Grepl 2012-02-01 09:43:46 UTC 
I agree. Added

polipo_connect_all_unreserved

boolean
Comment 7 Fedora Update System 2012-02-01 13:19:21 UTC 
selinux-policy-3.10.0-75.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-75.fc16
Comment 8 Fedora Update System 2012-02-01 19:26:29 UTC 
Package selinux-policy-3.10.0-75.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-75.fc16'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-1133/selinux-policy-3.10.0-75.fc16
then log in and leave karma (feedback).
Comment 9 Wang Bin 2012-02-02 04:24:59 UTC 
Tested, no alert show up again, thanks.
Comment 10 Miroslav Grepl 2012-02-02 07:38:41 UTC 
Could you update karma?
Comment 11 Fedora Update System 2012-02-02 17:25:26 UTC 
selinux-policy-3.10.0-75.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.