Bug 798924
| Summary: | SELinux is preventing /usr/sbin/cherokee-worker from 'name_connect' accesses on the None . | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Renich Bon Ciric <renich> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 16 | CC: | dominick.grift, dwalsh, jorton, mgrepl, vanmeeuwen+fedora |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:2fdad1021eb5e194d82004562fe465d7bb59828111523988c14e6e2462357fe4 | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-03-01 11:53:04 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
SELinux is preventing cherokee-worker from name_connect access on the tcp_socket .
***** Plugin connect_ports (85.9 confidence) suggests **********************
If you want to allow cherokee-worker to connect to network port 9000
Then you need to modify the port type.
Do
# semanage port -a -t PORT_TYPE -p tcp 9000
where PORT_TYPE is one of the following: dns_port_t, ocsp_port_t, kerberos_port_t, ocsp_port_t, kerberos_port_t.
***** Plugin catchall_boolean (7.33 confidence) suggests *******************
If you want to allow system to run with NIS
Then you must tell SELinux about this by enabling the 'allow_ypbind'boolean.
Do
setsebool -P allow_ypbind 1
***** Plugin catchall_boolean (7.33 confidence) suggests *******************
If you want to allow HTTPD scripts and modules to connect to the network using any TCP port.
Then you must tell SELinux about this by enabling the 'httpd_can_network_connect' boolean. You can read 'httpd_selinux' man page for more details.
Do
setsebool -P httpd_can_network_connect 1
What is your version of setroubleshoot? *** Bug 798921 has been marked as a duplicate of this bug. *** Ok, just wanted you to be aware of the fact that php-fmp is the new way of using PHP. The connection is from localhost. Just because one uses PHP we have to enable all TCP connections other than port 80? Renich are you saying that any php app is going to be connecting to random ports on localhost? Or are you saying cherockee is? (In reply to comment #5) > Renich are you saying that any php app is going to be connecting to random > ports on localhost? Or are you saying cherockee is? It's not random. It's port 9000 when php-fmp is installed. Here's the official website: http://php-fpm.org/ It is said it's going to be a default on PHP's future. For now, when installing php-fmp, it always uses port 9000. When not, cherokee does pick a random port, I think, for it's localhost fcgi connection to the interpreter. It would be possible to let cherokee, if you consider it feasible, connect to localhost TCP ports. I am not shure of this but, when using Python over fcgi and Ruby, it needs connections to these too. I will copy the ruby and python maintainers to see if they can provide feedback on this. I'm not a python or ruby maintainer so I presume adding me was in error Any change of using named sockets rather then network ports? (In reply to comment #7) > I'm not a python or ruby maintainer so I presume adding me was in error Sorry, Peter! I'm adding kanarip to this thread. (In reply to comment #8) > Any change of using named sockets rather then network ports? Well, there is an option to configure php-fpm to use sockets: "listen_address - Address to accept fastcgi requests on. Valid syntax is 'ip.ad.re.ss:port' or just 'port' or '/path/to/unix/socket'. Default: 127.0.0.1:9000" from: http://php-fpm.org/wiki/Configuration_File I will include the php-fpm packager in order for him/her to take this into account (change to using sockets). Either way, since the last update, it has become imposible to use cherokee and php-fpm. Some output: type=AVC msg=audit(1332221002.269:241): avc: denied { name_connect } for pid=14045 comm="cherokee-worker" dest=9000 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1332221002.269:241): arch=c000003e syscall=42 success=no exit=-13 a0=24 a1=7f4028001b58 a2=10 a3=7f41051f7c7c items=0 ppid=14013 pid=14045 auid=4294967295 uid=993 gid=990 euid=993 suid=993 fsuid=993 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm="cherokee-worker" exe="/usr/sbin/cherokee-worker" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1332221002.270:242): avc: denied { name_connect } for pid=14045 comm="cherokee-worker" dest=9000 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1332221002.270:242): arch=c000003e syscall=42 success=no exit=-13 a0=24 a1=7f4028001b58 a2=10 a3=7f41051f7c7c items=0 ppid=14013 pid=14045 auid=4294967295 uid=993 gid=990 euid=993 suid=993 fsuid=993 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm="cherokee-worker" exe="/usr/sbin/cherokee-worker" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1332221002.311:243): avc: denied { open } for pid=14357 comm="php-fpm" name="php-fpm.log" dev=dm-5 ino=1835075 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file type=SYSCALL msg=audit(1332221002.311:243): arch=c000003e syscall=2 success=no exit=-13 a0=2d0a2c0 a1=441 a2=180 a3=3610c8cef0 items=0 ppid=14013 pid=14357 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="php-fpm" exe="/usr/sbin/php-fpm" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1332221003.270:244): avc: denied { name_connect } for pid=14045 comm="cherokee-worker" dest=9000 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1332221003.270:244): arch=c000003e syscall=42 success=no exit=-13 a0=24 a1=7f4028001b58 a2=10 a3=7f41051f7c7c items=0 ppid=14013 pid=14045 auid=4294967295 uid=993 gid=990 euid=993 suid=993 fsuid=993 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm="cherokee-worker" exe="/usr/sbin/cherokee-worker" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1332221003.271:245): avc: denied { name_connect } for pid=14045 comm="cherokee-worker" dest=9000 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1332221003.271:245): arch=c000003e syscall=42 success=no exit=-13 a0=24 a1=7f4028001b58 a2=10 a3=7f41051f7c7c items=0 ppid=14013 pid=14045 auid=4294967295 uid=993 gid=990 euid=993 suid=993 fsuid=993 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm="cherokee-worker" exe="/usr/sbin/cherokee-worker" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1332221003.272:246): avc: denied { name_connect } for pid=14045 comm="cherokee-worker" dest=9000 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1332221003.272:246): arch=c000003e syscall=42 success=no exit=-13 a0=24 a1=7f4028001b58 a2=10 a3=7f41051f7c7c items=0 ppid=14013 pid=14045 auid=4294967295 uid=993 gid=990 euid=993 suid=993 fsuid=993 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm="cherokee-worker" exe="/usr/sbin/cherokee-worker" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1332221003.305:247): avc: denied { open } for pid=14380 comm="php-fpm" name="php-fpm.log" dev=dm-5 ino=1835075 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file type=SYSCALL msg=audit(1332221003.305:247): arch=c000003e syscall=2 success=no exit=-13 a0=214b2c0 a1=441 a2=180 a3=3610c8cef0 items=0 ppid=14013 pid=14380 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="php-fpm" exe="/usr/sbin/php-fpm" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1332221004.274:248): avc: denied { name_connect } for pid=14045 comm="cherokee-worker" dest=9000 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1332221004.274:248): arch=c000003e syscall=42 success=no exit=-13 a0=24 a1=7f4028001b58 a2=10 a3=7f41051f7c7c items=0 ppid=14013 pid=14045 auid=4294967295 uid=993 gid=990 euid=993 suid=993 fsuid=993 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm="cherokee-worker" exe="/usr/sbin/cherokee-worker" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1332221004.275:249): avc: denied { name_connect } for pid=14045 comm="cherokee-worker" dest=9000 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1332221004.275:249): arch=c000003e syscall=42 success=no exit=-13 a0=24 a1=7f4028001b58 a2=10 a3=7f41051f7c7c items=0 ppid=14013 pid=14045 auid=4294967295 uid=993 gid=990 euid=993 suid=993 fsuid=993 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm="cherokee-worker" exe="/usr/sbin/cherokee-worker" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1332221004.275:250): avc: denied { name_connect } for pid=14045 comm="cherokee-worker" dest=9000 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1332221004.275:250): arch=c000003e syscall=42 success=no exit=-13 a0=24 a1=7f4028001b58 a2=10 a3=7f41051f7c7c items=0 ppid=14013 pid=14045 auid=4294967295 uid=993 gid=990 euid=993 suid=993 fsuid=993 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm="cherokee-worker" exe="/usr/sbin/cherokee-worker" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1332221004.313:251): avc: denied { open } for pid=14409 comm="php-fpm" name="php-fpm.log" dev=dm-5 ino=1835075 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file type=SYSCALL msg=audit(1332221004.313:251): arch=c000003e syscall=2 success=no exit=-13 a0=11c42c0 a1=441 a2=180 a3=3610c8cef0 items=0 ppid=14013 pid=14409 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="php-fpm" exe="/usr/sbin/php-fpm" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1332221005.277:252): avc: denied { name_connect } for pid=14045 comm="cherokee-worker" dest=9000 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1332221005.277:252): arch=c000003e syscall=42 success=no exit=-13 a0=24 a1=7f4028001b58 a2=10 a3=7f41051f7c7c items=0 ppid=14013 pid=14045 auid=4294967295 uid=993 gid=990 euid=993 suid=993 fsuid=993 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm="cherokee-worker" exe="/usr/sbin/cherokee-worker" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1332221005.278:253): avc: denied { name_connect } for pid=14045 comm="cherokee-worker" dest=9000 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1332221005.278:253): arch=c000003e syscall=42 success=no exit=-13 a0=24 a1=7f4028001b58 a2=10 a3=7f41051f7c7c items=0 ppid=14013 pid=14045 auid=4294967295 uid=993 gid=990 euid=993 suid=993 fsuid=993 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm="cherokee-worker" exe="/usr/sbin/cherokee-worker" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1332221005.279:254): avc: denied { name_connect } for pid=14045 comm="cherokee-worker" dest=9000 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1332221005.279:254): arch=c000003e syscall=42 success=no exit=-13 a0=24 a1=7f4028001b58 a2=10 a3=7f41051f7c7c items=0 ppid=14013 pid=14045 auid=4294967295 uid=993 gid=990 euid=993 suid=993 fsuid=993 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm="cherokee-worker" exe="/usr/sbin/cherokee-worker" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1332221005.321:255): avc: denied { open } for pid=14438 comm="php-fpm" name="php-fpm.log" dev=dm-5 ino=1835075 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file type=SYSCALL msg=audit(1332221005.321:255): arch=c000003e syscall=2 success=no exit=-13 a0=17652c0 a1=441 a2=180 a3=3610c8cef0 items=0 ppid=14013 pid=14438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="php-fpm" exe="/usr/sbin/php-fpm" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1332221006.278:256): avc: denied { name_connect } for pid=14045 comm="cherokee-worker" dest=9000 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1332221006.278:256): arch=c000003e syscall=42 success=no exit=-13 a0=24 a1=7f4028001b58 a2=10 a3=7f41051f7c7c items=0 ppid=14013 pid=14045 auid=4294967295 uid=993 gid=990 euid=993 suid=993 fsuid=993 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm="cherokee-worker" exe="/usr/sbin/cherokee-worker" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1332221006.278:257): avc: denied { name_connect } for pid=14045 comm="cherokee-worker" dest=9000 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1332221006.278:257): arch=c000003e syscall=42 success=no exit=-13 a0=24 a1=7f4028001b58 a2=10 a3=7f41051f7c7c items=0 ppid=14013 pid=14045 auid=4294967295 uid=993 gid=990 euid=993 suid=993 fsuid=993 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm="cherokee-worker" exe="/usr/sbin/cherokee-worker" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1332221006.279:258): avc: denied { name_connect } for pid=14045 comm="cherokee-worker" dest=9000 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1332221006.279:258): arch=c000003e syscall=42 success=no exit=-13 a0=24 a1=7f4028001b58 a2=10 a3=7f41051f7c7c items=0 ppid=14013 pid=14045 auid=4294967295 uid=993 gid=990 euid=993 suid=993 fsuid=993 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm="cherokee-worker" exe="/usr/sbin/cherokee-worker" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1332221006.321:259): avc: denied { open } for pid=14467 comm="php-fpm" name="php-fpm.log" dev=dm-5 ino=1835075 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file type=SYSCALL msg=audit(1332221006.321:259): arch=c000003e syscall=2 success=no exit=-13 a0=11ca2c0 a1=441 a2=180 a3=3610c8cef0 items=0 ppid=14013 pid=14467 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="php-fpm" exe="/usr/sbin/php-fpm" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1332221007.282:260): avc: denied { name_connect } for pid=14045 comm="cherokee-worker" dest=9000 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1332221007.282:260): arch=c000003e syscall=42 success=no exit=-13 a0=24 a1=7f4028001b58 a2=10 a3=7f41051f7c7c items=0 ppid=14013 pid=14045 auid=4294967295 uid=993 gid=990 euid=993 suid=993 fsuid=993 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm="cherokee-worker" exe="/usr/sbin/cherokee-worker" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1332221007.283:261): avc: denied { name_connect } for pid=14045 comm="cherokee-worker" dest=9000 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1332221007.283:261): arch=c000003e syscall=42 success=no exit=-13 a0=24 a1=7f4028001b58 a2=10 a3=7f41051f7c7c items=0 ppid=14013 pid=14045 auid=4294967295 uid=993 gid=990 euid=993 suid=993 fsuid=993 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm="cherokee-worker" exe="/usr/sbin/cherokee-worker" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1332221007.394:262): avc: denied { name_connect } for pid=14033 comm="cherokee-worker" dest=9000 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1332221007.394:262): arch=c000003e syscall=42 success=no exit=-13 a0=24 a1=7f40c0001bb8 a2=10 a3=7f410b203c7c items=0 ppid=14013 pid=14033 auid=4294967295 uid=993 gid=990 euid=993 suid=993 fsuid=993 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm="cherokee-worker" exe="/usr/sbin/cherokee-worker" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1332221007.394:263): avc: denied { name_connect } for pid=14033 comm="cherokee-worker" dest=9000 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1332221007.394:263): arch=c000003e syscall=42 success=no exit=-13 a0=24 a1=7f40c0001bb8 a2=10 a3=7f410b203c7c items=0 ppid=14013 pid=14033 auid=4294967295 uid=993 gid=990 euid=993 suid=993 fsuid=993 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm="cherokee-worker" exe="/usr/sbin/cherokee-worker" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1332221007.425:264): avc: denied { open } for pid=14501 comm="php-fpm" name="php-fpm.log" dev=dm-5 ino=1835075 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file type=SYSCALL msg=audit(1332221007.425:264): arch=c000003e syscall=2 success=no exit=-13 a0=11592c0 a1=441 a2=180 a3=3610c8cef0 items=0 ppid=14013 pid=14501 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="php-fpm" exe="/usr/sbin/php-fpm" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1332221008.395:265): avc: denied { name_connect } for pid=14033 comm="cherokee-worker" dest=9000 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1332221008.395:265): arch=c000003e syscall=42 success=no exit=-13 a0=24 a1=7f40c0001bb8 a2=10 a3=7f410b203c7c items=0 ppid=14013 pid=14033 auid=4294967295 uid=993 gid=990 euid=993 suid=993 fsuid=993 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm="cherokee-worker" exe="/usr/sbin/cherokee-worker" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1332221008.395:266): avc: denied { name_connect } for pid=14033 comm="cherokee-worker" dest=9000 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1332221008.395:266): arch=c000003e syscall=42 success=no exit=-13 a0=24 a1=7f40c0001bb8 a2=10 a3=7f410b203c7c items=0 ppid=14013 pid=14033 auid=4294967295 uid=993 gid=990 euid=993 suid=993 fsuid=993 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm="cherokee-worker" exe="/usr/sbin/cherokee-worker" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1332221008.396:267): avc: denied { name_connect } for pid=14033 comm="cherokee-worker" dest=9000 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1332221008.396:267): arch=c000003e syscall=42 success=no exit=-13 a0=24 a1=7f40c0001bb8 a2=10 a3=7f410b203c7c items=0 ppid=14013 pid=14033 auid=4294967295 uid=993 gid=990 euid=993 suid=993 fsuid=993 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm="cherokee-worker" exe="/usr/sbin/cherokee-worker" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1332221008.433:268): avc: denied { open } for pid=14531 comm="php-fpm" name="php-fpm.log" dev=dm-5 ino=1835075 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file type=SYSCALL msg=audit(1332221008.433:268): arch=c000003e syscall=2 success=no exit=-13 a0=28e72c0 a1=441 a2=180 a3=3610c8cef0 items=0 ppid=14013 pid=14531 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="php-fpm" exe="/usr/sbin/php-fpm" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1332221009.397:269): avc: denied { name_connect } for pid=14033 comm="cherokee-worker" dest=9000 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1332221009.397:269): arch=c000003e syscall=42 success=no exit=-13 a0=24 a1=7f40c0001bb8 a2=10 a3=7f410b203c7c items=0 ppid=14013 pid=14033 auid=4294967295 uid=993 gid=990 euid=993 suid=993 fsuid=993 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm="cherokee-worker" exe="/usr/sbin/cherokee-worker" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1332221009.398:270): avc: denied { name_connect } for pid=14033 comm="cherokee-worker" dest=9000 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1332221009.398:270): arch=c000003e syscall=42 success=no exit=-13 a0=24 a1=7f40c0001bb8 a2=10 a3=7f410b203c7c items=0 ppid=14013 pid=14033 auid=4294967295 uid=993 gid=990 euid=993 suid=993 fsuid=993 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm="cherokee-worker" exe="/usr/sbin/cherokee-worker" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1332221009.399:271): avc: denied { name_connect } for pid=14033 comm="cherokee-worker" dest=9000 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1332221009.399:271): arch=c000003e syscall=42 success=no exit=-13 a0=24 a1=7f40c0001bb8 a2=10 a3=7f410b203c7c items=0 ppid=14013 pid=14033 auid=4294967295 uid=993 gid=990 euid=993 suid=993 fsuid=993 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm="cherokee-worker" exe="/usr/sbin/cherokee-worker" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1332221009.435:272): avc: denied { open } for pid=14560 comm="php-fpm" name="php-fpm.log" dev=dm-5 ino=1835075 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file type=SYSCALL msg=audit(1332221009.435:272): arch=c000003e syscall=2 success=no exit=-13 a0=2d1f2c0 a1=441 a2=180 a3=3610c8cef0 items=0 ppid=14013 pid=14560 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="php-fpm" exe="/usr/sbin/php-fpm" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1332221010.399:273): avc: denied { name_connect } for pid=14033 comm="cherokee-worker" dest=9000 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1332221010.399:273): arch=c000003e syscall=42 success=no exit=-13 a0=24 a1=7f40c0001bb8 a2=10 a3=7f410b203c7c items=0 ppid=14013 pid=14033 auid=4294967295 uid=993 gid=990 euid=993 suid=993 fsuid=993 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm="cherokee-worker" exe="/usr/sbin/cherokee-worker" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1332221010.399:274): avc: denied { name_connect } for pid=14033 comm="cherokee-worker" dest=9000 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1332221010.399:274): arch=c000003e syscall=42 success=no exit=-13 a0=24 a1=7f40c0001bb8 a2=10 a3=7f410b203c7c items=0 ppid=14013 pid=14033 auid=4294967295 uid=993 gid=990 euid=993 suid=993 fsuid=993 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm="cherokee-worker" exe="/usr/sbin/cherokee-worker" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1332221010.400:275): avc: denied { name_connect } for pid=14033 comm="cherokee-worker" dest=9000 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1332221010.400:275): arch=c000003e syscall=42 success=no exit=-13 a0=24 a1=7f40c0001bb8 a2=10 a3=7f410b203c7c items=0 ppid=14013 pid=14033 auid=4294967295 uid=993 gid=990 euid=993 suid=993 fsuid=993 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm="cherokee-worker" exe="/usr/sbin/cherokee-worker" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1332221010.434:276): avc: denied { open } for pid=14589 comm="php-fpm" name="php-fpm.log" dev=dm-5 ino=1835075 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file type=SYSCALL msg=audit(1332221010.434:276): arch=c000003e syscall=2 success=no exit=-13 a0=19ba2c0 a1=441 a2=180 a3=3610c8cef0 items=0 ppid=14013 pid=14589 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="php-fpm" exe="/usr/sbin/php-fpm" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1332221011.402:277): avc: denied { name_connect } for pid=14033 comm="cherokee-worker" dest=9000 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1332221011.402:277): arch=c000003e syscall=42 success=no exit=-13 a0=24 a1=7f40c0001bb8 a2=10 a3=7f410b203c7c items=0 ppid=14013 pid=14033 auid=4294967295 uid=993 gid=990 euid=993 suid=993 fsuid=993 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm="cherokee-worker" exe="/usr/sbin/cherokee-worker" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1332221011.403:278): avc: denied { name_connect } for pid=14033 comm="cherokee-worker" dest=9000 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1332221011.403:278): arch=c000003e syscall=42 success=no exit=-13 a0=24 a1=7f40c0001bb8 a2=10 a3=7f410b203c7c items=0 ppid=14013 pid=14033 auid=4294967295 uid=993 gid=990 euid=993 suid=993 fsuid=993 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm="cherokee-worker" exe="/usr/sbin/cherokee-worker" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1332221011.404:279): avc: denied { name_connect } for pid=14033 comm="cherokee-worker" dest=9000 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1332221011.404:279): arch=c000003e syscall=42 success=no exit=-13 a0=24 a1=7f40c0001bb8 a2=10 a3=7f410b203c7c items=0 ppid=14013 pid=14033 auid=4294967295 uid=993 gid=990 euid=993 suid=993 fsuid=993 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm="cherokee-worker" exe="/usr/sbin/cherokee-worker" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1332221011.436:280): avc: denied { open } for pid=14618 comm="php-fpm" name="php-fpm.log" dev=dm-5 ino=1835075 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file type=SYSCALL msg=audit(1332221011.436:280): arch=c000003e syscall=2 success=no exit=-13 a0=28e02c0 a1=441 a2=180 a3=3610c8cef0 items=0 ppid=14013 pid=14618 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="php-fpm" exe="/usr/sbin/php-fpm" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1332221012.404:281): avc: denied { name_connect } for pid=14033 comm="cherokee-worker" dest=9000 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1332221012.404:281): arch=c000003e syscall=42 success=no exit=-13 a0=24 a1=7f40c0001bb8 a2=10 a3=7f410b203c7c items=0 ppid=14013 pid=14033 auid=4294967295 uid=993 gid=990 euid=993 suid=993 fsuid=993 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm="cherokee-worker" exe="/usr/sbin/cherokee-worker" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1332221012.404:282): avc: denied { name_connect } for pid=14033 comm="cherokee-worker" dest=9000 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1332221012.404:282): arch=c000003e syscall=42 success=no exit=-13 a0=24 a1=7f40c0001bb8 a2=10 a3=7f410b203c7c items=0 ppid=14013 pid=14033 auid=4294967295 uid=993 gid=990 euid=993 suid=993 fsuid=993 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm="cherokee-worker" exe="/usr/sbin/cherokee-worker" subj=system_u:system_r:httpd_t:s0 key=(null) Turn on the httpd_can_network_connect boolean. setsebool -P httpd_can_network_connect 1 What directory is php-fpm.log being created in? (In reply to comment #11) > Turn on the httpd_can_network_connect boolean. > > setsebool -P httpd_can_network_connect 1 As I mentioned before, this seems too much but, ok; I will do so ;=s. The socket alternative you mentioned seems a lot better... > What directory is php-fpm.log being created in? /var/log/php-fpm chcon -t httpd_log_t /var/log/php-fpm I just changed this in F17. Sorry I did not read the entire bugzilla. A better solution would be to change the label on the port. |
libreport version: 2.0.8 executable: /usr/bin/python hashmarkername: setroubleshoot kernel: 3.2.7-1.fc16.x86_64 reason: SELinux is preventing /usr/sbin/cherokee-worker from 'name_connect' accesses on the None . time: Thu 01 Mar 2012 03:42:05 AM CST description: :SELinux is preventing /usr/sbin/cherokee-worker from 'name_connect' accesses on the None . : :***** Plugin catchall (100. confidence) suggests *************************** : :If you believe that cherokee-worker should be allowed name_connect access on the <Unknown> by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep cherokee-worker /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context system_u:system_r:httpd_t:s0 :Target Context system_u:object_r:unreserved_port_t:s0 :Target Objects [ None ] :Source cherokee-worker :Source Path /usr/sbin/cherokee-worker :Port 9000 :Host (removed) :Source RPM Packages cherokee-1.2.101-3.fc16.x86_64 :Target RPM Packages :Policy RPM selinux-policy-3.10.0-78.fc16.noarch :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) 3.2.7-1.fc16.x86_64 #1 SMP : Tue Feb 21 01:40:47 UTC 2012 x86_64 x86_64 :Alert Count 25 :First Seen Thu 01 Mar 2012 03:40:08 AM CST :Last Seen Thu 01 Mar 2012 03:40:19 AM CST :Local ID d1e242f5-9fcf-4510-853b-ae2ca3337ad9 : :Raw Audit Messages :type=AVC msg=audit(1330594819.217:286): avc: denied { name_connect } for pid=21608 comm="cherokee-worker" dest=9000 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socketnode=(removed) type=SYSCALL msg=audit(1330594819.217:286): arch=c000003e syscall=42 success=no exit=-13 a0=27 a1=7fd8bc001bb8 a2=10 a3=7fd9a4325c7c items=0 ppid=21578 pid=21608 auid=4294967295 uid=993 gid=990 euid=993 suid=993 fsuid=993 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm="cherokee-worker" exe="/usr/sbin/cherokee-worker" subj=system_u:system_r:httpd_t:s0 key=(null) : : :Hash: cherokee-worker,httpd_t,unreserved_port_t,None,name_connect : :audit2allow : : :audit2allow -R : :