Bug 841985
Summary: | SELinux is preventing /usr/bin/polipo from 'name_connect' accesses on the tcp_socket . | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Michael S. <misc> |
Component: | setroubleshoot-plugins | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 17 | CC: | dominick.grift, dwalsh, jdennis, mgrepl, paulo.fidalgo.pt |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Unspecified | ||
Whiteboard: | abrt_hash:e1a3b68a511ca213f34827b7cb1fb4c631dd0e8aa60bda4392d6a1feb547fdc2 | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-01-14 11:07:25 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Michael S.
2012-07-20 19:04:33 UTC
Is this a default setup? Should polipo be allowed to connect to port 9050 out of the box, or is this a locak customization. Looks like there is a boolean to allow this access.. setsebool -P polipo_connect_all_unreserved 1 That's not the default setup, I have added the part to connect to socks in polipo config ( following the man pages, but all result of "tor polipo" on the web give the same instruction like this one https://wiki.archlinux.org/index.php/Polipo#Tor ). For tor, that's the default setup And that's the default port of tor ( despites what tor_selinux say about it being another one ). I didn't see the message about man tor_selinux in the assistant ( shame on me, I directly read the AVC :/ ), but this seems incorrect ( ie, that should be polipo_selinux, not tor_selinux ). I do not know if my usage is common enough to warrant poking a hole in selinux policy, but i think letting polipo_t open a socket to tor_socks_port_t would not cause lots of problem. Probability that someone run tor in the default configuration and run polipo at the same time and not wanting them to communicate is pretty low, IMHO. Turn on the boolean and I will fix the man page. It loosk more as setroubleshoot-plugins bug. I believe it has been fixed in F17. I still see this error message in F18. Paulo please attach your avc messages. I've switched to privoxy and installed polipo again, and can't see this error anymore. |