irc_use_any_tcp_ports=_("Determine whether irc clients can listen on and connect to any unreserved TCP ports.") , so I expected running an irssi proxy to work, given: rlpowell@stodi> sudo getsebool irssi_use_full_network irssi_use_full_network --> on rlpowell@stodi> sudo getsebool irc_use_any_tcp_ports irc_use_any_tcp_ports --> on But it doesn't: type=AVC msg=audit(09/12/2013 11:31:30.525:158212) : avc: denied { listen } for pid=18046 comm=irssi laddr=127.0.0.1 lport=31333 scontext=user_u:user_r:irc_t:s0 tcontext=user_u:user_r:irc_t:s0 tclass=tcp_socket type=AVC msg=audit(09/12/2013 11:31:37.170:158217) : avc: denied { accept } for pid=18046 comm=irssi laddr=127.0.0.1 lport=31333 scontext=user_u:user_r:irc_t:s0 tcontext=user_u:user_r:irc_t:s0 tclass=tcp_socket
d25a543520aa5fd43cf05fabb1d14a4244ada81f fixes this in git.
back ported
selinux-policy-3.12.1-74.8.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-74.8.fc19
Package selinux-policy-3.12.1-74.8.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-74.8.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-17739/selinux-policy-3.12.1-74.8.fc19 then log in and leave karma (feedback).
selinux-policy-3.12.1-74.8.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
Thank you so much! :D It works.