When using httpd_can_network_connect=0, Horde (and other web applications) are unable to connect to port 11371 (pgpkeyserver_port_t) or 4190 (sieve_port_t). I am requesting SELinux booleans to control these behaviors so we can continue using httpd_can_network_connect=0, while enabling GPG key-checking and imap sieve access for web/webmail applications like Horde.
The proper way to do this is not to add booleans but to either change the labels on those ports or write custom policy for these ports. Something like semanage port -m -t http_port_t -p tcp 11371 Or # grep port_t /var/log/audit/audit.log | audit2allow -M myhttpd # semodule -i myhttpd.pp Otherwise we would end up with a boolean for every possible port that apache could be configured to connect to.