Bug 161124 - FC4 httpd_t named_connect dontaudited
FC4 httpd_t named_connect dontaudited
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
4
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-06-20 13:51 EDT by Colin Walters
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version: 1.25.1-7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-08-19 04:25:28 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Colin Walters 2005-06-20 13:51:38 EDT
Description of problem:

It took me quite a while to figure out a policy denial was breaking our web
application; looks like httpd_t httpd_cache_port_t:tcp_socket { name_connect }
is dontaudited.

That seems like a bad idea to me; why is this dontaudited?
Comment 1 Daniel Walsh 2005-06-20 13:55:46 EDT
Why would httpd needt to connect to httpd_cache_port_t?

Dan

Comment 2 Colin Walters 2005-06-20 14:39:03 EDT
Port 8080 (labeled with httpd_cache_port_t) is a port very commonly used by
Tomcat installations; mod_jk connects Apache to Tomcat.
Comment 3 Daniel Walsh 2005-07-11 14:34:02 EDT
Fixed in selinux-policy-targeted-1.25.1-7

Note You need to log in before you can comment on or make changes to this bug.