Description of problem: httpd can't connect to tomcat5 How reproducible: if httpd and tomcat5 are configured with mod_proxy_ajp selinux policies don't allow it and audit displays an error: audit(1144648502.551:279): avc: denied { name_connect } for pid=6157 comm="httpd" dest=8009 scontext=user_u:system_r:httpd_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket basicly httpd can communicate with port 8009 that tomcat5 with ajp use Steps to Reproduce: 1.configure httpd with mod_proxy_ajp 2.view http://localhost/tomcat 3.in terminal lock the dmesg command output Actual results: failed Expected results: httpd and tomcat5 communication
semanage ports -a -t http_port_t -p tcp 8009 Should fix it. Should this be a standard http_port_t?
i used this to fix it: setsebool -P httpd_can_network_connect true but I suggest to include a rule specifies for when apache httpd with tomcat5 and mod_jk or mod_proxy_ajp is used altogether
Fixed in 2.2.38-2
Closing bugs