Description of problem: Perl scipt tries to connect to some URL: $ua = LWP::UserAgent->new; my $req = HTTP::Request->new(GET => "http://10.34.33.220/test/ $reqfile?id=$i"); my $res = $ua->request($req); Result of this operation is here: Source Context root:system_r:httpd_sys_script_t Target Context root:system_r:httpd_sys_script_t Target Objects None [ tcp_socket ] Affected RPM Packages Policy RPM selinux-policy-2.4.6-74.el5 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.catchall Host Name dhcp-lab-220.englab.brq.redhat.com Platform Linux dhcp-lab-220.englab.brq.redhat.com 2.6.18-8.1.4.el5 #1 SMP Fri May 4 22:15:13 EDT 2007 i686 i686 Alert Count 2129 Line Numbers Raw Audit Messages avc: denied { create } for comm="generate_test.p" egid=48 euid=48 exe="/usr/bin/perl" exit=-13 fsgid=48 fsuid=48 gid=48 items=0 pid=4067 scontext=root:system_r:httpd_sys_script_t:s0 sgid=48 subj=root:system_r:httpd_sys_script_t:s0 suid=48 tclass=tcp_socket tcontext=root:system_r:httpd_sys_script_t:s0 tty=(none) uid=48 Version-Release number of selected component (if applicable): selinux-policy-2.4.6-74.el5 selinux-policy-targeted-2.4.6-74.el5 This is perl, v5.8.8 built for i386-linux-thread-multi Perl is runing as a module in apache How reproducible: 100% Steps to Reproduce: 1. Run perl script with code described above Actual results: Audit log fragment is listed below. Expected results: No create denied messages in audit log Additional info: Jun 12 01:21:23 dhcp-lab-220 setroubleshoot: SELinux is preventing generate_test.p (httpd_sys_script_t) "create" to <Unknown> (httpd_sys_script_t). For complete SELinux messages. run sealert -l 0cbeb5ed-0304-480a-b12d-ec51fb7d8e0e
setsebool -P httpd_can_network_connect=1 fix this problem.