Description of problem: Related to https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244008 If i try to access some server from Perl script using DNS instead IP, it is denied by SEL: Source Context root:system_r:httpd_sys_script_t Target Context system_u:object_r:net_conf_t Target Objects resolv.conf [ file ] Affected RPM Packages Policy RPM selinux-policy-2.4.6-74.el5 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.httpd_bad_labels Host Name dhcp-lab-220.englab.brq.redhat.com Platform Linux dhcp-lab-220.englab.brq.redhat.com 2.6.18-8.1.4.el5 #1 SMP Fri May 4 22:15:13 EDT 2007 i686 i686 Alert Count 31 Line Numbers Raw Audit Messages avc: denied { read } for comm="generate_test.p" dev=dm-0 egid=48 euid=48 exe="/usr/bin/perl" exit=-13 fsgid=48 fsuid=48 gid=48 items=0 name="resolv.conf" pid=4155 scontext=root:system_r:httpd_sys_script_t:s0 sgid=48 subj=root:system_r:httpd_sys_script_t:s0 suid=48 tclass=file tcontext=system_u:object_r:net_conf_t:s0 tty=(none) uid=48 Version-Release number of selected component (if applicable): selinux-policy-2.4.6-74.el5 selinux-policy-targeted-2.4.6-74.el5 This is perl, v5.8.8 built for i386-linux-thread-multi Perl is runing as a module in apache How reproducible: 100% Steps to Reproduce: 1. Run perl script which needs to resolve domain name Actual results: Audit log fragment is listed below. Expected results: No error. Additional info: Jun 12 01:21:23 dhcp-lab-220 setroubleshoot: SELinux is preventing the generate_test.p from using potentially mislabeled files resolv.conf (net_conf_t). For complete SELinux messages
setsebool -P httpd_can_network_connect=1 Should fix this problem.
Thank you for you time, it fixed my problem. I'm sorry for flooding bugzilla...