Hide Forgot
Résumé: SELinux is preventing /usr/sbin/privoxy (deleted) from connecting to port 4. Description détaillée: SELinux has denied privoxy from connecting to a network port 4 which does not have an SELinux type associated with it. If privoxy should be allowed to connect on 4, use the semanage command to assign 4 to a port type that privoxy_t can connect to (tor_port_t, http_cache_port_t, http_port_t, ftp_port_t, ldap_port_t, dns_port_t, pgpkeyserver_port_t, ocsp_port_t, kerberos_port_t). If privoxy is not supposed to connect to 4, this could signal a intrusion attempt. Autoriser l'accès: If you want to allow privoxy to connect to 4, you can execute semanage port -a -t PORT_TYPE -p tcp 4 where PORT_TYPE is one of the following: tor_port_t, http_cache_port_t, http_port_t, ftp_port_t, ldap_port_t, dns_port_t, pgpkeyserver_port_t, ocsp_port_t, kerberos_port_t. Informations complémentaires: Contexte source unconfined_u:system_r:privoxy_t:s0 Contexte cible system_u:object_r:reserved_port_t:s0 Objets du contexte None [ tcp_socket ] source privoxy Chemin de la source /usr/sbin/privoxy (deleted) Port 4 Hôte (removed) Paquetages RPM source Paquetages RPM cible Politique RPM selinux-policy-3.6.32-24.fc12 Selinux activé True Type de politique targeted MLS activé True Mode strict Enforcing Nom du plugin connect_ports Nom de l'hôte (removed) Plateforme Linux (removed) 2.6.31.3 #1 SMP Tue Oct 13 17:07:53 CEST 2009 x86_64 x86_64 Compteur d'alertes 1 Première alerte mer. 14 oct. 2009 11:23:54 CEST Dernière alerte mer. 14 oct. 2009 11:23:54 CEST ID local 3ab0be8e-3da3-4669-b256-57cbd5b8056f Numéros des lignes Messages d'audit bruts node=(removed) type=AVC msg=audit(1255512234.809:18162): avc: denied { name_connect } for pid=26771 comm="privoxy" dest=4 scontext=unconfined_u:system_r:privoxy_t:s0 tcontext=system_u:object_r:reserved_port_t:s0 tclass=tcp_socket node=(removed) type=SYSCALL msg=audit(1255512234.809:18162): arch=c000003e syscall=42 success=no exit=-13 a0=6 a1=7f2354005e40 a2=10 a3=7f236cab724c items=0 ppid=1 pid=26771 auid=501 uid=73 gid=73 euid=73 suid=73 fsuid=73 egid=73 sgid=73 fsgid=73 tty=(none) ses=1 comm="privoxy" exe=2F7573722F7362696E2F707269766F7879202864656C6574656429 subj=unconfined_u:system_r:privoxy_t:s0 key=(null) Hash String generated from selinux-policy-3.6.32-24.fc12,connect_ports,privoxy,privoxy_t,reserved_port_t,tcp_socket,name_connect audit2allow suggests: #============= privoxy_t ============== allow privoxy_t reserved_port_t:tcp_socket name_connect;
Why is privocy trying to connect to tcp port 4? Is this a custom configuration? If yes do what the troubleshooter suggests.
don't know why privoxy try to connect to TCP 4. It's a standard config on a fresh install. It happens once while connecting to google.
Ok then turn on the boolean privoxy_connect_any setsebool -P privoxy_connect_any 1 THis will allow privoxy to connect to all tcp ports.