Re: svnsync

On 06/28/2010 04:08 AM, Vadym Chepkov wrote: That boolean seems to not be related: $ sesearch -SC --allow -s httpd_t | grep httpd_can_network_relay | less DT allow httpd_t gopher_port_t : tcp_socket name_connect ; [ httpd_can_network_relay ] DT allow httpd_t memcache_client_packet_t : packet { send recv } ; [ httpd_can_network_relay ] DT allow httpd_t http_cache_client_packet_t : packet { send recv } ; [ httpd_can_network_relay ] DT allow httpd_t ftp_port_t : tcp_socket name_connect ; [ httpd_can_network_relay ] DT allow httpd_t ftp_client_packet_t : packet { send recv } ; [ httpd_can_network_relay ] DT allow httpd_t http_client_packet_t : packet { send recv } ; [ httpd_can_network_relay ] DT allow httpd_t http_cache_port_t : tcp_socket name_connect ; [ httpd_can_network_relay ] DT allow httpd_t http_port_t : tcp_socket name_connect ; [ httpd_can_network_relay ] DT allow httpd_t gopher_client_packet_t : packet { send recv } ; [ httpd_can_network_relay ] DT allow httpd_t memcache_port_t : tcp_socket name_connect ; [ httpd_can_network_relay ] Although i am currently not using fedoras' httpd policy, so yours may differ. I couldnt find tthe svn module on short notice either so i am not able to verify either. so with the information i do have, httpd domains currently arent able to create_netlink_sockets. Try to figure out why your web app needs it, and if legit use audit2allow to permit it.