selinux/spacewalk-monitoring-selinux/spacewalk-monitoring.te | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit 54bfd269228e1b968be18d0af1d8528b58b4da0d
Author: Jan Pazdziora <jpazdziora(a)redhat.com>
Date: Thu May 28 11:49:07 2009 +0200
500330 - allow httpd_sys_script_t to bind to loopback as well.
Addressing
type=AVC msg=audit(1242117348.626:800): avc: denied { node_bind } for pid=1540 comm="upload_results." saddr=127.0.0.1 scontext=root:system_r:httpd_sys_script_t:s0 tcontext=system_u:object_r:lo_node_t:s0 tclass=udp_socket
(cherry picked from commit c8588264c801e5cddaa288e8ef17ae839ff32e7e)
diff --git a/selinux/spacewalk-monitoring-selinux/spacewalk-monitoring.te b/selinux/spacewalk-monitoring-selinux/spacewalk-monitoring.te
index 618ec8b..483b668 100644
--- a/selinux/spacewalk-monitoring-selinux/spacewalk-monitoring.te
+++ b/selinux/spacewalk-monitoring-selinux/spacewalk-monitoring.te
@@ -117,7 +117,7 @@ allow spacewalk_monitoring_t http_port_t:tcp_socket name_connect;
read_files_pattern(httpd_t, spacewalk_monitoring_conf_t, spacewalk_monitoring_conf_t)
allow httpd_sys_script_t spacewalk_monitoring_conf_t:file { read ioctl getattr };
-allow httpd_sys_script_t node_t:udp_socket node_bind;
+corenet_udp_bind_all_nodes(httpd_sys_script_t)
auth_dontaudit_read_shadow(spacewalk_monitoring_t)